Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Thread Tools Search this Thread Display Modes
Old 09-04-08, 07:02 AM   #1
JackSpratts's Avatar
Join Date: May 2001
Location: New England
Posts: 9,928
Default Peer-To-Peer News - The Week In Review - April 12th, '08

Since 2002

"I know that it was risky behaviour but that was part if the thrill." – Laura Michaels

"My concern is for the next generation of sexually frustrated, hormone-ridden 17-year-olds that are sitting in a bedroom about to possibly, and I hope, write something like Teenage Kicks." – Feargal Sharkey

"Years ago, we saw cybercrime as a speciality. Now we have added cybercrime in every form of police training, so we are raising the level of the entire Dutch police force. There’s no crime anymore where there are no digital components built in." – Eric Loermans

"It’s a cold, sterile world on the Internet, and people get an experience here you can’t get online. If there are five stores left standing, I think we can be one of them." – Jon Lambert

"People are made of squishy wet stuff, and any resonance will be very damped out. This sort of sharp resonance at this frequency has never been observed before." – Philip Chadwick

"Oklahoma's Court of Criminal Appeals ruled that taking pictures up someone's skirt in a public place is not a crime." – Polls Boutique

April 12th, 2008

Home Copying - Burnt Into Teenage Psyche

Calls for action as study reveals 95% of youngsters are illegally copying music
Katie Allen

More than half of young people copy the songs on their hard drives to friends and even more swap CD copies, according to research that reveals the huge challenge home copying poses to a music industry already battling internet file-sharing.

Three decades after cassette decks first allowed people to make free music tapes for friends, a study by the industry group British Music Rights suggests home copying remains just as ingrained in UK culture.

BMR's chief executive, the singer Feargal Sharkey, said the research underlines the urgent need to adapt to consumers' attitudes or face serious repercussions for the next generation of musicians.

The industry's anti-piracy efforts have largely focused on illegal online music swapping - with estimates suggesting only one in 20 digital downloads is paid for. But the online problem is potentially dwarfed by "offline copying", argues BMR. Its research, carried out by the University of Hertfordshire, suggests that, for 18-24-year-olds, home copying remains more popular than file sharing. Two-thirds of people it surveyed copy five CDs a month from friends.

Overall, 95% of the 1,158 people surveyed had engaged in some form of copying, including taking the music contents of a friend's hard drive - 58% - and the more old-fashioned method of recording from the radio.

BMR, which lobbies on behalf of composers, songwriters and music publishers, claims its research is the first academic study of its kind, and fills a hole in the industry's understanding of how people consume music.

Former Undertones frontman Sharkey said the aim was not to lambast young music consumers but to create business models that fit their behaviour and tap into the unrelenting demand for music. He hopes the findings will provide impetus for change.

"For somebody who has spent 30 years in the music industry, you instinctively know this stuff is going on. But when you actually sit looking at your computer and see a number that says 95% of people are copying music at home, you suddenly go, 'Bloody hell'," he said.

Many record label executives see the piracy problem getting worse before it gets better. The BMR research echoes other studies signalling that knowing something is illegal is no longer a deterrent. Well over half its respondents who know that copying music from a CD to a recordable disc is illegal do so anyway.

But Sharkey believes a combination of education projects and new ways of providing music to consumers - for example, advertising-funded downloads - will change that.

"Ultimately it has to get better ... At some point musicians and songwriters have to make enough money out of it otherwise they stop doing it," he said.

"My concern is for the next generation of sexually frustrated, hormone-ridden 17-year-olds that are sitting in a bedroom about to possibly, and I hope, write something like Teenage Kicks," he said, referring to the Undertones song the late DJ John Peel made his anthem.

The aspect of home copying that most worries BMR is the speed with which friends can now swap music, whether from one hard drive to another or on to MP3 players. Almost half the music in the average MP3 player collection comprises tracks that have not been paid for, the report says. People aged 18-24 keep around £750-worth of unpaid-for music on their MP3 players.

The study was carried out against the backdrop of government deliberations over how to introduce an exception in law so that people can legally copy music they have bought for private use.

Currently, UK consumers are technically breaking the Copyright, Designs and Patents Act 1988 by copying tracks from CDs to their PC or digital player, or making an extra copy to play in the car.

The Intellectual Property Office concludes consultations on changing the law tomorrow and BMR is submitting some of its research.

The music industry says it accepts consumers should not be punished for shifting music from one format to another, but some are concerned an exception will increase the perception music can be freely copied with impunity.

BMR has "no problem in principle" with the concept of changing the law. But Sharkey is urging the government to look to European law, which dictates that where a private copying-style exception is created there is also some sort of compensation for the creators and performers.

Whatever the outcome, the prevalence of offline and online music copying shows the music industry has "a lot of big challenges it needs to face up to very quickly", said Sharkey.

Big Content in Worldwide "Whisper Campaign" Against Fair Use
Nate Anderson

If you've been following copyright debates for more than, say, 10 minutes, you're probably aware that "some rights good, more rights better!" might well be the motto of many content owners. Fair use and fair dealing put limitations on these otherwise exclusive rights, and they do so on the theory that copyright is not an absolute right to control and profit from every single use of a particular work. News reporting, classroom use, commentary, parody; in the US, at least, these don't require either permission or payment. But content owners aren't necessarily down with this way of thinking, and copyright expert William Patry believes that a "counter-reformation" is in the works to crimp worldwide plans to expand fair use.

Patry, a former law professor and advisor to the US Register of Copyrights, now works for Google, which as an indexer (and not producer) of information, is generally in favor of a more liberal copyright regime that allows it to use thumbnails of copyrighted works, excerpt short snippets of copyrighted books, and index copyrighted web page text. But Patry is one of the foremost US experts on copyright law, and if he sees a secret gathering of the Pro-Copyright Magisterium, it's worth paying attention.

Is fair use "un-Coventional"?

"The purpose of the movement," he says in a recent blog post, "is to chill the willingness of countries to enact fair use or liberal fair dealing provisions designed to genuinely further innovation and creativity, rather than, as is currently the case, merely to give lip service to those concepts as the scope of copyright is expanded to were-rabbit size."

The counter-reformation in question takes the form of a "whispering campaign" in which ministries in different countries are told that plans to expand fair use rights might well run afoul of the Berne Convention's "three-step test." The Convention, which goes back to the late 1800s, was one of the earliest international copyright treaties and is now administered by the World Intellectual Property Organization (WIPO).

Article 9 of the Convention, which has been updated repeatedly over the last century, lays down the limits on the limits that countries can make to copyright. "It shall be a matter for legislation in the countries of the Union to permit the reproduction of such works in certain special cases, provided that such reproduction does not conflict with a normal exploitation of the work and does not unreasonably prejudice the legitimate interests of the author," says the Convention.

A copyright protestant?

The whisper campaign that Patry describes uses this provision to suggest to various countries that most liberal fair use rights don't qualify as "certain special cases" and that they would in fact interfere with the "normal exploitation of the work." Some are even suggesting that the well-known four-part test enshrined in US copyright law might run afoul of the Convention.

Patry takes on these arguments by pointing out that extensive Congressional hearings in the 1980s generated no such dispute from European and WIPO copyright experts. In 1996, the US also responded to questions from other countries, telling the Europeans that fair use was designed as a safety valve which permitted "precisely those types of uses which do not interfere with the copyright owner's normal exploitation of the work or unreasonably prejudice his or her rights." There were no objections to such answers.

Welcome to the war

Since then, fair use has become an unlikely hot topic. If the current campaign to curtail such rights is the counter-reformation, then groups like the EFF, Public Knowledge, Ars, Boing Boing, and more have been the Martin Luthers of the movement, arguing stridently for reform and posting their 95 theses to the web. In recent weeks, we have seen advocates of strong copyright use various WIPO treaties as bludgeons to suggest that countries like Israel and Canada both adopt stricter measures, especially when it comes to circumventing DRM.

The various campaigns to increase copyright power have also ended up in the US Congress, where the PRO-IP Act currently looks set to come to a vote this year. The bill, which has the backing of copyright owners (and which Patry once called "gluttonous"), would increase statutory damages that the groups could seek without needing to show any actual harm.

According to Patry, today "it is not enough to have vast rights: corporate content owners see a need to eliminate any limitations on those rights too." Fortunately, when it comes to intimidating ministers who might not be copyright experts or to rewriting US law, the Internet has brought much-needed transparency to the process and made activism simpler to organize.

Despite the power of the pro-copyright lobby, though, the much greater power of the public is finally be harnessed in these copyright debates. For instance, the EFF is today reporting that a major European report on copyright to be voted this week has already been stripped out its proposals that would have encouraged ISP filtering and disconnection of alleged copyright infringers. In their place could be an amendment that talks about the importance of due process and "proportionality" of penalty.

Whatever happens, the good news is that these new "wars of religion" don't look likely to turn as bloody as their European namesakes.

Europe Rejects Plan to Criminalize File-Sharing

In a close vote, the European Parliament rejected attempts to criminalize the sharing of files by private individuals and to ban copyright abusers from the Internet
Paul Meller

The European Parliament rejected attempts to criminalize the sharing of files by private individuals and threw out the idea of banning copyright abusers from the Internet, in a plenary vote Thursday.

The vote was close, with 314 MEPs (Members of the European Parliament) voting in favor of an amendment to scrap what many consider draconian and disproportionate measures to protect copyright over the internet, and 297 voting against the amendment.

"The vote shows that MEPs want to strike a balance between the interests of rights holders and those of consumers, and that big measures like cutting off Internet access shouldn't be used," said Malene Folke Chaucheprat, a European Parliament spokeswoman, shortly after the vote.

The report isn't legally binding, but it could help thwart efforts by France, which has already adopted such measures, to push the issue at a European political level.

France's so-called Oliviennes strategy to combat copyright abuse includes a "three strikes and you are out" approach: Offenders lose the right to an Internet account after being caught sharing copyright-protected music over the Internet for a third time.
France takes over the six-month rotating presidency of the European Union in the second half of this year and many observers, including the U.K.-based Open Rights Group, expect it to push for E.U.-wide rules similar to its own.

The report is significant because it "signifies resistance among MEPs to measures currently being implemented in France to disconnect suspected illicit filesharers," the Open Rights Group said in a statement.

The record industry was disappointed with the vote. "One badly drafted, rushed through amendment was adopted which is in contradiction to the rest of the text," said Frances Moore, executive vice president of the International Federation of the Phonographic Industry (IFPI), in a statement.

"If the aim of the report is to protect creative content, including in the online environment, we should be looking at all options available in the fight against copyright theft. Instead, this amendment suggested discarding certain options before there is even a proper debate," the IFPI said.

But the Open Rights Group argued that criminalizing copyright abuse by individuals eager to build their media library and not profit from copyright-protected material is draconian and inefficient at tackling illegal file sharing.

"As the European Parliament have recognized today, [the measures] are disproportionate, they lack consumer safeguards and they won't stop illicit filesharing," the Open Rights Group said.

Copyright Laws Updated for Digital World

A bill that brings copyright laws into the digital age was passed by Parliament yesterday.

The Copyright (New Technologies) Amendment Bill changes the Copyright Act 1994 to clarify its application in the digital environment and to take account of international developments.

It does not change the balance between protection and access to copyright material, but makes sure the balance can continue to operate when new technologies are involved.

It introduces an offence, carrying a sentence of a maximum fine of $150,000 or up to five years imprisonment, or both, for commercial dealings in devices, services or information designed to circumvent technological protection measures.

The National Party supported the bill and it passed its third reading by 111 votes to 10. The Greens and the Maori Party opposed it.

The Internet Society of New Zealand, InternetNZ, said the bill did not fully grasp the nature of the new technologies it dealt with.

Executive director Keith Davidson said it failed to enshrine the right for consumers to format-shift all their digital media so they could listen or view it on the device of their choice.

"The legalising of format-shifting of audio files - such as from a purchased CD to an iPod - is a very modest step in the right direction," he said.

"It is a great pity...they have not extended format-shifting to other media such as video."

Demonoid To Be Resurrected Under New Admin

Deimos, the administrator of Demonoid has announced that he is stepping down for good due to his preoccupation with ‘real-life’ issues. For those tearing their hair out with dismay, you can stop now. The site will be resurrected under a trusted new admin and Deimos is asking the community to give him support.

Ever since Demonoid had to leave Canada, there has been speculation about the future of the site. Although the tracker has been returning periodically from various places - the latest being Ukraine - no solid news has been coming out about a proper comeback. Deimos, the Demonoid admin, has been very quiet - until now, that is.

In a message on the SubDemon forums, Deimos breaks his silence:

Hello Everyone,

It is with great sadness (and not a little relief) that I announce that I will be stepping down as admin of Demonoid, with effect from today.

Demonoid is currently suffering from a number of things, prime amongst these being my distraction with real-world issues, and so I have handed the reins over to a new administrator - a close friend of mine, which I trust completely and has the knowledge and time to take care of the site.

He will, in due course, be making his own announcements about the future of Demonoid. Of course, speculation over the future of the site is fun, but it is ultimately fruitless - you will all, in the near future, become aware of what the future holds. I trust that you will all give your support to the new admin as he finds his feet while he resurrects Demonoid.

Thanks again for your support in making Demonoid what it was and is.
Goodbye and good wishes - it has been a blast!

- Deimos
It’s great news for the BitTorrent community that the future of Demonoid is in trusted hands and for some, quite a surprise after such a long wait. But it just might be worth it if one of the world’s most popular trackers does indeed come back with a bang.

Update: The Demonoid RSS feeds started to work again.

After Rocky Stint Around The Globe, Demonoid Reappears
Sean P. Aune

Back in November of last year, the Canadian Recording Industry Association (CRIA) pressured Demonoid, a popular BitTorrent tracker site, into shutting down. Now, just as suddenly as they disappeared, they’ve returned with all of their data seemingly intact, and with a new administrator in place.

This is but another chapter in what has been a highly volatile 10-months for the tracker. In June of 2007, they were asked to leave their host in Amsterdam, LeaseWeb, after being pressured by the BREIN, the Dutch anti-piracy group. After staying at a temporary home, they went down in September, 2007 for a few days, suddenly reappearing in Canada. On November 9th, 2007, their front page was removed informing users to use the forums, but not to trade torrents. November 11th found the trackers stopped responding.

There were a couple of times over the following 6-months where the trackers would suddenly reappear in some far-flung country, only to disappear again. Now Ernersto of TorrentFreak is reporting that they seem to be back up to full speed, but they are under new management, and the founder, Deimos, is no longer working with them. The new admin, Umlauf, was chosen by Deimos to take over, and the old moderator team is in place to help continue running the site.

Only time will tell if the site will stay up-and-running this time, but they do warn they may go down a few times over the coming days as they work out problems.

Protecting and serving

Australian Police Caught Pirating Movies
Ben Jones

A recent audit of computer systems belonging to the South Australia Police has found that hundreds are being used to “share” films. In a move smacking of hypocrisy though, officers involved will not be charged.

According to The Australian, during an audit of computer systems by the South Australian police force’s IT branch, police computers belonging to hundreds of police officers were found to contain movies.

The origin of these movies is not clear, but it is probable that they’ve been downloaded via p2p at some point, either on these systems, or on the personal systems of officers and transferred over.

Senior officials of the SA police force have been made aware of the findings, including its commissioner Mel Hyde. However, police sources have told press that there will not be any investigation into this, citing the large numbers of police officers involved.

The Australian Federation against Copyright Theft (AFACT) has said it will write to the commissioner to seek an explanation, presumably as to why the police officers are being let off with what it considers a heinous crime. Quite ironically, AFACT boasts of “working closely with police” - perhaps this closeness has shown the police officers involved just how unimportant and meaningless this so-called ‘crime’ is in the grand scheme of things.

If the officers do go unpunished, it could create a favorable precedent for filesharers in South Australia. If police officers, who are expected to be held to a greater level of accountability regarding the law, show this level of contempt for the current copyright laws, are unpunished, it will make it harder to convince a court that regular citizen should be punished for similar acts.

On the other hand, if the officers are punished under the law, which allows for upto AUS$60,500 (About US$55,700 or 35,500Euro) per infringement and up to 5 years imprisonment, the ability to effectively police the state will be severely diminished.

Either way, this case will bring to a head the vastly disproportionate penalties for an act that, as yet, has never been proven to be even financially damaging. One thing is certain, when even the police officers join large numbers of citizens in flouting such laws, the law’s place in society should be called into serious question.

The South Australian police force had not responded to requests for comment at the time of publication.

Judges Take Opposite Sides on Legality of Uploading Music Files to Share
Mark Jewell

Leaving a copyrighted song where others can get at it with peer-to-peer software doesn't constitute a copyright violation until someone downloads it, a federal judge said in a record industry lawsuit against college students.

The Boston judge's comments in a Monday pretrial ruling conflict with statements, also made Monday, by a New York federal judge that leaving a copyrighted file accessible could be illegal, even if nobody downloads it.

At issue in both cases is whether people who initially download or own copyrighted music are legally liable if they leave music files accessible to be shared by others. Peer-to-peer sharing services allow computer users to make files on their PCs available to a multitude of other users.

"Both of these rulings are important because it is the first time judges have thoroughly analyzed these questions," said Fred von Lohmann, a staff attorney with the Electronic Frontier Foundation, a San Francisco-based nonprofit and online free-speech advocate that filed briefs as an interested party in both cases.

Neither judge questioned that copy infringement occurs when people using peer-to-peer software search the Internet for a particular piece of music and then download it without authorization.

However, Judge Nancy Gertner of Boston found that "merely exposing music files to the Internet is not copyright infringement." The student-defendants could claim "they did not know that logging onto the peer-to-peer network would allow others to access these particular files," Gertner wrote.

But Judge Kenneth Karras in New York, ruling in a case against a single computer user, said just placing a copyrighted music file in a computer folder shared by peer-to-peer software users could amount to illegal publication of it.

The music industry has sued more than 30,000 people for illegal downloading, many of them college students using university Internet services. Many of the cases have been settled by the defendants agreeing to pay record companies a few thousand dollars apiece.

Some of the defendants may never have known whether anyone else downloaded the music they put in shared folders.

Gertner temporarily blocked record companies from seeking the identities of Boston University students they suspect have downloaded music illegally. The record companies that brought the case are trying to identify the students through their addresses on the university's computer network.

"It's important to note that the decision is not final," the Recording Industry Association of America said in a statement regarding Gertner's ruling. "The court has put forth a specific process to address its concerns before the relevant information is transferred to us. We're confident that the court will ultimately allow us to obtain the identifying information, as have courts across the country in similar cases."

Raymond Sayeg, a defense attorney representing students in the Boston University case, called Gertner's finding "a landmark decision that will change how these cases go forward.... The level of proof has gone up significantly."

If courts maintain that a copyright violation occurs only when a music file is downloaded, record companies would have to track down evidence that downloads occur and who is involved, von Lohmann said.

"The industry doesn't want to be put to the trouble to prove that someone actually downloaded it from you," he said.

First Person Indicted in P2P ID Theft Case Given 51 Months

Seattle-based Gregory Kopiloff, who made security history last November by becoming the first person to be indicted on peer-2-peer (P2P) identify theft charges, has been sentences to 51 months in prison.

The case, says David Hobson, managing director of Global Secure Systems, a IT security consultancy, proves the danger that using P2P services for illegal software and media downloads now poses. "Not only do P2P users faces the risk of prosecution by the authorities and even disconnection by their service provider under the new 'three strikes' UK government proposals, but now they also stand a chance of being defrauded," he said.

According to Hobson, the fact that millions of UK Internet users are continuing to use P2P networks for file-sharing should be of great concern to company IT managers, as the three strikes proposal could see illegal file-sharers installing P2P software on their company PCs.

"P2P file-sharing using BitTorrent software like Azureus and BitLord poses a serious headache for the already hard-pressed IT manager as, whilst standard P2P streams are easy to detect and lock down, savvy users are now encrypting their P2P connections to escape detection," he explained.

Whilst encrypting the P2P data stream using Azureus slows down the rate of transfer, Hobson says it makes detection of the transmissions on a company network doubly difficult. "This is why we are now recommending IT security systems from the likes of AppGate, Blue Coat Systems and Lumension to help companies of all sizes discover what's really moving around their networks," he said.

"With this new threat of P2P-enabled fraud, the message is clear - IT managers must take steps to prevent any and all threats, including next-generational ones, using all the security technology at their disposal," he added.

Defendants: RIAA's Private Eyes are Watching Us—Illegally
Eric Bangeman

Last week a pair of rulings further muddied the waters around the RIAA's argument that making a file available over a P2P network constitutes distribution as defined by the Copyright Act. This week, the hot issue is the role that MediaSentry plays in the RIAA's legal campaign and whether the company should be licensed as a private investigator. A pair of defendants in separate cases are arguing that the company does need a license and that all evidence gathered by it should be excluded. The RIAA, in turn, is arguing that no license is necessary—and that even if MediaSentry's evidence was obtained illegally, it should still be admissible.

Defendants: MediaSentry needs a license and the evidence it collected is worthless

A college student at Northern Michigan University representing him or herself recently submitted a motion seeking to quash a subpoena directed at the school, arguing that the data collected by MediaSentry was "obtained through felonious conduct." The motion refers to a ruling made last month by the Michigan Department of Labor and Economic Growth that MediaSentry needs to be licensed in order to "perform regulated activities." Regulators at the department have reportedly sent the company a letter informing them of the decision, although MediaSentry refused to confirm receipt to Ars. The company has also received a cease-and-desist order from the Massachusetts State Police saying that its investigative activities violate state law.

Doe number 5 in LaFace Records v. Does 1-5 believes that's enough to exclude MediaSentry's data. "[E]quity demands that Plaintiffs not be permitted to benefit in any way from the felonious conduct of their agent," argues the student. "It shocks the conscience to think any subpoena would be sustained when based solely on such outrageous conduct."

A newly-reported contested case in Florida raises many of the same issues. In Atlantic v. Boyer, Eva Boyer has filed her answer, affirmative defenses, and counterclaims in response to a lawsuit filed against her by the RIAA earlier this year. Boyer accuses the RIAA of "abusing" the federal judiciary and hiring "unlicensed private investigators" who "receive a bounty to invade private computers and... networks."

Under Florida law, private investigators are required to obtain a license. Boyer points out to the court that MediaSentry lacks such a license, saying that the labels have "conspired among themselves and others" to illegally investigate Florida residents.

RIAA: no license necessary

For its part, the RIAA has consistently argued that MediaSentry doesn't need PI licenses, telling Ars that the information the company collects is available for "anyone to see." A new filing by the RIAA in Lava v. Amurao seeks to thwart the defendant's motion to exclude the evidence collected by MediaSentry. The labels argue that MediaSentry is a "copyright investigator," not a private investigator, and therefore the New York law requiring PIs to be licensed doesn't apply.

The RIAA appears to overstep by arguing that licensing is also impractical because MediaSentry "can have no way of knowing... the location from where [the files] are being distributed." Yes, an IP address is obviously insufficient to pinpoint the name or address of someone who might be using that address. But a simple nslookup can often be enough to determine that a KaZaA user is a Comcast subscriber in the Los Angeles metropolitan area or is using the Harvard University network. In short, MediaSentry should be able to quickly figure out roughly where a user is located.

The RIAA also argues that the cost of obtaining licenses in all 50 states would be "prohibitive." The labels cite the $10,000 bond required in New York and say that multiplying that by 50 states would "seriously interfere with a copyright owner's legitimate right to investigate and protect its copyrights from infringement." This, coming from an organization that has shown zero hesitation to spend millions of dollars pursuing well over 20,000 individual copyright infringement lawsuits, seems implausible.

Even if it turns out that the evidence was obtained illegally, the RIAA argues, the evidence collected by MediaSentry should still be admissible. "Ultimately, the law is clear that even illegally obtained evidence, which Defendant cannot show here, is still admissible in a civil case," reads the RIAA's filing. "Contrary to Defendant's contentions, there is simply no policy justification whatsoever that would support the exclusion of relevant evidence of copyright infringement."

Copyright attorney Ray Beckerman reports on Recording Industry vs The People that the motions in Lava v. Amurao will be argued this Friday in White Plains, NY, so it's possible that the judge will issue a ruling on the PI licensing issue in the weeks or months ahead. The RIAA is seeking to dismiss the case against Rolando Amurao after determining that his adult daughter is the alleged copyright infringer.

As was the case with the making available rulings, we could see different judges coming down on different sides of the issue. There's a lot at stake here, especially if it turns out that some of MediaSentry's evidence was collected illegally. The uncertainty around MediaSentry's status may be behind the company's recent decision to remove all references to its "investigative services" from its website.

The Cease and Desist Order in Massachusetts, Which MediaSentry May Have Been Violating, is Now Available Online
Ray Beckerman

We have obtained a copy of the cease and desist order issued by the Massachusetts State Police on January 2, 2008, against SafeNet/MediaSentry. We have also received at least one report that they continued their unlicensed investigation after receipt of the order.

January 2, 2008, cease and desist letter

Universal: You Don't Own Those Promotional CDs We Gave You
Nate Anderson

Is throwing a record label's promo CD in the trash an "unauthorized distribution" of the music? According to Universal, the answer is yes. The claim surfaced as part of a legal case against an eBay reseller who offered Universal promo discs for sale in violation of the "not for resale" label printed on each disc. While the case sounds almost farcical, it raises an important question: can Universal and other labels in fact control the distribution of a product once they have sent it to others, or does the US "first sale" doctrine give people the right to do as they like with the promo discs?

Universal demands takedown of homemade dancing toddler clip; EFF sues

Record labels aren't thrilled about people who sell the promo discs that are sent out to music magazines and radio stations, though even a casual visit to a used music store will show that the restrictions printed on the discs aren't followed with any sort of rigor. Normally, this is no big deal, but when it escalates into an eBay business model, the labels get a bit jumpy.

Universal is currently suing one Troy Augusto, who runs Roastbeast Music Collectibles and offers items for sale on eBay. Augusto makes three-quarters of his income from reselling promo CDs as "collectible" items on eBay. He's been sued before for such behavior, and has in the past agreed to a consent judgment that admitted the sales violated record labels' exclusive rights to distribute the music. After Universal used eBay's "Verified Rights Owner" program to request that Augusto's sales of its promo CDs be halted, Augusto sent counter-notices to eBay that said Universal's notices were "mistaken." That got Augusto's items listed once more, but it drew a lawsuit from Universal (read the complaint [PDF]).

At issue here is who owns the promo CDs. Universal argues strenuously that it never transferred ownership when it sent them out and that the discs are merely "licensed" to those who receive them. Each disc includes text that makes clear that "this CD is the property of the record company and is licensed to the intended recipient for personal use only." According to Universal, the label could recall the discs at any time (though it has never done so). In fact, even giving the discs away or tossing them in the trash constitute "unauthorized distributions."

License or gift?

The EFF, which has taken up Augusto's case, says that the case is far more serious than a dispute over whether someone can sell (or trash) a promo CD; the issue is whether companies can do an end run around the "first sale" doctrine that gives a purchaser the right to resell and otherwise control an object he or she has purchased. If slapping a sticker on a CD can override the first sale doctrine, then could book publishers limit used book sales with a sticker of their own?

The EFF's Fred von Lohmann, writing about the issue when the EFF first took the case last year, described the stakes this way: "If UMG is right, then copyright owners of all kinds can strip away our first sale rights by putting these kinds of 'label licenses' on their wares. Next thing you know, CDs, books, DVDs, and video games could be festooned with 'notices' that erode a customer's first sale, fair use, and other rights."

