Peer-To-Peer News - The Week In Review - June 9th, '12

[JackSpratts]

Since 2002


































"Are you okay with Airtime taking a snapshot of you periodically to ensure compliance with their policies?" – Kashmir Hill



































June 9th, 2012




Man Jailed for Running Online File-Sharing Site

A 34-year-old man has been sentenced to prison in Sweden after he was found to be behind an illegal file-sharing website.

The man, who lives outside of Varberg in southern Sweden, was sentenced to one year in prison for breaching copyright laws.

The 34-year-old ran a file-sharing site between 2007 and 2009, allowing users to illegally download copyrighted material, including movies, games and music, according to the Hallands Nyheter newspaper (HN).

He was convicted of aggravated accounting offences, acting as an accessory to copyright offences, and aggravated tax crimes, according to the Expressen newspaper.

The man made over 2,000 files available to the public and is alleged to have earned more than 1.5 million kronor ($209,553) without paying taxes, wrote HN.

However, as investigators were unable to pinpoint exactly how much the 34-year-old earned, the court denied the prosecutor’s request for the man to be handed a 390,000 kronor fine.

On top of the Varberg district court’s decision to sentence the man to one year in prison, he will be furthermore prohibited from running a business for three years upon release.

As the man uploaded the files for other people to download, and not for himself, the court has convicted him as an accomplice to the crime rather than as the perpetrator.
http://www.thelocal.se/41262/20120605/





Kino.to Founder Dirk B. Gets Reduced Prison Sentence in German Internet Piracy Trial
Scott Roxborough

Dirk B., the founder of illegal German filesharing site kino.to, will receive a prison sentence of between four and a half years to four years and ten months for copyright theft.

The 39-year-old German made a full confession and expressed "extreme regret" for the damage he caused with kino.to, which was shut down last year after a coordinated raid by European police in several countries. At its peak, the file-sharing site, which boasted some 135,000 copyright-protected films and TV series, had up to 4 million users a day.

According to the court, Dirk B. earned a total of $8.2 million (€6.6 million) from the site, much of it through advertising. In exchange for his confession, and for agreeing to give up his remaining wealth, the court gave Dirk B. a reduced sentence. His crimes could have carried a maximum 15 year prison sentence.

The sentencing deal, which will be formally announced next week, is expected to allow the accused to serve his time in an open institution, meaning Dirk B. will be allowed to leave the prison during the day to work. The kino.to trial has been Germany's biggest and most successfully prosecuted Internet piracy case. Three other key members of kino.to received prison sentences of three years or more. The court even slapped the site's web designer with a two and a half year sentence.

But while the German courts may be cracking down on online piracy, the German public is more divided. The Pirate Party, which advocates a more lenient approach to online copyright protection, is Germany's fastest-growing political movement. The Pirates have already won seats in several state elections and are expected to enter the national parliament, the Bundestag, in federal elections next year.
http://www.hollywoodreporter.com/new...entence-334207





MPAA: Megaupload Users Can Have Their Files Back, But…
Ernesto

Almost half a year has passed since Megaupload’s servers were raided by the U.S. Government, and still there is no agreement on how former users can retrieve their files. Previously the authorities and MPAA have objected against such a mass retrieval, but in a filing at the court today the movie industry changed its tone. The MPAA states that users can have their files back as long as access to copyrighted files is blocked.

In the wake of the January shutdown of Megaupload, many of the site’s legitimate users complained that their personal files had been lost.

Among these users are many people in the U.S. military who used the site to share pictures and videos with family. Megaupload founder Kim Dotcom previously informed TorrentFreak that least 15,634 soldiers had accounts at Megaupload, between them sharing hundreds of thousands of files.

But as of January those files were rendered inaccessible and attempts by the parties involved to come to a solution have failed miserably.

Last month one of Megaupload’s users, represented by the EFF, filed a motion asking the court to facilitate such a user data retrieval. Today, the MPAA filed a response to this motion in which they appear to be more open to the request.

“The MPAA Members are sympathetic to legitimate users who may have relied on Megaupload to store their legitimately acquired or created data, although the Megaupload terms of use clearly disclaimed any guarantee of continued access to uploaded materials,” MPAA’s lawyers write.

But along with this sympathy comes a caveat. The movie studios don’t want users to have access to copyright-infringing files.

“If the Court is willing to consider allowing access for users such as Mr. Goodwin to allow retrieval of files, it is essential that the mechanism include a procedure that ensures that any materials the users access and copy or download are not files that have been illegally uploaded to their accounts.”

In addition, the MPAA doesn’t want any Megaupload people to have access to the servers.

“In no event should any Megaupload defendants or their representatives who have not generally appeared in this proceeding, and who are not subject to the control and supervision of the Court be allowed to access the Mega Servers under such a mechanism designed for the benefit of third-party Megaupload users.”

Previously the MPAA said it was concerned that Megaupload would relaunch in a “foreign jurisdiction” should they regain access to their data.

Considering the above, one has to wonder whether the MPAA is seriously concerned about returning data to Megaupload users. It is practically impossible to separate copyrighted from non-copyrighted files on the servers, and an administrative nightmare in waiting for anyone tasked with enforcing the MPAA’s wishes.

With all the different states and wishes, there appears to be no other solution than for the court to decide what should happen to the data.
https://torrentfreak.com/mpaa-megaup...ck-but-120606/





Kim Dotcom Accuses FBI of Illegal File-Sharing

Cloned computers sent to the US without approval of NZ authorities
Rob Quinn

Kim Dotcom, the MegaUpload chief fighting extradition to the US from New Zealand, says the FBI did some illegal file sharing of its own. His lawyer claims agents committed an "illegal act" by sending cloned copies of Dotcom's seized computer to the US via Fedex without a judge's consent, Wired reports. The agents, he says, "gazumped" New Zealand authorities by sending the information while assuring the government nothing would be sent.

Dotcom, currently free on bail and making ends meet on an allowance of $49,000 a month, is accused of making hundreds of millions of dollars by letting MegaUpload users share copyrighted files online. If a judge agrees with Dotcom's lawyer and orders the FBI to return the cloned data, it might make it harder to prosecute him in the US, "but it will not have any impact on the extradition proceeding here in New Zealand," an intellectual property expert says.
http://www.newser.com/story/147581/k...e-sharing.html





Dotcom Info Not 'Physical'
Ian Steward and Charles Anderson

FBI agents who copied data from Megaupload founder Kim Dotcom's computers and took it overseas were not acting illegally because information isn't "physical material", the Crown says.

The agents were accused of underhanded behaviour by Dotcom's lawyers in the High Court at Auckland yesterday, after revelations that the information was already in US hands.

Megaupload's lawyer, Willie Akel, told Justice Helen Winkelmann how two FBI analysts flew to New Zealand on March 20 and reviewed seven hard-drives of information. The analysts cloned the computers in Manukau.

When police returned to pick them up to take them to their hotel, the agents had already left to FedEx the copies back to the United States.

"The first [copies] were sent without the New Zealand Police having any say in it whatsoever," Mr Akel said. The commissioner of police had "lost control of the items" once the FBI had them.

"If [they] went offshore without the consent of the attorney-general, it was an illegal act."Mr Akel said that there had been an agreement that none of the evidence against Dotcom, seized after his arrest, would be provided to the FBI without prior agreement.

However, Crown lawyer John Pike, for the attorney-general, said the material stored on the hard drives could be shipped overseas for the FBI to examine because it did not constitute "physical" material.

The relevant legislation applied only to physical possessions rather than information, Mr Pike said. "[Information] may be the most valuable thing we have, but it is not scooped up by the act".

He said that there were "gremlins" all through the exercise, which made the situation difficult to understand. "Nothing of the physical items have gone overseas and that was our undertaking."

Justice Winkelmann said that there was an obligation that material deemed irrelevant to the investigation be returned.

However, Mr Pike said it was too difficult to know what was relevant and what was not. "Police, to put it bluntly, would not have a clue what is relevant and what is not relevant. How could they?"

Dotcom, 38, is on bail awaiting an extradition hearing.

US authorities say he and his three co-accused – Mathias Ortmann, Fin Batato and Bram van der Kolk – used Megaupload and its affiliated sites to knowingly make money from pirated movies and games.
http://www.stuff.co.nz/technology/di...o-not-physical





World’s Oldest BitTorrent Site Shuts Down
Ernesto

After a few turbulent years Filesoup – the oldest surviving BitTorrent site – has announced that it will close its doors for good. The UK-based site gained mainstream attention in 2009 when it was raided and two of its administrators were arrested. Both men eventually walked free last year after their case was dismissed, but the resulting exodus of users now leads to the closure of the site.

Founded in 2003, UK-based FileSoup was one of the original torrent sites.

When the site started there was no Pirate Bay, no Torrentz, and isoHunt wasn’t searching .torrent files yet. FileSoup outlived many of the sites that sprung up around the time and developed an active and warm community.

After years of operating the site without any noticeable trouble, in the summer of 2009 police and the Federation Against Copyright Theft (FACT) conducted a raid on the home address of the site’s owner, known online as ‘TheGeeker’. Another raid was carried out around the same time on the property of fellow administrator ‘Snookered’.

Both were arrested and taken in for questioning.

After a lengthy legal process the authorities eventually dropped the charges against the admins in 2011. The court concluded that the evidence was solely provided by FACT and thus unreliable. While this was a huge relief and a welcome victory for the admins, the legal process effectively killed the once-so-vibrant FileSoup community.

Members left, and didn’t return. Only a handful of the 1,043,311 registered members check in on an average day, compared to the tens of thousands of visitors a few years ago. As the visitor count dropped, the interest of FileSoup administrator Geeker waned.

“Unfortunately, the glory days are in the past. When I was raided almost 3 years ago, there was a mass exodus and since then Filesoup’s interest has continued to wane severely, which for me, has been so sad to experience,” Geeker explains.

The result is that after more than eight years the site is now closing down for good.

“Filesoup has had a great run, since February 2003 we were online as one of the first BitTorrent sites and with our vibrant, helpful community, we grew at a tremendous rate, to at one time being listed in the top 50k visted websites on the internet. We morphed, updated, expanded and changed so much over the years, it was truly an awesome ride,” Geeker writes

“A lot of people and sites have learned, copied, emulated and grown from the things that we did and what went on here, heck we were online long before The Pirate Bay or SuprNova were even thought of.”

As a BitTorrent community FileSoup will certainly be remembered by many of the early BitTorrent adopters. Unlike many of the popular BitTorrent sites today, the community was more important than anything else.

Geeker informs the site’s members that he’s not selling the database, but the FileSoup domains are being put up for auction for those who want to buy a piece of BitTorrent history.
https://torrentfreak.com/worlds-olde...s-down-120605/





Movies.io Reinvents Movie Torrents, With Style
Ernesto

Movies.io is a new torrent search engine dedicated to movies, but one that goes above and beyond the average torrent site. Movies.io combines a pleasant and great-looking user interface with all the functionality needed to find and collect the best films out there. In a way it’s both a threat and inspiration to Hollywood.

Every year hundreds of new torrent sites are launched, but only a few manage to rise to the top. Movies.io is one of these newcomers, and since it has something unique to offer it is likely to stick around.

The site can be best described as a movie torrent database with a beautiful design and the ability to create movie watch lists. The site itself doesn’t host any torrents, but lists magnet links instead. At the time of writing, the movies.io database contains 4317 movies and 13,534 magnet links.

When users search for a movie, they get a page with a large backdrop image and movie details such as the plot, genre and rating which is pulled from themoviedb.org. Logged in users also have the option to add movies to their watchlists and share these with others, or collaborate on them.

TorrentFreak got in touch with one of the founders, who we’ll call Jack, to find out more about the project. He told us that a precursor to the current site was actually a gift to his girlfriend.

“The initial motivation is actually kinda cute: my long-distance girlfriend and I love to watch movies together, but come the evening we can never remember which! For her birthday, one of my gifts was the precursor of Movies.io, basic but functional,” Jack told us.

But there was another driving force. Jack and his friends also find the current official options to download movies rather limited or overly complicated.

“Technology should be simple, and serve humanity. Content distribution is hard, not because we don’t have the tech for it, but because of legal concerns. Matthew Inman of The Oatmeal has a hilarious comic on trying to watch Game of Thrones legally: unfortunately, this experience is far from isolated.”

“The internet is of legal drinking age, yet we are stuck with a slew of poorly designed, incompatible, proprietary, flawed, restrictive solutions for watching and downloading multimedia content legally. BitTorrent is fascinating because it takes advantage of the distributed nature of the internet to share content efficiently between thousands of peers.”

Eventually, and after two weeks of coding, Movies.io was born and ready to be shown to the public. According to Jack the site is made by and for movie enthousiasts. A no-nonsense site that is unspoiled by ads, and one that’s intuitive and efficient to use.

“I think the service is unique in the way that it combines an open movie database, a good torrent search engine, and a very pure user interface. We give you a way to discover new movies and make collections of them, that’s it,” Jack told us.

“In a way, our love for movies shows through the design and general experience of the website. Some movies are pieces of art, and they deserve to be treated as such. The content is given a central place, through gorgeous full-screen backdrops, high-resolution covers, and plot. We don’t feature trailers, as they usually spoil a good movie, trying to wow people rather than ease into the ambiance.”

But there’s always the legal side of things. While Movies.io has plenty of legal content on the site, it also links to Hollywood blockbusters. This means that it will be a prime target for the MPAA, who believe that torrent search engines are facilitating content theft.

Jack and his friends are aware of the legal threats they could run into, but believe they have little to worry about.

“We are prepared for them, but then again, there is not much legal ground to stand on for potential takedown requests: we don’t host any copyrighted material on the website. We don’t even store torrent files, we just have magnet links, like The Pirate Bay,” Jack told us.

“The legal demise of Movies.io would be a sad turn of event. That said, as lunatic as they were, the TPB founders had one thing right: sink one ship, ten others will replace it. Content distributors are fighting against a wave bigger than them: in a way, they have already lost.”

According to Jack, content creators should embrace BitTorrent and other novel distribution methods, and they encourage movie makers to get in touch.

