P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 29-10-14, 07:48 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - November 1st, '14

Since 2002


































"We’ll spy on you through your dishwasher." – General David Petraeus


"The site neglects to mention is that reporters are not allowed to express any view at all on two subjects that Verizon is extremely sensitive about." – Patrick Howell O'Neill





















































November 1st, 2014




Hungary Internet Tax Cancelled After Mass Protests
BBC

Hungary has decided to shelve a proposed tax on internet data traffic after mass protests against the plan.

"This tax in its current form cannot be introduced," Prime Minister Viktor Orban said on Friday.

Large-scale protests began on Sunday, when demonstrators hurled old computer parts at the headquarters of Mr Orban's ruling Fidesz party.

The draft law - condemned by the EU - would levy a fee on each gigabyte of internet data transferred.

The protesters objected to the financial burden but also feared the move would restrict free expression and access to information.

The levy was set at 150 forints (£0.40; 0.50 euros; $0.60) per gigabyte of data traffic.

After thousands protested the government decided to cap the tax at 700 forints per month for individuals and 5,000 forints for companies. But that did not placate the crowds.

___________________

The BBC's Nick Thorpe in Budapest writes:

Viktor Orban does not often back down, but he has done so on this occasion for several reasons.

• He saw how unpopular the tax was. He managed with one stroke to do something which opposition leaders had tried and failed to do for five years: unify his opponents

• He took on the best-organised community in the country - internet users - and lost

• The government's communication methods failed again - as they have with almost every major decision since Fidesz came to power

• "We are not Communists. We don't go against the will of the people," he said - a sign that growing comparisons between Fidesz and the old Hungarian Socialist Workers' Party are hitting the mark.

What happens next? Mr Orban's decision to cancel the tax deprives his opponents of a valuable rallying cry. The big question for them will be whether they can use the momentum of two big rallies to create new forms of opposition to Fidesz.

They have proven that he can be defeated. Mr Orban has proven that he is more flexible than many analysts give him credit for.

___________________

'It should not be done'

Fidesz had said the special tax was needed to balance Hungary's budget in 2015.

Speaking on Kossuth public radio, Mr Orban said that "if the people not only dislike something but also consider it unreasonable then it should not be done...

"The tax code should be modified. This must be withdrawn, and we do not have to deal with this now."

He said a measure seen by the government as a technical issue had become "a fear-inducing vision".

There will be a national consultation on it in January, he said.

A European Commission spokesman, Ryan Heath, said the tax was "bad in principle" because it was a unilateral measure applied to a global phenomenon.

He said it was "part of a pattern... of actions that have limited freedoms or sought to take rents without achieving wider economic or social interest" in Hungary.

The Commission has previously criticised Mr Orban's government for constitutional proposals seen to be cementing the Fidesz party's political dominance.
http://www.bbc.com/news/world-europe...alflow_twitter





Who Has Your Back? Protecting Your Speech from Copyright and Trademark Bullies
EFF

When somebody wants to silence speech, they often use the quickest method available. When the speech is hosted on a major online platform, that method is usually a copyright or trademark complaint. For many years, EFF has worked with people whose lawful speech has been unfairly targeted by these sorts of complaints. We've observed that some approaches tend to work better than others in preventing that sort of deliberate abuse, as well as the casual censorship that comes from haphazard and dragnet approaches to policing online infringement.

In the copyright context, the contours of service provider policies are generally set by the safe harbor provisions of the Digital Millennium Copyright Act. Those provisions outline the practices to which online service providers must adhere in order to avoid copyright liability for the actions of their users. But services have some flexibility in how they implement those requirements, and can make decisions that optimize for defending user speech—or instead for minimizing their own legal costs, reducing engineering requirements, or building relationships with rightsholder groups, for example.

When it comes to trademarks, the absence of a detailed statutory safe harbor can mean more uncertainty for service providers, but also more flexibility. Some service providers are very conservative in their response to trademark complaints, taking down content quickly when there’s a complaint, even where there’s little real risk of liability. But other service providers choose to adopt policies that accept that a small degree of legal risk is worthwhile to protect their users. For example, they can require trademark complaints to be complete and valid, can make sure that content is only taken down after human review and consideration, and can give users a chance to challenge those complaints.

And with respect to both copyright and trademark, services can work to ensure that their policies are exercised in an open and transparent manner, so that users can better understand the scope and scale of copyright and trademark complaints and company responses.

Major online platforms have become the hubs for so much of our speech. The result is that their policy decisions can have an outsized impact on what speech enters the public discourse, and what gets silenced or relegated to secondary status. As users choose which platforms will host their updates, writing, images, and videos, they ought to know which of these services have made explicit commitments to defend that speech against bullies that would try to take it down.

As with our April "Who Has Your Back" report, which addresses government requests for personal data, the categories we evaluate in this report are based on objectively verifiable, public policy statements. In order to preserve that quality, we've chosen not to award stars unless we can cite a public policy, even in cases where internal policies may meet our evaluation thresholds. We've also chosen not to award stars in cases where we've learned that a company has not heeded its own public policies. If users believe that a company’s actions don’t match its policies, and can provide specific examples, please let us know.

We compiled the information in this report by examining each company’s published terms of service, copyright and trademark policies, and transparency reports where available. As part of our evaluation, we contacted each company to explain our findings and to give them an opportunity to improve their public stances.

Evaluation Criteria

We evaluated the following five criteria for each service:

• DMCA takedown notices. Services earn a star in this category for requiring a formal, complete, and valid DMCA notice for copyright-based takedowns of content. Services must also commit to forwarding the information contained in that notice to the affected user. In some cases services make that information available only upon request; where a service has made a public promise to do so, we have awarded a star.
• DMCA counter-notices. In order to earn a star in this category, services must have a publicly documented counter-notice procedure that includes a commitment to promptly restoring all counter-noticed works after the required 10-14 days of downtime. Additionally, services must commit to excluding counter-noticed works from "repeat infringer" policies.
• Trademark complaints. As with the first category, services earn a star here for requiring a formal notice of trademark complaint, including information about the relevant trademark, and forwarding that information to any user whose uploads are affected.
• Trademark disputes. In order to earn a star in this category, services must outline a procedure by which users can contest trademark complaints, or commit to additional human review of the takedown. In the services we've evaluated, we've awarded a star to companies that provide a documented internal dispute resolution process that includes the user and to companies that require complainants to obtain a court order for takedown.
• Publishing a transparency report on copyright and trademark complaints. Finally, services earn a star here for publishing information on takedown requests. We've intentionally left this category flexible, but in future editions may increase the requirements to include some of the best practices we've observed, like publishing compliance rates, breaking down information about non-compliance, and forwarding actual notices to the Chilling Effects database.

Results Summary

EFF arrived at the evaluation criteria after careful consideration of actual industry practices, the state of copyright and trademark law, and experience with users who have dealt with abuse from copyright and trademark bullies. We were pleased to find that services have been largely receptive to our concerns, and in many cases were able to point to policies that met these criteria, or, where their “star-worthy” internal practices were not reflected in their public policies, to revise their public-facing statements so that users would know about those practices.

We should be very clear: we believe that these five evaluation criteria are floor, not a ceiling. These are minimum standards for what a service can do to defend its users' speech against copyright and trademark bullies. For example, even a robust, user-friendly DMCA takedown policy can still present problems for speech, because of flaws in the statute itself. Even policies that earn all five stars cannot prevent all bullies.

We also note that some services have gone above and beyond the evaluation criteria in this report. Automattic, the parent company behind Wordpress, has filed lawsuits in response to abusive takedown requests. Etsy prepares educational materials and blog posts about the public's right to use trademarks and copyrighted works. Twitter has issued a thorough Transparency Report every six months for over two years. And YouTube has occasionally proactively restored content targeted by a DMCA notice, ahead of the DMCA’s 10 business day waiting period, where that content was clearly non-infringing.

Still, the report can be read to reflect a broad commitment across many of the services we've surveyed to handle takedown requests in a way that recognizes the right and responsibilities of users as well as senders.

In Depth: Specific Criteria

In this category we evaluated whether services publicly commit to (1) requiring complete and valid takedown notices before removing content, and (2) forwarding the relevant contents of those notices to users. Only services that commit to both criteria were awarded the star.

The law requires that services take down content when they have received a valid notice of infringement. This procedure is frequently abused—there are myriad examples of companies and individuals sending improper takedown notices—but it has some important checks built in. For example, takedown senders must identify specific content, certify under penalty of perjury that they have a good-faith belief that it is actually infringing, and can be sued under the DMCA's section 512(f) for material misrepresentations. In practice, these checks have proven difficult to enforce, but they are still a major improvement over opaque and privately negotiated takedown systems.

For example, YouTube did not get a star in this category because it has publicly admitted that contractual agreements with rightsholder groups like Universal Music allow for takedowns without the legally described notice. (For more information, see, e.g, "Universal Music Group and YouTube Agree to Forget About Fair Use," June 27, 2014) As a result, people affected by these extralegal takedowns may be left with little information and even less recourse.

Similarly, we declined to give GoDaddy a star in this category after being notified that the host will take down material not specifically identified in a notice. In particular, we were contacted by an individual who had dozens of domains suspended because of an accusation of infringement on a single site.

One limitation of this report format is that we depend on information from the public about those sorts of situations. Where we become aware that a service takes down content without receiving a proper notice, we may decline to grant a star in future reports.

The second component in this category is a commitment to forwarding the contents of a takedown notice to the affected user. We believe this is an essential step at creating accountability for takedowns for two reasons. First, if users don't reliably have information about which rightsholder is complaining about which particular piece of content, their ability to appeal is severely restricted. And second, users who send a counter-notice are required by law to provide full identifying information to the original takedown sender; they should have access to the same level of information in making that decision.

Namecheap's terms provide a good example of a compliant policy:

If we receive a DMCA notice from a copyright holder, here’s what we’ll do:

Make sure the notice is DMCA-compliant;
Forward that notice to you, the user, and make it clear how to proceed


At least for this year, we've also allowed services to forward notices (or the essential information in a notice) upon request, as long as they make it clear in their policy that they will do so. For example, Vimeo, states it "will provide a copy of the original DMCA takedown notice upon request."

DMCA Counter-notice Practices

When a user's content is the target of a copyright complaint (or something purporting to be a copyright complaint), that user must then decide whether to file a counter-notice. In this category, we evaluated whether each service gives users a fair chance to file that counter-notice, and what happens to the targeted content. Specifically, we checked three criteria: (1) that the service publicly documents its counter-notice procedure, (2) that it commits to restoring counter-noticed works after the legally prescribed waiting period, and (3) that it excludes counter-noticed works from consideration of whether a user is a "repeat infringer."

Filing a counter-notice can be confusing and difficult, and many users are intimidated by the requirement that they agree to be sued in federal court if the rightsholder wants to claim copyright infringement (even though this is already true for users who are subject to the jurisdiction of U.S. federal courts). Users also may fear the significant expense of defending even a winning copyright case, allowing themselves to be silenced rather than facing the expense and risk of vindicating their speech in courts.

Those concerns are compounded if users can't readily find information about how to file a counter-notice or can't be certain their content will even be restored. For example, while Pinterest's terms outline a counter-notice procedure, they do not commit to restoring content if the person who filed the original complaint does not file a lawsuit. Similarly, Tumblr only says it "may restore" counter-noticed works.

By contrast, Facebook's policy clearly provides the necessary information:

If your content was removed under the notice and counter-notice procedures of the DMCA, you will receive instructions about the counter-notification process, including how to file a counter-notification, in the warning we send you.

When we receive an effective DMCA counter-notification, we promptly forward it to the reporting party. If the reporting party does not notify us that they have filed an action seeking a federal court order to restrain you from engaging in infringing activity on Facebook related to the material in question within 10-14 business days, we will promptly restore eligible content under the DMCA.


Finally, EFF has been contacted on numerous occasions by users who have had entire accounts suspended because of multiple bogus claims of copyright infringement. Facebook's policy addresses that concern and covers the third component of this category:

Restored content will not be counted against you if your account is ever reviewed for potentially violating our policies about repeat infringement.

Trademark Complaint Practices

Although there is no statutory counterpart in trademark law to the safe harbor that the DMCA provides for copyright liability, we have observed many services have taken a page from that law in crafting their trademark complaint procedures, in particular the notice and counter-notice provisions. In parallel with the first category, here we evaluated whether each service required a formal notice of trademark complaint and forwarded essential information to affected users.

Many of the services we looked at—such as Etsy, YouTube, and Vimeo—suggest trademark holders first try to resolve the issue with the user in question, and then, if the dispute cannot be resolved informally, outline formal requirements for escalating trademark complaints that echo, to some extent, the DMCA provisions for copyright complaints. We believe this strikes a good policy balance and helps give users a chance to understand and responds to threats against their own speech if necessary.

Services are also eligible for a star if they promise to notify users that have had content disabled due to a trademark complaint. Too often, speech is taken down without explanation, and it can be a significant burden to determine who is complaining and why. Instagram's policy describes a better approach:

If the content is removed, the party that posted the content will receive a warning letting them know that content they posted to Instagram was removed because of a claim of trademark infringement. We will also provide them with your contact information, including email address and the name of your organization or client, and/or the contents of your report.

Trademark Dispute Practices

Of course, in some situations a trademark holder and a person making a use of that trademark will not be able to resolve the dispute on their own. In those situations, it is important that services have in place fair and well-documented policies to help ensure that services either take care to avoid improper takedowns before the fact, and that users have a meaningful chance to get their content restored.

There are several kinds of policies that earned this star. Some companies explicitly promise human review of trademark complaints. See, for example, the Wordpress policy:

Our team will review it and take action as appropriate if we consider the use of your trademark to be infringing.

Or that of Etsy:

Please reference our policy if you feel material on Etsy infringes your trademark(s) and you’d like to file a notice. Every notice Etsy receives is reviewed by our Legal Support team.

In its terms of service, Imgur notes that it may refuse to remove content that constitutes a fair use, or is otherwise not infringing trademark or copyrights:

We reserve the right to refuse to remove any material that in our view constitutes fair use.

And finally, Namecheap requires more than a simple complaint before taking down content:

If we receive a trademark complaint from a trademark holder, here’s what we’ll do: [...]

Refrain from taking any action in reference to trademark complaints alone (i.e. with no court order), and encourage the parties to resolve the dispute amongst themselves


Transparency Report

Our final star is awarded to services that compile and publish a transparency report about copyright and trademark complaints they receive. In the last several years, we have started to see many companies publishing similar reports about government requests for user data. Although it's still a relatively uncommon step for services to do the same for copyright and trademark, we hope that is changing. Transparency reports are a tremendously valuable source of information for groups like EFF, as well as journalists, policy-makers, and others who want to make sound evidence-based policy.

To pick a good example: Twitter has published a transparency report on copyright takedown requests every six months for over two years, and has now produced an important body of knowledge about trends in not just the number of takedown notices getting sent, but also how frequently those notices are rejected or contested by users.

