P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 02-07-14, 07:16 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - July 5th, '14

Since 2002


































"These documents show both the potential scope of the government’s surveillance activities and the exceedingly modest role the court plays in overseeing them." – Jameel Jaffer


"We have decided to pause our operations." – Chet Kanojia, Aereo






































July 5th, 2014




140 U.S. Internet Providers Disconnect Persistent File-Sharers
Ernesto

Rightscorp, a prominent piracy monitoring firm that works with Warner Bros. and other copyright holders, claims that 140 U.S. ISPs are actively disconnecting repeat copyright infringers. While these numbers sound rather impressive, there's a lot more to the story.

For more than a decade copyright holders have been sending ISPs takedown notices to alert account holders that their connections are being used to share copyrighted material.

These notices are traditionally nothing more than a warning, hoping to scare file-sharers into giving up their habit. However, anti-piracy outfit Rightscorp has been very active in trying to make the consequences more serious.

The company monitors BitTorrent networks for people who download titles owned by the copyright holders they work for, and then approaches these alleged pirates via their Internet providers. The ISPs are asked to forward Rightscorp’s settlement demands to the alleged infringer, which is usually around $20 per shared file.

The settlement approach is a bigger stick than the standard warnings and according to Rightscorp it’s superior to the six-strikes scheme. And there’s more. The company also wants Internet providers to disconnect subscribers whose accounts are repeatedly found sharing copyrighted works.

Christopher Sabec, CEO of Rightscorp, says that they have been in talks with various Internet providers urging them to step up their game. Thus far a total of 140 ISPs are indeed following this disconnection principle.

“We push ISPs to suspend accounts of repeat copyright infringers and we currently have over 140 ISPs that are participating in our program, including suspending the accounts of repeat infringers,” Sabec says.

During a presentation at the Anti-Piracy Summit in Los Angeles Rightscorp recently pitched this disconnection angle to several interested parties.

By introducing disconnections Rightcorp hopes to claim more settlements to increase the company’s revenue stream. They offer participating ISPs a tool to keep track of the number of warnings each customer receives, and the providers are encouraged to reconnect the subscribers if the outstanding bills have been paid.

“All US ISPs have a free Rightscorp website dashboard that identifies these repeat infringers and notifies the ISPs when they have settled their cases with our clients. We encourage the ISPs to restore service once the matter has been settled and there is no longer an outstanding legal liability,” Sabec told TorrentFreak.

Cutting off repeat infringers is also in the best interests of ISPs according to Rightscorp, who note that it is a requirement for all providers if they are to maintain their DMCA safe harbor.

Rightscorp is indeed correct in stating that Internet providers have to act against repeat infringers. The DMCA requires ISPs to “… adopt and reasonably implement a policy that provides for the termination in appropriate circumstances of subscribers and account holders of the service provider’s system or network who are repeat infringers.”

However, legal experts and Internet providers interpret the term “repeat infringer” differently.

For example, AT&T previously said that it would never terminate accounts of customers without a court order, arguing that only a court can decide what constitutes a repeat infringement. Comcast on the other hand, previously told us that they are disconnecting repeat infringers, although it’s not clear after how many warnings that is.

Nevertheless, Rightscorp claims that their approach has been a great success and proudly reports that 140 ISPs are actively disconnecting subscribers. So does this mean that all U.S. Internet subscribers are at risk of receiving a settlement request or losing their Internet access?

Well, not really.

Most of the larger Internet providers appear to ignore Rightscorp’s settlement notices. Comcast, for example, does forward the notice but takes out the settlement offer. Verizon, AT&T and other major ISPs appear to do the same. Thus far, Charter seems to be the only major provider that forwards Rightscorp’s requests in full.

The 140 ISPs Rightscorp is referring to are mostly smaller, often local ISPs, who together hold a tiny market share. Not insignificant perhaps, but it’s a nuance worth adding.
http://torrentfreak.com/140-u-s-inte...irates-140705/





Stung by Supreme Court, Aereo Suspends Service
Emily Steel

Aereo, the start-up firm that threatened to upend the television industry, has hit the pause button.

Three days after the Supreme Court ruled that Aereo had violated copyright laws by capturing broadcast signals on miniature antennas and transmitting them to subscribers for a fee, the company suspended its service.

“We have decided to pause our operations temporarily as we consult with the court and map out our next steps,” Chet Kanojia, Aereo’s chief executive, said in a letter to customers sent on Saturday morning under the heading “Standing Together for Innovation, Progress and Technology.”

Aereo said that the service would not be available after 11:30 a.m. on Saturday and that it would give users a refund for their last paid month. The company had fewer than 500,000 subscribers in about a dozen metropolitan areas.

Customers paid $8 to $12 a month to rent one of Aereo’s dime-size antennas that captured over-the-air television signals. They then could stream and record programs from major broadcasters using their mobile phones, tablets, laptops and Internet-connected televisions.

In a 6-to-3 decision issued on Wednesday, the Supreme Court sided with broadcasters in a case that was closely watched by the media and technology industries. The ruling comes as the foundation of the media business undergoes vast change reflecting a rush of new technologies and a rising number of consumers who are abandoning traditional pay-television subscriptions.

Aereo challenged the economics of the television business. Broadcasters worried that had the start-up triumphed, it would have threatened the billions of dollars they received from cable and satellite companies in retransmission fees.

Broadcasters argued that Aereo’s business model violated copyright laws and was a high-tech way to steal their programs. Aereo countered that its service was a digital-age solution for watching free over-the-air broadcasting.

The case was sent back to a lower court. Analysts and legal experts said it would be nearly impossible for Aereo to continue with its current business model.

Before the decision, Aereo, which was founded in 2012, said that it had “no Plan B” if it lost in court.

But on Saturday, Mr. Kanojia said Aereo’s journey was “far from done.” A spokeswoman underscored that the company was not shutting down, merely temporarily stopping its service.

“The spectrum that the broadcasters use to transmit over-the-air programming belongs to the American public, and we believe you should have a right to access that live programming whether your antenna sits on the roof of your home, on top of your television or in the cloud,” Mr. Kanojia said in his letter to Aereo users.

Mr. Kanojia quoted Charles F. Kettering, an American engineer whose inventions were essential to the creation of the modern automobile: “The world hates change, yet it is the only thing that has brought progress.”
http://www.nytimes.com/2014/06/29/bu...s-service.html





After Supreme Court Ruling, Aereo’s Rivals in TV Streaming Seize Opening
Emily Steel

Mark Ely saw an opportunity, and he took it.

The day after the Supreme Court ruled against Aereo in a copyright case brought by the nation’s major broadcasters, Mr. Ely was trying to scoop up Aereo customers by promoting his start-up, Simple.TV, on social media. “Former Aereo customer? Join the Simple.TV Family,” the company wrote on Twitter on Thursday.

“We’re telling Aereo customers: ‘Your favorite service is going away. Here’s an idea that isn’t,’ ” Mr. Ely, who started his company in 2011, said in an interview.

The television establishment still has much to worry about after its Supreme Court victory on Wednesday over Aereo, the digital start-up that had threatened to upend the economics of the media business.

“Television is a castle filled with money,” said Rishad Tobaccowala, chief strategy and innovation officer at Vivaki, the Publicis Groupe’s digital marketing unit. “People are trying to get into that castle and take some money.”

But while the court’s decision broadens the moat, traditional broadcasters still must find ways to defend themselves against an array of companies like Mr. Ely’s that want to give viewers an alternative to the their model.

Eager for a piece of the $167 billion American television market, dozens of companies are offering options for the growing number of viewers known as cord cutters, who are canceling their traditional pay-television subscriptions. The providers range from Hulu, which the broadcasters own, to bigger services like Amazon, Google and Netflix, all of which offer cheaper streaming alternatives.

Other companies, including Roku, Sling Media, TiVo, Simple.TV and Mohu, sell hardware that allows viewers to stream television to digital devices or watch web video on television sets. And Aereo may yet stick around; the company said on Saturday that it would pause its service temporarily as it sorted out its options but that its journey was “far from done.”

“I don’t think you are going to find a silver bullet to disrupt the broadcast industry,” said Kenneth Lerer, a venture capitalist who has invested in a series of digital media start-ups. “I think you are going to find a lot of little bullets. Aereo was hoping it was a silver bullet.”

Aereo and its two-year legal battle with broadcasters overshadowed the efforts of several other start-ups that offer ways to watch free over-the-air television on cellphones, tablets, laptops and Internet-connected televisions.

Those companies paid tribute to Aereo, saying it helped advance the notion that there are ways to watch TV without paying expensive cable bills. But they are now trying to grab the spotlight after the Supreme Court ruled that Aereo had violated copyright laws by capturing broadcast signals on tiny antennas stored in warehouses and transmitting them to paying subscribers.

Mr. Ely started Simple.TV, based in Tiburon, Calif., months before Aereo made its debut in 2012. A former president of Sonic Solutions, a computer software firm, Mr. Ely noticed how a growing number of people were watching television shows and movies over the Internet but did not have access to live television programming like news and sports. His idea was to sell consumers a “private TV server” that plugged into an antenna, a hard drive and a router.

With Aereo, subscribers paid $8 to $12 a month to rent a dime-size antenna stored in a warehouse. Users could then stream near-live television and record programs from major broadcasters.

With Simple.TV, people buy their own antenna and the $199 Simple.TV box. Users can record programs on a hard drive that they connect to the device. The company also sells a premium service that provides features like automatic recording and remote access from almost anywhere in the world.

Mohu, a start-up based in Raleigh, N.C., also hopes to grow after the Supreme Court’s ruling. The company, which sells over-the-air antennas and offers a streaming service, began as a military contractor developing high-performance antennas for the Army and Navy. Since its founding in 2011, it has sold 1.5 million high-definition television antennas to consumers.

“Aereo made people aware that they can get high-definition broadcast television for free without paying for cable,” said Mark Buff, Mohu’s founder and chief executive.

The main difference between these companies — which have not drawn the ire of broadcasters — and Aereo is that their customers own the antennas and capture signals in their homes, as opposed to remotely. Mr. Ely and Mr. Buff say they believe that will satisfy the requirement under copyright law that the transmissions be private performances, a position that Aereo argued unsuccessfully before the Supreme Court. “Where you capture the signal makes all the difference,” Mr. Ely said. “This fits squarely in fair use.”

Simple.TV, which has 30 employees and counts tens of thousands of customers, has raised $5 million in financing and is working on a new round of funding.

Some venture capitalists said they would continue to invest in streaming-television start-ups despite Aereo’s loss in court.

“If cable companies believe that their old ways of doing business are protected by the Aereo Supreme Court decision, they are clearly misguided,” said Dan Nova, a partner at Highland Capital Partners, one of Aereo’s backers. “Consumers are rejecting cable companies and traditional consumption models. The horse is out of the barn.”

The number of households in the United States subscribing to pay-television services has slipped in recent years. About 101 million households in the United States subscribe to pay TV, down 7 percent from 2013, according to the research firm SNL Kagan.

At the same time, the total number of households in the United States that use the Internet or other streaming services instead of traditional TV to watch television shows or movies has climbed to 7.6 million, up about 30 percent from 5.8 million in 2013, according to SNL Kagan.

Recognizing the threat, cable and satellite companies are introducing options to lure new customers and keep those who might be tempted to cancel their subscriptions. Comcast, the largest cable provider in the United States by subscribers, is offering cloud-based television-streaming technologies; an Internet Plus bundle that includes broadband, basic cable and HBO; and special packages for college students.

Broadcasters, too, are trying to profit by offering to sell their programming to streaming companies that are willing to pay for it. During a phone interview after the Supreme Court ruling, Leslie Moonves, the chief executive of CBS, said his network did not oppose the new technology.

“We are not against people moving forward and offering our content online and all sorts of places, as long as it is appropriately licensed,” he said. “Innovation is still alive and well and thriving.”
http://www.nytimes.com/2014/06/30/bu...e-opening.html





Aereo Looks to Congress for a Lifeline
Brian Fung

Days after Aereo suspended its service in response to a Supreme Court ruling against the company, the service is now calling on consumers to protest the disruption.

In a letter, Aereo chief executive Chet Kenojia said its customers had been asking what they could do now that Aereo has been shuttered:

Today, I'm asking you to raise your hands and make your voices heard. Tell your lawmakers how disappointed you are that the nation's highest court issued a decision that could deny you the right to use the antenna of your choice to access live over-the-air broadcast television. Tell them your stories of why having access to a cloud-based antenna is important to you and your families. Show them you care about this issue.

Asking the public to pressure Congress is likely a prelude to a broader effort aimed at getting lawmakers to rewrite the Copyright Act, analysts say. It's the Copyright Act that got Aereo into hot water in the first place; the Supreme Court held that the company's online TV streams constituted a "public performance" that Aereo had to pay broadcasters for.

Aereo would likely want Congress to clarify the difference between a public and a private performance. Assuming Congress agreed to do it their way, it would make a service such as Aereo's, which records TV shows on tiny individual antennas and plays them back to its customers over the Web, a legal product.

So generating some grassroots support for Aereo ahead of time makes sense. But getting Congress to consider rewriting the Copyright Act, let alone write it in a way that's favorable to Aereo, will be an uphill struggle.

"I think it's a spur for Congress to think about how to accommodate online video in the 20-year-old pay-TV framework, and I think they will eventually do that," said Paul Gallant, a telecom analyst at Guggenheim Securities. "The question is, will it happen quickly enough for Aereo? The answer is, I'm skeptical that it would."
http://www.washingtonpost.com/blogs/...or-a-lifeline/





How to Get Broadcast TV for Free, Even Without Aereo
Aaron Sankin

Last Wednesday, the United States Supreme Court effectively drove a stake through the heart of Aereo, a company that allowed users to stream network television over the Internet. Aereo also functions as a DVR service, letting its customers watch local programming they had recorded and stored on the company’s cloud-based servers. Aereo’s CEO has pledged to keep the the company going, but the demise of its current service is all but assured.

Broadcasters didn’t like Aereo, which charges customers a $8 monthly fee, because the New York-based, Barry Diller-backed startup consciously avoided paying them the billions of dollars in retransmission fees cable and satellite providers always ponied up to carry their content. The broadcasters viewed the Aereo case as an existential threat—so much so that a top News Corp executive said Fox might move to cable if the decision didn’t go its way—and, as such, successfully sued to get Aereo shut down on copyright infringement grounds.

Despite their court victory, the cat may be out of the bag for broadcasters. The existential threat to their business model wasn’t so much that Aereo could assign a tiny antenna to each subscriber then beam last night’s episode of American Idol to their iPad. The real danger was that a very large amount of people, over 100,000 in New York City alone, were willing to pay a relatively small amount of money to forego cable and satellite, instead opting for what amounted to the combination of a TiVo box and an antenna.

Here’s the thing: Cobbling together the parts necessary to legally recreate Aereo on your own isn’t particularity expensive or difficult. In fact, drawn out over a long enough timeline, it’ll probably even save you money over shelling out for Aereo.

To recreate Aereo, the first thing you’re going to need is a way to get the broadcast TV signals from the air and onto one of the many glowing rectangles in your home.

Due to a Federal Communications Commission mandate, all broadcast TV stations have been exclusively digital since 2009, which means dusting your parents’ old rabbit ears out of the basement likely won’t get you anything other than static. But digital antennas are super cheap. This one from HomeWorx costs a mere $9.10 on Amazon.

Not only does this antenna cost only slightly more than a single month of Aereo, but it works everywhere in the country—not just in the eleven major metro areas where Aereo offered service.

But, let’s say, you wanted to record last night’s The Bachelorette and watch it at your leisure, which is your god-given right as an American. One way to do that is to to buy a subscription-free DVR that allows for the functionality of Aereo or TiVo but with the cost of a single upfront purchase price rather than a monthly subscription. There are a number of options that fit the bill, like the Channel Master DVR+, which retails for $250.

The total cost for both products is the equivalent of about two and a half years of an Aereo subscription. If Aereo was your long-term TV solution, this setup will likely save you money in the long run.