“We think there is a win-win scenario possible for content creators on such a platform: see the recent success of Louis CK’s $5 sale. While still too rare, it shows that there is definitely something waiting to happen. TPB has its Promo Bay, and we could very well launch something similar. If you are an independent content creator and would like to discuss your options, don’t hesitate to drop us a mail,” Jack concludes.
https://torrentfreak.com/movies-io-r...rrents-120602/





The Future of BitTorrent is Decentralized, Anonymous, Free

BitTorrent has a reputation for only being useful for stealing media from impoverished conglomerates, but at its heart, the file sharing protocol is about the free exchange of information. Researchers at Delft University of Technology are getting ready to release a BitTorrent client called Tribler that adds decentralized anonymity into the mix, for free.

Tribler is a BitTorrent client, and just like all other BitTorrent clients, you can use it to download data over a peer-to-peer network. Where Tribler differs, however, is in how you can use it to find the data that you want: instead of relying on a central index of torrent files (like The Pirate Bay), Tribler creates its own decentralized network, meaning that even if every single BitTorrent site is axed, Tribler will still work just fine.

The other big difference with Tribler (or at least, with the update that's scheduled to be released in two or three months) is anonymity. Or rather, free anonymity. Current BitTorrent clients allow you to pay money to subscribe to a proxy network to keep your IP address (the thing that identifies you and your computer) hidden. Tribler's goal is to provide that level of anonymity automatically and without costing you anything. You might think that this would lead to a performance hit, but by caching content across the network, Tribler is actually faster than popular clients like uTorrent, to the point where it becomes possible to stream video torrents directly like YouTube.

It's important to understand that file sharing (or let's call it "information sharing) is about much, much more than just pirating music or movies or whatever. You have an Internet service provider, and you live somewhere that's run by some sort of government, and if either of these parties decide that there's information out there that you'd be better off not knowing, they have the capability to censor whatever they want. Call this paranoia if you like, but there are plenty of places all over the world where this is already happening. It's for this reason that having tools like Tribler and Tor is vital. You may not need to use them, but some people do, and for those people, the importance of reliable and anonymous access to data can't be overestimated.
http://dvice.com/archives/2012/06/the-future-of-b-1.php





Germany Increases 'You Are All Pirates' Tax On Solid State Media By 2000%
Glyn Moody

Techflaws alerts us to an announcement by ZPÜ, the organization responsible for setting the levy on storage media in Germany, that fees will rise rather significantly (German original). For a USB stick with a capacity greater than 4 Gbytes, the tax would increase from 8 eurocents (about 10 cents) to 1.56 euros (about $1.93), a rise of 1850%; for a memory card bigger than 4 Gbytes, the fee would go up from 8 eurocents to 1.95 euros (about $2.42), an increase of 2338%.

No justification for such a huge jump was offered, but since one of the constituent members of ZPÜ is the German music collection society GEMA, which seems to have an unlimited sense of entitlement when it comes to demanding money from the public, that's hardly a surprise.

In particular, no rationale is given for including memory cards, which are used almost exclusively in cameras to record content produced by end-users -- so the idea that the levy is somehow justified as a way of compensating creators for revenue supposedly "lost" by piracy is manifestly absurd.

Basically, this outdated and insulting approach treats all Germans using digital storage as if they were pirates. Of course, arbitrarily imposing 2000% tax hikes on storage is probably the quickest way to turn them into something much more dangerous to GEMA and its friends: ardent supporters of the German Pirate Party....
http://www.techdirt.com/articles/201...dia-2000.shtml





Recording Industry Data Shows Canada a Global Leader For Paid Digital Downloads
Michael Geist

The IFPI, the global recording industry association, recently released its Recording Industry in Numbers 2012, which provides detailed sales data from countries around the world. Years ago, the Canadian Recording Industry Association would promote its annual sales data, but it no longer does. Perhaps that is because the data tells a far different story from the one CRIA (now Music Canada) seeks to promote. While CRIA talks about "rebuilding the marketplace", the industry's own data indicates that Canada already stands among the global leaders in digital music sales.

The most obvious metric (and one relied upon by IFPI) is paid digital music downloads. According to the IFPI data, Canadians purchased 94.2 million single track downloads in 2011, making it the third largest market in the world (trailing only the U.S. and UK). The Canadian numbers represented a 39% increase in sales, far ahead of the U.S. (8% growth) and U.K. (10% growth). The data shows Canadians purchased more single track downloads than Germany or Japan, and more than double the sales in France, despite the fact that each of those countries has far larger populations. In fact, Canadian sales were larger than all the sales from Austria, Belgium, Croatia, Finland, France, Greece, Ireland, the Netherlands, Portugal, Spain, and Sweden combined. Moreover, given the current growth rates, Canada seems likely to pass the U.S. on per capita single track downloads in about 18 months (not coincidentally iTunes entered the Canadian market 18 months after it debuted in the U.S.).

A comparison between Canada and France is particularly noteworthy since the IFPI often points to the French three strikes and you're out approach (HADOPI) as a model for copyright enforcement. Yet in 2011, the first full year with HADOPI in place in France, Canadian digital downloads grew faster than the French market (39% to 29%) with 34 million Canadians buying 94.2 million single track downloads, while 65.3 million French bought 43 million single track downloads.

Not only is the Canadian digital market far larger than virtually every European market, it continues to grow faster than the U.S. digital music market as well. In fact, the Canadian digital music market has grown faster than the U.S. market for the past six consecutive years. The latest data on digital music sales growth:

Year
Canada
United States
2011
31%
9%
2010
20%
1%
2009
38%
8%
2008
58%
27%
2007
73%
45%
2006
122%
65%

The 2011 data is also notable because growth accelerated after declining for several years. Canadian overall music sales growth was also positive, growing by 2.6%. By comparison, among the top 20 global markets, the U.S., Japan, Germany, UK, France, Netherlands, Italy, Spain, Switzerland, Belgium, Austria, Norway, and South Africa all declined. It goes without saying that all of this growth and global leadership has occurred without copyright reform or digital lock rules.

While the news is obviously a very good one for record labels (despite their seeming desire to hide it), it is worth noting that the share of Canadian artist revenues from Canadian sales is lower than most other countries. According to the IFPI's statistics of repertoire origin (for physical sales), Canadian artists garner only 30 percent of sales. By comparison, countries such as the U.S. (93%), Finland (67%), France (65%), Germany (46%), Italy (54%), UK (42%), Brazil (63%), and South Africa (48%) domestic artists all generate far more sales. Language is certainly a factor (Australia has a similar 31% rate), but the data highlights why foreign record labels have been so aggressive in lobbying the Canadian market as benefits accrue disproportionately to labels representing foreign artists rather than Canadian ones.
http://www.michaelgeist.ca/content/view/6527/125/





Piracy Talks Set for Thursday
Josh Taylor

Despite concerns that the talks will fall over, the Australian Government will hold another set of piracy meetings with internet service providers (ISPs), content owners and consumer groups on Thursday.

The secret meetings have been ongoing since September last year, held in the hopes of finding a way to stop users from downloading copyright-infringing material. These talks have previously excluded consumer groups, which the government said at the time were not ready to be brought in on the closed-door meetings. Telstra, Optus and iiNet, as well as rights-holder lobby groups the Australian Federation Against Copyright Theft (AFACT) and the Australian Content Industry Group, have been among the attendants of previous sessions. Several Freedom of Information (FOI) requests by journalists and interested parties were unable to reveal the minutes of the meetings, nor information on who has attended the meetings held so far.

Following iiNet's decisive High Court victory against AFACT, in which AFACT had sought to show that the ISP authorises its users' infringements, iiNet CEO Michael Malone said that he would like to walk away from those meetings. Sources at the time said that the negotiations were at a stalemate, with ISPs and content owners unable to see eye to eye on the best policy model to reduce online copyright infringement.

A source close to the meetings told ZDNet Australia yesterday that the negotiations will again be held over the next few weeks. The Attorney-General's Department confirmed yesterday that the next meeting will be held this Thursday.

"A roundtable meeting will be held in Sydney on Thursday, 7 June. All parties to the previous roundtable meetings are invited, including consumer representatives. The roundtable meeting will continue the useful discussions that have taken place so far."

The Australian Communications Consumer Action Network (ACCAN) has confirmed that it will attend this meeting.

The news comes at the same time as the department responded to FOI requests filed by ZDNet Australia several months ago at the peak of public concern over the United States anti-piracy legislation known as the Stop Online Piracy Act (SOPA) and the Protect IP Act (PIPA). The documents received highlight talking points provided to ministers and department secretary Roger Wilkins, stating that the Australian Government is not currently considering similar legislation to SOPA. This confirms public statements that were made at the time.

"It is the government's preference for industry [content owners and ISPs] to work together to develop a code to address this issue," the talking points state. "The government will look closely at the outcomes of industry discussions before considering other options."
http://www.zdnet.com.au/piracy-talks...-339339099.htm





ACTA Now Rejected by Four EP Committees

The Anti-Counterfeiting Trade Agreement (ACTA) was rejected on Monday by the Development Committee, the fourth committee advising the International Trade Committee to do so. These committees' positions are not binding on the Trade Committee, which adopts its own position as lead committee on 21 June.

Civil Liberties MEPs say ACTA fails to respect the EU's fundamental rights and the Industry Committee says it does not balance the rights and freedoms of the different stakeholders. The Legal Affairs Committee voted narrowly against a recommendation to approve the controversial Agreement and the Development Committee voted overwhelmingly against ACTA.

Development committee

The Development Committee voted by 19 votes to one, with three abstentions, to recommend that Parliament reject ACTA. The rapporteur, Jan Zahradil (ECR, CZ), had initially recommended approving ACTA, on the grounds that it does not impede access to medicines, or trade in generic medicines for developing countries. However, Development MEPs passed an amendment refusing Parliament's consent.

Civil Liberties Committee

ACTA does not comply with the rights enshrined in the EU Charter of Fundamental Rights and the International Trade Committee should "recommend that Parliament declines to consent to the conclusion" of this agreement, says the Civil Liberties Committee in its opinion, which was adopted by 36 votes to one, with 21 abstentions.

Civil Liberties MEPs point out that Europe needs an international agreement to step up the fight against counterfeiting, but all deals concluded by the EU must be compatible with its treaties and ACTA does not ensure full respect for private life or full protection of sensitive personal information. The text also stresses that when fundamental rights are at sake ambiguity must be avoided and ACTA entails various layers of ambiguity.

Internet providers should not police the Internet, says this committee, urging the Commission and EU countries to ensure that the role of providers is legally clear. It also calls for an EU strategy to combat counterfeiting and piracy, which must fully respect fundamental rights in Europe.

Industry Committee

The Industry Committee voted by 31 votes to 25 to reject ACTA, saying that it fails to balance intellectual property rights, business freedom, protection of personal data and the freedom to receive or provide information. It also says ACTA's approach to intellectual property ignores the specific features of each sector and adds that the Agreement's lack of definitions could create legal uncertainty for European firms.

Amelia Andersdotter (Greens/EFA, SE), author of the opinion and member of the Swedish pirate party "Piratpartiet", said: "I am very satisfied that this committee has listened to the concerns of EU citizens, companies, entrepreneurs and the artistic community, who do not believe that ACTA is the way forward".

Legal Affairs Committee

The Legal Affairs Committee voted by 12 votes to 10, with two abstentions, to reject the opinion drafted by Marielle Gallo (EPP, FR) endorsing ACTA. Ms Gallo dissociated herself with the outcome and a new opinion reflecting the committee's position will now be drafted by Evelyn Regner (S&D, AT.

Next steps

The four committees' opinions (which are not binding) will be sent to the International Trade Committee, which is the lead committee for the Anti-Counterfeiting Trade Agreement (ACTA) and will adopt its position on 21 June. The file will then pass to the full House, which must consent to the Agreement in order for it to enter into force. Parliament is scheduled to vote in the July plenary.
http://www.europarl.europa.eu/news/e...-EP-committees





Don't Mean To Be Alarmist, But The TV Business May Be Starting To Collapse
Henry Blodget

In the first decade of the commercial Internet--the 1990s and early 2000s--there were frequent murmurings that newspapers were screwed.

The digital audience didn't read newspapers, people pointed out. They visited web sites. They read articles here and there. But they didn't put the stack of articles, photos, and ads known as a "newspaper" on their breakfast table and flip through the whole thing.

What's more, the digital audience stopped using newspapers as a reference and source for commerce. They browsed on eBay and Craigslist instead of reading classifieds. They got their movie news from movie sites. They got real-estate listings from real-estate sites. They learned about "sales" and other events from email and coupon sites. And so on.

In other words, the user behavior that had supported newspaper companies for a century began to change.

But for almost a whole decade, the newspaper industry barely noticed.

Subscriptions kept going up.

Ads kept going up.

Stocks kept going up.

Those who said that newspapers were screwed were dismissed as clueless doom-mongers, at least by newspaper executives.

Then this happened:

Newspaper Ad Spending

Newspaper Association Of America

And lots of newspaper companies went broke or almost went broke. And the stock of The New York Times Company, the country's premiere newspaper, fell from $50 to $6. (See: "The Incredible Shrinking New York Times")

In other words, newspapers were screwed. It just took a while for changing user behavior to really hammer the business.

The same is almost certainly true for television.

In our household, as in many households, television consumption has changed massively over the past decade, especially over the past 5 years.

• We almost never watch television shows when they are broadcast anymore (with the very notable exception of live sports)

• We rarely watch shows with ads, even on a DVR

• We watch a lot of TV and movie content, but always on demand and almost never with ads (We're now so used to watching shows via Netflix or iTunes or HBO that ads now seem like bizarre intrusions)

• We get our news from the Internet, article by article, clip by clip. The only time we watch TV news live is when there's a crisis or huge event happening somewhere. (You still can't beat TV for that, but soon, news networks will also be streamed).