Wordpress expanded on that trend, recently publishing its first copyright and trademark transparency report and including a "Hall of Shame" for bogus takedowns it wished to highlight. We like the idea of a Takedown Hall of Shame—we've run our own for years—and by publishing it along with full number Wordpress is able to provide both quantifiable evidence and illustrative anecdotes.

Additionally, some services forward takedown notices to Chilling Effects, a public database that aggregates from many different sources. While we applaud that step, we didn't consider that alone to qualify for a star in this category.
https://www.eff.org/pages/who-has-yo...trademark-2014





Spain Passes Much-Debated Intellectual Property Law
Pamela Rolfe

Critics complain of an unenforceable Google tax and missed opportunity for clear anti-piracy law

After more than a year in the works, Spain passed on Thursday its Intellectual Property Law, with its hotly debated, so-called Google tax that allows for fines on aggregators that show snippets of content without paying for it.

The law, known as the LPI, will take effect January 2015 and allows for sanctions of up to $758,000 (€600,000) for linking to pirated content, including newspapers and Spanish publishers which also try to protect their property rights.

Google reacted immediately to the law’s passage.

“We are disappointed with the new law because we believe that services like Google News help publishers bring traffic to their sites. As far as the future is concerned, we will continue working with the Spanish publishers to help increase their revenues while we evaluate our options within the framework of the new legislation,” a statement read.

Google is coming strong off a similar situation in Germany where German publishers’ demand for Google to pay for its links backfired, leaving newspapers with no traffic after the aggregator followed the German law to the tee and eliminated all links.

But even beyond the aggregator tax, the law that passed only with the ruling conservative party’s votes in favor found little support further afield, with parliamentarians from other parties calling the measure “a disaster” and “a missed opportunity.”

In addition to the controversy over the piracy links, critics of the law charge that the section on private copy damages their efforts to educate against piracy and fails to compensate financially for private copy.

Spain was forced to remove its digital canon—which generated a reported $113 million (€90 million) -- when European and Spanish courts ruled it illegal and indiscriminate.

The government replaced it with $6.3 million (€5 million) earmarked in the General Budget for compensating rights holders. Intellectual Property entities say the government has determined the actual figure should be $23 million (€18 million).

Critics of the law argue that in addition to the confusion of including private copy in the law, the wording on what constitutes as piracy is “vague” and “weak,” failing to offer a clear-cut definition to rule against sites that violate property rights.

Spain suffers rampant piracy, with an estimated 84 percent of digital downloaded content coming from unlicensed sources. Wednesday, U.S. Ambassador to Spain, James Costos urged Spain to protect intellectual property in order to promote a healthy environment for creators and job creation.

Additionally, Spain is altering its penal code to move more forcefully against copyright violation by closing down sites that link to illegal content.
http://www.hollywoodreporter.com/new...roperty-745130





MPAA, Movie Theaters Announce “Zero Tolerance” Policy Against Wearables

Cinema managers urged to alert police if illegal recording is suspected.
David Kravets

A movie theater industry group and the Motion Picture Association of America updated their anti-piracy policies and said that "wearable devices" must be powered off at show time.

"Individuals who fail or refuse to put the recording devices away may be asked to leave. If theater managers have indications that illegal recording activity is taking place, they will alert law enforcement authorities when appropriate, who will determine what further action should be taken," said a joint statement from the MPAA and the National Association of Theatre Owners, which maintains 32,000 screens across the United States.

The announcement should come as no surprise. Last year, the MPAA urged theater operators to crack down on movie piracy with the use of night-vision goggles, security cameras, and low-light binoculars. The MPAA's "Best Practices to Prevent Film Theft" also urged theater operators to perform "random bag and jacket checks" of patrons and to "look for the unusual."

The joint statement Wednesday, meanwhile, said "we maintain a zero-tolerance policy toward using any recording device while movies are being shown."

The statement did not mention Google Glass by name, but it didn't have to. The computerized eyewear appears to be an enemy of the movie industry. In June, for example, a cinema trade group representing most UK movie houses urged its membership to ban Google Glass. That same month, Alamo Drafthouse, with theaters in Colorado, Michigan, Missouri, Texas, and Virginia, was among the first US movie houses to ban Google Glass during movie showings.

Under US law, those caught recording a movie in a theater face a maximum three-year prison sentence. As many as 41 states have laws against in-theater recording, too.
http://arstechnica.com/tech-policy/2...nst-wearables/





Police In Germany Are Trying To Stop Armed Warfare Between Rival File-Sharing Gangs
James Cook

The police in Germany have issued an international arrest warrant for two brothers who are accused of carrying out a series of violent crimes as part of an online turf war between rival file-sharing websites.

TorrentFreak reports that the German police have started an international public manhunt to try to find Kastriot Selimi, 25, and his brother Kreshnik, who is 22.

Der Spiegel reports that a special police unit raided the Selimi family home in a German village, hoping to find the brothers, who live there with their parents. Instead, the pair had disappeared, and they are believed to have fled to another European country.

The Selimi brothers are accused of running a copyright-infringing file-sharing empire that reportedly spans more than 30 different torrent sites. People use the sites to watch movies for free. The largest site run by the pair, kinox.to, was one of the 50 most-visited websites in Germany.

It is not unusual for the police to crack down on people who run file-sharing websites. However, as well as running torrent sites, German police have accused the brothers of carrying out crimes including armed robbery, arson, predatory blackmail, extortion, tax evasion, and copyright infringement.

The German prosecutor's office warned that the brothers often resorted to violence to scare off rival file-sharing websites. "Sometimes even a car bursts into flames," a spokesman said. The police have warned the public that the pair are violent and may be carrying firearms.

Police are trying to track down the brothers to bring an end to their alleged crime spree and also to try to finally shut down their network of illegal file-sharing sites. Golem.de reports that the brothers are suspected of possessing the information required to take the network offline.
http://www.businessinsider.com/germa...-sites-2014-10





Lionsgate and Tribeca Film Studios are Launching a New Streaming Service
Cecilia Kang

Now Hollywood is joining the Internet streaming craze. Lionsgate and Tribeca Enterprises said Monday they will jointly launch an online video service during the first half of next year for movies made by them and outside studios.

Called “Tribeca Short List,” the online streaming service comes just days after HBO and CBS rattled the television industry with their announcements of their own stand-alone streaming services, similar to what Netflix offers.

The companies didn’t disclose details about the planned service, such as the pricing or how many titles will be offered. Lionsgate and Tribeca Enterprises, which runs the Tribeca Film Festival, indicated in their release that the service will be highly edited and that they will draw from their network of artists and industry contacts to help select films.

“We are pleased to join with Lionsgate . . . to create a highly curated experience that disrupts the ‘more-is-more’ model in today’s streaming on-demand landscape,” said Jane Rosenthal, chief executive of Tribeca Enterprises. “Tribeca Short List aims to be a service where you can see films you never got to watch, forgot to watch, and want to watch.”

The move comes amid great tumult in entertainment. Netflix surprised Hollywood with a recent announcement that it would cut out movie theaters by making and exclusively showing feature-length films, including four by Adam Sandler and the next “Crouching Tiger” movie.

Lionsgate and Tribeca have built their reputations as smaller, scrappy competitors with established Hollywood giants such as Disney and 20th Century Fox. Lionsgate was launched in 199 7 by Canadian businessman Frank Giustra and filmaker Avi Federgreen with offices in Vancouver, Canada and Santa Monica, Calif. It became known for its willingness to take on risky projects and its high profit margins on films — its Saw horror series became a global hit. More recently, the studio has won over the young adult market with “The Hunger Games,” “Twilight,” and “Divergent” series. It also has produced television shows, such as “Mad Men” and “Nurse Jackie.”

Tribeca Enterprises was co-founded in 2003 by actor Robert De Niro and runs the Tribeca Film Festival that supports emerging movie makers and directors.

“The launch of the Tribeca Short List service unites two powerful brands and underscores our commitment to collaborate with blue-chip partners around the world to deliver premium content to online audiences,” said Lionsgate chief executive Jon Feltheimer. “The Tribeca name resonates with movie aficionados everywhere, and our service will encompass a highly curated, diverse and prestigious portfolio of quality films.”
http://www.washingtonpost.com/news/b...aming-service/





U.S. Regulators to Vote on Treating Internet TV Like Cable
Alina Selyukh

The U.S. Federal Communications Commission in coming weeks will vote on whether Internet TV should have the same access to television programming as cable and satellite TV providers, which could shake up competition in the video industry.

FCC Chairman Tom Wheeler on Tuesday said he has asked his fellow commissioners to vote on a proposal that would help Internet TV services, such as ones being developed by Dish Network Corp, Sony Corp and Verizon Communications Inc, to compete with traditional pay-TV for digital rights to major network programming.

The potential regulatory change concerns online subscription video services that offer scheduled programming similar to traditional pay-TV providers, and not online video services such as Netflix Inc that stream content on demand.

Satellite provider DirecTV is another company that has indicated plans for an Internet video service and CBS Corp this month revealed a plan for an Internet streaming service that would include scheduled programming.

Time Warner Inc's HBO will also launch a standalone online streaming product but its details are unclear.

Traditionally, the FCC has ensured that cable and satellite TV providers such as Comcast Corp could negotiate for rights to retransmit network programming. Online video services have not had the same regulatory backing because they rely on a different technology and do not have their own video distribution facilities.

Now, the FCC will vote on leveling the playing field with a technology-neutral definition of a "multichannel video program distributor," with the goal of encouraging new competition in the video market.

"Twenty-first century consumers shouldn't be shackled to rules that only recognize 20th-century technology," Wheeler said in a blog post on Tuesday.

"Consumers have long complained about how their cable service forces them to buy channels they never watch. The move of video onto the Internet can do something about that frustration, but first Internet video services need access to the programs."

A draft of the proposal tentatively concludes that online TV services should have the same access to cable and local TV programs as traditional pay-TV services and seeks comments on whether the obligations imposed on the two types of video services should also be the same.

If adopted, some analysts see the proposal as potentially also creating a new opening for Aereo, a video streaming company whose business model was questioned by a Supreme Court ruling in June that said the company had infringed broadcasters' copyrights by capturing live and recorded programs through antennas and transmitting them to subscribers.

The vote by four FCC commissioners, two Democrats and two Republicans, would formally propose the idea and begin the process of seeking public comments.

(Reporting by Alina Selyukh; Editing by Tom Brown)
http://www.reuters.com/article/2014/...0IH29T20141028





The FTC is Suing AT&T for Throttling its Unlimited Data Customers
Brian Fung and Craig Timberg

Federal officials on Tuesday sued AT&T, the nation’s second-largest cellular carrier, for allegedly deceiving millions of customers by selling them supposedly “unlimited” data plans that the company later “throttled” by slowing Internet speeds when customers surfed the Web too much.

The Federal Trade Commission said the practice, used by AT&T since 2011, resulted in slower speeds for customers on at least 25 million occasions – in some cases cutting user Internet speeds by 90 percent, to the point where they resembled dial-up services of old. The 3.5 million affected customers experienced these slowdowns an average of 12 days each month, said the FTC, which received thousands of complaints about the practice.

The legal action -- which AT&T immediately criticized and signaled it was prepared to fight -- is one of the most aggressive yet under FTC Chairwoman Edith Ramirez, a reserved former corporate lawyer who took office last year. In challenging one of the nation’s largest cellular providers, she also tread close to the jurisdiction of a sister agency, the Federal Communications Commission, which more regularly handles telecommunications issues but often has been criticized by consumer groups as being too cozy with industry and not aggressive enough in protecting customers’ privacy and pocketbooks.

“AT&T promised its customers ‘unlimited’ data, and in many instances, it has failed to deliver on that promise,” said Ramirez in a statement. “The issue here is simple: ‘unlimited’ means unlimited.”

She said that the FTC was seeking financial damages that could result in money being repaid to AT&T customers affected by the company’s policy of throttling. The suit, which was approved by the five-member commission in a unanimous vote, was filed in U.S. District Court in San Francisco.

The FTC found in its investigation that AT&T was aware that consumers saw throttling as inconsistent with promises of “unlimited” data. When the concept was explained to company focus groups, the FTC reported in its suit, customers grew upset. The researchers urged AT&T that “saying less is more” when it comes to marketing of such services.

The FTC lawsuit rested on its power to police deceptive marketing practices and prompted praise from consumer advocates, who long have complained that cellular carriers have larded the bills of their customers with unnecessary and deceptive bills as a way to fatten profits. Throttling, they said, deprived customers of data they believed they had paid for, and with little recourse against AT&T. The company received 190,000 customer calls regarding the practice, according to the FTC.

“It’s absolutely outrageous,” said John Bergmayer, a senior staff attorney at Public Knowledge, an advocacy group based in Washington. “They’re not allowed to promise one thing and deliver another… Unlimited is not unlimited when you put limits on it.”

AT&T responded by calling the FTC’s allegations “baseless” and an intrusion into the normal network management required by telecommunications providers. The company also noted that it had alerted customers about the throttling, by sending e-mails or texts notifying customers that they had crossed pre-set limits and would experience slower data speeds for the rest of the billing period.

“It’s baffling as to why the FTC would choose to take this action against a company that, like all major wireless providers, manages its network resources to provide the best possible service to all customers,” said AT&T senior executive vice president Wayne Watts, “and does it in a way that is fully transparent and consistent with the law and our contracts.”

The lawsuit marks the second time this year that a major wireless carrier has been targeted for singling out its unlimited data users for special treatment. The FCC wrote a letter in July criticizing Verizon over a plan to throttle its heaviest users of “unlimited” data plans during periods of peak congestion. Verizon later backed down on that plan. The FCC said Tuesday that it was coordinating with the FTC on investigations into carriers slowing down unlimited data.

"Wireless customers across the country are complaining that their supposedly ‘unlimited’ data plans are not truly unlimited, because they are being throttled and they have not received appropriate notice," said Neil Grace, an FCC spokesman. "We encourage customers to contact the FCC if they are being throttled by AT&T or other cellular providers."

FTC investigations take place behind closed doors and often result in out-of-court settlements, typically proceeding to legal action only when accords cannot be reached. The inability to agree on terms of a possible settlement suggests high stakes for AT&T, which like other cellular carriers relies increasingly on deliver data, rather than traditional phone calls, in making money from its customers.

The lawsuit comes at an awkward time for AT&T, which is trying to convince regulators to approve its $49 billion acquisition of the nation’s largest satellite TV provider, DirecTV.

AT&T is also paying $105 million to settle charges from this month that it loaded consumers’ wireless bills with bogus third-party fees without their consent. Those fees, according to the FTC and the FCC, added “hundreds of millions of dollars” to AT&T’s bottom line over a five-year period and misled customers into thinking that they were being charged for AT&T’s own services.