However, if you want to go even cheaper and don’t mind getting a little technical, it’s possible to get TV signals broadcast directly onto your computer and then turn the machine’s hard drive into a DVR with TV tuner cards made by companies like Hauppauge, Pinnacle, and ATI Tuners. These devices, some of which require opening up your computer and physically installing a card into the motherboard, can sell for as cheap as $50 and generally don’t require monthly or annual subscription fees.

Either of these setups allow much of the same functionality of Aereo for price tags that may ultimately be less than what Aereo offered. The best part is that the Supreme Court probably isn’t going to shut them down any time soon.
http://www.washingtonpost.com/news/t...without-aereo/





Publishers Offer Free/Discounted Ebooks of the Print Books You Own with Bitlit
Cory Doctorow

Bitlit works with publishers to get you free or discounted access to digital copies of books you own in print: you use the free app (Android/Ios) to take a picture of the book's copyright page with your name printed in ink, and the publisher unlocks a free or discounted ebook version. None of the Big Five publishers participate as yet, but indies like O'Reilly, Berrett-Koehler, Red Wheel Weiser, Other Press, Greystone, Coach House, Triumph, Angry Robot, Chicago Review, Dundurn, and PM Press (publishers of my book The Great Big Beautiful Tomorrow) are all in.
http://boingboing.net/2014/06/27/pub...ediscount.html





MPAA Issues Overly Broad Takedown Of Little Used Reddit Film Community; Creates Much Bigger Reddit Film Community
Mike Masnick

Oh that wacky MPAA. Earlier this week, TorrentFreak noted that the MPAA issued a massively overbroad DMCA takedown to Google, asking it to remove an entire subreddit from its search results. The subreddit in question was r/FullLengthFilms, which really wasn't that popular.

It's not difficult to guess why the MPAA wanted this community gone, though it is a bit odd that the MPAA thinks that just because it finds one link to a potentially infringing movie that it thinks an entire subreddit should disappear down the search engine memory hole. If that's the criteria, a lot of the internet would go missing. Google didn't take it out of its search results, but the resulting publicity from the bogus takedown attempt... suddenly made r/FullLengthFilms a hell of a lot more popular.

One of the mods for the subreddit points out that he'd long considered it to be a dead subreddit, but now it was suddenly booming again. There are a bunch of new subscribers, plenty of new mods and a bunch of new films -- and, yes, many of them are perfectly legal and authorized. I wonder if there are any movies that star Barbra Streisand linked from the subreddit...
https://www.techdirt.com/articles/20...ommunity.shtml





After a Year of Experimentation, BitTorrent Bundle Wants to Make Artists (and Itself) Money

After hitting the '100 million' milestone, BitTorrent, the data transfer protocol long associated with piracy, continues to try and clear its name.
Chris Leo Palermino

One year and 100 million legal downloads later, the BitTorrent Bundle platform — an online marketplace for 'Bundles,' in which content creators can distribute a combination of free and "gated" content — is increasingly taking hold as a viable marketing and distribution platform. Most recently, rapper G-Eazy made available a BitTorrent Bundle composed of unreleased tracks, photos and videos to promote his upcoming record "These Things Happen." The bundle was downloaded 1.4 million times over the course of a month, with the record it supports set to hit No. 3 on the Billboard 200 next week.

BitTorrent Bundle has also worked with Madonna (distributing her human rights documentary "secretprojectrevolution"), Moby (8.9 million downloads of a remix-able version of 2013's "Innocents"), De La Soul (who released a mixtape, "Smell the Da.I.S.Y”) and Public Enemy (1 million downloads of a re-mixable version of "Get Up Stand Up”), as well as with film and video game creators.

Riding on its initial success, BitTorrent (which claims 170 million monthly users) aims to monetize these bundles within the next few months. In the current model, some content is free to download while additional content is accessible only through a "gate" that downloaders can unlock (typically by submitting an email address). Soon, artists will be able to implement a "pay gate" to their bundles, enabling content creators to charge for the content compilations. BitTorrent plans to take a 10% cut from these pay gates.

While the term 'BitTorrent' has been associated with music and movie piracy for years now, it's crucial to understand the difference between BitTorrent, Inc. and the open source file transfer protocol known as BitTorrent. While the latter powers rampant piracy through torrent indexing sites such as Pirate Bay, BitTorrent, Inc. is a separate entity that uses the BitTorrent file transfer protocol for legal purposes.

Billboard spoke with BitTorrent's chief content officer Matt Mason — who also has penned "The Pirate's Dilemma," a book about understanding and competing with piracy — on the inspiration for the BitTorrent Bundle, marketing the service, partnering with labels, pay gates and why they’re not responsible for piracy on BitTorrent’s open source protocol.

Billboard: BitTorrent began a decade ago as a technology company that developed the BitTorrent peer-to-peer protocol as a way to transfer data. Why has the company delved into working directly with the music, entertainment and other content industries?
Matt Mason: When I joined, Eric [Klinker, CEO of BitTorrent] said to me that the thing he felt was the most valuable thing we could do was build a technology for the entertainment industries that went with the grain of the internet. One of the core tenants of BitTorrent and one of the core guiding principles of the internet when the internet was first conceived was 'put the end user in control.' The internet that artists have today is not what they were promised. We've got YouTube shutting the door on independent artists. We've got Spotify becoming Clear Channel. We've got all of the majors giving up on selling music directly. There's just absolutely nowhere to turn. This is something that has become more apparent as we've been building our bundles, which is why I think we've seen so much interest both from fans and artists in the last year.

How have you developed relationships with artists and labels?
The same way that everybody develops relationships. I came into this business with a set of relationships. We've got a lot more now because people trust us, people see what we're doing and people understand our intentions. There's not a label or studio where we [haven't] talked to at least a few people. Yes, some people, when they met us, they're skeptical. They didn't understand what BitTorrent is. But once people see what we're doing, what we're building, once they meet the people who are passionate about doing good stuff for content creation, they work with us.

What do you see the value added of the Bundle platform over other services (such as iTunes and Amazon) selling similar types of deluxe packages?
iTunes and Amazon kind of feel like Best Buy. They're not really geared toward to just letting the artist publish their creative work in the way that they want. We're trying to build an independent record store — a place where you can go and get lost in a piece of content. iTunes was built by Apple for the major labels and it's focused on selling singles. If you look at the artists using Bundles, yes they want to sell singles. But, they're more interested in building a direct connection with the fan that they can continue to monetize in a sustainable way. If we can build the right direct-to-fan set of publishing tools here, where artists configure the bundle to their business model and put it in front of a large audience, we can create something truly revolutionary.

Can you explain how the pay gates will work?
It's going to be super simple. An artist, content creator or publisher will be able to put some content in front of that gate and some behind that gate, and they will be able to set the price that the consumer has to pay in order to open that gate. The big idea here is that everybody else on the internet that built a store has put content inside that store. What we're trying to do with a bundle is put the store inside the content. So, everywhere that bundle travels -- whether it's embedded in a blog or on Facebook -- wherever it travels on the internet, whenever someone opens that file, they'll get some valuable stuff for free and then they'll have an opportunity to pay for some more stuff.

So far, all of the bundles have been free. Why do you think that people will buy them?
If you look at all of the ways that projects have monetized within BitTorrent, we've been able to drive album sales, box office sales, DVD sales… we've driven all kinds of social and fan engagement. Every single bundle that we do, on average, 1 in 4 fans that downloaded the bundle shared the fact that they downloaded that bundle on Twitter or Facebook. Fans are starting to understand that bundles are this small direct connection to artists, which makes them actually compelled to share and support that content.

Do you anticipate the BitTorrent Bundle to be a competitor to iTunes, Amazon, Spotify and other services?
We think that it will. It's really up to the artist, right? If you're an artist and you decide that you're disgruntled with Spotify and iTunes and you decide to use Bundles and it works for you and you shift all of your traffic and engagement over to the Bundles platform, then in that situation it's a competitor. If you start off with Bundles, and then you embed a Spotify button so that people can go and subscribe to your stuff there, then it's an additive service to Spotify. In the end, it's about putting the control in the hands of the artist. Yes, we're trying to sell ourselves so that we can be a competitor to everyone else in the business, but if stuff's working for artists, who are we to say 'No, you've got to do this here.'

BitTorrent still has a reputation primarily as a illegal file sharing site. What are your strategies to market the service as a paid, legal, online music outlet?
We've talked to people one-on-one. We talk to the music industry, the film industry, publishers, authors. We know that the perception is changing because there are a lot more people talking to us. They have no misconception of who we are. They understand the difference between BitTorrent the company, where it's literally impossible to get any illegal content (and it always has been), and piracy sites which may or may not be using BitTorrent technology on the backend. Piracy sites use BitTorrent because it's the best way to move data, and because they can. It's a page of code that's been open sourced for over a decade.

Does BitTorrent feel a responsibility to decrease the usage of the BitTorrent protocol for piracy?
We're not responsible for that. I came to work at BitTorrent because I think that the best [option] is to build a service where you can have an impact on piracy. The more important thing is creating a fair, democratic marketplace for connecting content creators direct-to-fan. I work here because this is the only place that I can do that. What happens on the Pirate Bay has absolutely nothing to do with us. Why this makes sense for us strategically as a company is because everybody wrongly blames us for piracy. If bundles work, then people will understand that we're a technology company that enables the transfer and distribution of content. That's what we are. If bundles work, it helps us as a company.
http://www.billboard.com/biz/article...t-bundle-wants





Breaking Spotify DRM with PANDA
Brendan Dolan-Gavitt

Disclaimer: Although I think DRM is both stupid and evil, I don't advocate pirating music. Therefore, this post will stop short of providing a turnkey solution for ripping Spotify music, but it will fully describe the theory behind the technique and its implementation in PANDA. Don't be evil.

This past weekend I spoke at REcon, a conference on reverse engineering held every year in Montreal. I had a fantastic time there getting to meet other people interested in problems of memory analysis, reverse engineering, and dynamic analysis. One of the topics of my REcon talk was how to use PANDA to break Spotify DRM, and since the video from the talk won't be posted for a while, I thought I'd write up a post showing how we can use PANDA and statistics to pull out unencrypted OGGs from Spotify.

Gathering Data

The first step is to gather some data. We want to know what function inside Spotify is doing the actual decryption of the songs, so that we can then hook it and pull out the decrypted (but not decompressed) audio file. So to start with, we'll take a recording of Spotify playing a song; we can then apply whatever analysis we want to the replay. Working with a replay rather than a live system will also make our job considerably easier – no need to worry that we're going to slow things down enough to trip anti-debugging measures or network timeouts. I've prepared a record/repay log of Spotify playing 30 seconds of a song, which you can use to follow along with what comes next. The recording is 12 billion instructions, which gives us a lot of data to work with!
Just for fun, here's a movie of that replay, generated by taking screenshots throughout the replay and then stitching them into a video:

Some Theory

The next challenge is to figure out how we can identify the function that takes in encrypted data and outputs decrypted data. For this we turn to the excellent work of Ruoyu Wang, Yan Shoshitaishvili, Christopher Kruegel, and Giovanni Vigna [1]. Their clever insight was that when you look at the distribution of bytes in encrypted vs. compressed streams, the byte entropy of the two is very similar, but compressed streams don't look very random. To illustrate this, let's look at the histograms for an encrypted mp3 file, and its decrypted version. First, encrypted:

Now the same file, decrypted:

You can clearly see that the one on the bottom looks significantly less "random" – or more precisely, the distribution of bytes is not very uniform. However, if we compute the byte entropy of each, they are both very close to the theoretical maximum of 8 bits per byte – the mp3 has 7.968480 bits of entropy per byte, whereas the encrypted file has 7.999981 bits per byte.

We can make this intuition more precise by turning to statistics. The Pearson chi-squared test (χ2) lets us compute a value for how much an observed distribution deviates from some ideal distribution. In this case, we expect the bytes in an encrypted file to be uniformly random, so we can compare with the uniform distribution by computing:

Here, Oi is the observed frequency of each byte, and Ei is the expected frequency, which for a uniform byte distribution with n samples will be (1/256)*n.

Similarly, the entropy of some ovserved data can be computed as:

Where p(xi) is the observed frequency of each byte value in the data.

Based on the work of Wang et al., if we find a function that reads a lot of high-entropy, highly random data, and writes a lot of high-entropy, non-random data, that's likely to be our guy!

Enter the PANDA

But enough theory. How do we actually gather the data we need in PANDA? We will want some way of gathering, for each function, statistics on the contents of buffers read and written by each function in the replay. As it happens, PANDA has a plugin called unigrams that will get us the data we want.

The unigrams plugin works by tracking every memory read and write made by the system. When it sees a read or write, it looks up the current process context (i.e., CR3 on x86), program counter, and the callsite of the parent function (this last is done with the help of the callstack_instr plugin). Together, these three pieces of information allow us to put the individual memory access in context and separate out memory accesses made in different program contexts into coherent streams of data. So to gather the raw data we want, we can just run:

x86_64-softmmu/qemu-system-x86_64 -m 1024 -replay spotify \
-panda-plugin x86_64-softmmu/panda_plugins/panda_callstack_instr.so \
-panda-plugin x86_64-softmmu/panda_plugins/panda_unigrams.so

This produces two files, unigram_mem_read_report.bin and unigram_mem_write_report.bin. The format of these files isn't terribly interesting, but they can be parsed using the Python code found in the unigram_hist.py script. Essentially, it consists of many, many rows of data that have the (callsite, program counter, CR3) triple followed by an array of 256 integers giving the number of times each byte was read or written at that point in the code.

Armed with this data, we want to now go through each callsite and look for those that meet the following criteria:

The function both reads and writes a lot of data, in roughly equal amounts.
The byte entropy of the data read is high, and its χ2 value (deviation from random) is low.
The byte entropy of the data written is high, and its χ2 value is high.
This is precisely what the find_drm.py script does. We can run it like so:

./find_drm.py unigram_mem_read_report.bin unigram_mem_write_report.bin

Among its output, we find the following promising candidate:


(00719b84 3f1ac2e0): 3 x 1 combinations
Read sizes: 44033, 701761, 701761
Write sizes: 701761
Read rand: 2.238299, 258.176922, 263.599258
Write rand: 142018.776009
Best input/output ratio (0 is best possible): 0.0

This function read two buffers of size 701,761 bytes and wrote one of size 701,761 bytes – given that we played 30 seconds of the song, this looks just about right. The randomness of the input buffers was quite high (recall that in the χ2 test, high numbers mean the data observed is less likely to be random), but the output buffer was not very random.

Dumping the Data

So how can we confirm our guess? Well, the easiest thing is to simply dump out the data seen at that point. If we go back up to the beginning of the output of the script, we have a list of all the (callsite, program counter, CR3) identifiers for reads and writes that matched our criteria. Looking through the writes for our candidate callsite (00719b84), we find it here:


(00719b84 0042e2ed 3f1ac2e0): 701761 bytes

We can now use another PANDA plugin, tapdump, to dump out all the data flowing through that point in the program. First we create a text file named tap_points.txt in the QEMU directory, and put in it:


00719b84 0042e2ed 3f1ac2e0

Next we run the replay again with the tapdump plugin enabled.

x86_64-softmmu/qemu-system-x86_64 -m 1024 -replay spotify \
-panda-plugin x86_64-softmmu/panda_plugins/panda_callstack_instr.so \
-panda-plugin x86_64-softmmu/panda_plugins/panda_tapdump.so

This produces two files, read_tap_buffers.txt.gz and write_tap_buffers.txt.gz, which contain the data read and written at the specified points. If you examine this with zless, you'll see lots of lines of addresses, followed by a single byte value. Separating out each field onto its own line and annotating, these are:

0000000082678e78 [Caller 13]
000000008260dcc3 [Caller 12]
[...]
000000000071a1a5 [Caller 2]
0000000000719b84 [Caller 1]
000000000042e2ed [PC]
000000003f1ac2e0 [Address space]
000000000b256570 [Write address]
269882976 [Index]
4f [Data]

The extra callstack information is included so that, if necessary, more calling context can be used to pull out just the data we're interested in. In our case, however, just one level turns out to be enough. Finally, we want to turn this text file into a binary stream. In the scripts directory, there is a script called split_taps.py which will go through a gzipped tapdump output file and separate out each distinct stream found in the file (based on our usual identifier of (callsite, program counter, CR3)).

