P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 08-05-13, 08:22 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - May 11th, '13

Since 2002


































"I think the F.B.I.’s proposal would render Internet communications less secure and more vulnerable to hackers and identity thieves." – Gregory T. Nojeim


"I propose that at the age of 18, you should, just as a policy, change your name. Then you can say, 'That really wasn't me; I really didn't do that!'" – Eric Schmidt


"[News Corp] announced that the hacking scandal had cost it $42m over the quarter – the company has now incurred more than $380m in costs related to the scandal." – Dominic Rushe






































May 11th , 2013




Operator of German File-Sharing Site Sentenced to Almost Four Years in Prison

A 33-year-old man was sentenced to three years and 10 months in prison by a German court for running the torrent site torrent.to between December 2005 and April 2008.

He was sentenced by the local court of Aachen on April 30 for the commercial and unauthorized exploitation of copyrighted works, said the German Society for the Prosecution of Copyright Infringement (GVU) in a news release published on Monday.

The man, who was only identified by the GVU as Jens R., was the former owner of torrent.to, a site that continues to operate under a new owner since 2008, and the GVU still aims to take down.

The court's sentence was higher than the sentence of three years and six months imprisonment that the prosecutor had demanded, said Christine Ehlers, spokeswoman for the GVU. As the case against Jens R. was before a local court, the lowest court in the German system, the highest sentence could only have been four years, Ehlers said Tuesday.

The defense asked the defendant to be acquitted of all charges, the GVU said.

Torrent.to was allegedly used to illegally download movies games and e-books, according to the GVU. Jens R. created the website with the sole purpose of generating as much traffic as he could to attract visitors to display advertising he sold through his network, the court found, the GVU said.

"Torrent.to was kind of a little Pirate Bay. It was the Pirate Bay of Germany," Ehlers said.

Jens R. was arrested on the spot and sent to prison, because the court thought the defendant might be a flight risk on account of the high sentence and the presumption that he still has funds in bank accounts in Switzerland and Liechtenstein as well as a house in Mallorca, Spain, Ehlers said.

The local court in Aachen did not immediately respond to a request for comment on Tuesday.

The torrent.to case has been in court for seven years. "We filed our complaint in 2006," Ehlers said. "But there were some problems to find out what really happened because the accused didn't say a word," she said, adding that the process was slowed down further because the prosecutors were also changed over time.

Back in 2006, file sharing and sites like torrent.to were viewed differently, she said. "At that time, people thought illegal file-sharing was more a kind of Robin Hood thing to do," she said.

Since then, courts and prosecutors have built up more experience with sites like torrent.to, Ehlers said.

The judge in Aachen, for instance, took into account a case against a similar site called kino.to that was shut down in 2011, Ehlers said. Kino.to was a movie-streaming portal built by a man who also worked on torrent.to for several years, but went on to work on his own site after a falling out with Jens R., Ehlers said.

A sentence against the chief programmer of kino.to was handed down last year and he was imprisoned for three years and 10 months, according to Ehlers. The judge in Aachen then reviewed the kino.to case and concluded that it was exactly the same as the torrent.to case and therefore the sentence had to be as high as the sentence in the kino.to case, she added.

Ehlers expects that Jens R. and his lawyer will appeal the decision, she said.
http://www.pcworld.com/article/20380...in-prison.html





File-Sharing Forum Admin Jailed For Six Months
Andy

Following an initial investigation four years ago, a case against a file-sharing forum admin has just concluded with fines and a six month jail sentence.

In 2009, French anti-piracy group ALPA launched an investigation into Infernio Advitam, a 10,000 member file-sharing focused forum.

ALPA later filed a complaint with the police after discovering the site was making available more than 1,500 movies without permission.

According to a Numerama report, that case has now reached its conclusion with the Criminal Court of Caen handing down a six month jail sentence to the site’s operator.

In addition the admin will have to pay 8,000 euros in fines but damages, likely to be substantial, are yet to be agreed.