The coming showdown with the FTC could be bruising. Wireless carriers have turned to data as an increasing source of revenue as consumer demand shifts away from voice calls. And AT&T operates one of the most sophisticated lobbying operations in Washington. The company is the 14th-largest spender on lobbying in America, according to the Center for Responsive Politics.

In the lawsuit filed Tuesday, the FTC cited numerous consumers who alleged that AT&T failed to honor its commitments to unlimited data.

“This is a clear case of bait and switch,” one customer said, according to the FTC’s complaint.

“If [I’m] being punished for using my phone and plan as advertised[,] then I have lost a lot of respect for [AT&T],” said another.

The fight also touches on some larger issues, including the politically charged debate over “net neutrality,” which concerns whether Internet providers should be allowed to alter the speeds of various Internet traffic, potentially prioritizing the data flowing from favored corporate partners. Both of the the Republican commissioners on the FTC, Maureen Ohlhausen and Joshua Wright, issued tweets on Tuesday afternoon saying that the AT&T lawsuit showed that the FTC already has the power to regulate certain abuses in Internet data flows.

“@ATT throttling case shows the @FTC can and will enforce broadband ISPs’ promises about traffic mgt. #NetNeutrality http:,” Ohlhausen said in her tweet.

Such arguments come amid larger turf issues between the FCC and the FTC, which regulates a broader group of industries and often is described as more aggressive in curbing the abuses of large companies.

“Under Ramirez, the commission is going to confront some of the most powerful companies in the country for their data and privacy practices,” said Jeff Chester, executive director of the Center for Digital Democracy, a consumer and privacy group based in Washington.. “This is part of a much broader set of investigations going on at the FTC to look at how the digital data marketplace treats consumers… The FTC is stepping into an area where the FCC has failed to be an effective regulator.”

The FTC filed a complaint in July against T-Mobile, the nation’s fourth-largest cellular carrier, for allegedly “cramming” their bills with charges for “premium” services that customers often did not seek or understand. Some of the resulting revenue was returned to T-Mobile in what some critics have described as “kickbacks.”
http://www.washingtonpost.com/blogs/...ata-customers/





The Cliff and the Slope
Susan Crawford

The proof is in: Detailed report shows how U.S. Internet access monopolies punish rivals and catch innocent bystanders in the crossfire—legally.

Devan Dewey, the Chief Technology Officer of midsize investment consultancy NEPC, has an orderly office and a highly organized mind. So naturally, when some at-home employees near Boston complained they could barely work because their connections to the company data center had slowed to a crawl, Dewey and his team determined to find out why.

His team’s research led him to suspect something astonishing and dark: that NEPC, and probably many other businesses and consumers, were caught in the crossfire of an ongoing battle between “eyeball networks” run by Internet access providers, such as Comcast and Verizon; and “transit networks” used by competing video services, such as Netflix. He came to wonder whether, in their attempts to charge Netflix for access to their subscribers, Comcast and some other networks were recklessly affecting Internet connectivity for businesses like NEPC. Could that possibly be true?

The answer is yes. What started out as suspicion is now fully documented, in a study that has just been released by a nonprofit research consortium called M-Lab. M-Lab’s data suggests the logical conclusion that Verizon and Comcast, as well as Time Warner Cable, CenturyLink, and AT&T, are intentionally squeezing data coming from some incoming networks — in particular, networks associated with Netflix, which competes with these companies in video entertainment. Customers of these eyeball networks are getting degraded service that cannot be explained by anything other than business decisions. And these eyeball networks are acting with an apparent disregard for users not affiliated with Netflix, affecting all kinds of traffic and all kinds of users. By tacitly allowing network traffic jams — affecting only the highways of fiber that Netflix was using to send its bits — everyone else using those routes was getting stuck. NEPC employees working from home, for instance, could barely operate.

The revelations of clear service bottlenecks offer rare first-hand evidence of the power of large Internet access monopolies to force companies that require access to their networks into costly service arrangements, or else suffer degraded connectivity. This is the kind of game-playing feared by the millions of Americans who have pushed for rules preventing what faux news comedian John Oliver calls “cable industry fuckery.”

Here’s what happened to NEPC: Beginning in November 2013, employees who were working remotely began having trouble accessing NEPC’s servers. Employees who access their NEPC files by way of a remote desktop platform were waiting for minutes at a time for their files to open, and the quality of their phone calls — which are also routed over NEPC’s network — was wildly inconsistent. By January, the drip of employee complaints had become a torrent. Remote access had become untenable. Calls were dropping right and left. Files were freezing and not opening for minutes at a time. Productivity suffered and NEPC employees were, understandably, enormously frustrated — which led to a deluge of complaints to Dewey’s support team. Employees who had been used to having state-of-the-art access to their work materials from home or on the road started working in the middle of the night on the off chance that connectivity would be better. One employee said she would have to start working from the Boston office; she could no longer work from home, even though she’d made the move to full-time remote work so as to be available to her four children in a house far away.

Dewey and his staff were frantic. It was a complete mystery to them why NEPC employees were having trouble accessing their files and making phone calls; they couldn’t replicate the problems their employees were experiencing. Dewey’s team spent six weeks investigating every detail of NEPC’s network services.

NEPC has a private fiber network connecting its seven offices (and connecting those offices to the Internet), but NEPC’s data center connects to the Internet through Cogent, a company that sells both Internet access and inter-city transit services; according to Dewey, Cogent’s $600/month 100 Mbps service has historically been trouble-free. NEPC employees working remotely have VPN software that allows them to access the firm’s files. Dewey’s staff checked the software: no problems. Dewey and his team help employees set up their home Internet access — and require employees to subscribe to at least 10 Mbps download and 5 Mbps upload services — and there were no problems with either the Comcast or Verizon FiOS Internet access services the employees were using. Everything checked out, but nothing worked.

Dewey was baffled: Who or what was choking NEPC?

Although many people use the Internet in America, the physical lines that carry data from one place to another are invisible — and therefore mysterious to most of us. Let’s assume you’re one of the twenty-one million Comcast high-speed data subscribers. Comcast owns its own lines that transport your data from your living room to a handful of points in the U.S. for handoff to other networks. Seven key interconnection points — in New York City, Chicago, Seattle, San Francisco, Los Angeles, Dallas, and Miami — collectively handle about ninety percent of all handoffs among networks in the country. In these cities, hundreds of disparate networks meet in buildings, co-locating their facilities so that data packets can be easily handed off from one network to another. They are extremely large hubs of Internet inter-networking activity; three New York City points, for example, complete handoffs for most of the east coast of the United States.

Why handoffs? Comcast, in this story of NEPC’s travails, is wearing the hat of an “eyeball” network; it serves end-user individuals and businesses that are using browsers to request data from computers in other places. These end users often ask for data from networks and data centers that are not provided or hosted by Comcast. (Like Google. Or YouTube. Or Netflix.) And that means that a handoff between networks is needed.

Indeed, the point of the Internet Protocol was to allow disparate networks to interconnect easily; having a standard size unit of data (known as a “packet”) and addressing system allows traffic to travel around the world without asking permission from individual systems, making it possible for end-users to request packets from computers that are not physically controlled by their Internet access providers — their eyeball networks.

That original inter-networking idea came from an era in which inter-city “transit” (sometimes called “backbone”) networks were competing for customers. Policymakers assumed that it would always be in the interest of physical network suppliers to cooperate with one another at interconnection points. The market would ensure that these forces remained in balance, protecting both consumers and data packets from exploitation.

Things have changed. For starters, there has been tremendous consolidation in the last-mile wired marketplace. Just three providers, Comcast, Verizon, and Time Warner, account for almost half of the wired last-mile access marketplace in America. End-users, encouraged by access providers interested in replicating the pay TV model online, now ask for far more data than they generate. And the architecture of U.S. Internet access encourages this passive downloading behavior: the cable modem Internet access network, on which most Americans rely, substantially favors downloads over uploads. The three major last-mile providers also have nationwide networks of their own, which means that they do not have to rely as much on transit networks to carry traffic throughout the U.S. You can think of Comcast’s eyeball network as a giant castle surrounded by a giant moat. Inside the castle are all of Comcast’s territories in thirty-nine states. Outside the moat is the rest of the Internet, including all the transit networks carrying traffic requested by Comcast subscribers. Finally, the entire high-speed Internet access marketplace has been deregulated, meaning no level of government exercises oversight over the castle — or the terms on which the castle allows the moat surrounding it to be crossed.

These changes have put vast power in the hands of Comcast, Verizon, and Time Warner Cable nationwide, and in the hands of AT&T and CenturyLink in many U.S. markets. These companies are gigantic “terminating monopolies,” because the only way for traffic destined for Comcast’s subscribers coming from data centers or networks not controlled by Comcast — traffic coming from outside Comcast’s castle moat — to reach those subscribers is to go over Comcast’s lines.

In the past, if two networks transferred so much data between themselves that they were about to exceed the capacity of their connection, they would have gotten in touch to solve the problem. As M-Lab notes in its report, “[T]he traffic that flows through these interconnections is the lifeblood of the Internet — nearly all of the value of the Internet comes from the exchange of traffic, even when the ISPs involved are fierce competitors.” The engineers would have worked out a solution to open the access network’s door to the outside world more broadly. And they would split the minor costs of doing this upgrade — a $300 piece of fiber, a $10,000 souped-up router. A January 2013 OECD report found that 99.5% of Internet interconnection agreements at Internet Exchange Points happen without any formal contracts; engineers easily make deals to share the very low cost of trading traffic between networks in the same building.

But that was the past. Today, we have communications giants who see no need to adhere to traditional Internet niceties. Comcast, Verizon, and Time Warner Cable are now powerful enough that they can demand that they be paid for connecting with other networks. Their power comes from their huge numbers of subscribers; other networks need Comcast, Time Warner, and Verizon more than these eyeball networks need them. If the eyeball networks aren’t paid, they will refuse to upgrade the doors between their eyeballs and the network seeking to connect. If that upgrade doesn’t happen but the eyeballs keep asking for more and more data — because, say, they want to watch movies online from Netflix — packets get dropped. And if packets get dropped, hourglasses spin and screens freeze.

In other words, it’s possible to mess up the user online experience by doing nothing — not upgrading facilities when traffic patterns call for it. If the congestion just happens to affect the business of a competitor, it’s in the interest of an eyeball network to do so.

Now, thanks to M-Lab, we have definitive data about what is going on between end-users and sites on the other side of the (metaphorical) bridge that runs between the user’s eyeball network and an outside network: we can measure how many packets can be sent between two networks successfully each second (“throughput”), how quickly packets can travel — how many milliseconds it takes them to make the trip — across an interconnection point (“latency”), and what gets lost over an interconnection point that hasn’t been upgraded to higher capacity, as packets that aren’t acknowledged get re-sent (“retransmission”). All of these measurements are captured for a representative sample of the U.S. population by M-Lab at very frequent intervals over a long period of time — beginning in 2009 and continuing to this day — which allows us to compare what is going on at (for example) 7pm each day in different locations. And guess what — the painstaking research reveals patterns that look exactly like the destructive jamming-by-doing-nothing gambit described above. It turns out that the evening hours between 7pm and 11pm local time, peak hours of Internet usage according to the FCC, are particularly painful times for packets flowing between the eyeball networks and other places on the Internet.

The M-Lab data reveals two striking patterns of interconnection problems; The Cliff and The Slope. The Cliff afflicted Cogent in its relationships across the country with Comcast, Verizon, AT&T, CenturyLink, and Time Warner Cable from the spring of 2013 until early 2014. The Slope afflicted another non-eyeball network, Level 3, in its relationship with Comcast, Time Warner Cable, and Verizon over this same time period in several markets, and its effects appear to be continuing.

First, The Cliff. In the spring of 2013, Netflix began moving more of its business to Cogent. Cogent’s traffic to Comcast’s, Time Warner Cable’s, and Verizon’s key interconnection points across the U.S. went way up — because Comcast, Time Warner Cable, and Verizon customers were asking for Netflix videos. In a competitive market, the eyeball networks would have had every incentive to upgrade their connections to Cogent to ensure that their subscribers continued to have a good online experience. But the opposite happened.

M-Lab’s data conclusively shows that Cogent’s connections with the large eyeball networks, in every part of the country where M-Lab gathered data, subsequently fell off a cliff. Conditions were bad for Cogent’s packets in Dallas, Los Angeles, and Seattle: in Dallas and Los Angeles, Cogent connections with Comcast, Verizon, Time Warner Cable, AT&T, and CenturyLink were congested. In Seattle, Cogent had problems with Comcast and CenturyLink. Life for Cogent packets was particularly rough in New York City. Before the Netflix-Cogent deal, peak rates (when throughput matters most) for traffic traveling from Cogent to Comcast and Verizon customers averaged 20–25 Mbps. But in January 2014 traffic traveling from Cogent to Comcast and Verizon subscribers dropped to speeds of less than 0.5 Mbps during peak use hours — the minimum rate needed for web browsing and email, according to the FCC. Users of Comcast, Verizon, and Time Warner Cable also saw significant slowdowns in the form of packet retransmission rates and increased round trip times for traffic coming from Cogent.

The data shows that for most of each day between May 2013 and March 2014 major New York City interconnection points between Cogent and the major eyeball networks were running at full capacity — meaning there was insufficient headroom for the packets being requested by subscribers. Packets were being dropped.

Shockingly, Comcast, Time Warner Cable, and Verizon failed for about nine months to provide their customers with throughputs above 4 Mbps (the FCC’s minimum for a “broadband” connection) when connecting to Cogent traffic. Within a few days after Netflix and Comcast agreed to a deal, traffic carried by Cogent was flowing normally to Comcast subscribers — for whatever reason — again.

When Comcast and Verizon customers complained during this period about malfunctioning online applications — which were not always Netflix — they were unable to figure out what the problem was.

Post on a Comcast user forum, dated February 25, 2014:

My needs are simple — I work in a local university hospital, and sometimes need to connect from home overnight or on weekends for urgent patient cases. So when I’m not using the connection as a home internet connection, I primarily connect to a VPN with a Citrix server, which hosts some proprietary software that displays certain patient data and relevant video. Video is vital to what I do, so I require reasonable speed. At certain times of the day I’ve managed to get 15mbit/s down, and video runs at a decent speed. At peak times, however, I rarely see speeds upward of 700kbit/s down from the VPN, and the video is so slow as to be unusable, I might as well hop in my car and drive to work. . . .

I have tried our local IT contacts, but they have been of limited assistance (of the “unplug and reboot your computer” variety).Thanks!

Paul Davis, a network engineer for American Fiber, Inc., said in a Comcast user forum in February 2014,

“Many Comcast users here in Utah are not able to maintain a stable connection to their work computers from home, and many Jet Blue employees cannot maintain a connection from their Comcast connections at home to work as well.” http://forums.comcast.com/t5/Basic-I...2015859/page/2.

