P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
Reload this Page Peer-To-Peer News - The Week In Review - December 8th, '12
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 05-12-12, 09:46 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,015
Default Peer-To-Peer News - The Week In Review - December 8th, '12
Since 2002


































"What we are asking is for a court to rule that the government must have a good reason to believe that someone has engaged in wrongdoing before it is allowed to go through their electronic devices." – Catherine Crump


"Approaches aimed at restricting freedom of speech and removing content from the Internet are not only the least desirable strategies, they are also the least effective." – Peter Neumann



































December 8th, 2012




Father Settles with Copyright Group Responsible for Confiscating Daughter’s Laptop
BBC

The father of a child accused of illegally downloading music in Finland has paid a 300 euros (£243; $390) fine to a Finnish anti-piracy group.

He had refused to pay the original settlement of 600 euros and sign a non-disclosure agreement.

A police warrant was then issued to confiscate the laptop of the girl, who was aged nine at the time.

The anti-piracy group said it was acting "within the boundaries of Finnish legislation".

The girl had searched blocked torrent site The Pirate Bay for an album by Finnish popstar Chisu.

Her father claims they were unable to download the album and purchased it legitimately the following day.

The action was taken by the country's Copyright Information and Anti-Piracy Centre (CIAPC), known locally as TTVK, which contacted the father after it discovered his ISP account had connected with The Pirate Bay.

"We have now reached a settlement in the matter. The police investigation has stopped and the rights holders have been compensated. All parties involved are satisfied with the settlement," a spokesperson told the BBC.

"We agree that individual lawsuits against file-sharers are a slow and ineffective process. We can only act within the boundaries of current Finnish legislation which does not permit rights holders to tackle piracy in softer and more efficient ways."

The girl's father described the situation as "the pinnacle of absurdity" when speaking to website Torrentfreak.

"I can see artists are in a position, but this requires education and information, not resource-consuming lawsuits," he said.

Chisu herself suggested in a statement that her fans should listen to her music for free on Spotify.

"I hope that the matter will be resolved soon and sorry to my nine-year-old girls," she said.

According to its website, several national film and music groups are members of the CIAPC, including the Finnish Musicians' Union and the Finnish Film Distributors Association.

"A joint anti-piracy association benefits all parties involved by reducing costs, co-ordinating more efficient anti-piracy strategies and giving authorities an effective point of contact," CIAPC says online.
http://www.bbc.co.uk/news/technology-20554442





Another File-Sharing Prosecution Fails
Matthew Theunissen

Yet another failed file-sharing prosecution by the Recording Industry Association of New Zealand illustrates the importance of challenging the Government's newly introduced copyright regime, an internet watchdog says.

The association (Rianz) brought a case to the Copyright Tribunal seeking $4675 from a person for allegedly file-sharing 11 songs.

A Rianz spokesman today confirmed the case had been dropped because the person had not received any of the infringement notices sent to them by their internet service provider, Slingshot.

The spokesman said as many as 18 cases had been filed to the tribunal since the The Copyright (Infringing File Sharing) Amendment Act was introduced last year.

In Rianz's submission to the tribunal, it said all the songs - one from pop diva Rihanna and 10 from indie band Fun - were legally available for purchase from iTunes at $2.39 per track, however: "The act of uploading ... is more harmful as it enables multiple potential unauthorised downloads by third parties, each of which could have been paid for by those third parties at a cost of $2.39 each," it said.

"The difficultly in applying this method in this case is that it is not known how many downloads were made from the sound recordings uploaded by the account holder."

Rianz ultimately sought $1175 for the 11 songs, as well as $3500 compensation. The maximum sum allowed by the Act is $15,000.

InternetNZ policy leader Susan Chalmers said the case showed the importance of challenging these cases in order to "test the contours" of the new file-sharing regime.

"It's part of their right to do so and this tribunal changes the typical due process arrangements that we see in other copyright infringement cases so it is really important for people to challenge these cases of infringement."

Ms Chalmers felt Rianz was seeking such a high sum in order to deter other file-sharers.

"I'm not sure when the recording industry will just wake up," she said. "The law itself I've always felt was never going to achieve that which it set out to achieve. It just doesn't work."

It is the second prosecution brought by Rianz under the act to have been dropped.

In October it withdrew a case against a student who was the account holder for her flat's shared account.

According to the law collective which represented her, Tech Liberty NZ, she had never used file sharing software.

Rianz had claimed a total of $2669 in penalties before withdrawing the charge.
http://www.nzherald.co.nz/compute/ne...ectid=10851718





File-Sharing Lawsuits May Have Limited Liability but Could Present Greater Privacy Issues
Nicole Bogart

File-sharing lawsuits are on the minds of tech-savvy Canadians after a forensic software company said Wednesday they had collected files on one million Canadians who are alleged to have downloaded pirated content.

But the real concern to Canadians may not be lawsuits, but the collection of their personal information.

Canipre, the Montreal-based company which works for the motion picture and recording industries, said a recent court decision forced Internet service providers (ISPs) to release subscriber names and details, meaning users could be held liable for illegal downloading and statutory damages of up to $5,000.

According to the company, one case before the federal court last week involved only 50 IP addresses, but another case would see thousands of Canadians targeted in a sweep aimed at deterring illegal downloading.

Recently enacted copyright reform Bill C-11 may be a saving grace to some Canadians concerned about lawsuits – it created a $5,000 cap on potential damages for non-commercial infringement.

“In fact, it is likely that a court would award far less - perhaps as little as $100 - if the case went to court,” said Michael Geist, law professor and Canada Research Chair in Internet and E-commerce Law at the University of Ottawa, in a blog titled, “Why Liability is Limited: A Primer on New Copyright Damages as File Sharing Lawsuits Head to Canada.”

Geist said these new cases will likely take place in three steps, which would start with the rights holders seeking a court order to get the personal information of the customer.

If the court orders the information handed over, the rights holders will then send a letter to the subscriber, likely with an offer to settle the case. The third step lies in the hands of the subscriber – if they refuse to settle it will fall to the rights holders to follow through with a lawsuit.

“Given recent changes to the law, there is reason to doubt those cases will be filed as the individual liability is very limited,” said Geist.

Privacy

The question of consumer privacy remains a large source of concern among Canadians who file-share.

“For the longest time Canadian subscribers have been able to count on the protection of the Internet service provider,” said Claudio Popa, principal risk advisor and CEO of Informatica Corporation. “I’m not sure to what degree Canadian Internet subscribers will be able to count on that protection much longer.”

Popa, who specializes in security and privacy issues, said these lawsuits have the potential to turn into a privacy nightmare for the customer due to the amount of information that ISPs collect.

“As we all know, telecommunications companies are storing more than just personal details - they are keeping statistics, a history of complaints, they may even be storing a number of data requests that aren’t related to the [courts] request,” said Popa. “There is a lot of valuable information out there that should not be shared with anyone, or be mined in any way.”

He noted that because the courts may not have the time to investigate, personal information not related to the lawsuit may be provided, presenting a huge privacy issue.

“If it establishes a process for a company to say 'We’ve been wronged,' go to court and get a court order, and count on those orders to get access to personal information, then there is a number of organizations that will automatically take advantage,” said Popa.

Popa urges people to familiarize themselves with the process of filing a complaint with the privacy commissioner in order to find out what details may have been shared.
http://www.globalregina.com/file-sha...747/story.html





Filesharing Lawsuits Could Lead to Clogged Courts as Canadians Rely on New Liability Caps
Michael Geist

The Canadian Internet community has been buzzing for the past week over reports that a Montreal company has captured data on one million Canadians who it says have engaged in unauthorized file sharing. While that represents a relatively small percentage of Internet users in Canada, the possibility of hundreds of thousands of lawsuits over alleged copyright infringement would be unprecedented and raise a host of legal and policy issues.

The prospect of mass lawsuits will be of particular interest to the federal government, which just completed a major round of copyright reforms. The new copyright bill established a cap on damages that was explicitly designed to dissuade would-be litigants from targeting individuals. In fact, during hearings into the copyright reform bill, Members of Parliament were given assurances that the industry had no desire to launch file sharing lawsuits.

The practice of suing individuals for copyright infringement arising from file sharing started in 2003 in the United States, where tens of thousands of people have since received letters alleging infringement. The letters typically claim that liability could run into the millions of dollars based on U.S. rules that provide for up to $150,000 U.S. per infringement. Recipients are encouraged to settle for several thousand dollars, a steep price to pay for a few songs or movies.

Canadians first encountered file sharing lawsuits in 2004, when members of the Canadian Recording Industry Association filed actions against 29 alleged filesharers. The Canadian initiative was a failure, however, as a federal court judge expressed concern about the privacy implications of the lawsuits, doubts about whether downloading music constituted copyright infringement, and misgivings with the evidence tendered by the industry.

With an eye on the ongoing U.S. lawsuits, the Canadian government made reforms to discourage file sharing lawsuits against individuals a priority. For example, Industry Minister Christian Paradis told the House of Commons, “We are concerned about the threat of major penalties that hang over Canadians who infringe copyright for non-commercial purposes. Currently, those who have been found to violate copyright can be found liable for damages from $500 to $20,000 per work. If people illegally download five songs, for example, they could theoretically be liable for $100,000. In our view, such penalties are way out of line.”

The solution was to change Canada’s statutory damages rules by distinguishing between commercial infringement (which still carries liability of up to $20,000 per infringement) and non-commercial infringement, which now features a maximum liability of $5,000 for all infringements. While $5,000 is still very expensive for a downloaded movie, the law permits judges to award damages as low as $100 in such cases.

In fact, the law instructs judges to consider “in the case of infringements for non-commercial purposes, the need for an award to be proportionate to the infringements, in consideration of the hardship the award may cause to the defendant, whether the infringement was for private purposes or not, and the impact of the infringements on the plaintiff.”

Rights holders can elect to pursue actual damages from copyright infringement instead of statutory damages, but those are likely to be even smaller in the case of a downloaded movie or song. The net effect, as the government indicated in its advisory on the bill, is supposed to be that “Canadians will not face disproportionate penalties for minor infringements of copyright.”

Despite the government’s intentions, the prospect of hundreds of thousands of lawsuits is apparently still a real possibility. With the law instructing judges to award as little as $100 for all non-commercial infringements, the question is now whether these cases will lead to clogged courts as individuals rely on recent legal reforms to challenge demands for thousands of dollars to settle infringement claims.
http://www.ottawacitizen.com/busines...241/story.html





O2 / BE Customers: All You Need To Handle A Ben Dover File-Sharing Letter
enigmax

Last weekend customers of ISPs O2 and BE began receiving notifications that their accounts had been used for illicit file-sharing. The claims originate from Golden Eye International who are connected to the famous porn outfit Ben Dover. Very soon they will drop so-called “letters of claim” through customers’ letter boxes, potentially ruining Christmas for thousands of families with demands for a cash settlement. But with the right response, this get-rich-quick-scheme can be stopped in its tracks.

Last Saturday morning customers of two ISPs in the UK woke up to a nasty surprise. Letters sent by ISPs O2 and BE advised that customer accounts had been somehow linked to copyright infringement and how this could lead to serious consequences.

“Two companies, Golden Eye (International) Limited and Ben Dover Productions (we will refer to them both as Golden Eye in this letter), allege that some of our customers broadband accounts have been used to download films from the internet, without paying for them,” O2 wrote.

“Golden Eye produced evidence which identified the anonymous IP address used to download that content. The Court then ordered O2 to check them against our customer records, and to give Golden Eye the corresponding name and address of the account holder.”

O2 then goes on to say that the High Court ordered it to hand over the names of alleged file-sharers to Golden Eye and, in an attempt to come over as the good guy, added that “O2 had no choice but to comply.”

The truth is that O2 could have made a real effort to contest the proceedings but did no such thing. As a result Golden Eye are now in possession of the identities of 2,845 O2 and BE customers to try and make money from.

Soon, and quite possibly just in time for Christmas, Golden Eye will write a letter to these O2 customers (click here to see what it will look like plus read our analysis here). In it they will outline their complicated copyright claim but ultimately announce that they are prepared to forget the whole thing if O2 and BE customers pay them some hard cash.

No amount will be mentioned but on past UK experiences it will be anything up to around £600. However, some people receiving these letters will not pay Golden Eye a single penny.

These people will have read and understood the Speculative Invoicing Handbook Second Edition, an invaluable guide released today. While the letters sent by GEIL have been approved by the High Court they are still crafted to intimidate, whereas the Speculative Invoicing Handbook is designed to inform and empower.

“The guide, which succinctly summarizes the operation of these mass litigation schemes, has proven a boon to those incorrectly accused in the past,” consumer rights campaigner and speculative invoicing expert James Bench told TorrentFreak.

It’s believed that the first edition of this superb publication enabled thousands of innocent account holders to avoid paying settlements to the infamous ACS:Law, eventually resulting in that company’s collapse and the bankruptcy of its operator.

The lawyer involved, Andrew Crossley, was also suspended by the Law Society for two years for his conduct, but he wasn’t the first casualty resulting from this type of work.

“Law firm Davenport Lyons, the pioneers of this type of volume litigation in the UK, saw two partners suspended by the Law Society and were forced to pay a substantial fine,” Bench notes.

Mindful of these unfavorable outcomes, GEIL have taken precautions.

“GEIL are the first copyright licensees to act for themselves in these matters, rather than appointing solicitors to send the letters on their behalf,” James Bench explains.

While GEIL have probably learned valuable lessons from the activities of ACS:Law, the key points remain the same.

First, the company does not have sufficient evidence to prove who has carried out any infringement. This is a huge problem for them since they can only claim settlement from the actual infringer and they don’t know who it is. They can only guess at that person’s identity – short of an ill-advised confession of course.

Second, if an Internet account holder didn’t carry out any file-sharing and didn’t tell someone else they could do so on their connection, they aren’t liable and don’t have to pay a penny. Golden Eye will eventually have to accept that and move on, even if they don’t do so straight away.

The Speculative Invoicing Handbook Second Edition can be downloaded here, and don’t forget to check out other support sites here and here. If you’ve received a letter, contact TorrentFreak in confidence.

(Update: The total of 2,845 IP addresses apparently did not relate to the same number of account holders – less than 1,000 identities have been released)
https://torrentfreak.com/o2-be-custo...letter-121204/





ISPs Face New File-Sharing Action

Record labels are trying to clamp down on illegal file sharing online.Record labels are trying to clamp down on illegal file sharing online.
Ciara O'Brien

Irish internet service providers are facing new legal action from record labels trying to clamp down on file sharing.

EMI, Sony, Warner Music and Universal have issued proceedings against UPC, Imagine, Vodafone, Digiweb and Hutchison 3G.

The case is due before the High Court on December 17th.

The labels are seeking an injunction compelling ISPs to block free file-sharing site Pirate Bay.

UPC confirmed proceedings had been served on its legal representatives and that it had previously declined Irish music industry body IRMA’s request to voluntarily block the Pirate Bay.

“We understand that all other ISPs joined to the proceedings similarly declined the request,” the company said in a statement.

“UPC can confirm however its position has not changed. As an ISP, our position is that ISPs should not on a voluntary basis decide what can or should be consumed by users. We believe such matters are for the Government or court to decide.”

Mobile network and broadband provider Hutchison 3G, which trades as 3 Ireland, also said it was a matter for courts to decide.

The issue has been the subject of an ongoing battle between the music industry and the internet service providers in recent years.

Eircom has blocked its broadband services customers from using the site since September 1st 2009 after settling a case with Irma.

The High Court made an order requiring Eircom to disable access to Pirate Bay and related domain names and URLs.
http://www.irishtimes.com/newspaper/...reaking40.html





Editorial: How Piracy Changed My Life
Vlad Dudau

There have been many discussions lately about piracy and how to combat it, including some pretty radical measures. But I believe most people glance over some of the positive effects that piracy has. Now don’t get me wrong, I’m not encouraging it and I’m not saying it’s good, I’m just saying that it’s not all black and white. Piracy is only a symptom of something more: whether it’s bad business models, restrictive markets, or economic problems. And I think my own story proves this point.

I was born in Romania, a country that had just gone through a revolution and was re-becoming a democracy. We, as a society, were just remembering what democracy was and how a free market works. We were just seeing what major technological breakthroughs had happened in the last 30 years in the west while our own country and populace had remained uninformed and technologically inept.

My first PC was a Pentium MMX which had an amazing 166 Mhz processor, 2 GB hard drive and 64 Mb of RAM if I remember right. At this time most of the folks around had 386 and 486 machines running DOS, so the blueish background of Windows 95 was kind of a big deal.

Now here’s the twist: that copy of Windows 95 I used was pirated. It came from a family friend who had it on a few floppy disks. It’s not because my family was cheap or wanted to commit a crime, it was because there simply wasn’t any alternative. Windows wasn’t sold anywhere in the country – at least not legally.

A few years later when Windows 98 came out the same thing happened all over again. The family friend came by with a bunch of disks and installed the OS on our PC.

By the time XP was rolling out, Microsoft had finally taken a real interest in our country, not to mention the fact that the free market was finally in full swing, so there were a lot of legitimate ways to buy the new OS. But here’s the catch: often times it was at least as expensive as the PC itself, so buying it would literally double your costs. Oh, and in case you are wondering, that would amount to about 3 months worth of salary. To give you a better idea, imagine Windows costing about $2,000.

I was pretty lucky as I got an original copy of XP bundled with the new PC my family had just bought. However, one year later when the motherboard went up in flames and we had to buy new hardware, we went back to the family friend.

For the next 5-6 years I used that PC with that pirated version of Windows to download an infinite number of games and software – all illegally. From the most basic Half-Life and Warcraft to the full-blown Creative Suite from Adobe. Again this happened not only because of price, though shilling out a few thousand dollars for Adobe’s CS would have been absolutely insane and would have sent any family into poverty, but rather because most of this software wasn’t even available on the market.

It is because of piracy that I had access to information that would have otherwise been impossible to find. It is because of piracy that I learned how to use Photoshop, how to edit movies, how to install an operating system.

And I am not the only one. All of my friends that have ended up working in the IT field began by using pirated software. How else would a 15 year old learn to use software that costs thousands of dollars, when the average monthly income was about $200? How else would an average kid in this country have learned stuff that’s price restrictive even in the US or the UK?

And here’s the thing: it’s because of piracy that most of us have jobs today. Without all those hours spent learning the software, my friends and I would not have become graphic designers, or game developers, or technology writers. I daresay we would have been much less productive members of society.

I know I’ve said some pretty incriminating things, but the catch is none of us pirate anymore. Why? Because we always knew pirating wasn’t right, but we never really had any other choice. But now when we all have jobs, when the content is finally available, and when the companies have changed their business models to give cheap access to students and teaching institutions ($39 Windows anyone?) we all choose to buy our software, music and movies. Oh, and that family friend that always had hacked operating systems for us? Well he’s now a manager at IBM.

Most people pirate out of need not out of greed. And pirated software can be of vital importance to the development of a generation in under-privileged regions. Of course cheap and accessible software would be a lot better, but there’s so little of that going around.

As for the people who do pirate out of greed, well they’re just bumholes but luckily for us there’s not that many of them out there. I'm really curious what your own thoughts are, and hopefully we can get a real intelligent conversation going.
http://www.neowin.net/news/editorial...hanged-my-life





A Free-Market Fix for the Copyright Racket
Virginia Postrel

While most of the punditocracy was chattering earlier this month about Mitt Romney’s “gifts” gaffe, another Republican took an unexpectedly bold stand about a huge and controversial special-interest handout that largely benefits Democratic constituencies.

A young Capitol Hill staff member named Derek S. Khanna published a Republican Study Committee policy brief titled “Three Myths About Copyright Law and Where to Start to Fix It.” The paper attacked the current copyright system, particularly the continual and retroactive extension of copyright terms at the behest of entertainment-industry lobbyists.

The target wasn’t new -- today’s expansive copyright law has long been a pet peeve of many technorati and left-leaning critics of corporate power -- but Khanna’s critique was striking. He made his case in the traditional Republican language of free markets, limited government and constitutional intent.

“The Federal government has gotten way too big,” the report declared, “and our copyright law is a symptom of the expansion in the size and scope of the federal government.” The current system, it went on, “bears almost no resemblance to the constitutional provision that enabled it and the conception of this right by our Founding Fathers.”