ALPA say the admin made around 25,000 euros from donations but the plaintiffs in the case – Fox, Columbia, Disney, Paramount, Universal Studios and Tristar – will expect much more.
http://torrentfreak.com/file-sharing...months-130507/





U.S. Government Fears End of Megaupload Case
Ernesto

The U.S. Government has just submitted its objections to Megaupload’s motion to dismiss the case against the company. Megaupload’s lawyers have pointed out that the Department of Justice is trying to change the law to legitimize the destruction of Megaupload. However, the Government refutes this assertion and asks the court to deny Megaupload’s motion, fearing that otherwise the entire case may fall apart.

Several months ago Megaupload filed a request to dismiss the indictment against it, until the U.S. Government finds a way to properly serve the company.

Megaupload based its request on “Rule 4” of criminal procedure, which requires the authorities to serve a company at an address in the United States. However, since Megaupload is a Hong Kong company, this was and is impossible.

The defense argued that the court can only protect Megaupload’s due process rights by dismissing the case. However, the Government disagreed and asked the court to deny Megaupload’s motion. Among other things the Government claimed that federal rules shouldn’t be interpreted so narrowly.

Two weeks ago Megaupload renewed its request and the defunct file-hosting company noted that the Government was trying to change the law in its favor. The lawyers cited a letter to the Advisory Committee on the Criminal Rules where the DoJ made suggestions that would directly influence the Megaupload case.

Among other things the letter suggested an amendment to the law so that it would no longer be a requirement to serve a foreign company in the United States. Megaupload’s lawyers used the letter to point out to the court that the Government knew very well that it was not playing by the rules.

This week the U.S. Government replied to the motion, stating that Megaupload misrepresents the facts.

The Government explains that the DoJ’s letter begins with “a bedrock principle of criminal law, one that applies equally to both organizations and natural persons,” citing the following passage:

“When a person located abroad violates the laws of the United States, that person may be held criminally liable despite the fact that the person has never set foot in the United States.”

In other words, every person and company in the world should comply with U.S. law. The Government explains that some companies including Megaupload are exploiting “Rule 4” to remain unaccountable. However, the Government tells the court that the suggestion to improve the law doesn’t mean that Megaupload can’t be prosecuted.

“The Department never concedes, as Megaupload wrongly claims, that a proper interpretation of Rule 4 would bar the company’s prosecution,” the Government tells the court in its most recent filing.

In addition to this clarification the Government further references an additional legal precedent which shows that foreign companies without an address in the United States can be criminally prosecuted.

The Government’s response ends with a “warning” that dismissing the indictment against Megaupload, even temporarily, may mean the end of the case.

“Such dismissal, even without prejudice, would harm (perhaps fatally) the government’s ability to fully prosecute serious criminal conduct of the corporate defendant Megaupload, the ability of victims to obtain justice, and the public’s interest in resolving this case efficiently,” the Government writes.

With the sentence above the Government suggests that the entire case against Megaupload could collapse, putting a lot of weight on the decision of District Court Judge Liam O’Grady, and perhaps not unintentionally.

Under this pressure the Judge now has to decide whether or not Megaupload should be dismissed from the indictment. If that’s the case, Megaupload plans to give users access to the files that were seized, and it will also free up funds for a proper defense.
http://torrentfreak.com/united-state...d-case-130505/





U.S. Top Lawman Denies Bowing to Hollywood in Megaupload Case

The United States' chief prosecutor has denied that its investigation into the Megaupload file-sharing site on charges of online piracy is an example of Washington bowing to Hollywood pressure.

During a visit to New Zealand, U.S. Attorney General Eric Holder also said that he saw no reason why Kim Dotcom, the founder of the defunct site who lives in New Zealand, should not be extradited to the United States to face charges of facilitating massive piracy of copyrighted music and movies.

"That's not true," Holder told Radio New Zealand, when asked to respond to Dotcom's claims that Hollywood moguls are pressuring Washington to target file-sharing sites, which can house pirated content uploaded and downloaded by individual users.