Universal says that the first sale doctrine doesn't apply in this case "because there was no first sale of the UMG Promo CDs (but only a limited license to specific recipients)." It points to US law that codifies the first sale doctrine and notes a key exception. According to the law, the first sale privilege "does not, unless authorized by the copyright owner, extend to any person who has acquired possession of the copy or phonorecord from the copyright owner by rental, lease, loan or otherwise, without acquiring ownership of it." Universal says that this is exactly how people acquired ownership of the discs.

But the EFF's filing (PDF), made on Monday, argues that gifts have long been seen by courts to fall under the "first sale" rule. When a product is sent (unrequested) through the US Postal Service, case law says that it must be seen as a gift. In other words, the EFF claims that Universal can't simply send people an item and impose its idea of license conditions on it. (Believe it or not, there is actually a long case long history behind the idea of "unordered merchandise" that comes through the mail.) The filing is worth reading, if only for the fact that it opens with a lengthy quote from Harry Potter.

Augusto has filed a counterclaim against Universal for interfering with his business and for filing knowingly false DMCA takedown notices with eBay.

Courts Chip Away at Web Sites' Decade-Old Legal Shield
Anne Broache

For more than a decade, Web site operators have enjoyed a broad legal shield against lawsuits filed over material posted by their users, which has let user-driven sites like YouTube and MySpace.com flourish.

But a pair of recent rulings by federal district judges have chipped away at that protective shield. If those decisions are upheld on appeal, and if more judges follow suit, Web site operators and Internet service providers may find themselves compelled to police what their users post--or face the unsettling prospect of being held liable for the contents.

"We fear these cases might inspire a wave of new lawsuits that, even if ultimately dismissed, will create a chilling effect," said Sophia Cope, an attorney for the Center for Democracy and Technology, which has filed briefs supporting broad immunity and gets some financial support from a number of prominent Internet companies. "Many small start-up Web services might find that the costs of defending such suits--in terms of time and legal fees--are too much to bear."

The legal shield comes from a portion of the 1996 Telecommunications Act, which generally says Web sites aren't liable for their users' posts or other content they provide. That has immunized the dot-com industry from a wide range of civil lawsuits spanning everything from defamation to--in a case decided last year involving MySpace--lawsuits alleging that better child safety and age verification measures should have been put into place. (Individual "content providers" who post defamatory comments, upload inflammatory videos of their own creation, and the like, are still vulnerable to lawsuits.)

In early test cases such as Zeran v. AOL, courts have interpreted Section 230 of the Telecommunications Act to supply fairly broad immunity for Web hosts. That trend has largely continued in recent years, with judges finding, for example, that dating site Matchmaker.com was immune from a lawsuit involving an unknown prankster's phony profile impersonating actress Christianne Carafano, and that Craigslist wasn't responsible for allegedly discriminatory housing ads posted by users of the online classifieds site.

Perhaps ironically, the recent decisions that seem to be taking a narrower interpretation of Section 230 also stem from disputes over online dating and roommate matching.

'Bogus' FriendFinder profiles

The first of the two cases pits an anonymous New Hampshire woman against the FriendFinder Network, an operator of dating sites--some sexually explicit--including AdultFriendFinder.com and LesbianPersonals.com. Jane Doe accused FriendFinder of causing her various sorts of harm by allowing "bogus" sexually explicit profiles that could be "reasonably identified" as portraying herself to be published without her knowledge by someone else to its Web properties, as well as in snippets in FriendFinder advertisements on search engines and other third-party Web sites.

FriendFinder Network (screenshot shown here) was accused of allowing an unknown user to post a "bogus," sexually explicit profile of a New Hampshire woman on its online dating Web sites and in its ads.

A recent ruling by U.S. District Judge Joseph LaPlante in New Hampshire federal court on March 27 partially sided with FriendFinder, ruling against some of Jane Doe's claims against the company.

But LaPlante also differed from previous opinions in one important area. He refused to dismiss Jane Doe's argument that FriendFinder's republication of her profile invaded her "intellectual-property rights" under New Hampshire law. She claimed to be concerned about violations to her "right of publicity," which says an individual generally has the right to control how his name, image, and likeness is used commercially--and the court ruled that Doe's argument fell into the category of intellectual-property law.

That point is crucial because, when writing Section 230, Congress explicitly said its shield does not extend to lawsuits "pertaining to intellectual property." Until Judge LaPlante's order, courts had viewed that only as applying to federal claims mostly about copyrights and trademarks--and not state lawsuits over more amorphous publicity rights.

The reasons this could create headaches for Web publishers are twofold, said Eric Goldman, director of the High Tech Law Institute at Santa Clara University. For one thing, laws governing "rights of publicity" are not uniform across the states, which means e-commerce companies would be forced to align their operations with the most restrictive state's law.

And unlike in copyright or trademark cases, where there are fairly well-established rules governing how Web sites are supposed to respond to such infractions posted by third parties, "we don't know what rules are; we have no good case law" on rights of publicity, Goldman added.

Others fear that the ruling could prompt legal mischief. For instance, courts have ruled in the past that Web publishers can be immunized for posts that tarnish someone's reputation--a practice typically covered by defamation laws. CDT's Cope said she's concerned the intellectual-property exception will "swallow the rule," inspiring other courts to allow plaintiffs to slip in defamation claims and others under the guise of "intellectual property" claims.

Judge LaPlante's ruling, however, is not the end of the case. The court can now hear evidence on whether to agree with Jane Doe's remaining allegations. Judges aren't exactly known for changing their minds, once they've made a decision. But Ira Rothken, the lead attorney defending FriendFinder in the case, said he believes any subsequent appeal to the 1st Circuit would result in a finding that state-level intellectual-property laws, too, are subject to the Section 230 exemption.

Roommates.com's matchmaking woes

The other Section 230 saga concerns a Web site called Roommates.com, which allows users to set up profiles and seek roommate matches in thousands of U.S. cities. One of the ways the site attempts to spark matches is through requiring members to complete questionnaires that stock their profiles with a number of personal details, including their gender, sexual orientation, and whether they have children, according to court documents.

Those personal queries drew a lawsuit from the Fair Housing Councils of the San Fernando Valley and San Diego, which claimed they violated the federal Fair Housing Act and California state housing discrimination laws. A federal district sided with Roommates.com's argument that Section 230 immunized it from such claims, but a divided 9th Circuit Court of Appeals recently disagreed, and that's why implications for other Web publishers could arise. (Here's a PDF of that 54-page opinion.)

The majority, led by Chief Judge Alex Kozinski, ruled that Roommates was not covered by Section 230's shield because it helped "to develop unlawful content" through its requisite questionnaire, which featured preprogrammed drop-down menus containing various possible answers for the allegedly offending questions. The judges also said that because Roommates.com engineered its site in a way that allows site users to search for and sort roommate listings based on those criteria, it's an "information content provider," which, by law, isn't immune to Section 230.

"If such questions are unlawful when posed face-to-face or by telephone, they don't magically become lawful when asked electronically online," Kozinski wrote. "The Communications Decency Act was not meant to create a lawless no man's land on the Internet." (The CDA, the "antiporn" sections of which were struck down by the U.S. Supreme Court on First Amendment grounds, was included in the 1996 Telecommunications Act.)

By contrast, the same judges found that it was no problem for Roommates to ask users to write an open-ended summary of what they're seeking in a roommate, since that request was "neutral."

If that way of thinking is ultimately applied more broadly, the millions of Web sites that routinely use prompts and drop-down menus to solicit, publish, and sort information from their users could be forced to change their practices or face new legal liability, the three dissenting judges argued.

"The majority's unprecedented expansion of liability for Internet service providers threatens to chill the robust development of the Internet that Congress envisioned," Circuit Judge M. Margaret McKeown wrote for the dissent. "Instead of the 'robust' immunity envisioned by Congress, interactive service providers are left scratching their heads and wondering where immunity ends and liability begins."

This case was closely watched, leading Amazon.com, Google, the Electronic Frontier Foundation, the American Civil Liberties Union, and a number of news organizations to file briefs with the court in support of Roommates. They argued that a decision in favor of the fair-housing groups would choke innovative new Web services and stifle free speech in online forums--particularly the "sortable" user ratings and feedback at sites like eBay and Amazon.com, and "tagging" features at sites like YouTube and Flickr.

One attorney who analyzed the case said the majority's stance, which clearly took aim at business practices considered unfriendly to fair-housing laws, said the case may represent a narrowing of the law but could actually be good for Web site operators who value Section 230.

"Imagine, shall we say, a 'progressive' congressman standing up in Washington and saying, hey, with this Section 230 scheme, we give a license to Web site operators to run hate mills, build up bastions of bigotry, and sanctuaries for racism," Evan Brown, a Chicago-based attorney who focuses on Internet law, wrote in a recent blog post. "In short, a Roommates.com victory could have given a battalion's worth of ammunition--in the form of emotional, irrational, rhetoric--to Section 230's critics. Some in Congress would have called for its head."

CRTC Asked to Stop Bell's 'Throttling'

Internet providers' group claims traffic-shaping practice `an abuse of dominance in the market'
Chris Sorensen

A group representing some of the country's Internet service providers is asking Canada's broadcast regulator to stop Bell Canada Inc.'s practice of "throttling" Internet traffic on bandwidth it sells to third-party clients.

The Canadian Association of Internet Providers has lodged a complaint with the Canadian Radio-television and Telecommunications Commission over Bell's decision last month to expand its Internet "traffic shaping" policy from its own retail service to include its wholesale ISP customers.

Traffic shaping generally refers to the use of special software to sniff-out and slow down data packets associated with bandwidth-intensive services such as file sharing.

The group claims Bell's move left their customers with Internet service that has been "degraded beyond recognition," with some clients complaining they're unable to transmit and receive files, listen to Internet radio or use their VoIP (voice over Internet protocol) phone service.

"We believe this is an abuse of Bell's dominance in the market and it puts Canadian ISPs at a competitive disadvantage," Tom Copeland, the association's chair, said in a statement yesterday.

Bell says traffic management is necessary in order to prevent a small number of users who download music, TV shows and other media from file-sharing sites such as BitTorrent from clogging up its entire network during peak hours.

"The facts are that 95 per cent of subscribers are affected by a very small minority of heavy high-bandwidth users," said Mirko Bibic, Bell's chief of regulatory affairs.

Bell began applying traffic management techniques to its own retail customers last year along with other Canadian ISPs such as Rogers Communications Inc.

Telus Corp., however, has said it does not engage in the practice.

While the CRTC requires Bell to provide access to parts of its network in the interest of promoting competition, Bibic said Bell has the right to manage its network as long as it doesn't discriminate against third-party clients.

"It's a well-understood principle in wholesale regulation that an incumbent is entitled to treat wholesale customers the way it treats its own customers."

Throttling has been a hot topic in some quarters, but has so far failed to emerge as a mainstream issue – likely because of a widespread perception that most file-sharing traffic flouts copyright rules. That could be starting to change. The Canadian Broadcasting Corp. recently said it would make an episode of Canada's Next Great Prime Minister available on BitTorrent as part of an experiment in new distribution methods.

New Traffic Shaping Can Disrupt a Comcast Internet Connection

Recently, it has been observed that Comcast is disrupting TCP connections using forged TCP reset (RST) packets [1]. These reset packets were originally targeted at TCP connections associated with the BitTorrent file-sharing protocol. However, Comcast has stated that they are transitioning to a more "protocol neutral" traffic shaping approach [2]. We have recently observed this shift in policy, and have collected network traffic traces to demonstrate the behavior of their traffic shaping. In particular, we are able (during peak usage times) to synthetically generate a relatively large number of TCP reset packets aimed at any new TCP connection regardless of the application-level protocol. Surprisingly, this traffic shaping even disrupts normal web browsing and e-mail applications. Specifically, we observe two different types of packet forgery and packets being discarded.

Data collection methodology

We synthetically generated TCP SYN packets at a rate of 100 SYN packets per second using the hping utility [3]. The packets were destined for the reserved IP address, on which no host is present. We simultaneously collect network traces using tcpdump [4]. This data collection process was repeated at various times throughout multiple days. In addition, we could monitor a destination host to determine if outgoing packets reached their destination, and to determine if responses are generated by the destination host or by a third-party. Finally, this data collection was conducted from multiple Comcast accounts, all within close geographical proximity.

Analysis of network traces

In this section, we present our network traces that show the network behavior while the TCP SYN packets are being sent. All traces were collected during peak usage hours (7-9pm local time). The first trace demonstrates an HTTP (web) connection being established, and subsequently being reset. The IP Time to Live (TTL) field for these forged TCP RST packets is consistently set to 255 (indicating that the forged RST packets are originating on one of the local Comcast links).

4717 41.307584 -> TCP 53759 > www [SYN] Seq=0 Len=0 MSS=1460 TSV=504421360 TSER=0 WS=7

4718 41.308767 -> TCP www > 53759 [SYN, ACK] Seq=0 Ack=1 Win=2048 Len=0 MSS=1460

4719 41.308792 -> TCP 53759 > www [ACK] Seq=1 Ack=1 Win=5840 Len=0

4720 41.308852 -> HTTP GET / HTTP/1.1

4721 41.310260 -> TCP 7038 > www [SYN] Seq=0 Len=0

4722 41.310880 -> TCP www > 53759 [RST] Seq=1 Len=0

The next trace shows a secure shell (SSH) connection being established and immediately reset. For this trace, we also captured the network traffic on the 128.138.x.x host. Surprisingly, absolutely no packets were received or sent from 128.138.x.x! This indicates that outgoing traffic from is being dropped, and that the incoming responses from 128.138.x.x are being forged by Comcast.

3 0.036409 -> 128.138.x.x TCP 50051 > ssh [SYN] Seq=0 Len=0 MSS=1460 TSV=4498697 TSER=0 WS=5

4 0.038646 128.138.x.x -> TCP ssh > 50051 [SYN, ACK] Seq=0 Ack=1 Win=2048 Len=0 MSS=1460

5 0.038672 -> 128.138.x.x TCP 50051 > ssh [ACK] Seq=1 Ack=1 Win=5840 Len=0

6 0.040426 128.138.x.x -> TCP ssh > 50051 [RST] Seq=1 Len=0

The final trace is perhaps even more remarkable. A TCP SYN packet is sent to a non-routeable, reserved IP address ( and a SYN, ACK packet is received in response. The only problem is that no host exists at! This again shows that the outgoing SYN packet is being dropped, and the "expected" response is being forged by Comcast. The IP TTL field for these forged TCP SYN, ACK packets is consistently set to 30.

4912 43.259271 -> TCP 7222 > www [SYN] Seq=0 Len=0

4913 43.260406 -> TCP www > 7222 [SYN, ACK] Seq=4159779480 Ack=1 Win=2048 Len=0 MSS=1460

From our experiments, we noticed that only outgoing TCP connections trigger TCP reset packets. Also, TCP connections established before the traffic shaping is activated are not effected, and it is possible to establish TCP connections to a host experiencing the traffic shaping. Finally, only TCP connections are effected.


Although the traces given above were generated synthetically, it is possible to produce the TCP reset packet flood using peer-to-peer applications such as BitTorrent. Users may find it extremely difficult to establish new TCP connections while using any application that has a relatively high rate of TCP connection establishment on a Comcast link. For instance, the Firefox browser will give the following error message when an HTTP connection is reset:


"Kevin Bauer", Ph.D. student

Damon McCoy, Ph.D. student

"Dirk Grunwald", Associate Professor

"Douglas Sicker", Assistant Professor


Rush to Judgment: Comcast Not Blocking Web Traffic After All
Eric Bangeman

Over the weekend, a group of researchers at the University of Colorado reported evidence that Comcast's traffic management had extended beyond the realm of BitTorrent to plain old HTML traffic. The results caught Comcast's eye, not because it was doing anything to throttle non-P2P traffic, but because the company wasn't. The researchers have since said that their initial conclusions were "incorrect."

Here's how it went down. The researchers at the University of Colorado discovered that they were able to generate the same type of forged TCP reset packets used by Comcast to block ("delay," according to the cable provider) BitTorrent uploads. During peak traffic periods, the researchers saw TCP reset packets popping up all over the place, which they said were "aimed at any new TCP connection regardless of the application-level protocol."

With Comcast having recently announced its intention to adjust its traffic management practices, alarm bells went off. Instead of giving up the practice of using TCP reset packets to manage BitTorrent traffic, it appeared that Comcast was doing the opposite: extending it to cover all sorts of traffic.

Upon finding the story, we asked Comcast for comment. Comcast spokesperson Charlie Douglas said that the company was mystified by the researchers' findings. "It doesn't jibe with anything we know we're doing," Douglas told Ars. He promised that the company would contact the researchers in an attempt to discover what exactly was going on.

In an official statement, Comcast said it had yet to make the announced changes to a protocol-agnostic network management policy. "We are currently attempting to contact the PhD students and associate professors at the University of Colorado to better understand their analysis," the company said in a statement.

Not long afterwards, the researchers confirmed that they were reexamining their data with the help of Comcast. "Comcast has approached us to better understand our test, the equipment we used and the results of our analysis," they wrote. "We understand that their current network management techniques should not be producing the results we found and that they are not blocking access to any Web sites or e-mail applications. We are committed to working together and will update our analysis once we have additional information."

That analysis has been updated and the verdict is in: their conclusions were wrong. The Systems Research Lab wiki page pins the results on the network address translator used in the lab. "Further experiments have led us to believe that our initial conclusions that indicated Comcast's responsibility for dropping TCP SYN packets and forging TCP SYN, ACK and RST (reset) packets was incorrect," reads the explanation. "The anomalous packets were generated when the outbound TCP SYN packets exceeded the NAT's resources available in its state table. In this case, TCP SYN, ACK and RST packets were sent."

While at first glance it appears that this story is a case of much ado about nothing, it does show how a company's bad behavior can set it up for further scrutiny. Had Comcast not been caught throttling BitTorrent traffic last year, chances are that the researchers would not have given the company a second glance. And as the saying goes, once bitten, twice shy—once customers have been burned by a company, they're more likely to read malice into what they would otherwise not take notice of.

BBC and ISPs Clash Over iPlayer
Jane Wakefield

A row about who should pay for extra network costs incurred by the iPlayer has broken out between internet service providers (ISPs) and the BBC.

ISPs say the on-demand TV service is putting strain on their networks, which need to be upgraded to cope.

Ashley Highfield, head of future media and technology at the corporation, has said he believes the cost of network upgrades should be carried by ISPs.

Simon Gunter, from ISP Tiscali, said the BBC should contribute to the cost.

He said the BBC did not understand the issues involved.

'Bit odd'

The popular iPlayer service lets users download or stream programmes to a PC.

In its first three months more than 42m programmes have been accessed via the catch-up TV service.

According to figures from regulator Ofcom it will cost ISPs in the region of £830m to pay for the extra capacity needed to allow for services like the iPlayer.

Mr Gunter is leading the call for the BBC to help pay for the rising costs.

"The question is about whether we invest in extra capacity or go to the consumer and ask them to pay a BBC tax," he said.

Bandwidth problems

Mr Highfield told the BBC's Today programme such "inflammatory" comments were not helpful.

"The success of the iPlayer should be of benefit to the whole UK broadband industry, increasing those who want to take up broadband," he said.

In his BBC blog last week Mr Highfield laid out a 19-point plan of action for ISPs, and warned they should not try to charge content providers.

"Content providers, if they find their content being specifically squeezed, shaped, or capped, could start to indicate on their sites which ISPs their content works best on (and which to avoid)."

In response Mr Gunter said it was a "bit rich that a publicly-funded organisation is telling a commercial body how to run its business".

"Inflammatory comments about blacklisting ISPs do not help. There seems to be a lack of understanding about how networks are built. Either we are not explaining it properly or it is falling on deaf ears," he added.

So-called traffic throttling has long been controversial and has been used by ISPs to control those users who eat up bandwidth by downloading huge amounts of material from often illegal file-sharing sites.

But the BBC's iPlayer service has changed the nature of the problem.

"The iPlayer has come along and made downloading a legal and mass market activity," said Michael Phillips, from broadband comparison service broadbandchoices.co.uk.

He said he believed ISPs were partly to blame for the bandwidth problems they now face.

"They have priced themselves as cheaply as possible on the assumption that people were just going to use e-mail and do a bit of web surfing," he said.

ISPs needed to stop using the term 'unlimited' to describe their services and make it clear that if people wanted to watch hours of downloaded video content they would have to pay a higher tariff, he added.

He said he believed the BBC needed to compromise.

"There has been talk, for instance, of the BBC bringing their servers into the loop as a way of lowering the backhaul costs," he said.

But Mr Gunter said he was not convinced this would help.

"I have heard that the BBC is working on building a caching infrastructure so that storage devices can go on an ISP's network but even if it goes ahead it doesn't save costs on the backhaul network," he said.

Gridlock warning

Geoff Bennett, director of product marketing at optical equipment maker Infinera, said he believed the government should broker a deal between the BBC and ISPs.

While allowing BBC content to be 'cached' by ISPs might be an instant fix to the problem it may not be the answer as more on-demand, bandwidth heavy applications come online, he said.

"There is a broader issue about the downloading of content and this requires an increase in the pipe where the bottleneck is occurring," he said.

This would mean upgrades in the so-called backhaul or second mile network, he said.

"The industry has talked a lot about upgrading the last mile network with fibre to the home but the question needs to be asked about whether we should upgrade the second mile. The price of this would be ten times less," he said.

Some reports, including one from US analyst firm Nemertes Research, have warned of net gridlock as early as 2010 as networks struggle to cope with the amount of data being carried on them.

But the BBC believes that the growth is "manageable", said Mr Highfield.

"We estimate that currently the iPlayer is having between 3-5% impact on the network," he said.

The Future of Broadband: We're Totally Screwed

As turtle-tastic as broadband is in the US compared to Asia, other than Time Warner's experiment to charge by the byte, at least consumption-based billing has mostly been a problem for Canadians. Until now. Justin from Bend, Oregon just sent us his ISP's new pricing plan, which makes Time Warner's look supremely generous: $55 a month buys you a measly 50GB running at a respectable 16Mbps downstream. If you run over, it's an extra $1.50 per GB. We hope Bend residents aren't huge fans of iTunes rentals—they'll chew through your allowance mighty quick. Welcome to what's shaping up to be the scary future of broadband in this country: It'll be faster, but it's either going to be filtered, slowed down or capped. [BendBroadband]

Big ISPs Push P4P as Substitute for Net Neutrality
Matthew Lasar

In their latest filings with the Federal Communications Commission, AT&T and Comcast argue that new breakthroughs in "P4P" network management lessen or eliminate the need for the agency to enact stronger net neutrality rules. Comcast's statement, filed with the FCC on April 9th, hails an announcement by P2P developer Pando Networks that its experiments with P4P technology on a wide variety of U.S. broadband networks have boosted delivery speeds by up to 235 percent.

This news, Comcast vice president Kathryn A. Zachem wrote to the Commission, "provides further proof that policymakers have been right to rely on marketplace forces, rather than government regulation, to govern the evolution of Internet services."

P4P stands for Proactive network Provider Participation for P2P, a system of support for peer to peer protocols that allows tracking devices to communicate with network management systems about P2P flow. The objective, as four University of Washington and Yale scholars recently concluded in a paper on P4P, is to encourage "a more effective cooperative traffic control between applications and network providers." In short, the technology helps file-sharers pick each other in ways that contribute to a more efficient network.

Ars spoke with Verizon senior technologist and Distributed Computing Industry Association's (DCIA) P4P Working Group co-chair Doug Pasko in March, who reported 200 to 600 percent boosts in download speed in their experiments with Pando. Pando's April 9 release says that since late February it has now performed experiments in broadband video delivery to over one million people via networks that include AT&T, Bell Canada, Cablevision, Comcast, Telefonica, Time Warner, and Verizon—all with positive results.
On April 7, AT&T filed comments with the FCC's net neutrality docket that included the U. of Washington/Yale study and a PowerPoint presentation on network management. Three top AT&T reps also met with legal advisers to Commissioners Deborah Taylor Tate, Jonathan Adelstein, and Michael Copps. The presentation observes that broadband networks are inherently shared and that "P2P is not necessarily an efficient technology in its present form." In addition, the AT&T trio warned that an FCC policy of "strict nondiscrimination" would only serve "the interests of elitist users," presumably P2P file sharers.

The presentation backs this claim with a chart that asserts that AT&T end-user bandwidth has been increasing by about 35 percent a year from 2001 through 2007. In addition: "heavy bandwidth applications such as streaming media (Web & Multimedia) and Peer-to-peer are driving approximately 80 percent of total bandwidth on AT&T's broadband network." The chart does not break down what percentage of that 80 percent can be attributed to P2P use.

P2P is upsetting

The AT&T presentation concludes that increased bandwidth won't help alleviate this problem, "because the need to managed shared networks doesn't go away as bandwidth increases." The filing claims that in the end there's no escaping the fact that certain P2P technologies have "upset network architecture assumptions—increasing the challenge and complexity of network management."

AT&T's solution? The telco points to the DCIA P4P group's efforts as one solution. In the meantime, "resolve disputes as to what constitutes a reasonable network management practice on a case-by-case basis."

Pando's press release includes a comment by Comcast CTO Tony Werner praising "the applicability of P4P to cable ISP infrastructures." Comcast's FCC comments promise a collaboration with Pando "to ensure that all of us can continue to deliver ever-improving services to consumers."

AT&T and Comcast's remarks also indicate that P4P technology has already become politicized as the FCC prepares for its second hearing on network management practices, scheduled to take place at Stanford University on April 17. The Commission hasn't released a list of panelists yet, but it has disclosed the titles of the two panel discussions, one on "Network Management and Consumer Expectations," the other on "Consumer Access to Emerging Internet Technologies and Applications."

Study Gives High Marks to U.S. Internet
John Markoff

Contradicting earlier studies, conventional wisdom and politicians’ rhetoric, European researchers say that the Internet infrastructure of the United States is one of the world’s best and getting better.

The Global Information Technology Report issued on Wednesday found that the United States now ranked fourth in the world behind just three European nations: Denmark, Sweden and Switzerland. Last year the United States was ranked seventh.

The study, which has been issued annually for the last seven years, is an effort to draw a more complete picture of national network readiness.

The study was done by Insead, the business school near Paris, on behalf of the World Economic Forum, a policy and conference group based in Switzerland. It used an index generated from 68 variables including market factors, political and regulatory environment and technology infrastructure rather than just bandwidth capacity and data transmission speeds.

Some Internet industry veterans were skeptical of the positive claims about the United States compared with the rest of the world. “My gut feeling is that we don’t have the type of deployment you have abroad,” said David J. Farber, an Internet pioneer and a professor of computer science at Carnegie Mellon University. “If you are looking at broadband, we have a lot of problems. We are slow as molasses in deploying the next generation.”

The Insead assessment offers a stark contrast to other appraisals based on single measures that have portrayed the United States, the nation that invented the global data network, as both lagging and declining in the broadband boom. Last year a range of statistics on global bandwidth use indicated that the United States was trailing other industrial nations in both broadband network consumption and penetration as a percentage of population.

For example, statistics maintained by the Organization for Economic Co-operation and Development gave a conflicting message. The average advertised broadband download speed of 23 American providers was 8.8 megabits a second, while the average for 23 providers in Denmark was a considerably slower 5.9 megabits. At the same time the number of broadband subscribers in Denmark was 34.3 for every 100 inhabitants, compared with 22.1 in the United States, according to a study in October 2007.