The paper drew praise from reformers at outlets across the political spectrum, from the American Conservative to Publishers Weekly to Daily Kos. But within 24 hours, the study committee withdrew it, spiking it from its website. Hollywood, it seemed, had won again.

Substantial Critique

The fight isn’t over. The Khanna paper was a harbinger of what promises to be a sustained and substantial critique of today’s copyright regime from intellectuals and activists on the right.

“Copyright reform,” says Republican consultant Patrick Ruffini, “allows Republicans to demonstrate that they’re pro- market, not just pro-big business.”

Besides, the movie, music and publishing industries generally hate Republicans.

Making the intellectual case, the Mercatus Center at George Mason University, a hub of free-market scholarship, has just released “Copyright Unbalanced: From Incentive to Excess,” a collection of libertarian and conservative critiques. The book doesn’t oppose copyright per se, but it excoriates the current system’s lengthy terms and expansive enforcement powers.

“Whatever your philosophical position, if you are skeptical of government power, you should likewise be skeptical of the copyright system that has developed over the last century,” writes Jerry Brito, the volume’s editor, in the introduction.

Brito, who directs the center’s technology policy program and teaches law at George Mason, argues that copyright is more akin to the tradable emissions permits used to regulate air pollution than it is to traditional property in goods or real estate. Copyright is a “created order,” in which congressional action deliberately generates scarcity to produce a public benefit.

Just as an effective emissions-trading system depends on getting right the exact number of permits and total amount of emissions, so a good copyright system depends on setting the right terms, limits on fair use and enforcement mechanisms.

“If copyright is weak, then it will provide little incentive to create,” Brito writes. “But if it is too strong, then it will limit the public’s ability to enjoy and build on creative works, which after all is the reason why we have copyright in the first place.”

Striking that balance is tricky, even without political pressure. And lawmakers have shown little interest in trying to reason out the optimal solution. Instead of balancing the interests of consumers and future producers with financial incentives to create new works today, copyright has become an expanding monopoly privilege for well-connected industries.

Bizarre Combination

Even as digital technology has made reproducing, remixing and repurposing creative works easier -- with potentially enormous benefits for consumers and producers of new works -- the monopoly privileges of copyright have expanded. The result is a bizarre combination of rampant copyright violations, frequent encroachment on legitimate fair use, suppression of new technologies and business models, and the ever-present threat of draconian penalties.

Consider how the law applies to Robert Frost’s classic poem “Stopping by Woods on a Snowy Evening,” first published in 1923. Back then you only got copyright privileges for works officially registered with the copyright office, and only for a term of 28 years, which could be renewed if you filed again, as Frost did in 1951.

Requiring such simple procedures reserved copyright privileges for creators with strong commercial or sentimental interests in limiting the publication of their works. Today, by contrast, copyright automatically applies to every eligible work, including your vacation snapshots and your 4-year-old’s handmade Mother’s Day card.

Under the law when Frost wrote his poem and renewed the copyright on the volume including it, it would have presumably entered the public domain in 1979, more than a decade after its author’s death in 1963. That’s not what happened. Beginning in 1962, Congress gradually extended copyright terms, and in 1976 it passed a new copyright act that gives works already under copyright a new term of 75 years from their first publication. That meant “Stopping by Woods” wouldn’t go into the public domain until 1998.

That’s not what happened either. Just as the poem’s copyright was about to expire, Congress passed the Sonny Bono Copyright Term Extension Act, which gave existing works a new copyright term of 95 years. (The 1923 Frost volume including the poem was one of the works cited in a lawsuit unsuccessfully challenging the act’s constitutionality.) So Frost’s poem won’t enter the public domain until 2018 -- assuming that Congress doesn’t pass yet another extension.

Promoting Progress

Fifty-six years of copyright was clearly enough to encourage Frost to write the poem. Anything further is just a windfall for his estate and his publisher. The Constitution, reformers are quick to note, gave Congress the right to grant copyrights “to promote the Progress of Science and useful Arts,” not to benefit producers.

A copyright isn’t supposed to be a reward. It’s supposed to be an incentive.

The good news for poetry lovers is that Frost’s estate doesn’t act like a movie studio or recording label and hurl “cease and desist” letters at everyone who reproduces the poem without permission. YouTube is full of children reciting “Stopping by Woods” as well as videos dramatizing the poem, including clay animation and Lego versions. Every one is a potential copyright violation.

Or maybe not. It all depends on the limits of “fair use.” Eugene Volokh, a law professor at the University of California at Los Angeles, notes that those cute kids rattling off Frost’s lines are “highly unlikely to be a substitute for any licensed video recordings or audio recordings.” The only way to be sure whether their performances qualify as fair use is to litigate the question and few proud parents with a video camera and a YouTube account have a fund reserved for court challenges. The costs of litigation make copyright more expansive than it is on the books. (For protection from charges of infringement, YouTube generally removes videos when someone alleges a copyright violation, even in cases of clear-cut fair use, such as a snippet of President Obama singing a copyrighted song that was used in a Mitt Romney ad.)

Vigorous enforcement of Frost’s copyright would hamper the spread of his poetry and deter new creative works illustrating it -- producing the exact opposite effect intended by the framers of the Constitution’s copyright clause.

In the concluding essay in “Copyright Unbalanced,” Tom W. Bell, a professor at Chapman University School of Law in California, argues for a radically conservative reform: a return to the original U.S. copyright law, passed in 1790, which protected only maps, charts and books and for only a renewable 14-year term. Although the “parsimonious approach” of what Bell calls the Founders’ Copyright Act isn’t likely to catch on, even among reformers, it does offer a useful thought experiment -- and a good reminder of copyright’s intended purposes.

Bell plans to make that experiment more than theoretical. He’s writing another book on copyright reform for Mercatus, titled “Intellectual Privilege,” and intends to publish it next year under the terms of the Founders’ Copyright. After 28 years it will go into the public domain.

“If it was good enough for old Ben, Tom, George, etc.,” he says, “it’s good enough for me.”
http://www.bloomberg.com/news/2012-1...ht-racket.html





EU Sets Out Plans To Modernize Copyright For The Digital Age: User-Generated Content And Cross-Border Usage On The Agenda
Ingrid Lunden

Regulators are not known to be fleet of foot when it comes to responding to market conditions — it can take years for something to get passed, or for fines to be levied on companies that violate antitrust rules, for example — but you can’t knock them for trying. Today, the European Union set out an agenda for how it plans to modernize copyright rules and regulations in light of the rise of the “digital economy.”

To be clear, Commissioners are not yet outlining any new rules, but today the kicked off a debate about what they will need to include when they do. What’s significant is that this conversation involves the “full college” of European Commissioners.

In a meeting today, the six areas that they outlined (so far) that will need to be included are as follows:

• Cross-border portability. This is a major issue in Europe right now — because it concerns not only how consumers can legally use content, paid for in one market, in another; but also how that content can be sold. Effectively, what companies like Spotify or Apple have to do is to sign country-by-country agreements to sell digital content. That makes for a very inefficient system. Finding a way to cover the full region of Europe could help improve the economies of scale for businesses like these, and also make it more practical for users in Europe. This is further detailed in point 5 below.
• User-Generated Content. Ah, YouTube. The EU cites figures that on average,every minute, people upload around 100 videos to video-sharing sites and over 150,000 photos to photo-sharing sites. The issue in Europe, apparently, is that it’s not clear to users when content is legal or illegal in these cases. Equally, there isn’t an efficient way right now for content holders to monitor when content is uploaded in illegal ways.
• Text and data mining. This is not, apparently, to do with invasive online advertising or “do not track”-style initiatives, but this: “an automated research technique for the purpose of scientific research. An example of this technique is researchers analyse and find patterns in existing scientific information. In addition to a licence for access to the content, this activity requires the permission from each right-holder to copy and reformat each of the huge number of works concerned for the purpose of such analysis.”
• Private copying levies. The EU notes that 20 Member States have national legislation on private copying levies for goods which can be used to produce copies, but each of these are different. “As a result, the prices of these goods vary widely across borders. Manufacturers have increasingly complained about this approach while rights holders continue to strongly support it.”
• Insufficient (cross-border) access to audiovisual works online (such as films and television shows). The Commissioners agreed that cross-border access for online works needs to be improved and that it will follow up on this specifically in 2013.
• European cultural heritage. This sounds like a long-tail content play: the EU sys that only 15% of Europe’s film archives are available right now to European citizens, as one example. If this gets pushed forward, expect some funding to be released for more projects to “unlock” some of these and other archives. Whether there is a consumer appetite for, says, obscure Dutch pop from the sixties is another matter.

The first task is to decide whether the current system is “fit for purpose,” and then to decide what “medium term issues” might start to get tackled… in 2014. Again, this doesn’t seem like very quick action in an industry that, as we all know, moves pretty quickly. How that will get tackled is perhaps on the agenda for another day.
http://techcrunch.com/2012/12/05/eu-...on-the-agenda/





How Corruption Is Strangling U.S. Innovation
James Allworth

If there's been one topic that has entirely dominated the post-election landscape, it's the fiscal cliff. Will taxes be raised? Which programs will be cut? Who will blink first in negotiations? For all the talk of the fiscal cliff, however, I believe the US is facing a much more serious problem, one that has simply not been talked about at all: corruption. But this isn't the overt, "bartering of government favors in return for private kickbacks" corruption. Instead, this type of corruption has actually been legalized. And it is strangling both US competitiveness, and the ability for US firms to innovate.

The corruption to which I am referring is the phenomenon of money in politics.

Lawrence Lessig's Republic, Lost, details many of the distortions that occur as a result of all the money sloshing around in the political system: how elected representatives are being forced to spend an ever-increasing amount of their time chasing donors for funds, for example, as opposed to chasing citizens for votes. Former congressman and CIA director Leon Panetta described it as "legalized bribery"; something which has just "become part of the culture of how this place operates."

But of all the negative impacts this phenomenon has had, it's the devastating impact it has on US competitiveness that should be most concerning.

One of the prime drivers of economic growth inside America over the past century has been disruptive innovation; yet the phenomenon that Lessig describes is increasingly being used by large incumbent firms as a mechanism to stave off the process. Given how hard it can be to survive a disruptive challenge, and how effective lobbying has proven in stopping it, it's no wonder that incumbent firms take this route so often.

The process by which firms do this is rarely overt, and usually couched in the language of regulation. When it involves nascent disruptors running headlong in to regulation that protects the incumbents, then the innovators are painted as "cutting corners." Conversely, when new regulation makes sense in order to foster innovation and disruption, but it doesn't suit the interests of the incumbents, then that regulation will often be characterized by incumbents as "stifling red tape." It seems to be happening more and more frequently, across sectors:

Automotive. A good friend who has been working in one of the US's new electric auto companies described how the regulation governing selling cars was being used by NADA (the National Automobile Dealers Association, one of the largest industry and lobby groups in the country) to make the new entrants' lives very difficult. NADA, for instance, recently sued Tesla for running "company-owned dealerships" in Massachusetts and also in New York because the law states that it's illegal for a factory to own a dealership. (To give you some sense of how ridiculous this is, the equivalent in the tech world would be Best Buy suing Apple for launching its own retail stores).

And this is but one of many such ridiculous regulations that new entrants must contend with; another example is legislation in Indiana that requires dealerships to be a minimum of 1,300 square feet, and be able to house at least 10 vehicles of the type that the dealer is selling. This might make sense for GM and Ford, but for small, innovative manufacturers like Tesla and Fisker that only have a very few number of models and who want to locate in high-traffic areas (not suburban strip-malls) to expose consumers to their products, it's stifling.

But short of a massive lobbying budget, don't expect anything to change — and especially not if it goes against the interests of an incumbent organization that's contributing millions of dollars to candidates.

Intellectual Property. When Walt Disney penned Steamboat Willie — the first cartoon with Mickey Mouse in it — copyright lengths were substantially shorter than they are now (but still enough such that it gave encouragement to Walt to create his famous character). And yet somehow, it seems that every time that Mickey is about to enter the public domain, congress has passed a bill to extend the length of copyright. Congress has paid no heed to research or calls for reform; the only thing that matters to determining the appropriate length of copyright is how old Mickey is. Rather than create an incentive to innovate and develop new characters, the present system has created the perverse situation where it makes more sense for Big Content to make campaign contributions to extend protection for their old work.

It's not just copyright, either — the same mentality has been driving draconian legislation such as SOPA and PIPA.

And finally, if you were in any doubt how deep inside the political system the system of contributions have allowed incumbents to insert their hands, take a look at what happened when the Republican Study Committee released a paper pointing out some of the problems with the current copyright regime. The debate was stifled within 24 hours. And just for good measure, Rep Marsha Blackburn, whose district abuts Nashville and who received more money from the music industry than any other Republican congressional candidate, apparently had the author of the study, Derek Khanna, fired. Sure, debate around policy is important, but it's clearly not as important as raising campaign funds.

Accommodation and Transport. This space features two new hot disruptors: Airbnb and Uber. Each, in their own way, threaten very big and very powerful incumbents. Each of them have built businesses that productively deploy resources that otherwise would go to waste — spare bedrooms and vehicles, respectively. Each have customers that love their service. And each have run head-first into regulation that just so happens to benefit incumbents.

Uber has probably had it worse, trying to fight against the entrenched taxi cab oligopolies. Matthew Daus, the president of the International Association of Transportation Regulators, recently tried to paint Uber as being a bad corporate citizen by pointing to what happened when Hurricane Sandy hit NYC: the prices paid to drivers (not to Uber) went up as a result of supply and demand. Daus called this "unfair pricing." There is an argument to be made that Uber could have better communicated its surge pricing strategy, but the basic idea behind what happened — supply and demand determine prices — is the cornerstone of a capitalist market. Uber wasn't gouging customers; it was ensuring supply of cars for customers who needed transport in a city that had otherwise shut down.

After using this example to establish it as a "rogue app," Daus and his organization proposed a new set of regulations: among them, rules that prevents luxury car services from using GPS services to meter the precise time and distance of a trip; rules to prevent customers from making a booking if they want to leave sooner than 30 minutes; and rules to prevent drivers from accepting electronic hails. All in the interests of "protecting consumers," apparently.

Telecom. Most folks in the US would be familiar with Netflix. It's a web-based movie service, and relative to a lot of players in the space, a disruptively innovative one. This fact hasn't gone unnoticed by the cable providers, who are feeling the pinch from "cord cutters" who are looking for more affordable options — like Netflix. How to combat this if you're a big cable company? Well, one way of ensuring that Netflix's streaming video service is much less attractive than continuing to subscribe to cable TV is by treating Netflix internet traffic as a second class citizen. So that's what's happening. For example: let's say you're a Comcast subscriber. If you watch Saturday Night Live using Netflix, it counts towards your download limit. Watch that very same show using the very same internet connection, but use Comcast's Xfinity app instead — and now, suddenly, the download limit doesn't count. As Time Magazine pointed out: "You either make the playing field as level as possible, or establish a precedent whereby a highway's proprietors, with their own vested traffic interests, control who pays at the toll booth and who doesn't."

Netflix. Uber. Airbnb. Tesla. Fisker. Most economies would kill to have a set of innovators such as these. And yet at every turn, these companies are running headlong into regulation (or lack thereof) that seems designed to benefit incumbents like NADA and Comcast — regulation that, for some strange reason, policy makers seem extremely reticent to change if it results in upsetting incumbents. Daniel Sperling, a professor at the University of California Davis, and director of its Institute of Transportation Studies summed it up when speaking to the New York Times about Uber: "Transportation has been one of the least innovative sectors in our society. When I look at these new mobility companies coming, where they're using information and communication technology, at a very high level it's long overdue and should be embraced with open arms."

And yet, that's not what's happening at all. If anything, it's the opposite.

Any guesses as to why?
http://blogs.hbr.org/cs/2012/12/how_...nnovation.html





Special Report: The Music Banker's Big Score
Robin Respaut and Atossa Araxia Abrahamian

From an office on Sunset Boulevard, a dapper 69-year-old has emerged as a go-to guy for musicians and songwriters looking for quick cash.

His name is Parviz Omidvar, and over the past two decades, he has been lending to artists and securing those debts with royalty payments his clients earn from their work. Michael Jackson was a customer, as is the son of late Motown legend Marvin Gaye. Omidvar's website carries an old testimonial from Rock and Roll Hall of Fame member Bobby Womack: "Thank you so much for always being there for me."

Today, Womack is suing Omidvar for fraud. He alleges the financier tricked him into selling for $40,000 full control of a royalty stream that annually pays many times that amount on Womack-penned hits, including blaxploitation classic "Across 110th Street" and "It's All Over Now," the first U.S. No. 1 record for the Rolling Stones. Womack's lawyer says the 68-year-old musician was misled into signing the deal in April last year, when he was incapacitated by painkillers following prostate cancer surgery.

Omidvar calls Womack's claim "a simple case of buyer's remorse." Womack understood he was selling his royalties, and his allegations are "a complete lie," Omidvar says.

Omidvar's quick cash can come at a steep price. Reuters found scores of loans with interest rates ranging from 1.5 to 2.5 percent every 10 to 15 days - annualized rates potentially ranging from 43 percent to 81 percent. Many loans included fees of up to 20 percent of the principal, which could accrue interest at the same rate as the loan. In one lawsuit brought by an Omidvar client, a California court found that one of the financier's companies had charged illegally high rates on loans smaller than $5,000.
By comparison, Artist Royalty Tracking, which competes with Omidvar, says it charges 13.88 percent interest a year and requires that artists fit a strict set of criteria to qualify for a loan. The Houston company has about 50 clients, each making $100,000 or more a year in royalties.

Omidvar says he currently has no outstanding loans at such high interest rates and that these practices are not representative of his business. He says rates on many loans were later reduced retroactively once he determined that the clients were capable of repaying him in full.

BITTER RIVALRY

Complicating Omidvar's business is a bitter rivalry with the financier who introduced the "Bowie Bond," the 1997 deal in which rocker David Bowie raised $55 million by selling debt backed by his future royalties.

Omidvar and that financier, David Pullman, have filed at least 11 lawsuits and countersuits against one another involving a handful of songwriter clients. Omidvar says Pullman is "obsessed with destroying our business" and that before Pullman came along, there were "virtually no problems with clients." Pullman says Omidvar and his sons, Oliver and O'Neil, who have helped their father in his business, "blame everyone but themselves for their illegal activities."

The music bankers are battling over a famously risky clientele: songwriters, often elderly and desperate for money. Times have always been hard for musicians, and industry lore is studded with examples of naive talents gouged by agents and record-company operatives.

The Internet has added to the struggle as pirated downloads have eaten deep into sales of recorded music. Making matters worse, a long-term credit drought is plaguing songwriters, musicians, arrangers and producers.

TOO RISKY

Decades ago, music publishers and songwriter societies like ASCAP and BMI would advance money to artists against future earnings. By the late 1980s, they and the handful of banks in the business largely abandoned the practice as too risky. An artist's royalty income can fluctuate greatly, depending on record sales, radio airplay and licensing agreements.

"It's extremely difficult to get a conventional loan, because they have a very unconventional working history," says Bob Clarida, a copyright attorney.

Omidvar fills this void. The idea is simple: Advance money to artists, who sign over their royalty streams to his company. Omidvar then collects the royalties directly from record labels and music societies until the debt is repaid with interest. On his website, he offers "immediate cash to music royalty earners so they don't have to wait months to receive their much-needed distributions."

Omidvar says he started out at an accounts-receivable factoring company and fell into the music business by chance. Clients say he wears formal suits and ties, setting him apart in casual Southern California.

"When you walk in, you feel like this guy knows what he's doing," says Danny Pearson, a former client whose credits include the 1978 hit "What's Your Sign Girl?"

Omidvar writes his loans as commercial notes; interest rates on such notes, unlike those on short-term consumer loans, generally are exempt from regulatory rate limits. While many of the notes carry maturities of six months to a year, he says, most are written with the expectation they will be paid off within weeks. "We don't want people to default in 30 days," he says. "If we did that, we would be loan sharks."

Marvin Gaye III, the son and heir of the late soul singer, says that for 17 years, he has been a satisfied customer of Omidvar, whom he calls "a really great guy." "If you understand the contract," he says, "there's no surprises."