"(The case) was brought on the basis of facts, on the basis of law, and it is consistent with the enforcement priorities that this administration has had," he said.

The United States began a criminal copyright case against Dotcom in January 2012. At Washington's request, New Zealand law enforcement officers conducted a dramatic raid on his mansion outside Auckland.

Attempts to have him sent to the United States for trial were delayed after a New Zealand court last year found that New Zealand used unlawful warrants in his arrest and illegally spied on him in the lead-up to the raid.

An extradition hearing is scheduled for August, although it could be delayed by further appeals. Holder said he expected Dotcom to be extradited to the United States, adding that he was happy with the level of cooperation with New Zealand authorities on the case.

"There are things which are working their way through the New Zealand court system, but we've had good communications, and I think at the end of the day, there will be an appropriate result," he said.

Dotcom and six associates face U.S. charges that they conspired to infringe copyrights, launder money and commit racketeering and fraud.

The copyright case could set a precedent for internet liability laws and, depending on its outcome, may force entertainment companies to rethink their distribution methods.

Dotcom maintains that Megaupload, which housed everything from family photos to Hollywood blockbusters, was merely a storage facility for online files, and should not be held accountable if content stored on the site was obtained illegally.

The U.S. Justice Department counters that Megaupload encouraged piracy by paying money to users who uploaded popular content and by deleting content that was not regularly downloaded.

Holder is visiting New Zealand this week for a meeting of attorneys general from the United States, New Zealand, Australia, Britain, and Canada.

(Reporting by Naomi Tajitsu; Editing by Leslie Gevirtz)
http://www.reuters.com/article/idUSBRE94718F20130508





Judge Sends Porn-Trolling Lawyers to Criminal Investigators

Lawyers who obfuscated for years face disbarment and a $82,000 fine.
Joe Mullin

US District Judge Otis Wright has no love for the lawyers who set up the copyright-trolling operation that came to be known as Prenda Law. But Wright at least acknowledges their smarts in his long-awaited order, released today. Wright's order is a scathing 11 page document, suggesting Prenda masterminds John Steele and Paul Hansmeier should be handed over for criminal investigation. In the first page, though, the judge expresses near admiration for the sheer dark intelligence of their scheme—it's so complete, so mathematical in its perfection.

"Plaintiffs have outmaneuvered the legal system," Wright begins. He goes on:

They've discovered the nexus of antiquated copyright laws, paralyzing social stigma, and unaffordable defense costs. And they exploit this anomaly by accusing individuals of illegally downloading a single pornographic video. Then they offer to settle—for a sum calculated to be just below the cost of a bare-bones defense. For these individuals, resistance is futile; most reluctantly pay rather than have their names associated with illegally downloading porn. So now, copyright laws originally designed to compensate starving artists allow, starving attorneys in this electronic-media era to plunder the citizenry.

And yes, if reading "resistance is futile" rattles something in your brain, Wright's order is thoroughly peppered with Star Trek references.

The plaintiffs have a right to assert their intellectual property rights, "so long as they do it right," Wright acknowledges. That's not what happened here, though. Prenda lawyers used "the same boilerplate complaints against dozens of defendants," without telling the judge. Instead, defense lawyers like Morgan Pietz flagged the dozens of related cases. "It was when the Court realized Plaintiffs engaged their cloak of shell companies and fraud that the court went to battlestations," states Wright.

A harsh fact-finding

At a hearing last month, the lawyers behind Prenda finally showed in court up as Wright ordered them to. But when they were confronted with Wright's questions, they clammed up and pled the Fifth Amendment. They wouldn't answer simple questions, like who owned their shell companies and where the settlement money (rumored to be in the millions) was going.

"Well, if you say answering those kinds of questions would incriminate him, I'll take you at your word," Wright said to Hansmeier's lawyer at the time.