• We watch TV and movie content on 4 different screens, depending on which is convenient (TV, laptops, phones, iPad)

If not for live sports, which are consumed by exactly one member of our household (me), there is no way we would be paying for cable TV or any other kind of traditional pay TV anymore. And even as a sports fan, I'm starting to find the fragmented multi-channel coverage of the few sports I watch--like tennis (Grand Slams), baseball (Yankees), and football (Jets/Giants)--so annoying that I may soon investigate just getting those via direct subscriptions.

In other words, in our household, and in many other households like ours, the same thing has happened to the TV business that has happened to the newspaper business:

The user behavior that supported the traditional all-in-one TV "packages"--networks and cable/satellite distributors--has changed.

We still consume some TV content, but we consume it when and where we want it, and we consume it deliberately: In other words, we don't settle down in front of the TV and watch "what's on." And, again with the exception of live sports, we've gotten so used to watching shows and series without ads that ads now seem extraordinarily intrusive and annoying. Our kids see TV ads so rarely that they're actually curious about and confused by them: "What is that? A commercial?"

For now, our type of household may still be in the minority, but we won't be for long. And our type of household is the type of household that many advertisers and TV networks want to reach. We're still in "the demo" (24-55), and we're still buying a lot of stuff.

So, what are the key points of this shift in user behavior for the traditional TV business?

• "Networks" are completely meaningless. We don't know or care which network owns the rights to a show or where it was broadcast. The only question that's relevant is whether it's available on Netflix, Hulu, Amazon, or iTunes. This means that one of the key traditional "businesses" of TV--the network--is obsolete.

• The majority of what we pay our cable company is wasted. We get broadband Internet from our cable company, and we use that constantly. But we also get 500 channels that we almost never watch, along with a couple (HBO, Tennis Channel) that we pay extra for and do watch occasionally.

• We rarely watch TV ads, and when we do, we're usually doing something else at the same time--like typing. Also, the ads seem startlingly intrusive, because we're not used to them.

More directly, what this means is this:

• The vast majority of money TV advertisers spend to reach our household (~$750 a year, ~$60/month) is wasted, because we rarely watch TV content with ads, and, when we do, we rarely watch the ads.

• The vast majority of money we pay our cable company for live TV (~$1,200 a year / ~$100/month) is wasted, because we almost never watch live TV and we can get most of what we want to watch from iTunes, Netflix, Hulu, and Amazon.

This user behavior has been changing for a while, and, so far, it has had almost no impact on the TV business. On the contrary, the networks and cable companies are still fat and happy, and they're coining more and more money every year.

But remember what happened in the newspaper business.

When the Internet arrived, user behavior started to change. It took a decade for this change in behavior to hit the business. But when it hit the business, it hit it hard--and it destroyed it shockingly quickly.

And the same thing seems likely to happen to the TV business. The only questions are:

• When will it happen?
• What will it do?

Let's take the second first.

What is the shift in user behavior likely to do to the TV business?

• The traditional "network" model is likely to break down and be replaced with far larger "libraries" of content and far more efficient content production, acquisition, and distribution. Some of the content produced by networks will still be consumed (and, therefore, produced), but the idea of getting "affiliate fees" and selling advertising for each of dozens of branded networks seems absurd. This change is already occurring, of course: Traditional networks are being replaced by Netflix, iTunes, and uber-networks like "NBC Universal" and "Time Warner." There is so much money in the network business right now that, initially, this shift won't mean much. Over time, however, it will. Unprofitable networks will be merged with profitable ones. Unprofitable shows and overpaid talent will be cut. Overpaid managers will get fired. Production costs, on aggregate, will drop. Sets, crews, newsgathering, etc. will be consolidated. The fat will get squeezed out of the system.

• The cost of traditional pay TV will have to drop--users will have to get more for less, or they'll stop paying for much at all. I might value the TV content we get through our cable company at $20 a month--about 1/5th of what we pay for it. Eventually, as soon as I can figure out ways to get the few sports I watch another way, we'll stop paying the $100.

• Ultimately, the distinction between "TV" and other forms of video content will disappear. We'll pay some distributors for bundles of that content, we'll buy some of it directly, and we'll get some of it for free. But a lot of the money that is currently being wasted by us and to reach us will be spent much more efficiently.

Bottom line, as it has in newspapers, the TV business is going to have to get radically more efficient. It won't disappear--newspapers haven't disappeared--but the fat and happy days will have to end.

As for the other question, "when," the answer may be "now."

Cable TV ratings over the past year have dropped sharply, as this chart from Citi shows.

A recent survey from Nielsen, meanwhile, included some startling statistics, including the following:

• The percent of people worldwide who watch TV at least once a month dropped from 90% to 83% over the past year.

• The percentage of people who watch video on a computer once a month--84%--is now higher than the percentage who watch TV.

Needless to say, a decade ago, newspaper industry forecasters were not expecting newspaper advertising to do this:

Similarly, TV forecasters are not expecting TV advertising or subscriptions to do that over the next 10 years. On the contrary, they're expecting TV advertising to just keep going up.

But user behavior is changing fast.

And at some point, that's going to hammer the business.
http://www.businessinsider.com/tv-bu...se-2012-6?op=1





Announcing the Netflix Open Connect Network

Around the world, people are enjoying nearly a billion hours per month of movies and TV shows from Netflix. We’ve been delivering these petabytes of data exclusively through commercial content delivery networks.

Now, in addition to these general-purpose commercial CDNs, we are enabling ISPs to get Netflix video data from Open Connect, a single-purpose Netflix content delivery network we’ve established. The world’s other major Internet video provider, YouTube, has long had its own content delivery network. Given our size and growth, it now makes economic sense for Netflix to have one as well. We’ll continue to work with our commercial CDN partners for the next few years, but eventually most of our data will be served by Open Connect.

Like commercial CDNs, Open Connect will provide the Netflix data at no cost to the locations the ISP desires, or ISPs can choose to get the Netflix data at common internet exchanges. About 5% of Netflix data is already being served by Open Connect. Interested ISPs can find full details at: openconnect.netflix.com.

As part of Open Connect, we are also sharing our hardware design and the open source software components of the server. These cost-efficient designs are suitable for any high-volume provider of large media files. We welcome commentary and improvements, which will be shared with the community with the goal of a faster, less expensive Internet for all.

Ken Florance

Ken Florance is Vice President of Content Delivery at Netflix
http://blog.netflix.com/2012/06/anno...t-network.html





Netflix Plan Seen as No Big Threat to Content Delivery Firms
Supantha Mukherjee and Sruthi Ramakrishnan

Netflix Inc's plans to use its own network for streaming movies and TV shows may not be as bad for content delivery companies as the initial market reaction suggested.

Shares of Limelight Networks Inc, Akamai Technologies Inc and Level 3 Communications Inc fell on Tuesday after Netflix said it would slowly shift its video streaming traffic to its internal network.

Content delivery network (CDN) companies help media websites such as Netflix stream videos over the Internet using less-congested routes, enabling them to reach consumers faster.

"Our scale made sense for us to create our own way of delivering the movies and TV shows to more than 26 million members," Netflix spokesman Joris Evers said.

Analysts, however, said it would be difficult for Netflix to create a viable product, and even if it succeeded the shift in traffic would not be a major issue for CDN providers as they could use the freed-up bandwidth to win higher-margin customers.

"This is not Netflix's first effort at bringing CDN capabilities in-house, so there will be questions on credibility," Jefferies & Co analyst Aaron Schwartz said.

Netflix's internal network, dubbed Open Connect, currently handles just 5 percent of the company's traffic.

It will take a few more years for it to be able to deliver most of its content through Open Connect.

"A decision like this from a content publisher requires significant ongoing investment to develop software, to enable monitoring, alerting and reporting," Akamai spokesman Jeffrey Young said.

The sheer volume of Netflix traffic, estimated at 20-30 percent of U.S. Internet traffic at peak periods, allowed the company to drive a hard bargain with CDN providers, leaving them with a small profit margin.

"Usually your largest customers are your lowest-margin customers," Limelight CEO Jeffrey Lunsford told Reuters.

"To us, the whole Netflix thing is much ado about nothing. We've them for another year and a half and we've plenty of opportunities to replace their traffic and we are growing other services."

Akamai got about 1 percent of its 2011 total revenue of $1.16 billion from Netflix, Level 3 less than 0.5 percent of its core network services revenue of about $3 billion, and Limelight about 11 percent its overall revenue of $171 million.

"If Limelight could backsell the revenue it bleeds off with smaller customers that pay a higher price per megabyte or terabyte, then it's a win-win situation," Capstone analyst Rod Ratliff said.

Jefferies and Co's Schwartz said revenue from Netflix was not profitable for Limelight, and that the company had refused to raise Netflix volumes in the past for this reason.

"We have known about this for many months, and Netflix has been talking about their intentions for many years. It is not material to Akamai," spokesman Young said.

Wells Fargo analyst Jennifer Fritzsche said Level 3 could benefit from the network capacity Netflix would have to buy to support its CDN.

Netflix said it was open to sharing its Open Connect software and hardware designs with others interested in creating a content delivery network.

Limelight shares, which fell 12.5 percent on Tuesday, were up 2.5 percent at $2.42 in early trading while Akamai's shares were up 4 percent at $28.51 after dropping 3 percent the previous day. Level 3, which initially fell on the Netflix news, was up 2 percent at $20.54, adding to a 2 percent gain on Tuesday.

(Reporting by Supantha Mukherjee and Sruthi Ramakrishnan in Bangalore; Lisa Richwine in Los Angeles; Editing by Ted Kerr, Sriraj Kalluvila and Saumyadeb Chakrabarty)
http://www.reuters.com/article/2012/...8550US20120606





Schools Need 100Mbps Per 1,000 Users
Grant Gross

American schools need mega-broadband networks -- and they need them soon, a new report says.

Specifically, U.S. educational institutions will need networks that deliver broadband performance of 100Mbps for every 1,000 students and staff members in time for the 2014-15 school year. That's the conclusion reached by the State Educational Technology Directors Association (SETDA).

Why the need for speed? For one thing, more and more schools are using online textbooks and collaboration tools, said Christine Fox, director of educational leadership and research at SETDA. Broadband access must be "ubiquitous" and "robust," she said, adding that schools should think of broadband as a "necessary utility," not as an add-on.

The report, called " The Broadband Imperative," further suggests that schools should upgrade their networks to support speeds of 1Gbps per 1,000 users in five years. SETDA noted that users who stream high-definition video will require download speeds of 4Mbps.

In Lawrence Township, N.J., students use videoconferencing to learn French from Canadian students, said Andrew Zuckerman, director of instructional services for the municipality's school district.

And in Maine, some schools have 1,400 concurrent broadband users, said Jeff Mao, learning technology policy director at the Maine Department of Education. That many concurrent users "are not going to live on a 10-megabit pipe," he said. "They need a much more robust Internet connection."
https://www.networkworld.com/news/20...00-259811.html





As Wireless Spectrum Is Squeezed, Sharing Is Seen as Solution
Brian X. Chen

Cellphone carriers like AT&T and Verizon say they are worried about running out of the radio spectrum that carries wireless calls and data, and they want the government to give them more chunks of it. But a number of companies are developing technology that could change the whole spectrum game by using radio frequencies more efficiently.

Their efforts are getting a powerful endorsement. A presidential advisory committee, which includes executives from Google and Microsoft, plans to present a report this month that explores ways in which computerized radio technologies could make better use of spectrum.

In a presentation last month, the committee said the technologies would allow federal agencies and other organizations to share the spectrum bands they control with the carriers, and could potentially improve efficiency by a factor of 40,000.

One technology addressed by the report is called cognitive radio, in which the network scans for available frequencies and chooses the best one for a cellphone to use. For example, if the government has reserved some spectrum for use at an Air Force bombing range, but no bombing is happening on a particular day, cognitive radio could allow a phone to sense the open channel and switch to it.

A Florida-based company, xG Technology, developed a version of cognitive radio for the Army that allows communication on military bases. Its technology scans for open channels and clears up interference on busy channels so more people can use them. Rick Rotondo, vice president for marketing at xG, compared its technology to noise-canceling headphones, which listen for noise and generate a signal to cancel it out. In a similar way, xG’s cognitive radio technology listens for interference and calculates a way to reduce it, he said.

Cellphone carriers have been warning the government about a looming “spectrum crisis,” — a situation in which the rising demand for wireless data will eventually exhaust their resources. This, they say, could slow mobile devices and stifle the economy. But the report suggests that spectrum constraints could be resolved if the government were to push carriers to embrace technologies that provide greater efficiency.

John C. Coleman, chief executive of xG Technology, said concerns over spectrum capacity were valid, because the techniques that the carriers are now using will lead to a shortage. But newer technologies, he said, would fix the problem.

“The spectrum crisis is completely avoidable,” Mr. Coleman said. “If we start incorporating advanced and proven technologies like cognitive radios and smart antenna systems now, we can get ahead of the mobile broadband demand curve and stay ahead of it.”
Other companies in this industry include Shared Spectrum, which has also developed cognitive radio systems for the Defense Department, and Cognitive Radio Technologies, which is working to commercialize technology developed at Virginia Tech.

Some veterans of the wireless industry, like Martin Cooper, a former Motorola executive who helped create the first cellphone, have been saying all along that technology could be the answer to the wireless industry’s growing pains.

“The committee is proposing the approach that I’ve been advocating for over 20 years,” he said. “The magic that makes all of this work is already known.”

Mr. Cooper said that even if the government granted the carriers a little bit more spectrum, there would be no guarantee that it would be enough to handle the ever-rising number of data-guzzling smartphones and tablets. “How can 20 percent more spectrum — which is, in their wildest dreams, as much as they’re ever going to get — how can that solve the problem when you need 20 times more spectrum?” he said. “They’re not using technology that exists today and was demonstrated 10 years ago.”

The major carriers have seemed wary of any technology that might reshape the status quo in their business. CTIA, the wireless association that represents the carriers, has said that its members are excited about the idea of spectrum sharing, but that giving the carriers more spectrum should still remain the government’s top priority.

Chris Guttman-McCabe, vice president of regulatory affairs at CTIA, said he was skeptical about cognitive radio technology in general because it had not yet been used commercially and it was unclear whether it would be a viable solution nationwide.