LONGTIME CLIENT

Bobby Womack's family has a different take. Womack started out in the 1960s as lead singer for doo-wop group the Valentinos. He went on to play guitar for soul star Sam Cooke and released hit singles like "Woman's Gotta Have It," "Harry Hippie" and "Across 110th Street."

In the 1980s, Womack began borrowing from Omidvar. His lawsuit says he took roughly 15 advances from Omidvar over the past 25 years.

By 2011, Womack was suffering from prostate cancer, dementia, cataracts and other maladies, according to documents filed in the suit in Los Angeles Superior Court. In April that year, he was hospitalized for complications from prostate surgery and placed on a morphine drip for two weeks, his suit says.

It also says that the day after leaving the hospital, Womack visited Omidvar's office. Thinking he was simply borrowing money, the suit says, he signed away all his royalties for $225,000 to an Omidvar company called Music Royalty Consulting Inc.

After "costs and charges" were deducted from the $225,000 loan Womack expected, the suit alleges, he received a check for $40,000 for "all past, present and future income" - a fraction of what his royalties regularly bring in annually, his lawyer says. Womack's suit claims he was confused because of medication he was taking, and never would have signed had he been of sound mind.

Omidvar, in an interview, says Womack "was in completely great shape" and understood he was selling his royalties. He notes that during the months preceding and after the deal, Womack was performing in concerts, "dancing his heart out." YouTube videos of live performances in March and June of 2011 show an animated and seemingly unimpaired Womack on stage.

"Dementia and dancing are two different things," says Jim Ryan, Womack's lawyer. Ryan declined to make Womack available for an interview. The case is scheduled to go to trial in May next year.

FATHER AND SON

California exempts most commercial loans from usury caps. Even so, a jury in 2009 found that Omidvar had overcharged on loans of less than $5,000, which are subject to limits.

That case involved Daryl Cleveland, son of Motown songwriter Al Cleveland, who co-wrote Marvin Gaye's mega-hit "What's Going On" and Smokey Robinson's classic "I Second That Emotion."

Al Cleveland was a client of Omidvar's. When Al died in 1996, Daryl, now 56, kept up the borrowing, using his father's $100,000 annual royalty stream as collateral. In court documents, Cleveland said Omidvar promised that he would treat him "like a son."

Over the course of eight years, according to Cleveland's lawsuit, Omidvar made him almost 200 loans. The terms ranged from five to 18 months, and the amounts from $31 to $44,426, with an interest rate of 72 percent a year, plus a "processing fee" typically of 20 percent.

Cleveland was chafing under these terms in 2005 when David Pullman, the bond dealer, offered to help.

When Pullman created song-royalty bonds for David Bowie, the concept of issuing debt backed by a steady stream of music royalties captivated investors. Pullman put together multi-million-dollar issues for the Isley Brothers, James Brown and Marvin Gaye, and trademarked them as "Pullman Bonds." By 2004, Moody's Investors Service had rated the original Bowie Bond one notch above junk status. Today, Pullman buys royalties outright from artists who are looking to sell.

TRADE SECRETS

He doesn't shy away from conflict. In the late 1990s, Pullman sued former business partners for billions of dollars, alleging they misappropriated his trade secrets by issuing Bowie-like royalty bonds. That suit was ultimately dismissed. He also filed complaints about elderly neighbors in his New York City co-op, accusing them of running an illegal bookbinding business out of their apartment. Pullman and the co-op entered litigation, and the board kicked Pullman out, setting a legal precedent allowing New York City co-ops to oust undesired residents. Pullman moved to Los Angeles shortly thereafter.

More recently, Pullman has been striking deals with Omidvar clients like Daryl Cleveland under which he, in essence, buys their claims against Omidvar, and then sues him for large sums, alleging that Omidvar engages in predatory lending.

Pullman says that in 2004, he paid Cleveland roughly half a million dollars for royalties on his music library. The agreement also granted Pullman the right to join Cleveland in suing Omidvar for $2.5 million for allegedly charging excessive interest rates and fees.

Omidvar denies the allegations. Cleveland could not be reached for comment.

The case took a surprise turn in June 2006, when Cleveland settled with Omidvar for $18,000.

Two months later, Robert Besser, a lawyer representing Cleveland and Pullman, received a fax signed by the songwriter. It stated that Cleveland had been tricked by Pullman - it didn't specify how - into selling his father's entire song catalog, contending that he had agreed to sell only half of it. The letter alleged that Pullman had wrongly represented himself as a lawyer when they first met and that Pullman "lied every step of the way."

Pullman, who denies the allegations and calls the letter "questionable," kept up the fight, pursuing one of Omidvar's companies, Currency Corp, for breach of contract. A year later, Cleveland signed a court declaration in support of Pullman's case.

A jury eventually found that Currency had charged interest and administrative fees exceeding legal limits on approximately 44 notes in amounts under $5,000. It awarded Pullman $38,554, less than half of what he had sought, plus $142,000 in legal costs.

Cleveland received nothing beyond the original $18,000 settlement.

"I TRUSTED HIM"

Today, Omidvar and Pullman are fighting over the heirs of producer and musician Gene Page, whose songwriting credits include "You've Lost That Lovin' Feeling," a hit for the Righteous Brothers. He also worked with Diana Ross and Lionel Richie.

Page died in 1998 at age 57. His son, Chris, recalls in an interview that at the funeral, Omidvar hugged him. "He told me that my dad told him to look after us," says Chris, who is 41 and works as a personal fitness trainer in California. "I trusted him." That feeling was strengthened when he saw his father's gold records lining the walls of Omidvar's office.

Omidvar had some bad news, too: He told the family Gene had died owing hundreds of thousands of dollars to the Internal Revenue Service and to Currency Corp, according to court filings.

In the ensuing years, Page's widow, Maibell, regularly received money under a complex arrangement of loans to and from Omidvar.

There was the $600,000 death benefit from her husband's musicians union. Omidvar managed that money through a company called Tiffany Ventures to invest in real estate, using funds borrowed from the death benefit.

For the nine years following Gene's death, Omidvar also wrote the Page family commercial loans at 2 percent, compounding every 10 days, or equal to 72 percent annually, plus a 20 percent "processing fee," according to documents in a lawsuit the Pages subsequently brought against Omidvar. In turn, Omidvar collected Page music royalties.

In 2006, Pullman approached Maibell. She thought he was offering a written deal to audit Omidvar's management of the family's finances, according to a lawsuit Maibell subsequently filed against Pullman in Los Angeles Superior Court. Several months later, the widow realized that by signing papers with Pullman, she had actually sold him her husband's royalties, along with the right to sue Omidvar, for $100,000, minus any debts she owed to Omidvar, according to court documents.

That suit alleged that Pullman "tricked Page into signing documents that effectively transferred her interests in royalties" and violated the Elder Abuse Act. Pullman said Maibell agreed to sell her interest in the songs because it would free her from Omidvar's debts.

But when it became clear in court proceedings that the money Maibell had been receiving for years wasn't from her husband's death benefit, as she had thought, but constituted loans from Omidvar, the Pages switched sides. The family withdrew its lawsuit against Pullman. He returned the Page royalty rights to the family, and the two parties joined forces in a lawsuit in the same court against Omidvar, alleging predatory and fraudulent lending practices.

According to documents in the suit against Omidvar, Tiffany Ventures paid Maibell an annual interest rate of 5 percent on the loan from the death benefit, later reduced to 2 percent - rates much lower than what he was charging on some of his loans to Maibell.

In addition, the Pages claimed they didn't know how much Gene Page's songs were earning in royalties. Pullman says they finally learned that the royalties totaled nearly $2 million between 1988 and 2009, averaging about $95,000 a year. The family claims it received almost none of that money.

CYCLE OF DEBT

As the Pages saw it, Omidvar was stripping them of their royalties while borrowing from them at rates much lower than the rates at which he was lending to them, creating a perpetual cycle of debt.

Omidvar says the Pages' claims are "all mumbo jumbo." Maibell knew she was borrowing money all along and liked it that way, he says, because it reduced her taxes. He points out that she signed and initialed each note.

In 2010, the Los Angeles Superior Court ordered Omidvar to pay Pullman and Maibell Page $735,192.29, plus costs. Omidvar is appealing the judgment. In January 2011, he unsuccessfully sued the Pages for breach of contract.

Maibell died in August from lung cancer at age 71, 14 years to the day after her husband's death.

Gene and Maibell Page are still featured in a testimonial on Omidvar's Royalty Advance Funding website. "Thanks for being so reliable and for doing so much more than you have to for me," Maibell says in a quote that appears above a picture of her embracing her husband. "I really appreciate your help."

(Editing by Michael Williams and John Blanton)
http://www.reuters.com/article/2012/...8B50LD20121206





Movie Studios Ask Google To Censor Their Own Films, Facebook and Wikipedia
Ernesto

In what is by far the greatest DMCA mess we’ve ever witnessed, several major movie studios have seemingly asked Google to take down legitimate copies of their own films. Through an agent the studios further requested the search engine to remove their official Facebook pages and Wikipedia entries, as well as movie reviews in prominent newspapers. Has the world gone mad or…?

Ever since Google announced that it would publish the DMCA requests it receives as part of their transparency report, the number of notices being sent have shot through the roof.

While the majority of the requests are legitimate there are also occasional mistakes, often caused by automated filters. To some degree this is understandable, but the examples we present today are so off the chart that the people responsible should really reconsider their jobs.

Early November a few dozen DMCA notices were sent on behalf of several major movie studios. While this is nothing new by itself, the number of mistakes in these notices are stunning. We will discuss a few of them below.

Lionsgate

On behalf of Lionsgate a DMCA notice was sent to Google, asking the search engine to remove links to infringing copies of the movie “Cabin in the Woods”. The notice in question only lists two dozen URLs, but still manages to include perfectly legal copies of the film on Amazon, iTunes, Blockbuster and Xfinity.

20th Century Fox

20th Century Fox sent in a DMCA notice to protect the movie “Prometheus”. However, as collateral damage it also took down a link to a legal copy on Verizon on demand, the collection of the Prometheus Watch Company, and a Huffington Post article.

And what about a DMCA takedown request for the Wikipedia entry of “Family Guy” that is supposedly infringing?

Perhaps even more crazy is another request sent on behalf of 20th Century Fox for “How I Met Your Mother”. The DMCA notice lists a CBS URL as the official source of the copyrighted material, but the same URL later appears in the list of infringing links.

BBC Films

BBC Films, like the other studios, also target their own film, in this case “Ill Manors”. However, the DMCA notice in question also asks Google to take down several film reviews published by The Guardian, The Independent, The Mirror and the Daily Mail.

Even worse, the takedown request lists the film’s official Facebook page.

Summit Entertainment

Summit Entertainment sent a DMCA notice asking Google to remove infringing copies of the film “50/50″. However, the list of URLs contains a URL of the Blockbuster video rental site, as well as an announcement on Stanford’s website for the “50th Symposium Keynote Address by Secretary Chu”.

Other than that the notice mainly lists a variety of unrelated videos with 50 in the title, such as Attack of the 50ft Cheerleader and 50 First Dates.

Sony Pictures

A notice sent on behalf of Sony Pictures was supposed to make illicit copies of “The Other Guys” unavailable. But, for some reason it targets tech news reports on the Megaupload case on Cnet, Wired and Forbes, among others.

The same notice also lists several unrelated titles such as The Expendables, The Butterfly Effect, Frasier, Two and a Half Men, The River Wild and 28 Weeks Later.

Walt Disney Pictures

The last rogue DMCA notice we’ll discuss here is from Walt Disney Pictures who made a request for Google to disable access to infringing copies of the movie “Cinderella”. This notice mistakenly requests that Google censors the BBC’s kids corner where several perfectly legal fairy tales are listed.

For the rest the notice is filled with links to unrelated Cinderella films, or even content that’s not even related to Cinderella such as The Flintstones, Frida and Revolution.



The above is just a small selection of the most obvious mistakes, but there are many more to be found. Luckily Google appears to have left most of the reported links online, minimizing the damage.

Interestingly enough, they above examples were all sent by an outfit called “Yes It Is – No Piracy!” which we’ve never heard of before.

The company appears to present itself as a DMCA remover on the website yesitis.org but lists no address. Considering the many mistakes made by the firm, one has to wonder whether their “under penalty of perjury” statement that they represent the copyright holders above is accurate.

TorrentFreak attempted to contact several of the involved rightsholders, but we have yet to receive a response.

Whatever the case, the above once again shows the danger of automated DMCA notices that are sent out without any type of verification. Right now rightsholders and the anti-piracy outfits they employ have absolutely no incentive to improve the accuracy of their takedown systems.

Perhaps it’s time for them to be punished?

Update: Yesitis.org now points to a parked page. Yet another sign that these notices may be fraudulent, and not authorized by the copyright holders at all. If that’s indeed the case it remains unclear what the purpose of these notices is. It would show how easily these DMCA notices can be abused.
https://torrentfreak.com/movie-studi...ipedia-121203/





Netflix Does Deal With Disney: The End of Flat-Rate Movie Pricing?
Cormac Foster

Tuesday morning, Deathwatch-favorite Netflix announced a new partnership with Disney. While the financial terms have yet to be disclosed, this looks like a huge step in the right direction for the embattled video service.

Under the terms of the agreement, Netflix will become the online distribution platform for Disney's straight-to-video releases in 2013. In 2016, it will carry pay-per-view versions of Disney's new, theatrically released films. Effective immediately, Netflix will also have access to a back catalog of classic Disney films for its current subscriber base.

What It Means For Disney

By cutting a deal, Disney gains a pay-per-view foothold (and likely some perks to be named later) in the biggest online video distributor without giving up anything but Dumbo and Pocahontas. Its classic freebies will serve as a powerful lead-in for up-sells, and it will retain the power to charge a fee it considers fair for premium content. The deal also draws considerable leverage from cable operators that may have been less willing to negotiate a favorable revenue split.

What It Means For Netflix

The Disney deal is a major lifeline for Netflix. First, it brings reliable, popular content into the system right now, repairing some of the actual and perceived damage caused when Disney/Starz pulled out. It also shows Wall Street and other content providers that Netflix will be around for the long haul. If the mother of all content licensing providers is willing to do a deal, other suppliers are more likely to want in as well. It remains to be seen how far Disney has locked out competitors, but Netflix will draw new interest that it really needed.

According to Ross Rubin, Principal Analyst at Reticle Research, the deal is a very good thing. "This is, as Red Hastings has observed regarding Amazon's investments, a gold rush, with many online video providers such as Google, Hulu, Amazon and Netflix looking for original and exclusive content, and Disney has an unparalleled brand in home video. Kids' movies are a great fit for Netflix as some of its heaviest users are parents who use it as broadband babysitting."

The agreement also formalizes what everyone knew was coming: Netflix is evolving beyond the buffet model. Premium content will remove the pressure from the baseline offering and allow all sorts of new opportunities that provide legitimate value.

For example, millions of Netflix users catch up on back seasons of still-running TV shows, only to find themselves stuck in the limbo between the Netflix catalog and the current season. That's a well-qualified sales opportunity sitting on the table. Now Netflix and content publishers can monetize that opportunity while consumers willing to spend a bit extra on a premium subscription or an a la carte purchase can stay up to date on their favorite shows.

This deal puts pressure on other video distributors to follow suit. Hulu, with its close ties to NBC, Fox and yes, Disney, will probably launch a counterattack soon.

Let's be clear. This is a win for Netflix, but Disney is in charge. Netflix's content model was getting pinched, and it needed an out. Content is still king, but the deal helps Netflix last long enough to maybe tip the scales a bit more toward distributors.
http://readwrite.com/2012/12/04/netf...-movie-pricing





Richard Stallman: ‘Apple has Tightest Digital Handcuffs in History’

Hazel Healy speaks to free software’s moral compass about Anonymous, licensing and digital freedoms.

One of the greatest hackers of all time, Richard Stallman is something of a roving prophet for the free software movement.

He invented the first ‘copyleft license’ that made the results of his mammoth feats of computer programming free to use, share and change - without falling foul of copyright.

Stallman now travels the world making the argument that software should be treated as public knowledge and warning of threats to civil liberties in an increasingly digitized world.

Q It’s nearly 30 years since you started work on the GNU operating system, which went on to become GNU/ Linux, one of the leading examples of free and open source software collaboration. Yet Apple and Microsoft still loom large. How do you feel the free software movement is faring?

The free software movement has advanced tremendously but proprietary user-subjugating software has also spread tremendously. I would say the free software movement has gone about half the distance it has to travel. We managed to make a mass community but we still have a long way to go to liberate computer users.

Those companies are very powerful. They are cleverly finding new ways to take control over users. Nowadays people who use proprietary software [programs whose source code is hidden, and which are licensed under exclusive legal right of the copyright holder] are almost certainly using malware. The most widely used non-free programmes have malicious features – and I’m talking about specific, known malicious features.

Q Tell me about these malicious features.

There are three kinds: those that spy on the user, those that restrict the user, and back doors. Windows has all three. Microsoft can install software changes without asking permission. Flash Player has malicious features, as do most mobile phones.

‘Any change in the way protest is done is an opportunity for governments to criminalize it.’

Digital handcuffs are the most common malicious features. They restrict what you can do with the data in your own computer. Apple certainly has the digital handcuffs that are the tightest in history. The i-things, well, people found two spy features and Apple says it removed them and there might be more

When people don’t know about this issue they choose based on immediate convenience and nothing else. And therefore they can be herded into giving up their freedom by a combination of convenient features, pressure from institutions and the network effect. That’s why I focus now on spreading the awareness of the philosophy of free software and the issue of freedom that we’re fighting for. Because if you have some courage and you recognize the harm that they are doing, you can resist.

Q What do you think about the actions by hactivists Anonymous in defence of internet freedoms?

Well, their primary activity consists of a network protest where people send lots of request to a website. It’s the virtual equivalent to having a protest on the street in front of their office.

This is simply democracy. But we live in an age where governments that actually work for the banksters and other major businesses are trying to criminalize all forms of popular political activity. They look for clever ways to punish protests such as besieging protesters for hours. So any change in the way protest is done is an opportunity for them to criminalize it. If people used to protest in the street and now it’s in the network, well they can prohibit protesting in the network and call it an attack.

Q Has the internet killed privacy?

It’s true in the sense that most people are doing extremely foolish things on the internet. You can refuse to use Facebook though – you shouldn’t use it. I ask my friends not to do anything that would allow Facebook to do more surveillance of me. I don’t use it. And the Free Software Foundation doesn’t use it.

Of course Facebook is not alone. There are various companies doing surveillance of people on the internet. I don’t think they can find out very much about me. I only connect to the internet in ways that do not identify me – sometimes at friends’ houses or in coffee shops. I transfer my mail through SSH [Secure Shell], which is encrypted.

But most people are leaving themselves totally wide open to surveillance on the internet. And what really gets me is when people pressure their friends into using Facebook.

Q Can you protect yourself from cyber spying by using free software?

It’s a necessary first step. A proprietary programme gives you zero security from the owner of the programme. The users are totally defenceless and the owners often wipe the floor with the users because every non-free program gives the owner unjust powers.

People are aware that Windows has bad security but they are underestimating the problem because they are thinking about third parties. What about security against Microsoft? Every non-free program is a ‘just trust me program’. ‘Trust me, we’re a big corporation. Big corporations would never mistreat anybody, would we?’ Of course they would! They do all the time, that’s what they are known for. So basically you mustn’t trust a non free programme.

Q What would you say to those who insist that free software is non-secure because it’s open source?

Mistaken. Good, free programmes are more secure, even against third parties – better than commercial proprietary competition. They just want you to be prejudiced that a company is doing something well because they are professional. We’re taught to believe that. It’s not always true.

Q How do you feel about peer-to-peer file sharing?

Sharing is good. And sharing must be legal. By sharing I mean something very narrow – non commercial distribution of the exact copy of a work. This applies to all non-practical works: documentary – which is testimony – statements of opinion, art and entertainment works. They are meant to contribute to society in a different way, and control over them is not important, so for those [permissive] Creative Commons licenses are fine.

But for all practical works [software, design, educational works, fonts, recipes] users should have total control over what that work does for them.

In the US and Britain, mass public protests have basically been crushed. They don’t want mass protests on the internet either.