So now we can run this on the writes seen at our candidate for the decryption function:

./split_taps.py write_tap_buffers.txt.gz spotify

And obtain spotify.0000000000719b84.000000000042e2ed.000000003f1ac2e0.d at, which contains the binary data written at program counter 0x0042e2ed, called from callsite 0x00719b84, inside of the process with CR3 0x3f1ac2e0. So, is this audio we seek?

$ file spotify.0000000000719b84.000000000042e2ed.000000003f1ac2e0.d at

spotify.0000000000719b84.000000000042e2ed.000000003f1ac2e0.d at: Ogg data

This looks good! Of course, the proof of the pudding is in the eating, and the proof of the audio is in the listening, so do...

$ cvlc spotify.0000000000719b84.000000000042e2ed.000000003f1ac2e0.d at

And you should hear a rather familiar tune :)


Concluding Thoughts

As I mentioned in the disclaimer, this by itself is just the starting point for what you would need to really break Spotify's DRM. It doesn't give you a way to obtain the key for each song and decrypt it wholesale. Instead, you would have to place a hook in the function identified by this process and pull it out as it's played, which limits it to realtime decryption (and Spotify's packing and anti-debugging may make it hard to place the hook in the first place!). Although I can certainly imagine more efficient processes, I think for now this is a nice balance between enabling piracy and showing off the power of PANDA.

If you now want to get a better understanding of the function we found inside Spotify, you can create a memory dump, extract the unpacked Spotify binary (which is packed with Themida) using Volatility, and the load it up in IDA and go to 0x0042e2ed, which is the location where decrypted data is written out.


Postscript

One may wonder what happens when the function that contains 0x0042e2ed is called by others. As it turns out, this appears to be a generic decryption function that is used for other media throughout Spotify, including album art! It is left as an exercise to the reader to dump and examine the rest of the data that this function decrypts.


References

[1] Steal This Movie: Automatically Bypassing DRM Protection in Streaming Media Services. Wang, R., Shoshitaishvili, Y., Kruegel, C., and Vigna, G. USENIX Security Symposium, Washington, D.C., 2013.
http://moyix.blogspot.com/2014/07/br...th-panda.html?





Time Warner Cable Customers Beg Regulators to Block Sale to Comcast

Fears of monopoly power, data caps, and price hikes raised in public comments.
Jon Brodkin

New York is shaping up as a major battleground for Comcast's proposed acquisition of Time Warner Cable (TWC). While the $45.2 billion merger will be scrutinized by federal officials, it also needs approval at the state level.

TWC has 2.2 million cable TV, Internet, and phone customers in 1,150 New York communities, and hundreds of them have called on the New York Public Service Commission (PSC) to block the sale to Comcast. Comcast doesn't compete against TWC for subscribers, and its territory in New York is limited but includes a VoIP phone service offered to residential and business customers in 10 communities.

"Both Time Warner Cable and Comcast already have monopolies in each and every territory in which they do business today, and combining the companies will reinforce those individual territorial monopolies under a single corporate umbrella, with NBC-Universal thrown in to boot," resident Frank Brice argued in a comment to the PSC posted yesterday.

Brice complained that "The constant, yearly rate increases imposed on us by Time Warner Cable are and continue to be outrageous, outsized, and unwarranted. Given where I live in the mid-Hudson valley, 100 miles from New York City and 50 miles from Albany, I cannot get over-the-air TV broadcasts, and I have no choice in my cable-TV provider unless I choose a satellite provider." Brice is "so unhappy with Time Warner Cable" that he buys DSL Internet and phone service from Verizon, which hasn't built FiOS in his area.

“I am absolutely terrified by this merger”

Brice's comment is similar to many others submitted by residents to the PSC's merger proceeding.

"I, as a NYS resident, am absolutely terrified by the potential of this merger," another resident named Michael Kennedy wrote. "Time Warner has raised my rates no less than 3 times over the last 2 years with no improvement in service (to speak nothing of their deplorable customer service). This merger will destroy what little competition exists in the internet delivery service, raise everyone's bills, and in the end not benefit not one single New Yorker."

Richard Liotta, a TWC customer in Manhattan, wrote that "Comcast has already stated they will raise the prices and not only that they will impose data caps on their broadband service which will double or triple people's Internet bills."

Mayor Richard Miller of Oneonta wrote that his city is opposed to the merger. Time Warner's franchise agreement with the city expired in February 2013 yet TWC "has provided no response" to the city's attempts to negotiate a renewal, he wrote.

"Further, Time Warner's agreement with the City of Oneonta required that the City Council approve any transfer of the franchise," he wrote. "We have received no communication requesting this approval. Although we have not conducted a survey among City residents relative to satisfaction with Time Warner service, I am certain they would receive poor remarks. We oppose the proposed merger as it will further exacerbate the lack of responsiveness we are currently experiencing."

The PSC merger proceeding has attracted nearly 2,000 comments, the vast majority of which ask the commission to block the sale. Most of the opposition came within the last week and wasn't spontaneous—it was largely the result of a campaign by Consumers Union, which provided a form letter that people submitted to the PSC instead of writing their own thoughts.

But New Yorkers were speaking out against the merger more than a month before the Consumers Union campaign began. The first 170 comments on the proceeding were individually written rather than identical form letters, and the vast majority of these also opposed the merger. Since June 23, most of the comments appear to be a result of the Consumers Union campaign.

The Consumers Union form letter argues that the merger will allow Comcast to "Control two-thirds of the nation's cable subscribers, five times the subscriber base of any other cable company and 50 percent more than the largest satellite TV service; Control nearly 40 percent of the U.S. broadband market; Have enormous gatekeeper power over the content that reaches consumers; Give the company even more power to raise rates for its competitors, passing those price hikes on to customers; [and] Combine two companies that already rank near the bottom of Consumer Reports annual consumer satisfaction survey of 80,000 readers."

The merger is also an issue in the gubernatorial election, with candidate Zephyr Teachout and her running mate, Tim Wu, arguing that it should be blocked. Teachout is a Fordham law professor and Tim Wu is a Columbia Law School professor and author who coined the phrase "network neutrality."

The New York City Council also weighed in, asking the PSC to require Comcast to expand its "Internet Essentials" program that gives $10-per-month Internet access to people with low incomes.

"Only 2.6 million families of the 7.2 million families making under $35,000 in Comcast’s service area are eligible for the program, as it only applies to families with children eligible for federal free or reduced price lunch. Of that 2.6 million, a mere 300,000 families have applied," the City Council wrote. "Free or affordable access should also be provided to family and individual recipients of income-qualifying federal, state and city subsidies. Loopholes that deny 'Internet Essentials' to old customers, those who have missed bill[s] in the past, or those who have unreturned equipment must also be closed."

“No negative impact on competition because Time Warner Cable and Comcast do not compete”

Comcast did get support from a couple of business consortiums. "[T]his merger will create a world-class media and technology company that will provide superior service to customers, and continue to deliver on the requirements set forth in the city's cable franchise agreement," according to the Association for a Better New York.

The "Partnership for New York City" argued that the merger "will bring the benefits of Comcast's industry-leading technologies to millions of New Yorkers," including faster Internet speeds and Wi-Fi access.

Comcast has argued on behalf of the merger in filings and at public hearings held by the commission.

"The Commission’s approval of this transaction will provide New York residents with a more robust competitor, leading to improved services and choices," Comcast wrote in its petition requesting merger approval. "Significantly, the transaction will have no negative impact on competition because Time Warner Cable and Comcast do not today compete directly with one another… Given that Comcast has today a very limited presence in New York, the transaction will not result in the combined company holding a dominant share of the market in New York for any of these services, but will instead add a stronger, more innovative provider to the competitive mix."
http://arstechnica.com/business/2014...le-to-comcast/





Newly Exposed Emails Reveal Comcast Execs are Disturbingly Cozy with DOJ Antitrust Officials
Brad Reed

Want to know why Comcast’s merger with Time Warner Cable has any chance of passing despite huge opposition from even the company’s own customers, look no further than emails recently uncovered by MuckRock that show Comcast execs have a very friendly relationship with an attorney at the Department of Justice’s antitrust division.

Among other things, the emails show that earlier this year, Comcast invited Deputy Assistant Attorney General Renata Hesse to attend a party to celebrate the opening of the 2014 Winter Olympics, an invitation that Hesse regretfully declined because the “rules folks” at the DOJ would likely object. Hesse did say that the event sounded “delightful” and “fun,” however, and told Comcast senior vice president of regulatory affairs Kathryn Zachem that she’d still love to go out to dinner with her sometime this year.

Zachem responded and said that she thought the invite to the Olympics party would have been OK since Comcast hadn’t yet formally filed any paperwork on its TWC merger proposal. She did vow to Renata that she would take her up on that dinner offer, however, and promised to get it scheduled. In a followup email, Hesse once again expressed her regrets at not being able to attend Comcast’s grand Olympics bash.

“Our ethics rules are very restrictive,” she wrote. “I was hoping I could do it since it sounds like so much fun, but alas.”

Of course, this exchange came less than one month before Comcast did formally announce its merger with TWC, so it’s not as though Comcast’s plan to buy the company was in its infancy when it invited Hesse to its swank party.

To be clear, Hesse did nothing wrong here, although this does illustrate the way Comcast uses its power and money to establish cozy relationships with the people who are supposed to be regulating it. We learned earlier this year that Comcast has also assembled one of the largest lobbying teams ever consisting of a whopping 40 different lobbying firms whose sole purpose is to push lawmakers and regulators to do its bidding. And this is the single biggest reason why the government might actually sign off on a merger between the two most hated companies in the United States despite public opposition.

Be sure to check out MuckRock’s full collection of unearthed emails by clicking the source link below.
http://bgr.com/2014/07/02/comcast-tw...er-doj-emails/





Google Executives Visit Cuba for First Time to Promote Open Internet
David Adams

A team of top Google executives is visiting Cuba to promote open Internet access, according to a dissident blogger who says she met the group in Havana.

The team, led by Executive Chairman Eric Schmidt, met with Cuban officials as well as independent people in the technology and digital field, according to a report on the independent news website 14ymedio.com, which was started last month by blogger Yoani Sanchez.

Google is on an official two-day visit "to promote the virtues of a free and open Internet," the report said.

Schmidt appeared to confirm the report when he retweeted a message on Twitter posted by Sanchez about the visit.

Neither Google nor the Cuban government made any official statement about the executives' presence in Cuba.

Cuba does not allow open Internet access. Only 2.6 million out of a population of 11.2 million have Internet access, almost entirely limited to government-run centers, foreign companies and tourist hotels. Most of those who do have access are only been able to explore a limited, state-controlled basket of approved websites.

Schmidt, who was Google's chief executive from 2001 to 2011, is becoming more visible on issues involving technology and world affairs. His mandate as executive chairman involves government outreach, thought leadership and building partnerships and business relationships, according to the company.

Schmidt was accompanied by Jared Cohen, director of Google Ideas, as well as two other staff, Sanchez said.

Google Ideas describes itself as a "a think/do tank that explores how technology can enable people to confront threats in the face of conflict, instability or repression," according to its website.

Schmidt and Cohen are the coauthors of The New Digital Age, published last year, and have a track record of speaking with leaders of countries that restrict free speech to advocate for a free and open Internet.

Schmidt was the first high-profile tech executive to visit Myanmar last year in the wake of reforms that prompted Western nations to ease sanctions following decades of military dictatorship.

The Google delegation in Havana met with students and was given a tour of Havana's University of Information Sciences on Saturday, according to 14ymedio.

Sanchez started 14ymedio, Cuba's first independent online newspaper in May, although the site has been repeatedly blocked in Cuba.

The Cuban government sought to discredit Sanchez as a paid propagandist doing the bidding of the U.S. government.

The 14ymedio.com site seeks to draw attention away from the communist-ruled country's state-controlled media and challenge the government's heavy media restrictions. Cuba has been tolerating more criticism in recent years but not yet from such a professional-looking website produced on the island.

Sanchez's blog on daily life and politics in Cuba, Generation Y, has rattled the Cuban establishment, and she has won prestigious media awards in the United States and Europe.

(Additional reporting by Edwin Chan; Editing by Bill Trott)
http://www.reuters.com/article/2014/...0F30WN20140629





Why Has Google Cast Me Into Oblivion?
Robert Peston

This morning the BBC received the following notification from Google:

Notice of removal from Google Search: we regret to inform you that we are no longer able to show the following pages from your website in response to certain searches on European versions of Google:
http://www.bbc.co.uk/blogs/legacy/thereporters/ robertpeston/2007/10/merrills_mess.html

What it means is that a blog I wrote in 2007 will no longer be findable when searching on Google in Europe.

Which means that to all intents and purposes the article has been removed from the public record, given that Google is the route to information and stories for most people.

So why has Google killed this example of my journalism?

Well it has responded to someone exercising his or her new "right to be forgotten", following a ruling in May by the European Court of Justice that Google must delete "inadequate, irrelevant or no longer relevant" data from its results when a member of the public requests it.

Track record
The ruling stemmed from a case brought by Mario Costeja González after he failed to secure the deletion of a 1998 auction notice of his repossessed home that was reported in a Spanish newspaper.

Now in my blog, only one individual is named. He is Stan O'Neal, the former boss of the investment bank Merrill Lynch.

My column describes how O'Neal was forced out of Merrill after the investment bank suffered colossal losses on reckless investments it had made.

Is the data in it "inadequate, irrelevant or no longer relevant"?

Hmmm.

Most people would argue that it is highly relevant for the track record, good or bad, of a business leader to remain on the public record - especially someone widely seen as having played an important role in the worst financial crisis in living memory (Merrill went to the brink of collapse the following year, and was rescued by Bank of America).

Public interest
So there is an argument that in removing the blog, Google is confirming the fears of many in the industry that the "right to be forgotten" will be abused to curb freedom of expression and to suppress legitimate journalism that is in the public interest.

To be fair to Google, it opposed the European court ruling.

But its implementation of it looks odd, perhaps clumsy.

Maybe I am a victim of teething problems. It is only a few days since the ruling has been implemented - and Google tells me that since then it has received a staggering 50,000 requests for articles to be removed from European searches.

It has hired what it calls "an army of para legals" to process these requests.

I asked Google if I can appeal against the casting of my article into the oblivion of unsearchable internet data.

Google is getting back to me.

PS Although the BBC has had the notice from Google that my article will not show up in some searches, it doesn't appear to have implemented this yet.

UPDATE 22:50
My blog remains findable when you search Stan O'Neal. So I am beginning to wonder whether it really was him who requested to be forgotten.

The implication is that oblivion was requested not by anyone who appears in the blog itself (O'Neal is the only person I mention in my column) but by someone named in the comments written by readers underneath the blog.

Google won't tell me, one way or another.

It is all a bit odd.
http://www.bbc.com/news/business-28130581





UK 'Porn Filters' Block One Fifth Of All Websites
Emma Woollacott

One in five of all websites are blocked by at least one default ISP filter in the UK, an anti-censorship campaign group has found.

Since the beginning of this year, British ISPs have automatically been imposing filters on new broadband customers unless specifically asked not to do so. By the end of the year, this filtering will have been extended to existing customers too. The ISPs aren’t forced to impose the filtering – although prime minister David Cameron thinks they should be – but all the major players have complied.

To test the various systems, the Open Rights Group attempted to access 100,000 sites using either the default filter settings provided by the network, or with their “normal” level of filtering where none was set by default. And it found that nearly 20,000 sites were blocked by at least one ISP – many, as you’d expect from the sheer number involved, perfectly innocuous.

“If people who would normally be interested in accessing our content – which focuses on reproductive healthcare, violence against women and LGBT rights – are not able to view the site, it directly impacts our bottom line,” says founder and editor in chief of the sherights.com blog Maureen Shaw.

“But, more than that, we are concerned with the message that blocking our site sends: that pro-woman, pro-equality, pro-human rights subject matter is somehow offensive, inappropriate or otherwise problematic.”

And getting a site unblocked isn’t always easy, as Philip Raby found out. When his Porsche brokerage and consulting firm was blocked by O2 – yes, really – phone calls and emails through official channels failed to achieve anything at all. It was only when he started tweeting about his problems, he says, that the block was withdrawn. And, shockingly, several ISPs – including BT, TalkTalk and Plusnet – don’t even have a formal procedure for non-customers to get a site unblocked.