Now for The Slope. In Atlanta and Chicago, transit network Level 3's connections with eyeball networks Comcast, Time Warner Cable, and Verizon have suffered from congestion issues.

Roundtrip time — latency — is up, particularly between Comcast and Time Warner Cable and Level 3. Throughput — the number of packets allowed through the door between the two networks — is down, particularly between Verizon and Level 3. The uniformity of these issues in different geographic areas between the same pairs of companies signals that this is not a technical problem. This is a business dispute that is harming American consumers.

Across many of these connections, the effect on consumers continues. The practical dimensions of these effects vary. If a delayed or dropped data packet is part of an email, then there is probably a short delay in the delivery of that message. If the data packet is carrying information for a performance-sensitive application like a voice phone call or a streaming video, the user may be experiencing much more trouble — garbled calls and degraded video. Applications (like Netflix, Sony, Apple, Google, Amazon, and others) likely are having more trouble working and online streaming services are likely affected (Major League Baseball, for example). Problems are particularly bad at peak usage times; the doorway between the two networks is simply too narrow for the amount of data that needed to be handled. Level 3 is the largest transit provider in the world, but data coming from Level 3 is not being treated well.

Why would Comcast, Verizon, and Time Warner Cable make their users’ experience accessing the online world worse? The obvious answer: money. In the Cogent “cliff” context, Cogent had signed a deal with Netflix, and Comcast and Verizon wanted to make sure that they were getting a slice of Netflix’s consumer revenue. Also, Comcast sells its own transit network services, and would be happy to sell those services to customers — so Comcast is effectively competing with Cogent, Netflix’s transit carrier, and Level 3 — as well as Netflix.

In the Level 3 “slope” context, it is the naked principle of the thing: eyeball networks want payment before they will upgrade their interconnection points to the transit networks.

And the payment will be whatever the eyeball networks ask. “Paying for upgrades,” in the eyeball networks’ view, means paying an invented cost for traffic volume plus whatever equipment costs that Comcast and the others say they need to invest to handle the traffic. Such costs may be minimal—a $300 piece of fiber or other cheap interconnection equipment upgrades. But as last-mile monopolies, the eyeball networks can invent fees and then assess them, and force everyone else in the system to pass those costs on to subscribers.

In this case, there seemed to be no upgrades, despite a clear need for them. Thus, as traffic predictably grew on Cogent’s network from increasing numbers of Netflix subscribers streaming videos, but the width of Cogent’s doorway into Comcast’s and Verizon’s network didn’t change, packets started dropping. And Devan Dewey started getting inexplicable complaints.

Before M-Lab’s data, of course, affected customers and businesses had no way of knowing why the Internet access they had paid for was not being delivered. Dewey scrambled for weeks, trying to figure out why his employees could no longer do their work. Finally, after hiring an Internet “health” monitoring firm, Dewey’s team discovered a chokepoint: the interconnection point in New York City. Packets traveling from NEPC’s offices to NEPC’s workers via Cogent were being lost at the moment Cogent handed those packets to Comcast and Verizon in New York City for delivery over the eyeball networks to the worker. Just two percent of packet loss can make a perceptible difference in the quality of a phone call; at the height of NEPC’s problems as many as 20% of their packets weren’t making it through, which is why the firm’s remote work ground to a halt.

Cogent confirmed there was an issue: “We have a problem in New York,” Cogent told him. Dewey ended up buying a second Internet connection from NEPC to the outside world in addition to his Cogent line, and spent dozens more hours getting that circuit up and running. All told, Dewey estimates that his firm spent about two hundred employee-hours trying to diagnose and fix the problems the firm’s employees were encountering — not counting the time wasted by frustrated NEPC employees who were unable to work without interruption or delay.

In part, the reason why it took Dewey so long is that the answer is counter-intuitive. NEPC had nothing to do with Netflix, so why was it affected by Comcast’s and Verizon’s apparently anti-competitive activity? The answer requires a bit of explanation.

Cogent sells two flavors of services to businesses: Internet access — the connection that NEPC bought for its operations center — and Internet transit, or connections between networks.

Cogent has assembled its network by leasing segments of fiber across the country and it aggressively charges less in order to gain more customers; it connects to 1400 office buildings and would like to have more data centers on its list. NEPC’s problem was that it had bought the first flavor of service from Cogent: NEPC is one of many professional services firms (legal, financial, advertising, consulting) located in multi-tenant office buildings that use Cogent for Internet access.

But Cogent was being systematically disfavored by Verizon, Comcast, and the other providers because of its sale of the second flavor of service — transit — to bandwidth-intensive Netflix. Both flavors of services look the same from the perspective of a fiber network; they’re just packets flowing over Cogent’s leased or owned facilities. When the Cogent transit network seeks to interconnect with the Comcast or Verizon eyeball network to hand off packets, things can evidently go wrong. NEPC’s communications cataclysm was a byproduct of the battle between eyeball and transit networks. In order to make life miserable for Netflix and force that company to share its revenue with the eyeball networks, Comcast and the others had simultaneously made life miserable for many other companies.

Comcast’s response: this is business as usual.

“The M-Lab Interconnection Study only confirms what network engineers have always known: If a network does not obtain sufficient capacity to deliver its content to another network that content runs the risk of being transmitted over congested links which could degrade performance.

That is why Comcast reached out [to] transit providers, CDNs, and content providers to negotiate business agreements that would provide them with the capacity they needed, as we explained in our sworn declaration before the FCC.

As our declaration shows, Netflix hailed our agreement as great for consumers, and affordable for them.”

[The Comcast statement ignores Netflix’s more recent clarification to the FCC on why that agreement occurred; “It is extortion when Comcast fails to provide its own customers the broadband speed they’ve paid for unless Netflix also pays a ransom.”]

This interconnection problem is not confined to the world of telecommuting. Andrew Boegly is the Chief Information Officer of the Colonial School District in Plymouth Meeting, Pennsylvania — a Philadelphia suburb. He oversees a state-of-the-art fiber optic network, a 10 Gbps backbone, that serves the district’s 4,633 students and 718 teachers and staff. Since about May of this year, however, Colonial’s Internet access connection to the outside world has been intermittently experiencing severe packet loss, causing enormous practical problems. Colonial’s payroll data is due to the processing company by 8pm every other week in order for employees to be paid two days later, and Colonial is required to send its payroll information online. But recurring connection issues have meant racing against the clock to re-submit the payroll data multiple times until it goes through. “A lot of times it came down to the last minute with us calling the end [payroll] provider who actually did it manually for us because we couldn’t do it,” he says.

Boegly does not have a large tech staff at his beck and call, but he and his team put in countless hours trying to trace the problem. “It was a lot of wasted time, a lot of impact for us in terms of employee work,” says Boegly. They determined that they were suffering packet loss — a network along the way was ignoring and not forwarding some of the data they were sending — a sure sign of network congestion. Because Boegly uses a Citrix application for payroll data, and “Citrix doesn’t like packet loss,” according to Boegly, the process was failing. After getting in touch with Cogent, with whom Colonial’s aggregating larger school district, the Montgomery County Intermediate Unit or MCIU, contracts for Internet access service, Boegly learned what was happening and why.

After Colonial’s payroll data leaves its network it is transmitted via fiber to the MCIU. From there, the MCIU forwards it on to Cogent, which transports it to an interconnection point with Verizon for delivery to its final destination. And guess what happens next? Just after the handoff from Cogent, Verizon loses many of the packets, often causing the data transfer to fail. “Any time you have packet loss over a Citrix connection, it’s going to dump you,” says Boegly. “And that’s exactly what’s happening in the middle of the process. It has to then be started all over again and then begin the transfer process to get it to connect.”

When Boegly complained, he got a classic runaround: Cogent blamed Verizon for not upgrading its ports, and told Boegly the problem had to do with Netflix. After working with Verizon, going up the ladder from the online tech support team to senior level Verizon customer service, Boegly was told by Verizon that the problem was Cogent’s fault. Meanwhile, Colonial’s problems persist.

Boegly says he feels “helpless.” “You know, I contacted the FCC. I contacted the [state] utilities commission, just for help because you couldn’t make any ground with Verizon, Cogent, or anyone,” he says. “It’s just not a priority for anyone.” Colonial pays quite a lot of money for its connection, and Boegly has spent an enormous number of hours trying to sort out this problem. There has been no progress. As a stopgap, Boegly purchased a wireless card to use when he has connectivity issues. The school district with state-of-the-art fiber will now submit its payroll using the equivalent of a cell phone connection. “It’s the giants that are out there that are not really paying attention to these little incidents, which may be small for them, but they’re large for us,” says Boegly.

M-Lab’s thorough research substantially narrows the likelihood that the problems faced by consumers as a result of these congestion issues are caused by anything other than business decisions about interconnection.

Consider this: The lab’s newly-published study shows that NYC-interconnected traffic from eyeball subscribers of Verizon, Comcast, and Time Warner Cable had no trouble reaching M-Lab nodes hosted on Internap, a different content network — a network that isn’t Cogent or Level 3. Performance between Internap and users was exponentially healthier than that between Cogent and those same users: data traveling from Internap to Comcast users zipped along at download speeds of 12 or more Mbps and experienced far lower retransmission and latency rates.

This means that what went wrong with the traffic coming from Cogent happened at the interconnection point. There does not appear to be any congestion inside the eyeball networks themselves.

One possibility, of course, would be that the problem is with Cogent’s network. But that is not the case. We know this because the M-Lab data also show that Cablevision users in NYC did not experience problems with traffic coming from Cogent between June 2013 and March 2014. Cablevision maintained parity and high throughput for both Cogent and Internap throughout this period.

Why would Cablevision, which is not available in Comcast or Time Warner Cable territory, act differently? Because, unlike Comcast, it has to compete. More than half of Cablevision’s territory overlaps with that of Verizon FiOS; only 7% of Comcast’s and 11% of Time Warner Cable’s does. And so Cablevision (but not Comcast or TWC) makes every effort to ensure that Netflix works well for its customers, including by allowing Netflix to bring its content inside its network—via Netflix’s “OpenConnect” content delivery network—at no cost. Cablevision, unlike Comcast or Time Warner, is at risk of losing its customers to Verizon’s fiber services.

In a competitive market customers can switch operators on the basis of poor performance. Here, however, entire connecting networks are being discriminated against in a way that will be difficult for a normal human being to detect. And if the customer does figure it out, in most parts of America they will have little ability to switch. The large cable operators — who never compete with one another — control 80% of lines capable of 25 Mbps or greater Internet data downloads. Verizon FiOS, which could compete effectively with cable, will stop rolling out services once it reaches 20 million households. And even where it does have fiber optic services in place, Verizon is playing the same interconnection games. So there is nowhere for customers to go.

Furthermore, this is a national problem. M-Lab data shows that customers of Comcast, Verizon, AT&T, CenturyLink, and Time Warner Cable, in different markets and in different ways during the period between June 2013 and February 2014, have experienced persistent and extreme degradation of performance when requesting content residing outside the castle moats of the eyeball networks. In some cases, these issues are continuing today. The pattern is clearly consistent with a systematic and simultaneous refusal on the part of these major eyeball networks to upgrade connections between their networks and Cogent and Level 3. Even if it ruins the business of some of their customers.

Verizon’s response to the M-Lab report (from David Young, the company’s Vice President for Federal Regulatory Affairs), toes the party line:

“It is a very interesting report which brings new data to light that clearly documents how the changes Netflix made to its routing of video traffic suddenly caused congestion on links between the transit networks it was using (Cogent, Level 3 and XO) and the end-user ISPs who were not directly connected to Netflix’s Open Connect CDN (everyone except Cablevision and Cox). It confirms [that] Netflix [is] ultimately responsible for the dramatic, simultaneous decline in Netflix performance for all non-OpenConnect ISPs.”

And, from AT&T:

“Commercially negotiated peering relationships have existed since the inception of the commercial Internet. The goal of commercial peering arrangements is to allocate infrastructure costs between the two networks as close to equal as possible. Consequently most commercial peering arrangements have a component that takes into account balance of traffic. When one side of a commercial peering arrangement sends significantly more traffic than it receives, the allocation of infrastructure costs described above gets skewed. If the sending party refuses to take steps to bring balance back into the arrangement, congestion can result. Since the entire Internet operates on a best efforts basis, severe congestion can only be addressed by a new commercial arrangement involving steps to either reduce the traffic flows, route the traffic in a more efficient way, invest to augment capacity, or some combination of all three. This is how the Internet has always worked— and it works very well.”

While one cannot get inside the corporate minds of the Internet access giants, one does not need a conjurer to see the obvious motive for this: the eyeball networks think they should be paid for access to their subscribers.

In the past, requests for upgrades were routinely granted. Now, suddenly, upgrades are impossible without painful negotiations over fees that have no perceptible relationship to the cost of making the upgrade — and Comcast and the other eyeball networks are making no promises about restraining themselves in the future.

Most of the Americans who are online rely on the eyeball network services of Comcast, TWC, AT&T and Verizon. More still use regional networks that also rely on these providers. If you add in wireless access, almost two hundred million subscribers have been affected by the tussles between the eyeball and content networks in 2013–2014 — not counting the corporate customers of Cogent, Level 3 (and XO, another transit network mentioned in the M-Lab report) who, like NEPC and Colonial, experienced problems. Every one of those customers likely expects that their monthly payments give them unfettered access to everything on the Internet — outside the castle moat — on a non-discriminatory basis. But that is not happening, and the tussles continue. More hospitals are using telemedicine services these days; more schools are providing distance education. All of these consumer uses and services are hostage — potentially — to the power of the eyeball networks to exact tribute.

Can anything be done about this? In a story accompanying this report, I have some policy suggestions.

But in the meantime, customers are at the mercy of the Internet access giants. On Sunday, February 23rd, 2014, Comcast and Netflix issued a joint press release with the title “Comcast and Netflix Team Up to Provide Customers with Excellent User Experience.” Netflix now contends that behind the sunny headline is a tale of what they consider a form of extortion: pay or lose customers. They paid, and now Comcast customers will pay twice for Internet access: the price they pay to Comcast, and the price of the Comcast interconnection fees reflected in their Netflix bill.

According to Matt Wood, policy director for Free Press, the M-Lab report makes clear just how bad the situation is: “Cable companies always say that somebody has to pay for all of this traffic. Well, somebody does: cable customers pay hand over fist for high-speed Internet access, and they should have the right to use the connections they pay for however they want.

We see even more clearly now how Comcast and other Internet access providers cause artificial congestion, and make their own paying customers suffer the consequences, to generate new revenue streams for their bottleneck businesses.”