Being free means you get the four essential freedoms: the freedom to use the work as you wish, the freedom to make changes if you wish so that the work does the job the way you want it to, the freedom to distribute copies (even commercially) and finally, freedom four: to produce modified versions.

I don’t believe all published works should be free. I believe that published works that can be used for practical jobs should be free.

Q On your website you have compiled a list of the newspapers which have put up paywalls. How do you feel about them?

I’m against them, but not because of paying. Every paywall is an identification wall and that I will not go along with. I don’t do e-commerce. I wouldn’t mind paying if I could pay anonymously – maybe Bitcoin is a solution – but I won’t buy things in a way that identifies me, like with a credit card. I don’t mind paying for a paper copy of a magazine but I’ll pay with cash. However on the internet there’s no way to pay with cash.

Q You’ve said that your work in free software is part of a wider battle against defending freedoms in general….

Yes. I didn’t see it in that context when I started [in 1983] but that’s because the empire of the mega corporations is something that developed mainly since the 1990s. And the state attacks on human rights and democracy in the so-called free countries have become tremendous since then. In the US and Britain, mass public protests have basically been crushed. They don’t want mass protests on the internet either. They want obedience. They represent the rich and subjugate the poor. These are not legitimate governments.

Q Anything else you’d like to say to our readers?

We need to organize to fight surveillance. Especially here in Britain, which pioneered the surveillance state and is trying to make it worse right now. Now they can imprison people on the suspicion of crime – put someone on trial and find them guilty of being suspect. And that doesn’t wash.

And now they are proposing secret trials specifically to protect US torturers from trial. And then there is the one-way extradition treaty, which is an evident injustice and must be torn up. It’s a unilateral declaration of surrender to the US government, which is clearly no friend of human rights. Tear it up!
http://www.newint.org/features/web-e...man-interview/





Dotcom Wins Right to Sue Police, Spy Agency
Andrea Vance

The Government Communications Security Bureau will have to reveal secret details of their surveillance of Kim Dotcom, in an unprecedented ruling from a High Court judge.

Justice Helen Winklemann has ordered "discovery" of documents related to the Dotcom operation.

Today's ruling also allows Dotcom to pursue the police and GCSB for damages.

The foreign spy agency must disclose anything they shared with other intelligence agencies in the "Five Eyes" intelligence alliance - made up of the US, Australia, UK and Canada. And they must reveal if they carried out surveillance on Doctom's wife Mona and his co-accused Bram van der Kolk.

Winkelmann has also ordered Detective Superintendent Mike Pannett - a police liaison officer in Washington - swear an affidavit if he watched a 'live feed' of the the raid on Dotcom's Coatesville mansion on January 20 from the FBI's multi-agency command centre.

If he did, he should provide details to identify the source of the feed, the locations and events being filmed and the time he watched it. Police yesterday said there was no live feed. But they have declined to comment further on the ruling.

Details of a briefing between Anne Toohey, of Crown Law, and other key players and a later video conference, at the OFCANZ office, in November last year, will also have to be handed over.

Dotcom's lawyer have been asking for documentation on the briefings "but no response has been received," the judge said.

The officer in charge of the operation, Detective Inspector Grant Wormald, must also reveal where and when stationary cameras were placed close to Dotcom's home. The police must disclose if any third parties were involved in setting them up.

Justice Winklemann also wants disclosure of an "in-depth" FBI presentation on the investigation.

The live feed was revealed in a February edition of the police's in-house magazine Ten One.

Winkelmann noted that an affidavit given by Wormald stated "that there was no live coverage of the operations going on at the Dotcom mansion."

She said this contradicted "earlier" evidence he had given at a hearing.

Wormald is already facing questions over testimony he gave the court, saying no other agency had spied on the Megaupload entrepreneur.

Lawyers for the prosecution have argued that some of the information sought is "too broad" and will damage their relationship with the FBI. Revealed details of GCSB activities would also compromise national security and reveal information sharing protocols and practices with intelligence allies.

"Footage of the events, if it exists, would be relevant to assessing the nature of Police actions on site at the Dotcom mansion," Winkelmann said.

She wants to know when Pannett watched the live feed, from where - and who else was there.

The judge also wants to know if anyone else was caught up in GCSB's illegal spying, noting Dotcom believes he was being surveilled much earlier than the spy agency has admitted to.

A senior lawyer Stuart Grieve QC has been given security clearance to look at the secret spy documents on behalf of Dotcom. He was appointed by the court in October.

The latest ruling is another milestone in Dotcom's bid to challenge extradition to the US on copyright infringement charges.

His lawyers have already proved that GCSB's surveillance of the mogul was illegal, and search warrants for the January raid were invalid.

A spokeswoman for Prime Minister John Key - who is responsible for the GCSB - said: "We don't comment on court judgements."

The office of the Attorney-General would also not comment while the case is before the court.
http://www.stuff.co.nz/technology/di...efendant-right





Obama Signs Safe Web Act Into Law
Jennifer Martinez

President Obama signed into law on Tuesday a bill that would reauthorize the Federal Trade Commission's authority to clamp down on Internet fraud and online scammers based abroad.

Outgoing California Republican Rep. Mary Bono Mack was the lead co-sponsor of the bill, the U.S. Safe Web Act, which expands the FTC's powers so it can share information about cross-border online fraud with foreign law enforcement authorities.

The bill was originally passed by Congress in 2006 and was set to expire next year. With the president's signature, the measure is reauthorized through September 2020.

A top FTC official said at a hearing earlier this year that the bill has equipped the agency with tools that has helped it crack down on fraud cases that would have cost American consumers millions of dollars. Since the bill was first enacted, the trade agency said it has conducted more than 100 investigations into cross-border fraud and scams.

Bono Mack, who lost her reelection race to Democrat Raul Ruiz in November after serving for 14 years in the House, said the bill was needed to ensure consumers felt protected from online scammers, which would keep the e-commerce market thriving. The California Republican applauded the bill being signed into law, saying it was a boon for consumers.

"This is a win-win. It's good for American consumers. It's good for the future of e-commerce. And it's the right thing to do for our nation and our friends around the world," Bono Mack said in a statement. "With nearly 1.5 billion credit cards in use in the United States, nearly everyone in America has a stake in making certain that the FTC has the powers it needs to fight online fraud."
http://thehill.com/blogs/hillicon-va...b-act-into-law





Cops to Congress: We Need Logs of Americans' Text Messages

State and local law enforcement groups want wireless providers to store detailed information about your SMS messages for at least two years -- in case they're needed for future criminal investigations.
Declan McCullagh

AT&T, Verizon Wireless, Sprint, and other wireless providers would be required to record and store information about Americans' private text messages for at least two years, according to a proposal that police have submitted to the U.S. Congress.

CNET has learned a constellation of law enforcement groups has asked the U.S. Senate to require that wireless companies retain that information, warning that the lack of a current federal requirement "can hinder law enforcement investigations."

They want an SMS retention requirement to be "considered" during congressional discussions over updating a 1986 privacy law for the cloud computing era -- a move that could complicate debate over the measure and erode support for it among civil libertarians.

As the popularity of text messages has exploded in recent years, so has their use in criminal investigations and civil lawsuits. They have been introduced as evidence in armed robbery, cocaine distribution, and wire fraud prosecutions. In one 2009 case in Michigan, wireless provider SkyTel turned over the contents of 626,638 SMS messages, a figure described by a federal judge as "staggering."

Chuck DeWitt, a spokesman for the Major Cities Chiefs Police Association, which represents the 63 largest U.S. police forces including New York City, Los Angeles, Miami, and Chicago, said "all such records should be retained for two years." Some providers, like Verizon, retain the contents of SMS messages for a brief period of time, while others like T-Mobile do not store them at all.

Along with the police association, other law enforcement groups making the request to the Senate include the National District Attorneys' Association, the National Sheriffs' Association, and the Association of State Criminal Investigative Agencies, DeWitt said.

"This issue is not addressed in the current proposal before the committee and yet it will become even more important in the future," the groups warn.

That's a reference to the Senate Judiciary committee, which approved sweeping amendments to the Electronic Communications Privacy Act last week. Unlike earlier drafts, the latest one veers in a very privacy-protective direction by requiring police to obtain a warrant to read the contents of e-mail messages; the SMS push by law enforcement appears to be a way to make sure it includes one of their priorities too.

It wasn't immediately clear whether the law enforcement proposal is to store the contents of SMS messages, or only the metadata such as the sender and receiver phone numbers associated with the messages. Either way, it's a heap of data: Forrester Research reports that more than 2 trillion SMS messages were sent in the U.S. last year, over 6 billion SMS messages a day.

The current policies of wireless providers have been highlighted in some recent cases. During a criminal prosecution of a man for suspected murder of a 6-year old boy, for example, police in Cranston, R.I., tried to obtain copies of a customer's text messages from T-Mobile and Verizon. Superior Court Judge Judith Savage said that, although she was "not unfamiliar with cell phones and text messaging," she "was stunned" to learn that providers had such different policies.

While the SMS retention proposal opens a new front in Capitol Hill politicking over surveillance, the principle of mandatory data retention is hardly new. The Justice Department has publicly called for new laws requiring Internet service providers to record data about their customers, and a House of Representatives panel approved such a requirement last summer.

"We would oppose any mandatory data retention mandate as part of ECPA reform," says Christopher Calabrese, legislative counsel for the American Civil Liberties Union. That proposal is "a different kettle of fish -- it doesn't belong in this discussion," he says.

An internal Justice Department document that the ACLU obtained through the Freedom of Information Act shows that, as of 2010, AT&T, T-Mobile, and Sprint did not store the contents of text messages. Verizon did for up to five days, a change from its earlier no-logs-at-all position, and Virgin Mobile kept them for 90 days. The carriers generally kept metadata such as the phone numbers associated with the text for 90 days to 18 months; AT&T was an outlier, keeping it for as long as seven years, according to the chart.

A review of court cases by CNET suggests that Justice Department document is out of date. While Sprint is listed as as not storing text message contents, the judge in Rhode Island noted that the company turned over "preserved text messages." And in an unrelated Connecticut case last year, a state judge noted that Sprint provided law enforcement with "text messages involving the phone numbers."

An e-mail message from a detective in the Baltimore County Police Department, leaked by Antisec and reproduced in a Wired article last year, says that Verizon keeps "text message content on their servers for 3-5 days." And: "Sprint stores their text message content going back 12 days and Nextel content for 7 days. AT&T/Cingular do not preserve content at all. Us Cellular: 3-5 days Boost Mobile LLC: 7 days"

Sprint and Verizon referred calls last week to CTIA - The Wireless Association, which declined to comment. So did the Justice Department. T-Mobile and AT&T representatives did not respond to a request for comment.

Katie Frey, a spokeswoman for U.S. Cellular, said:

Due to the volume of text messages sent by our customers every day, text messages are stored in our systems for approximately three to five days. The content of text messages can only be disclosed subject to a lawful request. We comply with every lawful request from authorities.

We have a dedicated team of associates who are available 24 hours a day, every day of the year, to handle requests for information in emergency situations. Law enforcement must be able to show that it's an emergency and complete an Exigent Circumstance Form prior to receiving data. If a situation is not an emergency, law enforcement must submit a lawful request to receive the data.

Over the past five years, U.S. Cellular has received more than 103,000 requests in the form of subpoenas, court orders, search warrants and letters regarding customers' phone accounts and usage.

Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation, said he would be skeptical of the need for a law mandating that text messaging data be retained.

"These data retention policies serve one purpose: to require companies to keep databases on their customers so law enforcement can fish for evidence," he said. "And this would seem to be done against the wishes of the providers, presumably, since...some of the providers don't keep SMS messages at all."
http://news.cnet.com/8301-13578_3-57...text-messages/





Border Agents’ Power to Search Devices Is Facing Increasing Challenges in Court
Susan Stellin

The government has historically had broad power to search travelers and their property at the border. But that prerogative is being challenged as more people travel with extensive personal and business information on devices that would typically require a warrant to examine.

Several court cases seek to limit the ability of border agents to search, copy and even seize travelers’ laptops, cameras and phones without suspicion of illegal activity.

“What we are asking is for a court to rule that the government must have a good reason to believe that someone has engaged in wrongdoing before it is allowed to go through their electronic devices,” said Catherine Crump, a lawyer for the American Civil Liberties Union who is representing plaintiffs in two lawsuits challenging digital border searches.

A decision in one of those suits, Abidor v. Napolitano, is expected soon, according to the case manager for Judge Edward R. Korman, who is writing the opinion for the Federal District Court for the Eastern District of New York.

In that case, Pascal Abidor, who is studying for his doctorate in Islamic studies, sued the government after he was handcuffed and detained at the border during an Amtrak trip from Montreal to New York. He was questioned and placed in a cell for several hours. His laptop was searched and kept for 11 days.

According to government data, these types of searches are rare: about 36,000 people are referred to secondary screening by United States Customs and Border Protection daily, and roughly a dozen of those travelers are subject to a search of their electronic devices.

Courts have long held that Fourth Amendment protections against unreasonable searches do not apply at the border, based on the government’s interest in combating crime and terrorism. But Mr. Pascal’s lawsuit and similar cases question whether confiscating a laptop for days or weeks and analyzing its data at another site goes beyond the typical border searches. They also depart from the justification used in other digital searches, possession of child pornography.

“We’re getting more into whether this is targeting political speech,” Ms. Crump said.

In another case the A.C.L.U. is arguing, House v. Napolitano, border officials at Chicago O’Hare Airport confiscated a laptop, camera and USB drive belonging to David House, a computer programmer, and kept his devices for seven weeks.

The lawsuit charges that Mr. House was singled out because of his association with the Bradley Manning Support Network. Pfc. Bradley Manning is a former military intelligence analyst accused of leaking thousands of military and diplomatic documents to the antisecrecy group WikiLeaks.

In March, Judge Denise J. Casper of Federal District Court in Massachusetts denied the government’s motion to dismiss the suit, saying that although the government did not need reasonable suspicion to search someone’s laptop at the border, that power did not strip Mr. House of his First Amendment rights. Legal scholars say this ruling could set the stage for the courts to place some limits on how the government conducts digital searches.

“The District Court basically said you don’t need individualized suspicion to search an electronic device at the border,” said Patrick E. Corbett, a professor of criminal law and procedure at Thomas M. Cooley Law School in Lansing, Mich. “What they were troubled with was the fact that the government held these devices for 49 days.”

Customs and Border Protection, part of the Department of Homeland Security, declined to discuss the policy in an interview, but a spokeswoman for the agency said in an e-mail: “Keeping Americans safe and enforcing our nation’s laws in an increasingly digital world depends on our ability to lawfully screen all materials — electronic or otherwise — entering the United States. We are committed to ensuring the rights and privacies of all people while making certain that D.H.S. can take the lawful actions necessary to secure our borders.”

The statement also referred to the agency’s policy on border searches of electronic devices, which says that officers can keep these devices for a “reasonable period of time,” including at an off-site location, and seek help from other government agencies to decrypt, translate or interpret the information they contain. If travelers choose not to share a password for a device, the government may hold it to find a way to gain access to the data.

The agency did provide recent statistics on how many travelers this policy affects. From Oct. 1, 2011, through Aug. 31, 2012, 11.9 million travelers were referred to secondary screening after entering the United States. Of those searches, 4,898 included an electronic device. In the previous year, 12.1 million people underwent additional screening, with 4,782 searches of electronic devices.

While there is little public information about who is pulled aside for extra scrutiny, some people whose laptops have been searched say they feel they were selected based on their academic, journalistic or political pursuits.

Laura Poitras, a documentary filmmaker and the recipient of a 2012 MacArthur Fellowship, estimates that she has been detained more than 40 times upon returning to the United States. She has been questioned for hours about her meetings abroad, her credit cards and notes have been copied, and after one trip her laptop, camera and cellphone were seized for 41 days.

Ms. Poitras said these interrogations largely subsided after a Salon article describing her experiences was published in April, but she is editing her latest film in Europe to avoid crossing the border with her research and interviews. (The film, the third in a series about the war on terror, focuses on domestic surveillance.)

“I’m taking more and more extreme measures, to the point where I’m actually editing outside the country,” she said. “They use the border as a way to get around the law.”

Mr. Abidor said he had also changed his travel patterns: because he is regularly detained at the border, he keeps little data on his laptop and rents a car when driving back to the United States from Canada, so he is not stranded waiting for the next train. Still, he said he experienced “a near panic attack” every time he returned to the United States.

“I have not done anything illegal, nor have I tried to hide anything I’ve done,” he said. “I’ve told them where I’ve traveled. I’m studying something that’s legal. I learned a language millions of people speak. I don’t understand how a variety of legal acts can lead to suspicion.”

Even when suspicion of illegal activity exists, it can be based on old records that do not display the nuances of a case when an individual’s passport is scanned. One traveler suspects his laptop was searched at the border because of a juvenile conviction — dating a 15-year-old when he was 17 landed him on the sex offender registry.

“I’m guessing they probably saw my record on their computer system,” he said, speaking on the condition that his name not be used. “It’s very unpleasant to know that people can pull it up, take it out of context and turn it into something horrible.”

In other cases, travelers say they have no idea why they were singled out. A laptop belonging to Lisa M. Wayne, a criminal defense lawyer, was searched after she returned from a trip to Mexico.

Ms. Wayne said her main concern was the information about clients’ cases stored on her laptop: she is a past president of the National Association of Criminal Defense Lawyers, which is a co-plaintiff in the Abidor suit, along with the National Press Photographers Association. But at the time of the search, she was unaware of her rights and felt pressured to hand over her computer.

“It was very clear to me that the longer I objected or interrogated them, the longer I was going to be detained, and I had a connecting flight,” she said. “It’s an intimidating experience. It was not consensual other than, you comply with the rules.”
https://www.nytimes.com/2012/12/04/b...nd-phones.html





No Warrant, No Problem: How the Government Can Still Get Your Digital Data

And you may never find out about it.
Theodoric Meyer and Peter Maass

The US government isn’t allowed to wiretap American citizens without a warrant from a judge. But there are plenty of legal ways for law enforcement, from the local sheriff to the FBI, to snoop on the digital trails you create every day. Authorities can often obtain your e-mails and texts by going to Google or AT&T with a simple subpoena. Usually you won’t even be notified. The Senate last week took a step toward updating privacy protection for emails, but it's likely the issue will be kicked to the next Congress. In the meantime, here’s how police can track you without a warrant now:

Stuff they can get

Phone records: Who you called, when you called

How they can get it: Listening to your phone calls without a judge's warrant is illegal if you're a US citizen. But police don't need a warrant—which requires showing "probable cause" of a crime—to get just the numbers you called and when you called them, as well as incoming calls, from phone carriers. Instead, police can get courts to sign off on a subpoena, which only requires that the data they're after is relevant to an investigation—a lesser standard of evidence.

What the law says: Police can get phone records without a warrant thanks to Smith v. Maryland, a Supreme Court ruling in 1979, which found that the Constitution's Fourth Amendment protection against unreasonable search and seizure doesn't apply to a list of phone numbers. The New York Times reported last week that the New York's police department "has quietly amassed a trove" of call records by routinely issuing subpoenas for them from phones that had been reported stolen. According to The Times, the records "could conceivably be used for any investigative purpose."

Location data: Your phone is a tracker

How they get it: Many cell phone carriers provide authorities with a phone's location and may charge a fee for doing so. Cell towers track where your phone is at any moment, and so can the GPS features in some smartphones. The major cell carriers, including Verizon and AT&T, responded to at least 1.3 million law enforcement requests for cell phone locations, text messages and other data in 2011. Internet service providers can also provide location data that tracks users via their computer's IP address—a unique number assigned to each computer.

What the law says: Many courts have ruled that police don't need a warrant from a judge to get cell phone location data. They only have to show that, under the federal Electronic Communications Privacy Act (EPCA), the data contains "specific and articulable facts" related to an investigation—again, a lesser standard than probable cause. Delaware, Maryland and Oklahoma have proposed laws that would require police to obtain a warrant for location data; Gov. Jerry Brown of California, a Democrat, vetoed a similar bill in September. Last week, the Senate Judiciary Committee approved a bill championed by Sen. Patrick Leahy (D-VT), to update the ECPA, but it would not change how location data is treated.