Often, of course, website owners will have no idea that an ISP is blocking their website; they’ll simply see traffic fall away. But for those that wish to find out, the ORG has opened up its checking tool for anyone to use. In a plea that would be entertaining if it weren’t so depressing, it asks users not to bother reporting anything blocked by O2′s parental controls: “almost all internet sites are listed as blocked by the “Parental Controls” profile,” it explains.

All over the UK, I’m sure, people will be shouting “I told you so!” at their screens. Campaign groups have been expecting exactly this type of over-blocking since the plans for default filtering were initially announced last summer.

But one-fifth of websites is an astonishing proportion – much, much more than most authoritarian regimes ever manage. As Paul Staines, editor of the highly entertaining Order Order blog, pleads, “We would really appreciate it if TalkTalk would remove us from their block list. The only people who block us are them, and the Chinese government.”
http://www.forbes.com/sites/emmawool...-all-websites/





Dotcom Encryption Keys Can’t Be Given to FBI, Court Rules
Andy

In 2012, New Zealand police seized computer drives belonging to Kim Dotcom, copies of which were unlawfully given to the FBI. Dotcom wants access to the seized content but the drives are encrypted. A judge has now ruled that even if the Megaupload founder supplies the passwords, they cannot subsequently be forwarded to the FBI.

During the raid more than two years ago on his now-famous mansion, police in New Zealand seized 135 computers and drives belonging to Kim Dotcom.

In May 2012 during a hearing at Auckland’s High Court, lawyer Paul Davison QC demanded access to the data stored on the confiscated equipment, arguing that without it Dotcom could not mount a proper defense.

The FBI objected to the request due to some of the data being encrypted. However, Dotcom refused to hand over the decryption passwords unless the court guaranteed him access to the data. At this point it was revealed that despite assurances from the court to the contrary, New Zealand police had already sent copies of the data to U.S. authorities.

In May 2014, Davison was back in court arguing that New Zealand police should release copies of the data from the seized computers and drives, reiterating the claim that without the information Dotcom could not get a fair trial. The High Court previously ruled that the Megaupload founder could have copies, on the condition he handed over the encryption keys.

But while Dotcom subsequently agreed to hand over the passwords, that was on the condition that New Zealand police would not hand them over to U.S. authorities. Dotcom also said he couldn’t remember the passwords after all but may be able to do so if he gained access to prompt files contained on the drives.

The police agreed to give Dotcom access to the prompts but with the quid pro quo that the revealed passwords could be passed onto the United States, contrary to Dotcom’s wishes.

Today Justice Winkelmann ruled that if the police do indeed obtain the codes, they must not hand them over to the FBI. Reason being, the copies of the computers and drives should never have been sent to the United States in the first place.

While the ruling is a plus for Dotcom, the entrepreneur today expressed suspicion over whether the FBI even need the encryption codes.

“NZ Police is not allowed to provide my encryption password to the FBI,” he wrote on Twitter, adding, “As if they don’t have it already.”
http://torrentfreak.com/dotcom-encry...-rules-140702/





Rising Use of Encryption Foiled the Cops a Record 9 Times in 2013
Andy Greenberg

The spread of usable encryption tools hasn’t exactly made law enforcement wiretaps obsolete. But in a handful of cases over the past year—and more than ever before—it did shut down cops’ attempts to eavesdrop on criminal suspects, the latest sign of a slow but steady increase in encryption’s adoption by police targets over the last decade.

In nine cases in 2013, state police were unable to break the encryption used by criminal suspects they were investigating, according to an annual report on law enforcement eavesdropping released by the U.S. court system on Wednesday. That’s more than twice as many cases as in 2012, when police said that they’d been stymied by crypto in four cases—and that was the first year they’d ever reported encryption preventing them from successfully surveilling a criminal suspect. Before then, the number stood at zero.

The cases in which cops encountered encryption at all, it’s worth noting, still represent just a tiny fraction of law enforcement’s growing overall number of surveillance targets. Feds and state police eavesdropped on U.S. suspects’ phone calls, text messages, and other communications at least 3,500 times in 2013, a statistic that will likely be revised upwards over the next year as law enforcement’s data becomes more complete. Of those thousands of cases, only 41 involved encryption at all. And in 32 cases cops were able to somehow circumvent or break suspects’ privacy protections to eavesdrop on their targets unimpeded. The report doesn’t include details of the specific cases.

Those numbers still contradict the warnings from government agencies like the FBI for more than a decade that the free availability of encryption tools will eventually lead to a “going dark” problem, a dystopian future where criminals and terrorists use privacy tools to make their communications invisible to law enforcement. Last year, for instance, the Drug Enforcement Agency leaked an internal report complaining that Apple’s iMessage encryption was blocking their investigations of drug dealers. “So the cryptapocalypse they warned us about in the 90′s has come to pass,” University of Pennsylvania computer science professor Matt Blaze noted drily on twitter. “Strong crypto used in a whopping 0.25% of wiretaps last year.”

Even so, a look back at the last ten years’ statistics from police reports shows that encryption use is on the rise, even if the number of cases remains small and most encryption use is still futile. As recently as 2006 and 2007, police reported that they hadn’t encountered any uses of encryption at all, and only dealt with one case of a suspect using encryption in 2009, as shown in the chart below. (In Thursday’s report, police also counted another 52 cases of encryption use by their targets prior to 2013, but didn’t specify in which years those incidents had occurred.)

That steady trickle of encryption tools into the public’s hands is a sign that Americans’ awareness of surveillance is rising. Edward Snowden’s leaks about NSA surveillance began dropping in July of last year, and carried with them a wave of interest in new privacy technologies. “Post-Snowden, both people and companies have become more sophisticated in safeguarding their communications,” says Hanni Fakhoury, a surveillance-focused attorney with the Electronic Frontier Foundation. “When you look at this report next year, there will no doubt be even more use of encryption.”

Crypto aside, the report noted a significant drop in the cost of cops’ surveillance. Police reported an average of $41,119 per case in which they intercepted a suspect’s communications in 2013. That’s down 18 percent from the year before, and represents the cheapest snooping ever, perhaps thanks to advances in surveillance technology. In 2003, for instance, a wiretap cost an average of $62,164, almost 50 percent more than today.

That steady drop in the price of spying may be one reason why the number of total wiretap cases has steadily grown over the past decade. Although the total wiretap count for 2013 is still incomplete, it added up to 4,927 cases in 2012, more than twice the 2,136 cases in 2003.

In other words, privacy activists have little reason to celebrate, and police complaints about encryption foiling their investigations ring hollow. “You’ll see the government prop encryption up as a boogeyman, but this is actually a very small problem for them,” he says. “It’s stretching it to say, ‘In nine cases this was an obstacle so we need to rewrite the criminal code.’ That’s overkill.”
http://www.wired.com/2014/07/rising-...times-in-2013/





The Ultra-Simple App That Lets Anyone Encrypt Anything
Andy Greenberg

Encryption is hard. When NSA leaker Edward Snowden wanted to communicate with journalist Glenn Greenwald via encrypted email, Greenwald couldn’t figure out the venerable crypto program PGP even after Snowden made a 12-minute tutorial video.

Nadim Kobeissi wants to bulldoze that steep learning curve. At the HOPE hacker conference in New York later this month he’ll release a beta version of an all-purpose file encryption program called miniLock, a free and open-source browser plugin designed to let even Luddites encrypt and decrypt files with practically uncrackable cryptographic protection in seconds.

“The tagline is that this is file encryption that does more with less,” says Kobeissi, a 23-year old coder, activist and security consultant. “It’s super simple, approachable, and it’s almost impossible to be confused using it.”

Kobeissi’s creation, which he says is in an experimental phase and shouldn’t yet be used for high security files, may in fact be the easiest encryption software of its kind. In an early version of the Google Chrome plugin tested by WIRED, we were able to drag and drop a file into the program in seconds, scrambling the data such that no one but the intended recipient—in theory not even law enforcement or intelligence agencies—could unscramble and read it. MiniLock can be used to encrypt anything from video email attachments to photos stored on a USB drive, or to encrypt files for secure storage on Dropbox or Google Drive.

Like the older PGP, miniLock offers so-called “public key” encryption. In public key encryption systems, users have two cryptographic keys, a public key and a private one. They share the public key with anyone who wants to securely send them files; anything encrypted with that public key can only be decrypted with their private key, which the user guards closely.

Kobeissi’s version of public key encryption hides nearly all of that complexity. There’s no need to even register or log in—every time miniLock launches, the user enters only a passphrase, though miniLock requires a strong one with as many as 30 characters or a lot of symbols and numbers. From that passphrase, the program derives a public key, which it calls a miniLock ID, and a private key, which the user never sees and is erased when the program closes. Both are the same every time the user enters the passphrase. That trick of generating the same keys again in every session means anyone can use the program on any computer without worrying about safely storing or moving a sensitive private key.

“No logins, and no private keys to manage. Both are eliminated. That’s what’s special,” says Kobeissi. “Users can have their identity for sending and receiving files on any computer that has miniLock installed, without needing to have an account like a web service does, and without needing to manage key files like PGP.”

In fact, miniLock uses a flavor of encryption that had barely been developed when PGP became popular in the 1990s: elliptic curve cryptography. Kobeissi says that crypto toolset allows for tricks that haven’t been possible before; PGP’s public keys, which users have to share with anyone who wants to send them encrypted files, often fill close to a page with random text. MiniLock IDs are only 44 characters, small enough that they can fit in a tweet with room to spare. And elliptic curve crypto makes possible miniLock’s feature of deriving the user’s keys from his or her passphrase every time it’s entered rather than storing them. Kobeissi says he’s saving the full technical explanation of miniLock’s elliptic curve feats for his HOPE conference talk.

Despite all those clever features, miniLock may not get a warm welcome from the crypto community. Kobeissi’s best-known previous creation is Cryptocat, a secure chat program that, like miniLock, made encryption so easy that a five-year-old could use it. But it also suffered from several serious security flaws that led many in the security community to dismiss it as useless or worse, a trap offering vulnerable users an illusion of privacy.

But the flaws that made Cryptocat into the security community’s whipping boy have been fixed, Kobeissi points out. Today the program been downloaded close to 750,000 times, and in a security ranking of chat programs by the German security firm PSW Group last month it tied for first place.

Despite Cryptocat’s early flaws, miniLock shouldn’t be dismissed, says Matthew Green, a cryptography professor at Johns Hopkins University who highlighted previous bugs in Cryptocat and has now also reviewed Kobeissi’s design spec for miniLock. “Nadim gets a lot of crap,” Green says. “But slighting him over things he did years ago is getting to be pretty unfair.”

Green is cautiously optimistic about miniLock’s security. “I wouldn’t go out and encrypt NSA documents with it right now,” he says. “But it has a nice and simple cryptographic design, with not a lot of places for it to go wrong…This is one that I actually think will take some review, but could be pretty secure.”

Kobeissi says he’s also learned lessons from Cryptocat’s failures: miniLock won’t initially be released in the Chrome Web Store. Instead, he’s making its code available on GitHub for review, and has taken special pains to document how it works in detail for any auditors. “This isn’t my first rodeo,” he says. “[MiniLock's] openness is designed to show sound programming practice, studied cryptographic design decisions, and to make it easy to evaluate miniLock for potential bugs.”

If miniLock becomes the first truly idiot-proof public key encryption program, it could bring sophisticated encryption to a broad new audience. “PGP sucks,” Johns Hopkins’ Green says. “The ability for regular people to encrypt files is actually a valuable thing…[Kobeissi] has stripped away the complexity and made this thing that does what we need it to do.”
http://www.wired.com/2014/07/miniloc...le-encryption/





Austrian Tor Exit Node Operator Found Guilty as an Accomplice Because Someone Used His Node to Commit a Crime
Mike Masnick

Three years ago we wrote about how Austrian police had seized computers from someone running a Tor exit node. This kind of thing happens from time to time, but it appears that folks in Austria have taken it up a notch by... effectively now making it illegal to run a Tor exit node. According to the report, which was confirmed by the accused, the court found that running the node violated §12 of the Austrian penal code, which effectively says:

Not only the immediate perpetrator commits a criminal action, but also anyone who appoints someone to carry it out, or anyone who otherwise contributes to the completion of said criminal action.

In other words, it's a form of accomplice liability for criminality. It's pretty standard to name criminal accomplices liable for "aiding and abetting" the activities of others, but it's a massive and incredibly dangerous stretch to argue that merely running a Tor exit node makes you an accomplice that "contributes to the completion" of a crime. Under this sort of thinking, Volkswagen would be liable if someone drove a VW as the getaway car in a bank robbery. It's a very, very broad interpretation of accomplice liability, in a situation where it clearly does not make sense.

Tragically, this comes out the same day that the EFF is promoting why everyone should use Tor. While it accurately notes that no one in the US has been prosecuted for running Tor, it may want to make a note about Austria. Hopefully there is some way to fight back on this ruling and take it to a higher court -- and hopefully whoever reviews it will be better informed about how Tor works and what it means to run an exit node.
https://www.techdirt.com/articles/20...-austria.shtml





Is there Another NSA Leaker?
Richard Stiennon

This morning a partial analysis of the NSA’s XKEYSCORE code was published in Germany. Jacob Applebaum, an evangelist for the The Onion Project (TOR), was one of the authors.

The report details specific rules written for one of the NSA’s data collection tools, XKEYSCORE, which collects the IP addresses of TOR bridges, and users of the TOR network.

TOR is an anonymizing service used by many human rights activists and dissidents around the world to access the Internet and escape persecution from their governments, like China. It is also reportedly highly targeted by the NSA.

One of the amazing offshoots of today’s story is that first Cory Doctorow speculated that the revealed source code came from a second leaker, not Snowden:

“Another expert said that s/he believed that this leak may come from a second source, not Edward Snowden, as s/he had not seen this in the original Snowden docs; and had seen other revelations that also appeared independent of the Snowden materials. If that's true, it's big news, as Snowden was the first person to ever leak docs from the NSA. The existence of a potential second source means that Snowden may have inspired some of his former colleagues to take a long, hard look at the agency's cavalier attitude to the law and decency.”

This was quickly backed up by a statement from Bruce Schneier, who has worked directly with Glenn Greenwald to help analyze the Snowden trove specifically in relation to the subverting of encryption algorithms.

Schneier posted on his site:

“And, since Cory said it, I do not believe that this came from the Snowden documents. I also don't believe the TAO catalog came from the Snowden documents. I think there's a second leaker out there.”

In other words Schneier apparently is confirming that he had not seen the TAO ANT Catalog in the Snowden collection, which he keeps on a separate laptop that he has never connected to the Internet.

A second NSA leak spells big trouble for the surveillance state.
http://www.securitycurrent.com/en/wr...her-nsa-leaker





NSA Targets the Privacy-Conscious
von J. Appelbaum, A. Gibson, J. Goetz, V. Kabisch, L. Kampf, L. Ryge

The investigation discloses the following:

• Two servers in Germany - in Berlin and Nuremberg - are under surveillance by the NSA.
• Merely searching the web for the privacy-enhancing software tools outlined in the XKeyscore rules causes the NSA to mark and track the IP address of the person doing the search. Not only are German privacy software users tracked, but the source code shows that privacy software users worldwide are tracked by the NSA.
• Among the NSA's targets is the Tor network funded primarily by the US government to aid democracy advocates in authoritarian states.
• The XKeyscore rules reveal that the NSA tracks all connections to a server that hosts part of an anonymous email service at the MIT Computer Science and Artificial Intelligence Laboratory (CSAIL) in Cambridge, Massachusetts. It also records details about visits to a popular internet journal for Linux operating system users called "the Linux Journal - the Original Magazine of the Linux Community", and calls it an "extremist forum".

It is a small server that looks like any of the other dozens in the same row. It is in a large room devoted to computers and computer storage, just like every other room in this industrial park building on Am Tower Street just outside the city of Nuremberg. That the grey building is surrounded by barbed wire seems to indicate that the servers' provider is working hard to secure their customers' data.

Yet despite these efforts, one of the servers is targeted by the NSA.

The IP address 212.212.245.170 is explicitly specified in the rules of the powerful and invasive spy software program XKeyscore. The code is published here exclusively for the first time.