The association says that even if the technologies described in the report can indeed improve spectrum capacity a thousand times, it still wants the government to make more spectrum available by “clearing” frequencies that are currently underused.

But if the technologies succeed in delivering so much extra capacity, why would the carriers need more spectrum? Mr. Guttman-McCabe said that it was not clear who would get access to the spectrum that would be shared with federal agencies, and how often the carriers would get to use it. He said it would still be preferable for the wireless industry to have more spectrum for itself.

“We’re eager to see that the administration is going to focus on clearing spectrum and that the fallback will be sharing — that the gold standard is trying to find cleared spectrum,” Mr. Guttman-McCabe said.

Even if President Obama chose to adopt newer technologies for spectrum sharing, it would take some time to roll out all of the technology required to get a big increase in efficiency. For example, for cognitive radio to work in the mass market, smartphones would need to ship with more advanced antennas and circuitry so they could scan for clearer channels, Mr. Rotondo said.

Cognitive radio is one of several technologies that could help make better use of radio spectrum. Mr. Cooper said he had more faith in nearer-term solutions, like smart antennas. A traditional radio antenna on a cellphone tower spews energy out in all directions. By contrast, a smart antenna would direct energy straight at the phones, reducing congestion. (Mr. Cooper previously founded ArrayComm, a company that made software for smart antennas, but he is no longer associated with it.)

One approach that is being tested on cell networks is femtocells, which are also called small cells. Some femtocells, which consumers can buy to install in their homes, are designed to improve cellphone reception by routing calls and data over broadband connections.

Julius Genachowski, chairman of the Federal Communications Commission, said at a CTIA Wireless conference last month that small cells would be critical to meeting the rising demand for mobile data because they allowed carriers to build a denser patchwork of cells. “Small cells are a big deal,” Mr. Genachowski said during a keynote session. “The small-cell revolution will drive enormous change in wireless in the coming years.”

The commission will be holding proceedings on making a band of spectrum available for carriers to install small cells on their networks, reducing the pressure on the carriers’ main spectrum bands.
https://www.nytimes.com/2012/06/07/t...-solution.html





Apple Buddies Up With Cheaper Wireless Partners for iPhone
Brian X. Chen

Sprint said on Thursday that the iPhone would become available this month on Virgin Mobile USA, its service for prepaid plans, where customers pay for the service as they use it. The cost will be considerably less than the fees contract customers pay monthly to use an iPhone — once you get past the upfront price of the phone itself.

Customers who opt to buy an iPhone with a prepaid plan will have to spend $650 for the iPhone 4S, or $550 for the older iPhone 4. But the baseline $30 monthly fee includes 300 minutes, unlimited data and unlimited text messages. By contrast, AT&T and Verizon no longer offer unlimited data plans, and their contract customers pay upward of $90 a month to use an iPhone.

The Virgin Mobile deal follows in the footsteps of Leap Wireless, which also recently said that the iPhone would be available on its prepaid service, called Cricket.

Why exactly is Apple suddenly making the iPhone available with these prepaid service plans? Tero Kuittinen, a mobile analyst and vice president of Alekstra, a company that offers services to help phone customers lower their monthly bills, has a theory. He said he had heard from smaller carriers that Apple was upset with the expensive plans offered by Verizon and AT&T. By making the iPhone available with cheaper plans, it hopes to put pressure on the big carriers to cut their prices, he said.

“AT&T and Verizon have expensive iPhone monthly packages, and now that Sprint and T-Mobile are fading so badly, they feel no pressure,” he said. “America is in danger of devolving into a carrier duopoly.”

In January, AT&T raised the minimum price of its data plan to $20 for 300 megabytes of data from $15 for 200 MB of data. Verizon charges smartphone customers $30 for two GB, $50 for five GB or $80 for 10 GB.

So if the prepaid plans are so much cheaper, why aren’t as many people buying them? Mr. Kuittinen said a prepaid phone’s network coverage is only as good as the carrier its service provider is piggybacking on — and in the case of Virgin Mobile, they’re using Sprint’s network. He said that in the long term, customers could save at least $600 if they went the prepaid route, but not many people do the math, so they choose to get a lower-price phone and pay higher monthly fees instead.

“They’d rather pay $100 upfront and then overspend $2,000 over a two-year plan,” he said.
http://bits.blogs.nytimes.com/2012/0...rs-for-iphone/





U.N. Could Tax U.S.-Based Web Sites, Leaked Docs Show

Global Internet tax suggested by European network operators, who want Apple, Google, and other Web companies to pay to deliver content, is proposed for debate at a U.N. agency in December.
Declan McCullagh and Larry Downes

The United Nations is considering a new Internet tax targeting the largest Web content providers, including Google, Facebook, Apple, and Netflix, that could cripple their ability to reach users in developing nations.

The European proposal, offered for debate at a December meeting of a U.N. agency called the International Telecommunication Union, would amend an existing telecommunications treaty by imposing heavy costs on popular Web sites and their network providers for the privilege of serving non-U.S. users, according to newly leaked documents.

The documents (No. 1 No. 2) punctuate warnings that the Obama administration and Republican members of Congress raised last week about how secret negotiations at the ITU over an international communications treaty could result in a radical re-engineering of the Internet ecosystem and allow governments to monitor or restrict their citizens' online activities.

"It's extremely worrisome," Sally Shipman Wentworth, senior manager for public policy at the Internet Society, says about the proposed Internet taxes. "It could create an enormous amount of legal uncertainty and commercial uncertainty."

The leaked proposal was drafted by the European Telecommunications Network Operators Association, or ETNO, a Brussels-based lobby group representing companies in 35 nations that wants the ITU to mandate these fees.

While this is the first time this proposal been advanced, European network providers and phone companies have been bitterly complaining about U.S. content-providing companies for some time. France Telecom, Telecom Italia, and Vodafone Group, want to "require content providers like Apple and Google to pay fees linked to usage," Bloomberg reported last December.

ETNO refers to it as the "principle of sending party network pays" -- an idea borrowed from the system set up to handle payments for international phone calls, where the recipient's network set the per minute price. If its proposal is adopted, it would spell an end to the Internet's long-standing, successful design based on unmetered "peered" traffic, and effectively tax content providers to reach non-U.S. Internet users.

The sender-pays framework would likely prompt U.S.-based Internet services to reject connections from users in developing countries, who would become unaffordably expensive to communicate with, predicts Robert Pepper, Cisco's vice president for global technology policy.

Developing countries "could effectively be cut off from the Internet," says Pepper, a former policy chief at the U.S. Federal Communications Commission. The ETNO plan, he says, "could have a host of very negative unintended consequences."

It's not clear how much the taxes levied by the ETNO's plan would total per year, but observers expect them to be in the billions of dollars. Government data show that in 1996, U.S. phone companies paid their overseas counterparts a total of $5.4 billion just for international long distance calls.

If the new taxes were levied, larger U.S. companies might be able to reduce the amount of money they pay by moving data closer to overseas customers, something that Netflix, for instance, already does through Akamai and other content delivery networks. But smaller U.S. companies unable to afford servers in other nations would still have to pay.

The leaked documents were posted by the Web site WCITLeaks, which was created by two policy analysts at the free-market Mercatus Center at George Mason University in Arlington, Va, who stress their Wikileaks-esque project is being done in their spare time. The name, WCITLeaks, is a reference to the ITU's December summit in Dubai, the World Conference on International Telecommunications, or WCIT.

Eli Dourado, a research fellow who founded WCITLeaks along with Jerry Brito, told CNET this afternoon that the documents show that Internet taxes represent "an attractive revenue stream for many governments, but it probably is not in the interest of their people, since it would increase global isolation."

Dourado hopes to continue posting internal ITU documents, and is asking for more submissions. "We hope that shedding some light on them will help people understand what's at stake," he says.

One vote per country

ETNO's proposal arrives against the backdrop of negotiations now beginning in earnest to rewrite the International Telecommunications Regulations, a multilateral treaty that governs international communications traffic. The ITRs, which dates back to the days of the telegraph, were last revised in 1988, long before the rise of the commercial Internet and the on-going migration of voice, video and data traffic to the Internet's packet-switched network.

The U.S. delegation to the Dubai summit, which will be headed by Terry Kramer, currently an entrepreneur-in-residence at the Harvard Business School, is certain to fight proposals for new Internet taxes and others that could curb free speech or privacy online.

But the ITU has 193 member countries, and all have one vote each.

If proposals harmful to global Internet users eventually appear in a revision to the ITRs, it's possible that the U.S. would refuse to ratify the new treaty. But that would create additional problems: U.S. network operators and their customers would still be held to new rules when dealing with foreign partners and governments. The unintended result could be a Balkanization of the Internet.

In response to the recent criticism from from Washington, ITU Secretary-General Hamadoun Toure convened a meeting yesterday with ITU staff to deny charges that the WCIT summit in Dubai "is all about ITU, or the United Nations, trying to take over the Internet." (The ITU also has been criticized, as CNET recently reported, for using the appearance of the Flame malware to argue it should have more cybersecurity authority over the Internet.)

"The real issue on the table here is not at all about who 'runs' the Internet -- and there are in fact no proposals on the table concerning this," Toure said, according to a copy of his remarks posted by the ITU. "The issue instead is on how best to cooperate to ensure the free flow of information, the continued development of broadband, continued investment, and continuing innovation."

Robert McDowell, a Republican member of the Federal Communications Commission who wrote an article in the Wall Street Journal in February titled "The U.N. Threat to Internet Freedom," appeared to reference the ETNO's proposal for Internet taxes during last week's congressional hearing.

Proposals that foreign governments have pitched to him personally would "use international mandates to charge certain Web destinations on a 'per-click' basis to fund the build-out of broadband infrastructure across the globe," McDowell said. "Google, Tunes, Facebook, and Netflix are mentioned most often as prime sources of funding."

They could also allow "governments to monitor and restrict content or impose economic costs upon international data flows," added Ambassador Philip Verveer, a deputy assistant secretary of state.

ITU spokesman Paul Conneally told CNET this week that:

There are proposals that could change the charging system, but nothing about pay-per-click as such. There isn't anything we can comment about this interpretation because, as stated before, member states are free to interpret proposals as they like, so if McDowell chooses to interpret as pay-per-click, that is his right and similarly it is he who should provide pointers for you.

From the beginning, the Internet's architecture has been based on traffic exchange between backbone providers for mutual benefit, without metering and per-byte "settlement" charges for incoming and outgoing traffic. ETNO's proposal would require network operators and others to instead negotiate agreements "where appropriate" aimed at achieving "a sustainable system of fair compensation for telecommunications services" based on "the principle of sending party network pays."

"Not all those countries like open, transparent process"

This isn't the first time that a U.N. agency will consider the idea of Internet taxes.

In 1999, a report from the United Nations Development Program proposed Internet e-mail taxes to help developing nations, suggesting that an appropriate amount would be the equivalent of one penny on every 100 e-mails that an individual might send. But the agency backed away from the idea a few days later.

And in 2010, the U.N.'s World Health Organization contemplated, but did not agree on, a "bit tax" on Internet traffic.

Under the ITU system for international long distance, government-owned telecommunications companies used to make billions from incoming calls, effectively taxing the citizens of countries that placed the calls. That meant that immigrants to developed nations paid princely sums to call their relatives back home, as high as $1 a minute.

But technological advances have eroded the ability of the receiving countries to collect the fees, and the historic shift to voice over Internet Protocol services such as Skype has all but erased the transfer payments. Some countries see the WCIT process as a long-shot opportunity to reclaim those riches.

The ITU's process has been controversial because so much of it is conducted in secret. That's drawn unflattering comparisons with the Anti-Counterfeiting Trade Agreement, or ACTA, an international intellectual property agreement that has generated protests from Internet users across the world. (The Obama administration approved ACTA in 2011, before anyone outside the negotiations had a chance to review it.)

By comparison, the Internet Society, with 55,000 members and 90 worldwide chapters, hosts the engineering task forces responsible for the development and enhancement of Internet protocols, which operate through virtual public meetings and mailing lists.

"Not all those countries like open, transparent process," says Cisco's Pepper, referring to the ITU's participants. "This is a problem."
http://news.cnet.com/8301-1009_3-574...ked-docs-show/





Berners-Lee: World Finally Realizes Web Belongs To No One
Cade Metz

Sir Tim Berners-Lee is the reason you’re reading this story in a web browser, complete with hypertext like this and an internet address that looks like this: http://www.wired.com/wiredenterprise...m-berners-lee/. But you weren’t supposed to see the address.

In building the first web browser at Switzerland’s CERN nuclear research lab in the early ’90s, the English-born Berners-Lee designed a system where only the technicians behind the scenes would see addresses. The ordinary web user would only see text and hypertext, jumping from page to page without ever typing on a keyboard.

“On the initial design of the web, you didn’t see the http:// when you were a user. You just read text and you clicked on links,” Berners-Lee tells Wired. “In the original web browser, you had to bring up a special link inspector to see addresses. That’s why I wasn’t worried about http:// being ugly. No one would really see it.”

As the web grew, this particular vision was lost — at least in part. But you’d have to say that the web still exceeded expectations. In 2010, according to the International Telecommunication Union, close to a third of the world’s population was using the web, and after beginning life as a means of merely sharing text, it has evolved into a medium that shares everything from audio to video to entire software applications that in many ways dwarf what you can do on a local machine.

In 2004, Queen Elizabeth knighted Berners-Lee for his role in the creation of the web, and this year, after countless other honors, Sir Tim was part of the inaugural class inducted into the Internet Society’s (ISOC) Internet Hall of Fame, alongside such names as Vint Cerf and Steve Crocker.

Cerf and Crocker are just two names on a long list of internet founding fathers. The world can’t even agree on when the internet was created. But the web originated with one man. In March 1989, Tim Berners-Lee submitted a proposal to his boss at CERN for a new kind of “information management” system. His boss called it “vague but interesting,” and over the next few years, with additional help from a man named Robert Cailliau and other CERN researchers, the proposal spawned the Hypertext Transfer Protocol — HTTP, the basis for the world wide web.