IP addresses: What computers you used

How they get it: Google, Yahoo, Microsoft and other webmail providers accumulate massive amounts of data about our digital wanderings. A warrant is needed for access to some e-mails (see below), but not for the IP addresses of the computers used to log into your mail account or surf the Web. According to the American Civil Liberties Union, those records are kept for at least a year.

What the law says: Police can thank US v. Forrester, a case involving two men trying to set up a drug lab in California, for the ease of access. In the 2007 case, the government successfully argued that tracking IP addresses was no different from installing a device to track every telephone number dialed by a given phone (which is legal). Police only need a court to sign off on a subpoena certifying that the data they're after is relevant to an investigation—the same standard as for cell phone records.

E-mails: Messages you sent months ago

How they get it: There's a double standard when it comes to e-mail, one of the most requested types of data. A warrant is needed to get recent e-mails, but law enforcement can obtain older ones with only a subpoena. Google says it received 7,969 requests for data—including e-mails sent through its Gmail service—from US law enforcement in the first half of 2012 alone. Other e-mail providers have not made similar statistics available.

What the law says: This is another area where the ECPA comes into play. The law gives greater protection to recent messages than older ones, using a 180-day cutoff. Only a subpoena is required for e-mails older than that; otherwise, a warrant is necessary. The Leahy bill would require a warrant to get all e-mails regardless of age.

E-mail drafts: Drafts are different

How they get it: Communicating through draft e-mails, à la David Petreaus and Paula Broadwell, seems sneaky. But drafts are actually easier for investigators to get than recently sent e-mails because the law treats them differently.

What the law says: The ECPA distinguishes between communications—e-mails, texts, etc.—and stored electronic data. Draft e-mails fall into the latter, which get less protection under the law. Authorities need only a subpoena for them. The Leahy bill would change that by requiring a warrant to obtain them.

Text messages: As with e-mails, so with texts

How they get it: Investigators need only a subpoena, not a warrant, to get text messages more than 180 days old from a cell provider—the same standard as e-mails. Many carriers charge authorities a fee to provide texts and other information. For texts, Sprint charges $30, for example, while Verizon charges $50.

What the law says: The ECPA also applies to text messages, according to Hanni Fakhoury, a lawyer with the Electronic Frontier Foundation, which is why the rules are similar to those governing e-mails. But the ECPA doesn't apply when it comes to actually reading texts on someone's phone rather than getting them from a carrier. State courts have split on the issue. Ohio's Supreme Court has ruled that police need a warrant to view the contents of cell phones of people who've been arrested, including texts. But the California Supreme Court has said no warrant is needed. The US Supreme Court in 2010 declined to clear up the matter.

Cloud data: Documents, photos, and other stuff stored online

How they get it: Authorities typically need only a subpoena to get data from Google Drive, Dropbox, SkyDrive, and other services that allow users to store data on their servers, or "in the cloud," as it's known.

What the law says: The law treats cloud data the same as draft e-mails—authorities don't need a warrant to get it. But files that you've shared with others—say, a collaboration using Google Docs—might require a warrant under the ECPA if it's considered "communication" rather than stored data. "That's a very hard rule to apply," says Greg Nojeim, a senior counsel with the Center for Democracy and Technology. "It actually makes no sense for the way we communicate today."

Social media: The new privacy frontier

How they get it: When it comes to sites like Facebook, Twitter and LinkedIn, the social networks' privacy policies dictate how cooperative they are in handing over users' data. Facebook says it requires a warrant from a judge to disclose a user's "messages, photos, videos, wall posts, and location information." But it will supply basic information, such as a user's e-mail address or the IP addresses of the computers from which someone recently accessed an account, under a subpoena. Twitter reported in July that it had received 679 requests for user information from US authorities during the first six months of 2012. Twitter says that "non-public information about Twitter users is not released except as lawfully required by appropriate legal process such as a subpoena, court order, or other valid legal process."

What the law says: Courts haven't issued a definitive ruling on social media. In September, a Manhattan Criminal Court judge upheld a prosecutor's subpoena for information from Twitter about an Occupy Wall Street protester arrested on the Brooklyn Bridge in 2011. It was the first time a judge had allowed prosecutors to use a subpoena to get information from Twitter rather than forcing them to get a warrant; the case is ongoing.
http://arstechnica.com/tech-policy/2...-digital-data/





Patriot Act Can "Obtain" Data in Europe, Researchers Say
Zack Whittaker

European data stored in the "cloud" could be acquired and inspected by U.S. law enforcement and intelligence agencies, despite Europe's strong data protection laws, university researchers have suggested.

The research paper, titled "Cloud Computing in Higher Education and Research Institutions and the USA Patriot Act," written by legal experts at the University of Amsterdam's Institute for Information Law, support previous reports that the anti-terror Patriot Act could be theoretically used by U.S. law enforcement to bypass strict European privacy laws to acquire citizen data within the European Union.

The Patriot Act, signed into law in 2001, granted some new powers to U.S. authorities, but it was mainly a "framework law" that amended and strengthened a variety of older laws, such as the Foreign Intelligence Services Act (FISA) and the Electronic Communications Privacy Act (ECPA).

"Most cloud providers, and certainly the market leaders, fall within the U.S. jurisdiction either because they are U.S. companies or conduct systematic business in the U.S.," Axel Arnbak, one of the authors of the research paper, told CBS News.

"In particular, the Foreign Intelligence Surveillance Amendments (FISA) Act makes it easy for U.S. authorities to circumvent local government institutions and mandate direct and easy access to cloud data belonging to non-Americans living outside the U.S., with little or no transparency obligations for such practices -- not even the number of actual requests."

This holds true for requests targeted at non-U.S. individuals and for entire business records, he added.

Dutch vice-chair of the European Parliament's civil liberties committee Sophie in 't Veld welcomed the research, adding that it "provided further evidence" to support the theory.

She told CBS News, however, that the European Commission's proposals for new data protection rules will not solve the potential conflicts posed by third country law and the lengthy period of time in which EU laws become ratified, "would not be a reason to let the situation be for several years to come."

Information security, privacy and data protection lawyer Bryan Cunningham, who worked under both democratic and republican administrations, most recently as deputy legal advisor to former U.S. National Security Advisor Condoleezza Rice under President George W. Bush, told CBS News that this "important report" should "help correct a widespread post-9/11 misconception," that the Patriot Act and related legislation, "provided vast new powers for the U.S. government to gain access to sensitive communications and data of non-U.S. persons."

The research resurfaces questions about the security and sovereignty of citizen and government data in an ever-connected global and borderless online world. It also supports a ZDNET report that European data protection rules do not protect EU citizens' data against extra-territorial third country law, such as that of the United States.

Months after the research was published, Microsoft U.K. managing director Gordon Frazer was the first to publicly admit that the software giant could not guarantee that European citizen data stored in EU-based data centers would not leave the European Union under any circumstances, including under a Patriot Act request.

"Neither can any other company," Frazer noted.

Frazer's disclosure triggered outrage among politicians in the European Parliament. Subsequently a number of European member state governments began to question their own cloud service provisions, and in some cases banned U.S. providers from offering IT and computing services in their countries.

U.K.-based defense giant BAE Systems in the past year reneged on plans to adopt Microsoft's cloud-based services, citing fears that critical national defense secrets could land in U.S. hands.

The Dutch government is also investigating a potential conflict with third country law in regards to personal citizen passport data. Dutch social-liberal party D66 raised questions in the country's parliament after suspicions arose that U.S. authorities could potentially access Dutch fingerprint and facial scans for passports because the North Holland-based company Morpho is owned by parent company Safran, which conducts systematic business in the U.S."

U.S. jurisdiction "extends to companies"

Cloud computing is the storing of documents, photos, music and files online. Governments, in possession of citizen data along with their own national security secrets, are increasingly utilizing cloud services for internal government communications, hosting documents and enabling the sharing of vast amounts of data between government departments.

Companies, schools and universities that wish to keep their data in their home jurisdiction -- governments, most of all -- the cloud poses a new set of risks.

Because most major cloud providers, such as Apple, Amazon, Google and Microsoft, are based in the U.S., the study was focused on the provisions under U.S. law, particularly in reference to the Patriot Act, signed in 2001, and the Foreign Surveillance Intelligence Act (FISA), originally signed into law in 1978 and last amended in 2008 by Congress.

The researchers explain that businesses, schools and universities located outside the United States -- including foreign governments -- which use cloud services offered by a company that conducts business in the U.S., could be forced by U.S. law enforcement to transfer data to U.S. territory for inspection by law enforcement agencies.

"In the U.S. legal framework, there is a legal doctrine called 'extra-territorial jurisdiction'. This implies that cloud providers operating anywhere in the EU, or anywhere in the world for that matter, have to comply with data requests from U.S. authorities as soon as they fall under U.S. laws," said Arnbak.

"These laws, including the Patriot Act, apply as soon as a cloud service conducts systematic business in the United States. It's a widely held misconception that data actually has to be stored on servers physically located in the U.S."

If they are forced to hand over EU-stored data back to the U.S., the company could be found in breach of EU law, even if is covered by both EU and U.S. legal jurisdictions.

"The key criterion in this respect is whether the cloud provider conducts systematic business in the United States, for example because it is based there or is a subsidiary of a U.S.-based company that controls the data in question," the researchers write.

Because non-U.S. residents are not protected from unwarranted searches under the Fourth Amendment, the researchers warn that this "gives the U.S. government entities concerned the statutory power to gather data on a large scale about non-U.S. citizens located abroad. And, legal protection under specific U.S. laws applies primarily to U.S. citizens and residents."

However, under FISA -- amended by the Patriot Act in October 2001, just a month after the September 11 terrorist attacks -- foreigners were not the only group immune to unwarranted searches, the Fourth Amendment notwithstanding.

"The Bush administration had intercepted the communications of Americans without obtaining a judicial warrant. The New York Times had carried reports on this from late 2005," the researchers write.

The Patriot Act also added powers to FISA which, "enables the FBI to request access to business records for an investigation into espionage and terrorism involving both U.S. and non-U.S. persons."

However, while the researchers warn that U.S. law extends beyond the reach of its borders, figures relating to requests do not exist in the public domain.

The common misconception, according to the researchers, is that FISA gives the U.S. "unrestricted" or "unprecedented" access to data outside the country. FISA warrants do go through a "special court known as the Foreign Intelligence Surveillance Court (FISC)." The role of the court is to, "review the acquisition of intelligence information in this way if U.S. government entities require the assistance of electronic communication service providers for this purpose."

This keeps highly sensitive requests for foreign data, under the premise of keeping terrorism-scale investigations secret, out of the public eye. Because FISA courts hold national security secrets and details of ongoing terrorism investigations, the researchers say the data can't and shouldn't be published.

"Given the nature of intelligence work, it is not possible to gain insight into actual requests for information by the U.S. authorities, other than a description of the general legal framework," the researchers write.

EU citizens "at risk" from FISA, Patriot Act

While most Americans are aware of the Patriot Act and its wide-ranging provisions for domestic security, its role outside the U.S. border remains widely unknown.

While the researchers focused their efforts on the data protection of cloud users in higher education in the Netherlands, in speaking to CBS News, Arnbak warned that the concern over the ability of third countries accessing data stored in the European Union was not limited to the Netherlands, but that it "certainly" extends to the 27 member state bloc, and even outside the European Union.

"The risk of data access by U.S. authorities to cloud data is realistic, and should form an integral part in any decision making process to move data into the cloud," he said.

Because the Netherlands is a member of the European Union, the country's data protection laws originally stemmed from a wider directive from the European Commission.

Ratified in 1995, the EU Data Protection Directive must have been subsequently implemented into the legal systems of all member states by 1998. Therefore, every EU member state has the same foundation framework for data protection and privacy as each other, giving member state governments to expand upon the base principles and allowing data to freely flow across member states' borders, just as EU citizens have the right to do.

"This concerns anyone with an interest in autonomy and control over access to data -- governments, businesses, non-profits and consumers alike. That's why the current debate on electronic heath records in The Netherlands is both fascinating and very serious. It appears that nobody has looked into this risk, before investing millions of taxpayers money to build these systems," Arnbak said.

He noted that businesses and governments alike, despite the additional costs, should consider in-house solutions instead of moving to the cloud. "If data is processed in-house, institutions will at the very least know of such investigations at an early stage."

Cunningham says, "There remains no credible way -- short, perhaps, of end-to-end encryption with the data provider holding the only key -- to assure confidentiality and security for cloud-stored data, whether stored in the United States or elsewhere."

"Governments and institutions seeking such privacy and security protections should, at least for now, stick to storing their own data or, perhaps, implementing national cloud solutions with robust privacy and security protections."

Because the U.S. government has "ample possibilities to request data from foreign (in this case Dutch) users of the cloud," the researchers claim, "it grants [authorities] to retrieve information on a large scale, including access to complete data sets."

"In other words, these agencies may obtain information not only about a student who could pose a threat to U.S. national security but also about a student who makes an appointment in good faith through email with a person suspected by U.S. authorities of drug trafficking," the researchers assert.

But this also extends outside the Netherlands to countries both in and outside the European Union. "From the U.S. legal perspective, Dutch users of cloud-based computing services therefore enjoy the same degree of [U.S.] constitutional protection as North Koreans," the study says.

However, the U.S. is not alone with laws reminiscent of FISA or the Patriot Act. The researchers note that such wide-ranging provisions able to access cloud-stored data outside of their respective jurisdictions are not limited to the U.S. And continue to say, "Other nation states, including the Netherlands, have comparable provisions in place for access to data in the context of law enforcement and national security."

For instance, the report notes the Dutch Intelligence and Security Services Act, which give the Dutch security and intelligence services, "the power to process the personal data of a wide range of persons." One of the sections of the law specifically carries FISA-like provisions in the Netherlands, which, "authorizes them to carry out, using a technical aid, targeted tapping, reception, recording and interception of any form of conversation, telecommunication or data transfer by means of an automated activity, irrespective of where this takes place."

Similarly, the Canadian Anti-Terrorism Act "replicates" much of the provisions in the U.S.' Patriot Act. Ontario's Information and Privacy Commissioner Ann Cavoukian said in a recent report that the Act's provisions are part of the normal data-sharing process between governments.

"You can outsource services, but you cannot outsource accountability," Cavoukian says.

"Legal provisions regulating data access for intelligence and law enforcement purposes will exist in all democracies," Arnbak says.

Cunningham warns that large, multinational, private cloud companies could pose a greater risk to private and sensitive citizen data than governments.

"Many intelligence services around the world, particularly in non-democratic countries, have no effective legal restrictions whatsoever, and are aggressively collecting massive amounts of sensitive personal, government, and commercially valuable information around the world," Cunningham says.

"Particularly with the rise of large, lightly-regulated cloud data storage providers, private, multinational companies actually may have more access to sensitive, personal data than national governments." Cunningham continues to say, such firms "assert far more authority to combine and data-mine such data for their own purposes than would the government be permitted under U.S. law."

"And, whether or not such companies would intend to misuse such data, they are far from immune from ill-motivated insiders and external hacking activities, by individuals, criminal groups, and foreign governments."

As a result, many countries can also theoretically acquire data stored by companies in another country without a mutual legal assistance request -- used by governments to request help in obtaining evidence from another jurisdiction to assist in investigations in another -- if the company is required by that country's domestic law to assist, in spite of any protection offered by a third country's legal system.

This could include cloud-stored medical data, financial information provided by banks, and business documents or corporate secrets, all the way down to an ordinary user's cloud-stored iTunes music collection or the cloud-stored photos taken on a recent vacation.

Because the U.S. is home to the global powerhouses that run major cloud services -- not limited to Apple, Amazon, Google and Microsoft -- the research increases the scope of relevance to cloud users. Conversely, the report notes that the company may not have to be headquartered in the U.S. to be supposedly susceptible to a data access request.

"If a company has a subsidiary or branch in the United States, it may be assumed that such jurisdiction exists, but jurisdiction may also exist in other more complex cases," the researchers assert.

Authorities, however, are more likely to be interested in the electronic communications between two or more persons, rather than a citizen's recent holiday photos.

In the case of cloud-stored email, which many businesses, schools, universities and ordinary citizens use, this can be hosted by an EU-based subsidiary of a U.S.-based parent company. U.S. residents enjoy not only Fourth Amendment protection from unwarranted searches, but also additional protection from the Electronic Communications Privacy Act (ECPA) and the Stored Communications Act (SCA), which regulates the U.S. government's access to electronically stored data, such as email, in criminal investigations.

One of the strongest legal protections, the researchers note, under the SCA is the provision that requires U.S. authorities to request a search warrant from a judge, based on grounds of reasonable suspicion, if email is less than 180 days old. This law recently came to light after the recent resignation of Gen. David Petraeus, the former director of the Central Intelligence Agency. A warrant from only a federal prosecutor is required to acquire emails that are older than six months.

However, if U.S. federal authorities requested foreign citizen data, they would not receive protection under the Fourth Amendment, nor would the receive any protection from the ECPA or the SCA, because, "the position remains that if a person whose records have been requested is not a U.S. person and is not located in the United States, he cannot invoke the protection of the Fourth Amendment," the research states.

The academics warn that, while in some cases, contracts can be offered to cloud customers; these do not override judicial requests by third countries. "The possibility that foreign governments request information is a risk that cannot be eliminated by contractual guarantees."

Did EU laws ever protect against third country snooping?

The EU's Data Protection Directive 1995 states that EU personal data may only be transferred outside the 27 member state bloc if that country provides guarantees that the data will be given an adequate level of protection.

Data stored in the European Union freely flows to the U.S. so long as the company or government department receiving the data adheres to the EU's Safe Harbor Principles, which were set up between the U.S. government and the European Union after the EU data and privacy laws were first ratified in 1995. The rules help U.S. recipients of EU observe basis EU data protection rules in order to prevent data loss or accidental data disclosure by U.S. companies receiving EU data.

However, the Patriot Act, signed into law in 2001, granted some new powers to U.S. authorities, but it was mainly a 'framework law' that amended and strengthened a variety of older laws, such as FISA and ECPA. The 2001 Act has since been amended numerous times to extend its powers. FISA, which provides authorities to acquire cloud-stored data in foreign countries and jurisdictions, was first signed into law in 1978, and has also been amended numerous times to keep up to date with current technological trends.

While suggesting that the Patriot Act's bypassed the protection of European data by the EU Data Protection Directive, allowing data to be potentially transferred outside the EU via a U.S.-based company, one former U.S. government lawyer noted that the Patriot Act did not substantially change how the U.S. government acquires data for intelligence purposes.

ZDNET's report suggests that the Patriot Act's "negated" the protection of European data by the EU Data Protection Directive, allowing data to be potentially transferred outside the EU via a U.S.-based company. Politicians in the European Union raised questions over laws that may affect their own nation's legal system.

Cunningham told CBS News that with appropriate judicial or other government procedures, "U.S. law enforcement and security authorities remain, as they were before the Patriot Act, able to lawfully collect both the substance of electronic communications and telephone toll, e-mail, and other business records, both of U.S. persons and those of other countries, without resort to mutual legal assistance or other international agreements and procedures."

"This is particularly true when such data is held by companies physically located in, or with substantial business connections to, the United States," he continues.

U.K., Netherlands raise concerns over cloud legal issues

There are already existing agreements and data-sharing arrangements between EU member states and non-member states, such as the U.S., the issues relating FISA and the Patriot Act notwithstanding. Without it, most Europeans would not even be allowed to step on an airplane bound for the U.S.

Mutual legal assistance (MLA) agreements exist between various nations, which conform with EU data protection and privacy laws, in order assist nations outside both within and outside the 27 member state bloc in criminal investigations. For instance, the U.S., Australia, or any other country with an MLA agreement with the Netherlands can request data on a Dutch citizen data, just as the Netherlands can in return.

"If U.S. government agencies have no jurisdiction over an entity operating in the Netherlands, they may submit a request for mutual assistance under such agreements," the researchers state.

"But in the borderless cloud, in which activities are in the U.S., there is "no clear obligation under U.S. law for the U.S. government to rely on such agreements when seeking access to data on non-U.S. persons."

Also, passenger name record (PNR) data sharing agreements between the EU and Australia, Canada and the U.S., not only allow citizens to travel between those countries, but also help those authorities fight transnational crime.