After a year of NSA revelations based on documents that focus on program names and high-level Powerpoint presentations, NDR and WDR are revealing NSA source code that shows how these programs function and how they are implemented in Germany and around the world.

Months of investigation by the German public television broadcasters NDR and WDR, drawing on exclusive access to top secret NSA source code, interviews with former NSA employees, and the review of secret documents of the German government reveal that not only is the server in Nuremberg under observation by the NSA, but so is virtually anyone who has taken an interest in several well-known privacy software systems.

The NSA program XKeyscore is a collection and analysis tool and "a computer network exploitation system", as described in an NSA presentation. It is one of the agency’s most ambitious programs devoted to gathering "nearly everything a user does on the internet." The source code contains several rules that enable agents using XKeyscore to surveil privacy-conscious internet users around the world. The rules published here are specifically directed at the infrastructure and the users of the Tor Network, the Tails operating system, and other privacy-related software.

Tor, also known as The Onion Router, is a network of several thousand volunteer-operated servers, or nodes, that work in concert to conceal Tor users' IP addresses and thus keep them anonymous while online.

Tails is a privacy-focused GNU/Linux-based operating system that runs entirely from an external storage device such as a USB stick or CD. It comes with Tor and other privacy tools pre-installed and configured, and each time it reboots it automatically wipes everything that is not saved on an encrypted persistent storage medium.

Normally a user's online traffic - such as emails, instant messages, searches, or visits to websites - can be attributed to the IP address assigned to them by their internet service provider. When a user goes online over the Tor Network, their connections are relayed through a number of Tor nodes using another layer of encryption between each server such that the first server cannot see where the last server is located and vice-versa.

Tor is used by private individuals who want to conceal their online activity, human rights activists in oppressive regimes such as China and Iran, journalists who want to protect their sources, and even by the U.S. Drug Enforcement Agency in their efforts to infiltrate criminal groups without revealing their identity. The Tor Project is a non-profit charity based in Massachusetts and is primarily funded by government agencies. Thus it is ironic that the Tor Network has become such a high-priority target in the NSA's worldwide surveillance system.

As revealed by the British newspaper The Guardian, there have been repeated efforts to crack the Tor Network and de-anonymize its users. The top secret presentations published in October last year show that Tor is anathema to the NSA. In one presentation, agents refer to the network as "the king of high-secure, low-latency internet anonymity". Another is titled "Tor Stinks". Despite the snide remarks, the agents admit, "We will never be able to de-anonymize all Tor users all the time".

The former NSA director General Keith Alexander stated that all those communicating with encryption will be regarded as terror suspects and will be monitored and stored as a method of prevention, as quoted by the Frankfurter Allgemeine Zeitung in August last year. The top secret source code published here indicates that the NSA is making a concerted effort to combat any and all anonymous spaces that remain on the internet. Merely visiting privacy-related websites is enough for a user's IP address to be logged into an NSA database.

An examination of the XKeyscore rules published here goes beyond the slide presentation and provides a window into the actual instructions given to NSA computers. The code was deployed recently and former NSA employees and experts are convinced that the same code or similar code is still in use today. The XKeyscore rules include elements known as "appids", "fingerprints", and "microplugins". Each connection a user makes online - to a search engine, for example - can be assigned a single appid and any number of fingerprints.

Appids are unique identifiers for a connection in XKeyscore. Appid rules have weights assigned to them. When multiple appids match a given connection, the one with the highest weight is chosen. Microplugins may contain software written in general-purpose programming languages, such as C++, which can extract and store specific types of data. The rules specifically target the Tor Project's email and web infrastructure, as well as servers operated by key volunteers in Germany, the United States, Sweden, Austria, and the Netherlands. Beyond being ethically questionable, the attacks on Tor also raise legal concerns. The IP addresses of Tor servers in the United States are amongst the targets, which could violate the fourth amendment of the US constitution.

The German attorney Thomas Stadler, who specializes in IT law, commented: "The fact that a German citizen is specifically traced by the NSA, in my opinion, justifies the reasonable suspicion of the NSA carrying out secret service activities in Germany. For this reason, the German Federal Public Prosecutor should look into this matter and initiate preliminary proceedings."

One of NSA's German targets is 212.212.245.170. The string of numbers is an IP address assigned to Sebastian Hahn, a computer science student at the University of Erlangen. Hahn operates the server out of a grey high-security building a few kilometers from where he lives. Hahn, 28 years old and sporting a red beard, volunteers for the Tor Project in his free time. He is especially trusted by the Tor community, as his server is not just a node, it is a so-called Directory Authority. There are nine of these worldwide, and they are central to the Tor Network, as they contain an index of all Tor nodes. A user's traffic is automatically directed to one of the directory authorities to download the newest list of Tor relays generated each hour.

Hahn's predecessor named the server Gabelmoo, or Fork Man, the nickname of a local statue of Poseidon. After a look at the NSA source code, Hahn quickly found his server's name listed in the XKeyscore rules. "Yes, I recognize the IP address of my Tor server called 'gabelmoo'." he said. "Millions of people use it to stay safe online, and by watching the server and collecting metadata about its users, those people are put at risk." The rule shown to Hahn, published below, has a fingerprint called 'anonymizer/tor/node/authority'. The fingerprint targets users who connect to Gabelmoo and other Tor Directory Authority servers. In Germany, the Tor Directory Authorities like Gabelmoo that are specifically targeted by XKeyscore rules are in Berlin and Nuremberg. Additional targets are located in Austria, Sweden, the United States, and the Netherlands.

The expression below performs essentially the same function, but it specifies the Tor directory authorities located in Five Eyes countries (Australia, Canada, New Zealand, the United Kingdom and the United States) separately from those in other countries. As the comment explains, the "goal is to find potential Tor clients connecting to the Tor directory servers."

Another rule catalogs users connecting to known Tor relays. This is not difficult, because the addresses of all normal Tor relays are published by the directory authorities so that the Tor software on users' computers can select its own path through the network. In addition to the public relays, connections characterized as Tor based on protocol identifiers are also cataloged.

Not only Metadata

Internet service providers in countries with strong censorship such as China and Iran frequently block connections to known Tor relays. To avoid this blocking, The Tor Project maintains a list of non-public relays called "bridges" to allow users to avoid this type of blocking. Bridges are run by volunteers and they share the details with the Tor Project to help censored users reach the internet.

Users can request a bridge address via email or on the web. The following fingerprints show two ways that XKeyscore attempts to track Tor bridge users. First, the fingerprint "anonymizer/tor/bridge/tls" records connections to the bridges.torproject.org server. Second, in order obtain the actual bridge addresses for the purpose of tracking connections to them in the future, the "microplugin" fingerprint called "anonymizer/tor/bridge/email" extracts data from the body of the emails that the Tor Project sends to its users.

This code demonstrates the ease with which an XKeyscore rule can analyze the full content of intercepted connections. The fingerprint first checks every message using the "email_address" function to see if the message is to or from "bridges@torproject.org". Next, if the address matched, it uses the "email_body" function to search the full content of the email for a particular piece of text - in this case, "https://bridges.torproject.org/". If the "email_body" function finds what it is looking for, it passes the full email text to a C++ program which extracts the bridge addresses and stores them in a database.

The full content of the email must already be intercepted before this code can analyze it. XKeyscore also keeps track of people who are not using Tor, but who are merely visiting The Tor Project's website (www.torproject.org), as this rule demonstrates:

It is interesting to note that this rule specifically avoids fingerprinting users believed to be located in Five Eyes countries, while other rules make no such distinction. For instance, the following fingerprint targets users visiting the Tails and Linux Journal websites, or performing certain web searches related to Tails, and makes no distinction about the country of the user.

The comment in the source code above describes Tails as "a comsec mechanism advocated by extremists on extremist forums". In actuality, the software is used by journalists, human rights activists, and hundreds of thousands of ordinary people who merely wish to protect their privacy.

The rules related to Tails clearly demonstrate how easily web searches and website visits can be spied on by XKeyscore. On June 25, 2014, the United States Supreme Court noted how sensitive this type of information is in their Riley v. Californiadecision against warrantless searches of mobile phones:

"An Internet search and browsing history [...] could reveal an individual’s private interests or concerns - perhaps a search for certain symptoms of disease, coupled with frequent visits to WebMD."

In addition to anonymous internet access, Tor also provides a mechanism for hosting anonymous internet services called "Hidden Services". These sites' URLs contain a domain name in the pseudo-top-level-domain ".onion" which is only accessible using Tor. The code shown below finds and catalogs URLs for these sites which XKeyscore sees in "raw traffic", creating a unique fingerprint for each onion address. Each .onion address found in raw traffic is extracted and stored in an NSA database:

There are also rules that target users of numerous other privacy-focused internet services, including HotSpotShield, FreeNet, Centurian, FreeProxies.org, MegaProxy, privacy.li and an anonymous email service called MixMinion as well as its predecessor MixMaster. The appid rule for MixMinion is extremely broad as it matches all traffic to or from the IP address 128.31.0.34, a server located on the MIT campus.

That server is operated by the Tor Project's leader Roger Dingledine, an MIT alumnus. The machine at this IP address provides many services besides MixMinion, and it is also one of the above-mentioned Tor directory authorities. Dingledine said "That computer hosts many websites, ranging from open source gaming libraries to the Privacy Enhancing Technologies Symposium website."

Sebastian Hahn, the Tor volunteer who runs Gabelmoo, was stunned to learn that his hobby could interest the NSA: "This shows that Tor is working well enough that Tor has become a target for the intelligence services. For me this means that I will definitely go ahead with the project.”

When asked for a reaction to the findings, the Tor Project's Roger Dingledine stated the following: "We've been thinking of state surveillance for years because of our work in places where journalists are threatened. Tor's anonymity is based on distributed trust, so observing traffic at one place in the Tor network, even a directory authority, isn't enough to break it. Tor has gone mainstream in the past few years, and its wide diversity of users - from civic-minded individuals and ordinary consumers to activists, law enforcement, and companies - is part of its security. Just learning that somebody visited the Tor or Tails website doesn't tell you whether that person is a journalist source, someone concerned that her Internet Service Provider will learn about her health conditions, or just someone irked that cat videos are blocked in her location.

Trying to make a list of Tor's millions of daily users certainly counts as wide scale collection. Their attack on the bridge address distribution service shows their "collect all the things" mentality - it's worth emphasizing that we designed bridges for users in countries like China and Iran, and here we are finding out about attacks by our own country. Does reading the contents of those mails violate the wiretap act? Now I understand how the Google engineers felt when they learned about the attacks on their infrastructure.”

NDR and WDR wanted to know from the NSA how it justified attacking a service funded by the U.S. government, under what legal authority Tor Network users are monitored, and whether the German government has any knowledge of the targeting of servers in Germany. Instead of adressing the questions repeatedly posed to them, the NSA provided the following statement: "In carrying out its mission, NSA collects only what it is authorized by law to collect for valid foreign intelligence purposes - regardless of the technical means used by foreign intelligence targets. The communications of people who are not foreign intelligence targets are of no use to the agency. In January, President Obama issued U.S. Presidential Policy Directive 28, which affirms that all persons - regardless of nationality - have legitimate privacy interests in the handling of their personal information, and that privacy and civil liberties shall be integral considerations in the planning of U.S. signals intelligence activities. The president's directive also makes clear that the United States does not collect signals intelligence for the purpose of suppressing or burdening criticism or dissent, or for disadvantaging persons based on their ethnicity, race, gender, sexual orientation, or religion. XKeyscore is an analytic tool that is used as a part of NSA's lawful foreign signals intelligence collection system. Such tools have stringent oversight and compliance mechanisms built in at several levels. The use of XKeyscore allows the agency to help defend the nation and protect U.S. and allied troops abroad. All of NSA's operations are conducted in strict accordance with the rule of law, including the President's new directive."

However, the research contradicts the United States' promise to Germany that German citizens are not surveiled without suspicion. Using Tor in Germany does not justify targeting someone, the German attorney Thomas Stadler states: "Tor users do not breach any laws, it is absolutely legitimate to act anonymously on the internet. There are many good reasons to remain anonymous."


What is deep packet inspection?

Deep Packet Inspection, or DPI, refers to the class of technology which examines the content of data packets as they travel across a network. A packet is the fundamental unit of transfer in packet switched networks like the internet. While DPI is commonly used by organizations to monitor their own networks, its use on public networks for censorship and surveillance has been widely condemned by privacy advocates and the United States government alike.

In 2012, the head of the U.S. Delegation to the World Conference on International Telecommunications, U.S. Ambassador Terry Kramer, said “some companies have used deep packet inspection technologies to not look at aggregate customer information, traffic information, et cetera, but to look at individual customer information. So looking at individuals and what sites they’re on and how much capacity they’re using, et cetera, as you can imagine, we’re very much opposed to that because we feel that’s a violation of people’s privacy and gets into, obviously, censorship, et cetera”.
Despite its public political condemnations of invasive DPI use, the United States "Intelligence Community" and its "Five Eyes" partners (Australia, Canada, New Zealand, and the United Kingdom) operate massive internet-scale DPI systems themselves, including XKeyscore. The use of XKeyscore is not limited to these partners, however. The software has been shared with the German BND and BfV, as well as the Swedish FRA, amongst others.

Active vs Passive

XKeyscore and the systems that feed it are considered "passive", meaning that they silently listen but do not transmit anything on the networks that they are targeting. However, through a process known as "tipping", data from these programs can trigger other systems which perform "active" attacks.
Quantum is a family of such programs, including Quantuminsert, Quantumhand, Quantumtheory, Quantumbot, and Quantumcopper, which are used for offensive computer intrusion. Turmoil, Quantum, and other components of the Turbulence architecture are running at so-called "defensive sites" including the Ramstein Air Force base in Germany, Yokota Air Force base in Japan, and numerous military and non-military locations within the United States.
Both Turmoil and XKeyscore feed selected data to real-time "tipping" programs, such as Trafficthief, which can both alert NSA analysts when their targets are communicating and trigger other software programs. Selected data is "promoted" from the local XKeyscore data store to the NSA's so-called "corporate repositories" for long term storage, analysis and exploitation.

More information about XKeyscore

In 2013, the British newspaper The Guardian revealed that by 2008 more than 150 internet surveillance facilities around the world were running the XKeyscore Deep Packet Inspection software. All of the internet traffic observed by XKeyscore, both metadata and full content, is analyzed and stored temporarily at the collection sites for periods ranging from days to weeks, while selected data is forwarded on to other locations for long-term storage.
The storage, indexing, and querying functions are performed at or near the collection sites because the volume of data being collected is too large to forward everything back to facilities in other countries. Analysts working from various locations around the world may search specific XKeyscore sites, or send their queries to a collection of sites.
XKeyscore provides a modular architecture in which tens of thousands of small computer programs, or rules, written in XKeyscore's specialized programming languages called Genesis and XKScript as well as general-purpose languages such as C++ and Python, are run against all traffic to categorize it and extract data. This indexing of the "full take" allows analysts to query the temporary storage stored at the XKeyscore site, effectively sifting through already pilfered communications which occurred before they had deemed them interesting for a specific reason.
XKeyscore can be fed by several different programs, including Wealthycluster and Turmoil. These programs "sessionize" the data, which means that individual connections, such as a request for a web page, are reconstructed from the stream of intercepted packets.
Locations where the NSA runs XKeyscore include Special Source Operations (SSO) sites, typically found at or near major telecommunication providers' infrastructure; Special Collection Service (SCS) sites, usually located inside diplomatic facilities like embassies and consulates; and FORNSAT sites where satellite communications are intercepted. All of these types of sites are known to exist in Germany.
Other "Five Eyes" partners also operate XKeyscore installations. The United Kingdom's Tempora program runs the largest instance of XKeyscore. Both the software itself and limited access to NSA databases have been shared with so-called "3rd party" partners including Germany. The German foreign intelligence agency BND and the domestic intelligence agency BfV are testing the Software.
http://daserste.ndr.de/panorama/aktu...us,nsa230.html





On Being Targeted by the NSA
phobos

As quoted in the original article on Das Erste:

We've been thinking of state surveillance for years because of our work in places where journalists are threatened. Tor's anonymity is based on distributed trust, so observing traffic at one place in the Tor network, even a directory authority, isn't enough to break it. Tor has gone mainstream in the past few years, and its wide diversity of users -- from civic-minded individuals and ordinary consumers to activists, law enforcement, and companies -- is part of its security. Just learning that somebody visited the Tor or Tails website doesn't tell you whether that person is a journalist source, someone concerned that her Internet Service Provider will learn about her health conditions, or just someone irked that cat videos are blocked in her location.