However, one of the authors of the Insead report said the narrow measures had failed to capture the true impact of the Internet when it was considered in a cultural, economic and political context.

“What the U.S. has is a number of strengths along a number of dimensions,” said Soumitra Dutta, a professor of information systems at Insead and the director of the study. “It is not just a question of technology. Political and economic factors become extremely important.”

He pointed to France as a country that was a technology leader in terms of network services that had trailed in the study, ranked at 21. “It’s not because France is lacking in technology,” Professor Dutta said. “If you look at other kinds of regulatory issues and labor conditions, you find a rigid situation that prohibits companies from making the most effective use of technology.”

An O.E.C.D. economist acknowledged the nuances in taking into account government regulatory and related factors, and said it was hard to draw a single conclusion from the data. “I think we can say that a lot of the situation in the United States is a result of the lack of competition,” said Taylor Reynolds, an economist in the Internet and Telecommunications Policy section of the O.E.C.D. “In Europe we have adopted an unbundling strategy wholeheartedly.”

That has led to more competition in markets outside the United States, he said, which in turn has driven Internet service providers elsewhere to offer speedier service and lower prices.

One aspect of global competition that is being watched closely, he added, is the way fiber optic networks are being introduced in different regions. Even though the United States has begun to accelerate the availability of fiber optic services, it is lagging Europe and Asia in network speeds.

While Verizon is offering 50 megabit FIOS in the United States, 100 megabit services are common in Europe, and the Japanese are offering 1 gigabit services.

Still, there are puzzling aspects to the American market, which has higher broadband availability than many countries but lower adoption rates. More customers have retained dial-up services than most countries, which might be explained by price or lack of attractive broadband services.

Industry executives in the United States said the Insead report was a significant counterweight to the one-dimensional O.E.C.D. statistics. “Being an optimist, I’m seeing some significant and promising things happening in the United States,” said Robert Pepper, senior managing director, Global Advanced Technology Policy at Cisco Systems, the world’s largest networking equipment company.

The study portrayed a number of global trends. Five Nordic countries were reported among the world’s top 10. South Korea posted one of the most significant improvements in the last year, moving up 10 places in the ranking to ninth, and China moved up five positions to 57th.

How Should I.S.P.’s Tell You if They Want to Track Your Surfing?
Saul Hansell

The term “unavoidable notice” has been bandied about by a group of Internet advertising executives recently as they explored whether to endorse proposals for Internet service providers to keep track of where their customers surfed and what they searched for.

One theory goes that such systems would be acceptable if customers were informed of the plan in a way that they were sure to see, with a clear way for users to choose not to have their activities recorded. (There are some who say that it is simply unacceptable for an I.S.P. to record the content of its customers’ communications under any circumstances.)

One of the leading companies involved in this concept, Phorm, says it is developing a plan that would in fact force users to see an explanation of its program and give them an explicit choice about whether to participate. Since the company won’t start operations for a few weeks, the details, which are very important, haven’t been disclosed.

The other company, NebuAd, which started operation last fall, seems to be going out of its way to avoid being noticed by the users it monitors. It won’t disclose the Internet providers or advertising companies it is working with. And after the Washington Post discovered two Internet providers it works with — Embarq and Wide Open West — those companies have refused to answer any questions about their relationship with NebuAd.

It always struck me that one good test of an idea is whether the people behind it are willing to stand up in public and say exactly what they are doing and why. And that seems a particularly apt way to look at these companies, which claim that their seemingly invasive plans are in fact very sensitive to the privacy of Internet users.

Both NebuAd and Phorm understand this. Both have hired public relations consultants and reached out to privacy advocates. Indeed, as I’ve written, the chief executives of both Phorm and NebuAd reached out to me and spent a long time discussing their companies and how their systems worked.

It’s early, but so far Phorm appears to be more committed to openness than NebuAd. It may have more of a hurdle to overcome to build trust. The company, under its previous name 121 Media, distributed software that displayed pop-up ads on users’ computers. Privacy groups, like the Center for Democracy and Technology, said the company’s software was spyware because it wasn’t disclosed properly when it was installed and was hard to remove.

Now that it has changed its business, Phorm says it is pursuing an open approach. It has published the names of the I.S.P.’s it is working with and some sites that will use its advertising system. It has hired Ernst & Young to audit its system. And it says it will allow others to examine the system as well.

Most significantly, Kent Ertugrul, Phorm’s chief executive, told me that it would not start monitoring users until after it pops a screen in front of their browsing to explain the system. He wouldn’t say what the screen would look like. And the choice to opt out of the system, he said, might be on a second screen, not right next to the choice to opt in. Still, he promised that “the opt-out will be more transparent than anything else,” referring to other ad targeting systems.

BT Broadband, one of the three British Internet providers that are working with Phorm, will in fact give users the choice to participate or not on the same screen, at least in its initial tests. Emma Sanderson, BT’s director of value-added services, sent me this in an e-mail describing how the disclosure will work:

The concept though is pretty straightforward…. the webpage will appear when a customer starts browsing, there will be a description of the service and three buttons - Yes I want the service, No I don’t want the service and I want more information (not these words exactly). If they request more information they will be taken to another page with more detail on it.

She said the company would start testing the service with 10,000 customers in coming weeks. It will be presented as a way to both reduce the number of irrelevant ads users see and also as an aid to online safety because Phorm also helps detect some fraudulent Web sites.

Ari Schwartz, the chief operating officer of the Center for Democracy and Technology, said that this approach may well be appropriate, depending on how easy it is for consumers to understand and how actions are interpreted. If someone closes the pop-up window without making an explicit choice, he said, it should not be considered consent to have their actions monitored.

NebuAd’s approach to disclosure, by any measure, is much further away from “unavoidable notice.” Robert Dykes, NebuAd’s chief executive, told me the company would force I.S.P.’s that participate to notify their customers about the program. But this can be by e-mail, an insert in a billing statement or some other format where boilerplate that consumers don’t read is placed. Of course, it requires that the companies also disclose the system in their privacy statements, another graveyard for unread legalese.
The privacy statement of Embarq is particularly terse. It doesn’t mention NebuAd. It does have a link to opt out of the system which goes to a Web site called Faireagle.com, which is run by NebuAd. Wide Open West has a somewhat more articulate privacy statement. It gives a brief example of how the system may work. It names NebuAd and gives several links where consumers can get more information.

In what other way, if any, did these companies notify their customers? That is one of many questions I had for them that they refused even to consider answering. Peter Smith, the vice president of programming for Wide Open West, declined to comment and declined to say why he was declining to comment.

I then called David Burgstahler, a partner of Avista Capital, the private equity firm that owns Wide Open West. He wouldn’t talk to me either. Amanda Heravi, an Avista spokeswoman, said she would see if she could find someone to talk to me, but I haven’t heard back yet.

At Embarq, Debra Peterson, the company spokeswoman, e-mailed this statement, saying she would entertain no further questions:

Like other companies, we are evaluating behavioral marketing tools, but we have not decided whether to move forward with them. Our Privacy Policy anticipates and alerts customers to possible future use of these tools, and offers customers the opportunity to simply and quickly opt out. EMBARQ takes its customers’ privacy very seriously and we take every precaution to ensure information about our customers remains secure and anonymous.

Embarq by the way is the big local phone company unit spun off from Sprint that is publicly traded.

In my conversation with Mr. Dykes, I asked several times why he wouldn’t name the Internet providers he works with. He said, “It is inappropriate for a vendor to talk about its customers.”

I asked him why users should feel comfortable being involved with a system when the companies using it are afraid to stand up in public and discuss it. I also suggested that customers may want to know in advance whether Internet providers they may choose to do business with will sell information about their browsing to ad targeting firms. He said there is no need to disclose that in advance, particularly because NebuAd allows people to go to its site and request a cookie on their computers that will indicate they don’t want to participate in its tracking program on any Internet provider.

“If someone thinks this is really important, they should simply opt-out,” Mr. Dykes said.

It’s not clear to me that these are the policies that will build the trust level that Mr. Dykes says he needs in order to convince the large Internet providers to sign up for his service.

More Crappy Censorship From Your Friends at Yahoo!
Thomas Hawk

Mike Arrington has a blog post over at TechCrunch regarding a recent censorship case over at Yahoo where taking down and destroying user's content seems to be business as usual.

In this most recent case, Loren Feldman uploaded a video mocking Shel Israel and the Village People to Yahoo Video only to see his video taken down after an extremely weak DMCA notice was presented by Scorpio Music.

The video in question, embedded above, certainly would fall into the fair use category. It is absolutely parody which is protected as fair use and the amount of the song used is a brief snippet, also brief enough to count as fair use even if the video was not parody.

But in typical Yahoo "shoot first ask questions later" fashion, they have removed Feldman's video. They also sent him a threatening email saying that they could terminate all of his yahoo services and deactivate his Yahoo ID. Fortunately a copy of the video in question still exists over at Google on YouTube as embedded above. I guess Google cares a little bit more about a user's fair use rights than Yahoo does.

It is terrible that it seems that anybody in the world can send a DMCA notice, valid or not, to Yahoo and get them to censor user content. Personally I think Yahoo has a higher obligation to the users who use their sites.

A while back Michael Crook sent Yahoo a bogus DMCA takedown request for one of my photos on Flickr. How did Yahoo handle this? They not only removed the perfectly valid and legal photo in question. But they *permanently* destroyed the uploaded photo along with dozens of comments. Later on Crook resceinded his bogus DMCA notice in my case but it was too late. The photo I'd posted and all of the comments were permanently erased by Yahoo from the internet.

A similar thing happened to Rebekka Guðleifsdóttir who also saw Yahoo destroy her photo along with over 450 comments which Flickr Chief Stewart Butterfield later chalked up as a "mistake," to the BBC News.

The problem with Yahoo! is that these "mistakes," only seem to get apologized for when they receive a lot of publicity. How many hundreds or thousands of Yahoo users have simply seen their content destroyed by Yahoo and didn't really have the voice or reach to really do anything about it.

Shame on Yahoo for censoring Loren. And shame on them for treating their users so poorly. Yahoo should take more care when reviewing DMCA takedown notices and give their users the respect that they truly deserve.

It will be interesting to see if Microsoft does a better job with the censorship once they take Yahoo over here shortly.

FBI Data Transfers Via Telecoms Questioned
Ellen Nakashima

When FBI investigators probing New York prostitution rings, Boston organized crime or potential terrorist plots anywhere want access to a suspect's telephone contacts, technicians at a telecommunications carrier served with a government order can, with the click of a mouse, instantly transfer key data along a computer circuit to an FBI technology office in Quantico.

The circuits -- little-known electronic connections between telecom firms and FBI monitoring personnel around the country -- are used to tell the government who is calling whom, along with the time and duration of a conversation and even the locations of those involved.

Recently, three Democrats on the House Energy and Commerce Committee, including Chairman John D. Dingell (Mich.), sent a letter to colleagues citing privacy concerns over one of the Quantico circuits and demanding more information about it. Anxieties about whether such electronic links are too intrusive form a backdrop to the continuing congressional debate over modifications to the Foreign Intelligence Surveillance Act, which governs federal surveillance.

Since a 1994 law required telecoms to build electronic interception capabilities into their systems, the FBI has created a network of links between the nation's largest telephone and Internet firms and about 40 FBI offices and Quantico, according to interviews and documents describing the agency's Digital Collection System. The documents were obtained under the Freedom of Information Act by the Electronic Frontier Foundation, a nonprofit advocacy group in San Francisco that specializes in digital-rights issues.

The bureau says its budget for the collection system increased from $30 million in 2007 to $40 million in 2008. Information lawfully collected by the FBI from telecom firms can be shared with law enforcement and intelligence-gathering partners, including the National Security Agency and the CIA. Likewise, under guidelines approved by the attorney general or a court, some intercept data gathered by intelligence agencies can be shared with law enforcement agencies.

"When you're building something like this deeply into the telecommunications infrastructure, when it becomes so technically easy to do, the only thing that stands between legitimate use and abuse is the complete honesty of the persons and agencies using it and the ability to have independent oversight over the system's use," said Lauren Weinstein, a communications systems engineer and co-founder of People for Internet Responsibility, a group that studies Web issues. "It's who watches the listeners."

Different versions of the system are used for criminal wiretaps and for foreign intelligence investigations inside the United States. But each allows authorized FBI agents and analysts, with point-and-click ease, to receive e-mails, instant messages, cellphone calls and other communications that tell them not only what a suspect is saying, but where he is and where he has been, depending on the wording of a court order or a government directive. Most of the wiretapping is done at field offices.

Wiretaps to obtain the content of a phone call or an e-mail must be authorized by a court upon a showing of probable cause. But "transactional data" about a communication -- from whom, to whom, how long it lasted -- can be obtained by simply showing that it is relevant to an official probe, including through an administrative subpoena known as a national security letter (NSL). According to the Justice Department's inspector general, the number of NSLs issued by the FBI soared from 8,500 in 2000 to 47,000 in 2005.

The administration has proposed expanding the types of data it can get from telecom carriers under the 1994 Communications Assistance for Law Enforcement Act, so FBI agents can gain faster and more detailed access to information sent by wireless devices that reveals where a person is in real time. The Federal Communications Commission is weighing the request.

"Court-authorized electronic surveillance is a critical tool in pursuing both criminal and terrorist subjects," FBI spokesman Richard Kolko said.

A Justice Department spokesman said the government is asking only for information at the beginning and end of a communication, and for information "reasonably available" in a carrier's network.

Al Gidari, a telecom industry lawyer at Perkins Coie in Seattle who handles wiretap orders for companies, said government officials now "have to rely on a human being at a telecom calling up every 15 minutes to send law enforcement the data."

He added: "What they want is an automatic feed, continuously. So you're checking the weather on your mobile device or making a call," and the device would transmit location data automatically. "It's full tracking capability. It's a scary proposition."

In an affidavit circulated on Capitol Hill, security consultant Babak Pasdar alleged that a telecom carrier he had worked for maintained a high-speed DS-3 digital line that co-workers referred to as "the Quantico Circuit." He said it allowed a third party "unfettered" access to the carrier's wireless network, including billing records and customer data transmitted wirelessly.

He was hired to upgrade network security for Verizon in 2003; sources other than Pasdar said the carrier in his affidavit is Verizon.

Dingell and his colleagues said House members should be given access to information to help them evaluate Pasdar's allegations.

FBI officials said a circuit of the type described by Pasdar does not exist. All telecom circuits at Quantico are one-way, from the carrier, said Anthony Di Clemente, section chief of the FBI operational technology division. He also said any transmissions of data to Quantico are strictly pursuant to court orders.

Records, including who sent and received communications, the duration and the time, are kept for evidentiary purposes and to support applications to extend wiretap orders, he said.

Verizon spokesman Peter Thonis said no government agency has open access to the company's networks through electronic circuits.

Dial D for Disruption
Quentin Hardy

Want to build a phone company for $100? Give Mark Spencer a ring.

In a research park outside the low-key bustle of downtown Huntsville, Ala. Mark Spencer finishes his barbecue and resumes wreaking havoc on the multibillion-dollar phone equipment business.

Spencer is the inventor of Asterisk, a free software program that establishes phone calls over the Internet and handles voicemail, caller ID, teleconferencing and a host of novel features for the phone. With Asterisk loaded onto a computer, a decent-size company can rip out its traditional phone switch, even some of its newfangled Internet telephone gear, and say good-bye to 80% of its telecom equipment costs. Not good news for Cisco, Nortel or Avaya.

"We have to figure out ways to get into everything: Carriers, businesses, equipment companies," says Spencer. "For better or worse, I don't tend to think small."

Spencer, who is all of 29 years old, is poised to disrupt the $7 billion market for office telecom switches (often called PBXs) much the way the Linux open-source computer operating system crushed the price of business computing and brought woe to established leaders such as Microsoft and Sun Microsystems.

Since Spencer released Asterisk to the world in 1999 as a phone operating system, it has been downloaded 500,000 times, and it continues to be downloaded 1,000 times per day. Some 350 contributors have taken it from a rocky voice system to one with clear calling and more than 100 features.

Electric utility Southern Co. is using Asterisk in a pilot program to translate voicemail into text messages for 30 managers' BlackBerrys.

The town of Manchester, Conn. is about to begin using Asterisk to run an application tied to the 911 service that will cost less than $1 million, half the price it would have paid had it used traditional phone equipment, and at 10% of the operating costs. Outsourcing company Sutherland Global Services has tested Asterisk in 400-person call centers, finding it cuts telephone costs by two-thirds.

In Rensselaer, Ind. computer science professor Brian Capouch has built a commercial-class phone system that already touches 20 communities and covers more than 1,000 square miles with just $100 in personal computer equipment and $125 to customize each location.

For a little more he built an Asterisk system of motion detectors and Web cameras that send video to his office laptop and can call any phone when something happens at his house. One of his students created a business sending other kids automated wake-up calls. Other Asterisk hacks include a way to pay your parking meter by phone.

"You couldn't set out to build a system like this. No one company could do it all. When you open source, people just keep improving things," says Spencer.

Asterisk could lead to the creation of thousands of businesses, as people begin thinking about the phone the same way they saw the personal computer in 1980, as a platform on which to build. Spencer had this in mind when he named his software after the symbol used in Unix computer programming to signify "everything."

Digium, the company Spencer created in 1999, now has 50 employees and more than $10 million in revenue from selling hardware loaded with a tested business edition of the otherwise free Asterisk, much the way Red Hat charges for a widely used standard for Linux. Digium makes a profit, though Spencer won't say how much.

Overhead is low. Spencer pays less than $15 a square foot for space (per year) and does up his own quarters in geek chic: reworked computer guts, testing screens, a fridge filled with caffeinated sodas and a sculpture he made of a robot holding a rotary phone. He shares his office with a 23-year-old programmer who was still a teen when they met. Spencer once had to write a note to his principal years ago when a job conflicted with the school day.

Spencer's parents are professors at Auburn University (his American father teaches education, his Egyptian mother French). In eighth grade he wrote a grading program for his teacher and sold it for $5. While still in high school, Spencer hung around Auburn's electrical engineering department, designing integrated circuit structures for fun. "I'd go over to his house [to discuss semiconductors] and he'd be finishing writing a symphony on his synthesizer," says Thaddeus Roppel, an Auburn professor and early mentor. "He kept up with his high school homework, too."

While on a full scholarship at Auburn, Spencer started Digium as a Linux consultant. He sold one-seventh of the firm for $500,000 to Adtran, a Huntsville telecom equipment maker where he had interned two years before. He wanted a really cool phone switch to handle sales orders, but when he learned that it would cost $10,000, he began writing Asterisk. "I'd never touched a traditional pbx," Spencer says.

But he knew a ton about open-source software, whose source code is given away in order to attract improvements. He had earlier built an instant-messaging client called Gaim, which has become popular among the open-source crowd. Spencer based Asterisk on Apache, the freebie software that powers many a Web server. Aided by a couple of Internet telephone veterans, he put the telephone switch at the center of the operating system and made it possible to connect it to almost any Internet phone system (except Skype).

Asterisk was still a hobby until the spring of 2001, when the tech crash killed Digium's Linux business. Spencer saw there was interest in Net phones and shifted gears. By the end of the year Digium was selling computer cards with custom boards and Asterisk software.

Spencer is picking up a few big allies. Intel now makes Asterisk-compatible cards for computers and has tested large deployments. "Open source is one of the hottest topics in telecom today," says Intel marketing director Timothy Moynihan.

Yet IBM, which styles itself a champion of all things open, will only say it has a "positive but very informal" relationship with Asterisk and Digium. That distance may owe something to the fact that IBM resells Cisco's Internet telephone gear to big firms like Ford and Dow Chemical.

In an internal study last summer Cisco identified 100 corporate customers making big use of Asterisk. Open-source Internet phones, the document said, will force Cisco to excel in "reliability, productivity, enhancements, features, vendor reputation, service [and] support." Cost was unlikely to be Cisco's selling point.

"I used to go on industry panels, and the guys from Cisco would be nice and baby me, never saying anything bad about Asterisk," Spencer says. "Lately they've stopped seeing me as a charity. It's their business."

Says Cullen Jennings, a senior Cisco engineer: "The bulk of PBXs that people deploy five years from now will not be open source, but that is just a guess." Either way, he figures that if Asterisk destroys Cisco's valuable PBX business, Cisco can sell services and related networking gear based on it, the same way ibm embraced Linux-based computing.

Spencer hopes he doesn't have to choose between spreading the Asterisk gospel or getting rich on Digium. "The existing telephony business, for some companies, is going to get collapsed way down," he says. "What will be the new services? The new industries? Like a lot of things, you do this because it's interesting, and you don't really know where it's going to go."

The Story Behind Opera Mini on Google Android
Chris Mills


This article takes a look at one of Opera's latest and greatest projects - the creation of an Opera Mini version that will run on Google's Android open mobile development platform. Over the course of the article, we'll explain why we created it, how, challenges we faced, and how you can try it out for yourself. We'd like to encourage you to try it out, and give us as much feedback as you possibly can. Enjoy!

Why did we do it?

When we first heard about Google Android, we were very excited about the possibilities it presents, and thought it would be very cool to make Opera Mini available on it, plus it would give mobile developers a better choice of browsers to make available on handsets. But it goes beyond just cool factor - one of Opera's central doctrines is providing the best internet experience on any device - the Android platform is another missing piece of the puzzle for us to fill in.

There are also practical reasons - the Opera Mini browser renders web pages that have been transcoded to the binary OBML format, meaning much smaller downloads and a faster browsing experience on mobiles, than would be provided by other browsers (the Android WebKit-based browser component has a switch in the public API allowing the use of a transcoding proxy that transcodes web pages to a simpler form of HTML. Whether this is as small and fast as Opera Mini's OBML remains to be seen.)

How did we do it?

How did we do it? We decided to use the existing Opera Mini code base (even the binary package) instead of creating a separate port, to save on resourses. We created a special wrapper that translates Java ME (mostly MIDP) API calls into Android API calls. The tool used was MicroEmulator - this is an open source (LGPL) implementation of Java ME that runs on top of Java SE. The lead Opera Mini Android developer is also the lead developer of MicroEmulator, so it was an inspired choice! The Android platform is similar to Java SE, with the exception of several libraries normally included in Java SE (like AWT/Swing - these are excluded because they would likely be too heavy to fit into the embedded environment.) It is therefore fairly simple to port MicroEmulator to run inside Android environment. The only major task was to replace the AWT/Swing graphics backend of MicroEmulator with Android specific APIs.

Issues we faced

This section details the issues we faced when making the Opera Mini port over to Android:

1. First, the Android platform is a very fresh set of APIs. There is not much information available on the web, and the community around Android is just forming, so sometimes it is difficult to find an answer if something during development is not going very well and you have questions. Other people involved in Android development are very willing to help others, however
2. Next, you need to consider that Android is not a finished product yet - for example, the last SDK update changed a large number of the APIs, so as we fixed existing issues, new problems appeared; the most serious being performance degradation of the emulator, which we are currently working on
3. We still have no access to any hardware that will run Android. It is currently impossible to say how fast Opera Mini will run on real devices
4. Integration between the Eclipse IDE and the Android SDK is seamless, making for a nice coding experience. The Android emulator however runs inside QEMU, which is a bit to slow even on fast desktops. This is quite annoying and we hope it will improve in the next SDK updates

Try it yourself!

As mentioned above, there is currently no hardware available that will run Android, but you can still try the Opera Mini Android version out using the Android SDK and emulator. Here's how (these steps are basically the same on any platform that runs the SDK):

1. Download and install latest version of Android SDK
2. Obtain the Opera Mini for Android package
3. Once you have installed the Android SDK, start the Android emulator that comes with it (this can be found at {Android home}/tools/emulator
4. Transfer and install the Opera Mini package into the emulator - you can do this with the following command line input - {Android home}/tools/adb install OperaMini.apk

Opera Mini should now appear in the emulator Applications folder.

Known issues

• Small painting issues
• The Back command isn't yet mapped to the device back button

IBM Chip is Fastest on Earth
Tom Abate

IBM Corp. began shipping high-end computers Tuesday built around the fastest chip on Earth, a microprocessor that can carry out up to 5 billion instructions per second, surpassing the speediest competing processors built by rivals like Intel or Sun Microsystems.

The new IBM processor, called the Power6, was designed to run big-ticket, water-cooled machines that drive corporations or tackle scientific problems, but slower versions of this same family of chips are already being used in inexpensive, consumer devices like the Nintendo Wii, Microsoft Xbox and Sony PlayStation.

Cranking up the speed is only one way to improve overall system performance, say chip experts from Intel and Sun, which have evolved different ways to coax more work from chips - and therefore stay competitive in the never-ending race to sell computers that do more and cost less.

But if a stopwatch were the only ranking system, the 5-billion-instructions-per second Power6 processor from IBM would beat such rivals as the 3.73 gigahertz Pentium Extreme and the 2.4 gigahertz UltraSparc T2 from Sun.

"It's hard to make the average person understand just how fast this is," said IBM Chief Technology Officer Bernard Meyerson, offering an example meant to explain his company's baby that still leaves the listener awed with the speediness of the two "laggards."

"Hold your index finger out in front of your face," Meyerson said in a telephone interview from IBM headquarters in New York. In less time than it would take a beam of light to travel from your knuckle to your fingertip, the new IBM chip would complete one task and start looking for the next, he said.

Light would presumably have to travel more than a finger's length to get each task done on the slower processors from Intel and Sun - and at billions-of-cycles per second, slow is a bit of a misnomer.

Then why don't Intel and Sun just crank up the speed? Well, just as is the case with cars, the faster chips run, the hotter they get, and IBM has created water-cooling systems akin to the radiators in cars to keep its processors from overheating. Not doing so, Meyerson quipped, "results in setting fire to the user, which is bad."

Intel spokesman George Alfs said his company, which sells millions upon millions of processors for all sorts of stuff like laptops, where lugging around a water jug would be a chore, said there's no technical reason why Intel chips can't run faster.

In fact, Alfs said, sophisticated game enthusiasts buy water-cooling kits that they fit into desktop PCs, then use software tricks inside the Windows operating system to crank up their own speeds into the 5 gigahertz range.

"But that can void your warranty," Alfs said.

Sun spokesman Mark Richardson took umbrage at the focus on speed. "It's an easier marketing message to deliver to say that faster gigahertz means a faster processor," he said. His colleague, chip expert Fadi Azhari, explained how the Mountain View firm uses a different technical trick, called multithreading, to make a computer faster but not hotter.

Imagine a long line of airport passengers waiting for the ticket agent to check them in, Azhari said. The IBM speed trick would have that ticket agent working faster and faster - with maybe a blower overhead to cool the agent down. But multithreading would be like putting two or more ticket agents on duty, which is another less-heat-intensive approach to processing, he said.

Windows is 'Collapsing,' Gartner Analysts Warn

The researchers damn Windows in current form, urge radical changes
Gregg Keizer

Calling the situation "untenable" and describing Windows as "collapsing," a pair of Gartner analysts this week said Microsoft must make radical changes to the operating system or risk becoming a has-been.

In a presentation at a Gartner-sponsored conference in Las Vegas, analysts Michael Silver and Neil MacDonald said Microsoft has not responded to the market, is overburdened by nearly two decades of legacy code and decisions and faces serious competition on a whole host of fronts that will make Windows moot unless the Redmond, Washington developer acts.