PNR data includes personal and sensitive citizen data, such as their name, gender, date of birth and nationality. It can also include "racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership or concerning the health or sex life," according to the European Commission, but notes that PNR data "rarely contain sensitive data of this kind."

When the EU-U.S. PNR agreement came up for renewal, in 't Veld was appointed the "rapporteur," or the person chosen by the European Parliament to investigate the agreement. After many months of negotiations, with the previously debated EU-Australia PNR agreement set as an "acceptable" agreement, in her words, in 't Veld ultimately recommended that the European Parliament reject the EU-U.S. PNR deal citing privacy fears relating to the disclosure of EU citizen data to U.S. authorities.

The U.S.-EU PNR agreement passed with a significant minority opposing the deal, but by the she had distanced herself from the report that she recommended should be rejected.

"The U.S. may also use the data for other, less-explicitly defined purposes such as immigration and border controls," she warned in her findings.

"The decision of the European Parliament does not reflect my recommendation. Therefore I choose to distance myself from it." If the agreement was not signed, it may have meant "the visa privileges for European travellers to the U.S. fell," in 't Veld noted, or the disallowing of EU citizens to travel to the U.S.

Beyond the European Parliament, other EU member states are warning their respective parliaments and governments that the reach of third country laws could extend beyond their reach as a result of the borderless "cloud."

The U.K. parliament recently outlined its plans to move to the cloud, but worries regarding the Patriot Act spurred on two opposition members of Parliament to question the proposals.

John Thurso, chair of the U.K. Parliament's Finance and Services Committee, suggested in a recent debate in the U.K.'s House of Commons discussing the cost-efficiency of Parliament, that all parliamentary members should "move to a more cloud-based system." (The full video can be found on the BBC's Democracy Live Web site.)

However, another politician interjected, who mentioned that committee members are currently using iPads, stated that they "cannot put information on the cloud on the basis that servers for Apple products are based in the U.S. and therefore covered by the Patriot Act."

Thurso retorted: "The committee is not yet engaged on the Patriot Act." Former minister under the previous Labour government Angela Eagle, who was responsible for the early planning of the 2011 census, also questioned Thurso to "ensure when we do get a cloud finally, its storage will be in the U.K."

In the Netherlands, the government is under increasing scrutiny over unrest surrounding the country's electronic patient records system.

The patient records are operated by a Dutch subsidiary of U.S. parent company CSC, though the data is stored on servers in the Netherlands. However, VZVZ director Edwin Velzel, whose company is behind the setting up of the system, told Dutch television earlier this month that unless CSC can give assurances that it is not subject to the Patriot Act, the contract will be withdrawn.

Arnbak highlighted possible problems with the Dutch passport system. He told CBS News in an email: "In order to obtain a passport, all Dutch citizens need to provide fingerprints to the government. Morpho, a company that falls under U.S. jurisdiction, was contracted to process these fingerprints, which are thus stored somewhere in the cloud and within reach of U.S. authorities under the Patriot and FISA Acts."

"When this hit the news in the Netherlands, it logically caused considerable social unrest," he said.

Dutch Home Affairs minister Liesbeth Spies said in a briefing to members of the Dutch parliament that she could not rule out U.S. authorities accessing Morpho's database of passport data.

In 't Veld told CBS News that the governments who have been confronted such issues "tend to deny the problem, or -- when they can no longer deny it -- just duck the issue by making vague promises about 'speaking to the U.S. authorities.'"

"Frankly, I wouldn't know what there is to discuss. The only relevant question is: do European and [member state] authorities feel responsible for enforcing EU law on EU territory, and protecting EU citizens, or do they not?"

Europe's next steps: Secure the European cloud

The potential conflicts between U.S. anti-terror laws and EU data protection law, as described by the researchers at the University of Amsterdam could be solved with the upcoming EU Data Protection Regulation, which was proposed by the European Commission in January.

Speaking in the European Parliament's upper house chamber earlier this year, EU Justice Commissioner Viviane Reding noted there was not enough clarity in the existing data protection and privacy laws, and that the final any international disputes regarding the impact of third country legislation on EU laws would be up to the International Court of Justice, the so-called "World Court," in The Hague.

But, she said, she was confident that the draft Data Protection Regulation, published earlier this year in January, would "bring further legal clarity."

Some members of the European Union's upper house, the European Parliament remain skeptical that the new "one-size-fits-all" law will not offer sufficient protections against U.S. or any other third country law.

In 't Veld, who has been particularly vocal in the European Parliament regarding data protection and concerns of third country law impacting European citizens, told CBS News that the European Commission continues to deny the potential conflict between the two continents.

"I do not think it will lead to a change in policies in the short term. The problem is not that governments and the Commission are not aware of the problem. We have brought it to their attention ad nauseam. The real problem is they have no interest in addressing it."

In 't Veld noted in a 2011 letter to Reding that, "EU based companies are currently facing U.S. subpoenas under the Patriot Act." She added: "They are obliged to submit data stored in Europe to U.S. authorities, thereby probably violating EU laws." Because these firms have operations in the U.S., she described it as "very difficult" for them to refuse to comply with a U.S. subpoena.

"I really wonder if the authorities will be just as lax when they realize other countries can and will do the same -- China, for example. The passivity of Commission and [member state] governments sets a very bad precedent. They are failing their citizens."

A European Commission spokesperson told CBS News in an emailed statement: "The high standards which we give to our citizens must also be transferred when there is an exchange of data with third countries."

"We in the Commission take this question very seriously, because the Commission believes and supports the principle that, in international public law, a legal act which is enacted by a third country cannot be directly and automatically applied in the territory of the EU unless -- exceptionally -- Union law or Member State law explicitly recognises the facts of such an act in their respective jurisdiction."

The Commission also explained that existing legal channels -- such as mutual legal assistance requests -- must be used:

"No legal acts of a third country as such can legally overrule the relevant EU legislation or Member State legislation, and this includes data protection rules. Any processing of personal data in the EU has to respect the applicable EU data protection law. If, for example, a U.S. law enforcement authority requires information from companies operating in the European Union, whatever the nationality of those companies, they have to use existing channels of cooperation and mutual legal assistance agreements."
"This issue also applies when personal data are transferred by an EU company to a company in the U.S. and when the data are subsequently processed for law enforcement purposes."

Arnbak argues that a real solution to the concern over third country laws can only be found at an international legal and political stage.

"It is important to realize that government access to cloud data is not a data protection issue," Arnbak says. "Having to comply with a data access request from the government is not something that you can exclude yourself from in a legal contract: you either comply as a cloud provider, or you face prosecution."

"The fact that the important cloud providers of today will have to comply with U.S. legal requirements, while non-Americans living outside the U.S. cannot claim the legal protection that their domestic law provides for, constitutes a gap in legal protection that can only be solved by governments engaging with each other at the international level."

Arnbak resonated in 't Veld's concerns about the cloud. He said that the European Commission should be, "open and frank about the wide gap in legal protection for Europeans in the U.S. cloud and either demand that these concerns are addressed through an EU-U.S. approximation of laws, or stimulate alternatives that lower the dependency of European customers on U.S. entities."
http://www.cbsnews.com/8301-205_162-...searchers-say/





EU Resists ‘Extreme’ US Lobbying As Data Privacy War Brews

Exclusive: US officials try to alter and delay EU data privacy reform, sources tell TechWeekEurope, but Commission stands firm
Tom Brewster

The US government has shocked the European Commission with its level of lobbying on the latter’s plans to overhaul the continent’s data privacy laws, but the commission is not wavering on even the most controversial aspects of its plans, TechWeekEurope understands.

The EC is trying to update privacy laws first made in 1995 and, somewhat confusingly, has proposed a fresh regulation and a directive. If the regulation is passed, European states will have to enact the regulation in their laws, while they have the option to adjust the language of the directive.

The EC’s proposed provisions include a “right to be forgotten”, which establishes citizens’ right to have their data deleted from the Internet, as well as significantly larger fines for cases where data is mishandled. However, these proposals have attracted scorn from some directions, including American firms, and the US government.

TechWeekEurope previously revealed that Facebook and the US Chamber of Commerce, backed by the US government, have been actively seeking to persuade the Commission to ditch certain aspects of the planned laws.

Facebook in particular has strong objections to the right to be forgotten, claiming it “raises many concerns with regard to the right of others to remember and to freedom of expression”. Facebook would much rather people didn’t delete data from the site, partly because that information allows for more targeted ads on the site – a chief source of the company’s revenue.

US ‘wanted to delay data privacy reform’

The US government has now gone even further than those two American behemoths. According to sources within the Commission, the US was in direct contact with members of the commission as soon as the proposals were drawn up, and now wants to delay the reforms.

US officials sent briefing materials to director generals of the EC during what is known as Interservice Consultation – a procedure “normally purely internal to the Commission, which takes place before Commissioners take a political decision on a proposal”, sources told TechWeekEurope.

“The Commission’s political level – the 27 Commissioners – did not allow the lobbying to interfere with the proposals. Calls for postponing the reform substantially or for lowering its level of ambition were rejected,” they added.

“The strong interest in the US on our reform proposals confirms that Europe is the world player and standard setting in the field of data protection regulation. What Europe does will sooner or later be followed by other continents. It is a sign that in the field of data protection, Europe is already a super power.”

Despite rumours that the right to be forgotten was going to be scrapped, the sources said it was already enshrined in existing rules, but the new regulations would “further clarify this right”.

As for the additional fining powers, which would allow data privacy watchdogs like the UK’s Information Commissioner’s Office (ICO) to fine companies as much as two percent of their annual turnover for a breach of the law, the EC is also standing firm.

In a speech yesterday, Viviane Reding, EU justice commissioner, said tough fines were needed. “If we have weak sanctions, then it weakens the one-stop-shop, it weakens the consistency mechanism and it weakens the ability of businesses to operate in the digital single market,” Reding said. “Promoting growth requires a robust administrative sanction system.”

Onlookers remain concerned at the level of US input, from both public and private organisations, however. Many are calling on European member states to join the Commission in taking a hard line.

“The scale of lobbying by the US government and corporations is extreme. Data privacy in the USA is largely unregulated, and general rights are only given through terms and conditions,” Jim Killock, executive director of the Open Rights Group, told TechWeekEurope.

“There is a huge incentive for the US and companies like Facebook, Yahoo and Google to reduce the rights of UK citizens by trying to water down the regulation. What we need is for the British government to stand up for our citizens, and argue for user control of their data, instead trying to limit the proposal as much as possible.”

In the UK, MPs and Lords of the Justice Committee said the EU needed to “go back to the drawing board” and “devise a regime which is much less prescriptive”.

The actual laws won’t come into being until 2015 at the earliest. But it appears a war over data privacy, with the Commission on one side and heavyweights in both government and private sector spheres on the other, is heating up.
http://www.techweekeurope.co.uk/news...acy-war-100999





Adoption of Traffic Sniffing Standard Fans WCIT Flames
Alissa Cooper, Emma Llansó

The telecommunications standards arm of the U.N. has quietly endorsed the standardization of technologies that could give governments and companies the ability to sift through all of an Internet user’s traffic – including emails, banking transactions, and voice calls – without adequate privacy safeguards. The move suggests that some governments hope for a world where even encrypted communications may not be safe from prying eyes.

At the core of this development is the adoption of a proposed international standard that outlines requirements for a technology known as "Deep Packet Inspection" (DPI). As we’ve noted several times before, depending on how it is used, DPI has the potential to be extremely privacy-invasive, to defy user expectations, and to facilitate wiretapping.

The adoption of this standard, officially known as "Requirements for Deep Packet Inspection in Next Generation Networks," or "Y.2770" came to light last week during the World Telecommunication Standardization Assembly (WTSA), an international meeting held every four years in which the standards-setting body of the U.N.'s International Telecommunication Union, known as the ITU-T, charts the course of its work. Like most ITU working documents, drafts of the standard are locked behind a password wall and not available to the public. While the final standard will eventually be published, the fact that no draft versions are made publicly available at any point in the process illustrates the lack of transparency of the ITU-T in contrast to other leading global standards organizations.

Although the upcoming WCIT has been garnering all the attention lately, the global telecom confab in Dubai actually began last week at WTSA. The approval of the DPI standard provides new evidence of the dangers of WCIT proposals related to mandatory standards and cybersecurity.

Standard Procedure?

The ITU-T DPI standard represents a fairly typical early step in the process of standardizing a technology: the standards participants first agree on what the technology should do before they decide how the technology should work. As such, the ITU-T DPI standard doesn’t specify exactly how DPI systems should function. But even so, several of the requirements create a real cause for concern, especially in light of WCIT proposals that would make some ITU-T Recommendations mandatory, or transfer authority over cybersecurity matters to the ITU.

The ITU-T DPI standard holds very little in reserve when it comes to privacy invasion. For example, the document optionally requires DPI systems to support inspection of encrypted traffic “in case of a local availability of the used encryption key(s).” It’s not entirely clear under what circumstances ISPs might have access to such keys, but in any event the very notion of decrypting the users’ traffic (quite possibly against their will) is antithetical to most norms, policies, and laws concerning privacy of communications. In discussing IPSec, an end-to-end encryption technology that obscures all traffic content, the document notes that “aspects related to application identification are for further study” – as if some future work may be dedicated to somehow breaking or circumventing IPSec.

Several global standards bodies, including the IETF and W3C, have launched initiatives to incorporate privacy considerations into their work. In fact, the IETF has long had a policy of not considering technical requirements for wiretapping in its work, taking the seemingly opposite approach to the ITU-T DPI document, as Germany pointed out in voicing its opposition to the ITU-T standard earlier this year. The ITU-T standard barely acknowledges that DPI has privacy implications, let alone does it provide a thorough analysis of how the potential privacy threats associated with the technology might be mitigated.

These aspects of the ITU-T Recommendation are troubling in light of calls from Russia and a number of Middle Eastern countries to make ITU-T Recommendations mandatory for Internet technology companies and network operators to build into their products. Mandatory standards are a bad idea even when they are well designed. Forcing the world’s technology companies to adopt standards developed in a body that fails to conduct rigorous privacy analysis could have dire global consequences for online trust and users’ rights.

Ironically, although the document contemplates that network operators would decrypt user traffic in order to inspect it, the document’s security considerations specify that information extracted via DPI “is required to be protected,” and that modification, theft, or loss of such information “may make it unusable for the DPI operations.” The idea that adding DPI to a network creates a potential security risk for users – not just for network operators – is utterly absent. In general, the security requirements appear to be very generic, specifying what information needs to be protected without specifying the standards to be used for authentication, confidentiality, or integrity protection. Adding DPI to a network creates a significant new attack vector; thorough threat modelling and mitigation at the standardization phase are more than appropriate – they’re absolutely necessary.

WCIT proposals from the Arab States and Africa would seek to create new authority over cybersecurity matters within the ITU, and we’ve previously explained the drawbacks of this approach. If the technical work produced by the ITU-T fails to acknowledge basic user interests in network security – and to specify comprehensive, robust mitigations against security threats – it further highlights the grave problems with trying to address cybersecurity through a closed, centralized body where ultimate authority rests with regulators and where technical experts and advocates cannot even access draft specifications.

It’s not clear whether companies will build new DPI equipment to meet the ITU-T requirements or what further DPI standards the ITU-T will approve. Regardless, the standard approved at WTSA provides further evidence of why proposals for mandatory standards and new cybersecurity authority should be struck down next week in Dubai.
https://www.cdt.org/blogs/cdt/2811ad...ns-wcit-flames





Tor Operator Charged for Child Porn Transmitted Over His Servers

Austrian man is latest to be held responsible for traffic passing through Tor.
Dan Goodin

An Austrian operator of Tor servers—that were used to anonymously route huge amounts of traffic over the Internet—has been charged with distributing child pornography. This comes after police detected illegal images traversing one of the nodes he maintains.

William Weber, a 20-year-old IT administrator in Graz, Austria, said nine officers searched his home on Wednesday after presenting him with a court order charging him with distribution and possible production of child pornography. The crimes carry penalties of as many as 10 years in prison. Police from the Styrian Landeskriminalamt, which has jurisdiction over the Austrian state of Styria, confiscated 20 computers as well as a game console, iPads, external hard drives, USB thumb drives, and other electronics. Evidence cited in the document showed that one of seven Tor Project exit nodes he operated transported illegal images.

"My storage cubes (HP MicroServers) were confiscated without any regard for the hardware—the power cords were simply ripped out instead of properly shutting them down," he wrote in a blog post published Thursday morning. "After finishing the search in my living room, they continued in my bedroom, where they confiscated my legal firearms, as well as my cable TV receiver and my Xbox 360. Despite my statement that all firearms and ammunition were legally owned and registered, having passed all background checks, this was doubted by one of the LKA officers due to the caliber."

Short for the onion router, Tor was designed by the US Naval Research Laboratory as a way to cloak the IP addresses and contents of people sending e-mail, browsing websites, and doing other online activities. It is regularly used by political dissidents, journalists, law enforcement officers, and criminals who want to keep their online activities private. Tor works by encrypting a user's Internet traffic multiple times and funneling it through a dedicated server with its own IP address. The data is then passed to a second server, which decrypts one layer of the encryption before passing it to a third server. At that point the data is converted to its original form and sent to its final destination. Tor's onion-like architecture makes it infeasible for the contents to be intercepted by third parties, except by those monitoring an exit node. Even then, it's hard to know where the traffic originated.

Weber isn't the first operator of a Tor node to land in hot water as a result of the traffic traversing his server. In 2007, German police raided the home of a Dusseldorf man after bomb threats allegedly passed through his Tor server. Last year, a separate Tor operator said police confiscated hardware and software after someone misused his exit node.

During interview with police later on Wednesday, Weber said there was a "more friendly environment" once investigators understood the Polish server that transmitted the illegal images was used by Tor participants rather than by Weber himself. But he said he still faces the possibility of serious criminal penalties and the possibility of a precedent that Tor operators can be held liable if he's convicted.

"Sadly we have nothing like the EFF here that could help me in this case by legal assistance, so I'm on my own and require a good lawyer," he wrote in a blog post seeking donations.

Weber told Ars he typically ran about five to 10 nodes at any one time, from locations in the Czech Republic, Poland, Ukraine, Austria, and Hong Kong. He estimated that in all they carried about 30 terabytes of data each day.

"The safest way is a middle node, as it cannot be seen from the Internet at all (it only routes internal traffic)," he told Ars. "Entry is pretty safe as well. Exit is very dangerous (as I've seen now...)"
http://arstechnica.com/tech-policy/2...r-his-servers/





Julian Assange: A Call to Cryptographic Arms

Excerpted from Cypherpunks: Freedom and the Future of the Internet, by Julian Assange with Jacob Appelbaum, Andy Müller-Maguhn and Jérémie Zimmermann. OR Books, New York, 2012, 186 pages, Paper. Buy online. Cryptome review of the book.

Pages 1-7.

INTRODUCTION: A CALL TO CRYPTOGRAPHIC ARMS

This book is not a manifesto. There is not time for that. This book is a warning.

The world is not sliding, but galloping into a new transnational dystopia. This development has not been properly recognized outside of national security circles. It has been hidden by secrecy, complexity and scale. The internet, our greatest tool of emancipation, has been transformed into the most dangerous facilitator of totalitarianism we have ever seen. The internet is a threat to human civilization.

These transformations have come about silently, because those who know what is going on work in the global surveillance industry and have no incentives to speak out. Left to its own trajectory, within a few years, global civilization will be a postmodern surveillance dystopia, from which escape for all but the most skilled individuals will be impossible. In fact, we may already be there.

While many writers have considered what the internet means for global civilization, they are wrong. They are wrong because they do not have the sense of perspective that direct experience brings. They are wrong because they have never met the enemy.

No description of the world survives first contact with the enemy.

We have met the enemy.

Over the last six years WikiLeaks has had conflicts with nearly every powerful state. We know the new surveillance state from an insider's perspective, because we have plumbed its secrets. We know it from a combatant's perspective, because we have had to protect our people, our finances and our sources from it. We know it from a global perspective, because we have people, assets and information in nearly every country. We know it from the perspective of time, because we have been fighting this phenomenon for years and have seen it double and spread, again and again. It is an invasive parasite, growing fat off societies that merge with the internet. It is rolling over the planet, infecting all states and peoples before it.