Trying to make a list of Tor's millions of daily users certainly counts as widescale collection. Their attack on the bridge address distribution service shows their "collect all the things" mentality -- it's worth emphasizing that we designed bridges for users in countries like China and Iran, and here we are finding out about attacks by our own country. Does reading the contents of those mails violate the wiretap act? Now I understand how the Google engineers felt when they learned about the attacks on their infrastructure.
https://blog.torproject.org/blog/being-targeted-nsa





Court Gave NSA Broad Leeway in Surveillance, Documents Show
Ellen Nakashima and Barton Gellman

Virtually no foreign government is off-limits for the National Security Agency, which has been authorized to intercept information “concerning” all but four countries, according to top-secret documents.

The United States has long had broad no-spying arrangements with those four countries — Britain, Canada, Australia and New Zealand — in a group known collectively with the United States as the Five Eyes. But a classified 2010 legal certification and other documents indicate the NSA has been given a far more elastic authority than previously known, one that allows it to intercept through U.S. companies not just the communications of its overseas targets but any communications about its targets as well.

The certification — approved by the Foreign Intelligence Surveillance Court and included among a set of documents leaked by former NSA contractor Edward Snowden — lists 193 countries that would be of valid interest for U.S. intelligence. The certification also permitted the agency to gather intelligence about entities including the World Bank, the International Monetary Fund, the European Union and the International Atomic Energy Agency.

The NSA is not necessarily targeting all the countries or organizations identified in the certification, the affidavits and an accompanying exhibit; it has only been given authority to do so. Still, the privacy implications are far-reaching, civil liberties advocates say, because of the wide spectrum of people who might be engaged in communication about foreign governments and entities and whose communications might be of interest to the United States.

“These documents show both the potential scope of the government’s surveillance activities and the exceedingly modest role the court plays in overseeing them,” said Jameel Jaffer, deputy legal director for the American Civil Liberties Union, who had the documents described to him.

NSA officials, who declined to comment on the certification or acknowledge its authenticity, stressed the constraints placed on foreign intelligence-gathering. The collection must relate to a foreign intelligence requirement — there are thousands — set for the intelligence agencies by the president, the director of national intelligence and various departments through the National Intelligence Priorities Framework.

Furthermore, former government officials said, it is prudent for the certification to list every country — even those whose affairs do not seem to immediately bear on U.S. national security interests or foreign policy.

“It’s not impossible to imagine a humanitarian crisis in a country that’s friendly to the United States, where the military might be expected on a moment’s notice to go in and evacuate all Americans,” said a former senior defense official who spoke on the condition of anonymity to discuss sensitive matters. “If that certification did not list the country,” the NSA could not gather intelligence under the law, the former official said.

The documents shed light on a little-understood process that is central to one of the NSA’s most significant surveillance programs: collection of the e-mails and phone calls of foreign targets under Section 702 of the 2008 FISA Amendments Act.

The foreign-government certification, signed by the attorney general and the director of national intelligence, is one of three approved annually by the Foreign Intelligence Surveillance Court, pursuant to the law. The other two relate to counterterrorism and counterproliferation, according to the documents and former officials.

Under the Section 702 program, the surveillance court also approves rules for surveillance targeting and for protecting Americans’ privacy. The certifications, together with the National Intelligence Priorities Framework, serve as the basis for targeting a person or an entity.

The documents underscore the remarkable breadth of potential “foreign intelligence” collection. Though the FISA Amendments Act grew out of an effort to place under statute a surveillance program devoted to countering terrorism, the result was a program far broader in scope.

An affidavit in support of the 2010 foreign-government certification said the NSA believes that foreigners who will be targeted for collection “possess, are expected to receive and/or are likely to communicate foreign intelligence information concerning these foreign powers.”

That language could allow for surveillance of academics, journalists and human rights researchers. A Swiss academic who has information on the German government’s position in the run-up to an international trade negotiation, for instance, could be targeted if the government has determined there is a foreign-intelligence need for that information. If a U.S. college professor e-mails the Swiss professor’s e-mail address or phone number to a colleague, the American’s e-mail could be collected as well, under the program’s court-approved rules.

Even the no-spy agreements with the Five Eye countries have exceptions. The agency’s principal targeting system automatically filters out phone calls from Britain, Canada, Australia and New Zealand. But it does not do so for their 28 sovereign territories, such as the British Virgin Islands. An NSA policy bulletin distributed in April 2013 said filtering out those country codes would slow the system down.

“Intelligence requirements, whether satisfied through human sources or electronic surveillance, involve information that may touch on almost every foreign country,” said Timothy Edgar, former privacy officer at the Office of the Director of National Intelligence and now a visiting fellow at Brown University’s Watson Institute for International Affairs.

Those efforts could include surveillance of all manner of foreign intelligence targets — anything from learning about Russian anti-submarine warfare to Chinese efforts to hack into American companies, Edgar said. “It’s unlikely the NSA would target academics, journalists or human rights researchers if there was any other way of getting information,” he said.

A spokeswoman for the NSA, Vanee Vines, said the agency may only target foreigners “reasonably believed to be outside the United States.”

Vines noted that in January, President Obama issued a policy directive stating that U.S. surveillance “shall be as tailored as feasible.” He also directed that the United States no longer spy on dozens of foreign heads of state and that sensitive targeting decisions be subject to high-level review.

“In short, there must be a particular intelligence need, policy approval and legal authorization for U.S. signals intelligence activities, including activities conducted pursuant to Section 702,” Vines said.

On Friday, the Office of the Director of National Intelligence released a transparency report stating that in 2013 the government targeted nearly 90,000 foreign individuals or organizations for foreign surveillance under the program. Some tech-
industry lawyers say the number is relatively low, considering that several billion people use U.S. e-mail services.

Still, some lawmakers are concerned that the potential for intrusions on Americans’ privacy has grown under the 2008 law because the government is intercepting not just communications of its targets but communications about its targets as well. The expansiveness of the foreign-powers certification increases that concern.

In a 2011 FISA court opinion, a judge using an NSA-provided sample estimated that the agency could be collecting as many as 46,000 wholly domestic e-mails a year that mentioned a particular target’s e-mail address or phone number, in what is referred to as “about” collection.

“When Congress passed Section 702 back in 2008, most members of Congress had no idea that the government was collecting Americans’ communications simply because they contained a particular individual’s contact information,” Sen. Ron Wyden (D-Ore.), who has co-sponsored #legislation to narrow “about” collection authority, said in an e-mail to The Washington Post. “If ‘about the target’ collection were limited to genuine national security threats, there would be very little privacy impact. In fact, this collection is much broader than that, and it is scooping up huge amounts of Americans’ wholly domestic communications.”

Government officials argue that the wholly domestic e-mails represent a tiny fraction — far less than 1 percent — of the volume collected. They point to court-imposed rules to protect the privacy of U.S. persons whose communications are picked up in error or because they are in contact with foreign targets.

In general, if Americans’ identities are not central to the import of a communication, they must be masked before being shared with another agency. Communications collected from companies that operate high-volume cables — instead of directly from technology firms such as Yahoo or Google — are kept for two years instead of five. Some of the most sensitive ones are segregated and may not be used without written permission from the NSA director.

Privacy advocates say the rules are riddled with exceptions. They point out that wholly domestic communications may be kept and shared if they contain significant foreign intelligence, a term that is defined broadly, or evidence of a crime. They also note that the rules allow NSA access to certain attorney-client communications, pending review by the agency’s general counsel.

Jennifer Granick, the director of civil liberties at the Stanford Center for Internet and Society, expressed concern about the prospect of capturing e-mails and phone calls of law-abiding foreigners. “The breadth of the certification suggests that the court is authorizing the government to spy on average foreigners and doesn’t exercise much if any control beyond that,” she said.

Some former officials say that the court’s role has been appropriately limited when it comes to foreign targeting decisions, which traditionally have been the purview of the executive branch. The court generally has focused on ensuring that domestic surveillance is targeted at foreign spies or agents of a foreign power.

“Remember, the FISA court is not there to protect the privacy interests of foreign people,” the former defense official said. “That’s not its purpose, however noble the cause might be. Its purpose is to protect the privacy interests of persons guaranteed those protections under the Constitution.”

The only reason the court has oversight of the NSA program is that Congress in 2008 gave the government a new authority to gather intelligence from U.S. companies that own the Internet cables running through the United States, former officials noted.

Edgar, the former privacy officer at the Office of the Director of National Intelligence, said ultimately he believes the authority should be narrowed. “There are valid privacy concerns with leaving these collection decisions entirely in the executive branch,” he said. “There shouldn’t be broad collection, using this authority, of foreign government information without any meaningful judicial role that defines the limits of what can be collected.”
http://www.washingtonpost.com/world/...5f1_story.html





In NSA-Intercepted Data, Those Not Targeted Far Outnumber the Foreigners Who Are

Files provided by Snowden show extent to which ordinary Web users are caught in the net
Barton Gellman, Julie Tate and Ashkan Soltani

Ordinary Internet users, American and non-American alike, far outnumber legally targeted foreigners in the communications intercepted by the National Security Agency from U.S. digital networks, according to a four-month investigation by The Washington Post.

Nine of 10 account holders found in a large cache of intercepted conversations, which former NSA contractor Edward Snowden provided in full to The Post, were not the intended surveillance targets but were caught in a net the agency had cast for somebody else.

Many of them were Americans. Nearly half of the surveillance files, a strikingly high proportion, contained names, e-mail addresses or other details that the NSA marked as belonging to U.S. citizens or residents. NSA analysts masked, or “minimized,” more than 65,000 such references to protect Americans’ privacy, but The Post found nearly 900 additional e-mail addresses, unmasked in the files, that could be strongly linked to U.S. citizens or U.S.residents.

The surveillance files highlight a policy dilemma that has been aired only abstractly in public. There are discoveries of considerable intelligence value in the intercepted messages — and collateral harm to privacy on a scale that the Obama administration has not been willing to address.

Among the most valuable contents — which The Post will not describe in detail, to avoid interfering with ongoing operations — are fresh revelations about a secret overseas nuclear project, double-dealing by an ostensible ally, a military calamity that befell an unfriendly power, and the identities of aggressive intruders into U.S. computer networks.

Months of tracking communications across more than 50 alias accounts, the files show, led directly to the 2011 capture in Abbottabad of Muhammad Tahir Shahzad, a Pakistan-based bomb builder, and Umar Patek, a suspect in a 2002 terrorist bombing on the Indonesian island of Bali. At the request of CIA officials, The Post is withholding other examples that officials said would compromise ongoing operations.

Many other files, described as useless by the analysts but nonetheless retained, have a startlingly intimate, even voyeuristic quality. They tell stories of love and heartbreak, illicit sexual liaisons, mental-health crises, political and religious conversions, financial anxieties and disappointed hopes. The daily lives of more than 10,000 account holders who were not targeted are catalogued and recorded nevertheless.

In order to allow time for analysis and outside reporting, neither Snowden nor The Post has disclosed until now that he obtained and shared the content of intercepted communications. The cache Snowden provided came from domestic NSA operations under the broad authority granted by Congress in 2008 with amendments to the Foreign Intelligence Surveillance Act. FISA content is generally stored in closely controlled data repositories, and for more than a year, senior government officials have depicted it as beyond Snowden’s reach.

The Post reviewed roughly 160,000 intercepted e-mail and instant-message conversations, some of them hundreds of pages long, and 7,900 documents taken from more than 11,000 online accounts.

The material spans President Obama’s first term, from 2009 to 2012, a period of exponential growth for the NSA’s domestic collection.

Taken together, the files offer an unprecedented vantage point on the changes wrought by Section 702 of the FISA amendments, which enabled the NSA to make freer use of methods that for 30 years had required probable cause and a warrant from a judge. One program, code-named PRISM, extracts content stored in user accounts at Yahoo, Microsoft, Facebook, Google and five other leading Internet companies. Another, known inside the NSA as Upstream, intercepts data on the move as it crosses the U.S. junctions of global voice and data networks.

No government oversight body, including the Justice Department, the Foreign Intelligence Surveillance Court, intelligence committees in Congress or the president’s Privacy and Civil Liberties Oversight Board, has delved into a comparably large sample of what the NSA actually collects — not only from its targets but also from people who may cross a target’s path.

in a large cache of NSA intercepts provided by former agency contractor Edward Snowden. (Images obtained by The Washington Post)
Among the latter are medical records sent from one family member to another, résumés from job hunters and academic transcripts of schoolchildren. In one photo, a young girl in religious dress beams at a camera outside a mosque.

Scores of pictures show infants and toddlers in bathtubs, on swings, sprawled on their backs and kissed by their mothers. In some photos, men show off their physiques. In others, women model lingerie, leaning suggestively into a webcam or striking risque poses in shorts and bikini tops.

“None of the hits that were received were relevant,” two Navy cryptologic technicians write in one of many summaries of nonproductive surveillance. “No additional information,” writes a civilian analyst. Another makes fun of a suspected kidnapper, newly arrived in Syria before the current civil war, who begs for employment as a janitor and makes wide-eyed observations about the state of undress displayed by women on local beaches.

By law, the NSA may “target” only foreign nationals located overseas unless it obtains a warrant based on probable cause from a special surveillance court. For collection under PRISM and Upstream rules, analysts must state a reasonable belief that the target has information of value about a foreign government, a terrorist organization or the spread of nonconventional weapons.

Most of the people caught up in those programs are not the targets and would not lawfully qualify as such. “Incidental collection” of third-party communications is inevitable in many forms of surveillance, but in other contexts the U.S. government works harder to limit and discard irrelevant data. In criminal wiretaps, for example, the FBI is supposed to stop listening to a call if a suspect’s wife or child is using the phone.

There are many ways to be swept up incidentally in surveillance aimed at a valid foreign target. Some of those in the Snowden archive were monitored because they interacted directly with a target, but others had more-tenuous links.

If a target entered an online chat room, the NSA collected the words and identities of every person who posted there, regardless of subject, as well as every person who simply “lurked,” reading passively what other people wrote.

“1 target, 38 others on there,” one analyst wrote. She collected data on them all.

In other cases, the NSA designated as its target the Internet protocol, or IP, address of a computer server used by hundreds of people.

The NSA treats all content intercepted incidentally from third parties as permissible to retain, store, search and distribute to its government customers. Raj De, the agency’s general counsel, has testified that the NSA does not generally attempt to remove irrelevant personal content, because it is difficult for one analyst to know what might become relevant to another.

The Obama administration declines to discuss the scale of incidental collection. The NSA, backed by Director of National Intelligence James R. Clapper Jr., has asserted that it is unable to make any estimate, even in classified form, of the number of Americans swept in. It is not obvious why the NSA could not offer at least a partial count, given that its analysts routinely pick out “U.S. persons” and mask their identities, in most cases, before distributing intelligence reports.

If Snowden’s sample is representative, the population under scrutiny in the PRISM and Upstream programs is far larger than the government has suggested. In a June 26 “transparency report,” the Office of the Director of National Intelligence disclosed that 89,138 people were targets of last year’s collection under FISA Section 702. At the 9-to-1 ratio of incidental collection in Snowden’s sample, the office’s figure would correspond to nearly 900,000 accounts, targeted or not, under surveillance.

‘He didn’t get this data’

U.S. intelligence officials declined to confirm or deny in general terms the authenticity of the intercepted content provided by Snowden, but they made off-the-record requests to withhold specific details that they said would alert the targets of ongoing surveillance. Some officials, who declined to be quoted by name, described Snowden’s handling of the sensitive files as reckless.

In an interview, Snowden said “primary documents” offered the only path to a concrete debate about the costs and benefits of Section 702 surveillance. He did not favor public release of the full archive, he said, but he did not think a reporter could understand the programs “without being able to review some of that surveillance, both the justified and unjustified.”