The three lawyers Wright refers to as the "Principals"—lawyers Paul Hansmeier, John Steele, and Paul Duffy—refused to describe their own behavior in court. Now, just as he said he would, Wright has assumed the worst.

In today's order, Wright finds that:

• Prenda shell companies like AF Holdings and Ingenuity 13 were created "for the sole purpose of litigating copyright-infringement lawsuits." They have no assets other than the pornographic movies they sue over. And despite their legal trickery using offshore vehicles, "the Principals [Steele, Hansmeier, and Paul Duffy] are the de facto owners and officers."
• Their strategy of identifying IP numbers, issuing subpoenas to ISPs, and sending demand letters offering to settle for about $4,000 "was highly successful because of statutory-copyright damages, the pornographic subject matter, and the high cost of litigation." Steele, Hansmeier and Duffy got "proceeds of millions of dollars due to the numerosity of Defendants." And Wright added, "No taxes have been paid on this income."
• The Prenda lawyers engaged in "vexatious litigation designed to coerce settlement." They showed little desire to actually fight when a "determined defendant" showed up. "Instead of litigating, they dismiss the case," notes Wright. "When pressed for discovery, the Principals offer only disinformation—even to the Court."
• Local California lawyer Brett Gibbs sued on behalf of Prenda and then tried to back away from their scheme to testify against them, but he's still in trouble. Wright states, "Though Gibbs is culpable for his own conduct before the Court, the Principals directed his actions. In some instances, Gibbs operated within narrow parameters given to him by the Principals, whom he called 'senior attorneys.'"
• Finally, the allegations of identity theft look legitimate. Steele, Hansmeier, and Duffy conspired to fraudulently sign the copyright assignment for the adult movie Popular Demand using Alan Cooper's signature, pretending he was an officer of AF Holdings.
• Wright concludes: "Plaintiffs’ representations about their operations, relationships, and financial interests have varied from feigned ignorance to misstatements to outright lies. But this deception was calculated so that the Court would grant Plaintiffs’ early-discovery requests, thereby allowing Plaintiffs to identify defendants and exact settlement proceeds from them. With these granted requests, Plaintiffs borrow the authority of the Court to pressure settlement."

Sanctions range from merely expensive to criminal

In the final section of his order, before proceeding to the actual sanctions, Wright begins with an example of Prenda attorney Gibbs skirting the truth.

All Prenda has in the way of evidence is a "snapshot" showing that an IP address was seen online in a torrent swarm. "Without better technology, prosecuting illegal BitTorrent activity requires substantial effort in order to make a case," says Wright. "It is simply not economically viable to properly prosecute the illegal download of a single copyrighted video."

Instead of owning up to other possibilities—such as an outsider using someone's home Wi-Fi signal—Gibbs deceptively downplayed them, according to Wright. Gibbs characterized one defendant's property as "a very large estate consisting of a gate for entry and multiple separate houses/structures on the property." The problem for Gibbs is that Judge Wright knows how to use Google: he pulled up a Google Street View scene of the address and found a modest home in West Covina, a Los Angeles suburb. "It is a small house in a closely packed residential neighborhood," says Wright. "There are also no gates visible. Gibbs's statement is a blatant lie."

Judge Wright once used the word "fraud" when confronting Prenda lawyers, a statement they later cited when they pled the Fifth. But beyond the certain instances like Gibbs' description of the house or the Alan Cooper deception—"a forgery is still a forgery," notes Wright—there's little hard evidence of lies under oath. (Although Prenda is up against a deadline in another case to produce a hard signature of a trust identified as "Salt Marsh.")

Wright suggests the Prenda enterprise as a whole is a kind of lie of omission:

Nevertheless, it is clear that the Principals’ enterprise relies on deception. Part of that ploy requires cooperation from the courts, which could only be achieved through deception. In other words, if the Principals assigned the copyright to themselves, brought suit in their own names, and disclosed that they had the sole financial interest in the suit, a court would scrutinize their conduct from the outset. But by being less than forthcoming, they defrauded the Court. They anticipated that the Court would blindly approve their early-discovery requests, thereby opening the door to more settlement proceeds.