And what of NEPC, the company whose telecommuting employees stopped being able to function? While the flow of bits has returned, there is no comfort. “We’re still at risk,” Dewey says. Because Comcast and Verizon (and, it turns out, Time Warner Cable, AT&T, and CenturyLink, in their respective markets) have the market power to shape traffic flow across the connections into their networks from the outside world, they can make life miserable for packets trying to reach subscribers at any moment, for any reason. Think Chris Christie and the George Washington Bridge: these eyeball networks have the power to move the traffic cones at the chokepoints into their networks for any purpose, and the cars trying to cross the bridge (the equivalent of individual users’ data sessions) don’t know why they are having such difficulty.

Dewey, for his part, doesn’t care whose fault it is. He just wants someone to protect consumers and businesses. Dewey, the Colonial School District, and millions of consumers are not impressed that the eyeball networks, if they wish, can shrug off M-Lab’s research with three words.

It’s all legal.
https://medium.com/backchannel/jammed-e474fc4925e4





20 More Cities Want to Join the Fight Against Big Telecom's Broadband Monopoly
Jason Koebler

At least 20 additional American cities have expressed a formal interest in joining a coalition that's dedicated to bringing gigabit internet speeds to their residents by any means necessary—even if it means building the infrastructure themselves.

The Next Centuries Cities coalition launched last week with an impressive list of 32 cities in 19 states who recognize that fast internet speeds unencumbered by fast lanes or other tiered systems are necessary to keep residents and businesses happy.

The group includes cities that have built their own municipal broadband networks, cities that want to build their own, and cities that have worked with companies such as Google to bring fiber, gigabit-speed internet to their residents—the idea being that cities that don't have ultrafast internet can learn how to jump through legislative and logistical hoops from those who have been there before.

The group's launch event was so successful that Deb Socia, the group's executive director, says at least 20 more cities have already asked to join, and that she expects the coalition to grow "substantially" in the next couple months.

"It's already generated a lot of interest in other cities, so it justifies what we've been thinking all along—that people really want this," she told me in a phone interview. "Over the next month or two we'll formalize it. I think we'll increase our numbers pretty substantially."

Socia wouldn't tell me what cities have expressed interest, because they haven't formally joined yet.

These new cities would join others such as Chattanooga, Tennessee, and Wilson, North Carolina—two cities that have built their own broadband networks but are hoping to expand them to neighboring communities despite state laws being on the books that prevent them from legally doing so. To circumvent that problem, both cities have filed petitions with the Federal Communications Commission to override state restrictions.

"One of our principles is that communities must enjoy self determination," she said. "Even if you're in a city with an anti [municipal broadband] law, we think that decisions are made best when they're made close to the people who are impacted."

Socia said she believes that over the last several years, cities have really begun recognizing that if they are unable to offer their residents fast, reliable internet (or if big telecom is unwilling to), their growth and economic prosperity will stagnate.

"It's frustrating for cities in general and it's frustrating for residents. There are a lot of folks who now understand that fast internet is a part of your work experience and it's hard to survive without it. It's certainly impossible to work from home without it," she said. "I think if most people had a choice, they'd pick a place to live that has really good service."
http://motherboard.vice.com/read/20-...dband-monopoly





Americans Pay More for Slower Internet
James O'Toole

When it comes to Internet speeds, the U.S. lags behind much of the developed world.

That's one of the conclusions from a new report by the Open Technology Institute at the New America Foundation, which looked at the cost and speed of Internet access in two dozen cities around the world.

Clocking in at the top of the list was Seoul, South Korea, where Internet users can get ultra-fast connections of roughly 1000 megabits per second for just $30 a month. The same speeds can be found in Hong Kong and Tokyo for $37 and $39 per month, respectively.

For comparison's sake, the average U.S. connection speed stood at 9.8 megabits per second as of late last year, according to Akamai Technologies.

Residents of New York, Los Angeles and Washington, D.C. can get 500-megabit connections thanks to Verizon (VZ, Tech30), though they come at a cost of $300 a month.

There are a few cities in the U.S. where you can find 1000-megabit connections. Chattanooga, Tenn., and Lafayette, La. have community-owned fiber networks, and Google (GOOGL, Tech30) has deployed a fiber network in Kansas City. High-speed Internet users in Chattanooga and Kansas City pay $70, while in Lafayette, it's $110.

The problem with fiber networks is that they're hugely expensive to install and maintain, requiring operators to lay new wiring underground and link it to individual homes. Many smaller countries with higher population density have faster average speeds than the United States.

"[E]specially in the U.S., many of the improved plans are at the higher speed tiers, which generally are the most expensive plans available," the report says. "The lower speed packages---which are often more affordable for the average consumer---have not seen as much of an improvement."

Google is exploring plans to bring high-speed fiber networks to a handful of other cities, and AT&T (T, Tech30) has also built them out in a few places, but it will be a long time before 1000-megabit speeds are an option for most Americans.
http://money.cnn.com/2014/10/31/tech...eds/index.html





Americans Don’t Live in Information Cocoons
Brendan Nyhan

In this polarized age, have citizens retreated into information cocoons of like-minded media sources?

A new Pew Research Center report found that the outlets people name as their main sources of information about news and politics are strongly correlated with their political views. Almost half of all respondents that Pew classified as consistent conservatives named Fox News as their primary news source, while consistent liberals were disproportionately likely to name National Public Radio (13 percent), MSNBC (12 percent) and The New York Times (10 percent). These results are in line with studies suggesting that people tend to select news and information that is consistent with their political preferences in controlled settings.

The Pew study has been widely interpreted to mean that people are living in partisan and ideological echo chambers — a fear that has been frequently expressed as new communication technologies have expanded the media choices of consumers. One of the most famous examples is Cass Sunstein’s “Republic.com,” a 2001 book that warned of a future in which people could filter out unwelcome viewpoints from the information they consume, potentially creating a more extreme and misinformed citizenry.

But have the predictions of widespread media echo chambers really come true? It’s hard to tell using questions like Pew’s, which ask people to self-report where they get their news. People can be biased in what outlets they choose to name or forgetful of the media they did consume in different settings and contexts. In particular, liberals or conservatives may be prone to exaggerating their exposure to ideologically consistent news outlets. Naming Fox or MSNBC in response to a question like the one Pew used may thus be more of a marker of tribal affiliation than a direct measure of news consumption.

The picture looks a lot brighter when social scientists have analyzed measures of people’s news consumption in the real world. It turns out that the media people are actually exposed to both online and offline is much more diverse and heterogeneous than people’s self-reports suggest.

Consider, for instance, the results of a study by the University of California, Los Angeles, political scientist Michael LaCour, who analyzed data on television and radio exposure among a national sample of respondents who carried mobile devices that recorded ambient sound.

Contrary to predictions of widespread polarization in media consumption among partisan lines, he found that the news diets of Democrats and Republicans had very similar patterns of media slant, which he estimated by comparing characteristic patterns of language in their reporting with the speech of members of Congress (for instance, how frequently they use the phrase “death tax,” which is more frequently used by Republicans than Democrats). Partisans from both sides were most likely to consume news from outlets that were estimated to be relatively centrist, such as network morning shows and evening news broadcasts.

Moreover, the ideological news that people did see or hear (such as shows on MSNBC or Fox) was relatively balanced between sources with a shared or opposing point of view — only a tiny handful of respondents got more than 90 percent of their news from ideologically congenial sources.

Similarly, an analysis of online news consumption data by the University of Chicago economists Matthew Gentzkow and Jesse M. Shapiro found that most people tended to visit a relatively balanced and centrist set of websites. While they found some ideological segregation in news consumption behavior online, they estimated that it was far smaller than we observe in people’s families or social networks. Similarly, their data indicate that we’re more segregated by ideology in where we live (at the ZIP code level) than in the news sites we visit.

What about social media? Doesn’t it encourage echo chamber behavior? Not according to a paper by the New York University political scientist Pablo Barberá. It is true, he finds, that people tend to follow like-minded individuals on Twitter — about two-thirds of the people followed by the median Twitter user in the United States share the user’s political leanings. But his analysis also shows that those American users who are embedded in even modestly diverse networks tend to follow a less ideologically homogeneous group of people over time. Rather than polarizing us further, encountering differing views online may encourage people to broaden their information stream.

In short, while it’s still possible to live in a political bubble of your own choosing, the best evidence suggests that very few people are getting their news only from like-minded outlets. Why, then, do so many Americans seem to live in different political realities?

The problem isn’t the news we consume, it seems, but the values and identities that shape how we interpret that information — most notably, our partisan beliefs. In other words, Democrats and Republicans don’t see the world so differently because they see different news; rather, they see the news differently because they’re Democrats and Republicans in the first place.
http://www.nytimes.com/2014/10/25/up...n-cocoons.html





Verizon is Launching a Tech News Site that Bans Stories on U.S. Spying
Patrick Howell O'Neill

Verizon is getting into the news business. What could go wrong?

The most-valuable, second-richest telecommunications company in the world is bankrolling a technology news site called SugarString.com. The publication, which is now hiring its first full-time editors and reporters, is meant to rival major tech websites like Wired and the Verge while bringing in a potentially giant mainstream audience to beat those competitors at their own game.

There’s just one catch: In exchange for the major corporate backing, tech reporters at SugarString are expressly forbidden from writing about American spying or net neutrality around the world, two of the biggest issues in tech and politics today.

Unsurprisingly, Verizon is deeply tangled up in both controversies.

The first revelation from Edward Snowden’s leaks showed that Verizon gave the National Security Agency (NSA) all of its customers’ phone records. Later leaks showed that virtually every other major phone and credit card company in America was doing the same thing.

Verizon has been snarled in U.S. government surveillance for years. After the Sept. 11, 2001, terrorist attacks, USA Today reported, Verizon gave the NSA landline phone records without customer consent or a warrant. Just this week, it was revealed that Verizon is tracking all of its wireless customers movement throughout the Web.

Verizon has also led the charge to kill net neutrality—the principle that Internet service providers, like Verizon, should treat all Internet traffic equally—earning its place as the most vocal, aggressive, and well-funded opponent the so-called open Internet movement faces.

Curiously, Verizon’s self-censorship applies only to surveillance conducted by the United States. SugarString reporters are allowed to write, and have already written about, spying in other countries. Chinese surveillance, for instance, is fair game, as made evident in this article about anonymizing hardware, which mentions Chinese dissidents who risk their lives against state surveillance.

News of Verizon’s publishing venture and its strict rules first came to light to multiple reporters through recruiting emails sent last week by author and reporter Cole Stryker, who is now the editor-in-chief of SugarString. (Stryker has also previously contributed to the Daily Dot.) I was one of the reporters who received that email. The premise and rules behind the site were explained to me in a series of messages throughout the day. I declined the job offer.

Other reporters, who asked not to be named, have confirmed that they have received the same recruiting pitch with the same rules: No articles about surveillance or net neutrality.

Verizon describes SugarString, which was first registered by the telecommunications giant in June, as a site that “delivers the latest in technology and lifestyle news for a generation that doesn't separate tech from everyday living. From breaking news to thoughtful essays, best-in-class op-eds and beyond, this site covers what millennials really care about today.”

That’s much more aspiration than reality at this point. Although there have been a handful of articles already published, the site’s editorial roster is still being assembled, hence the apparent onslaught of recruiting emails sent out last week. While Verizon has already occasionally used its big social media presence to direct traffic to SugarString, it’s fair to say that the site has yet to leave the starting line.

SugarString has a few clear inspirations, cited by Stryker in his recruitment email, most notably from the singularly successful media monster that is Vice. In 2009, Vice partnered with Dell to sponsor the popular tech-blog Motherboard. However, while Dell’s logo was all over Motherboard in its earlier days, Vice said there was no other connection and that Dell exercised no overt editorial power on the site.

Verizon, on the other hand, is establishing the ground rules at SugarString. While it gives reporters a wide berth on certain subjects, surveillance and net neutrality are verboden.

This is not, however, the first time a major modern American corporation has established its own news outlet. It’s not even the first time it’s happened this year.

Chevron, a $227 billion oil company, now publishes the hyperlocal Richmond Standard for Richmond, Calif., a town whose largest employer is a nearby Chevron petroleum refinery. Instead of being a useful journalistic enterprise, the Standard has been criticized as a well-funded propaganda tool meant to influence politics in an important arena, one that will dodge significant issues like multiple fires, noxious air pollution, and taxes.

Likewise, Verizon’s decision to build a technology news site that flat-out ignores two of the biggest questions we have about the future of technology raises key questions about how the site can build a fair, comprehensive, and honest journalistic institution.

Virtually every story currently on the front page of SugarString—articles about GPS being used by law enforcement, anonymity hardware enabling digital activists, and artists on the Deep Web—would typically include information on American surveillance of the Internet or net neutrality to give the reader the context to make sure she’s fully informed.

But none of the current articles do that. At best, they dance around the issue and talk about how other countries aside from the U.S. conduct surveillance. That self-censorship puts blinders on the reader, never giving her all the information she should have—information that, not coincidentally, tends to make Verizon and other powerful interests look very, very bad.

To Verizon’s credit, they’re not hiding their role in building SugarString. Verizon advertisements dot the whole site, and each article has a footnote (in size eight font) telling readers that “these articles were written by authors contracted by Verizon Wireless.” It goes on to state that “the views expressed on SugarString may not necessarily reflect those of Verizon Wireless.”

What the site neglects to mention is that reporters are not allowed to express any view at all on two subjects that Verizon is extremely sensitive about.

Verizon did not return a request for comment in time for publication.
http://www.dailydot.com/politics/ver...et-neutrality/





Verizon’s ‘Perma-Cookie’ Is a Privacy-Killing Machine
Robert McMillan

Verizon Wireless has been subtly altering the web traffic of its wireless customers for the past two years, inserting a string of about 50 letters, numbers, and characters into data flowing between these customers and the websites they visit.

The company—one the country’s largest wireless carriers, providing cell phone service for about 123 million subscribers—calls this a Unique Identifier Header, or UIDH. It’s a kind of short-term serial number that advertisers can use to identify you on the web, and it’s the lynchpin of the company’s internet advertising program. But critics say that it’s also a reckless misuse of Verizon’s power as an internet service provider—something that could be used as a trump card to obviate established privacy tools such as private browsing sessions or “do not track” features.

Jacob Hoffman-Andrews, a technologist with the Electronic Frontier Foundation, wants Verizon to stop using the UIDH. “ISPs are trusted connectors of users and they shouldn’t be modifying our traffic on its way to the Internet,” he says. He calls the UIDH a “perma-cookie,” because it can be read by any web server that you visit and used to build a profile of your internet habits.

I don't know how I missed this: Verizon is rewriting your HTTP requests to insert a permacookie? Terrible. http://t.co/MBDGZaLKNs

— Jacob H-A (@j4cob) October 22, 2014

According to Verizon spokeswoman Debra Lewis, there’s no way to turn it off. She says that Verizon doesn’t use the UIDH to create customer profiles, and if you opt out of the company’s Relevant Mobile Advertising program (you can do this by logging into your Verizon account here), then Verizon and its advertising partners won’t be using it to create targeted ads. But that’s beside the point, says Hoffman-Andrews. Because Verizon is broadcasting this unique identifier to every website, ad networks could start using it to build a profile of your web activity, even without your consent.