“While people may disagree about where to draw the line on publication, I know that you and The Post have enough sense of civic duty to consult with the government to ensure that the reporting on and handling of this material causes no harm,” he said.

In Snowden’s view, the PRISM and Upstream programs have “crossed the line of proportionality.”

“Even if one could conceivably justify the initial, inadvertent interception of baby pictures and love letters of innocent bystanders,” he added, “their continued storage in government databases is both troubling and dangerous. Who knows how that information will be used in the future?”

For close to a year, NSA and other government officials have appeared to deny, in congressional testimony and public statements, that Snowden had any access to the material.

As recently as May, shortly after he retired as NSA director, Gen. Keith Alexander denied that Snowden could have passed FISA content to journalists.

“He didn’t get this data,” Alexander told a New Yorker reporter. “They didn’t touch —”

“The operational data?” the reporter asked.

“They didn’t touch the FISA data,” Alexander replied. He added, “That database, he didn’t have access to.”

Robert S. Litt, the general counsel for the Office of the Director of National Intelligence, said in a prepared statement that Alexander and other officials were speaking only about “raw” intelligence, the term for intercepted content that has not yet been evaluated, stamped with classification markings or minimized to mask U.S. identities.

“We have talked about the very strict controls on raw traffic, the training that people have to have, the technological lockdowns on access,” Litt said. “Nothing that you have given us indicates that Snowden was able to circumvent that in any way.”

In the interview, Snowden said he did not need to circumvent those controls, because his final position as a contractor for Booz Allen at the NSA’s Hawaii operations center gave him “unusually broad, unescorted access to raw SIGINT [signals intelligence] under a special ‘Dual Authorities’ role,” a reference to Section 702 for domestic collection and Executive Order 12333 for collection overseas. Those credentials, he said, allowed him to search stored content — and “task” new collection — without prior approval of his search terms.

“If I had wanted to pull a copy of a judge’s or a senator’s e-mail, all I had to do was enter that selector into XKEYSCORE,” one of the NSA’s main query systems, he said.

The NSA has released an e-mail exchange acknowledging that Snowden took the required training classes for access to those systems.

‘Minimized U.S. president’

At one level, the NSA shows scrupulous care in protecting the privacy of U.S. nationals and, by policy, those of its four closest intelligence allies — Britain, Australia, Canada and New Zealand.

More than 1,000 distinct “minimization” terms appear in the files, attempting to mask the identities of “possible,” “potential” and “probable” U.S. persons, along with the names of U.S. beverage companies, universities, fast-food chains and Web-mail hosts.

Some of them border on the absurd, using titles that could apply to only one man. A “minimized U.S. president-elect” begins to appear in the files in early 2009, and references to the current “minimized U.S. president” appear 1,227 times in the following four years.

Even so, unmasked identities remain in the NSA’s files, and the agency’s policy is to hold on to “incidentally” collected U.S. content, even if it does not appear to contain foreign intelligence.

In one exchange captured in the files, a young American asks a Pakistani friend in late 2009 what he thinks of the war in Afghanistan. The Pakistani replies that it is a religious struggle against 44 enemy states.

Startled, the American says “they, ah, they arent heavily participating . . . its like . . . in a football game, the other team is the enemy, not the other teams waterboy and cheerleaders.”

“No,” the Pakistani shoots back. “The ther teams water boy is also an enemy. it is law of our religion.”

“haha, sorry thats kind of funny,” the American replies.

When NSA and allied analysts really want to target an account, their concern for U.S. privacy diminishes. The rationales they use to judge foreignness sometimes stretch legal rules or well-known technical facts to the breaking point.

In their classified internal communications, colleagues and supervisors often remind the analysts that PRISM and Upstream collection have a “lower threshold for foreignness ‘standard of proof’ ” than a traditional surveillance warrant from a FISA judge, requiring only a “reasonable belief” and not probable cause.

One analyst rests her claim that a target is foreign on the fact that his e-mails are written in a foreign language, a quality shared by tens of millions of Americans. Others are allowed to presume that anyone on the chat “buddy list” of a known foreign national is also foreign.

In many other cases, analysts seek and obtain approval to treat an account as “foreign” if someone connects to it from a computer address that seems to be overseas. “The best foreignness explanations have the selector being accessed via a foreign IP address,” an NSA supervisor instructs an allied analyst in Australia.

Apart from the fact that tens of millions of Americans live and travel overseas, additional millions use simple tools called proxies to redirect their data traffic around the world, for business or pleasure. World Cup fans this month have been using a browser extension called Hola to watch live-streamed games that are unavailable from their own countries. The same trick is routinely used by Americans who want to watch BBC video. The NSA also relies routinely on locations embedded in Yahoo tracking cookies, which are widely regarded by online advertisers as unreliable.

In an ordinary FISA surveillance application, the judge grants a warrant and requires a fresh review of probable cause — and the content of collected surveillance — every 90 days. When renewal fails, NSA and allied analysts sometimes switch to the more lenient standards of PRISM and Upstream.

“These selectors were previously under FISA warrant but the warrants have expired,” one analyst writes, requesting that surveillance resume under the looser standards of Section 702. The request was granted.

‘I don’t like people knowing’

She was 29 and shattered by divorce, converting to Islam in search of comfort and love. He was three years younger, rugged and restless. His parents had fled Kabul and raised him in Australia, but he dreamed of returning to Afghanistan.

One day when she was sick in bed, he brought her tea. Their faith forbade what happened next, and later she recalled it with shame.

“what we did was evil and cursed and may allah swt MOST merciful forgive us for giving in to our nafs [desires]”

Still, a romance grew. They fought. They spoke of marriage. They fought again.

All of this was in the files because, around the same time, he went looking for the Taliban.

He found an e-mail address on its English-language Web site and wrote repeatedly, professing loyalty to the one true faith, offering to “come help my brothers” and join the fight against the unbelievers.

On May 30, 2012, without a word to her, he boarded a plane to begin a journey to Kandahar. He left word that he would not see her again.

If that had been the end of it, there would not be more than 800 pages of anguished correspondence between them in the archives of the NSA and its counterpart, the Australian Signals Directorate.

He had made himself a target. She was the collateral damage, placed under a microscope as she tried to adjust to the loss.

Three weeks after he landed in Kandahar, she found him on Facebook.

“Im putting all my pride aside just to say that i will miss you dearly and your the only person that i really allowed myself to get close to after losing my ex husband, my dad and my brother.. Im glad it was so easy for you to move on and put what we had aside and for me well Im just soo happy i met you. You will always remain in my heart. I know you left for a purpose it hurts like hell sometimes not because Im needy but because i wish i could have been with you.”

His replies were cool, then insulting, and gradually became demanding. He would marry her but there were conditions. She must submit to his will, move in with his parents and wait for him in Australia. She must hand him control of her Facebook account — he did not approve of the photos posted there.

She refused. He insisted:

“look in islam husband doesnt touch girl financial earnigs unless she agrees but as far as privacy goes there is no room….i need to have all ur details everything u do its what im supposed to know that will guide u whether its right or wrong got it”

Later, she came to understand the irony of her reply:

“I don’t like people knowing my private life.”

Months of negotiations followed, with each of them declaring an end to the romance a dozen times or more. He claimed he had found someone else and planned to marry that day, then admitted it was a lie. She responded:

“No more games. You come home. You won’t last with an afghan girl.”

She begged him to give up his dangerous path. Finally, in September, she broke off contact for good, informing him that she was engaged to another man.

“When you come back they will send you to jail,” she warned.

They almost did.

In interviews with The Post, conducted by telephone and Facebook, she said he flew home to Australia last summer, after failing to find members of the Taliban who would take him seriously. Australian National Police met him at the airport and questioned him in custody. They questioned her, too, politely, in her home. They showed her transcripts of their failed romance. When a Post reporter called, she already knew what the two governments had collected about her.

Eventually, she said, Australian authorities decided not to charge her failed suitor with a crime. Police spokeswoman Emilie Lovatt declined to comment on the case.

Looking back, the young woman said she understands why her intimate correspondence was recorded and parsed by men and women she did not know.

“Do I feel violated?” she asked. “Yes. I’m not against the fact that my privacy was violated in this instance, because he was stupid. He wasn’t thinking straight. I don’t agree with what he was doing.”

What she does not understand, she said, is why after all this time, with the case long closed and her own job with the Australian government secure, the NSA does not discard what it no longer needs.

Jennifer Jenkins and Carol D. Leonnig contributed to this report.
http://www.washingtonpost.com/world/...322_story.html





Netflix Could Be Classified As a 'Cybersecurity Threat' Under New CISPA Rules
Jason Koebler

The cybersecurity bill making its way through the Senate right now is so broad that it could allow ISPs to classify Netflix as a "cyber threat," which would allow them to throttle the streaming service's delivery to customers.

It would be a backdoor way for ISPs to undermine net neutrality, and it's one of the reasons why the Cybersecurity Information Protection Act of 2014—modeled on the CISPA bill that the internet has rallied against twice already—is so terrible for consumers (the other is the unfettered ferry of information between companies and the federal government, but that's another story).

Given how ISPs have fought to destroy the open internet, they'd likely jump at the chance to sidestep existing net neutrality rules without the Federal Communications Commission needing to do much of anything at all. The bill, as it's written, allows companies to employ "countermeasures" against "cybersecurity threats," but both terms are extremely broadly defined, and video streaming could easily fall within the purview of the latter.

"A 'threat,' according to the bill, is anything that makes information unavailable or less available. So, high-bandwidth uses of some types of information make other types of information that go along the same pipe less available," Greg Nojeim, a lawyer with the Center for Democracy and Technology, told me. "A company could, as a cybersecurity countermeasure, slow down Netflix in order to make other data going across its pipes more available to users."

That's a quick and easy way of setting up a two-tiered internet, with built-in Congressional approval, no FCC rules required. Nojeim was one of the authors of a strongly-worded statement of opposition sent to Dianne Feinstein, the bill's sponsor. In the letter, the CDT, Electronic Frontier Foundation, American Civil Liberties Union, and more than a dozen other civil liberties groups said that the bill "arbitrarily harms average internet users."

"Net neutrality is a complex topic and policy on this matter should not be set by cybersecurity legislation," they wrote.

The group notes that previous cybersecurity legislation considered by the Senate (pre-CISPA—the Senate didn't take up that bill last year, letting it die instead) specifically included net neutrality protections. This one doesn't.

"I think they know it's a problem," Nojeim said.

Nojeim says the general uproar surrounding the bill could have led to the postponement of its markup—it was originally set to be discussed by Feinstein's Intelligence Committee last week, but was pushed back. No word on when it'll be taken up by the committee, but considering that the bill has been in the works behind closed doors for several months now, don't expect it to die without first getting some very serious consideration on Capitol Hill.
http://motherboard.vice.com/read/net...ew-cispa-rules





ISPs, Communication Firms File Legal Complaint Over UK GCHQ Spying

Summary: Seven internet service and communications providers worldwide have filed a legal complaint against the UK's GCHQ spy agency in the wake of the NSA scandal.
Charlie Osborne

Seven internet service and communications providers worldwide have filed a legal complaint against the UK's spy agency GCHQ in light of the Snowden revelations.

The complaint was filed on Wednesday by US firms RiseUp and May First/People Link, the UK's GreenNet, Netherlands-based Greenhost, Zimbabwe's Mango, Korean firm Jinbonet, Germany's Chaos Computer Club and Privacy International in collective action against GCHQ's intelligence activities.

The organizations say they are calling for an end to GCHQ's "attacking and exploitation of network infrastructure in order to unlawfully gain access to potentially millions of people’s private communications."

After former NSA contractor Edward Snowden leaked confidential documents to the media revealing the surveillance activities of the US government, it was discovered that the UK's nose was far from clean. The GCHQ has come under fire for a number of activities, including using telecom firms to access undersea cables which allow the tapping of communication lines.

The complaint was filed today with the UK's Investigatory Powers Tribunal, an organization that investigates complaints against public bodies.

The claimants assert that GCHQ's "attacks on providers" are not only illegal, but are destructive and undermine the "goodwill organisations rely on." In addition, the claimants say that the government's actions have damaged trust placed in security and privacy.

The claimants draw on a number of examples within their complaint, including the targeting by GCHQ of Belgian telecommunications company Belgacom's employees. It is alleged that GCHQ infected computer systems with malware to gain access to important network infrastructure. In addition, three German internet exchange points are believed to have been targeted through a joint NSA-GCHQ operation, where exchange points were tapped — allowing the government agencies to spy on internet traffic.

GCHQ and the NSA's network exploitation and intrusion capabilities, including covert data injections, also come under fire within the complaint.

While the groups bringing the complaint forward were not specifically named in the documents released by Snowden to the media, they say that GCHQ and the NSA's surveillance activities can be challenged because any internet and communications provider could be at risk, and both the companies themselves and their customers could become targets.

The case filed today follows two other cases filed by Privacy International following the Snowden leaks. The first complaint was lodged due to the mass surveillance programs TEMPORA, PRISM and UPSTREAM, and the second against the use of spyware and malicious software by GCHQ to gain access to computer systems.

Eric King, Deputy Director of Privacy International, said:

These widespread attacks on providers and collectives undermine the trust we all place on the internet and greatly endanger the world’s most powerful tool for democracy and free expression. It completely cripples our confidence in the internet economy and threatens the rights of all those who use it. These unlawful activities, run jointly by GHCQ and the NSA, must come to an end immediately.
http://www.zdnet.com/isps-communicat...ng-7000031163/





Why the Supreme Court May Finally Protect Your Privacy in the Cloud
Andy Greenberg

When the Supreme Court ruled yesterday in the case of Riley v. California, it definitively told the government to keep its warrantless fingers off your cell phone. But as the full impact of that opinion has rippled through the privacy community, some SCOTUS-watchers say it could also signal a shift in how the Court sees the privacy of data in general—not just when it’s stored on your physical handset, but also when it’s kept somewhere far more vulnerable: in the servers of faraway Internet and phone companies.

In the Riley decision, which dealt with the post-arrest searches of an accused drug dealer in Boston and an alleged gang member in California, the court unanimously ruled that police need a warrant to search a suspect’s phone. The 28-page opinion penned by Chief Justice John Roberts explicitly avoids addressing a larger question about what’s known as the “third-party doctrine,” the notion that any data kept by a third party such as Verizon, AT&T, Google or Microsoft is fair game for a warrantless search. But even so, legal analysts reading between the opinion’s lines say they see evidence that the court is shifting its view on that long-stewing issue for online privacy. The results, if they’re right, could be future rulings from America’s highest court that seriously restrict both law enforcement’s and even the NSA’s abilities to siphons Americans’ data from the cloud.

Digital Is Different
The key realization in Roberts’ ruling, according to Center For Democracy and Technology attorney Kevin Bankston, can be summarized as “digital is different.” Modern phones generate a volume of private data that means they require greater protection than other non-digital sources of personal information. “Easy analogies of digital to traditional analog surveillance won’t cut it,” Bankston says.

Daniel Solove, a law professor at George Washington Law School, echoes that sentiment in a blog post and points to this passage in the opinion:

First, a cell phone collects in one place many distinct types of information—an address, a note, a prescription, a bank statement, a video—that reveal much more in combination than any isolated record. Second, a cell phone’s capacity allows even just one type of information to convey far more than previously possible. The sum of an individual’s private life can be reconstructed through a thousand photographs labeled with dates, locations, and descriptions.

That argument about the nature of digital collections of personal data seems to apply just as much to information held by a third party company as it does to information held in the palm of an arrested person’s hand. And Solove argues that could spell trouble for the third-party doctrine when it next comes before the Court. “The Court’s reasoning in Riley suggests that perhaps the Court is finally recognizing that old physical considerations—location, size, etc.—are no longer as relevant in light of modern technology. What matters is the data involved and how much it reveals about a person’s private life,” he writes. “If this is the larger principle the Court is recognizing today, then it strongly undermines some of the reasoning behind the third party doctrine.

The Court’s opinion was careful not to make any overt reference to the third-party doctrine. In fact, it includes a tersely-worded footnote cautioning that the ruling’s arguments about physical search of phones “do not implicate the question whether the collection or inspection of aggregated digital information amounts to a search under other circumstances.”