What is to be done?

Once upon a time in a place that was neither here nor there, we, the constructors and citizens of the young internet discussed the future of our new world.

We saw that the relationships between all people would be mediated by our new world, and that the nature of states, which are defined by how people exchange information, economic value, and force, would also change.

We saw that the merger between existing state structures and the internet created an opening to change the nature of states.

First, recall that states are systems through which coercive force flows. Factions within a state may compete for support, leading to democratic surface phenomena, but the underpinnings of states are the systematic application, and avoidance, of violence. Land ownership, property, rents, dividends, taxation, court fines, censorship, copyrights and trademarks are all enforced by the threatened application of state violence.

Most of the time we are not even aware of how close to violence we are, because we all grant concessions to avoid it. Like sailors smelling the breeze, we rarely contemplate how our surface world is propped up from below by darkness.

In the new space of the internet what would be the mediator of coercive force?

Does it even make sense to ask this question? In this otherworldly space, this seemingly platonic realm of ideas and information flow, could there be a notion of coercive force? A force that could modify historical records, tap phones, separate people, transform complexity into rubble, and erect walls, like an occupying army?

The platonic nature of the internet, ideas and information flows, is debased by its physical origins. Its foundations are fiber optic cable lines stretching across the ocean floors, satellites spinning above our heads, computer servers housed in buildings in cities from New York to Nairobi. Like the soldier who slew Archimedes with a mere sword, so too could an armed militia take control of the peak development of Western civilization, our platonic realm.

The new world of the internet, abstracted from the old world of brute atoms, longed for independence. But states and their friends moved to control our new world -- by controlling its physical underpinnings. The state, like an army around an oil well, or a customs agent extracting bribes at the border, would soon learn to leverage its control of physical space to gain control over our platonic realm. It would prevent the independence we had dreamed of, and then, squatting on fiber optic lines and around satellite ground stations, it would go on to mass intercept the information flow of our new world -- its very essence even as every human, economic, and political relationship embraced it. The state would leech into the veins and arteries of our new societies, gobbling up every relationship expressed or communicated, every web page read, every message sent and every thought googled, and then store this knowledge, billions of interceptions a day, undreamed of power, in vast top secret warehouses, forever. It would go on to mine and mine again this treasure, the collective private intellectual output of humanity, with ever more sophisticated search and pattern finding algorithms, enriching the treasure and maximizing the power imbalance between interceptors and the world of interceptees. And then the state would reflect what it had learned back into the physical world, to start wars, to target drones, to manipulate UN committees and trade deals, and to do favors for its vast connected network of industries, insiders and cronies.

But we discovered something. Our one hope against total domination. A hope that with courage, insight and solidarity we could use to resist. A strange property of the physical universe that we live in.

The universe believes in encryption.

It is easier to encrypt information than it is to decrypt it.

We saw we could use this strange property to create the laws of a new world. To abstract away our new platonic realm from its base underpinnings of satellites, undersea cables and their controllers. To fortify our space behind a cryptographic veil. To create new lands barred to those who control physical reality, because to follow us into them would require infinite resources.

And in this manner to declare independence.

Scientists in the Manhattan Project discovered that the universe permitted the construction of a nuclear bomb. This was not an obvious conclusion. Perhaps nuclear weapons were not within the laws of physics. However, the universe believes in atomic bombs and nuclear reactors. They are a phenomenon the universe blesses, like salt, sea or stars.

Similarly, the universe, our physical universe, has that property that makes it possible for an individual or a group of individuals to reliably, automatically, even without knowing, encipher something, so that all the resources and all the political will of the strongest superpower on earth may not decipher it. And the paths of encipherment between people can mesh together to create regions free from the coercive force of the outer state. Free from mass interception. Free from state control.

In this way, people can oppose their will to that of a fully mobilized superpower and win. Encryption is an embodiment of the laws of physics, and it does not listen to the bluster of states, even transnational surveillance dystopias.

It isn't obvious that the world had to work this way. But somehow the universe smiles on encryption.

Cryptography is the ultimate form of non-violent direct action. While nuclear weapons states can exert unlimited violence over even millions of individuals, strong cryptography means that a state, even by exercising unlimited violence, cannot violate the intent of individuals to keep secrets from them.

Strong cryptography can resist an unlimited application of violence. No amount of coercive force will ever solve a math problem.

But could we take this strange fact about the world and build it up to be a basic emancipatory building block for the independence of mankind in the platonic realm of the internet? And as societies merged with the internet could that liberty then be reflected back into physical reality to redefine the state?

Recall that states are the systems which determine where and how coercive force is consistently applied.

The question of how much coercive force can seep into the platonic realm of the internet from the physical world is answered by cryptography and the cypherpunks' ideals.

As states merge with the internet and the future of our civilization becomes the future of the internet, we must redefine force relations.

If we do not, the universality of the internet will merge global humanity into one giant grid of mass surveillance and mass control.

We must raise an alarm. This book is a watchman's shout in the night.

On March 20, 2012, while under house arrest in the United Kingdom awaiting extradition, I met with three friends and fellow watchmen on the principle that perhaps in unison our voices can wake up the town. We must communicate what we have learned while there is still a chance for you, the reader, to understand and act on what is happening.

It is time to take up the arms of our new world, to fight for ourselves and for those we love.

Our task is to secure self-determination where we can, to hold back the coming dystopia where we cannot, and if all else fails, to accelerate its self-destruction.

Julian Assange, London, October 2012

http://cryptome.org/2012/12/assange-crypto-arms.htm





New 25 GPU Monster Devours Passwords In Seconds
Paul

There needs to be some kind of Moore’s law analog to capture the tremendous advances in the speed of password cracking operations. Just within the last five years, there’s been an explosion in innovation in this ancient art, as researchers have realized that they can harness specialized silicon and cloud based computing pools to quickly and efficiently break passwords.

A presentation at the Passwords^12 Conference in Oslo, Norway, has moved the goalposts, again. Speaking on Monday, researcher Jeremi Gosney (a.k.a epixoip) demonstrated a rig that leveraged the Open Computing Language (OpenCL) framework and a technology known as Virtual OpenCL Open Cluster (VCL) to run the HashCat password cracking program across a cluster of five, 4U servers equipped with 25 AMD Radeon GPUs and communicating at 10 Gbps and 20 Gbps over Infiniband switched fabric.

Gosney’s system elevates password cracking to the next level, and effectively renders even the strongest passwords protected with weaker encryption algorithms, like Microsoft’s LM and NTLM, obsolete.

In a test, the researcher’s system was able to churn through 348 billion NTLM password hashes per second. That renders even the most secure password vulnerable to compute-intensive brute force and wordlist (or dictionary) attacks. A 14 character Windows XP password hashed using LM NTLM (NT Lan Manager), for example, would fall in just six minutes, said Per Thorsheim, organizer of the Passwords^12 Conference.

[Note of clarification from Jeremi: "LM Is what is used on Win XP, and LM converts all lowercase chars to uppercase, is at most 14 chars long, and splits the password into two 7 char strings before hashing -- so we only have to crack 69^7 combinations at most for LM. At 20 G/s we can get through that in about 6 minutes. With 348 billion NTLM per second, this means we could rip through any 8 character password (95^8 combinations) in 5.5 hours." ]

“Passwords on Windows XP? Not good enough anymore,” Thorsheim said.

Tools like Gosney’s GPU cluster aren’t suited for an “online” attack scenario against a live system. Rather, they’re used in “offline” attacks against collections of leaked or stolen passwords that were stored in encrypted form, Thorsheim said. In that situation, attackers aren’t limited to a set number of password attempts – hardware and software limitations are all that matter.

The clustered GPUs clocked impressive speeds against more sturdy hashing algorithms as well, including MD5 (180 billion attempts per second, 63 billion/second for SHA1 and 20 billion/second for passwords hashed using the LM algorithm. So called “slow hash” algorithms fared better. The bcrypt (05) and sha512crypt permitted 71,000 and 364,000 per second, respectively.

In an IRC chat with Security Ledger, Gosney said he has been working on CPU clustering for about five years and GPU clustering for the last four years.

“Then we just started trying to build the biggest GPU rigs we could, packing as many GPUs into a single server as possible so that we wouldn’t have to deal with clustering or distributing load,” Gosney wrote.

He started developing the new platform since stumbling on VCL in April, after trying his hand at pooling traditional CPUs for password cracking.

“I was extremely disappointed that setting up a clustered VMware instance wouldn’t allow me to create a VM that spanned all the hosts in the cluster. E.g. if i had five VMware ESX hosts with 8 processor cores, I wanted to be able to create a single vm with 40 cores and use all nodes in the cluster,” he wrote.

Then he came across VCL, or Virtual Open Cluster, a small and heretofore little recognized project from the scientists who manage the MOSIX distributed operating system first released in the 1970s.

“It did just what I wanted, not with an entire OS per se, but with an entire OpenCL application. and that’s good enough for me.”

After playing around with VCL for a while, Gosney approached Prof. Amnon Barak, one of Mosix’s creators. Gosney was interested in adding features to VCL that would allow it to run the HashCat password cracking tool.

“Once we convinced Amnon that we did not aspire to turn the world into one giant botnet, he was very cooperative in working with (us) to resolve issues with VCL that was preventing it from working 100% with hashcat,” he said.

VCL makes load balancing across the cluster – once an arduous task that required months of custom scripting – a trivial matter. As a result, Gosney said that his team is at a point where their implementation of Hashcat on VCL could be scaled up far above the 25GPU rig he has created – supporting “at least 128 AMD GPUs.

“I always had these dreams of doing very simple and very manageable grid/cloud computing,” Gosney wrote. “It really is the marriage of two absolutely fantastic programs, which allows us to do unprecedented things,” he wrote.

Gosney is no stranger to password cracking. After 6.4 million Linkedin password hashes were leaked online, Gosney was one of the first researchers to decrypt them and analyze the findings. He and a partner were ultimately able to crack between 90% and 95% of the password values.

Gosney’s GPU cluster is just the latest leap forward in password cracking in a year that has already seen prominent encryption algorithms deemed compromised by an onslaught of cheap compute power. In June, Poul-Henning Kamp, creator of the md5crypt() function used by FreeBSD and other Linux-based operating systems was forced to acknowledge that the hashing function is no longer suitable for production use - a victim of GPU powered systems that could perform “close to 1 million checks per second on COTS (commercial off the shelf) GPU hardware,” he wrote. Gosney’s cluster cranked out more than 70 times that number - 77 million brute force attempts per second against MD5crypt.

Recent years have also seen the launch of services like Moxie Marlinspike’s WPACracker and then CloudCracker, a cloud-based platform for penetration testers that can do lookups of password hashes and other encrypted content against a dictionary of over hundreds of millions – or even billions – of potential matches – all for under $200. And if that price is too rich, a team of U.S. based researchers have shown how you can do the same thing – on the cheap - by leveraging Google’s MapReduce and cloud based browsers. Then, in 2011, researcher Thomas Roth, who developed the Cloud Cracking Suite (CCS) – a tool that leveraged eight Amazon EC2-based Nvidia GPU instances to crack the SHA1 encryption algorithm and dispense with tens of thousands of passwords per second.

Gosney said he plans to “make a bit of money” off his invention, either by renting out time on it or by offering it as a paid password recovery and domain auditing service. “I have way too much invested in this to not get some kind of return out of it,” he wrote.
http://securityledger.com/new-25-gpu...ds-in-seconds/





For PC Virus Victims, Pay or Else
Nicole Perlroth

Kidnappers used to make ransom notes with letters cut out of magazines. Now, notes simply pop up on your computer screen, except the hostage is your PC.

In the past year, hundreds of thousands of people across the world have switched on their computers to find distressing messages alerting them that they no longer have access to their PCs or any of the files on them.

The messages claim to be from the Federal Bureau of Investigation, some 20 other law enforcement agencies across the globe or, most recently, Anonymous, a shadowy group of hackers. The computer users are told that the only way to get their machines back is to pay a steep fine.

And, curiously, it’s working. The scheme is making more than $5 million a year, according to computer security experts who are tracking them.

The scourge dates to 2009 in Eastern Europe. Three years later, with business booming, the perpetrators have moved west. Security experts say that there are now more than 16 gangs of sophisticated criminals extorting millions from victims across Europe.

The threat, known as ransomware, recently hit the United States. Some gangs have abandoned previously lucrative schemes, like fake antivirus scams and banking trojans, to focus on ransomware full time.

Essentially online extortion, ransomware involves infecting a user’s computer with a virus that locks it. The attackers demand money before the computer will be unlocked, but once the money is paid, they rarely unlock it.

In the vast majority of cases, victims do not regain access to their computer unless they hire a computer technician to remove the virus manually. And even then, they risk losing all files and data because the best way to remove the virus is to wipe the computer clean.

It may be hard to fathom why anyone would agree to fork over hundreds of dollars to a demanding stranger, but security researchers estimate that 2.9 percent of compromised computer owners take the bait and pay. That, they say, is an extremely conservative estimate. In some countries, the payout rate has been as high as 15 percent.

That people do fall for it is a testament to criminals’ increasingly targeted and inventive methods. Early variations of ransomware locked computers, displayed images of pornography and, in Russian, demanded a fee — often more than $400 — to have it removed. Current variants are more targeted and toy with victims’ consciences.

Researchers say criminals now use victims’ Internet addresses to customize ransom notes in their native tongue. Instead of pornographic images, criminals flash messages from local law enforcement agencies accusing them of visiting illegal pornography, gambling or piracy sites and demand they pay a fine to unlock their computer.

Victims in the United States see messages in English purporting to be from the F.B.I. or Justice Department. In the Netherlands, people get a similar message, in Dutch, from the local police. (Some Irish variations even demand money in Gaelic.) The latest variants speak to victims through recorded audio messages that tell users that if they do not pay within 48 hours, they will face criminal charges. Some even show footage from a computer’s webcam to give the illusion that law enforcement is watching.

The messages often demand that victims buy a preloaded debit card that can be purchased at a local drugstore — and enter the PIN. That way it’s impossible for victims to cancel the transaction once it becomes clear that criminals have no intention of unlocking their PC.

The hunt is on to find these gangs. Researchers at Symantec said they had identified 16 ransomware gangs. They tracked one gang that tried to infect more than 500,000 PCs over an 18-day period. But even if researchers can track their Internet addresses, catching and convicting those responsible can be difficult. It requires cooperation among global law enforcement, and such criminals are skilled at destroying evidence.

Charlie Hurel, an independent security researcher based in France, was able to hack into one group’s computers to discover just how gullible their victims could be. On one day last month, the criminals’ accounting showed that they were able to infect 18,941 computers, 93 percent of all attempts. Of those who received a ransom message that day, 15 percent paid. In most cases, Mr. Hurel said, hackers demanded 100 euros, making their haul for one day’s work more than $400,000.

That is significantly more than hackers were making from fake antivirus schemes a few years ago, when so-called “scareware” was at its peak and criminals could make as much as $158,000 in one week.

Scareware dropped significantly last year after a global clampdown by law enforcement and private security researchers. Internecine war between scareware gangs put the final nail in the coffin. As Russian criminal networks started fighting for a smaller share of profits, they tried to take each other out with denial of service attacks.

Now, security researchers are finding that some of the same criminals who closed down scareware operations as recently as a year ago are back deploying ransomware.

“Things went quiet,” said Eric Chien, a researcher at Symantec who has been tracking ransomware scams. “Now we are seeing a sudden ramp-up of ransomware using similar methods.”

Victims become infected in many ways. In most cases, people visit compromised Web sites that download the program to their machines without so much as a click. Criminals have a penchant for infecting pornography sites because it makes their law enforcement threats more credible and because embarrassing people who were looking at pornography makes them more likely to pay. Symantec’s researchers say there is also evidence that they are paying advertisers on sex-based sites to feature malicious links that download ransomware onto victims’ machines.

“As opposed to fooling you, criminals are now bullying users into paying them by pretending the cops are banging down their doors,” said Kevin Haley, Symantec’s director of security response.

More recently, researchers at Sophos, a British computer security company, noted that thousands of people were getting ransomware through sites hosted by GoDaddy, the popular Web services company that manages some 50 million domain names and hosts about five million Web sites on its servers.

Sophos said hackers were breaking into GoDaddy users’ accounts with stolen passwords and setting up what is known as a subdomain. So instead of, say, www.nameofsite.com, hackers would set up the Web address nameofsite.blog.com, then send e-mails to customers with the link to the subdomain which — because it appeared to come from a trusted source — was more likely to lure clicks.

Scott Gerlach, GoDaddy’s director of information security operations, said it appeared the accounts had been compromised because account owners independently clicked on a malicious link or were compromised by a computer virus that stole password credentials. He advised users to enable GoDaddy’s two-step authentication option, which sends a second password to users’ cellphones every time they try to log in, preventing criminals from cracking their account with one stolen password and alerting users when they try.

One of the scarier things about ransomware is that criminals can use victims’ machines however they like. While the computer is locked, the criminals can steal passwords and even get into the victims’ online bank accounts.

Security experts warn to never pay the ransom. A number of vendors offer solutions for unlocking machines without paying the ransom, including Symantec, Sophos and F-Secure. The best solution is to visit a local repair shop to wipe the machine clean and reinstall backup files and software.

“This is the new Nigerian e-mail scam,” Mr. Haley said. “We’ll be talking about this for the next two years.”
https://www.nytimes.com/2012/12/06/t...ed-states.html





Voice Calls Over 4G LTE Networks are Battery Killers
Kevin Fitchard

VoIP may be the future on mobile communications, but new findings from testing outfit Spirent show the technology needs to improve its power efficiency if it’s to become viable. Its tests found that a VoLTE call consumes twice as much battery life as a 2G call.

Every mobile carrier wants to replace their old voice services with new VoIP-based systems utilizing their 4G networks, but it looks like they’ve got some big kinks to iron out in the technology first. Wireless testing and measurement vendor Spirent Communications has identified a big problem with voice over LTE (VoLTE): it consumes twice as much power as a traditional 2G call, which could have big implications for mobile phone battery life.

Metrico Wireless, a radio field testing company Spirent acquired in September, conducted voice trials on a commercial VoLTE-enabled network in two U.S. cities, comparing the power consumption of VoIP calls made over LTE against the power used by the same carrier’s CDMA systems. Spirent-Metrico didn’t name the carrier, but it’s not hard to guess.

MetroPCS is the only U.S. operator with a live VoLTE service and a commercially available handset. The 1540 milliamp hour (mAh)-battery on Metro’s sole VoLTE handset, the LG Connect 4G, also lines up with the battery capacity of the device Spirent tested.
The results of those tests should give carriers and consumers pause. The average power consumption for a 10-minute CDMA circuit-switched call was 680 milliwatts (mW) while the average consumption for a VoLTE call of the same duration was 1358 mW. That’s double the power drain. Spirent estimated that on a full charge, its test smartphone could support 502.6 minutes of talk time using CDMA only, but the same charge would only deliver 251.8 minutes of talk time using VoIP on the 4G network. And that’s with all other data communications turned off.

What it comes down to is that our old GSM and CDMA circuit-switched voice technologies — despite their limitations — have been optimized over the last two decadesto be energy efficient, Spirent Global Director of Insights Amit Malhotra told GigaOM in an email interview. It’s hard to replicate that kind of efficiency overnight in a generic data modem.

“The disadvantage in battery life of VoLTE compared to circuit-switched voice is driven by a few different factors,” Malhotra said. “One is the more strenuous exercise of the device, including conversion of voice to packet data, transmission and receipt over the data network, and reconversion back to voice. Another is the use of less power-efficient components such as data modems versus voice transceivers.”

If this proves to be typical for VoLTE handsets, it will be a big problem. The battery life of the first generation of LTE smartphones was atrocious, and handset vendors have tried to address the problem by slapping fat 3000+ mAh power cells onto their phones. Some carriers are already reluctant to embrace VoLTE since they can still squeeze plenty of life out of their 2G and 3G voice services. If VoLTE proves to be a battery killer, they will be even less inclined to move mobile voice into the IP age.