The fact that the UIDH was around for two years before getting any serious attention is a testament to the murky and challenging nature of privacy on today’s internet. Verizon has made no secret of its ambitions to cash in on the mobile advertising market. But the technical details of how it is doing this have been hard to uncover.

You can test to see if your mobile device is broadcasting a UIDH on this website, run by Kenneth White, a security researcher. (Go to the site, and if there is nothing displayed after the line “your UID is reporting,” then you are not displaying a UIDH.) White says that the majority of Verizon Wireless customers who test their devices on his site display the perma-cookie. But not everyone does.

Verizon couldn’t explain why some of our Verizon phones here at WIRED didn’t display it when we tested. White thinks that may be because the router-side software used to insert the header may not be available on all of Verizon’s sprawling national network. If you connect via Wi-Fi, or a virtual private network, or are talking to a site via SSL, then the UIDH will not display either.

It’s difficult for even outside websites to realize what is happening here. The UIDH headers weren’t discovered until someone configured web traffic to log all headers and then noticed the extra data coming from Verizon customers. That person, an EFF member, then reported it to the digital rights organization. “It’s gone relatively unremarked by the security, privacy, and broader technical community, in part, because it’s so hard to observe,” says Hoffman-Andrews.

But now Verizon is getting some extra scrutiny, as are the other carriers. Late Friday, Hoffman-Andrews said he was looking into anecdotal reports that AT&T was using a similar type of identifier.
http://www.wired.com/2014/10/verizons-perma-cookie/





3 Loopholes In Android Lollipop Encryption That Could Expose Your Phone Data

For starters: No passcode, no privacy.
David Hamilton

Android 5.0 Lollipop, the latest version of Google's mobile operating software, will indeed shield files, photos and other user information on Android phones from prying eyes. But that protection isn't quite as all-encompassing as the company's earlier statements might have led you to think.

A month ago, Google announced that Lollipop would automatically encrypt user data on Android phones, essentially scrambling it so that the police, spies and jealous lovers can't read your texts and email or snatch up your private pictures. "[E]ncryption will be enabled by default out of the box, so you won't even have to think about turning it on," the company's statement read.

On Tuesday, Google provided some more details about how that encryption actually works. New phones that ship with Lollipop will begin encrypting data once they're turned on, using encryption keys generated internally by Android software and phone hardware (technically, chip-based random-number generators).

Those master keys, according to Adrian Ludwig, Android's lead security engineer, never leave the device. That means Google has no access to them and can't provide them to law enforcement or other authorities even if presented with a legal order to do so.

Lollipop's encryption scheme greatly speeds up the process of protecting users' stored data, since it starts off with a largely empty phone and then encrypts new data as it's added. Android has actually allowed users to encrypt their phones for roughly three years, but it didn't draw attention to the option, which was buried in the settings menu.

Worse, encryption was irreversible, somewhat clumsy to use (it requires you to enter a decryption password when your phone or tablet starts up, a step Lollipop eliminates) and very slow to initialize. It can take an hour or more to encrypt the data on a typical phone.

Make that three catches, actually.

First, the encryption doesn't help much if you haven't set a passcode. Ludwig said studies have shown that roughly have of users don't set passcodes on their devices, largely because they find it inconvenient to keep entering them dozens of times a day. Lollipop will still encrypt your data, but it will also automatically decrypt it in normal use. So if you don't have a passcode, much of your information will be available to anyone who picks up your phone.

Lollipop's encryption still offers some limited protection even under those circumstances—for instance, by protecting stored data against anyone who tries to read it directly from the phone's memory. That could shield user passwords and other sensitive data from attackers.

Ludwig said Google is trying hard to address the usability issues with encryption. For instance, Lollipop has another feature that will let you unlock your phone with a trusted device such as a smartwatch. But most users probably aren't set up to use that sort of feature yet—and it may have drawbacks of its own.

Second, the encryption process only protects files and photos that are stored in a specific location known as the /data partition. It will not protect anything stored on a removable microSD storage card.

Many Android apps store data directly on the SD card; if you want to protect that, you'll need to find a separate encryption program. (Some manufacturers such as Samsung include SD-card encryption as an option on their phones.)

Finally, even Lollipop won't encrypt your data by default if you upgrade to Android 5.0 instead of buying a new phone. That's by design, since otherwise you could end up waiting 45 minute to an hour or more while the operating system encrypted your files. But it could leave you with a false sense of ... well, security, if you upgrade to Lollipop thinking that it will encrypt all your files automatically.
http://readwrite.com/2014/10/28/goog...ryption-issues





Report Reveals Wider Tracking of Mail in U.S.
Ron Nixon

In a rare public accounting of its mass surveillance program, the United States Postal Service reported that it approved nearly 50,000 requests last year from law enforcement agencies and its own internal inspection unit to secretly monitor the mail of Americans for use in criminal and national security investigations.

The number of requests, contained in a little-noticed 2014 audit of the surveillance program by the Postal Service’s inspector general, shows that the surveillance program is more extensive than previously disclosed and that oversight protecting Americans from potential abuses is lax.

The audit, along with interviews and documents obtained by The New York Times under the Freedom of Information Act, offers one of the first detailed looks at the scope of the program, which has played an important role in the nation’s vast surveillance effort since the terrorist attacks of Sept. 11, 2001.

The audit found that in many cases the Postal Service approved requests to monitor an individual’s mail without adequately describing the reason or having proper written authorization.

In addition to raising privacy concerns, the audit questioned the efficiency and accuracy of the Postal Service in handling the requests. Many requests were not processed in time, the audit said, and computer errors caused the same tracking number to be assigned to different surveillance requests.

“Insufficient controls could hinder the Postal Inspection Service’s ability to conduct effective investigations, lead to public concerns over privacy of mail and harm the Postal Service’s brand,” the audit concluded.

The audit was posted in May without public announcement on the website of the Postal Service inspector general and got almost no attention.

The surveillance program, officially called mail covers, is more than a century old, but is still considered a powerful investigative tool. At the request of state or federal law enforcement agencies or the Postal Inspection Service, postal workers record names, return addresses and any other information from the outside of letters and packages before they are delivered to a person’s home.

Law enforcement officials say this deceptively old-fashioned method of collecting data provides a wealth of information about the businesses and associates of their targets, and can lead to bank and property records and even accomplices. (Opening the mail requires a warrant.)

Interviews and court records also show that the surveillance program was used by a county attorney and sheriff to investigate a political opponent in Arizona — the county attorney was later disbarred in part because of the investigation — and to monitor privileged communications between lawyers and their clients, a practice not allowed under postal regulations.

Theodore Simon, president of the National Association of Criminal Defense Lawyers, said he was troubled by the audit and the potential for the Postal Service to snoop uncontrolled into the private lives of Americans.

“It appears that there has been widespread disregard of the few protections that were supposed to be in place,” Mr. Simon said.

In information provided to The Times earlier this year under the Freedom of Information Act, the Postal Service said that from 2001 through 2012, local, state and federal law enforcement agencies made more than 100,000 requests to monitor the mail of Americans. That would amount to an average of some 8,000 requests a year — far fewer than the nearly 50,000 requests in 2013 that the Postal Service reported in the audit.

The difference is that the Postal Service apparently did not provide to The Times the number of surveillance requests made for national security investigations or those requested by its own investigation and law enforcement arm, the Postal Inspection Service. Typically, the inspection service works hand in hand with outside law enforcement agencies that have come to the Postal Service asking for investigations into fraud, pornography, terrorism or other potential criminal activity.

The Postal Service also uses a program called Mail Imaging, in which its computers photograph the exterior of every piece of paper mail sent in the United States. The program’s primary purpose is to process the mail, but in some cases it is also used as a surveillance system that allows law enforcement agencies to request stored images of mail sent to and received by people they are investigating.

Another system, the Mail Isolation Control and Tracking Program, was created after anthrax attacks killed five people, including two postal workers, in late 2001. It is used to track or investigate packages or letters suspected of containing biohazards like anthrax or ricin. The program was first made public in 2013 in the course of an investigation into ricin-laced letters mailed to President Obama and Michael R. Bloomberg, then New York City’s mayor, by an actress, Shannon Guess Richardson.

Despite the sweep of the programs, postal officials say they are both less intrusive than that of the National Security Agency’s vast collection of phone and Internet records and have safeguards to protect the privacy and civil liberties of Americans.

“You can’t just get a mail cover to go on a fishing expedition,” said Paul J. Krenn, a spokesman for the Postal Inspection Service. “There has to be a legitimate law enforcement reason, and the mail cover can’t be the sole tool.”

The mail cover surveillance requests cut across all levels of government — from global intelligence investigations by the United States Army Criminal Investigations Command, which requested 500 mail covers from 2001 through 2012, to state-level criminal inquiries by the Georgia Bureau of Investigation, which requested 69 mail covers in the same period. The Department of Veterans Affairs requested 305, and the State Department’s Bureau of Diplomatic Security asked for 256. The information was provided to The Times under the Freedom of Information request.

Postal officials did not say how many requests came from agencies in charge of national security — including the F.B.I., the Department of Homeland Security and Customs and Border Protection — because release of the information, wrote Kimberly Williams, a public records analyst for the Postal Inspection Service, “would reveal techniques and procedures for law enforcement or prosecutions.”

Defense lawyers say the secrecy concerning the surveillance makes it hard to track abuses in the program because most people are not aware they are being monitored. But there have been a few cases in which the program appears to have been abused by law enforcement officials.

In Arizona in 2011, Mary Rose Wilcox, a Maricopa County supervisor, discovered that her mail was being monitored by the county’s sheriff, Joe Arpaio. Ms. Wilcox had been a frequent critic of Mr. Arpaio, objecting to what she considered the targeting of Hispanics in his immigration sweeps.

The Postal Service had granted an earlier request from Mr. Arpaio and Andrew Thomas, who was then the county attorney, to track Ms. Wilcox’s personal and business mail.

Using information gleaned from letters and packages sent to Ms. Wilcox and her husband, Mr. Arpaio and Mr. Thomas obtained warrants for banking and other information about two restaurants the couple owned. The sheriff’s office also raided a company that hired Ms. Wilcox to provide concessions at the local airport.

“We lost the contract we had for the concession at the airport, and the investigation into our business scared people away from our restaurants,” Ms. Wilcox said in an interview. “I don’t blame the Postal Service, but you shouldn’t be able to just use these mail covers to go on a fishing expedition. There needs to be more control.”

She sued the county, was awarded nearly $1 million in a settlement in 2011 and received the money this June when the Ninth Circuit Court of Appeals upheld the ruling. Mr. Thomas, the former county attorney, was disbarred for his role in investigations into the business dealings of Ms. Wilcox and other officials and for other unprofessional conduct. The Maricopa County Sheriff’s Office declined to comment on Mr. Arpaio’s use of mail covers in the investigation of Ms. Wilcox.

In another instance, Cynthia Orr, a defense lawyer in San Antonio, recalled that while working on a pornography case in the early 2000s, federal prosecutors used mail covers to track communications between her team of lawyers and a client who was facing obscenity and tax evasion charges. Ms. Orr complained to prosecutors but never learned if the tracking stopped. Her team lost the case.

“The troubling part is that they don’t have to report the use of this tool to anyone,” Ms. Orr said in an interview. The Postal Service declined to comment on the case.

Frank Askin, a law professor at the Rutgers Constitutional Rights Clinic, who as a lawyer for the American Civil Liberties Union successfully sued the F.B.I. nearly 40 years ago after the agency monitored the mail of a 15-year-old New Jersey student, said he was concerned about the oversight of the current program.

“Postal Service employees are not judicial officers schooled in the meaning of the First Amendment,” Mr. Askin said.
http://www.nytimes.com/2014/10/28/us...thousands.html





FBI Created Fake Seattle Times Web Page to Nab Bomb-Threat Suspect

The FBI created a fake news story on a bogus Seattle Times Web page to plant software in the computer of a suspect in a series of bomb threats to Timberline High School in 2007, documents reveal.
Mike Carter

The FBI in Seattle created a fake news story on a bogus Seattle Times web page to plant software in the computer of a suspect in a series of bomb threats to Lacey’s Timberline High School in 2007, according to documents obtained by the Electronic Frontier Foundation (EFF) in San Francisco.

The deception was publicized Monday when Christopher Soghoian, the principal technologist for the American Civil Liberties Union in Washington, D.C., revealed it on Twitter.

In an interview, Soghoian called the incident “outrageous” and said the practice could result in “significant collateral damage to the public trust” if law enforcement begins co-opting the media for its purposes.

The EFF documents reveal that the FBI dummied up a story with an Associated Press byline about the Thurston County bomb threats with an email link “in the style of The Seattle Times,” including details about subscriber and advertiser information.

The link was sent to the suspect’s MySpace account. When the suspect clicked on the link, the hidden FBI software sent his location and Internet Protocol information to the agents. A juvenile suspect was identified and arrested June 14.

The revelation brought a sharp response from the newspaper.

“We are outraged that the FBI, with the apparent assistance of the U.S. Attorney’s Office, misappropriated the name of The Seattle Times to secretly install spyware on the computer of a crime suspect,” said Seattle Times Editor Kathy Best.

“Not only does that cross a line, it erases it,” she said.

“Our reputation and our ability to do our job as a government watchdog are based on trust. Nothing is more fundamental to that trust than our independence — from law enforcement, from government, from corporations and from all other special interests,” Best said. “The FBI’s actions, taken without our knowledge, traded on our reputation and put it at peril.”

An AP spokesman also criticized the tactic.

“We are extremely concerned and find it unacceptable that the FBI misappropriated the name of The Associated Press and published a false story attributed to AP,” Paul Colford, director of AP media relations. “This ploy violated AP’s name and undermined AP’s credibility.”

Frank Montoya Jr., the special agent in charge of the FBI in Seattle, defended the investigation and the technique, which court records show led to the arrest and conviction of a 15-year-old student.

“Every effort we made in this investigation had the goal of preventing a tragic event like what happened at Marysville and Seattle Pacific University,” Montoya said. “We identified a specific subject of an investigation and used a technique that we deemed would be effective in preventing a possible act of violence in a school setting.

“Use of that type of technique happens in very rare circumstances and only when there is sufficient reason to believe it could be successful in resolving a threat,” he said.

Ayn Dietrich-Williams, the spokeswoman for the FBI-Seattle, pointed out that the bureau did not use a “real Seattle Times article, but material generated by the FBI in styles common in reporting and online media.”

Assistant U.S. Attorney Tessa Gorman, chief of the office’s criminal division, was reviewing the EFF documents provided to her by The Times and had no immediate comment. Kathryn Warma, the prosecutor who oversaw the case, has since retired.