But despite the Court’s caveat, its central argument—that the notions of privacy applied to analog data are no longer sufficient to protect digital data from warrantless searches—doesn’t limit itself to physical access to devices. And the opinion seems to hint at the Court’s thoughts on protecting one sort of remotely-stored phone data in particular: location data.

The Logic of Location Data
The Riley ruling cites an opinion written by Justice Sonia Sotomayor in the case of US vs. Jones, another landmark Supreme Court decision in 2012 that ended warrantless use of GPS devices to track criminal suspects’ cars. GPS devices, Sotomayor wrote at the time, create “a precise, comprehensive record of a person’s public movements that reflects a wealth of detail about her familial, political, professional, religious, and sexual associations.” Roberts’ reference to that opinion in Tuesday’s ruling seems to acknowledge that the sensitivity of GPS device data extends to phone location data too. And there’s little logical reason to believe that phone data becomes less sensitive when it’s stored by AT&T instead of in an iPhone’s flash memory.

With Riley and Jones, “we’ve now seen two indications that the Supreme Court is rethinking privacy for stored data,” says Alex Abdo, a staff attorney at the American Civil Liberties Union. “Neither raises the question directly, but they both contain clues into the mindset of the court, and they both suggest that there’s another victory for privacy in the waiting.”

“If I were to guess,” Abdo adds, “I would predict that the Supreme Court will make good on its suggestion that the third-party doctrine doesn’t make sense in the context of cloud storage.”

THE RIPPLES FROM RILEY MAY EXTEND TO THE NSA’S SURVEILLANCE PRACTICES, TOO.
The ripples from Riley may extend to the NSA’s surveillance practices, too, says Jennifer Granick, director of Civil Liberties at Stanford Law School’s Center for Internet and Society. She points out that the NSA has used the same third-party doctrine arguments to justify its collection of Americans’ phone data under section 215 of the Patriot Act. “What will this mean for the NSA’s bulk collection of call detail records and other so-called ‘metadata’?” she asks in a blog post. “The opinion suggests that when the Court has that question before it, the government’s approach may not win the day.”

Thanks to the caveat footnote limiting its significance to physical searches of phones, the Riley ruling likely won’t set any precedent useful for privacy activists just yet. But the CDT’s Kevin Bankston says it hints that the Supreme Court has acknowledged the need for new privacy protections in the age of mobile computing. “The Court is clearly concerned with allowing access to data in the cloud or on cell phones without a warrant. And that’s likely indicative about how they’ll approach things like cell phone location tracking and NSA surveillance in the future,” Bankston says. “The fourth amendment for the 21st century will be quite different from the fourth amendment in the 20th century.”
http://www.wired.com/2014/06/why-the...-in-the-cloud/





Hospitals Are Mining Patients' Credit Card Data to Predict Who Will Get Sick
Shannon Pettypiece and Jordan Robertson

Imagine getting a call from your doctor if you let your gym membership lapse, make a habit of buying candy bars at the checkout counter, or begin shopping at plus-size clothing stores. For patients of Carolinas HealthCare System, which operates the largest group of medical centers in North and South Carolina, such a day could be sooner than they think. Carolinas HealthCare, which runs more than 900 care centers, including hospitals, nursing homes, doctors’ offices, and surgical centers, has begun plugging consumer data on 2 million people into algorithms designed to identify high-risk patients so that doctors can intervene before they get sick. The company purchases the data from brokers who cull public records, store loyalty program transactions, and credit card purchases.

Information on consumer spending can provide a more complete picture than the glimpse doctors get during an office visit or through lab results, says Michael Dulin, chief clinical officer for analytics and outcomes research at Carolinas HealthCare. The Charlotte-based hospital chain is placing its data into predictive models that give risk scores to patients. Within two years, Dulin plans to regularly distribute those scores to doctors and nurses who can then reach out to high-risk patients and suggest changes before they fall ill. “What we are looking to find are people before they end up in trouble,” says Dulin, who is a practicing physician.

For a patient with asthma, the hospital would be able to assess how likely he is to arrive at the emergency room by looking at whether he’s refilled his asthma medication at the pharmacy, has been buying cigarettes at the grocery store, and lives in an area with a high pollen count, Dulin says. The system may also look at the probability of someone having a heart attack by considering factors such as the type of foods she buys and if she has a gym membership. “The idea is to use Big Data and predictive models to think about population health and drill down to the individual levels,” he says.

While Carolinas HealthCare can share patients’ risk assessments with their doctors under the hospital’s contract with its data provider, the health-care chain isn’t allowed to disclose details, such as specific transactions by an individual, says Dulin, who declined to name the data provider.

If the early steps are successful, though, Dulin says he’d like to renegotiate to get the data provider to share more specific details with the company’s doctors on their patients’ spending habits. “The data is already used to market to people to get them to do things that might not always be in the best interest of the consumer,” he says. “We are looking to apply this for something good.”

Many patients and their advocates are voicing concerns that Big Data’s expansion into medical care will threaten privacy. “It is one thing to have a number I can call if I have a problem or question; it is another thing to get unsolicited phone calls. I don’t like that,” says Jorjanne Murry, an accountant in Charlotte who has Type 1 diabetes and says she usually ignores calls from her health insurer trying to discuss her daily habits. “I think it is intrusive.”

Health advocates and privacy experts worry that relying more on data analysis also will erode doctor-patient relationships. “If the physician already has the information, the relationship changes from an exchange of information to a potential inquisition about behavior,” says Ryan Holmes, assistant director of health care ethics at the Markkula Center for Applied Ethics at Santa Clara University.

Data brokers have revealed few details on what they sell to health-care providers, and those acquiring the data are often barred from disclosing which company they purchased it from. Acxiom (ACXM) and LexisNexis (ENL) are two of the largest data brokers that collect information on individuals. Acxiom says its data are supposed to be used only for marketing, not for medical purposes or to be included in medical records. LexisNexis says it doesn’t sell consumer information to health insurers for the purpose of identifying patients at risk.

While some patients may benefit from data collection, hospitals also have a growing financial stake in knowing more about the people they care for. Under the Patient Protection and Affordable Care Act, known as Obamacare, hospital pay is becoming increasingly linked to quality metrics rather than the traditional fee-for-service model in which hospitals are paid based on the numbers of tests or procedures they perform. As a result, the U.S. has begun levying fines on hospitals that have too many patients readmitted within a month and rewarding hospitals that fare well against clinical benchmarks and on patient surveys.

University of Pittsburgh Medical Center, which operates more than 20 hospitals in Pennsylvania and a health insurance plan, is using demographic and household data to try to improve patients’ health as well as its bottom line. It says it doesn’t obtain details on individual credit card transactions, but more general data such as whether a patient owns her home, shops online, or lives with an elderly relative.

The UPMC Insurance Services Division, the health system’s insurance provider, bought data on more than 2 million of its members to make predictions about which individuals are most likely to use the emergency room or an urgent care center, says Pamela Peele, the system’s chief analytics officer.

Studies show that people with no children in the home who make less than $50,000 a year are more likely to use the ER rather than a private doctor, Peele says. UPMC wants to make sure those patients have access to a primary care physician or nurse practitioner they can contact before heading to the ER, she says. UPMC is also interested in knowing which patients don’t own a car, which could indicate they’ll have trouble getting routine, preventative care.

Being able to predict which patients are likely to get sick or end up at the ER has become particularly valuable for hospitals that also insure their patients, a relatively new practice that’s growing in popularity. UPMC, because it offers insurance, would be able to save money by keeping patients out of the ER.

Obamacare prevents insurers from denying coverage because of preexisting conditions or charging patients based on their health status, meaning the data can’t be used to raise rates or drop policies. “The traditional rating and underwriting has gone away with health-care reform,” says Robert Booz, an analyst at technology research and consulting firm Gartner (IT). “What they are trying to do is proactive care management, where we know you are a patient at risk for diabetes, so even before the symptoms show up we are going to try to intervene.”
http://www.businessweek.com/articles...-will-get-sick





Murdoch Editor Andy Coulson Found Guilty of Phone Hacking
Nico Hines and Peter Jukes

Rebekah Brooks was found not guilty of all charges in London’s phone hacking trial today but her successor as editor of the News of the World was convicted of conspiracy to hack phones.

Andy Coulson has been found guilty of phone hacking while he was a senior executive in Rupert Murdoch’s media empire.

The former editor of the now-defunct News of the World conspired to intercept voicemail messages of public figures between 2000 and 2006. Rebekah Brooks, a previous editor of the tabloid, was found not guilty on all charges.

The phone hacking scandal has gripped the British establishment for years as the relationships between senior media figures, politicians and the police force were placed under unprecedented scrutiny. The guilty verdict at the Old Bailey in London is a blow to Murdoch and Prime Minister David Cameron who hired Coulson as his chief communications advisor.

Cameron is expected to make a formal apology this morning for inviting the former editor of Britain’s most notorious tabloid into Downing Street despite the allegations against him having already been made public. The Conservative prime minister said he had believed Coulson’s claims that he knew nothing about the hacking that had gone on at his newspaper. “If it turns out I have been lied to, that would be a moment for a profound apology,” he told the House of Commons in 2011.

The court heard that the News of the World, formerly Murdoch’s biggest-selling newspaper, had listened in to the voicemail messages of Prince William and Kate Middleton, actors like Daniel Craig and Angelina Jolie, senior political figures including the deputy prime minister, and victims of crime including Milly Dowler, who was murdered at the age of 13.

The jury, which has been considering verdicts in the seven-month trial since June 11, is still deliberating on further charges against Coulson and the former News of the World royal editor Clive Goodman for conspiring to commit misconduct in a public office by paying police officers for two royal directories.

Brooks, who was the most high-profile of the defendants, smiled and then broke down in court as she heard that she had been found not guilty on all charges. Retired managing editor Stuart Kuttner was cleared of conspiring to hack phones, Brooks's former personal assistant Cheryl Carter was cleared of conspiracy to pervert the course of justice. Brooks's husband Charlie Brooks, a racehorse trainer, and News International’s director of security Mark Hanna were also cleared of perverting the course of justice.
http://www.thedailybeast.com/article...e-hacking.html





Staunch Opponent of Reform Tapped to Head US Patent Office

Big pharma killed the patent bill, and now a favorite son will head the USPTO.
Joe Mullin

A top pharmaceutical industry lawyer is set to be installed as the next head of the US Patent and Trademark Office.

The Obama Administration intends to nominate Philip Johnson, the head of intellectual property at Johnson & Johnson, to be the next director of the US Patent and Trademark Office. The selection is a setback for the tech sector and a seeming 180-degree turn on the patent issue for the Obama administration, which was pushing Congress to pass patent litigation reform just months ago.

The nomination was made public over the weekend, when Hal Wegner, a patent lawyer who authors an e-mail newsletter, said Johnson was the "anticipated nomination," citing "reliable sources." Wegner saw an "overwhelmingly positive reaction to this development among insiders," but for the tech sector, the choice of Johnson is about as bad a choice as could be imagined.

A lobbyist who had worked on patent reform issues independently confirmed the impending Johnson nomination.

Johnson has been an outspoken opponent of patent reform efforts for years. In the run-up to the recent failed reform effort, Johnson was particularly vocal. He was active as the head of the Coalition for 21st Century Patent Reform, often called 21C, a coalition of large pharmaceutical, chemical, and manufacturing concerns. Johnson has been chief patent counsel at Johnson & Johnson since 2000 and its top IP lawyer since 2009. Before working at J & J, Johnson was a partner at the law firm Woodcock Washburn for 19 years.

Large pharmaceutical companies, including Johnson & Johnson, have been the most vigorous opponents of patent reform. The 2007 reform effort sputtered out because of pharma opposition, and it was big pharma that killed the bill again this year.

It's a big turnaround for President Barack Obama on the issue. Obama mentioned patent trolls in his State of the Union speech in January, and his support was key to the bill advancing as far as it did.

Longstanding opposition

Johnson has a history of blocking change to patent laws that's nearly a decade long. Back in 2006, he urged Congress not to change patent damages law.

In the recent debate, Johnson became very active once the House passed the Innovation Act, which was lauded by reformers. 21C detailed its position to the Senate Judiciary in a December submission from Johnson, objecting to nearly every aspect of the bill. Johnson even opposed small parts of the measure that weren't seen as controversial.

For instance, Johnson opposed heightened pleading requirements that would have forced patent trolls to file more detailed information about the alleged wrongdoings of defendant companies, not the five- or six-page bare-bones complaints that basically say, "you infringed."

Johnson even opposed changes that were thought to be innocuous to operating companies, such as transparency requirements that would force trolls to reveal the true ownership of the patents they were suing over.

"Some of the information required to be disclosed could pertain to competitively sensitive information that should not be required to be disclosed in a public document," complained Johnson.

Johnson and Johnson signed the main opposition letter threatening to kill the bill, stating that "many of the provisions assume that every patent holder is a patent troll."

The proposed law would "substantially weaken all patents," stated the letter. Johnson & Johnson, along with dozens of other pharmaceutical, chemical, and manufacturing companies, officially withdrew their support. "If the provisions on discovery, customer stay, fee shifting and any associated measures, pleadings, and enforcement by the Federal Trade Commission"—in other words, the whole bill—"do not achieve the appropriate balance we will oppose the legislation," the coalition letter stated.

The letter also warned Senators not to continue with an approach that "clearly favors a business model that does not rely on patents and tilts the balance in favor of patent infringers."

Six weeks later, the bill was dead.
http://arstechnica.com/tech-policy/2...patent-office/





Nearly One-Third of Americans Aren't Ready for the Next Generation of Technology
Xochitl Rojas-Rocha

Thanks to a decade of programs geared toward giving people access to the necessary technology, by 2013 some 85% of Americans were surfing the World Wide Web. But how effectively are they using it?

A new survey suggests that the digital divide has been replaced by a gap in digital readiness. It found that nearly 30% of Americans either aren’t digitally literate or don’t trust the Internet. That subgroup tended to be less educated, poorer, and older than the average American.

In contrast, says Eszter Hargittai, a sociologist at Northwestern University in Evanston, Illinois, who was not involved in the study, those with essential Web skills “tend to be the more privileged. And so the overall story … is that it’s the people who are already privileged who are reaping the benefits here.”

The study was conducted by John Horrigan, an independent researcher, and released 17 June at an event sponsored by the Washington, D.C.–based Information Technology and Innovation Foundation. Funded by the Joyce Foundation, the study of 1600 adults measured their grasp of terms like “cookie” and “Wi-Fi.” It asked them to rate how confident they were about using a desktop or laptop or a smart phone to find information, as well as how comfortable they felt about using a computer. Of those who scored low in these areas, about half were not Internet users.

Horrigan believes that policymakers have ignored the problem of digital readiness while concentrating on providing people with access to the Internet and the necessary hardware. Relatively little attention has been paid to teaching people the necessary skills to take advantage of online classes and job searches, he maintains.

The researchers recommend that the technology industry needs to understand that not all users possess the same digital skill levels and that they need to make accommodations for those with less knowledge. Hargittai cites the RSS feed, which alerts its user to updates from his favorite blogs or websites, as an example of a tool that failed to address digital readiness. “There were a few years when every website had this bright orange button, ‘RSS!’ ” Hargittai says. “Web developers knew what it was, but consistently study after study showed that the average user has absolutely no clue what RSS is.”

Libraries can act as hubs for online learning within a community, Horrigan says. Having young, Internet-savvy people who are willing to share their skills is another option for reducing the size of the digitally unready population.

The lack of digital skills is a perennial problem, say researchers who have studied digital inequality over the years. In addition to those with few skills, someone who can function adequately today may fall behind as the technology continues to evolve. Grant Blank, a sociologist with the Oxford Internet Institute in the United Kingdom, believes that the community benefits just as much from good training programs as do the individuals themselves. “They’re more productive as citizens,” Blank says. “They’re able to participate better in social and political issues if they have effective online skills.”
http://news.sciencemag.org/social-sc...ion-technology
































Until next week,

- js.



















Current Week In Review





Recent WiRs -

June 28th, June 21st, June 14th, June 7th


Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 30th, '11 JackSpratts Peer to Peer 0 27-07-11 06:58 AM
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 03:43 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)