Basically, Berners-Lee took the idea of hypertext and applied it to the transfer control protocol (TCP) and domain naming system (DNS) that already underpinned the internet. At that point, in the late 80s, the hypertext idea was a common one. As Berners-Lee points out, it was already part of CD-ROM interfaces and other technologies. “I just had to take the hypertext idea and connect it to the TCP and DNS ideas and — ta-da! — the World Wide Web,” he once wrote.

The particular choices he made at the time still reverberate. Two years ago, in an interview with The Times of London, Berners-Lee said that in hindsight, he could have left out the two slashes at the beginning of a web address and saved the world “so much hassle.” But in designing an HTTP address, he wasn’t trying to serve the everyman. He was trying to make it as familiar as possible to those already steeped in the particulars of using hardcore computer systems.

“The formats and protocols were designed to look as much like the existing ones as possible,” he explains, saying that HTTP was designed to look like NNTP, or Network News Transfer Protocol, which was used for internet newsgroups. “The aim was for people who worked with the protocols to look at them and say: ‘Oh, yeah, I see what’s going on here.”

The hypertext markup language (HTML) that defines webpages was meant to look like an existing markup language — a particular type of SGML, Standard Generalized Markup Language — used at CERN. And the double slash at the front each web address came from a file system for a computer workstation called the Apollo/Domain. “The double slashes were there because, on some computer systems, that was already used to mean: ‘We’re going outside the computer now.’ The single slash was for the local file system. The double slash was for the outside.”

But those long web addresses wound up right in front of the end user when researcher outside of CERN began building web browsers, including Marc Andressen, who built the seminal Mosaic browser at the National Center for Supercomputing Applications (NCSA) at the University of Illinois Urbana-Champaign. They put the address bar right there at the top of the page.

So even the basics of the web are a little different than Berners-Lee imagined. And the names of those addresses is different too. Though the world calls them URLs — uniform resource locators — Sir Tim still prefers to call them URIs — for universal resource identifier.

But this is part of the web’s appeal. Berners-Lee didn’t just create that web, he decided that his creation should be “open,” that anyone could use the same technology at no charge. This allowed the web to spread, but it also allowed it to evolve in ways few could have foreseen.

Yes, those arcane URLs — er, URIs — are still there, though Google and others have shortened them in some cases. But in a way, it’s only fitting. In spreading to a third of the world’s population, the web has made us all into techies — of a kind.

Berners-Lee says that as the web spread, he worried that the general public wouldn’t understand the importance not only of keeping the underlying formats and protocols open, but preventing any one entity from controlling the internet itself. In recent years, however, he’s been pleasantly surprised with how the world has responded to these issues.

Yes, he still has complaints — most notably with the rise of local software applications at the expense of the open web on mobile devices. “If you’re browsing through an iPhone app, you can’t just take a URL and tweet it or email it to your friends,” he says. “When you have a URL, it’s part of the web, part of the discourse of humanity. People can see if they’re good or they’re bad. They can review them, and search engines can find them.”

“If you make a phone app or a tablet app, the data on it is not participating in all of that. You lose something.”

The same goes, he says, for much of the data stored on social networks such as LinkedIn and Facebook, which are designed, in part, to restrict access to information. “They’re silos. Facebook knows what pictures you’re in, but you can’t use that data when you’re on LinkedIn. You can’t share the same photo with your LinkedIn friends and your Facebook family.”

But on the other hand, he believes the world now understands how important it is to ensure that governments and ISPs provide unfettered access to the web. “The major concern is always that some large organization gets to control the net, whether it’s a country or a corporation,” he says. “But over the last few years, the public in general have become much more aware of this issue. I used to feel I was alone in a void saying: ‘You have to make sure no one controls the internet.’ But not anymore.”

For instance, he says, when a country such as Egypt clamps down on internet access, the objection is widespread. And much the same happens when an ISP tries to unnecessary block content or traffic. “You now hear the outcry,” he says.

As for those lengthy addresses, he says they’re here to stay. They provide a certain amount of security. “We need them for trust,” he says. “You need to check the domain name to make sure you’re where you want to be.” And, well, those addresses are what make the web the web.

“The URL will be the last thing to change,” he says, “because that’s the thing that ties it all together.”
http://www.wired.com/wiredenterprise...m-berners-lee/





O2 and Be Broadband are Latest to Block The Pirate Bay
BBC

O2 is set to block its customers from accessing file-sharing site The Pirate Bay from 0001 BST on Friday, the internet service provider has said.

The move means customers of Be Broadband, a subsidiary of O2, will also be blocked from the site.

The ISP is the latest to fall in line following a High Court order in April.

A judge ruled that TPB was facilitating copyright infringement by providing links to download pirated content.

'Obliged to comply'

In a statement, O2 said: "The main UK internet providers were ordered by the high court to block access to specific IP addresses and URLs used by The Pirate Bay website.

"We have no option but to comply with this order and will be doing so overnight."

Be Broadband posted a message about the blocking measures on its company blog.

It said: "Our parent company was one of the named ISPs so we are obliged to comply.

"We wouldn't chose to do this voluntarily but we need to comply with UK laws just like any UK business. We're aware of the concerns voiced by members about the broader issue."

TalkTalk is now the last remaining ISP featured in the court order not to have implemented a block on the Swedish-based site.

BT, which was given extra time to make necessary arrangements, told the BBC it would make an announcement regarding TPB in "due course".
http://www.bbc.com/news/technology-18358483





Are You Okay With Airtime Secretly Taking Photos Of You While You're Video Chatting?
Kashmir Hill

Airtime: You watch it. It watches you.

Facebook is boring, according to a third of its users. Yikes! Luckily, tech entrepreneur Sean Parker plans to save the day, launching a new video chat service called Airtime. Parker agrees with the bored Facebookers, telling my colleague Steve Bertoni that he created the service because he’s “bored by the Internet” and wants “fun crazy things [to] happen online.”

But perhaps not too crazy. The site has some interesting security features to ensure it doesn’t turn into the penis-scare-zone that was the short-lived media darling Chatroulette. One way Airtime will monitor the site is by taking “snapshots of users periodically to ensure site safety,” says a spokesperson. Sexy-time and privacy-minded chatters may want to stick to Skype…

Airtime is being heralded as a novel web-based video chat service (surely causing the creators of Google Hangouts to mutter Parker’s name to themselves angrily, Jan Brady style). The novelty of Airtime (which is ripped off from inspired by Chatroulette) is the ability to connect with strangers through the service, ideally those with shared interests. Users can be pseudonymous, but they have to connect to the service through Facebook (so Airtime knows who you are, even if those with whom you chat don’t).

“Summary: Airtime is chatroulette, built on Facebook and with fewer penises,” tweeted writer Baratunde. How will Airtime keep digital flashers from invading the service? Three ways: 1) Facial recognition technology: wrong head and you’re banned. 2) Site monitors. 3) User policing, reports Bertoni:

[b]ecause you access Airtime through Facebook, Airtime knows who you are. Users can flag other users to be reviewed by a monitoring team that can judge suspect interactions. There are also other indicators–like if a person keeps getting skipped very quickly by a series of users–that can put the person under review. One violation–read unwanted nudity etc–and you’re banned for life.

via Sneak Peek At Parker And Fanning’s New Start Up Airtime – Forbes.

A close look at the privacy policy might leave you wondering what exactly the monitoring team will be reviewing. Airtime’s privacy policy — which is a refreshingly easy read — states, “By using our Service, you are consenting to have your image and conversations recorded by Airtime.”

Recording oral/video conversations would be unusual. Neither Skype nor Google record or store private video chats (though Google does record and send to YouTube live-streamed “Hangouts on Air,” that are intended to be broadcast). An Airtime spokesperson says that not all conversations are automatically recorded.

“Airtime does not record any audio or video conversations without the user’s explicit informed consent,” wrote the spokesperson in an email. “Airtime takes snapshots of users periodically to ensure site safety. Text conversations are saved and visible to the user indefinitely in Airtime to provide a better user experience.”

Clarification: The Airtime spokesperson shot me an email in the evening after this was published, clarifying that “Airtime only does snapshots between users who aren’t already friends, NOT between direct connections.”

Are you okay with Airtime taking a snapshot of you periodically to ensure compliance with their policies? It’s a little creeptastic to have the company help itself to the feed from your webcam to monitor use of the site, but could help keep actual creeps off the site. Is it worth the trade-off?
http://www.forbes.com/sites/kashmirh...ideo-chatting/





Worst Companies at Protecting User Privacy: Skype, Verizon, Yahoo!, AT&T, Apple, Microsoft

EEF Privacy Report 2012: Who’s Protecting Our Privacy
Radu Tyrsina

We’re living our lives more and more in the online environment. Eventually, we end up giving a lot of our personal data, whether we’re talking about a social network account, email service or a national carrier. Our conversations are being wire-tapped, our online surfing is being stored. Which are the companies that fight for our rights when the government wants to know more? Who protects our privacy?

This privacy report has been done by the Electronic Frontier Foundation and should be taken with all seriosity. When government agencies come asking for your personal data and your activity logs, who is fighting for your rights and who’s acting like a peaceful sheep, pleasing the Big Brother?

The chart from above shows how many stars the participating companies has been given. The rating has been made according to these factors:

Tell users about data demands: a public commitment to inform users when their data is sought by the government. To earn a star in this category, Internet companies must promise to tell users when their data is being sought by the government unless prohibited by law. This gives users a chance to defend themselves against overreaching government demands for their data.

Be transparent about government requests: transparency about when and how often companies hand data to the government. This category has two parts. Companies earn a half-star in this category if they publish statistics on how often they provide user data to governments worldwide. Companies also earn a half-star if they make public any policies they have about sharing data with the government, such as guides for law enforcement. (If a company doesn’t have law enforcement guidelines at all, though, we don’t hold that against them). Companies that publish both statistics and law enforcement guidelines receive a full star.

Fight for users’ privacy rights in the courts: to earn recognition in this category, companies must have a public record of resisting overbroad government demands for access to user content in court. Not all companies will be put in the position of having to defend their users before a judge, but those who do deserve special recognition.

Fight for users’ privacy in Congress: Internet companies earn a star in this category if they support efforts to modernize electronic privacy laws to defend users in the digital age by joining the Digital Due Process coalition.

You can see in the above chart which companies received the highest score and which ones the lowest one. EFF said that they’ve observed a real improvement in the way companies react towards users’ privacy. Especially such companies as Sonic, Linkedin, Dropbox or Facebook. These are the companies that “listened” to complaints and made the right adjustments. It’s sad to see Apple and Microsoft having such low scores, though. Not to mention the score of Verizon, Skype and MySpace…

Privacy Report Company Ranking

Sonic.net – 4 stars
Twitter – 3.5 stars
Google, Dropbox, Linkedin – 3 stars
Spideroak – 2.5 stars
Amazon – 2 stars
Facebook – 1.5 stars
Yahoo!, Microsoft, Loopt, Comcast, Apple, AT&T – 1 star
Foursquare, MySpace, Skype, Verizon – 0 stars

Let’s hope that, by next year, the companies with low scores will up their games and that we’ll see even more companies in this list. If more and more companies will fight for our rights, in Congress and courts, maybe we won’t see any ACTAs, SOPAs anymore…
http://www.maindevice.com/2012/06/03...ple-microsoft/





Rethinking Privacy in an Era of Big Data
Quentin Hardy

Some years ago an engineer at Google told me why Google wasn’t collecting information linked to people’s names. “We don’t want the name. The name is noise.” There was enough information in Google’s large database of search queries, location, and online behavior, he said, that you could tell a lot about somebody through indirect means.

The point was that actually finding out people’s names isn’t necessary for sending them targeted ads. It can probably lead to trouble, as Google’s own adventures in Wi-Fi snooping show. Even without knowing your name, increasingly, everything about you is out there. Whether and how you guard your privacy in an online world we are building up every day has become increasingly urgent.

“Privacy is a source of tremendous tension and anxiety in Big Data,” says Danah Boyd, a senior researcher at Microsoft Research. Speaking last week at a conference on Big Data at the University of California, Berkeley, she said, “It’s a general anxiety that you can’t pinpoint, this odd moment of creepiness.” She asked, Iis this moving towards a society that we want to build?”

If conventional understanding chafes at the idea that our names are mere noise, consider the challenge in Ms. Boyd’s point about the self in a highly networked society. Take personal genetic data. “If I give away data to 23andMe, I’m giving away some of my brother’s data, my mother’s data, my future kid’s data.” For that matter, “Who owns the e-mail chain between you and me?”

Privacy is not a universal or timeless quality. It is redefined by who one is talking to, or by the expectations of the larger society. In some countries, a woman’s ankle is a private matter; in some times and places, sexual orientations away from the norm are deeply private, or publicly celebrated. Privacy, Ms. Boyd notes, is not the same as security or anonymity. It is an ability to have control over one’s definition within an environment that is fully understood. Something, arguably, no one has anymore.
“Defaults around how we interact have changed,” she said. “A conversation in the hallway is private by default, public by effort. Online, our interactions become public by default, private by effort.”

There other ways in which we can lose control of our privacy now. By triangulating different sets of data (you are suddenly asking lots of people on LinkedIn for endorsements on you as a worker, and on Foursquare you seem to be checking in at midday near a competitor’s location), people can now conclude things about you (you’re probably interviewing for a job there) that are radically different from either set of public information.

What is to be done? Ms. Boyd has made a specialty of studying young people’s behavior on the Internet. She says they are now often seeking power over their environment through misdirection, such as continually making and destroying Facebook accounts, or steganography, a cryptographic term for hiding things in plain sight by obscuring their true meaning. “Someone writes, ‘I’m sick and tired of all this,’ and it gets ‘liked’ by 32 people,” she said. “When I started doing my fieldwork I could tell you what people were talking about. Now I can’t.”

That is a placeholder solution, and Ms. Boyd sees only one certainty for which we should prepare. “Regulation is coming,” she says. “You may not like it, you may close your eyes and hold your nose, but it is coming.”