"For Microsoft, its ecosystem and its customers, the situation is untenable," said Silver and MacDonald in their prepared presentation, titled "Windows Is Collapsing: How What Comes Next Will Improve."

Among Microsoft's problems, the pair said, is Windows' rapidly-expanding code base, which makes it virtually impossible to quickly craft a new version with meaningful changes. That was proved by Vista, they said, when Microsoft -- frustrated by lack of progress during the five-year development effort on the new OS -- hit the "reset" button and dropped back to the more stable code of Windows Server 2003 as the foundation of Vista.

"This is a large part of the reason [why] Windows Vista delivered primarily incremental improvements," they said. In turn, that became one of the reasons why businesses pushed back Vista deployment plans. "Most users do not understand the benefits of Windows Vista or do not see Vista as being better enough than Windows XP to make incurring the cost and pain of migration worthwhile."

Other analysts, including those at rival Forrester Research, have pointed out the slow move toward Vista. Last month, Forrester said that by the end of 2007 only 6.3 percent of the 50,000 enterprise computer users it surveyed were working with Vista. What gains Vista made during its first year, added Forrester, appeared to be at the expense of Windows 2000; Windows XP's share hardly budged.

The monolithic nature of Windows -- although Microsoft talks about Vista's modularity, Silver and MacDonald said it doesn't go nearly far enough -- not only makes it tough to deliver a worthwhile upgrade, but threatens Microsoft in the mid- and long-term.

Users want a smaller Windows that can run on low-priced -- and low-powered -- hardware, and increasingly, users work with "OS-agnostic applications," the two analysts said in their presentation. It takes too long for Microsoft to build the next version, the company's being beaten by others in the innovation arena and in the future -- perhaps as soon as the next three years -- it's going to have trouble competing with Web applications and small, specialized devices.

"Apple introduced its iPhone running OS X, but Microsoft requires a different product on handhelds because Windows Vista is too large, which makes application development, support and the user experience all more difficult," said Silver and MacDonald.

"Windows as we know it must be replaced," they said in their presentation.

Their advice to Microsoft took several forms, but one road they urged the software giant to take was virtualization. "We envision a very modular and virtualized world," said the researchers, who spelled out a future where virtualization -- specifically a hypervisor -- is standard on client as well as server versions of Windows.

"An OS, in this case Windows, will ride atop the hypervisor, but it will be much thinner, smaller and modular than it is today. Even the Win32 API set should be a module that can be deployed to maintain support for traditional Windows applications on some devices, but other[s] may not have that module installed."

Backward compatibility with older, so-called "legacy" applications, should also be supported via virtualization. "Backward compatibility is a losing proposition for Microsoft; while it keeps people locked into Windows, it also often keeps them from upgrading," said the analysts. "[But] using built-in virtualization, compatibility modules could be layered atop Win32, or not, as needed."

Silver and MacDonald also called on Microsoft to make it easier to move to newer versions of Windows, re-think how the company licenses Windows and come up with a truly modular operating system that can grow or shrink as needed.

Microsoft has taken some new steps with Windows, although they don't necessarily match what the Gartner analysts recommended. For instance, the company recently granted Windows XP Home a reprieve from its June 30 OEM cut-off, saying it would let computer makers install the older, smaller operating system on ultra-cheap laptops through the middle of 2010.

It will also add a hypervisor to Windows -- albeit the server version -- in August, and there are signs that it will launch Windows 7, the follow-on to Vista, late next year rather than early 2010.

Blockbuster Considering Set-Top Box for Movie Downloads
Erica Ogg

Trips to the video rental store may be a thing of the past sooner than thought.

Netflix and Blockbuster are already offering DVD rental service by mail. Amazon.com, Microsoft's Xbox Live, and Netflix deliver movies directly to the PC. TiVo, Vudu, and Apple TV--not to mention cable and satellite companies--are doing the same for TV sets. Local independent stores notwithstanding, the only major brick-and-mortar options left for renting discs are Hollywood Video/Movie Gallery, which is close to bankruptcy, and Blockbuster.

But The Hollywood Reporter says Blockbuster may be giving customers more reasons not to visit its stores. The rental chain is said to be making a set-top box that will allow video content to be streamed directly to a television. The announcement should come sometime later this month, according to THR

A Blockbuster spokeswoman said it is "talking to numerous companies" about ways it can provide "access to media content across multiple channels--from our stores, by mail, through kiosks, through downloading, through portable content-enabled devices--so it's not surprising that there are rumors out there."

The service would take advantage of video-on-demand technology from Movielink (which Blockbuster bought last year) that allows movie downloads from Universal Studios, Paramount, Sony Pictures, MGM, and Warner Bros.

There was no mention of price or how such a service would work in the report. But let's think about this: to compete with Apple TV or Vudu, the device would have to cost around $200, and rentals of movies and TV shows should be around $3 to $4 each, which would be slightly cheaper than rentals of new releases from Blockbuster currently. The big advantage Blockbuster would enjoy over Apple TV, Vudu, and TiVo, it seems, would be selection. Considering its longstanding relationships with the studios, it would likely have the largest library of films and TV shows to choose from. See my colleague John Falcone's excellent comparison of set-top rental boxes.

No matter the details of the how the device would work, this represents a new direction for Blockbuster and the video rental market. Money spent on DVD ownership and rentals has been decreasing steadily for the past four years, according to the Digital Entertainment Group, which tracks sales of disc media. And though there's no indication Blockbuster would eliminate its brick-and-mortar stores, a streaming video service would clearly cannibalize some of that business.

Assuming the report is spot-on, and Blockbuster attempts to make this transition to digital content, it's time to wonder how much longer physical media will be a factor for mainstream movie renters.

Online Commercials: Now That’s a Hard Sell
Randall Stross

LONG ago, in the heyday of broadcast television, when networks did pretty much as they wished, rule No. 1 was this: Viewers shall sit still and obediently watch commercials.

Later, technology gave viewers the option of disregarding the network’s commandments. The arrival of the remote control’s mute button, and then TiVo, did their part to undermine commercials, and so has the more recent rise of YouTube. When viewers seek entertaining videos there, commercial breaks are not part of the picture.

Now the television industry is moving online and mounting its most ambitious attempt to date to restore mandatory viewing of commercials. Their instrument is Hulu, a company that was founded jointly in March 2007 by NBC Universal and the News Corporation and provides free, advertising-supported television shows for viewing on the Web. It ended its test period last month and declared that Hulu.com was officially open for business.

The site has a smart look, is easy to navigate and allows users to embed any of its programs on their own blogs, on social networking sites or anywhere else, without directing viewers back to Hulu.

Hulu describes itself as the online destination for “premium” video, but in its current form it has serious limitations. Though it has the backing of NBC and Fox (owned by the News Corporation) and has more than 50 recognizable names in the television and movie industries as its content partners, its offerings are surprisingly meager. It provides only a handful of popular television series, like “The Simpsons” and “The Office,” and even in these cases it offers little more than samplers — a paltry five “Simpsons” episodes and nine of “The Office.”

Hulu has only short clips for other programs, rather than full episodes. That’s understandable for “Saturday Night Live” but not for “Law & Order.” It also has 110 movies, mostly titles that failed to impress critics, like “Dude, Where’s My Car?,” and fills out its catalog with long-forgotten television shows like “Adam-12.”

Acknowledging that Hulu’s library is less than what could be wished, Christina Lee, a company spokeswoman, said it was working with its content providers “to navigate complex rights and clearance issues to bring together the best collection of programming online, legally.”

Hulu’s founding assumption is that viewers will appreciate the convenience of having all their favorite television shows at one Web site, no matter what channel broadcast them originally.

This assumption may turn out to be fatally flawed. For branded content, it’s easy to use a search engine to find online whatever one wants. In an instant, for example, a Google search leads to “South Park” episodes on a Web site dedicated to the show; the site opened last month as a joint venture between the “South Park” creators Trey Parker and Matt Stone and Comedy Central. They, too, are offering television programming free online, relying upon commercials. Rather than throwing their lot in with Hulu and ceding a portion of revenue, however, they set up their own operation and put everything they owned online — every episode from the entire 12 seasons. A complete archive like this puts Hulu’s mostly empty shelves to shame.

Jean-Paul Colaco, Hulu’s senior vice president for advertising, said last week that Hulu’s advertising is designed to be “elegant and non-obtrusive.” Instead of running eight minutes of commercials with multiple sponsors in a half-hour slot, Hulu runs only two minutes from a single commercial sponsor: an announcement of sponsorship and “limited commercial interruption” at the beginning, then three 30-second spots interspersed during the show.

“We don’t want to oversaturate the viewer with commercials,” Mr. Colaco explained, which he acknowledges is much easier to do when the viewer’s eyes are only a few inches away from the screen. He and others in the industry call watching television on computers a “lean-forward environment.”

On paper, Mr. Colaco’s offer to run “only 25 percent of the advertising on broadcast television” would seem much appreciated by viewers, and advertisers get exclusive sponsorship of entire episodes. All parties should be happy.

The viewing experience, however, will not necessarily please everyone. The two minutes of single-sponsor commercials in a Hulu program can feel as engaging as a dentist’s drill: there’s no arguing that they get your attention.

On the first “Simpsons” episode I watched, the program stopped for a Sudafed commercial in which unrelieved congestion inflated the suffering victim’s head. A few minutes later, the program halted to show the same commercial, with the same imminent danger of cranial explosion. More minutes passed, and the identical commercial made its third appearance. Of course, no fast-forwarding is permitted.

Hulu must somehow persuade viewers who have become accustomed to snacking on video tidbits at YouTube, free of commercials, to return to the Hulu version of the old broadcast model, in which programs are halted for enforced advertising breaks.

For movies, Hulu is testing a “pre roll,” a two-minute movie trailer at the beginning, which viewers could choose to watch instead of intermittent commercials. It has not tried this, however, for shorter-form programs, knowing that asking viewers to first sit still for two minutes of commercials just to see a 22-minute sitcom is unlikely to be acceptable. “The industry is running away from pre-rolls,” Mr. Colaco said.

YouTube has been slow to explore ways of generating revenue. Its parent, Google, has yet to report earning material revenue from its YouTube operations. But YouTube has recently introduced a new format for advertising that is decidedly less intrusive than Hulu’s. It displays a commercial message for 10 seconds shortly after a video begins, in a small translucent overlay at the bottom of the screen; if a viewer clicks on the message, only then will a full commercial play. Instead of Hulu’s “limited interruption,” YouTube can say, “no interruption whatsoever, unless you choose otherwise.”

We lean forward, yes, but we are leaning into a cornucopia of entertainment options. Advertisers must accept that the old quid pro quo — they bring us television and we give them our full, undivided attention — no longer is acceptable.

But advertisers should not feel singled out. Today, viewers do not give their full, undivided attention to anybody.

HD Radios With iTunes Tagging Hit Stores

iBiquity Digital Corp. announced that the first HD Radio receiver with HD Radio iTunes tagging technology has arrived at retail. Polk Audio's I-Sonic Entertainment System 2 is now available at Apple Stores around the country, as well as online, and will hit Best Buy in June.

"iTunes Tagging is an early example of the outstanding capabilities HD Radio technology will enable beyond new multicast content and higher quality audio," said Bob Struble, iBiquity President/CEO of iBiquity Digital.. "Leading entertainment brands, like Polk and Apple, are embracing HD Radio technology and creating the most advanced experience of the digital lifestyle."

iTunes tagging was announced last fall. At the time, the HD/iTunes radios were expected in stores in time for the holiday season.

In related news, Clear Channel Radio has announced that over 340 of its stations broadcasting in HD are also now compliant with HD Radio iTunes tagging technology. The iTunes tagging allows for listeners to tag a song heard on the air for purchase later via the iTunes Music Store.

"Radio continues to be the number one way that people discover new music, and the HD Radio iTunes tagging capability lets listeners add songs to their iPod playlists with just a push of the button," said John Hogan, President/CEO of Clear Channel Radio. "With the vast majority of our HD primary stations now offering this exciting feature, we’re demonstrating how radio’s collaboration with the iPod benefits consumers."

Clear Channel currently is broadcasting over 400 stations in HD nationwide, with over 340 HD-2 side channels.
JackSpratts is offline   Reply With Quote
Old 09-04-08, 07:03 AM   #2
JackSpratts's Avatar
Join Date: May 2001
Location: New England
Posts: 9,928

Girls Record Brutal Attack On Teen To Allegedly Post On YouTube

Video was released late Monday afternoon showing a brutal beating at the hands of a gang of teenage girls. Their motivation for the attack was allegedly so they could post the video on YouTube and MySpace.

The victim reported the attack after she was beaten so badly she had to be treated at the hospital. That's when the sheriff's office started looking into it and learned about the video.

The sheriff calls it shocking, saying he's never seen anything like it. It was a vicious attack all captured on home video inside a Polk County home.

When 16-year-old Victoria Lindsay arrived at her friend's house where she had been staying, six girls were waiting. Immediately, they started yelling and one girl began pummeling the victim.

On the video, the girls can be heard encouraging the fight in the background, even taunting Lindsay to fight back, all while one of them held the camera. The victim's family has said it was an elaborate plot to injure and embarrass Victoria Lindsay. Lindsay's parents couldn't believe their daughter had to endure the attack.

"That's my Tori. Don't do that to my Tori," said the victim's mother.

The 16-year-old suffered a concussion, eye injuries and several bruises. During the attack, two others were outside keeping watch according to the sheriff's office.

In fact, the sheriff said, Lindsay was lured into the home for the sole purpose of capturing and posting the video on the Internet. According to the sheriff's office arrest affidavit, Lindsay told deputies they "were going to post the beating on MySpace and YouTube."

Instead, it's the sheriff's office that ended up releasing it to the media and now all eight suspects accused of making it happen are charged with very serious crimes. All suspects face charges for false imprisonment and battery. Three of them were charged with kidnapping because, the sheriff's office said, they forced Lindsay into a car and drove her to another location after the beating.

The suspects were identified as 17-year-old Mercades Nichols, 17-year-old Brittini Hardcastle, 14-year-old April Cooper, 16-year-old Cara Murphy, 17-year-old Britney Mayes and 15-year-old Kayla Hassell. Zachary Ashley, 17, and Stephen Schumaker, 18, were identified by deputies as the lookouts.

"They weren't really involved, I don't know. I'm just overwhelmed by all of it. I don't know why the girls have them involved," said Debbie Shumaker, Stephen's mother.

All six of the girls attend Mulberry High School, according to the sheriff's office arrest affidavit.

Pupils Posing as Paedophiles in Cyber-Bullying, Police Warn
Steven Morris

Children as young as 10 may be posing as predatory paedophiles on internet networking sites to frighten boys and girls they have fallen out with, police revealed yesterday. Officers have warned parents and children to be vigilant after as many as nine youngsters in Padstow, Cornwall, were targeted through the networking sites Bebo and MSN.

Police initially believed a local man was trying to groom the children by befriending them online and arranging to meet them. But a member of the public has come forward and told them that youngsters are trying to settle playground disputes by posing as a paedophile to frighten their rivals.

A spokesman for Devon and Cornwall police said: "Information from the public has highlighted a possibility that the offenders could be children aged 10 and over, masquerading as a paedophile. The investigations are continuing and at this moment we are looking into every line of inquiry and are not ruling out any possibility. However, the language used on the social networking sites such as Bebo and MSN is at times childish. It could be youngsters playing a sick game to try and intimidate friends they have fallen out with. This will be treated seriously and we will be contacting the families of the children involved and we will try and help them by involving social services."

Police urged parents in Cornwall to keep a close eye on the websites their children were looking at. The spokesman added: "We would appeal to anyone who has information about this to please contact us immediately so we can continue with our investigations to get this stopped."

A spokesman for the Child Exploitation and Online Protection Centre said: "We have many incidents of cyber-bullying - where children use the internet as a forum to pursue grievances - but have not heard of this happening before. It sounds like a very extreme and worrying course of action."

Paedophiles Face Curbs on Internet Use
Bobbie Johnson

The home secretary will today outline plans to increase protection for children surfing the web, including new jail terms for convicted paedophiles who use social networking websites.

The measures, which mirror systems operating in the US, include a requirement for convicted sex offenders to give their email address to the police. If they use that address to sign up to a website such as MySpace, Bebo or Facebook, they could be imprisoned for up to five years.

The restriction will apply to more than 30,000 people who have been added to the sex offenders' register since its inception in 1997. However, questions have been asked about how this will work in practice, as anyone can create new email identities in a few minutes.

A spokesman for the Home Office said that failure to declare any new email accounts would be considered a criminal offence, but admitted that police would ultimately rely on members of the public to tell them of unlawful actions.

The email idea is thought to have been a late addition to the package of new guidelines, developed by the Home Office in consultation with children's charities and large social networking websites.

The home secretary, Jacqui Smith, said: "We have some of the strictest controls on sex offenders in the world to protect our children. We are working together with police, industry and charities to create a hostile environment for sex offenders on the internet, and are determined to make it as hard for predators to strike online as in the real world."

The plans also include a new kitemarking scheme for parental filtering software. They follow last week's independent Byron review, which recommended better education for parents. A separate study by the media regulator Ofcom found that more than 25% of eight- to 11-year-olds had a profile on a social networking site.

The Home Office plans were largely welcomed by children's charities. "We must strive to do all we can to protect children by keeping one step ahead of the abusers," said Diana Sutton of the NSPCC.

Officials Find Child Pornography on 20,000 Va. Computers

Fourth-highest number of offenders in Herndon
Chris L. Jenkins

Law enforcement officials working undercover were sent child pornography files from nearly 20,000 private computers in the state over a 30-month period, according to a report by an expert on the distribution of Internet child porn.

Those computers accounted for 215,197 Internet child pornography transactions between October 2005 and February, according to a state report developed by Flint Waters, a special agent with the Wyoming attorney general's Division of Criminal Investigation. He has developed a national online system to track such activity.

Waters is part of a federal program, the Internet Crimes Against Children Task Force, which consists of 59 law enforcement agencies nationwide, including two in Virginia. Waters's report found that Herndon ranked fourth among Virginia localities in the number of computers known to possess child pornography statewide. The town of 23,000 is reported to have 1,058 known computers that sent hard-core child pornography to investigators. The task force helped analyze the data, which found that Alexandria had 657 such computers; Fairfax County, 507; Arlington County, 503; and Woodbridge, 467. The city with the most computers was Virginia Beach, followed by Norfolk and Richmond.

The recorded numbers are just a small percentage of the traffic generated by child pornography distributors, who use peer-to-peer file-sharing networks such as Lime Wire to peddle often violent and hard-core movies and images, Waters said. The program tallies only the files that were distributed to undercover officers. The tracking software investigators use, Operation Fairplay, does not tally files shared between private users.

"Right now there's no way that law enforcement can keep up with all this activity," Waters said, adding that such activity has increased steadily in the United States.

Operation Fairplay is being used by law enforcement agencies across the United States and in 18 other countries, including England, France and Sweden. The software allows investigators to download child pornography from a suspected computer that shares files with the investigators and then identify the machine's Internet protocol address. Officials can obtain a physical address from the sender's Internet service provider, which can lead to a search warrant.

Virginia has started to expand state efforts to track down such offenders. Lawmakers will add $1.5 million to the biannual budget approved last month by the General Assembly and Gov. Timothy M. Kaine (D) for the state's Internet Crimes Against Children Task Force. The task force's units, based in Fairfax and Bedford counties, are charged with helping police find Internet predators.

Virginia officials estimate that law enforcement officials are able to follow up on less than 2 percent of known cases, because of a lack of resources. The additional funding will enable departments to train more officers and provide more communities with the tracking software.

"The problem is expanding exponentially," said Del. Brian J. Moran (D-Alexandria), who pushed for the increase in state funding. He cited federal statistics that have shown that 55 percent of possessors of child pornography had committed contact offenses.
"The more you know about this stuff," Moran said, "the more you realize that every time you bring a computer into your home, you provide online predators with access to your children."

Virginia 1st State to Require Internet Safety Lessons

Virginia is the first state to mandate that public schools offer Internet safety classes for all grade levels -- and it's one of many measures being taken nationally to protect young Web users.

Virginia's requirement initially stemmed from concerns about sex offenders preying on children online and a general increase in Internet-based crime. It took effect this school year.

In a recent presentation at a suburban Richmond high school, Virginia assistant attorney general Gene Fishel flashed an online social-networking profile a 15-year-old who says she enjoys being around boys and wants to meet new people. The real profile user turned out to be a 31-year-old man convicted of sexually abusing 11 children he met online and sentenced to a 45-year prison term.

A 2006 study by the National Center for Missing and Exploited Children showed that about 13 percent of Internet users ages 10 to 17 received unwanted sexual solicitations.

Facebook Sex Addict Slept with 50 Men

A woman says she is a Facebook sex addict and has slept with 50 men she met through the networking site.

Laura Michaels, 23, set up a group called "I Need Sex" on the site.

She invited men to contact her and those whose picture she liked, she met up with.

Within 10 minutes the group had 35 members and soon attracted 100 men, 50 of whom she slept with.

She told The Sun: "I know that it was risky behaviour but that was part if the thrill."

One of her Facebook conquests was called Simon from Swindon.

She said they met for drinks in her home town of Bristol and then went back to his hotel for sex.

She admitted some people might "look down on me" for her behaviour and said some might even say that she may as well have been a prostitute because then she would at least have been paid for sleeping with so many different men, but she said: "I don't see it like that at all.

"I was satisfying my own desires by setting up the group."

She said Facebook had since removed her page.

Oklahoma Court Rules Public Upskirt Photography Perfectly Legal

An Oklahoma court released a 34 year old man who was caught kneeling behind a 16 year old girl at a store in Tulsa, taking an "upskirt" picture of her, ruling upskirt photography in public places a legal practice.

"Oklahoma's Court of Criminal Appeals ruled that taking pictures up someone's skirt in a public place is not a crime. The court voted 4-1 in favor of 34-year-old Riccardo Ferrante who was arrested for putting his camera up an unsuspecting 16-year-old girl’s skirt in a department store, reports the Associated Press."

Text Alerts to Cellphones in Emergency Are Approved

Federal regulators approved a plan on Wednesday to create a nationwide emergency alert system using text messages delivered to cellphones.

Text messages have exploded in popularity, particularly among young people. The trade group for the wireless industry, CTIA, estimates more than 48 billion text messages are sent each month.

The plan stems from the Warning Alert and Response Network Act, a 2006 federal law that requires upgrades to the emergency alert system. The act requires the Federal Communications Commission to develop ways to alert the public about emergencies.

“The ability to deliver accurate and timely warnings and alerts through cellphones and other mobile services is an important next step in our efforts to help ensure that the American public has the information they need to take action to protect themselves and their families prior to, and during, disasters and other emergencies,” the commission chairman, Kevin J. Martin, said after the plan was approved.

Carriers’ participation in the system, which has strong support from the industry, is voluntary.

Cellphone customers would be able to opt out of the program. They also may not be charged for receiving alerts.

There would be three types of messages, according to the rules.

The first would be a national alert from the president, probably involving a terrorist attack or natural disaster.

The second would involve “imminent threats” that could include natural disasters like hurricanes, tornadoes or university shootings.

The third would be reserved for child abductions, so-called Amber alerts.

The alerts would be delivered with a unique audio signature or ”vibration cadence.”

The service could be in place by 2010.

It Takes a Cyber Village to Catch an Auto Thief
Richard S. Chang

EARLY on the afternoon of March 26, two young men visited Heritage Auto Sales, a specialty dealership in Calgary, Alberta. They asked to test-drive a dark gray 1991 Nissan Skyline GT-R, a performance model made primarily for the Japanese market and rarely seen in North America.

The car had been imported from Japan by Shaun Ironside for his dealership. Despite its reserved appearance, the Skyline GT-R is something of a performance icon to car enthusiasts and video gamers; it fit well among the Porsches and Mercedes-Benzes in Mr. Ironside’s inventory.

One of the men had been to the dealership a week earlier for a ride, but he and Mr. Ironside didn’t get far. The car, with an engine modified for extra horsepower, began to act up. When the man returned with a friend for another try, Mr. Ironside was juggling two customers, so he just handed them the keys, explaining that there was only enough gas in the tank for a drive around the block.

But 15 minutes later Mr. Ironside noticed that the Skyline still hadn’t returned — and that the car that the two men had arrived in was gone. A bad feeling swelled in his gut; still, he reasoned, sometimes a buyer will take a car to have it inspected.

“It’s kind of hard to report a vehicle stolen 15 minutes after it’s not come back from a test drive,” he said in a telephone interview last Sunday.

The car never returned. That night, after reporting its disappearance to the police, Mr. Ironside posted a message on Beyond.ca, a Web site for Canadian auto enthusiasts, to spread the word.

10:28 p.m., March 26 Unfortunately I have to post this as one of my first posts my 1991 Skyline GT-R is officially STOLEN.

The forum posting went on to describe the afternoon’s events, repeating information that was included in the police report. He described the driver as a white male in his early 20s, heavy-set, around 5-foot-6, with a distinguishing feature: missing ring and middle fingers on his left hand.

The post included several photos of the missing car and offered a cash reward, though as he typed, Mr. Ironside had little expectation of getting the car back, he said later. But his post set off a cyberworld dragnet — a process definitely not recommended by the police — in a case the arresting officer called “a bizarre file.”

Results came quickly. The next day, James Lynch, a forum moderator, was leaving the Chinook Center mall in Calgary in his BMW M3 when he noticed a Nissan Skyline close behind him.

Having seen the photos of the missing Skyline online earlier in the day, Mr. Lynch immediately recognized the black wheels. He pulled alongside the Skyline at the next light, he said, and gave the driver a “rock out” sign, holding up a hand with pinkie and index finger extended and his other fingers clenched.

“He was dumb enough to do it back to me — and I got a picture right when he did it,” Mr. Lynch said.

When Mr. Ironside checked the Skyline message thread that afternoon, he scrolled through messages from dozens of members. At the bottom of the first page, he reached a surprising post by Mr. Lynch, whom he knew only by his forum handle, JAYMEZ.

4:19 p.m., MARCH 27 I FOUUUNNNDDDDD THEM =) And I have pictures Called the police and chased them, also talked to them.

Five minutes later, the photo, with the driver looking straight into the camera, appeared on the thread. He fit the description in Mr. Ironside’s police report, down to the white and black New York Yankees baseball cap. The photo wasn’t entirely clear, but the driver appeared to be missing two fingers.

Mr. Ironside forwarded the photo to the police, who told him, “The picture is as solid evidence as you’d ever find.”

Online auto forums have helped unravel crimes before. Two years ago, a detective in Los Angeles used the forum on FreshAlloy.com, a Nissan enthusiast site, to track down victims of an elaborate fraud scheme. (That case, too, involved Nissan Skylines.)

The Beyond.ca site had also played a role in earlier cases of what might be called open-source crime solving. A year ago one of its members saw a hit-and-run accident a block in front of him, said Shelton Kwan, who co-founded the site with his cousin Ken Chan in 2002. “He took pictures. And the guy who got hit was another member of ours.”

The victim posted a message about the incident an hour later. The witness with the camera followed up with clear shots of the suspect’s face and license plate — and it made the local news.

“We sent all of that to the cops,” Mr. Kwan said. “And that one was handled basically by the end of the day.”