As for penalties, they begin with attorneys' fees. Prenda will have to pay these to the two defense lawyers who have been instrumental in this case: Morgan Pietz and Nicholas Ranallo. Wright awards $36,150 in fees to Pietz, $1,950 in fees to Ranallo, as well as legal costs (copying and filing fees, for example) to both. He then doubles the amount "as a punitive measure," arriving at $81,319.72. In a footnote, Wright says that the sum "is calculated to be just below the cost of an effective appeal"—a final dig at the Prenda business model of settlement offers just below the cost of defense. The Prenda folks have 14 days to pay up.

The harshest penalties are saved for last. First, Judge Wright suggests the Prenda lawyers should be disbarred, writing "there is little doubt that Steele, Hansmeier, Duffy, [and] Gibbs suffer from a form of moral turpitude unbecoming an officer of the court." In many states, including California, crimes reaching the standard of "moral turpitude" lead to automatic disbarment. Wright will be referring the four lawyers to every state bar in which they are admitted to practice.

Wright also suggests the Prenda scheme went far enough to warrant criminal investigation. And Brett Gibbs—the Prenda accomplice who portrayed himself as a low-level attorney and who tried to distance himself from the core group—doesn't get any kid-glove treatment. The judge concludes:

Third, though Plaintiffs boldly probe the outskirts of law, the only enterprise they resemble is RICO. The federal agency eleven decks up is familiar with their prime directive and will gladly refit them for their next voyage. The Court will refer this matter to the United States Attorney for the Central District of California. The [court] will also refer this matter to the Criminal Investigation Division of the Internal Revenue Service and will notify all judges before whom these attorneys have pending cases.
http://arstechnica.com/tech-policy/2...investigators/





Copyright Troll Righthaven Finally, Completely Dead

Never had standing to sue, Ninth Circuit confirms.
Nate Anderson

Righthaven, the Las Vegas operation that sought to turn newspaper article copyright lawsuits into a business model, can now slap a date on its death certificate: May 9, 2013. This morning, the US Court of Appeals for the Ninth Circuit ruled on the two Righthaven appeals that could have given the firm a final glimmer of hope—and the court told Righthaven to take a hike.

"Abraham Lincoln told a story about a lawyer who tried to establish that a calf had five legs by calling its tail a leg. But the calf had only four legs, Lincoln observed, because calling a tail a leg does not make it so," the opinion begins.

"Before us is a case about a lawyer who tried to establish that a company owned a copyright by drafting a contract calling the company the copyright owner, even though the company lacked the rights associated with copyright ownership. Heeding Lincoln's wisdom, and the requirements of the Copyright Act, we conclude that merely calling someone a copyright owner does not make it so."

Righthaven's grand plan was to license articles from the Las Vegas Review-Journal, find people who had posted pieces of those articles online, then threaten those people with massive statutory damages unless they sent in checks for a couple thousand dollars. This proved hugely controversial, largely because it involved Righthaven threatening all manner of appealing defendants—up to and including sources for Review-Journal stories and an Ars Technica author.

Righthaven was run by lawyers, but those lawyers made a major mistake: they never actually assigned the copyrights in the newspaper articles to Righthaven. What they did assign was, in the court's words, "the right to sue for infringement." No such right exists in US copyright law, however, and since the Review-Journal maintained functional control over the exploitation of those copyrights, Righthaven had no standing to bring its lawsuits.

Righthaven made all sorts of arguments that it really did control the copyrights in the articles, but the Ninth Circuit didn't like any of them. All such arguments were like that made by the lawyer in Lincoln's story—Righthaven could assert that it was the copyright owner, but the judges said this was mere "form over substance." Calling oneself the copyright owner doesn't make it so; one has to look at the rights that are actually conveyed.