The issue is what the regulation looks like, and how well it is considered. “Technologists need to re-engage with regulators,” she says. “We need to get to a model where we really understand usage.” Right now, even among the highest geek circles, “we have very low levels of computational literacy, data literacy, media literacy, and all of these are contributing to the fears.”
http://bits.blogs.nytimes.com/2012/0...a-of-big-data/





Why London's Police Just Set a Horrifying Precedent on Mobile Privacy
John Paul Titlow

London's Metropolitan Police recently started using machines that allow law enforcement to tap into any mobile device and download call registers, photographs, videos, SMS, email and even social networking data in under 20 minutes. Even more shocking, the information they collect will remain in the police's possession long after the suspect is released, even if no charges are filed.

A machine of this sort sounds like something that would have been found in the dank depths of some palace in Tripoli after the downfall of Gaddafi, not in a British police station.

The Explosive Growth of Our Personal Data

The amount of data many of us are carrying around in our pockets every day is incredible - and growing. Even the most basic feature phones contain information about who we know, who we call and what we're texting to each other. For smartphone owners, the trove of data is exponentially more massive.

"The problem is that allowing the police to peruse all this data based on nothing more than their belief whether a phone was used for criminal activity provides no safeguards or limitations," says Hanni Fakhoury, an attorney at the Electronic Frontier Foundation. "It's overkill for the police to search an entire phone on nothing more than a suspicion that the suspect used a phone to find out where an accomplice was waiting for him."

The notion that people have a right to not have their belongings searched without a very good reason is considered so critical in democratic societies that the U.S. legal system won't even accept evidence if it was obtained in violation of this principle. The exclusionary rule, as it's called, has resulted in otherwise legitimate murder convictions being thrown out. That's how important this idea is.
Legitimate Goals, Troubling Implications

Surely, one might argue, this technology will only be used in legitimate criminal inquiries, where it undoubtedly may yield important information that can help solve cases. That's how both the product and the policy are being marketed to the public. And while there's some merit to that argument, it does little to assuage the concerns raised by the practice.

The contents of a murder suspect's smartphone may very well reveal details that could help secure a much-deserved conviction, but this isn't just for alleged killers. It's for everyone. That's troubling enough for everyday arrestees who happen to be innocent. It's even more disturbing for political activists.

What isn't clear is when and how this tactic would be used. What if somebody is arrested for, let's say, blocking traffic? That's one of the charges that was brought against Occupy Wall Street protestors who marched across the Brooklyn Bridge last October. The government later subpoenaed Twitter for data about some of those protestors, a request that ultimately turned out to be fruitless.

Putting aside the issue of whether this would withstand constitutional scrutiny in the U.S., imagine if the New York Police Department had deployed machines like the kind that will soon be used in London. Suddenly, we'd have a situation in which the government has access to a mountain of personal data about political activists and dissidents, the vast majority of which would have no relevance to whatever charges may be brought against them.

A similar scenario could unfold in London soon as well. This summer, the city will host the 2012 Summer Olympics, an event which has traditionally invited political demonstrations by a variety of groups.

"With the Olympics coming to London, it wouldn’t surprise us to see the police use this broad authority to detain protesters for the sole purpose of examining a phone and learning more about other political protests and activities," says Fakhoury, "and ultimately chilling free speech."
http://www.readwriteweb.com/archives...le-privacy.php





Could Cops Use Google To Prevent Murder?

Murderers often turn to the Web for tips on killing. Could search data help the police stop those crimes before they happen?
Will Oremus

At around 3:45 a.m. on March 24, someone in Fort Lauderdale, Fla., used a mobile phone to Google “chemicals to passout a person.” Then the person searched Ask.com for “making people faint.” Then Google again, for “ways to kill people in their sleep,” “how to suffocate someone,” and “how to poison someone.”

The phone belonged to 23-year-old Nicole Okrzesik. Later that morning, police allege, she and her boyfriend strangled 19-year-old Juliana Mensch as she slept on the floor of their apartment. The Google searches, along with incriminating text messages between Okrzesik and her boyfriend, came to light as authorities investigated Mensch’s death. But what if they could have been alerted to the suspicious-sounding searches immediately? Could they have rushed to the apartment and saved the girl’s life?

In Minority Report, police use mutant psychics to predict murders before they happen and lock up the would-be killers. The mutant psychics are fantasy, but when we keep hearing about cases in which people Google their crimes before they commit them, the concept of a police “pre-crime” unit is no longer so far-fetched. The most interesting thing about the idea of using Web searches to predict murders: It might be perfectly legal.

Police already draw on other types of data to anticipate crimes. Police departments in Chicago, Los Angeles, and Santa Cruz, Calif., have been experimenting with “predictive policing,” in which computer algorithms sift through reams of crime data to tell officers where and when crimes are likely to occur. That’s a long way, though, from the type of pre-cognition portrayed in Minority Report. It only works for relatively predictable crimes such as burglary or auto theft, and it doesn’t tell you anything about who might be planning the heists.

Web search data, by contrast, contains information about specific individuals’ thoughts and plans. In theory, Google or Ask.com could have flagged Okrzesik’s search queries as suspicious and sent the cops her device’s IP address. In the Hollywood script, a vigilant officer would notice the alert, rush to the scene, and knock on the door just as Mensch’s assailants were about to do her in.

In reality, there are a few obstacles that scenario. For starters, police would need instant access to the search data and a way to connect it to a physical address. These days they usually get electronic records only after a crime has been committed and they’ve built up enough evidence to obtain a warrant. They use the data not to prevent crime but to build their case for arrest and conviction. In last year’s high-profile Casey Anthony trial, for instance, prosecutors told the jury they’d searched Anthony’s computer and found 84 queries related to “chloroform” in her browser history, corroborating their theory that Anthony had used the chemical to subdue her 2-year-old daughter Caylee before killing her. (Anthony was acquitted of the killing, and it later turned out that the term had been searched just once—and Casey Anthony’s mother took the stand to say she was the one who searched for it. She said she was trying to look up “chlorophyll” to see whether plant matter was dangerous for her dog to eat.)

Law enforcement agents do sometimes monitor communications in real time, as when they listen in on a suspect’s phone conversations. But federal privacy laws require a special wiretap warrant for eavesdropping, obtainable only after police have probable cause to believe an individual is guilty of a crime. (A 2008 law that allows warrantless wiretapping under certain circumstances has been appealed to the Supreme Court.) So even if it were technically feasible, police wouldn’t be allowed to monitor everyone’s phone conversations for suspicious words or phrases. The same ostensibly holds for monitoring people’s email, text messages, and Web browsing.

As for Web searches, police probably can’t require a company like Google to share its data with them without good reason, legal experts say. But unlike phone conversations, emails, and text messages, search queries aren’t protected from voluntary disclosure to authorities, notes Orin Kerr, a computer crime expert at George Washington University. When you pick up the phone to call a friend, the reasoning goes, you’re communicating with that friend, and the phone company is a third party that doesn’t have a right to eavesdrop. But when you type a query into Google’s search bar, you’re communicating directly with Google. That makes Google the “end user” of your information, and gives it the legal prerogative—at least in theory—to share that information with anyone it likes, including the police or the FBI. Kerr calls it a hole in the country’s privacy laws and has called for it to be patched.

In practice, it’s unlikely Google would do such a thing unless it felt compelled to. Asked about the company’s policies on sharing information with law enforcement, spokesman Chris Gaither told me only that Google complies with valid legal processes, takes users’ privacy seriously, and tries to notify users when it gets requests for their data. And when it does get such requests, it tries to make sure they’re tailored as narrowly as possible. The fact is that, in the absence of a law requiring it to share search information with the government, Google has more incentive to protect its customers’ privacy than to serve as an ongoing informant for the cops.

But if the idea of Internet companies sharing users’ seemingly private information with law enforcement sounds far-fetched, consider that the House of Representatives recently passed a bill to explicitly legalize and promote just that behavior. The Cyber Intelligence Sharing and Protection Act, or CISPA, would encourage the free flow of information on “cyber threats” between the government and major Web firms. Under the law, those firms would be immune from lawsuits arising from the sharing of such information. Several major tech companies, including Facebook and Microsoft, endorsed the bill. After an outcry from privacy groups, though, the Obama administration threatened a veto, and the bill has not been introduced in the Senate.

There are, though, other types of search data that companies already share with federal officials in real time. For instance, Google uses its analytics to report flu trends to the Center for Disease Control and Prevention. It anonymizes the data to make sure it can’t be traced to individual users, but the precedent is still one of instantaneous sharing with the government. In the U.K., meanwhile, legislation is afoot that would require Web companies to monitor users’ searches for terms indicating that they might commit suicide. Such searches would presumably produce an alert to law enforcement, who could then try to intervene to save the user’s life.

Even if Google—or Ask.com or Microsoft’s Bing—did come to an understanding with American law enforcement, there would still be the practical problem of sifting the useful data from the noise. As Casey Anthony’s mother would tell you, there are plenty of reasons to search for chloroform (or chlorophyll) other than to plan a murder. Likewise, any police department that tried to track down all the searches for “how to dispose of a body without getting caught” would quickly find itself overwhelmed. And in Okrzesik’s case, the poor grammar in “chemicals to passout a person” might have kept it off the radar of even the most sophisticated monitoring algorithm.

Yet the next three Google searches on Okrzesik’s phone—“ways to kill people in their sleep,” “how to suffocate someone,” and “how to poison someone”—seem to clearly indicate that someone has a strong curiosity about how to kill someone. One can also imagine other searches—say, a series of queries about the ingredients used to make anthrax—that law enforcement agents might like to know about.

Unlike in Minority Report, such search data probably wouldn’t be enough to justify a search warrant on its own, let alone an arrest and conviction. But David Sklansky, a criminal law professor at UC-Berkeley, says it could constitute the reasonable suspicion needed to pull someone over or stop him on the street. And police don’t need any reasonable suspicion at all to knock on someone’s door and ask what she’s up to, provided the person agrees to talk.

Most of the time, even these seemingly incriminating searches would probably amount to nothing, like a burglar alarm going off in a house (a false alarm more than 95 percent of the time). It’s also possible that if it becomes public knowledge that cops and search engines are collaborating, an Internet mob could start mass-searching “ways to kill people in their sleep,” overwhelming law enforcement with phony queries. But in rare cases, it’s conceivable that search sleuthing could lead to saved lives—perhaps a great number of saved lives, in the case of a terrorist attack. That prospect, however slim, may be enough to convince search engines to at least explore the potential for increased collaboration with authorities. Murderers and the morbidly curious, be warned.
http://www.slate.com/articles/techno...r_.single.html





30,000 Secret Surveillance Orders Approved Each Year, Judge Estimates

If the government spies on you but brings no charges, you'll never know.
Nate Anderson

A federal judge estimates that his fellow federal judges issue a total of 30,000 secret electronic surveillance orders each year—and the number is probably growing. Though such orders have judicial oversight, few emerge from any sort of adversarial proceeding and many are never unsealed at all. Those innocent of any crime are unlikely to know they have ever been the target of an electronic search.

In a new paper, called "Gagged, Sealed & Delivered" (PDF), US Magistrate Judge Stephen Smith bashes this culture of continuing secrecy. (Magistrate judges are important members of the federal judiciary; they handle many of the more routine judicial matters, such as warrant applications and initial case management.) In his work as a judge, Smith has become dismayed by the huge number of electronic surveillance orders he sees and by the secrecy that accompanies them.

When police execute a traditional search warrant, they generally bring with them a copy of that warrant and show it to the homeowner or target of the search. That's not always the case, of course; sometimes warrants remain sealed while a case is in progress so as not to tip off a suspect.

But when surveillance enters the digital realm, secrecy becomes the norm. Digital "warrant-like" requests to access stored e-mail in an online account, or to wiretap an Internet connection, or to obtain "pen register" information, or to track a cell phone, are obtained from magistrate judges, many times in secret dockets that don't even appear in the federal government's official PACER document system. They come after one-sided ("ex parte") proceedings in which only the government is heard. And they are generally sealed, only to be unsealed once a criminal case is filed. If no such charges are ever brought, the search warrants and the affidavits defending them can remain buried in the murkiest bits of the federal court system; even knowing that they exist can be a challenge. ISPs, which are often targets of such orders, may also be forbidden from disclosing them.

Most of this surveillance is governed by the Electronic Communications Privacy Act (ECPA) of 1986–a law so in need of reform that digital rights advocates and corporations alike have made it a key legislative priority. ECPA provides a host of tools to keep searches secret—so secret that they effectively avoid appellate review, making it difficult to know whether they are being properly issued.

Through a potent mix of indefinite sealing, nondisclosure (i.e., gagging), and delayed-notice provisions, ECPA surveillance orders all but vanish into a legal void. It is as if they were written in invisible ink—legible to the phone companies and Internet service providers who execute them, yet imperceptible to unsuspecting targets, the general public, and even other arms of government, most notably Congress and the appellate courts.

Judge Smith set out to find out how much ECPA surveillance exists in the US. Precise numbers were impossible to come by, even for one of the judges involved in issuing such orders, but Smith combined an earlier government survey with data from his own court's docket to produce what sounds like a reasonable estimate.

His estimate finds that 50,000 sealed orders were likely generated by federal judges in 2006, the year the judge analyzes. With 60 percent of these presumed to be ECPA-related surveillance orders, Judge Smith finds that magistrate judges issued more than 30,000 secret electronic surveillance orders that year. To put that in context, "this volume of ECPA cases is greater than the combined yearly total of all antitrust, employment discrimination, environmental, copyright, patent, trademark, and securities cases filed in federal court," he notes.

Smith isn't calling for the abolition of surveillance or anything too terribly radical. He understands why notice of a warrant may be delayed—but he wants the system made far more accountable.

Perfect transparency in criminal investigations is neither practical nor desirable, but ECPA’s present system of gagging and sealing is surely overkill. If my diagnosis—that ECPA’s regime of secrecy has choked off the oxygen of appellate review necessary for a healthy regulatory scheme—is correct, then the cure is relatively straightforward: open up the information arteries. Greater transparency would enable meaningful oversight not only by appellate courts but also by Congress and the general public.