Two hours after the photo taken by Mr. Lynch was posted, Allan Thomson, known on the forum as Numi, reported a Skyline sighting the previous night and gave directions to the area. The forum exploded with vigilante fervor; members living close by proposed a search.

Four hours later, Mr. Thomson posted again, this time to say that he had sent out a personal message pinpointing the car’s position.

10:23 PM, March 27 FOUND!!! PMED with exact location. Guy drives it like he owns it. Idiot parks outside his house backed in so you cant see his plate.

Exactly 15 minutes later, a forum member added a link to a Google map with directions to the house. Other members scrambled to narrow their Facebook searches for the suspect to the closest high school. At about 11 p.m., a link to the Facebook profile appeared online. The photos seemed to show the same person in the picture taken by Mr. Lynch.

In a little more than 24 hours from the time of Mr. Ironside’s first post on the stolen Skyline, members of the forum had spotted the car and assembled a name, photo, home address and Facebook profile for the person seen behind the wheel of the Skyline.

That night, Mr. Ironside joined a handful of forum members at the address where the car had been parked earlier. After midnight, he posted again.

12:30 a.m, March 28 There was a older body style 94-01 Dodge Ram 1500 Pickup Red in color acting suspicious in the area. If it wasn’t anybody here I would be willing to bet that this guy got a little spooked from all the activity and is just riding around in another vehicle. Anyways, I had to book out and switch up vehicles to a less obvious ride.

Mr. Ironside returned home at 2:30 a.m. and went to sleep.

Punit Patel, known as Dj-Stylz on Beyond.ca, followed the busy thread through the night. He saw that other forum members had searched the area to no avail and decided to leave for work early the next day to swing by the house. He didn’t think about what he would do if the Skyline was there.

When Mr. Patel found the Skyline parked between two pickups, he blocked the driveway with his Acura and asked a friend to post his discovery. Then he called the police and waited.

Mr. Ironside was surprised by the latest development when he checked the forum in the morning. He jumped into his car and arrived at the house at 8:45 a.m. Then he called 911 with his case number. The police arrived in minutes.

Mr. Patel’s next post detailed the events.

11:26 A.M., MARCH 28 The owner arrived and he called the cops because no one came for more then 2 hours. Cops came within 5 minutes after the owner called. I got pictures just give me a little time to upload. Also got a video of the guy getting arrested.

For Mr. Ironside, it was the best possible outcome. His car was dirty but in good shape. He would need to replace the tires and fix a few rock chips.

“Basically this guy thought the car was his, from what I could tell,” he said. “There were receipts in the car for premium car washes. He had all his music collection in there.”

Less than 48 hours after Mr. Ironside’s initial post, photos of the house and videos of the arrest appeared on the thread. The shaky video showed a single police officer escorting the suspect, confirmed by the Calgary police as 18-year-old Jamie Glen Jacobson, to an unmarked police car. He was charged with theft over $5,000. He is free on bail pending a court appearance on April 16.

“This guy has worldwide recognition for being a car thief for the rest of his life,” Mr. Ironside said. “The Internet is not going away.”

Experts Hack Power Grid in No Time

Basic social engineering and browser exploits expose electric production and distribution network
Tim Greene

Cracking a power company network and gaining access that could shut down the grid is simple, a security expert told an RSA audience, and he has done so in less than a day.

Ira Winkler, a penetration-testing consultant, says he and a team of other experts took a day to set up attack tools they needed then launched their attack, which paired social engineering with corrupting browsers on a power company's desktops. By the end of a full day of the attack, they had taken over several machines, giving the team the ability to hack into the control network overseeing power production and distribution.

Winkler says he and his team were hired by the power company, which he would not name, to test the security of its network and the power grid it oversees. He would not say when the test was done, but referred to the timeframe as "now." The company called off the test after the team took over the machines.

"We had to shut down within hours," Winkler says, "because it was working too well. We more than proved that they were royally screwed." In addition to consulting, Winkler is author of the books Spies Among Us and Zen and the Art of Information Security.
The problem is pervasive across the power industry, he says, because of how power company networks evolved. Initially their supervisory, control and data acquisition (SCADA) networks were built as closed systems, but over time intranets and Internet access have been added to the SCADA networks. Individual desktops have Internet access and access to business servers as well as the SCADA network, making the control systems subject to Internet threats. "These networks aren't enclosed anymore. They've been open for more than a decade," Winkler says.

The penetration team started by tapping into distribution lists for SCADA user groups, where they harvested the e-mail addresses of people who worked for the target power company. They sent the workers an e-mail about a plan to cut their benefits and included a link to a Web site where they could find out more.

When employees clicked on the link, they were directed to a Web server set up by Winkler and his team. The employees' machines displayed an error message, but the server downloaded malware that enabled the team to take command of the machines. "Then we had full system control," Winkler says. "It was effective within minutes."

Winkler says SCADA systems are inherently insecure because they are software running on standard operating systems on standard server hardware, making them subject to all the vulnerabilities of those systems.

Power companies' desire to not risk interrupting service with software upgrades that could improve security perpetuates the inherent weaknesses, he says. "The power grid is so poorly maintained that it is easier to attack than most other systems and networks," he says. "They hope for the best and make the risk-avoidance excuse if something goes wrong."

Winkle says his talk doesn't expose power networks to any more danger than they face now. "The real bad guys already know what I'm saying," he says. "There is the potential for serious damage."

Winkler says power companies need to adopt SCADA software that is better tested for vulnerabilities and engineered for rapid patching when flaws are found. They also need to segment their networks so a breach from the Internet cannot reach the SCADA network.

High-Tech Crime Is an Online Bubble That Hasn’t Burst
Doreen Carvajal

There are no storefronts or corporate headquarters in the cybercrime industry, just savvy sellers in a murky, borderless economy who are moving merchandise by shilling credit card numbers — “two for the price of one.”

“Sell fresh CC,” promised one who offered teaser credit card numbers. “Visa, MasterCard, Amex. Good Prices. Many countries.”

Electronic crime is maturing, according to security experts, and with its evolution, criminals are adopting conventional approaches like supermarket-style pricing and outsourcing to specialists who might act as portfolio managers or computer technicians.

“It’s a remarkable development of a whole alternative business environment that’s occurred over the last couple years,” said Richard Archdeacon, a senior director of global services for Symantec, an Internet security company with 11 research centers around the world. “What’s been so astonishing is the speed with which it’s developed.”

In the United States alone, victims reported losses of $239 million to online fraud in 2007, with average losses running about $2,530. The complaints are recorded by a special Web-based hotline operated by the F.B.I. and the National White Collar Crime Center, a nonprofit corporation focusing on electronic crime.

The most common frauds were fake e-mail messages and phony Web pages, and the crimes were organized from the United States, Britain, Nigeria, Canada, Romania and Italy, according to an F.B.I. report issued last month.

Despite the increasing sophistication and elusiveness of online criminals, judges remain reluctant to order much jail time for computer crime, according to some national law enforcement officials and major companies like Microsoft.

A case in point is Owen Thor Walker, an 18-year-old hacker from New Zealand who pleaded guilty last week to criminal charges arising from his development of a vast international network of individual computers, which he had infected with hidden software, or “malware,” and remotely controlled.

In the parlance of the trade, he was a “bot herder” who offered his “robot network” for hire to a company in the Netherlands, which wanted to covertly install its advertising software.

Walker’s borderless network first surfaced in an F.B.I. investigation of a computer attack in 2006 that caused the crash of a computer server at the University of Pennsylvania. The F.B.I. singled out a Pennsylvania student in the attack who ultimately led investigators to Mr. Walker.

Mr. Walker’s sentencing is scheduled for May, but the judge on the case indicated that he would consider community detention and work release or some home detention for punishment of the teenager, who has Asperger syndrome, a mild form of autism marked by poor social skills and compulsive behavior.

“Most of the time, it’s very difficult for a judge to understand what’s going on and what the risks are,” said Eric Loermans, chief inspector of a Dutch high-tech crime unit.

Mr. Loermans was part of a cybercrime forum in Strasbourg last week that was convened by the Council of Europe to develop guidelines for closer international cooperation between law enforcement and Internet service providers. More than 200 people representing government agencies and private companies from Europe, Africa and the Americas participated in the conference.

Mr. Loermans’s plainclothes high-tech unit now numbers about 25 people, but the police are also developing training programs for everyone on the staff down to the officer on the beat, according to Mr. Loermans.

“Years ago, we saw cybercrime as a speciality,” he said. “Now we have added cybercrime in every form of police training, so we are raising the level of the entire Dutch police force. There’s no crime anymore where there are no digital components built in.”

David Roberts, chief executive of the Corporate IT Forum, which represents 150 companies in Britain, said his group was pressing for a single confidential channel through which corporate security chiefs could report cybercrimes.

Market for Stolen Data Getting More Competitive

Fierce competition among identity thieves has driven the prices for stolen data down to bargain-basement levels, which has forced crooks to adopt mainstream business tactics to lure customers, according to a new report on Internet security threats.

Credit card numbers were selling for as little as 40 cents each and access to a bank account was going for $10 in the second half of 2007, according to the latest twice-yearly Internet Security Threat Report from Symantec Corp. released Tuesday.

Symantec detected 711,912 new threats last year, 468 percent more than in 2006, when it found 125,243 - and almost two-thirds of all 1,122,311 Symantec has cataloged since 2002.

The data is usually sold through instant-message groups or Web forums that exist for only a few days or even hours, according to Symantec, and the hacking community exacts harsh consequences when members try to pass along fraudulent information.

"If the seller says there's $10,000 in a bank account, and there isn't $10,000 in there, their ability to sell will drop through the floor," said Alfred Huger, vice president of Symantec Security Response. "It's a sort of honor among thieves, and it's very strictly enforced."

Researchers said they found more evidence during the last six months of the year that Internet fraudsters are adopting mainstream tactics, including hiring teams of hackers to create new viruses and offering volume discounts on stolen data to encourage larger orders.

In some cases, stolen credit card numbers were sold in batches of 500 for a total of $200. That's 40 cents each, less than half the price observed during the first half of 2007, when they were down to $1 apiece in batches of 100, according to the report.

Full identities - including a functioning credit card number, Social Security number or equivalent and a person's name, address and date of birth - are going for as little as $100 for 50, or $2 apiece.

Certain identities are more alluring than others, according the report. Stolen identities of citizens of the European Union sell on the high end - for $30 - an average of 50 percent more than U.S. identities.

Researchers said the higher prices reflect the fact that the identities can be used in multiple countries, instead of just one. They added, however, that scarcity of a certain type of identity will drive up its price.

Also popular with attackers are Web site-specific vulnerabilities because few are fixed quickly. Of 11,253 so-called "cross-site scripting" vulnerabilities found on specific sites during the second half of 2007, only 473 were patched.

Cross-site scripting vulnerabilities are flaws in the coding of Web applications that allow hackers to insert malicious code into the pages and then deploy it to unsuspecting visitors.

The report was released as thousands of security professionals gathered in San Francisco for the RSA Conference, a weeklong event at which Symantec's CEO John Thompson Tuesday keynote is among several high-profile speeches.

The survey is based on malicious code gathered from more than 120 million computers running Symantec antivirus software and some 2 million decoy e-mail accounts that collect spam.

Man Claims People's Bank is Careless with Personal Info
Rob Varnon

For four months, James Hastings dove into Dumpsters outside People's United Bank branches throughout Fairfield County, pulling out bags of paperwork containing private information, including customers' Social Security numbers and account information.

Bank employees didn't know what Hastings was doing until the Fairfield resident told them and delivered a video depicting him digging through the Dumpsters and sitting in front of a wall in his home he had papered with the documents.

The bank got a restraining order against Hastings on March 20, and detectives from the State Police, on a search-and-seizure warrant, raided his home. He is scheduled to appear in Bridgeport Superior Court Monday and he said he could face prison for violating the order the bank secured from the court to stop Hastings from discussing or distributing any of the material.

The restraining order also came into play Wednesday when Hastings tried to turn over the remaining boxes of documents to Attorney General Richard Blumenthal. The AG's office late Wednesday refused to talk to him until lawyers there investigated the restraining order. It had not made a determination on how it can proceed.

In a series of interviews, Hastings says he's not an identity thief. He says he wants the bank to react to what he calls a serious lapse in security. On Tuesday, he displayed two boxes filled with documents he says he culled from bags of garbage People's United Bank threw away.

People's, however, doesn't see it that way, and said Hastings is attempting to extort money from the bank. It is also demanding the information be turned over to the bank.

Brent DiGiorgio, a People's spokesman, says the bank's primary concern is protecting the customers' information that Hastings has taken.

"We're going to provide one year of free credit monitoring for customers whose information was taken when this gentleman rummaged through our trash," DiGiorgio said. He said the bank notified police immediately when it found out what Hastings had. That notification resulted in a search of Hastings home and the seizure of documents.

Letters are being mailed out to affected customers, DiGiorgio said.

State police sources familiar with the case say they are continuing to investigate.

So how did this thin, 56-year-old home repairman end up facing off with one of New England's largest banks? About four months ago, Hastings says he was driving out of a People's branch parking lot in Fairfield when he saw a Dumpster brimming with garbage bags. When he looked more closely, he saw the clear garbage bags were stuffed with financial documents.

Hastings says he wanted to try to determine the extent of the problem, so he says he worked nights and weekends digging into Dumpsters at People's and other financial institutions.

"I'm disgusted by what I've pulled out of those bags," Hastings says, adding that the paperwork contains information on how much money individuals have in their accounts and where they live. He's got Social Security numbers and more on customers.

"I've got a guy in here that's got $8 million in gold," Hastings says.

He turned over a lot of those documents to police during the raid, but retained some in boxes, he says, that he hoped Blumenthal's office would accept.

During trips to People's branches from Stratford to Stamford, he made a video to, he claims, to protect himself from the charge of extortion. "It needs editing," he said, before turning one of the many discs over to the Connecticut Post. The video shows several nights and days of Hastings going to People's branches and other financial institutions.

Hastings said he found documents from Citibank and Wachovia branches in Dumpsters in Fairfield County, too, although the Post saw evidence of only one slip of paper from Citibank. Neither bank said they had been contacted about the issue.

A Wachovia spokesperson was appalled at the charge and said the bank not only trains employees to not throw out sensitive documents, but uses special trashcans to dispose of such documents at each desk.

Like other banks, Citibank didn't go into detail about its procedures. But spokesperson, Janis Tartar said in an e-mail, "As part of our information security training for new hires and ongoing training for existing employees, we emphasize the importance of safeguarding private customer information. Protecting our customers' accounts and confidential data is a top priority and a matter we take seriously."

The vast majority of material comes from People's, according to Hastings' video. One portion shows bags of materials he says he found in the garbage. There are applications for credit cards, reports on bank deposit and account information.

These are the same kinds of records the bank recommends, on its Web site, that its customers shred and dispose of carefully at home. The Federal Trade Commission recommends the same thing.

Hastings says after several months he contacted People's and the bank set up a meeting with him. On March 19, he met with People's Director of Corporate Security William A Gniazdowski.

Gniazdowski's affidavit of the meeting is on file with the court.

In it, he says Hastings went to the bank's headquarters at Main Street in Bridgeport, met with executives and dropped off DVDs and toy handcuffs. In the video the bank saw, and Hastings confirms, he wears an orange jumpsuit to indicate People's employees should face criminal charges if any of this private information is made public.

Gniazdowski says Hastings asked People's to hire him as a "fraud consultant." When Gniazdowski asked what would happen if the bank didn't comply, Hastings allegedly said he'd take "great pleasure shoving it up their nose."

Hastings said the bank's security chief trapped him in the room and wouldn't let him leave, so Hastings got mad and told the security officer to take the DVDs and shove them up his nose.

As for the charge of extortion, Hastings says, that's the bank trying to protect its reputation.

The fact that the police didn't arrest him when they searched his house shows that it's clear he wasn't trying to extort anything, he says. He adds that if he were a criminal he would have never gone to the bank because he could be living off the information he found. He noted the bank didn't know he was out there until he came to People's.

Hastings, who admits he's concerned about his freedom and reputation, says he wishes he'd never started this, but now that he has he's not going to just roll over.

He volunteered that he has a record. He was arrested and served a two-year probation for trying to secure drugs from a pharmacy by impersonating a doctor, but that was for a painkiller he needed, and he was convicted of drunken driving. The Post confirmed he has a small criminal record.

As for what he offered the bank, Hastings says, "What I said is you need a consultant. You don't need to hire me."

The bank disagrees, and a law professor says he would tend to side with the bank.

Jeffrey Meyer, a Quinnipiac University Law School associate professor and former assistant U.S. attorney, says he's heard of situations like this, but they usually involve computer hackers.

In those scenarios, a hacker finds a weakness in a corporation's Web site, exploits it and sabotages the site. The hacker will do it several times, Meyer says, before contacting the company to suggest it hire him or her as a consultant.

This has resulted in prosecution for extortion, Meyer says.

"It's the quid pro quo," Meyer said, which makes it a problem.

If the person demands payment not to damage the company, "it certainly crosses the legal line," he said.

This is not the first time Hastings says he's investigated a company's procedures and asked to be hired as a consultant. He says he found a problem with a cell phone company and it paid him $10,000 as a consultant in the late 1990s.

"I can't explain it," Hastings said of how he uncovers these kinds of problems. "If you're stealing and you are around me, I'll know it."

Hastings said the bank's Dumpsters aren't properly secured and it isn't shredding documents, he says.

"We believe this is an isolated incident to the greater Bridgeport and greater Stamford," DiGiorgio said. "It's unfortunate."

DiGiorgio says the bank has training on how to safeguard customer information and takes that obligation very seriously. It is reviewing its policies, he said when asked if People's will still throw documents into Dumpsters.

"We do have a policy of how to dispose of customer information," DiGiorgio says, but security reasons prevented him from revealing what those policies are.

The documents the bank has been reviewing from the police raid are a mix of paperwork thrown out by bank employees and customers, DiGiorgio says.

DiGiorgio says that since Hastings went to the bank it has posted "no trespassing" signs and has installed locks on the Dumpsters it controls. But some of those receptacles, the bank shares with other companies and therefore cannot lock.

While the bank is reviewing its procedures, DiGiorgio said it does not believe that Hastings has a right to take the documents to "extort money from the bank."

Blumenthal said Thursday his office is still investigating the matter and attempting to verify Hastings' story.

But he said in an earlier interview banks have a legal responsibility to secure customers' financial information.

Blumenthal questioned how People's could be securing customers' information by throwing it away unshredded or even shredded in a state that could be pieced together.

The bank "might have an explanation," Blumenthal says. "But then again it might want to change its current practices or buy a new shredder."

Staff writer Daniel Tepfer contributed to this report.

Siemens to Offer Fingerprint Internet ID

To cut down on hacking of bank accounts, Siemens will introduce an Internet ID which scans the user's fingerprints before allowing him or her access to the bank account

The offense-defense cycle is used by political scientists to explain arms races among states, but the model applies to crime as well: A new type of crime emerges, and an industry is created to offer solutions to it; then a new cycle begins with clever criminals finding new ways to defraud people, and new security solutions offered, and so on. Here is an example: As Internet crime is on the rise, measures are taken to protect bank accounts from online hackers, with the latest being the development of a new Internet ID card that scans a user's fingerprint before allowing them to make a transaction. The card, from Siemens, is the size of an ATM card and incorporates a fingerprint scanner and six optical sensors. Users will initially scan several fingers over the card so their prints will be stored for later identification. It does not need extra software or hard- ware, so is safe from attacks and can be used on any PC. The Week in Review is edited and published by Jack Spratts. To make a transaction, the card will scan the user's finger. The bank's Web site then sends a flicker code, which the ID card sensors register and decrypt. In the process, the monitor displays six rapidly flashing fields that alternate between black and white. The flicker code contains the details of the funds transfer submitted to the bank and the associated transaction number (TAN). Using an integrated cryptographic key, the card decrypts the code and displays the deciphered information on its small screen. The user checks the transaction data is complete, then confirms the transfer by entering the TAN displayed on the screen.

The card contains information from several fingers including one designated as the 'emergency finger', which users can scan if they are being forced to transfer funds under duress. The scan will warn the bank. While the transaction will be completed on the computer monitor, the bank will not actually complete the request. The solution is set for market launch later this year.

House Staffers Livid Over Web Site

Financial information being posted is too personal, aides say
Paul Kane

Working from a cramped loft apartment a mile from the Capitol, a small Internet company has sparked a privacy rights battle with hundreds of angry top House staffers upset that the Web site has begun posting details about their personal finances.

In an unusual conflict over constitutional rights, the aides argue that the recent disclosures leave them highly vulnerable to identity theft. But the Web site, LegiStorm, contends that it has a First Amendment right to publish already public information about some of the Capitol's most powerful players -- the high-level staffers -- and is creating a new check against potential corruption.

"Congressional staffers are among the most powerful people in Washington, and in the past they have received very little scrutiny. It's about time there was a little more scrutiny given to what they're doing," said Jock Friedly, president and founder of LegiStorm, which has six employees.

For several years, LegiStorm has published salary and expenditure reports that are released regularly by the House and Senate. The reports, released quarterly by the House and semiannually by the Senate, provide detailed information on how much each lawmaker spends, along with the names, titles and salaries of every employee.

In late February, however, LegiStorm expanded the data it provides by putting the staffers' personal financial disclosure forms online. Those documents, which must be filed by senior aides, contain explicit detail on aides' finances -- including bank accounts and investment portfolios -- as well as some home addresses and signatures.

The posts have enraged top House staffers whose personal finances are now on display for any Internet sleuth to access with a few clicks of a computer mouse. The move has not, however, generated many complaints from Senate aides.

"Who knew it was going to get posted on the Web? It's shocking," said one House Democratic chief of staff, who requested anonymity to discuss her personal finances. "Now that anybody can look it up on the Web, I don't know if I like it anymore."

Her forms for 2006, which were filed last spring, included her home address and 32 pages of detailed statements about bank accounts under the name of her husband and daughter. That prompted her to raise concerns about identity theft at a chiefs of staff meeting in March.

At other similar meetings over the last month, some aides have suggested that the House general counsel should sue LegiStorm, which they accused of trying to profit from the dissemination of their records. Friedly said he is not selling the information on his Web site, which is available free but is supported by advertising.

He also noted that a number of media sites, including washingtonpost.com and Congressional Quarterly, publish similar data for members of Congress.

"Presumably," he predicted, "cooler heads will prevail."

Under federal law, staffers who earn more than $110,000 a year must file financial disclosure forms. In addition to staffers' financial holdings, the documents show any outside income, gifts received and official positions held with outside groups.

Before LegiStorm existed, anyone searching for salary and financial disclosure information had to trek down to the basement of the Cannon House Office Building to rummage through the records. Those searching for financial disclosure forms, either for a lawmaker or a staffer, had to enter their name into a computer database, leaving a record of whose documents they were examining.

The clerk of the House, Lorraine C. Miller, wrote to the more than 2,000 staff members who file disclosure reports, warning them to check whether they reveal any sensitive material, such as bank account or Social Security numbers. That prompted Friedly to uncover more than 20 instances in which such private information was revealed on his Web site, for which he has apologized. The information since has been redacted from the site.

However, Friedly refuses to remove staff home addresses or signatures unless the House pays the roughly $10,000 cost of altering thousands of the forms.

Friedly noted that since his site began publishing the financial information of top aides, the Capitol Hill newspapers Roll Call and the Hill have published articles about questionable transactions by a trio of top staffers, and that the newspapers used LegiStorm to confirm information about the aides.

The financial data is from top aides who are "actually writing the law of the land," he said.

Lawyers from the offices of the House Clerk, House General Counsel and ethics committee are trying to craft new forms that will help resolve the issue. "The office of the Clerk is working to ensure that disclosure requirements are met while at the same time protecting confidential or personal information," said Adam Holmes, spokesman for the clerk.

Peruse your congressperson’s salary and staff information here – Jack.

The public speaks out about LegiStorm

The Public Has Spoken - and They Appear to Like What We are Doing
Legistorm blog

For several weeks we have been a bit beaten up. Congressional aides spoke of our site in sometimes vitriolic and, frankly, paranoid terms about how we invaded their privacy by publishing financial disclosures.

One staffer accused us of aiding the break-in of a home; others talked darkly about potential kidnappings and Russian gangsters. Many suggested lawsuits against us, at times for disclosing information that was already disclosed in the white pages delivered to homes and in Internet-searchable phone books. To be sure, there were some legitimate privacy issues raised but we have always believed the public right to know has trumped any privacy concerns that we have not already addressed.

When the story was a "local" one, confined to the congressional campus, we sensed the outrage about our publication of personal financial disclosures building to a level of hysteria - where the most absurd claims would be adopted as fact by an angry group of staffers. But the mood began to change dramatically yesterday when the Washington Post published a piece about how staffers were livid. NPR's All Things Considered ran an interview with LegiStorm founder Jock Friedly and American Public Media's Marketplace (also heard on many public radio stations nationwide) ran their own story. Salon and other publications joined in.

An encouraging thing happened: The broader public began to flood us with their private emails of encouragement. Dozens of others wrote complementary comments on our new blog. The Washington Times editorialized in favor of us.

We appreciate the support and we can assure you that we will continue to fight for all reasonable public disclosure measures while taking measures to protect staffer privacy where that does not damage the public's right to konw.

FBI Probe: Lieberman Campaign to Blame for Crashing Own Web Site
Brian Lockhart

A federal investigation has concluded that U.S. Sen. Joseph Lieberman's 2006 re-election campaign was to blame for the crash of its Web site the day before Connecticut's heated Aug. 8 Democratic primary.

The FBI office in New Haven found no evidence supporting the Lieberman campaign's allegations that supporters of primary challenger Ned Lamont of Greenwich were to blame for the Web site crash.

Lieberman, who was fighting for his political life against the anti-Iraq war candidate Lamont, implied that joe2006.com was hacked by Lamont supporters.

"The server that hosted the joe2006.com Web site failed because it was overutilized and misconfigured. There was no evidence of (an) attack," according to the e-mail.

A program that could have detected a legitimate attack was improperly configured, the e-mail states.

"New Haven will be administratively closing this investigation," it concluded.

The e-mail, dated Oct. 25, 2006, was included in a technical packet of information recently sent to The Advocate in response to requests under the Freedom of Information Act filed in late 2006 with the offices of state Attorney General Richard Blumenthal and U.S. Attorney Kevin O'Connor.

The Advocate filed the requests after Blumenthal and O'Connor closed the case but declined to divulge details. They stated only that they found no evidence that Lamont supporters were to blame.

Visitors who tried to access Lieberman's site at the time received a message calling on Lamont to "make an unqualified statement denouncing this kind of dirty campaign trick and to demand whoever is responsible to cease and desist immediately."

The Lieberman-Lamont race captured national and international attention.

Blumenthal denied The Advocate's FOI request on the grounds it was a federal matter, and it took more than a year for the FBI and U.S. Department of Justice to respond.

The Lieberman campaign alleged it was the target of a "denial of service attack," which can involve bombarding a Web site with external communications to slow it or render it useless.

"Our Web site consultant assured us in the strongest terms possible that we had been attacked," former Lieberman campaign spokesman Dan Gerstein said in December 2006.

According to the FBI memo, the site crashed because Lieberman officials continually exceeded a configured limit of 100 e-mails per hour the night before the primary.