The EFF posted 172 pages of documents concerning the FBI’s use of a software tool called a “Computer and Internet Protocol Address Verifier” (CIPAV) in two cases — one involving the Timberline High School bomb threats and the other involving an extortion attempt against a cruise line in Florida. More than half of the documents relate to the Seattle case.

According to the documents, CIPAV lets the FBI “geophysically” locate a computer and its Internet Protocol address.

Soghoian said the software is activated when someone clicks on the bogus link. The technique apparently exploits the same computer-security vulnerabilities used by hackers.

Police in Lacey, Thurston County, contacted the Northwest Cyber-Crime Task Force after the school began receiving a series of bomb threats beginning in late May 2007 and continuing into early June. The school was forced to evacuate students at least twice, and police were unable to identify a suspect.

The documents indicate the FBI in Seattle obtained a search warrant to “deploy” the CIPAV software after the task force, which is run by the FBI, received a public tip about a suspect. Special Agent Norman Sanders, in seeking the warrant, said the bureau would send a “communication” to the suspect’s computer that would make the computer identify itself for the agent.

The case was taken up by the U.S. Attorney’s Office, which helped draft and approve the warrant. The warrant does not say that “communication” would be a bogus news story that appeared to be published online by The Seattle Times.
http://seattletimes.com/html/localne...paper1xml.html





FBI Holds Secret Meeting To Scare Congress Into Backdooring Phone Encryption
Mike Masnick

In September, both Apple and Google announced plans to encrypt information on iOS and Android devices by default. Almost immediately, there was a collective freakout by law enforcement types. But, try as they might, these law enforcement folks couldn't paint any realistic scenario of where this would be a serious problem. Sure, they conjured up scenarios, but upon inspection they pretty much all fell apart. Instead, what was clear was that encryption could protect users from people copying information off of phones without permission, and, in fact, the FBI itself recommends you encrypt the data on your phone.

But it didn't stop FBI director James Comey from ignoring the advice of his own agency and pushing for a new law that would create back doors (he called them front doors, but when asked to explain the difference, he admitted that he wasn't "smart enough" to understand the distinction) in such encryption.

So, now, of course, the FBI/DOJ gets to go up to Congress and tell them scary stories about just how necessary breaking encryption would be. And it's being done in total secrecy, because if it was done in public, experts might debunk the claims, like they've done with basically all of the scenarios provided in public to date.

FBI and Justice Department officials met with House staffers this week for a classified briefing on how encryption is hurting police investigations, according to staffers familiar with the meeting. The briefing included Democratic and Republican aides for the House Judiciary and Intelligence Committees, the staffers said. The meeting was held in a classified room, and aides are forbidden from revealing what was discussed.

It's almost guaranteed that someone will introduce some legislation, written primarily by the FBI, pushing for this (such a bill is almost certainly already sitting in some DOJ bureaucrat's desk drawer, so they just need to dot some i's, cross some t's and come up with a silly acronym name for the bill). So far, many in Congress have been outspoken against such a law, but never underestimate the ability of the FBI to mislead Congress with some FUD, leading to all sorts of scare stories about how we need this or we're all going to die.
https://www.techdirt.com/articles/20...cryption.shtml





Secret Policy Reveals GCHQ Can Get Warrantless Access to Bulk NSA Data

Britain's intelligence services do not need a warrant to receive unlimited bulk intelligence from the NSA and other foreign agencies, and can keep this data on a massive searchable database for up to two years, according to secret internal policies revealed today by human rights organisations.

Details of previously unknown internal policies, which GCHQ was forced to reveal during legal proceedings challenging their surveillance practices in the wake of the Snowden revelations, reveal that intelligence agencies can gain access to bulk data collected from US cables or through US corporate partnerships without having to obtain a warrant from the Secretary of State. This position seems to conflict with reassurances by the Intelligence Services Committee in July 2013 that whenever GCHQ seeks information from the US a warrant is in place.

The “arrangements”, as they are called by Government, also suggest that intercept material received from foreign intelligence agencies is not subject to the already weak safeguards that are applied to communications that are intercepted by the UK's Tempora programme. On the face of the descriptions provided to the claimants, the British intelligence agencies can trawl through foreign intelligence material without meaningful restrictions and can keep such material, which includes both communications content and metadata, for up to two years.

Descriptions of the policies were disclosed to the parties after a secret hearing at the Investigatory Powers Tribunal, which is currently considering a challenge to GCHQ's surveillance practices that has been brought by human rights organisations including Privacy International, Liberty and Amnesty International. A public hearing of the case was held in July, but these “arrangements" were revealed to the Tribunal in a closed hearing that the claimants were barred from attending. Some details about the policies are now disclosed in order for the claimants to provide comment.

It is the first time the Government has made available some details of the secret internal "arrangements”, the existence of which they rely on to show that their mass surveillance practices and extensive exchange of surveillance material with the NSA are in accordance with the law. The Government says these “arrangements” make their actions compliant with the Human Rights Act, even though the arrangements remain secret and immune from public scrutiny.

The disclosed “arrangements” bring into sharp relief the minimal safeguards and weak restrictions on raw intelligence sharing with foreign governments, including between the UK and the United States. The fact that GCHQ can request and receive large quantities of "unanalysed" raw bulk data from foreign intelligence agencies without a warrant in place, simply because it would "not be technically feasible” to obtain it in the UK, shows the inadequacies in RIPA to deal with intelligence agency co-operation. Under these “arrangements", there is a clear risk that agencies can sidestep British legal restrictions to obtain access to vast amounts of data.

The release of some details of the arrangements also raises serious doubts about the level of oversight provided by the ISC, which last week heard evidence from the Foreign Secretary as part of its current investigation into privacy and security. In July 2013 the ISC conducted an investigation of GCHQ's access to the NSA's PRISM programme, and reassured the public that “in each case where GCHQ sought information from the US, a warrant for interception, signed by a Minister, was already in place, in accordance with the legal safeguards contained in the Regulation of Investigatory Powers Act 2000.”

This statement obscures whether GCHQ could have sought information without a warrant in place, thus failing to reveal that RIPA interception warrants are not required for GCHQ access to intercepts obtained under programmes such as PRISM and Upstream. Furthermore, the ISC's statement confines itself to instances in which GCHQ specifically seeks information, but doesn't stipulate what processes are in place when it receives unsolicited bulk data from the NSA.

James Welch, Legal Director for Liberty, said:

“We have said all along that the law doesn't effectively protect us from mass surveillance by the Intelligence Services. The line the Government took at the hearing was that there were adequate safeguards, they just couldn't be made public. Leaving aside whether secret safeguards can ever be adequate, this reluctantly-made disclosure suggests otherwise.”

Eric King, Deputy Director of Privacy international, said:

“We now know that data from any call, internet search, or website you visited over the past two years could be stored in GCHQ's database and analysed at will, all without a warrant to collect it in the first place. It is outrageous that the Government thinks mass surveillance, justified by secret “arrangements” that allow for vast and unrestrained receipt and analysis of foreign intelligence material is lawful. This is completely unacceptable, and makes clear how little transparency and accountability exists within the British intelligence community.”

Michael Bochenek, Director of Law and Policy at Amnesty International, said:

“It is time the Government comes clean on such crucial issues for people's privacy as the sharing of communications intercepts with foreign governments. Secret rules are woefully inadequate. Nothing short of a sufficiently detailed set of rules and effective safeguards in publicly accessible legislation can redress the major deficiencies in the Government's handling of communications surveillance.”
https://www.liberty-human-rights.org...-bulk-nsa-data





Swedish Regulator Orders ISP to Retain Customer Data Despite Death of EU Directive

The Swedish Telecoms Regulator PTS has threatened Kista-based ISP Bahnhof to continue storing records of its customer communications, even though the Court of Justice of the European Union (CJEU) ruled the 2006 Data Retention Directive invalid [PDF] in April of this year.

Bahnhof was among the many ISPs which expressed its intention to immediately cease to store records of its clients, but in June the Swedish government in Stockholm backtracked on the issue and declared that ISPs must continue to retain customer data for law enforcement purposes. Though Tele2 appealed against the directive, all ISPs besides Bahnhof have now complied.

Bahnhof is facing a fine of five million krona (£530mn +) for non-compliance with the order, which specifies that the ISP must retain customer data for six months. The company’s CEO Jon Karlung spoke of a ‘Plan B’ that could avoid Bahnhof surrendering customer data, but gave no details, and said that the company would fight the issue in court.

In 2011 Karlung was in the vanguard of Swedish ISPs opposed [automatic translation] to the country’s adoption of the Data Retention Directive, proposing to actually charge customers $50 extra a month in order to store a record of their information.

It took Sweden six years to begin compliance with the Brussels-issued Data Retention Directive, so it is not entirely clear why the country is matched only by the UK in its determination to keep storing local customer information. In July the UK responded to the EU abolition of the 2006 directive by controversially fast-tracking The Data Retention and Investigatory Powers (DRIP) Bill, which significantly increased rather than reduced the scope of the original edict.
http://thestack.com/bahnhof-swedish-...er-data-291014





Police Can Require Cellphone Fingerprint, Not Pass Code
Elisabeth Hulette

A Circuit Court judge has ruled that a criminal defendant can be compelled to give up his fingerprint, but not his pass code, to allow police to open and search his cellphone.

The question of whether a phone's pass code is constitutionally protected surfaced in the case of David Baust, an Emergency Medical Services captain charged in February with trying to strangle his girlfriend.

Prosecutors had said video equipment in Baust's bedroom may have recorded the couple's fight and, if so, the video could be on his cellphone. They wanted a judge to force Baust to unlock his phone, but Baust's attorney, James Broccoletti, argued pass codes are protected by the Fifth Amendment, which prohibits forced self-incrimination.

Judge Steven C. Frucci ruled this week that giving police a fingerprint is akin to providing a DNA or handwriting sample or an actual key, which the law permits. A pass code, though, requires the defendant to divulge knowledge, which the law protects against, according to Frucci's written opinion.

Broccoletti called Frucci's ruling on target. The law is clear about fingerprints, he said, and the judge saw his point about pass codes.

Macie Pridgen, a spokeswoman for the Commonwealth's Attorney's Office, said prosecutors still are considering whether to appeal.

Neither said they knew whether Baust's phone can be opened with just a fingerprint. Pridgen said prosecutors are having a detective look into it, and Broccoletti said Baust's phone could be encrypted twice - with both a fingerprint and a pass code. If so, it would remain locked under Frucci's ruling.
http://hamptonroads.com/2014/10/poli...-not-pass-code





Get Ready for a World of Expiring Photos and Vanishing Status Updates.

At first, people dismissed Snapchat as a frat house fad until it became the next big thing. And now, the concept of disappearing content has found home inside the business world… because Mark Cuban’s text messages got subpoenaed by federal SEC regulators, naturally.

Cuban felt regulators were unfairly interpreting his text messages from months and years before, and Cuban just wished the texts would have disappeared after they had ceased being useful and before they could be used against him. (He was found not guilty of insider trading by a jury in federal court in Dallas).

So Cuban put his development team to work on an app that would serve as an effective enough communication platform to replace SMS text messages but that would also destroy those messages after a certain expiration date.

The result was Cyber Dust, an app that secures communication by deleting it. Cuban and Cyber Dust weren’t the first to find this market niche, nor the last, and now a whole ecosystem of apps are out there built on the notion that text-based communication is best when it’s temporary.

Here’s a quick run-down on the new messaging apps invading the Snapchat space:

Cyber Dust — Mark Cuban’s team decided that the ideal shelf life for a text message on Cyber Dust should be 24 seconds. Easy to use, and no pesky snooping by the feds after the fact.

Tiiny — Created by Kevin Rose of Digg fame, this photo sharing app does two things to ensure long-term privacy without sacrificing the short-term gratification of sharing moments in your social network. 1) It saves the pictures you upload as thumbnails only (212 pixels square), and 2) it deletes them 24 hours after posting. Therefore, it’s called Tiiny because the pictures are tiny, but with an extra “i” for SEO.

Confide — Similar to Cyber Dust, Confide is a text-based app that is billed as your “off-the-record” messenger, and it just got its 2.0 makeover. It has an even greater level of security by only showing a recipient of a message of few words at a time, as a measure to prevent someone from taking a screenshot of the entire message. Cyber Dust only works if you feel like the person you’re chatting with is operating in good faith. With Confide, you can send basically anything to anybody, and they would have no way to prove that you did, theoretically. Perfect for your ultra-paranoid friends or for people who know they’re doing something wrong and are planning ahead about how not to get caught.

Sobrr — Sort of a combination of Snapchat and Cyber Dust, Sobrr is a social platform that allows users to communicate via photos, text and voice messages, but everything disappears 24 hours after it gets posted. Because life is about being in the moment, man. The target audience appears to be young adults who realize they shouldn’t put their party pictures on Facebook any more, so they can use Sobrr when they are anything but sober.

Facebook’s expiring posts — Yup, Facebook is apparently experimenting with giving users the ability to set an expiration of a post in advance, from anywhere from one hour to seven days. This could save a lot of problems and bring users back to the behemoth by fixing this simple glaring problem.

Facebook’s Slingshot — Not to be confused with the other Slingshot app (for sharing your screen across multiple devices), Facebook’s Slingshot is an app that is basically a Snapchat clone from top to bottom.

Instagram’s Bolt — Not to be confused with the other Bolt app (for free calling on Android made simple), Instagram’s Bolt is basically a clone of Taptalk that allows users to send pictures of videos to friends or contacts, and yes, those images and videos disappear once they’ve been watched. One hitch: currently it’s only available in New Zealand, Singapore and South Africa.

Frankly — The Frankly app is like if Snapchat were designed in South Korea. The tagline: "Gossip with your best friends without getting caught!"

Wickr — If the Confide app is for “off-the-record” conversations, then Wickr is for “top-secret” messaging with an added layer of password protection and encryption. Wickr just raised another $30 million over the summer, so expect more from this app in this niche of the messaging market down the road.
http://www.saydaily.com/2014/09/disappearing-updates





Millions of Websites Hit by Drupal Hack Attack
BBC

Up to 12 million websites may have been compromised by attackers who took advantage of a bug in the widely used Drupal software.

The sites use Drupal to manage web content and images, text and video.

Drupal has issued a security warning saying users who did not apply a patch for a recently discovered bug should "assume" they have been hacked.

It said automated attacks took advantage of the bug and can let attackers take control of a site.
'Shocking' statement

In its "highly critical" announcement, Drupal's security team said anyone who did not take action within seven hours of the bug being discovered on 15 October should "should proceed under the assumption" that their site was compromised.

Anyone who had not yet updated should do so immediately, it warned.

However, the team added, simply applying this update might not remove any back doors that attackers have managed to insert after they got access. Sites should begin investigations to see if attackers had got away with data, said the warning.

"Attackers may have copied all data out of your site and could use it maliciously," said the notice. "There may be no trace of the attack." It also provided a link to advice that would help sites recover from being compromised.