One simple way to do this would be to open sealed warrants automatically after some period of time. At the moment, most warrant orders are sealed indefinitely, only being unsealed if a prosecutor or investigator in the matter bothers to go back to the judge and bring up the issue. In Smith's own "home court" in Houston, magistrate judges issued 3,886 sealed electronic surveillance orders between 1995 and 2007. In 2008, 99.8 percent of them still remained sealed.

That's especially bad news for those never charged with a crime, who will probably never learn that they were a target of government surveillance. And that number isn't trivial. Smith estimates, based on some limited data released by the Department of Justice, that it's "reasonable to infer that far more law-abiding citizens than criminals have been tracked in this fashion."

The situation, says Smith, is bad for democracy and for a transparent judiciary. Fixing it will be up to Congress, which has to decide where to draw the line between personal privacy and the needs of law enforcement. In Smith's view, any fix "will require the elimination of ECPA’s current gag, seal, and blindfold."
http://arstechnica.com/tech-policy/2...dge-estimates/





App Allows Tracking of New York Police "Stop-and-Frisk"

Determined to keep tabs on New York City police officers' "stop-and-frisk" campaign? There's an app for that.

A new smartphone app created by the New York Civil Liberties Union, "Stop and Frisk Watch," allows witnesses of the controversial New York City Police Department tactic to video and report incidents.

The NYCLU app has three main functions:

• "Record," which allows bystanders to video an incident and send the video to the group with a shake of their phones;

• "Listen," which alerts users when searches are being conducted near them; and

• "Report," which allows users to send the NYCLU information about searches that were not filmed.

The app is intended for use by people witnessing a police encounter, not by individuals who are the subject of a police stop, the NYCLU said.

More than 200,000 searches were conducted by the New York police in the first three months of 2012, a 10 percent increase from 2011. More than three-quarters of those searched are black or Latino.

Police Deputy Commissioner Paul J. Browne said in an emailed statement the department has many problems with the app, stressing among other things privacy concerns for those depicted in videos and that criminals may be able to use the "Listen" function to see where police are currently making stops.

"Stop and Frisk Watch" so far has only been released for Google Inc's Android mobile operating system, though the NYCLU said that a version for Apple Inc's iOS system will be made available later this summer. It is available in English and Spanish.

(Reporting By Joseph O'Leary; Editing by Vicki Allen)
http://www.reuters.com/article/2012/...85618K20120607





Germany Readying Offensive Cyberwarfare Unit, Parliament Told

Cyber-ops are go
John E Dunn

Germany has set up a cyber-warfare unit designed to carry out offensive operations, the country’s Defence Ministry has admitted for the first time in a parliamentary report to legislators.

According to German reports, the Bonn-based Computer Network Operations (CNO) unit had existed since 2006 but was only now being readied for deployment under the control of the country’s military.

"The initial capacity to operate in hostile networks has been achieved," a German press agency reported the brief document as saying. The unit had already conducted closed lab simulations of cyber-attacks.

Although the German admission is not a huge surprise – most countries are assumed to have cyber-offensive capabilities – the clear declaration that the CNO has an attack role has reportedly caused controversy among the country’s legislators.

The ambiguities are legion. Does the military have the legal or constitutional authority to launch cyber-attacks against third parties without the approval of Parliament and if so under what circumstances?

Unlike physical attacks, cyber-weapons can’t be isolated from their surroundings with the same degree of certainty. If, as a growing body of evidence suggests, the US Government sanctioned the use of cyber-malware such as Stuxnet, are the authorities also held responsible should such campaigns hit unintended victims?

Stuxnet caused widespread disruption not only for its ostensible target Iran but many others, including companies based in states allied to the US.

Germany has long been known for its ‘Bundestrojaner’ (Federal Trojan) software, police eavesdropping malware used by several states to monitor criminals suspects by infiltrating their computers.

In at least one case this software was used inappropriately by an officer for personal reasons, leading (it is believed) to the compromise and disruption of a German police GPS system.
http://news.techworld.com/security/3...rliament-told/





After MTNL, Anonymous Sets Sights on Reliance, Airtel
FP Staff

Anonymous India, who are currently waging a vendetta against Internet Service Providers and the government because of Internet censorship, have ramped up the intensity of their attacks and are now targeting Airtel and Reliance.

A post on the groups Facebook page says, “Anonymous has no Leaders, its the people who decide… How many of you in favor of taking down Reliance and Airtel ?… Like this post to vote for Reliance. Share this post to vote for Airtel”

At the time of publishing 268 people had ‘liked’ the post with another 63 opting to ‘share’. The post also had over 60 comments from people baying for the blood of the ISPs. One user had said, “I AM USING RELIANCE I NEED THEM TO STOP BLOCKING ALL FILE SHARING WEBSITE PLEASE ANONYMOUS HELP US !!” while another said “Though I am an airtel user…but go take em down both….I dont mind to bear the inconvenience for freedom!”

This latest message comes even as the group took down the MTNL website on Wednesday, through a massive Distributed Denial of Service (DDoS) attack.

Anonymous India is calling for a peaceful protests against Internet censorship on Saturday, 09 June, and are urging people to come out in numbers and support the movement. This flurry of activity and attacks by the group were prompted by a John Doe order from the Madras High Court on file sharing sites, prompting ISP’s to block popular torrent sites like Pirate Bay, and even video streaming sites like Vimeo.

This has prompted massive outrage among many of India’s netizens who cannot access even legal content uploaded on to these sites as a result.

Anonymous had also uploaded an open letter to the government of India in which it accuses the government of overreaching in its eagerness to censor, and saying that this was probably prompted by the governments eagerness to hide its own misdeeds.

The letter states, “The HC Madras never issued any list of websites of be blocked, the DoT never issued a list of websites to be censored. Why is that ISPs are forced to block file sharing websites? Why is that instead of blocking few links the whole domain was blocked? The blocking of these websites is wrong and unjustified.

Torrents are widely used to distribute open source and free software such as linux distributions, and many other books and publications that are in the public domain. Video hosting sites like Vimeo are used by millions of people every day. You no longer have access to this content even though it is perfectly legal. Many small – medium businesses use Vimeo to showcase their services and individuals including filmmakers and designers use it to promote their work. These people are strongly hit by the ban on these websites through no fault of their own.”

It goes on to say, “Most of these sites provide a mechanism for illegal and copyrighted content to be taken down, but the GoI and Indian ISPs decided to bypass this mechanism and block these sites entirely. Few ISPs are blocking contents for their own good, to hide the scams, to hide their corrupt doings. You can easily arrest individuals, but you cannot arrest an ideology. We are united by a common objective and we can and WILL cross any borders to achieve that. So our advice to you, the Government of India, is to take this statement as a serious warning from the citizens of the world. We will not rest until all the ISPs unblock the censored websites.”

The government has so far refrained from making any comments on the concerted campaign by Anonymous over the last 15 days. Prior to attacking service providers Anonymous had previously taken down a number of government websites, including the Supreme Court. It also attacked the BJP website for not being a good enough opposition and for not opposing Internet censorship.
http://www.firstpost.com/tech/after-...el-334952.html





Change Passwords on LinkedIn, Now!

Millions of passwords are posted on a Russian hacker website, and there are indications that many LinkedIn users in danger.
Jonas Blich Bakken

Two days ago a package on the 6.5 million encrypted passwords posted on a Russian hacker site. Those who posted it wanted help to crack the codes, which is common in such environments, says password expert and consultant in Evry, Per Thorsheim.

- Unfortunately, they are in a format that makes it relatively easy to break them, he said.

According Thorsheim there is much to suggest that passwords are derived from LinkedIn, the great social network for professional users. It could mean that many lucrative users now are at risk for ID theft.

Attractive targets

What can you do with these passwords?

- To take you as a journalist as an example could I logged in and checked if you have any secret sources I can reveal, and if Stein Erik Hagen has an account there, I could send messages to other members and proposed to sell the entire Orkla says Thorsheim.

While Facebook has a cross section of the population that users will LinkedIn typically have greater density of users with the power and resources. It makes them attractive targets.

- Mulighetne to ID theft and to spread the virus is obviously great, says Thorsheim.

So far, nearly 300,000 passwords to be cracked, and in what has emerged so far appear LinkedIn's name up very often, but it is not yet confirmed by LinkedIn if there are those who are affected. DN.no have sent a request to the network via email and Twitter and wait for an answer.

Switch now!

It is posted on the website is just the passwords, do not use names. Passwords alone are not worth much without using names, but Thorsheim mean you have to expect that the perpetrators are sitting on them too. Therefore, he has an advice for LinkedIn users.

- Change password, not a little, do it now! he says.

All leaked?

It is posted on the Russian site is 6.5 million passwords, and this should prove to originate from LinkedIn, you can quickly take the conclusion that the majority is still safe. For LinkedIn, according to Wikipedia 161 million users. So is not that simple, says Thorsheim. For among so many users, many have the same password, and 6.5 million different passwords may even include all the users.

What is published is actually called "hashes" of users' passwords. This is a kind of encrypted version of pasordene, who has gone through a transformation process. This process can not be directly reversed, but hackers can guess by checking if we can get the same "hash" by running different passwords through the same prodsedyre. If this had been done by hand it would be impossible, but today's computing power, cheap and effective.

- With a computer of 8,000 million can do a few hundred million attempts per second, said Thorsheim.

This has already some users of the Russian site done - and they have uploaded their resultatere to the forum.

- 163,267 found, 6 165,604 back, writes the user who calls himself "M @ equal".

Another user said that the passwords do not work randomly chosen:

- Here is the pattern I find, "LinkedIn" and "link" writes user "Polimo" which rapproterer 236,578 passwords that was broken Wednesday morning.
http://translate.google.com/translat...cle2411857.ece





How Strong is My Password?

'Strong' isn't a detailed password-rating; go for a quintillions possible combos, then add a symbol
Kevin Fogarty

Security breaches of mind-numbing size like those at LinkedIn and EHarmony.com set crypto- and security geeks to chattering about weak passwords and lazy users and the importance of non-alphanumeric characters to security.

But you've never met any non-alphanumeric characters. Sure, you befriended a couple of street people who were a little off kilter when you were in college, and there was that hottie in a Provincetown bar that wasn't want he/she appeared to be at first. They qualified as characters, but denying them alphanumericity is pretty harsh.

And insisting on a particular number of characters in a password is just pointless security-fetish control freakishness, right?

Nope. The number and type of characters make a big difference.

How big? Adding a symbol eliminates the possibility of a straight dictionary attack (using, literally, words from a dictionary. Adding a symbol, especially an unusual one, makes it much harder to crack even using rainbow tables (collections of alphanumeric combinations, only some of which include symbols).

How big a difference to length and character make?

Look below and pick which password-cracking jobs you'd want to take on if you were a computer. The examples come from the Interactive Brute Force Password Search Space Calculator: at GRC.com, the love child of from former InfoWorld columnist and freeware contributor Steve Gibson

How long would it take to crack my password: (Includes letters and numbers, no upper- or lower-case and no symbols)

6 characters: 2.25 billion possible combinations

• Cracking online using web app hitting a target site with one thousand guesses per second: 3.7 weeks.
• Cracking offline using high-powered servers or desktops (one hundred billion guesses/second): 0.0224 seconds
• Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 0.0000224 seconds

10 characters: 3.76 quadrillion possible combinations

• Cracking online using web app hitting a target site with one thousand guesses per second: 3.7 weeks.
• Cracking offline using high-powered servers or desktops (one hundred billion guesses/second): 10.45 hours
• Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 37.61 seconds.

Add a symbol, make the crack several orders of magnitude more difficult:

6 characters: 7.6 trillion possible combinations

• Cracking online using web app hitting a target site with one thousand guesses per second: 2.4 centuries.
• Cracking offline using high-powered servers or desktops (one hundred billion guesses/second): 1.26 minutes
• Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 0.0756 seconds

10 characters: Possible combinations: 171.3 sextillion (171,269,557,687,901,638,419; 1.71 x 1020)

• Cracking online using web app hitting a target site with one thousand guesses per second: 54.46 million centuries.
• Cracking offline using high-powered servers or desktops (one hundred billion guesses/second) 54.46 years
• Cracking offline, using massively parallel multiprocessing clusters or grid (one hundred trillion guesses per second: 2.83 weeks.

Take Steve's advice: go for 10 characters, then add a symbol.

http://www.itworld.com/security/2804...ck-my-password





US Warns Users of New Citadel Ransomware Hit

The Citadel Trojan, which is based on Zeus, is being changed for new nefarious purposes
Michael Cooney

The nasty Trojan known as Citadel malware, which is based on Zeus, has typically been used to extort money from online banking users, but a new variant is making the rounds that tries to get your money by saying you looked at child porn sites and must pay a violation fee to the U.S. Department of Justice.

This variation, called Reveton, lures the victim to a drive-by download website, at which time the ransomware is installed on the user's computer, says the U.S. Internet Crime Complaint Center (IC3). Once installed, the computer freezes and a screen is displayed warning the user they have violated United States Federal Law. The crimeware declares the user's IP address was identified by the Computer Crime & Intellectual Property Section as visiting child pornography and other illegal content.

"To unlock their computer the user is instructed to pay a $100 fine to the [DOJ], using prepaid money card services. The geographic location of the user's IP address determines what payment services are offered. In addition to the ransomware, the Citadel malware continues to operate on the compromised computer and can be used to commit online banking and credit card fraud. Below is a screenshot of the warning screen. This is an attempt to extort money with the additional possibility of the victim's computer being used to participate in online bank fraud. If you have received this or something similar do not follow payment instructions," the IC3 stated.

In February, the IDG News Service wrote that Citadel would evolve and spread rapidly because its creators adopted an open-source development model.

Citadel is based on Zeus, one of the oldest and most popular online banking Trojans. Zeus was abandoned by its creator in late 2010 and its source code leaked online a few months later, IDG wrote. Since its public release, the Zeus source code has served as base for the development other Trojans, including Ice IX and now Citadel. Cyberthreat management firm Seculert said it had identified more than 20 botnets that use different versions of this Trojan. "Each version added new modules and features, some of which were submitted by the Citadel customers themselves," the company said. The most interesting aspect of Citadel is its development process, which is similar to the ones behind community-supported open source projects, Seculert said.