"The system administrator misinterpreted the root cause," the memo stated. "The system administrator finally declared the server was being attacked and the Lieberman campaign accused the Ned Lamont campaign. The news reported this on Aug. 8, 2006, causing additional Web traffic to visit the site.

"The additional Web traffic then overwhelmed the Web server. . . . Web traffic pattern analysis reports and Web logging that was available did not demonstrate traffic that was indicative of a denial of service attack."

Sequoia Touch-Screen Voting Machines Subpoenaed in NJ
Brad Friedman

Judge Orders Mandatory Testing of Machines After Company Previously Threatened Legal Action Against Princeton Professors if They Dared To Examine Machines...

Just out from the NJ Star-Ledger...

Subpoenas were issued in six New Jersey counties today, demanding that officials turn over for testing all voting machines where discrepancies were found in the presidential primary tallies.

Election officials in Bergen, Gloucester, Mercer, Middlesex, Ocean and Union counties were instructed to turn over the machines by April 15. Activists trying to persuade Superior Court Judge Linda Feinberg that electronic voting machines should be discarded succeeded in convincing her that examining these counties' machines is critical to their case.

"In order to succeed in our case and show Sequoia machines are insecure and can be hacked into, we need to look at these machines," Venetis argued. Clerks in the six counties uncovered discrepancies in 60 machines when they doubled check the vote tallies after the Feb. 5 presidential primary.

Michelle Shafer, a spokeswoman for Sequoia in California, said her company would try to have the subpoenas quashed. But no motions were filed today with Superior Court Judge Linda Feinberg, who is presiding over the case in Trenton.
In the meantime, we repeat our background detail on this amazing (and sometimes hilarious) story in full below, as we ran it this weekend when one of the Princeton professors threatened by Sequoia found the failures in NJ were even worse than previously thought.

Please note: The same failed Sequoia AVC Advantage touch-screens are scheduled for use in Pennsylvania in the important upcoming Democratic Primary!...

On Super Tuesday, Sequoia's AVC Advantage touch-screen voting machines failed to boot up in many places, forcing the Governor himself to wait 45 minutes before he could cast his vote. After Super Tuesday it was found that the Sequoia AVC Advantage has misreported voter turnouts.

Sequoia offered a feeble excuse for the failure, without offering evidence to support it, which blamed both voters and poll-workers instead of themselves for the multi-million dollar embarrassment. County election officials across NJ then unanimously called for an independent investigation of the machines by Princeton computer profs Felten and Andrew Appel.

Sequoia then threatened legal action against both the professors and the counties should they undertake such a technical review of their self-described "tamperproof" machines. The counties folded to the company's strong-arm tactics, while hoping either the state AG or SoS would commission such a review.

Sequoia's website was then hacked, but not before they could release misleading propaganda claiming they loved third party independent reviews so much they were willing to then sponsor one on their own by selecting and paying an unknown "independent company" named "Kwaidan Consulting" to do one on behalf of Sequoia.

Kwaidan was then revealed by The BRAD BLOG to be no more than a "blonde nymphomaniac"-seeking babe-magnet named Mike Gibbons, who, after being commissioned by Sequoia for this important analysis, suddenly discovered a new-found love for George Bush, Jesus Christ, Albert Einstein, and the U.S. Constitution. The babes and the Jim Beam would have to wait.

Much as those voters and election officials in Pennsylvania, set to use the exact same machines two weeks from now in the upcoming, all-important, Democratic Primary, will have to wait to see if the machines work at all. Then, of course, they will simply have to trust the reported results, no matter what the machines tell them, since it is strictly impossible to discern whether any single vote cast on them was actually recorded as any single voter intended.

The New E-spionage Threat

A BusinessWeek probe of rising attacks on America's most sensitive computer networks uncovers startling security gaps
Brian Grow, Keith Epstein and Chi-Chu Tschang

The e-mail message addressed to a Booz Allen Hamilton executive was mundane—a shopping list sent over by the Pentagon of weaponry India wanted to buy. But the missive turned out to be a brilliant fake. Lurking beneath the description of aircraft, engines, and radar equipment was an insidious piece of computer code known as "Poison Ivy" designed to suck sensitive data out of the $4 billion consulting firm's computer network.

The Pentagon hadn't sent the e-mail at all. Its origin is unknown, but the message traveled through Korea on its way to Booz Allen. Its authors knew enough about the "sender" and "recipient" to craft a message unlikely to arouse suspicion. Had the Booz Allen executive clicked on the attachment, his every keystroke would have been reported back to a mysterious master at the Internet address cybersyndrome.3322.org, which is registered through an obscure company headquartered on the banks of China's Yangtze River.

The U.S. government, and its sprawl of defense contractors, have been the victims of an unprecedented rash of similar cyber attacks over the last two years, say current and former U.S. government officials. "It's espionage on a massive scale," says Paul B. Kurtz, a former high-ranking national security official. Government agencies reported 12,986 cyber security incidents to the U.S. Homeland Security Dept. last fiscal year, triple the number from two years earlier. Incursions on the military's networks were up 55% last year, says Lieutenant General Charles E. Croom, head of the Pentagon's Joint Task Force for Global Network Operations. Private targets like Booz Allen are just as vulnerable and pose just as much potential security risk. "They have our information on their networks. They're building our weapon systems. You wouldn't want that in enemy hands," Croom says. Cyber attackers "are not denying, disrupting, or destroying operations—yet. But that doesn't mean they don't have the capability."


When the deluge began in 2006, officials scurried to come up with software "patches," "wraps," and other bits of triage. The effort got serious last summer when top military brass discreetly summoned the chief executives or their representatives from the 20 largest U.S. defense contractors to the Pentagon for a "threat briefing." BusinessWeek has learned the U.S. government has launched a classified operation called Byzantine Foothold to detect, track, and disarm intrusions on the government's most critical networks. And President George W. Bush on Jan. 8 quietly signed an order known as the Cyber Initiative to overhaul U.S. cyber defenses, at an eventual cost in the tens of billions of dollars, and establishing 12 distinct goals, according to people briefed on its contents. One goal in particular illustrates the urgency and scope of the problem: By June all government agencies must cut the number of communication channels, or ports, through which their networks connect to the Internet from more than 4,000 to fewer than 100. On Apr. 8, Homeland Security Dept. Secretary Michael Chertoff called the President's order a cyber security "Manhattan Project."

But many security experts worry the Internet has become too unwieldy to be tamed. New exploits appear every day, each seemingly more sophisticated than the previous one. The Defense Dept., whose Advanced Research Projects Agency (DARPA) developed the Internet in the 1960s, is beginning to think it created a monster. "You don't need an Army, a Navy, an Air Force to beat the U.S.," says General William T. Lord, commander of the Air Force Cyber Command, a unit formed in November, 2006, to upgrade Air Force computer defenses. "You can be a peer force for the price of the PC on my desk." Military officials have long believed that "it's cheaper, and we kill stuff faster, when we use the Internet to enable high-tech warfare," says a top adviser to the U.S. military on the overhaul of its computer security strategy. "Now they're saying, Oh, shit.'"

Adding to Washington's anxiety, current and former U.S. government officials say many of the new attackers are trained professionals backed by foreign governments. "The new breed of threat that has evolved is nation-state-sponsored stuff," says Amit Yoran, a former director of Homeland Security's National Cyber Security Div. Adds one of the nation's most senior military officers: "We've got to figure out how to get at it before our regrets exceed our ability to react."

The military and intelligence communities have alleged that the People's Republic of China is the U.S.'s biggest cyber menace. "In the past year, numerous computer networks around the world, including those owned by the U.S. government, were subject to intrusions that appear to have originated within the PRC," reads the Pentagon's annual report to Congress on Chinese military power, released on Mar. 3. The preamble of Bush's Cyber Initiative focuses attention on China as well.

Wang Baodong, a spokesman for the Chinese government at its embassy in Washington, says "anti-China forces" are behind the allegations. Assertions by U.S. officials and others of cyber intrusions sponsored or encouraged by China are unwarranted, he wrote in an Apr. 9 e-mail response to questions from BusinessWeek. "The Chinese government always opposes and forbids any cyber crimes including hacking' that undermine the security of computer networks," says Wang. China itself, he adds, is a victim, "frequently intruded and attacked by hackers from certain countries."

Because the Web allows digital spies and thieves to mask their identities, conceal their physical locations, and bounce malicious code to and fro, it's frequently impossible to pinpoint specific attackers. Network security professionals call this digital masquerade ball "the attribution problem."


In written responses to questions from BusinessWeek, officials in the office of National Intelligence Director J. Michael McConnell, a leading proponent of boosting government cyber security, would not comment "on specific code-word programs" such as Byzantine Foothold, nor on "specific intrusions or possible victims." But the department says that "computer intrusions have been successful against a wide range of government and corporate networks across the critical infrastructure and defense industrial base." The White House declined to address the contents of the Cyber Initiative, citing its classified nature.

The e-mail aimed at Booz Allen, obtained by BusinessWeek and traced back to an Internet address in China, paints a vivid picture of the alarming new capabilities of America's cyber enemies. On Sept. 5, 2007, at 08:22:21 Eastern time, an e-mail message appeared to be sent to John F. "Jack" Mulhern, vice-president for international military assistance programs at Booz Allen. In the high-tech world of weapons sales, Mulhern's specialty, the e-mail looked authentic enough. "Integrate U.S., Russian, and Indian weapons and avionics," the e-mail noted, describing the Indian government's expectations for its fighter jets. "Source code given to India for indigenous computer upgrade capability." Such lingo could easily be understood by Mulhern. The 62-year-old former U.S. Naval officer and 33-year veteran of Booz Allen's military consulting business is an expert in helping to sell U.S. weapons to foreign governments.

The e-mail was more convincing because of its apparent sender: Stephen J. Moree, a civilian who works for a group that reports to the office of Air Force Secretary Michael W. Wynne. Among its duties, Moree's unit evaluates the security of selling U.S. military aircraft to other countries. There would be little reason to suspect anything seriously amiss in Moree's passing along the highly technical document with "India MRCA Request for Proposal" in the subject line. The Indian government had just released the request a week earlier, on Aug. 28, and the language in the e-mail closely tracked the request. Making the message appear more credible still: It referred to upcoming Air Force communiqués and a "Teaming Meeting" to discuss the deal.

But the missive from Moree to Jack Mulhern was a fake. An analysis of the e-mail's path and attachment, conducted for BusinessWeek by three cyber security specialists, shows it was sent by an unknown attacker, bounced through an Internet address in South Korea, was relayed through a Yahoo! (YHOO) server in New York, and finally made its way toward Mulhern's Booz Allen in-box. The analysis also shows the code—known as "malware," for malicious software—tracks keystrokes on the computers of people who open it. A separate program disables security measures such as password protection on Microsoft (MSFT) Access database files, a program often used by large organizations such as the U.S. defense industry to manage big batches of data.


While hardly the most sophisticated technique used by electronic thieves these days, "if you have any kind of sensitive documents on Access databases, this [code] is getting in there and getting them out," says a senior executive at a leading cyber security firm that analyzed the e-mail. (The person requested anonymity because his firm provides security consulting to U.S. military departments, defense contractors, and financial institutions.) Commercial computer security firms have dubbed the malicious code "Poison Ivy."

But the malware attached to the fake Air Force e-mail has a more devious—and worrisome—capability. Known as a remote administration tool, or RAT, it gives the attacker control over the "host" PC, capturing screen shots and perusing files. It lurks in the background of Microsoft Internet Explorer browsers while users surf the Web. Then it phones home to its "master" at an Internet address currently registered under the name cybersyndrome.3322.org.

The digital trail to cybersyndrome.3322.org, followed by analysts at BusinessWeek's request, leads to one of China's largest free domain-name-registration and e-mail services. Called 3322.org, it is registered to a company called Bentium in the city of Changzhou, an industry hub outside Shanghai. A range of security experts say that 3322.org provides names for computers and servers that act as the command and control centers for more than 10,000 pieces of malicious code launched at government and corporate networks in recent years. Many of those PCs are in China; the rest could be anywhere.

The founder of 3322.org, a 37-year-old technology entrepreneur named Peng Yong, says his company merely allows users to register domain names. "As for what our users do, we cannot completely control it," says Peng. The bottom line: If Poison Ivy infected Jack Mulhern's computer at Booz Allen, any secrets inside could be seen in China. And if it spread to other computers, as malware often does, the infection opens windows on potentially sensitive information there, too.

It's not clear whether Mulhern received the e-mail, but the address was accurate. Informed by BusinessWeek on Mar. 20 of the fake message, Booz Allen spokesman George Farrar says the company launched a search to find it. As of Apr. 9, says Farrar, the company had not discovered the e-mail or Poison Ivy in Booz Allen's networks. Farrar says Booz Allen computer security executives examined the PCs of Mulhern and an assistant who received his e-mail. "We take this very seriously," says Farrar. (Mulhern, who retired in March, did not respond to e-mailed requests for comment and declined a request, through Booz Allen, for an interview.)

Air Force officials referred requests for comment to U.S. Defense Secretary Robert M. Gates' office. In an e-mailed response to BusinessWeek, Gates' office acknowledges being the target of cyber attacks from "a variety of state and non-state-sponsored organizations to gain unauthorized access to, or otherwise degrade, [Defense Dept.] information systems." But the Pentagon declined to discuss the attempted Booz Allen break-in. The Air Force, meanwhile, would not make Stephen Moree available for comment.

The bogus e-mail, however, seemed to cause a stir inside the Air Force, correspondence reviewed by BusinessWeek shows. On Sept. 4, defense analyst James Mulvenon also received the message with Moree and Mulhern's names on it. Security experts believe Mulvenon's e-mail address was secretly included in the "blind copy" line of a version of the message. Mulvenon is director of the Center for Intelligence Research & Analysis and a leading consultant to U.S. defense and intelligence agencies on China's military and cyber strategy. He maintains an Excel spreadsheet of suspect e-mails, malicious code, and hacker groups and passes them along to the authorities. Suspicious of the note when he received it, Mulvenon replied to Moree the next day. Was the e-mail "India spam?" Mulvenon asked.

"I apologize—this e-mail was sent in error—please delete," Moree responded a few hours later.

"No worries," typed Mulvenon. "I have been getting a lot of trojaned Access databases from China lately and just wanted to make sure."

"Interesting—our network folks are looking into some kind of malicious intent behind this e-mail snafu," wrote Moree. Neither the Air Force nor the Defense Dept. would confirm to BusinessWeek whether an investigation was conducted. A Pentagon spokesman says that its procedure is to refer attacks to law enforcement or counterintelligence agencies. He would not disclose which, if any, is investigating the Air Force e-mail.


By itself, the bid to steal digital secrets from Booz Allen might not be deeply troubling. But Poison Ivy is part of a new type of digital intruder rendering traditional defenses—firewalls and updated antivirus software—virtually useless. Sophisticated hackers, say Pentagon officials, are developing new ways to creep into computer networks sometimes before those vulnerabilities are known. "The offense has a big advantage over the defense right now," says Colonel Ward E. Heinke, director of the Air Force Network Operations Center at Barksdale Air Force Base. Only 11 of the top 34 antivirus software programs identified Poison Ivy when it was first tested on behalf of BusinessWeek in February. Malware-sniffing software from several top security firms found "no virus" in the India fighter-jet e-mail, the analysis showed.

Over the past two years thousands of highly customized e-mails akin to Stephen Moree's have landed in the laptops and PCs of U.S. government workers and defense contracting executives. According to sources familiar with the matter, the attacks targeted sensitive information on the networks of at least seven agencies—the Defense, State, Energy, Commerce, Health & Human Services, Agriculture, and Treasury departments—and also defense contractors Boeing (BA), Lockheed Martin, General Electric (GE), Raytheon (RTW), and General Dynamics (GD), say current and former government network security experts. Laura Keehner, a spokeswoman for the Homeland Security Dept., which coordinates protection of government computers, declined to comment on specific intrusions. In written responses to questions from BusinessWeek, Keehner says: "We are aware of and have defended against malicious cyber activity directed at the U.S. Government over the past few years. We take these threats seriously and continue to remain concerned that this activity is growing more sophisticated, more targeted, and more prevalent." Spokesmen for Lockheed Martin, Boeing, Raytheon, General Dynamics, and General Electric declined to comment. Several cited policies of not discussing security-related matters.

The rash of computer infections is the subject of Byzantine Foothold, the classified operation designed to root out the perpetrators and protect systems in the future, according to three people familiar with the matter. In some cases, the government's own cyber security experts are engaged in "hack-backs"—following the malicious code to peer into the hackers' own computer systems. BusinessWeek has learned that a classified document called an intelligence community assessment, or ICA, details the Byzantine intrusions and assigns each a unique Byzantine-related name. The ICA has circulated in recent months among selected officials at U.S. intelligence agencies, the Pentagon, and cyber security consultants acting as outside reviewers. Until December, details of the ICA's contents had not even been shared with congressional intelligence committees.

Now, Senate Intelligence Committee Chairman John D. Rockefeller (D-W. Va.) is said to be discreetly informing fellow senators of the Byzantine operation, in part to win their support for needed appropriations, many of which are part of classified "black" budgets kept off official government books. Rockefeller declined to comment. In January a Senate Intelligence Committee staffer urged his boss, Missouri Republican Christopher "Kit" Bond, the committee's vice-chairman, to supplement closed-door testimony and classified documents with a viewing of the movie Die Hard 4 on a flight the senator made to New Zealand. In the film, cyber terrorists breach FBI networks, purloin financial data, and bring car traffic to a halt in Washington. Hollywood, says Bond, doesn't exaggerate as much as people might think. "I can't discuss classified matters," he cautions. "But the movie illustrates the potential impact of a cyber conflict. Except for a few things, let me just tell you: It's credible."

"Phishing," one technique used in many attacks, allows cyber spies to steal information by posing as a trustworthy entity in an online communication. The term was coined in the mid-1990s when hackers began "fishing" for information (and tweaked the spelling). The e-mail attacks on government agencies and defense contractors, called "spear-phish" because they target specific individuals, are the Web version of laser-guided missiles. Spear-phish creators gather information about people's jobs and social networks, often from publicly available information and data stolen from other infected computers, and then trick them into opening an e-mail.


Spear-phish tap into a cyber espionage tactic that security experts call "Net reconnaissance." In the attempted attack on Booz Allen, attackers had plenty of information about Moree: his full name, title (Northeast Asia Branch Chief), job responsibilities, and e-mail address. Net reconnaissance can be surprisingly simple, often starting with a Google (GOOG) search. (A lookup of the Air Force's Pentagon e-mail address on Apr. 9, for instance, retrieved 8,680 e-mail addresses for current or former Air Force personnel and departments.) The information is woven into a fake e-mail with a link to an infected Web site or containing an attached document. All attackers have to do is hit their send button. Once the e-mail is opened, intruders are automatically ushered inside the walled perimeter of computer networks—and malicious code such as Poison Ivy can take over.

By mid-2007 analysts at the National Security Agency began to discern a pattern: personalized e-mails with corrupted attachments such as PowerPoint presentations, Word documents, and Access database files had been turning up on computers connected to the networks of numerous agencies and defense contractors.

A previously undisclosed breach in the autumn of 2005 at the American Enterprise Institute—a conservative think tank whose former officials and corporate executive board members are closely connected to the Bush Administration—proved so nettlesome that the White House shut off aides' access to the Web site for more than six months, says a cyber security specialist familiar with the incident. The Defense Dept. shut the door for even longer. Computer security investigators, one of whom spoke with BusinessWeek, identified the culprit: a few lines of Java script buried in AEI's home page, www.aei.org, that activated as soon as someone visited the site. The script secretly redirected the user's computer to another server that attempted to load malware. The malware, in turn, sent information from the visitor's hard drive to a server in China. But the security specialist says cyber sleuths couldn't get rid of the intruder. After each deletion, the furtive code would reappear. AEI says otherwise—except for a brief accidental recurrence caused by its own network personnel in August, 2007, the devious Java script did not return and was not difficult to eradicate.

The government has yet to disclose the breaches related to Byzantine Foothold. BusinessWeek has learned that intruders managed to worm into the State Dept.'s highly sensitive Bureau of Intelligence & Research, a key channel between the work of intelligence agencies and the rest of the government. The breach posed a risk to CIA operatives in embassies around the globe, say several network security specialists familiar with the effort to cope with what became seen as an internal crisis. Teams worked around-the-clock in search of malware, they say, calling the White House regularly with updates.

The attack began in May, 2006, when an unwitting employee in the State Dept.'s East Asia Pacific region clicked on an attachment in a seemingly authentic e-mail. Malicious code was embedded in the Word document, a congressional speech, and opened a Trojan "back door" for the code's creators to peer inside the State Dept.'s innermost networks. Soon, cyber security engineers began spotting more intrusions in State Dept. computers across the globe. The malware took advantage of previously unknown vulnerabilities in the Microsoft operating system. Unable to develop a patch quickly enough, engineers watched helplessly as streams of State Dept. data slipped through the back door and into the Internet ether. Although they were unable to fix the vulnerability, specialists came up with a temporary scheme to block further infections. They also yanked connections to the Internet.

One member of the emergency team summoned to the scene recalls that each time cyber security professionals thought they had eliminated the source of a "beacon" reporting back to its master, another popped up. He compared the effort to the arcade game Whack-A-Mole. The State Dept. says it eradicated the infection, but only after sanitizing scores of infected computers and servers and changing passwords. Microsoft's own patch, meanwhile, was not deployed until August, 2006, three months after the infection. A Microsoft spokeswoman declined to comment on the episode, but said: "Microsoft has, for several years, taken a comprehensive approach to help protect people online."

There is little doubt among senior U.S. officials about where the trail of the recent wave of attacks leads. "The Byzantine series tracks back to China," says Air Force Colonel Heinke. More than a dozen current and former U.S. military, cyber security, and intelligence officials interviewed by BusinessWeek say China is the biggest emerging adversary—and not just clubs of rogue or enterprising hackers who happen to be Chinese. O. Sami Saydjari, a former National Security Agency executive and now president of computer security firm Cyber Defense Agency, says the Chinese People's Liberation Army, one of the world's largest military forces, with an annual budget of $57 billion, has "tens of thousands" of trainees launching attacks on U.S. computer networks. Those figures could not be independently confirmed by BusinessWeek. Other experts provide lower estimates and note that even one hacker can do a lot of damage. Says Saydjari: "We have to look at this as equivalent to the launch of a Chinese Sputnik." China vigorously disputes the spying allegation and says its military posture is purely defensive.

Hints of the perils perceived within America's corridors of power have been slipping out in recent months. In Feb. 27 testimony before the U.S. Senate Armed Services Committee, National Intelligence Director McConnell echoed the view that the threat comes from China. He told Congress he worries less about people capturing information than altering it. "If someone has the ability to enter information in systems, they can destroy data. And the destroyed data could be something like money supply, electric-power distribution, transportation sequencing, and that sort of thing." His conclusion: "The federal government is not well-protected and the private sector is not well-protected."

Worries about China-sponsored Internet attacks spread last year to Germany, France, and Britain. British domestic intelligence agency MI5 had seen enough evidence of intrusion and theft of corporate secrets by allegedly state-sponsored Chinese hackers by November, 2007, that the agency's director general, Jonathan Evans, sent an unusual letter of warning to 300 corporations, accounting firms, and law firms—and a list of network security specialists to help block computer intrusions. Some recipients of the MI5 letter hired Peter Yapp, a leading security consultant with London-based Control Risks. "People treat this like it's just another hacker story, and it is almost unbelievable," says Yapp. "There's a James Bond element to it. Too many people think, It's not going to happen to me.' But it has."

Identifying the thieves slipping their malware through the digital gates can be tricky. Some computer security specialists doubt China's government is involved in cyber attacks on U.S. defense targets. Peter Sommer, an information systems security specialist at the London School of Economics who helps companies secure networks, says: "I suspect if it's an official part of the Chinese government, you wouldn't be spotting it."

A range of attacks in the past two years on U.S. and foreign government entities, defense contractors, and corporate networks have been traced to Internet addresses registered through Chinese domain name services such as 3322.org, run by Peng Yong. In late March, BusinessWeek interviewed Peng in an apartment on the 14th floor of the gray-tiled residential building that houses the five-person office for 3322.org in Changzhou. Peng says he started 3322.org in 2001 with $14,000 of his own money so the growing ranks of China's Net surfers could register Web sites and distribute data. "We felt that this business would be very popular, especially as broadband, fiber-optic cables, [data transmission technology] ADSL, these ways of getting on the Internet took off," says Peng (translated by BusinessWeek from Mandarin), who drives a black Lexus IS300 bought last year.

His 3322.org has indeed become a hit. Peng says the service has registered more than 1 million domain names, charging $14 per year for "top-level" names ending in .com, .org, or .net. But cyber security experts and the Homeland Security Dept.'s U.S. Computer Emergency Readiness Team (CERT) say that 3322.org is a hit with another group: hackers. That's because 3322.org and five sister sites controlled by Peng are dynamic DNS providers. Like an Internet phone book, dynamic DNS assigns names for the digits that mark a computer's location on the Web. For example, 3322.org is the registrar for the name cybersyndrome.3322.org at Internet address, the China-based computer that was contacted by the malicious code in the attempted Booz Allen attack, according to analyses reviewed by BusinessWeek. "Hackers started using sites like 3322.org so that the malware phones home to the specific name. The reason? It is relatively difficult to have [Internet addresses] taken down in China," says Maarten van Horenbeeck, a Belgium-based intrusion analyst for the SANS Internet Storm Center, a cyber threat monitoring group.


Peng's 3322.org and sister sites have become a source of concern to the U.S. government and private firms. Cyber security firm Team Cymru sent a confidential report, reviewed by BusinessWeek, to clients on Mar. 7 that illustrates how 3322.org has enabled many recent attacks. In early March, the report says, Team Cymru received "a spoofed e-mail message from a U.S. military entity, and the PowerPoint attachment had a malware widget embedded in it." The e-mail was a spear-phish. The computer that controlled the malicious code in the PowerPoint? Cybersyndrome.3322.org—the same China-registered computer in the attempted attack on Booz Allen. Although the cybersyndrome Internet address may not be located in China, the top five computers communicating directly with it were—and four were registered with a large state-owned Internet service provider, according to the report.

A person familiar with Team Cymru's research says the company has 10,710 distinct malware samples that communicate to masters registered through 3322.org. Other groups reporting attacks from computers hosted by 3322.org include activist group Students for a Free Tibet, the European Parliament, and U.S. Bancorp (USB), according to security reports. Team Cymru declined to comment. The U.S. government has pinpointed Peng's services as a problem, too. In a Nov. 28, 2007, confidential report from Homeland Security's U.S. CERT obtained by BusinessWeek,

"Cyber Incidents Suspected of Impacting Private Sector Networks," the federal cyber watchdog warned U.S. corporate information technology staff to update security software to block Internet traffic from a dozen Web addresses after spear-phishing attacks. "The level of sophistication and scope of these cyber security incidents indicates they are coordinated and targeted at private-sector systems," says the report. Among the sites named: Peng's 3322.org, as well as his 8800.org, 9966.org, and 8866.org. Homeland Security and U.S. CERT declined to discuss the report.