There is some good news in Spirent’s findings though. It found LTE performed better than CDMA when the phone is used to make simultaneous voice and data calls. When the phone was in 4G-only mode — i.e., using only the LTE network for both VoIP and data — it performed slightly more efficiently than when the 2G radio was used for voice while the 4G radio transmitted data, Spirent discovered. That makes sense since powering two radios simultaneously could take an enormous toll on battery life.

That would seem to indicate that if you tend to talk and consume data at the same time, then VoLTE is a more efficient technology. That’s true, but only to the tiniest degree. The study found that both in both scenarios the hyperactivity of the device drained tremendous amount of energy. Battery life estimates dropped below 120 minutes in both cases. No matter which radios you use, talking and surfing consumes a tremendous amount of power.

Malhotra, however, said LTE power efficiency is bound to improve as both data modem technology and network coverage gets better. Today’s LTE networks have limited footprints, forcing phones to continuously check for signals. Eventually the data modems in our handsets will be optimized for VoIP calling.

“These issues will be mitigated over time, especially as components continue to become more power efficient, and devices do not need to switch between different modes of voice call processing,” Malhotra said.
http://gigaom.com/mobile/volte-calls...g-voice-calls/





Ubislate 7Ci: Can This $20 Tablet Really Change The World?
Fredric Paul

In all the competitive battles that have defined the history of the technology revolution, one essential truth almost always determines the outcome: cheap and good enough beats awesome but expensive every time.

It happened when PCs beat out minicomputers (not to mention Macintosh's). It happened when VHS killed Betamax. It happened when Linux pushed aside proprietary server operating systems. It's happening now as Google's Android overtakes Apple's iOS.

Good Enough?

And it could be about to happen again with the Ubislate 7Ci tablet. This Android device is far from special in just about every respect. The specs are ordinary at best:

• 7-inch, 800 x 432 capacitive touchscreen
• Android 4.04 Ice Cream Sandwich
• 1GHz Cortex A8 ARMv7 CPU
• 512MB RAM, 4GB storage
• Wi-Fi (a version with GPRS cellular capability is also available)
• VGA front-facing camera
• Micro SD slot
• Power, micro-USB, and headphone connectors

The speaker is tinny. The pictures are grainy and low-res, and the colors are off, too. The screen has to be held just so to be seen properly. Battery life is listed as a measly 3 hours, and in my tests the device couldn't hold a charge more than a day or two no matter how little it was used. Performance is painfully slow for anyone spoiled by the latest tablets from Apple, Samsung, Microsoft and others. Things that should happen instantly take several seconds or more, and I experienced frequent hangups and glitches.

But build quality seems solid, and the thing is perfectly portable. Most important, though, it works - and it's being sold for just $20 in India.

Like An iPhone 3GS?

Sample Ubislate photo Professor and entrepreneur Vivek Wadwha, who lent a test unit to ReadWrite for evaluation, compared the Ubislate Ci7 to an Apple iPhone 3GS, and in my tests that feels about right. If you can remember back a few years, you'll recall that when 3GS first came out it felt plenty fast and revolutionary. And I think that's exactly how the Ubislate Ci7would feel to someone getting ahold of their first tablet right now.

But the iPhone 3GS was a hard-to-get, top-of-the-line machine when it debuted in 2009. For the Ubislate, Wadhwa says the Indian government has put in a bulk order for 100,000 devices at $40 each, which it then plans to sell to students in the countryside for $20 each. Wadhwa says they will also be available direct for $60.

It's unclear how or when manufacturer Datawind will be able to deliver on this order, and when or if the tablet will make it to the U.S. and other markets. And it will no doubt cost a lot more on these shores due to testing, taxes and other issues.

Changing The Hardware Market

But even if the Ubislate never achieves mass distribution, in the U.S. or even in India, it's still a game changer - for both hardware makers and Internet companies.

For the hardware market, iIt proves that a workable tablet can be created - if not yet delivered - at a price that makes it attainable to a lot more people than can afford even the cheapest mainstream tablets from Apple or Samsung and their direct competitors.

While people with means will always want the latest and best, the Ubislate is a step toward a world where almost everyone - Wadwha estimates that a billion people could end up with devices like this - has a tablet.

Maybe that tablet is not as good as the one on which you may be reading this article right now, but it's more than good enough to give anyone access to this article - and to the rest of the Internet. And as history has shown over and over again, good enough and dirt cheap will swamp excellent and expensive every time.

Apple has made a lot of money selling tablets for $500 and up, and Microsoft is charging a whopping $900 or more for its upcoming Surface Pro. And I'm not saying those excellent products aren't worth it.

But increasingly, those high-end machines could be competing against "good-enough" competitors that aren't just 10% or 20% cheaper, but an order of magnitude cheaper. That puts a whole new kind of pressure of device makers to justify their high prices.

A Vast New Online Market - And New Competitors

Just as important, though, truly ubiquitous tablets will bring millions - perhaps billions - of new users to the Internet. These new Internet citizens won't be as rich as the first billion people now online, but they will inevitably shift the center of Net away from developed nations.

That will open up vast new markets for Internet companies, if they're clever and fast enough to come up with products and services that meet their needs.

But when the next billion people come online, they're not just going to be consumers. We've already seen that as soon as people get access to the Net, they start figuring out how to leverage it to make life easier for themselves, and creating businesses to do the same for everyone else.

If truly cheap tablets really do double the worldwide Internet population, we're sure to see a huge increase in online entrepreneurs. If you think there's a lot of competition in the online app stores now, what do you think is going to happen when all those smart/ambitious/hungry new developers join the game?

If you don't believe that changes everything, you're just not paying attention.
http://readwrite.com/2012/12/03/ubis...ange-the-world





Report Warns Feds of Radicals and Extremists on Social Web
Kenneth Corbin

In the short time since the advent of the social Web, the Internet has evolved into a platform for innumerable virtual communities of every stripe to gather and collaborate, so it is hardly surprising that along with sites for DIY hobbyists and recipe swaps, a growing number of online forums have emerged that give voice to radicals and extremists, in some cases serving as recruiting tools for terrorist groups.

On Tuesday, the Bipartisan Policy Center (BPC), a Washington think tank, released a report on the mounting dangers of online radicalization, urging the government to formalize a strategy for countering the threat, while at the same time steering clear of any policies that would amount to censorship or the stifling of expression on the Web.

The report is the latest installment from the BPC's Homeland Security Project, co-chaired by former New Jersey Gov. Thomas Kean and Lee Hamilton, a former representative from Indiana. Kean and Hamilton served as the chairman and vice chairman, respectively, of the commission convened to examine the terrorist attacks of Sept. 11, 2001.

Internet Most Dangerous Innovation for Terrorists

"In its 2004 report, our 9-11 Commission showed the terrorists who attacked us on Sept. 11, 2001, even they used the Internet for searches, to buy tickets and to book hotels. Yet not a single one of them was radicalized online," Kean said at an event marking the release of the new report. "More than 10 years since [the] Sept. 11 attack, the use of the Internet to radicalize and recruit home-grown terrorists is the single most important and dangerous terrorist innovation."

The report evaluates the challenge of curbing online radicalization from the perspective of supply and demand. It concludes that efforts to shut down websites that could serve as incubators for would-be terrorists--going after the supply--will ultimately be self-defeating, and that "filtering of Internet content is impractical in a free and open society."

"Approaches aimed at restricting freedom of speech and removing content from the Internet are not only the least desirable strategies, they are also the least effective," writes Peter Neumann, founding director of the International Centre for the Study of Radicalisation at King's College London and the author of the report.

Instead, policymakers should focus their attention on the demand side of the radicalization issue, Neumann argues, with the government spearheading outreach initiatives that would bring together schools, community groups and businesses to advance awareness and media literacy and offer a competing narrative to that presented by sites that traffic in radical propaganda.

"If there are bad ideas out there, there should be more good ideas to counter them," Neumann said on Tuesday.

Last year, the White House issued a counter-radicalization strategy and an associated implementation plan, acknowledging the key role the Internet has come to play in galvanizing violent extremists and promising to deliver a separate and detailed plan for specifically addressing the online threat. That plan has yet to appear, and in the short term, the BPC's report's "first and most important recommendation is for the White House to complete its work on the strategy, make it public, and begin its implementation with alacrity."

A Well-Informed Public Is the Best Defense

The original White House plan carries a similar emphasis on communities to the new BPC report, articulating a "significant," but limited, role for the federal government "as a facilitator, convener and source of information."

"The best defenses against violent extremist ideologies are well-informed and equipped families, local communities and local institutions," the White House plan reads.

The BPC report underscores the wide ideological spectrum of radical communities that can be found online, running the gamut from supporters of al Qaeda to white supremacists and neo-Nazis, environmental extremists and animal liberationists, among many others.

With its emphasis on defusing the impact of radicalizing sites through countering messages, such as frank accounts of civilian deaths from terrorist attacks or testimonials from reformed extremists, the BPC report articulates a faith in the power of the "marketplace of ideas, in which truth prevails as long as good and bad ideas are allowed to compete."

At the same time, Neumann acknowledges the limitations of such an approach, or "market failures" in the online world, where "the cranks, extremists and conspiracy theorists now seem to be everywhere," and many people have crowded into "ever-smaller ghettos for ideas and discourses, which, in turn, have reduced the number of spaces in which extremist and/or controversial ideas are openly contested."

The report calls attention to a number of ways the government can involve itself, such as the series of online safety workshops the U.S. National Counterterrorism Center has developed in concert with Muslim community groups and other government agencies to incorporate sessions geared for parents about online radicalization along with issues like protecting kids from child predators and pornography.

Other efforts have seen the State Department develop programs overseas to organize moderate groups and amplify their voices online, as well counter-messaging initiatives that take specific aim at extremist sites through targeted blogs, Facebook groups, tweets or other platforms.

Neumann allows that these demand-side programs take time and that, even if they were deemed a categorical success, online radicalization would persist. What's more, he points out that the information that extremists post about their activities and organizations online has proven extremely useful to law enforcement officials seeking to disrupt attacks.

But those efforts are impeded by an ambiguous and outdated set of laws and policies governing how domestic agencies can monitor and analyze online communications, a problem made all the more acute by the cross-border issues inherent with the Internet, Neumann says, arguing that an effective anti-radicalization strategy must include an overhaul of the legal framework for the Internet age.

"All the existing rules for counter-terrorism, counter-radicalization distinguish between domestic and foreign," he says. "There are things you can do abroad that you cannot do at home. But the Internet, of course, does not respect that distinction. The Internet is genuinely transnational. So a website may be registered in one country, the content may be hosted in a second country, the producer of the website may be based in a third, and the user and consumer may be based in a fourth country. What are the rules that should apply--domestic or foreign? It's not always clear."
http://www.cio.com/article/723039/Re..._on_Social_Web





Keep the Internet Free and Open

December 2, 2012

Starting in 1973, when my colleagues and I proposed the technology behind the Internet, we advocated for an open standard to connect computer networks together. This wasn’t merely philosophical; it was also practical.

Our protocols were designed to make the networks of the Internet non-proprietary and interoperable. They avoided “lock-in,” and allowed for contributions from many sources. This openness is why the Internet creates so much value today. Because it is borderless and belongs to everyone, it has brought unprecedented freedoms to billions of people worldwide: the freedom to create and innovate, to organize and influence, to speak and be heard.

But starting in a few hours, a closed-door meeting of the world’s governments is taking place in Dubai, and regulation of the Internet is on the agenda. The International Telecommunication Union (ITU) is convening a conference from December 3-14 to revise a decades-old treaty, in which only governments have a vote. Some proposals could allow governments to justify the censorship of legitimate speech, or even cut off Internet access in their countries.

You can read more about my concerns on CNN.com, but I am not alone. So far, more than 1,000 organizations from more than 160 countries have spoken up too, and they’re joined by hundreds of thousands of Internet users who are standing up for a free and open Internet. On an interactive map at freeandopenweb.com, you can see that people from all corners of the world have signed our petition, used the #freeandopen hashtag on social media, or created and uploaded videos to say how important these issues are.

If you agree and want to support a free and open Internet too, I invite you to join us by signing the petition at google.com/takeaction. Please make your voice heard and spread the word.

Posted by Vint Cerf, VP and Chief Internet Evangelist
http://googleblog.blogspot.com/2012/...-and-open.html





House Approves Resolution to Keep Internet Control Out of UN Hands
Pete Kasperowicz

The House on Wednesday unanimously passed a Senate resolution introduced by Sens. Claire McCaskill (D-Mo.) and Marco Rubio (R-Fla.) that calls on the U.S. government to oppose United Nations control of the Internet.

The 397-0 vote is meant to send a signal to countries meeting at a U.N. conference on telecommunications this week. Participants are meeting to update an international telecom treaty, but critics warn that many countries’ proposals could allow U.N. regulation of the Internet.

"The 193 member countries of the United Nations are gathered to consider whether to apply to the Internet a regulatory regime that the International Telecommunications Union created in the 1980s for old-fashioned telephone service," Rep. Greg Walden (R-Ore.) said on the House floor.

He said countries will also consider whether to "swallow the Internet's non-governmental organizational structure whole and make it part of the United Nations."

"Neither of these are acceptable outcomes and must be strongly opposed by our delegation," Walden added.

Rep. Anna Eshoo (D-Calif.) said both the White House and lawmakers were united against U.N. control of the Internet.

"I think that we are all very, very proud that there is not only bipartisan, but bicameral support underlying this resolution, and there is complete support across the Executive Branch of our government," she said. "In other words, the United States of America is totally unified on this issue of an open structure, a multi-stakeholder approach that has guided the Internet over the last two decades."

Nonetheless, members said it was appropriate to pass the resolution to show the strength of U.S. opposition to giving the U.N. any role in Internet governance.

"We need to send a strong message to the world that the Internet has thrived under a decentralized, bottom-up, multi-stakeholder governance model," said Rep. Marsha Blackburn (R-Tenn.).

The World Conference on International Telecommunications is meeting this week in Dubai, and Walden said representatives of the Federal Communications Commission (FCC) as well as representatives from Congress are attending to "keep an eye" on the proceedings. Walden warned that Russian President Vladimir Putin has spoken positively about the prospect of U.N. governance of Internet policy.

The resolution, S.Con.Res. 50, says it is the sense of Congress that the U.S. government should "continue working to implement the position of the United States on Internet governance that clearly articulates the consistent and unequivocal policy of the United States to promote a global Internet free from government control."

The Senate passed it in September by unanimous consent.
http://thehill.com/blogs/floor-actio...ut-of-un-hands





U.S. Fails to Win Early Limit on Net Controls at Global Gathering
Matt Smith and Joseph Menn

A U.S. and Canadian proposal to protect the Internet from new international regulation has failed to win prompt backing from other countries, setting up potentially tough negotiations to rewrite a telecom treaty.

The idea, also supported by Europe, would limit the International Telecommunication Union's rules to only telecom operators and not Internet-based companies such as Google Inc and Facebook Inc.

That could reduce the prospective impact of efforts by other countries including Russia and some in the Middle East and Africa to obtain more powers to govern the Internet through the ITU, an arm of the United Nations. Those efforts, slated for discussion next week, could make Net anonymity - or the ability to remain anonymous online - more difficult to maintain and could bolster censorship, critics say.

"We want to make sure (the rewritten ITU treaty) stays focused squarely on the telecom sector," said U.S. Ambassador Terry Kramer. "We thought we should deal with that up-front."

Kramer had been hoping that a committee comprising representatives from six regional bodies would give quick approval to the American request on Tuesday. But that failed to happen.

An ITU spokesman said late on Tuesday that the talks were continuing and that the issue would only return to the main policy-making body on Friday.

About 150 nations are gathered in Dubai to renegotiate the ITU rules, which were last updated in 1988, before the Internet and mobile phones transformed communications.

The 12-day ITU conference, which began on Monday, largely pits revenue-seeking developing countries and authoritarian regimes that want more control over Internet content against U.S. policymakers and private Net companies that prefer the status quo.

The Internet has no central regulatory body, but various groups provide some oversight, such as ICANN, a U.S.-based nonprofit organization that coordinates domain names and numeric Internet protocol addresses.

U.S. companies have led innovation on the Internet, and this stateside dominance is a worry for countries unaligned with the world's most powerful country.

The United States has also led in the development and use of destructive software in military operations that take advantage of anonymous Internet routing and security flaws.

Some of the proposals now being contested by the American and Canadian delegations are aimed at increasing security and reducing the effectiveness of such attacks, though the West and several rights groups argue that is a pretext for greater repression.

ITU Secretary-General Hamadoun Touré told Reuters last week that any major changes to the 1988 treaty would be adopted only with "consensus" approaching unanimity, but leaked documents show that managers at the 147-year-old body view a bad split as a strong possibility.

If that happens, debates over ratification could erupt in the United States, Europe and elsewhere.

(Reporting by Matt Smith in Dubai and Joseph Menn in San Francisco; editing by Matthew Lewis)
http://www.reuters.com/article/2012/...8B316I20121204





Internet Governance Talks in Jeopardy as Arab States, Russia Ally
Joseph Menn

A landmark attempt to set global rules for overseeing the Internet threatened to fall apart on Friday as a rift pitting the United States and some Western countries against the rest of the world widened, participants in the talks said.

A 12-day conference of the International Telecommunications Union, taking place in Dubai, is supposed to result in the adoption of a new international treaty governing trans-border communications.

But in a critical session at the midpoint of the conference on Friday, delegates refused to adopt a U.S.-Canadian proposal to limit the treaty's scope to traditional communications carriers and exclude Internet companies such as Google, the ITU said on its website.

Further complicating the negotiations was what a U.S. official at the talks called the "surprise" announcement of an accord among some Arab states, Russia and other countries to pursue treaty amendments that are expected to include Internet provisions unacceptable to the United States

A still-secret draft of the coalition's proposals is to be introduced soon by the United Arab Emirates, the official said.

"It doesn't look good," said a former U.S. intelligence official tracking the talks for private technology clients.

The emergence of the new coalition, whose members are generally seeking greater Internet censorship and surveillance, is likely to harden battle lines separating those countries from the United States and some allies in Western Europe.

The United States and others objected to the introduction of complex new material midway through the conference.

"All of the indicators we have so far is it's something that could be a clear effort to extend the treaty to cover Net governance," said policy counsel Emma Llanso of the nonprofit Center for Democracy & Technology, which draws funding from Google and other U.S. Internet companies.

"What we're seeing is governments putting forward their visions of the future of the Internet, and if we see a large group of governments form that sees an Internet a lot more locked down and controlled, that's a big concern."

CONCERNS ABOUT GOVERNMENT CONTROLS

The U.S. ambassador to the conference said in an earlier interview that his country would not sign any agreement that dramatically increased government controls over the Internet.

That would potentially isolate America and its allies from much of the world, and technology leaders fear that the rest of the globe would agree on actions such as identifying political dissidents who use the Internet and perhaps trying to alter the Net's architecture to permit more control.

The 147-year-old ITU, which is now under the auspices of the United Nations, historically has set technology standards and established payment customs for international phone calls. But under Secretary-General Hamadoun Touré, it has inched toward cyber-security and electronic content issues, arguing that Internet traffic goes over phone lines and is therefore within its purview.

The ITU is considering other issues in its most extensive rewrite of the treaty in 15 years, including proposals that content providers shoulder the costs of transmission. But none is as controversial as the projected Internet controls.

The Internet's infrastructure, while initially funded in part by the U.S. government, is now largely in private hands. It has been subject to little government control, although many nations have attempted to regulate Internet communications in various ways.

ICANN, a self-governing nonprofit under contract to the U.S. Department of Commerce, is ultimately responsible for making sure that people trying to reach a given website actually get there, but most technology policies are developed by industry groups.

At the ITU meeting, the American delegation had counted on support from at least Japan, Australia and other affluent democracies.

But its effort to stave off wholesale changes has been hindered by complications in Western Europe, where some countries were supporting a change to the economic model that would have Google, Facebook and others pay for at least some of the costs of Internet transmission.

Smaller groups at the ITU conference will work through the weekend, with the full body meeting again on Monday.

(Editing by Jonathan Weber and Peter Cooney)
http://www.reuters.com/article/2012/...8B704420121208

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

December 1st, November 24th, November 17th, November 10th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public." - Hugo Black
JackSpratts is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 11:01 PM.

Contact Us - www.p2p-zone.com - Top

Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)