Like its parent, Citadel is sold as a crimeware toolkit on the underground market. The toolkit lets fraudsters customize the Trojan according to their needs and command and control infrastructure. However, the Citadel authors went even further and developed an online platform where customers can request features, report bugs and even contribute modules, the IDG story stated.

Such extortion schemes are all the rage, it seems. The IC3 recently said it had received several complaints regarding an escort website -- though it did not name the site -- that said the site stole their identities and photographs were posted on the site along with slanderous and inaccurate comments about them. The victims then received extortion-type emails from subjects offering to help remove the information from the website for a fee. This scam is extremely detrimental to victims on a personal and professional level. Some victims reported their marriages and reputations have been damaged, the IC3 stated.

The website disclaimer states individuals named on this website provided their information freely to verify and confirm their identity for the purpose of making arrangements to meet and spend time with a paid companion. The website also states they are located outside the United States and Europe, and they do not have to respond to any subpoena from these countries, the IC3 stated.
http://www.networkworld.com/news/201...el-259739.html





Expert Issues a Cyberwar Warning
Andrew E. Kramer and Nicole Perlroth

When Eugene Kaspersky, the founder of Europe’s largest antivirus company, discovered the Flame virus that is afflicting computers in Iran and the Middle East, he recognized it as a technologically sophisticated virus that only a government could create.

He also recognized that the virus, which he compares to the Stuxnet virus built by programmers employed by the United States and Israel, adds weight to his warnings of the grave dangers posed by governments that manufacture and release viruses on the Internet.

“Cyberweapons are the most dangerous innovation of this century,” he told a gathering of technology company executives, called the CeBIT conference, last month in Sydney, Australia. While the United States and Israel are using the weapons to slow the nuclear bomb-making abilities of Iran, they could also be used to disrupt power grids and financial systems or even wreak havoc with military defenses.

Computer security companies have for years used their discovery of a new virus or worm to call attention to themselves and win more business from companies seeking computer protection. Mr. Kaspersky, a Russian computer security expert, and his company, Kaspersky Lab, are no different in that regard. But he is also using his company’s integral role in exposing or decrypting three computer viruses apparently intended to slow or halt Iran’s nuclear program to argue for an international treaty banning computer warfare.

A growing array of nations and other entities are using online weapons, he says, because they are “thousands of times cheaper” than conventional armaments.

While antivirus companies might catch some, he says, only an international treaty that would ban militaries and spy agencies from making viruses will truly solve the problem.

The wide disclosure of the details of the Flame virus by Kaspersky Lab also seems intended to promote the Russian call for a ban on cyberweapons like those that blocked poison gas or expanding bullets from the armies of major nations and other entities.

And that puts the Russian company in a difficult position because it already faces suspicions that it is tied to the Russian government, accusations Mr. Kaspersky has constantly denied as he has built his business.

While Russian officials have not commented on the discovery of Flame, the Russian minister of telecommunications gave a speech, also in May, calling for an international cyberweapon ban. Russia has also pushed for a bilateral treaty with the United States.

The United States has agreed to discuss such a disarmament treaty with the Russians, but has also tried to encourage Russia to prosecute online crime, which flourishes in this country.

The United States has long objected to the Russian crusade for an online arms control ban. “There is no broad international support for a cyberweapon ban,” says James A. Lewis, a senior fellow at the Center for Strategic and International Studies in Washington. “This is a global diplomatic ploy by the Russians to take down a perceived area of U.S. military advantage.”

Russia, many security experts note, has been accused of using cyberwarfare in disputes with Estonia and wars in Georgia.

Mr. Kaspersky said that at no point did he cooperate with the Federal Security Agency, the successor agency to the K.G.B., as the Flame virus was not a threat to Russian citizens.

Kaspersky Lab, he said, felt justified exposing the Flame virus because the company was working under the auspices of a United Nations agency. But the company has been noticeably silent on viruses perpetrated in its own backyard, where Russian-speaking criminal syndicates controlled a third of the estimated $12 billion global cybercrime market last year, according to the Russian security firm Group-IB.

Some say there is good reason. “He’s got family,” said Sean Sullivan, an adviser at F-Secure, a computer security firm in Helsinki. “I wouldn’t expect them to be the most aggressive about publicizing threats in their neighborhood for fear those neighbors would retaliate.”

Last year, Mr. Kaspersky’s 19-year-old son was kidnapped by criminals demanding a ransom. The kidnappers did not appear to have ties to any of Russia’s online criminal syndicates, but Mr. Sullivan says, “It was probably a wake-up call.”

Some computer security firms say Mr. Kaspersky’s researchers have hyped Flame. It is too early, his critics say, to call the virus a “cyberweapon” and to suggest it was sponsored by a state.

Joe Jaroch, a vice president at Webroot, an antivirus maker, says he first encountered a sample of Flame in 2007. He says he did not publicize the discovery because he did not consider the code sophisticated. “There are many more dangerous viruses out there,” he said. “I would be shocked if this was the work of a nation state.”

Mr. Sullivan, from F-Secure, said: “It’s interesting and complex, but not sleek and stealthy. It could be the work of a military contractor — Northrop Grumman, Lockheed Martin, Raytheon and other contractors are developing programs like these for different intelligence services. To call it a cyberweapon says more about Kaspersky’s cold war mentality than anything else. It has to be taken with a grain of salt.”

Whether the skepticism is authentic or professional jealousy, no one doubts the Kaspersky Lab’s skills. Mr. Kaspersky studied cryptography at a high school that was co-sponsored by the K.G.B. and Russia’s ministry of defense, and later took a job with the Russian military. He started tracking computer viruses as a side project in 1989, after his work PC was infected with one. In 1997, he co-founded Kaspersky Lab with his wife at the time, Natalya, in their Moscow apartment.

The headquarters of the team that unraveled Flame is an open-plan office of cubicles overlooking a park on the edge of Moscow. Mr. Kaspersky eschews suits and his researchers wear Converse shoes and tattered jeans, much as their counterparts in the United States do. A Darth Vader mask adorns one desk.

Talent also abounds. The Belarussian virus hunter who first found the Stuxnet virus in 2010, Sergei Ulasen, now works for Kaspersky Lab.

Today, the company is one of Russia’s most recognizable exports. It commands 8 percent of the world’s software security market for businesses, with revenue reaching $612 million last year.

Yet Mr. Kaspersky says he often has to dispute suggested ties to Russia’s security services. Analysts say suspicions about the firm’s Russian roots have hindered its expansion abroad.

“The U.S. government, defense contractors and lots of U.S. companies won’t work with them,” said Peter Firstbrook, director of malware research at Gartner, a research firm. “There’s no evidence that they have any back doors in their software or any ties to the Russian mafia or state. It’s a red herring, but there is still a concern that you can’t operate in Russia without being controlled by the ruling party.”

Mr. Kaspersky said his company tackled Flame upon the request of the International Telecommunications Unit, a branch of the United Nations. He assigned about three dozen engineers to investigate a virus that was erasing files on computers at Iran’s oil ministry. Kaspersky researchers, some of whom had analyzed suspected United States and Israeli viruses that destroyed centrifuges in Iran’s nuclear program two years earlier, were already following up on complaints from Iranian clients that Kaspersky’s antivirus software was not catching a new type of malware on their systems, Kaspersky officials said.

“We saw an unusual structure of the code, compressed and encrypted in several ways,” Vitaly Kamlyuk, a researcher on the team that cracked the virus.

It was the first virus to look for Bluetooth-enabled devices in the vicinity, either to spread to those devices, map a user’s social or professional circle, or steal information from them. The program also contained a command called “microbe” that silently turned on users’ microphones to record their conversations and sent audio files back to the attackers. It was clearly not a virus made by criminals.

“Antivirus companies are in a not easy situation,” Mr. Kaspersky said. “We have to protect our customers everywhere in the world. On the other hand, we understand there are quite serious powers behind these viruses.”

Even though finding viruses first is usually a boon for antivirus companies, cracking Flame, Mr. Kaspersky said, might hurt his business in one regard. “For the next five years, we can forget about government contracts in the United States.”

Andrew E. Kramer reported from Moscow and Nicole Perlroth from San Francisco.
https://www.nytimes.com/2012/06/04/t...ty-expert.html





Microsoft Warns that Flame Exploits Windows Flaw

Microsoft Corp warned PC users that the Flame virus that attacked systems across the Middle East infects computers by exploiting a flaw in the Windows operating system.

The company released software to protect against infections exploiting the previously undisclosed flaw.

Mike Reavey, a senior director with Microsoft's Security Response Center, said in a blog post that he feared that other hackers might be able to copy the technique to launch more widespread attacks with other types of viruses.

"We continue to investigate this issue and will take any appropriate actions to help protect customers," Reavey said in the blog post.

A spokeswoman for Microsoft declined to elaborate. She would not comment on whether other viruses had exploited the same flaw in Windows or if the company's security team was looking for similar bugs in the operating system.

The flaw enabled Flame to install itself on computers by tricking Windows into believing that the malicious software was a legitimate program from Microsoft, Reavey said in the blog, which was published late on Sunday.

News of the Flame virus, which surfaced a week ago, generated headlines around the world as researchers said that technical evidence suggests it was built on behalf of the same nation or nations that commissioned the Stuxnet worm that attacked Iran's nuclear program in 2010.

Ryan Smith, chief research scientist with security firm Accuvant, said the discovery of the Microsoft flaw was also significant.

"The Windows vulnerability in and of itself is a big story," said Smith, whose customers include large corporations. He added that it is possible other highly sophisticated pieces of malware may have also exploited the same flaw and be invisible to the users of the systems they have infected.

When customers install the software on infected computers, such viruses would either stop working or they might become invisible, Smith said.

Microsoft's warning is available at blogs.technet.com/b/msrc/

(Reporting by Jim Finkle in Boston; Editing by Gary Hill)
http://www.reuters.com/article/2012/...8530SX20120604





Why Antivirus Companies Like Mine Failed to Catch Flame and Stuxnet
Mikko Hypponen

A couple of days ago, I received an e-mail from Iran. It was sent by an analyst from the Iranian Computer Emergency Response Team, and it was informing me about a piece of malware their team had found infecting a variety of Iranian computers. This turned out to be Flame: the malware that has now been front-page news worldwide.

When we went digging through our archive for related samples of malware, we were surprised to find that we already had samples of Flame, dating back to 2010 and 2011, that we were unaware we possessed. They had come through automated reporting mechanisms, but had never been flagged by the system as something we should examine closely. Researchers at other antivirus firms have found evidence that they received samples of the malware even earlier than this, indicating that the malware was older than 2010.

What this means is that all of us had missed detecting this malware for two years, or more. That’s a spectacular failure for our company, and for the antivirus industry in general.

It wasn’t the first time this has happened, either. Stuxnet went undetected for more than a year after it was unleashed in the wild, and was only discovered after an antivirus firm in Belarus was called in to look at machines in Iran that were having problems. When researchers dug back through their archives for anything similar to Stuxnet, they found that a zero-day exploit that was used in Stuxnet had been used before with another piece of malware, but had never been noticed at the time. A related malware called DuQu also went undetected by antivirus firms for over a year.

Stuxnet, Duqu and Flame are not normal, everyday malware, of course. All three of them were most likely developed by a Western intelligence agency as part of covert operations that weren’t meant to be discovered. The fact that the malware evaded detection proves how well the attackers did their job. In the case of Stuxnet and DuQu, they used digitally signed components to make their malware appear to be trustworthy applications. And instead of trying to protect their code with custom packers and obfuscation engines — which might have drawn suspicion to them — they hid in plain sight. In the case of Flame, the attackers used SQLite, SSH, SSL and LUA libraries that made the code look more like a business database system than a piece of malware.

Someone might argue that it’s good we failed to find these pieces of code. Most of the infections occurred in politically turbulent areas of the world, in countries like Iran, Syria and Sudan. It’s not known exactly what Flame was used for, but it’s possible that if we had detected and blocked it earlier, we might have indirectly helped oppressive regimes in these countries thwart the efforts of foreign intelligence agencies to monitor them.

But that’s not the point. We want to detect malware, regardless of its source or purpose. Politics don’t even enter the discussion, nor should they. Any malware, even targeted, can get out of hand and cause “collateral damage” to machines that aren’t the intended victim. Stuxnet, for example, spread around the world via its USB worm functionality and infected more than 100,000 computers while seeking out its real target, computers operating the Natanz uranium enrichment facility in Iran. In short, it’s our job as an industry to protect computers against malware. That’s it.

Yet we failed to do that with Stuxnet and DuQu and Flame. This makes our customers nervous.

The truth is, consumer-grade antivirus products can’t protect against targeted malware created by well-resourced nation-states with bulging budgets. They can protect you against run-of-the-mill malware: banking trojans, keystroke loggers and e-mail worms. But targeted attacks like these go to great lengths to avoid antivirus products on purpose. And the zero-day exploits used in these attacks are unknown to antivirus companies by definition. As far as we can tell, before releasing their malicious codes to attack victims, the attackers tested them against all of the relevant antivirus products on the market to make sure that the malware wouldn’t be detected. They have unlimited time to perfect their attacks. It’s not a fair war between the attackers and the defenders when the attackers have access to our weapons.

Antivirus systems need to strike a balance between detecting all possible attacks without causing any false alarms. And while we try to improve on this all the time, there will never be a solution that is 100 percent perfect. The best available protection against serious targeted attacks requires a layered defense, with network intrusion detection systems, whitelisting against known malware and active monitoring of inbound and outbound traffic of an organization’s network.

This story does not end with Flame. It’s highly likely there are other similar attacks already underway that we haven’t detected yet. Put simply, attacks like these work.

Flame was a failure for the antivirus industry. We really should have been able to do better. But we didn’t. We were out of our league, in our own game.
http://www.wired.com/threatlevel/201...security-fail/
















Until next week,

- js.



















Current Week In Review





Recent WiRs -

June 2nd, May 26th, May 19th, May12th, May 5th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public." - Hugo Black