Peng says he has no idea hackers are using his service to send and control malicious code. "Are there a lot?" he says when asked why so many hackers use 3322.org. He says his business is not responsible for cyber attacks on U.S. computers. "It's like we have paved a road and what sort of car [users] drive on it is their own business," says Peng, who adds that he spends most of his time these days developing Internet telephony for his new software firm, Bitcomm Software Tech Co. Peng says he was not aware that several of his Web sites and Internet addresses registered through them were named in the U.S. CERT report. On Apr. 7, he said he planned to shut the sites down and contact the U.S. agency. Asked by BusinessWeek to check his database for the person who registered the computer at the domain name cybersyndrome.3322.org, Peng says it is registered to Gansu Railway Communications, a regional telecom subsidiary of China's Railways Ministry. Peng declined to provide the name of the registrant, citing a confidentiality agreement. "You can go through the police to find out the user information," says Peng.

U.S. cyber security experts say it's doubtful that the Chinese government would allow the high volume of attacks on U.S. entities from China-based computers if it didn't want them to happen. "China has one of the best-controlled Internets in the world. Anything that happens on their Internet requires permission," says Cyber Defense Group's Saydjari. The Chinese government spokesman declined to answer specific questions from BusinessWeek about 3322.org.

But Peng says he can do little if hackers exploit his goodwill—and there hasn't been much incentive from the Chinese government for him to get tough. "Normally, we take care of these problems by shutting them down," says Peng. "Because our laws do not have an extremely clear method to handle this problem, sometimes we are helpless to stop their services." And so, it seems thus far, is the U.S. government.

In Storing 1’s and 0’s, the Question Is $
John Schwartz

LISTEN. Do you hear it? The bits are dying.

The digital revolution has spawned billions upon billions of gigabytes of data, from the vast electronic archives of government and business to the humblest photo on a home PC. And the trove is growing — the International Data Corporation, a technology research and advisory firm, estimates that by 2011 the digital universe of ones and zeros will be 10 times the size it was in 2006.

But the downside is that much of this data is ephemeral, and society is headed toward a kind of digital Alzheimer’s. What’s on those old floppies stuck in a desk drawer? Can anything be read off that ancient mainframe’s tape drive? Will today’s hard disk be tomorrow’s white elephant?

Data is “the natural resource for the Internet age,” said Francine Berman, director of the San Diego Supercomputer Center at the University of California, San Diego, a national center for high-performance computing resources. But, she added, “digital data is enormously fragile.” It can degrade as it is stored, copied and transferred between hard drives across data networks. The storage systems might not be around or accessible in the future — it is like putting precious information on eight-track tapes.

“It’s very important that we have an awareness that digital preservation has to be a part of our infrastructure,” Dr. Berman said. But as the problem has been studied over the years, researchers have found that “there’s no one-size-fits-all model for preserving data in the digital age,” she added. And there’s an even bigger potential roadblock: how to pay for it. “Economic sustainability,” Dr. Berman said, is “the gorilla in the room.”

The National Science Foundation has begun a $100 million program over the next five years for an initiative, known as DataNet, that will help develop methods and technologies to keep the data we create. The goal is more than safeguarding the family’s digital photo album: it’s to preserve science and engineering data in ways that are “open, extensible and evolvable” — in other words, not just to make sure that bits aren’t lost but also to make them accessible and usable far into the future.

At the same time, a second National Science Foundation-supported effort is finding ways to address the cost of saving digital memories. Dr. Berman leads this two-year task force with Brian Lavoie, a research scientist at the Online Computer Library Center, a nonprofit organization near Columbus, Ohio, that helps more than 60,000 libraries around the world find, share and preserve materials.

Dr. Lavoie said the task force would outline ways that digital preservation could be used in diverse situations, with an eye to economy and sustainability. “The common thing among all of them is that somebody has to pay for it,” he said.

For all their qualities, electrons can seem awfully feeble when compared with a good old-fashioned book. “With the right kind of paper and the right kind of stewardship,” Dr. Berman said, “you can keep a book for 100 years or more.” The interface is as simple as it gets: open the book and look at the page.

By contrast, in the hundred years that a book might have spent on the shelf, technology might have gone through “dozens of generations of storage media,” she said.

No one is suggesting that we try to hold on to every bit of data lingering in every obsolete corner. Choices must be made about the kind of material that should be kept fresh and accessible for 5 years, or 50, or 1,000. Census data? Put it on the “forever” drive, please. To-do lists? A little less crucial.

Dr. Berman identifies collections like the Protein Data Bank, run by the Research Collaboratory for Structural Bioinformatics. A repository of information on protein structures, it represents a research investment of more than $80 billion, said Dr. Berman, whose supercomputer center is a collaborating institution. That kind of data, which could lead to new understanding of the body’s functions and to new drugs, is also a keeper.

Those in the digital-preservation field have talked for years about technologies that will achieve their goals. In a world where steeply falling hardware prices allow companies like Google to create vast server farms, preservationists have come up with ideas for electronic depositories, big and small, that businesses or government could build.

But the talk goes well beyond simple storage to true preservation, which ensures that information remains accessible. The plans therefore include making data retrievable with technologies like format migration, in which outdated files could be made readable in a more generic format, and computer emulation, in which one machine would pretend to be an older computer that could make sense of old files.

All that work is going on, Dr. Lavoie said, but “that misses the point” that the task force was formed to examine: ensuring that the various technologies make economic sense. “You can have the most elegant technological solution to the digital-preservation problem, but if there’s no economics underpinning it, then there’s no solution at all,” he said.

So while it is important to develop technologies that will make digital preservation simple and inexpensive, Dr. Lavoie said that the field was “not about picking winners and losers at all.”

He described an economic framework that would follow the course of the evolution of the computer-security market. In that case, private companies emerged to handle the needs of industry and government to protect against hacking, while others developed products and services that smaller organizations and even consumers could use. Some companies developed their own expertise and did the work in house as well.

The government spurred development, too, through tax breaks, monetary penalties for lax security practices in the financial industry and paying for security initiatives like the CERT center at Carnegie Mellon University, which monitors computer attacks.

“The question, I think, is articulating that full menu of models” so that the development of a preservation market will be encouraged, Dr. Lavoie said. “That’s something we’re really missing now.”

Margaret Hedstrom, associate professor at the School of Information at the University of Michigan, has been preaching preservation for 30 years, ever since she got a job organizing Wisconsin state records. But in a throwaway culture, it’s been a hard argument to make stick.

Now, she said, “one of the things that’s changing, finally, is people in places like the National Science Foundation are paying enough attention to this problem and understand its scale to start making investments that can make a difference.”

The concern is about more than losing any particular set of data, Dr. Hedstrom said. “The issue is about losing the ability, in a systematic way, of being able to preserve anything.”

Yes, people know how to keep data, she said, but she added that it was just as important “to preserve the right information” well enough to keep it meaningful and accessible.

“There might be 100 versions of a report on a company’s hard drive, but which one was the final draft?” Dr. Hestrom said. “How was the underlying data used? Which architectural drawings of the many versions generated for a project were actually used to erect the building, and what was the chain of decisions that led to the brick-and-mortar result?

“It’s not that the bits aren’t lying around,” she continued. “They may or may not be lying around. But being able to understand how they were collected,” and being able to ascertain how the underlying data was used, makes the information useful. People think that because the cost of storage is dropping “we can save everything,” she said. “But that’s based on a naïve view of what ‘everything’ actually is.”

Efforts like the Internet Archive (archive.org), which trolls and collects billions of pages from the World Wide Web, are laudable but merely represent “the surface Web,” she said. The underlying data that enriches understanding isn’t present in that kind of collection, she said. “The Internet Archive is great for what it is,” she said, “but we’re not going to solve the preservation problem with one small not-for-profit organization” and volunteers.

She said she was thrilled, therefore, to see serious projects coming from the National Science Foundation and heartened that many approaches were being considered. “If everybody’s doing the same thing, we might all be making the same mistake,” she said.

She added that she hoped the movement to hold on to our digital memories would finally succeed. “It’s taken longer than I would have liked,” she said, “but I think we’re getting there.”

Storing Every Life Memory in a Surrogate Brain

Microsoft researchers are developing a way to enable you to capture every moment of your life and store it on your computer
Sharon Gaudin

Remember walking in to start your first job out of college? Or that diner you stopped in when you were on a road trip with your friends? The way the sky looked when you made that one perfect ski run, or the song that was playing when your daughter took her first step?

Gordon Bell, a long-time veteran of the IT industry and now principal researcher with Microsoft's research arm, is developing a way for everyone to remember those special moments.

Actually, Bell himself wants to remember - well, everything.

With memories piling up and continually slipping away, Bell is working to capture every moment of his life, so he can store it on his computer - a Dell laptop with a dual-core processor. He wants the ability to pull up any picture, phone call, e-mail or conversation any time he wants.

The nine-year project, called MyLifeBits, has Bell supplementing his own memory by collecting as much information as he can about his life. He's trying to store a lifetime on his laptop.

For Bell, a key engineer and vice president of research and development at minicomputer pioneer Digital Equipment for 23 years and later a founder of the Computer History Museum, the effort is about not forgetting, not deleting and holding onto all the bits of your life. In essence, it's about immortality.

"I believe this is the quest for what a personal computer really is," Bell said. "It's to capture one's entire life. A personal computer wouldn't be a machine that just sits on my desk. It's a repository. I think of the system as a personal memory. I feel immensely free by having all the information there."

Bell isn't talking about plastering a MySpace or Facebook page with information about the last cool restaurant he went to or details of a conversation with another industry luminary. For him, recording memories is immensely personal.

"A lot of people put their lives on the Web. I'm not an advocate of that," he said, adding that he thinks revealing too much personal information online can be dangerous. "We're not life loggers because we're not publicly disclosing or talking about ourselves. This was built to be entirely personal, to aid the individual. You will leave a personal legacy - a record of your life."

The project took seed in the late'90s when Bell decided to scan all of his books, articles, clippings and memos into a digital format. All of his paper records would be transformed. Just as his scanning project got underway, Bell read Bill Gates' book The Road Ahead, in which the Microsoft founder wrote about his belief that someday people will be able to record and recall everything they've ever heard or seen.

"It all just kind of triggered me," said Bell. "How much information do you end up with in your life? If you have it, how much does it cost and what good is it? That really was the genesis of getting started. I thought it was important to run an experiment for an individual to really do it and see what all is there and how valuable it is."

Bell said he began the scanning effort in 1999, and then in 2001, his friend and Microsoft colleague Jim Gray convinced that he was going to need a large database that could easily access information. With Gray acting as inspiration and co-conspirator, Bell began storing more and more aspects of his life - videos of lectures he'd given, CDs, correspondence and an avalanche of photos.

He's gone on to collect images of every Web page he's ever visited, television shows he's watched, recorded phone conversations, and images and audio from conference sessions, along with his e-mail and instant messages.

In 2003, Bell even began wearing a SenseCam, a wearable digital camera designed to automatically take pictures without any user interaction. Created by scientists in Microsoft Research's England lab, the camera hangs around Bell's neck and snaps pictures with a fish-eye lens every 30 seconds or whenever it senses someone approaching.

So far, Bell has stored about 160 megabytes of information about his life, including 100,000 photos. Calculating that he saves about a gigabyte of information every month, he noted that he tries to only save photos of a megabyte or less. Bell figures one could store everything about his life, from start to finish, using a terabyte of storage.

Microsoft Research's Jim Gemmell and Roger Lueder developed the MyLifeBits software, which uses hyperlinks, fast search, annotations and saved queries. The software can record web pages and IM transcripts, along with radio and television programs, according to Microsoft.

When Gray disappeared a little more than a year ago, the experience of his loss gave Bell a new perspective on their project. Gray failed to return from a sailboat trip in the Pacific Ocean off the US west coast.

"We'd all like to see an immortal Jim," said Bell. "All of us have various pieces or an understanding of him. Jim had various theorems and books and metrics he created, so those things will last. But how close can we come to having something that would actually let people see who he was as a person?

It's trying to make it more personal."

With such a personal project, the good and the bad parts of his life are being recorded equally. And Bell said he's just fine with that, and hasn't fallen victim to any urges to delete something that was painful or might not put him in the best light.

"People worry about that. So far I have not," he said, laughing. "I tend to leave everything there. There are some things I'm not so happy with, but what the hell? The value is in giving people a full view of what you're all about. There are various unpleasantries that are on there. There are some unpleasant characters that I've been involved with and it's more,'Oh, god. I remember that episode or that board meeting.' "

Bell said he backs up his data, which is not encrypted, in the Microsoft Research lab and a copy is taken offsite for safekeeping. As for security, he said his main concerns are around physical security for his laptop. He doesn't travel with it, taking a tablet PC with him instead.

In 20 years, digitizing our memories will be standard procedure, according to Bell. "It's my supplemental memory and brain," he noted. "It's one of my most valuable possessions. I look at this thing and think,'My whole life is there.'"

Clive Thompson on Why the Next Civil Rights Battle Will Be Over the Mind

Trolling down the street in Manhattan, I suddenly hear a woman's voice.

"Who's there? Who's there?" she whispers. I look around but can't figure out where it's coming from. It seems to emanate from inside my skull.

Was I going nuts? Nope. I had simply encountered a new advertising medium: hypersonic sound. It broadcasts audio in a focused beam, so that only a person standing directly in its path hears the message. In this case, the cable channel A&E was using the technology to promote a show about, naturally, the paranormal.

I'm a geek, so my first reaction was, "Cool!" But it also felt creepy.

We think of our brains as the ultimate private sanctuary, a zone where other people can't intrude without our knowledge or permission. But its boundaries are gradually eroding. Hypersonic sound is just a portent of what's coming, one of a host of emerging technologies aimed at tapping into our heads. These tools raise a fascinating, and queasy, new ethical question: Do we have a right to "mental privacy"?

"We're going to be facing this question more and more, and nobody is really ready for it," says Paul Root Wolpe, a bioethicist and board member of the nonprofit Center for Cognitive Liberty and Ethics. "If the skull is not an absolute domain of privacy, there are no privacy domains left." He argues that the big personal liberty issues of the 21st century will all be in our heads — the "civil rights of the mind," he calls it.

It's true that most of this technology is still gestational. But the early experiments are compelling: Some researchers say that fMRI brain scans can detect surprisingly specific mental acts — like whether you're entertaining racist thoughts, doing arithmetic, reading, or recognizing something. Entrepreneurs are already pushing dubious forms of the tech into the marketplace: You can now hire a firm, No Lie MRI, to conduct a "truth verification" scan if you're trying to prove you're on the level. Give it 10 years, ethicists say, and brain tools will be used regularly — sometimes responsibly, often shoddily.

Both situations scare civil libertarians. What happens when the government starts using brain scans in criminal investigations — to figure out if, say, a suspect is lying about a terrorist plot? Will the Fifth Amendment protect you from self-incrimination by your own brain? Think about your workplace, too: Your boss can already demand that you pee in a cup. Should she also be allowed to stick your head in an MRI tube as part of your performance review?

But this isn't just about reading minds; it's also about bombarding them with messages or tweaking their chemistry. Transcranial magnetic stimulation — now used to treat epilepsy — has shown that it can artificially generate states of empathy and euphoria. And you've probably heard of propranolol, a drug that can help erase traumatic memories.

Let's say you've been assaulted and you want to take propranolol to delete the memory. The state needs that memory to prosecute the assailant. Can it prevent you from taking the drug? "To a certain extent, memories are societal properties," says Adam Kolber, a visiting professor at Princeton. "Society has always made claims on your memory, such as subpoenaing you." Or what if you use transcranial stimulation to increase your empathy. Would you be required to disclose that? Could a judge throw you off a jury? Could the Army turn you away?

I'd love to give you answers. But the truth is no one knows. Privacy rights vary from state to state, and it's unclear how, or even if, the protections would apply to mental sanctity. "We really need to articulate a moral code that governs all this," warns Arthur Caplan, a University of Pennsylvania bioethicist.

The good news is that scholars are holding conferences to hash out legal positions. But we'll need a broad public debate about it, too. Civil liberties thrive only when the public demands them — and understands they're at risk. That means we need to stop seeing this stuff as science fiction and start thinking about how we'll react to it. Otherwise, we could all lose our minds.

Sweat Ducts May Act as Giveaway 'Antennas'
Flora Graham

Our skin may contain millions of tiny "antennas" in the form of microscopic sweat ducts, say researchers in Israel. In experiments, they found evidence that signals produced by bouncing electromagnetic waves off the tiny tubes might reveal a person's physical and emotional state from a distance.

The research might eventually result in lie detectors that require no physical contact with the subject.

Human skin contains millions of sweat glands, which are connected to pores at the surface by tiny ducts. These ducts were originally thought of as straight tubes, but detailed images produced in recent years have revealed that they are actually helical.

"When you look at this through the eyes of an electrical engineer, it is very familiar," says Aharon Agranat of the Hebrew University of Jerusalem. "It immediately ignited the thinking that perhaps they also behave as helical antenna."

To function in this way, the ducts would need to conduct a current. And since the ducts are filled with sweat, they do indeed conduct when hit with an electromagnetic wave, although not at the very high frequencies needed.

And yet, experiments performed by the Israeli researchers suggest that they do somehow work as antennas.

Proton hopping

Yuri Feldman, who initiated the research, says current may be conducted within the ducts at high frequencies through a mechanism known as "proton hopping," with protons jumping rapidly – in the order of hundreds of femtoseconds – through hydrogen bonds near the surface of cells lining each duct.

Treating the skin as an array of helical antennas could open up a new way of measuring physiological changes from a distance, the researchers say.

This is because perspiration should change the conductivity of each sweat duct. And, since perspiration is linked to other physiological parameters, such as blood pressure and pulse rate, measuring this change would reveal a person's health and mental state.

In experiments, the team beamed electromagnetic waves with a frequency range of about 100 gigahertz at the hands of test subjects.

They measured the frequency of the electromagnetic waves reflecting off the subjects' skin while they relaxed and then after exercise. The reflected signal closely matched their modelled results for skin containing an array of tiny helical antennas.
Remote lie detector

Initially, the experiments were carried out in contact with the subjects' hands, to reduce diffraction effects. But even at a distance of 22 centimetres, the researchers found a strong correlation between subjects' blood pressure and pulse rate, and the frequency response of their skin.

Agranat emphasises that the research is at an early stage, but recognises potential applications. "You could make a lie detector that does not require any connections to the person being tested," he says.

Not everyone is convinced, however. "It's a really interesting idea," says Philip Chadwick, director and researcher at MCL, a company that consults on the effects of electromagnetic fields on humans.

But Chadwick is concerned that the resonance shown in the experimental data seems too sharp to be biological. "People are made of squishy wet stuff, and any resonance will be very damped out," he explains. "This sort of sharp resonance at this frequency has never been observed before."

Agranat admits that his team is reporting a new phenomenon but explains that no-one has considered the shape of the skin ducts before. "The response is governed, not by the chemical composition of the tissue, but by the morphology – because it looks like a coil, it behaves the way it behaves."

'Big Brother' Buildings Offer Less Invasive Security
Mason Inman

Tracking people's every move using buildings packed with motion sensors is more effective than CCTV, and less invasive to privacy, say researchers who tried the technique on their own colleagues.

"We want to have a god's eye view of the entire space," says Yuri Ivanov of the Mitsubishi Electric Research Laboratories (MERL), who led the project with colleague Christopher Wren.

That may sound like the desire of George Orwell's fictional "Big Brother" in 1984. But the MERL system should actually preserve people's privacy better than CCTV and make buildings safer and more secure, says Ivanov.

All-seeing eyes

As digital video cameras get cheaper and smaller, CCTV systems are becoming more common. But as well as raising privacy concerns, Ivanov and Wren say, the footage is difficult to search through or interpret quickly.

As an alternative, the two researchers used arrays of small, cheap motion detectors to watch over people instead, with their officemates as guinea pigs. They fitted their 3000 square metre office building with an array of 215 simple detectors placed along the hallways at 2-metre intervals.

The detectors collect much less information than the cameras. "It's not going to catch you picking your nose. You can only tell that some person went by," Wren explains, "maybe this is better than living under thousands of cameras."

But the motion-detector system still collects a lot of information. To find unusual or interesting patterns in the data, the researchers developed software to display movements of people around the building on a map in real time. People show up as a bright spot trailing a tail of lights that slowly fade away (see video, right).

Another view summarises data from sensors across a period of time, for example a week, month or year, in a way that makes it possible to see patterns or anomalies at a glance.

Identity parade

The system also includes a handful of cameras, at selected spots in the building. Footage of passers by can be used to identify people, who can then be tracked around the building using the motion sensor data.

Users can select a certain path on the map – for example from the office drinks machine to the front door – to call up motion and video data from the path at a particular time and reveal who used the route. "A target audience for this was security," says Ivanov, "but that's not the only use."

Data collected during a fire evacuation drill revealed that almost everyone in the building left through one exit; the two other doors nearby went largely unused. Understanding how people use spaces like this could help improve safety, they argue.

Longer-term patterns, like how late people stay at work or where they tend to congregate, have other uses. "It has large implications for energy savings," Ivanov adds, saying that heating or air-conditioning use could be informed by the data.

Marauder's map

"I've not seen this approach before in journals or at conferences," says Marimuthu Palaniswami at the University of Melbourne in Australia. "But I have seen it in fiction, for example the Marauder's map in Harry Potter."

The technique appears simple and usable, he says. "They have produced a system that could be implemented with little difficulty and would be very useful for security monitoring."

Daniel Keim of the University of Konstanz in Germany agrees that usability is a big advantage. Most techniques for analysing data from sensor networks depend on automatically detecting certain behaviours specified ahead of time, making spotting unexpected features difficult, he says.

Administration Set to Use New Spy Program in U.S.

Congressional critics want more assurances of legality
Spencer S. Hsu

The Bush administration said yesterday that it plans to start using the nation's most advanced spy technology for domestic purposes soon, rebuffing challenges by House Democrats over the idea's legal authority.

Homeland Security Secretary Michael Chertoff said his department will activate his department's new domestic satellite surveillance office in stages, starting as soon as possible with traditional scientific and homeland security activities -- such as tracking hurricane damage, monitoring climate change and creating terrain maps.

Sophisticated overhead sensor data will be used for law enforcement once privacy and civil rights concerns are resolved, he said. The department has previously said the program will not intercept communications.

"There is no basis to suggest that this process is in any way insufficient to protect the privacy and civil liberties of Americans," Chertoff wrote to Reps. Bennie G. Thompson (D-Miss.) and Jane Harman (D-Calif.), chairmen of the House Homeland Security Committee and its intelligence subcommittee, respectively, in letters released yesterday.

"I think we've fully addressed anybody's concerns," Chertoff added in remarks last week to bloggers. "I think the way is now clear to stand it up and go warm on it."

His statements marked a fresh determination to operate the department's new National Applications Office as part of its counterterrorism efforts. The administration in May 2007 gave DHS authority to coordinate requests for satellite imagery, radar, electronic-signal information, chemical detection and other monitoring capabilities that have been used for decades within U.S. borders for mapping and disaster response.

But Congress delayed launch of the new office last October. Critics cited its potential to expand the role of military assets in domestic law enforcement, to turn new or as-yet-undeveloped technologies against Americans without adequate public debate, and to divert the existing civilian and scientific focus of some satellite work to security uses.

Democrats say Chertoff has not spelled out what federal laws govern the NAO, whose funding and size are classified. Congress barred Homeland Security from funding the office until its investigators could review the office's operating procedures and safeguards. The department submitted answers on Thursday, but some lawmakers promptly said the response was inadequate.

"I have had a firsthand experience with the trust-me theory of law from this administration," said Harman, citing the 2005 disclosure of the National Security Agency's domestic spying program, which included warrantless eavesdropping on calls and e-mails between people in the United States and overseas. "I won't make the same mistake. . . . I want to see the legal underpinnings for the whole program."

Thompson called DHS's release Thursday of the office's procedures and a civil liberties impact assessment "a good start." But, he said, "We still don't know whether the NAO will pass constitutional muster since no legal framework has been provided."

DHS officials said the demands are unwarranted. "The legal framework that governs the National Applications Office . . . is reflected in the Constitution, the U.S. Code and all other U.S. laws," said DHS spokeswoman Laura Keehner. She said its operations will be subject to "robust," structured legal scrutiny by multiple agencies.

Open Source 3D Printer Copies Itself

Self-replicating printer frees-up 3D printing under GNU
Ulrika Hedquist

Based in the Waitakeres, in West Auckland, software developer and artist Vik Olliver is part of a team developing an open-source, self-copying 3D printer. The RepRap (Replicating Rapid-prototyper) printer can replicate and update itself. It can print its own parts, including updates, says Olliver, who is one of the core members of the RepRap team.

The 3D printer works by building components up in layers of plastic, mainly polylactic acid (PLA), which is a bio-degradable polymer made from lactic acid. The technology already exists, but commercial machines are very expensive. They also can’t copy themselves, and they can’t be manipulated by users, says Olliver.

RepRap has a different idea. The team, which is spread over New Zealand, the UK and the US, develops and gives away the designs for its much cheaper machine, which also has self-copying capabilities. It wants to make the machine available to anybody — including small communities in the developing world, as well as people in the developed world, says Olliver.

Accordingly, the RepRap machine is distributed, at no cost, under the GNU (General Public Licence).

RepRap’s open-source project aims to keep on improving the machine. “So it can do what people want it to do”, says Olliver. Improvements will go back to users and, in this way, the machine as a whole evolves, he says. The idea of evolution is important, he adds. The device Olliver is creating now will probably bear very little resemblance to the device that will appear on everybody’s desks in the future, he says.

“We want to make sure that everything is open, not just the design and the software you control it with, but the entire tool-chain, from the ground up,” he says.

Olliver works for Catalyst IT, a Wellington-based open-source business system provider. He is fortunate enough to get “Google-time” from the company, which means he is allowed to work on his own research projects one day a week — just like employees at Google. This has led to considerable developments in the RepRap project in the last six months, his says.

New features include, for example, heads that can be changed for different kinds of plastic. A head that deposits low melting-point metal is in development, he says. The metal melts at a lower temperature than that at which plastic melts, which means the metal can be put inside plastic, says Olliver. “That means, in theory, we could build structures like motors.”

RepRap also allows people to build circuits in 3D, as well as various shapes, with the result that objects, such as a cell phone, don’t have to be flat, he says.

There are at least seven copies of the RepRap machine in the world that Olliver knows about. The 3D printer also allows for a new and fascinating way of communicating: Olliver can design something at home in New Zealand, which then appears on another researcher’s desk, in Bath, in the UK, or the other way around.

At the moment, the RepRap uses two different kinds of plastic — PLA, a relatively rigid plastic, which is ideal for making objects such as corner brackets; and a more flexible plastic for making, for example, iPod cases, he says.

But having the machine copy itself is the most useful thing the team can make it do, and that is the primary goal of the project, says Olliver. However, it can also be used to make other things, such as wine glasses — definitely water-tight, he adds — and plastic parts for machines. When Computerworld talked to him, Olliver had just printed out a small part to fix his blender.

“We know that people are going to use the printer to try to make weapons [and] sex toys and drug paraphernalia,” he says. “This is obviously not what we’re hoping they are going to build. We are hoping they are going to build more and better RepRaps.”

Katie Couric May Leave CBS News, Report Says

The Wall Street Journal, citing unnamed CBS News executives and people close to Katie Couric, said Wednesday she could leave her job as anchor of the low-rated CBS Evening News well before her contract expires in 2011.

CBS and Couric both issued statements downplaying the Journal story while stopping short of an outright denial.