Mark Stockley, an analyst at security firm Sophos, said the warning was "shocking".

The bug in version 7 of the Drupal software put attackers in a privileged position, he wrote. Their access could be used to take control of a server or seed a site with malware to trap visitors, he said.

He estimated that up to 5.1% of the billion or so sites on the web use Drupal 7 to manage their content, meaning the number of sites needing patching could be as high as 12 million.

Drupal should no longer rely on users to apply patches, said Mr Stockley.

"Many site owners will never have received the announcement and many that did will have been asleep," he said. "What Drupal badly needs but doesn't have is an automatic updater that rolls out security updates by default."
http://www.bbc.com/news/technology-29846539





‘Largest Hacking Case’: Pirate Bay Founder and His Accomplice Found Guilty in Denmark

The founder of the Pirate Bay torrent site has been found guilty in “the largest hacking case to date.” Swede, Gottfrid Svartholm Warg, and his Danish co-defendant were accused of hacking and accessing confidential information.

Warg, alias Anakata, and his 21-year old Danish accomplice, aka JLT, appeared in the Court of Frederiksberg in Copenhagen on Thursday morning.

The two were found guilty of “systematic and comprehensive” hacking of computer mainframes operated by US IT giant CSC between February and August of 2012. The prosecution indicted Anakata and JLT of downloading social security numbers from Denmark’s national driving license database, illegally accessing information in a Schengen Region database and cracking police email accounts.

“This is the largest hacking case to date. The crime is very serious, and this must be reflected in the sentence,” Prosecutor Maria Cingali said.

JLT, who has already served 17 months of pre-trial detention, was released.

His lawyer Michael Juul Eriksen dismissed Cingari’s calls for a two-year sentence for his client as "completely crazy,” the Local reports.

A sentence for Warg will be delivered on Friday. The prosecution is calling for the maximum possible term of six years in prison. In addition, Cingali called on the court to ban Warg from re-entering Denmark, calling the Pirate Bay founder “a threat to the interests of the Danish society.”

Both Warg and his defense have been insisting that Anakata was not the only one who had access to the MacBook computer that was used for hacking. Warg stressed the computer did not belong solely to him, but to the group of developers, meaning that the computer’s security could be comprised and any of them could actually intrude into the system operated by CSC.

“My recommendation has always been that the investigation has focused on finding clues that point to my client, even though the tracks have also pointed in another direction,” lawyer Louise Høj said, as cited by TorrentFreak.com. “It is clear that my client’s computer has been the subject of remote control, and therefore he is not responsible.”

However, the prosecution managed to present the evidence – a discussion on security and setup of CSC’s databases and systems which took place between hackers with the names “Advanced Persistent Terrorist Threat” and “My Evil Twin”. Under those pseudonyms lurked Gottfrid and his IT consultant co-defendant, the prosecution said, according to the TorrentFreak website.

All three judges and four of six jurors supported the guilty verdicts.

Judge Kari Sørensen said that remote control access to Warg’s computer was “unlikely,” given that the defendant was reluctant to reveal details about the identity of the persons, who he suspected could remotely control his computers.

Judge Ulla Otken also dismissed the remote control claims saying that Warg is guilty because the access was “systematic.” Two jurors agreed that Warg’s argument cannot be ruled out.

Warg’s lawyer has been calling for a one-year sentence for his client.

Warg’s mother has told the Local that the prosecution’s evidence is “vague,” saying that “a dirty approach to smear” her son as a person was used.

Warg has so far spent 11 months in prison in Denmark following his extradition from Sweden in November 2013.

Prior to that Warg was deported to Sweden from Cambodia in September 2012, following his arrest in the Cambodian capital Phnom Penh over copyright violations in 2009.

In Sweden, the Pirate Bay founder was charged with hacking the IBM mainframe of Logica, a Swedish IT firm that provided tax services to the Swedish government, and the IBM mainframe of the Swedish Nordea bank in order to transfer money to accounts held by four young men in Malmö.

However, in September 2013, the Swedish court of appeals cleared Warg of Nordea bank hacking after the defense claimed that the hacker’s computer could have been controlled remotely.

The court upheld a conviction for hacking into IT firm, Logica.
http://rt.com/news/200927-pirate-bay-founder-guilty/





Brazil-to-Portugal Cable Shapes Up as Anti-NSA Case Study

Brazil Snubs U.S. Contractors
Anna Edgerton and Jordan Robertson

Brazil is planning a $185 million project to lay fiber-optic cable across the Atlantic Ocean, which could entail buying gear from multiple vendors. What it won’t need: U.S.-made technology.

The cable is being overseen by state-owned telecommunications company Telecomunicacoes Brasileiras SA (TELB4), known as Telebras. Even though Telebras’s suppliers include U.S. companies such as Cisco Systems Inc. (CSCO), Telebras President Francisco Ziober Filho said in an interview that the cable project can be built without any U.S. companies.

The potential to exclude U.S. vendors illustrates the fallout that is starting to unfold from revelations last year that the U.S. National Security Agency spied on international leaders like Brazil’s Dilma Rousseff and Germany’s Angela Merkel to gather intelligence on terror suspects worldwide.

“The issue of data integrity and vulnerability is always a concern for any telecom company,” Ziober said. The NSA leaks last year from contractor Edward Snowden prompted Telebras to step up audits of all foreign-made equipment to check for security vulnerabilities and accelerated the country’s move toward technological self-reliance, he said.

Nigel Glennie, a spokesman for San Jose, California-based Cisco, declined to comment. Last November, Cisco Chief Executive Officer John Chambers said uncertainties related to NSA spying were causing international customers to “hesitate” in buying U.S. technologies.

Vanee Vines, a spokeswoman for the NSA, didn’t return a call for comment.

Damage Control

The Telebras-planned cable, which will run 3,500 miles from the Brazilian city of Fortaleza to Portugal, shows how losses to U.S. technology companies from the NSA disclosures are now crystallizing. While much of the handwringing over damage to U.S. firms has focused on existing technology contracts, the pain may come more from projects that are just getting off the ground. In many cases, it’s too costly and complex to remove existing computing infrastructure, no matter the rhetoric coming from government leaders.

New projects are a different matter. With modern data networks being built worldwide -- especially in emerging markets where information-technology spending is estimated to rise 9 percent this year to more than $670 billion, according to market researcher IDC -- that’s where there’s opportunity to look increasingly to non-U.S. technology providers.

$35 Billion

U.S. companies could forgo as much as $35 billion in revenue through 2016 because of doubts about the security of their systems, according to the Washington-based Information Technology & Innovation Foundation, a policy research group.

Brazil’s new cable is the “perfect project to go non-U.S.,” said Bill Choi, an analyst at Janney Montgomery Scott, given that laying cables is a labor-intensive process dominated by non-U.S. companies such as French firm Alcatel-Lucent and Swiss-based TE Connectivity Ltd. (TEL)

Some of the anti-U.S. technology company talk may just be negotiating ploys to gain lower product prices. While Microsoft Corp. (MSFT) and Verizon Communications Inc. (VZ) have lost some contracts in Brazil and Germany, and Cisco has reported declining orders from emerging markets, the finances of most U.S. technology companies have held up so far. Gross margins for the companies in the Standard & Poor’s 500 Information Technology Sector Index are at their highest levels since 1990, according to data compiled by Bloomberg.

Yet there’s more risk for U.S. companies of being excluded from new projects, said Lee Doyle of consultancy Doyle Research. In Brazil, Russia, India and China, “the anti-NSA sentiment is real and significant,” he said.

Doyle added that only a minority of IT projects can realistically be implemented without any U.S. technology, yet “that doesn’t make it any less painful for U.S. tech companies looking to grow.”

Brazil’s Actions

Brazil is a key geography where the pain for U.S. technology firms is rising. The world’s seventh-biggest economy has long prioritized buying from its own companies. A 1991 law gave preference for state-sponsored projects to use locally made technology, and importers face steep tariffs.

Once news of Snowden’s leaks broke last year, Brazil began terminating its contracts with Redmond, Washington-based Microsoft for Outlook e-mail services. Brazil President Rousseff tweeted at the time that the change will help “prevent possible espionage.”

Controlling Expresso

Brazil is focusing instead on an e-mail system called Expresso, developed by state-owned Servico Federal de Processamento de Dados, known as Serpro. Expresso is currently used by 13 of the country’s 39 ministries.

“Expresso is 100 percent under our control,” said Marcos Melo, Serpro’s corporate solutions coordinator.

Jack Evans, a spokesman for Microsoft, said the company continues to hear from customers that “where their content is stored and how it is used and secured matters.” He said Microsoft is committed to “increasing choice and transparency about how we store our customers’ content.”

Last November, Rousseff also signed a decree requiring government ministries and agencies to use only technology services provided by public or partially state-owned companies, without competing for contracts in auctions.

The transition “for the preservation of national security” should be monitored by the ministries of defense, communications and planning and budget, the decree said.

Fortaleza Cable

The Fortaleza-to-Portugal cable, proposed in 2012 before the spying allegations, would further the country’s efforts to encourage local companies. The cable will bypass Brazil’s existing Internet traffic routes to Europe, which currently go through the U.S.

International submarine cables are prime targets for espionage, Rousseff said at a press conference in Sao Paulo on Oct. 20 as she campaigned for re-election. She said after the cables to Europe, Brazil will study building direct connections to Africa and Asia.

“It’s a very important strategy for the country, this question of submarine cables, because it’s good to remember that submarine cables are among the main mechanisms of spying today,” she said. Rousseff was re-elected on Oct. 26, in a result that had the tightest margin of victory since at least 1945.

Winning Vendors

So far, Telebras has said it will only partner with European, Asian and local vendors. In January, Ziober said at a press conference that Telebras will work with Madrid-based Islalink Submarine Cables SL and an as-yet-undetermined Brazilian associate to construct the technology pipe.

Ziober added that a project this complex could have multiple vendors, to be chosen from proposals presented after the third associate is finalized. Construction is slated to start in the first half of 2015, with the cable to be operational 18 months later, he said at an Oct. 15 event.

Among the beneficiaries is likely to be Padtec SA, a 400-person network-equipment maker based in Sao Paulo state. Padtec CEO Jorge Salomao Pereira said his company will submit an offer when the bidding process is opened to build and operate all of the submarine cable.

Closely held Padtec has 262.4 million reais of contracts with Telebras in Brazil’s national broadband network, including a 98 million-real agreement for maintaining fiber optic cables. State-owned development bank BNDES identified Padtec as a leader in the networking industry and last year helped the company raise 167 million reais for new products, acquisitions and international expansion.

The anti-NSA sentiment provides “a window of opportunity for other smaller companies to enter the market with this technology and become global players,” Salomao said.

Cisco’s Experience

Telebras’s Ziober said in the interview that the competition for the cable project is also likely to include Asian and European suppliers Huawei Technologies Co., Alcatel-Lucent and Ericsson AB.

Huawei spokesman Bill Plummer declined to comment. Ericsson isn’t part of the cable project, said spokeswoman Elisabeth Manzi. Alcatel-Lucent representatives didn’t return messages for comment.

The Brazilian chill is already being felt by Cisco. The country, once one of Cisco’s most promising markets, is now among its poorest performing ones. Orders in Brazil fell 13 percent in the latest quarter ended July 26, continuing a series of double-digit declines there. Cisco doesn’t disclose underlying sales numbers for the country.

That’s a far cry from what Cisco had been working toward in Brazil. In 2012, the company said it would invest $1 billion in the country over four years. It opened an innovation center in Rio de Janeiro last year, eight days before Brazil’s most-viewed news magazine, Fantastico, revealed the NSA spying and disclosed that Brazilian leaders had been monitored.
http://www.bloomberg.com/news/2014-1...ase-study.html





I’m Terrified of My New TV: Why I’m Scared to Turn This Thing On — And You’d Be, Too
Michael Price

I just bought a new TV. The old one had a good run, but after the volume got stuck on 63, I decided it was time to replace it. I am now the owner of a new “smart” TV, which promises to deliver streaming multimedia content, games, apps, social media, and Internet browsing. Oh, and TV too.

The only problem is that I’m now afraid to use it. You would be too — if you read through the 46-page privacy policy.

The amount of data this thing collects is staggering. It logs where, when, how, and for how long you use the TV. It sets tracking cookies and beacons designed to detect “when you have viewed particular content or a particular email message.” It records “the apps you use, the websites you visit, and how you interact with content.” It ignores “do-not-track” requests as a considered matter of policy.

It also has a built-in camera — with facial recognition. The purpose is to provide “gesture control” for the TV and enable you to log in to a personalized account using your face. On the upside, the images are saved on the TV instead of uploaded to a corporate server. On the downside, the Internet connection makes the whole TV vulnerable to hackers who have demonstrated the ability to take complete control of the machine.

More troubling is the microphone. The TV boasts a “voice recognition” feature that allows viewers to control the screen with voice commands. But the service comes with a rather ominous warning: “Please be aware that if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party.” Got that? Don’t say personal or sensitive stuff in front of the TV.

You may not be watching, but the telescreen is listening.

I do not doubt that this data is important to providing customized content and convenience, but it is also incredibly personal, constitutionally protected information that should not be for sale to advertisers and should require a warrant for law enforcement to access.

Unfortunately, current law affords little privacy protection to so-called “third party records,” including email, telephone records, and data stored in “the cloud.” Much of the data captured and transmitted by my new TV would likely fall into this category. Although one federal court of appeals has found this rule unconstitutional with respect to email, the principle remains a bedrock of modern electronic surveillance.

According to retired General David Petraeus, former head of the CIA, Internet-enabled “smart” devices can be exploited to reveal a wealth of personal data. “Items of interest will be located, identified, monitored, and remotely controlled through technologies such as radio-frequency identification, sensor networks, tiny embedded servers, and energy harvester,” he reportedly told a venture capital firm in 2012. “We’ll spy on you through your dishwasher” read one headline. Indeed, as the “Internet of Things” matures, household appliances and physical objects will become more networked. Your ceiling lights, thermostat, and washing machine — even your socks — may be wired to interact online. The FBI will not have to bug your living room; you will do it yourself.

Of course, there is always the “dumb” option. Users may have the ability to disable data collection, but it comes at a cost. The device will not function properly or allow the use of its high-tech features. This leaves consumers with an unacceptable choice between keeping up with technology and retaining their personal privacy.

We should not have to channel surf worried that the TV is recording our behavior for the benefit of advertisers and police. Companies need to become more mindful of consumer privacy when deciding whether to collect personal data. And law enforcement should most certainly be required to get a warrant before accessing it.

In the meantime, I’ll be in the market for a new tinfoil hat and cone of silence.
http://www.brennancenter.org/analysi...red-turn-thing

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

October 25th, October 18th, October 11th, October 4th


Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - November 24th, '12 JackSpratts Peer to Peer 0 21-11-12 09:20 AM
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 12:11 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)