The report comes as CBS continues to lag in third place in the network news ratings, far behind behind NBC and ABC, 19 months after Couric's much ballyhooed debut as the first woman solo anchor of a major U.S. evening newscast — for a salary reportedly worth $15 million a year.

Couric, 51, who gained celebrity status during 15 years as co-host of America's top-rated morning show, NBC's Today, may leave CBS as early as next January, soon after the U.S. presidential inauguration, the Journal said in its online edition.

Her five-year contract is set to expire in 2011, the newspaper said, adding that it was possible Couric could survive in her job if a major news event lifted her viewership or some other shift occurred at CBS.

CBS and Couric said they have no plans to alter the evening newscast.

"We are very proud of the CBS Evening News particularly our political coverage, and we have no plans for any changes regarding Katie or the broadcast," the network said in a statement.

A separate statement attributed to Couric said: "I am working hard and having fun. My colleagues continue to impress me with their commitment to the newscast, and I am very proud of the show we put on every day."

Despite the heavy promotion of Couric's hiring and the huge amount of media attention it garnered, CBS has made little headway in its bid for supremacy among the Big Three network newscasts.

For the week ended March 31, the CBS Evening News averaged 5.9 million viewers, compared to 8.3 million for NBC's Nightly News with Brian Williams and 8 million for ABC's World News with Charles Gibson, according to Nielsen Media Research.

At stake in the competition is roughly $450 million in annual advertising revenue.

Following an initial boost in her ratings, Couric's nightly audience has generally lagged well behind that of her immediate predecessor, Bob Schieffer.

He had taken over as host on a temporary basis after veteran anchor Dan Rather, Walter Cronkite's successor, stepped down in the aftermath of his discredited 60 Minutes report on the military service record of George W. Bush.

In the marketing blitz for Couric's CBS debut, the network sought to promote her as a more "accessible" journalist who also possessed the experience to carry its flagship newscast. But after trying various format changes to accentuate Couric's more casual style, the network has returned to a more traditional presentation.

The Wall Street Journal suggested Couric's next job might be to succeed veteran TV interviewer Larry King at CNN, who is 74 and whose contract with his network expires next year.

MySong: Automatic Accompaniment for Vocal Melodies
Ian Simon, Dan Morris, Sumit Basu

Like to Write Music?

Most folks never get a chance to answer this question, since writing music takes years of experience... if you don't play an instrument or spend lots of time around music, you'll probably never get to write a song.

MySong, introduced in our CHI 2008 paper, automatically chooses chords to accompany a vocal melody, allowing a user with no musical training to rapidly create accompanied music. MySong is a creative tool for folks who like to sing but would never get a chance to experiment with creating real original music. Come on, you know who you are... you sing in the car, or in the shower, or you go to karaoke clubs, or you just once in a while find yourself singing along with catchy commercial jingles. MySong is also a great tool for songwriters who want to quickly experiment with melodies and accompaniments.

Our CHI 2008 paper: [ pdf ]

Our CHI 2008 video: [ .mov (30MB) ] [ .wmv (30MB) ]

© ACM, 2008. This is the author's version of the work. It is posted here by permission of ACM for your personal use. Not for redistribution. The definitive version was published in CHI 2008.

And just a quick word on what MySong isn't, particularly in response to the various forum posters who are (appropriately) very suspicious of anyone who thinks songwriting can be automated. MySong does not automate songwriting. No one will ever write, record, and produce a top-40 hit with any version of MySong. What MySong does do is give many folks who would never even taste songwriting a great opportunity to just get a glimpse of music creation. Is the output from MySong ready for radio? No. But is it more than good enough, when coupled with a style-based arrangement tool (i.e. when not using just the simple piano part you hear in our video) to give someone a feeling that they've created something musical for the first time? Absolutely. Is it more than good enough to make a cute birthday song for Mom or a Valentine's Day song for your significant other, even if you don't play an instrument? Absolutely.

Furthermore, for songwriters, is MySong going to replace the craft of songwriting? Never. Could it be a super-useful scratchpad for exploring new melodies and ideas? Definitely. If you're a songwriter, you've probably had the experience of coming up with a melody and finding the nearest object with a “record” button on it just to get your idea down. Imagine that first quick experience also letting you explore some chords and styles... lots of songwriters have told us they'd love to have that! Then of course you'd work with other tools, other people, instruments, etc. to really develop a song, but this could be a great tool that lets you play with new melodies in places where you couldn't before (on the go, on the bus, in the airport, etc.).

Now before we get to all the detailed examples and results, let's finally hit you with a typical audio example of something created with MySong. Here a singer just sang into MySong, twiddled some sliders, and pressed “play”; we also show you the results we get when we take our chords and fire them through Band-in-a-Box, a style-based arrangement tool that takes chords as input.

As part of the evaluation presented in our CHI 2008 paper, we had 13 non-musically-trained participants come into our lab to try out MySong. They got a 5-minute tutorial on the system, then had 10 minutes per song to play with it. Since we figured participants would be sufficiently uncomfortable singing in a stranger's office, we didn't ask people to work with new melodies; instead, we had them bring in a few of their favorite pop songs. However, we stress that from MySong's perspective, these were completely new songs.

In the following table, the files linked in the first column of audio contain melodies performed by participants in our evaluation. The files linked in the second column of audio contain accompanied versions of those melodies, created with MySong's chord-generation algorithm and MySong's simple piano pattern. The files linked in the third column of audio contain the same chords - generated with MySong - fed through Band-in-a-Box, a commercial software package that assembles pre-recorded sequences of instrmental "styles" to generate audio for a set of chords. MySong is able to automated Band-in-a-Box for final audio rendering. We show this to give you a complete picture of what users can create with MySong.

These accompaniments were created using MySong in less than ten minutes by participants who had absolutely no familiarity with chords or harmony. All participants featured on this page consented to the release of these recordings. For copyright reasons, this information is reproduced at the end of each audio file. For the same copyright reasons, we can only show you a small handful of the recordings that were made. Contact us if you'd like to hear more; also check out our video (above), and the results from our other evaluation (which used non-copyrighted songs) (below).

In the following table, we present examples from the comparative-rating study described in our paper. Here we had experts create accompaniments - in five minutes or less - for a large number of melodies, using (a) MySong, (b) whatever tools a musician would normally use to accompany a melody (instruments), and (c) a commercial sytem that creates accompaniments for instrumental (not vocal) melodies (to show the value of our vocal-specific innovations). The songs we present here were selected solely based on copyright permissions and not on the quality of the generated accompaniments.

Each selection is presented as an isolated vocal recording in left-most column. The next three columns present, for each melody, the vocal audio along with accompaniments prepared using three systems for selecting chords: (1) MySong (the system presented in our paper) (2) manual assignment by musicians, and (3) Band-in-a-Box1 (a state-of-the-art system for accompanying instrumental melodies). Note that these systems were used only for selecting chords; the selected chords were rendered to piano accompaniments using an identical system for each condition.

The number below each icon is the mean of the subjective scores assigned to the corresponding accompaniment. Scores were assigned independently by 30 musicians.

1 Band-in-a-Box (BIAB) is, to our knowledge, the only commercially-available system for generating chord sequences from melodies. BIAB is primarily a system for generating accompaniment audio from chords, but includes a module for determining chords from a melody. The BIAB system represents the state of the art in determining chords from a musical melody, but was not designed for vocal input, which cannot yet be reliably and automatically converted to a "clean" musical melody. We therefore are not evaluating the quality of BIAB's chord selection mechanism per se; rather, we use this comparison to highlight the importance of designing a chord-selection system specifically for vocal audio. In fact, BIAB does a great job generating chords for instrumental melodies. Our evaluation should thus not be used to judge the quality of this component of BIAB.

Concert Industry Is Banking on a Festive Summer
Jeff Leeds

Rock fans across the country who can brave the heat will have ample opportunities to see acts like Jack Johnson, Radiohead, Nine Inch Nails and the Raconteurs take the stage in an array of unconventional settings as part of the concert industry’s increasing wager on summer music festivals.

Faced with an audience that has been atomized by the dizzying music choices available online, concert promoters are straining to book diverse shows in whatever open space is available, be it a ranch in Michigan, a soccer field in Colorado or a racetrack in Maryland.

In a slumping music business such events pack a box office punch: the top five American festivals generated a combined $60 million in ticket sales last year, according to Billboard magazine’s estimates.

At least four new festivals will make their debuts this summer, raising the total to more than a dozen. Various concert promoters are already warning of the dangers of oversaturation, and point to the clutch of stars headlining multiple festivals.

The most extreme case: Jack Johnson, the laid-back singer-songwriter who has released the top-selling album of the year so far, is booked for at least five festivals, including two on the second weekend in August: the inaugural All Points West event in Jersey City and the Virgin Mobile Festival in Baltimore.

The risk of overlapping talent lineups means that each promoter must try to suffuse his event with a distinct flair. In Michigan, where organizers of the first Rothbury festival (July 3 to 6) have booked the Dave Matthews Band, John Mayer and Snoop Dogg, fans can attend yoga sessions or sit in on a discussion of energy independence with a Stanford professor.

But there is no guarantee that all the events will survive. Promoters of a planned festival in Vineland, N.J., canceled it to avoid direct competition with All Points West. Sales at some of the new events have been uneven, promoters say. The Mile High Music Festival in Denver (July 19 and 20), featuring the Dave Matthews Band and John Mayer, is regarded as a breakout hit; the outlook for All Points West, featuring Radiohead for two nights and Mr. Johnson on the third, is more uncertain, based on early ticket sales.

The established festivals do not appear to be suffering much. Lollapalooza, which was reimagined as a two-day festival in the lakeside Grant Park in Chicago in 2005 after sputtering as a touring attraction, is seen as an especially strong draw this year (Aug. 1 to 3), with Radiohead, Nine Inch Nails, Rage Against the Machine and Kanye West among the acts.

Charlie Walker, a partner in C3 Presents, Lollapalooza’s promoter, said sales were roughly 15 percent ahead of last year, with three-day tickets selling for $175 to $205.

“It’s a big marketplace,” he said. “We’ve got a little ways to go before we see any saturation.”

The Coachella Valley Music and Arts Festival, which began in 1999 at a polo field in the desert two hours from Los Angeles, stunned fans this week by adding Prince to a lineup that had been branded as underwhelming. (The event’s previously announced headliners included Roger Waters, Portishead and Mr. Johnson). Organizers of the festival, which runs from April 25 to 27 and customarily draws as many as 60,000 people a day, said before the Prince announcement that they were not concerned that it had not yet sold out. Last year’s edition sold out in February, mainly because of its booking of a reunited Rage Against the Machine, an event that Coachella’s promoter, Paul Tollett, called “an anomaly.”

All the festivals, however, are coping with another X factor: whether the faltering economy will dampen ticket sales. That has not stopped organizers from trying to woo well-heeled fans and corporate clients. Lollapalooza offers private cabanas, with an all-day buffet, for $25,000 and up for parties of 20 or more. Bonnaroo, held on several hundred acres of Tennessee farmland, where fans camp for the weekend (June 12 to 15), is marketing V.I.P. passes, which include access to a private prefestival party and special restroom and shower facilities, for $1,169.50 per pair. (Scheduled bands include Pearl Jam and Metallica.)

In general, rock festivals have built their reputations by offering fans the chance to pack months of club crawling into one weekend and discover new favorites. But some talent managers caution against the idea that emerging acts can build their names through playing the full complement of festivals, where artist sets are sometimes abbreviated, and fans can be distracted.

Mike Martinovich, who manages the rock group My Morning Jacket, said the band had agreed to play the two most established festivals, Coachella and Bonnaroo, and turned down other offers to keep from seeming like too much of a commodity. “Doing a whole tour of festivals would be disastrous,” he said.

And some promoters worry that similar talent lineups will limit the festivals’ collective appeal. Mr. Tollett said the fear was “that it could become homogenized, and everyone have the same bill and the same sort of feel at the festival.”

“If every one of them is just a McFranchise,” he added, “there’s a specialness that’ll be lost.”

Does Streaming Lift Music Sales?
Greg Sandoval

Free streaming music turns people on to new music and encourages them to buy, says social-networking site Last.fm. In the music industry, this will not come as a huge revelation.

Last.fm, acquired by CBS last May, announced Wednesday that since the company launched its on-demand streaming service two months ago, CD and download sales through its partnership with Amazon.com have more than doubled.

So what does that mean?

Music discovery continues to be one of digital music's greatest vulnerabilities. Nobody has come up with a sure or simple way to help people wade through the millions of tracks available on the Web. Last.fm's numbers seem to confirm long-held beliefs of many that enabling people to sample full-length tracks is one way to spur demand.

So Last.fm can take pride in knowing it was early to an offering that some music fans might find useful--albeit one that isn't exclusive to Last.fm.

Indeed, when it comes to allowing users to test drive music before they buy, Last.fm is definitely in the back seat. Imeem offers unlimited plays while London-based Last.fm only allows a user to listen to an individual song three times.

In addition, MySpace.com is preparing to launch its own streaming service that will offer unlimited plays.

Christian Ward, a Last.fm spokesman, said the company is talking to the labels about rolling back some of the restrictions, presumably the three-play rule.

"We wanted to see how this service works first," Ward said. "(The spike in sales) will encourage more discussion about pushing those limits back."

Ward added that his company isn't worried much about competitors. He said what separates Last.fm from the others is its music-discovery engine that can suggest songs based on what a user has listened to in the past.

"Offering free access to music is one thing but finding your way through all that is another," Ward said. "Music discovery is a lot easier on Last.fm."

Mariah Carey Surpasses Elvis With New #1 Single

Mariah Carey has made history with her latest single "Touch My Body." Carey toppled Elvis Presley's 50+ year Billboard Hot 100 record by achieving the 18th #1 single of her career. Presley had held the #2 spot with 17 #1 singles since Billboard's inception of the Hot 100 in 1958. Mariah is now well on pace to surpass the current record holders, The Beatles, who have 20 #1 hit songs.

"Touch My Body" had a record-setting debut sales week of 286,000 downloads on the Billboard digital hot songs chart, and reached a Hot 100 Airplay radio audience of over 115 million. All the attention is sure to pave the way for impressive sales of her new album E=MC², which hits stores April 15. Fans who currently pre-order the album on iTunes will instantly receive a copy of "Touch My Body."

Mariah is scheduled for two American Idol appearances this month (April 9 and 16) as well as a visit on the all mighty Oprah show on April 14.

E=MC² is Mariah's 11th studio album and was executive produced by the singer and Island Def Jam Chairman Antonio "LA" Reid. Guest producers include Jermaine Dupri, DJ Toomp, Stargate, will.i.am, Bryan Michael Cox, Nate "Danjahandz" Hills and James Poyser.

Music Social Networking Site Imeem Buys Snocap

Music social networking Web site operator imeem Inc. said Monday it has agreed to acquire Snocap Inc., the digital content tracking company founded by Napster creator Shawn Fanning.

San Francisco-based Imeem did not disclose financial terms of the deal.

Snocap developed a digital fingerprinting technology that checks media files uploaded to a Web site against a registry of copyrighted works to determine if a song has been cleared for playback in its entirety online.

It also tracks payments to record labels and artists whose music is streamed on sites like imeem.

In addition, Snocap powers technology that lets users of News Corp.'s MySpace sell downloads of original music directly through their MySpace Web pages.

Snocap's technology for buying music downloads on MySpace will continue to be operated by imeem.

Fanning, who created the Napster online file-sharing service as a college student, founded Snocap in 2002.

He was a member of the board of directors but had not been active in the company in recent years.

In October, the San Francisco-based company cut its work force by nearly half so it could focus on selling itself.

Facebook to Settle Thorny Lawsuit Over Its Origins
Brad Stone

Facebook is close to putting an uncomfortable and embarrassing legal episode behind it.

A person briefed on the status of dueling lawsuits between Facebook and the competing site ConnectU said on Sunday that Facebook was finalizing a settlement with the founders of ConnectU — brothers Cameron and Tyler Winklevoss and their colleague, Divya Narendra.

The ConnectU founders were accusing Mark Zuckerberg and the original crew behind Facebook of pilfering their profitable idea back in 2003, when they were all Harvard students. Facebook had filed a countersuit, accusing ConnectU of unfair business practices.

Terms of the settlement were not disclosed. In the meantime, all motions in the case against ConnectU have been terminated.

ConnectU did not immediately respond to an e-mail message requesting comment. A California federal judge had ordered the parties into mediation last year.

The ConnectU founders asserted that they hired Mr. Zuckerberg, then a sophomore at Harvard, in 2003 to help create a campus-wide dating site called Harvard Connection. They say that he stalled on the project for months while nurturing his own idea and ultimately starting TheFacebook.com. The case cast doubts on Mr. Zuckerberg’s ingenuity, and discovery efforts turned up some embarrassing material — like his diary. Facebook clearly needed to make the suit go away before a widely expected initial public offering that could come as early as next year.

A Facebook spokeswoman said the company would not comment on legal matters. But the person briefed on the status of the negotiations said motions to dismiss the cases were expected to be filed “within weeks.”

Is Content Worthless?
Jonathan Handel

"Content is king," many people believe, meaning that films, television shows, music, news and information are more profitable assets than the technology used to deliver them. But there's an older, cautionary aphorism that applies as well: "Uneasy lies the head that wears the crown." Content may be king, but, ironically, its perceived value today is being driven towards zero. In the eyes of consumers, content is becoming a commodity -- more a commoner than a king.

Everyone focuses on piracy, but there actually six related reasons for the devaluation of content. The first is supply and demand. Demand -- the number of consumers and their available leisure time - is relatively constant, but supply -- online content -- has grown enormously in the last decade. Some of this is professional content set free from boundaries of time and space, now available worldwide, anytime, and usually at no cost (whether legally or not). Even more is user generated content (UGC) -- websites, blogs, YouTube videos -- created by non-professionals who don't care whether they get paid, and who themselves pay little or nothing to create and distribute it.

The second is the loss of physical form. It just seems natural to value a physical thing more highly than something intangible. Physical objects have been with us since the beginning of time; distributable intangible content has not. Perhaps for that reason, we tend to focus on per-unit costs (zero for an intangible such as a movie download), while forgetting about fixed costs (such as the cost of making the movie in the first place). Also, and critically, if you steal something tangible, you deny it to the owner; a purloined DVD is no longer available to the merchant, for instance. But if you misappropriate an intangible, it's still there for others to use. That's why, even before the Internet, sneaking into movie theaters -- stealing the right to view a movie -- seemed a mere rite of passage, whereas shoplifting a video did not.

The third reason is that acquiring content is increasingly frictionless. It's often easier, particularly for young people, to access content on the Internet than through traditional means. When it's easier to get something -- when transaction costs decline -- the thing costs less and loses value.

Fourth is that most new media business models are ad-supported rather than pay per view or subscription. If there's no cost to the user, why should consumers see the content as valuable, and if some content is free, why not all of it? True, ads impose a cost in the form of user attention, but many online ads are easily ignored, and, today, even television advertisements can be skipped using TiVo.

Fifth is market forces in the technology industry. Computers, web services, and consumer electronic devices are more valuable when more content is available. In turn, these products make content more usable by providing new distribution channels. Traditional media companies are slow to adopt these new technologies, for fear of cannibalizing revenue from existing channels and offending powerful distribution partners. In contrast, non-professionals, long denied access to distribution, rush to use the new technologies, as do pirates of professional content. As a result, technological innovation reduces the market share of paid professional content.

Finally, there's culture. A generation of users has grown up indifferent or hostile to copyright, particularly in music, movies and software. The reasons for this vary, but in music, for instance, some blame lies at the feet of the music labels, which maintained unrealistically high CD prices and attempted to sue piracy out of existence. Only now, almost ten years after Napster, are the labels offering the non-copy protected MP3's that consumers demand.

All these developments have led to a migration away from paid media. Why buy music when there's so much free music available, albeit much of it pirated? Buy a movie or watch TV on a conventional set? No need, when YouTube and BitTorrent make videos, and pirated movies and TV, free for the asking. Subscribe to a newspaper or magazine? Don't bother; most are free online, and there are literally millions of other sources for news, ranging from blogs like the Huffington Post to user generated content. (Full disclosure: I'm a blogger, which makes me part of the problem.) The TV news? Also becoming irrelevant. And books, magazines and journals? So much information is available online that whole categories of publications seem less important.

It's true that people still consume media the old-fashioned way -- but fewer and fewer do so every day. Most of the content industries are seeing flat or declining revenues and audiences. And these trends are particularly notable among younger people. As a result, the music industry is a shambles; the film and television businesses are running scared; and newspapers are disappearing or instituting cutbacks and layoffs. The handwriting is on the wall, or the laptop screen.

User generated content is often a poor substitute for professional content or traditional media. But that's little comfort. Alternate goods don't have to be perfect substitutes in order to acquire market share at the expense of the competition. And, yes, in some cases, new media make money for creators and companies - but the money's much less than it used to be. As NBC Universal's Jeff Zucker lamented, the content industries are being forced to "trade today's analog dollars for digital pennies."

Another effect is that the market for professional content is becoming more concentrated and less diverse. Thus, at least in some media, audiences are shifting more of their spending to hit properties -- the most popular movies and books, for instance -- to the detriment of specialized content such as art house films and mid-list titles. Similarly, in a trend that predates the Internet but continues today, media businesses are consolidating and becoming conglomerates, as individual companies find it harder and harder to compete.

Some commentators welcome these changes. "Information wants to be free," they say, and more content is good for users. Persuasively, they point to the variety of viewpoints that new technologies bring. That development is indeed valuable -- very much so, in a democracy premised on freedom of speech. But when everyone's a creator, there's less room for high-quality professional content. It's a dilemma with no easy answers. The future of traditional media is murky, but one thing is clear: disruptive change will be with us for many years to come.

In Princeton, an Offline Haven for Music Shoppers Thrives
Peter Applebome

For better or worse, it’s all here.

The used CD of Bruce Springsteen’s “The Rising” already marked down to $1.99 and the five-LP set of Wagner’s “Lohengrin” for $5. That beloved dub (a more heavily produced version of reggae, if that helps) CD by Sly and Robbie and the ancient Big Mama Thornton album with the quietly eloquent title, “Jail.”

There’s plenty of contemporary rap, metal, Goth and hip-hop; DVDs, laser discs, computer games and Blu-rays. But the main appeal of the Princeton Record Exchange is vinyl for all conceivable tastes and then some. The original 3-D album cover of the Stones’ “Their Satanic Majesties Request.” “Cha Cha with Tito Puente at Grossinger’s.” “Brigitte Bardot Sings.” “Hi-Fi Zither.” “The Supremes Sing Rodgers and Hart.”

You can find the Crests, the Clovers, the Aquatones and all the rest somewhere in the 150,000 or so titles scattered around the atmospheric time capsule that Barry Weisfeld started in 1980.

Which makes one wonder, given the supposed broadband pace of change and cultural extinction, what to make of the grungy bustle of Mr. Weisfeld’s place. Of course, we’re more likely to honor things when they’re long past their prime — witness Bob Dylan’s honorary Pulitzer Prize this week, and Martin Scorsese’s homage to the Stones, “Shine a Light.” Still, the lesson of Mr. Weisfeld’s store seems to be that if you’re going to be a dinosaur, be a serious dinosaur.

“A lot of people who come here are obsessed,” said Mr. Weisfeld, a resolutely low-tech guy wearing an incongruous orange Yahoo! cap. “I’ll give you an example. One year, we got a very bizarre collection, world music, international music, whatever you call it, very unusual stuff. We let our customers know, and we sold 500 of the 1,000 in three days. They’re not people looking for Michael Jackson’s ‘Thriller’ or something by Billy Joel.”

The Princeton Record Exchange isn’t the last of the hard-core independents, but it’s definitely part of a dwindling breed. Mr. Weisfeld, 54, got his start, after graduating from the University of Hartford in 1975, on the road, selling LPs at 27 campuses, from Dartmouth College in New Hampshire south to American University in Washington. He slept in his Chevy van and showered at the school gyms before they had morphed into high-security, high-end health emporiums.

He knew he could do that for only so long. He almost opened a shop in Hicksville, on Long Island, then picked Princeton, figuring it was halfway between New York and Philadelphia, had a downtown that people walked around and plenty of students, his prime clientele. Princeton students today are more likely to download music than riffle through stacks of it at a store, and the main drag of Nassau Street these days is filled mostly with pricey boutiques and cafes and upscale chains like Panera Bread and Ralph Lauren, not funky alternative music or bookstores.

But over the years, the Princeton Record Exchange gained a following of local customers and obsessives from near and far — Gene, who plays for a symphony orchestra in Ohio and drives over every few months; Ralph, who owns about 20,000 classical vocal records and takes the train from New Haven once a month. The customers the other night were a varied lot: Chris Roff, a very serious 12-year-old who likes everything but country; Molly Levine and Jessica Hundley, 20-somethings who were friends from high school and looking for modern rock; Chris Gibson, a 43-year-old pharmaceutical salesman from Pittsburgh whose shopping cart was populated by Bill Evans, Warren Zevon and Steely Dan.

Amazingly, the current, appealingly ratty, location, situated just off Nassau on South Tulane Street and decorated in early-dorm room with dorky posters, wood-plank ceiling, gray linoleum and an emaciated gray carpet, is considered a huge improvement from earlier days. That’s also said to be true for the behavior of Mr. Weisfeld’s 20 employees, who pride themselves, like the characters in Nick Hornby’s novel “High Fidelity,” on having way too much knowledge of useless musical trivia. “They don’t roll their eyes anymore,” said Matthew Hersh, 31, a Princeton native and longtime shopper. “They used to be holier than thou. They might still be, but they don’t show it as much.”

In fact, “High Fidelity,” which was made into a movie starring John Cusack, is sort of PREX’s evil twin and bête noire, the obvious reference point for a place full of obscure music, peopled by a virtually all-male staff of music wonks who can debate the fine points of the Lehigh Valley punk scene. But Jon Lambert, the general manager, says the comparison goes only so far. “That store was always empty,” he noted. “How did it stay in business? You can’t really keep a place like this going if people spend all their time sitting around making lists of their 10 favorite ’60s records about doughnuts and dogs.”

Mr. Lambert said he wondered for years when the bottom would fall out and the store would finally be washed away by the wonders of the digital age. But last year, Mr. Weisfeld signed a new 10-year lease. Mr. Lambert figures that in the end, people may like downloads, but they also like to browse, appreciate something tangible, like the weird cult-like atmospherics of a store full of like-minded obsessives. Lots of things change, but not everything does.

“It’s a cold, sterile world on the Internet, and people get an experience here you can’t get online,” he said. “If there are five stores left standing, I think we can be one of them.”

Until next week,

- js.

Current Week In Review

Recent WiRs -

April 5th, March 29th, March 22nd, March 15th, March 8th, March 1st

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments or questions in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.

"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - May 19th, '07 JackSpratts Peer to Peer 1 16-05-07 09:58 AM
Peer-To-Peer News - The Week In Review - April 14th, '07 JackSpratts Peer to Peer 1 11-04-07 11:26 AM
Peer-To-Peer News - The Week In Review - December 9th, '06 JackSpratts Peer to Peer 5 09-12-06 03:01 PM
Peer-To-Peer News - The Week In Review - September 16th, '06 JackSpratts Peer to Peer 2 14-09-06 09:25 PM
Peer-To-Peer News - The Week In Review - July 22nd, '06 JackSpratts Peer to Peer 1 20-07-06 03:03 PM

All times are GMT -6. The time now is 11:14 PM.

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2022, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2021