The Righthaven story has been a pathetic one for some time; the company's assets were seized, its domain name and copyrights were sold off, and money was paid to defense lawyers. In the absence of a future (and deeply unlikely) Supreme Court appeal, Righthaven is now done. Why did it even continue to fight for this long? Marc Randazza, the lawyer who helped bring Righthaven down, told us back in February that the appeal was "a tantrum and an attempt to salve [Righthaven principal Steve Gibson's] ego. And I can almost respect that."

Update: In a press release today, Randazza said, “Copyright law exists to protect the creative process, and to reward authors–not to create illegitimate shakedown schemes. Everyone at the firm is proud of its role in bringing this matter to its conclusion. However, given Righthaven’s unwillingness to make rational choices, I expect a petition for the United States Supreme Court to hear the case. Stay tuned.”
http://arstechnica.com/tech-policy/2...mpletely-dead/





‘They Stole It’: Dr. Phil Sues Gawker Over Manti Te’o Hoaxer Video
Dominic Patten

Dr. Phil claims that Gawker caused his ratings to drop by lifting video from his show and he’s going after them for it. The copyright infringement suit is over the TV shrink’s interview with the man who says he fooled Heisman Trophy runner-up Manti Te’o into thinking he was his fake dead girlfriend. In an 8-page complaint (read it here) filed today in federal court in Texarkana, Texas, Dr. Phil Show copyright holders Peteski Productions sent notice to Gawker Media and its sports website Deadspin that they want unspecified damages and a jury trial. “Gawker deliberately set out to get ‘the jump’ on the rest of the country and ‘scoop’ Dr. Phil with his own content. They did not earn that right, they stole it. They did not conduct the interview, they stole it. They did not ask permission, they blatantly and knowingly infringed the copyright of the content owner and did so in a way that furthered their interest to the maximum and undercut the rightful owner of the protected material,” claims the complaint. The whole thing revolves around two episodes of the syndicated Dr. Phil Show that aired on January 31 and February 1 where the TV psychologist exclusively spoke to girlfriend impersonator and Te’o acquaintance Ronaiah Tuiasosopo.

Previously Notre Dame’s Te’o claimed that he had a girlfriend called Lennay Kekua who had died from car accident and leukemia on September 11, 2012. They had met online and he played out the season in honor of the Standford student. As Deadspin revealed on January 16, it turned out Kekua wasn’t real and the footballer had been fooled. A couple of weeks later Dr, Phil was going to show everyone how it was done in a heavily promoted two part show – or so the show’s producer’s intended.

“In a premeditated plan to steal Peteski’s copyrighted material, Deadspin posted the video of the second show … not later than 9:30 AM Eastern Standard Time, hours before the Dr. Phil Show aired to over 98% of its viewers. … Although the second show was expected to exceed the ratings number of the first show, in fact, the ratings declined substantially because the result of the “CLIFFHANGER” was no longer in doubt. It had been misappropriated by Deadspin,” adds the filing. The 23-second clip showed Tuiasosopo behind a screen doing the voice that seemingly fooled Te’o. Peteski Productions is represented by Charles “Chip” Babcock, Carl Butzer and Nancy Hamilton of Dallas firm Jackson Walker and attorney George McWilliams of Texarkana.
http://www.deadline.com/2013/05/dr-p...-hoaxer-video/





Adobe Just Killed Your Ability To Pirate Photoshop
John Paul Titlow

Well, it was fun while it lasted. Countless students, artists and overall cheapskates who have long enjoyed using Adobe's Creative Suite software without paying for it will soon have to pony up. Adobe is formally moving the latest versions of Photoshop and related design and production software to the cloud — specifically, to Adobe's newly dubbed "Creative Cloud" — where they will only be available via monthly subscription.

It's a smart business move for Adobe, who stands to receive a steady stream of revenue from customers who otherwise might take their sweet time shelling out several hundred greenbacks for each major upgrade. Instead, those folks can just dole out $50 per month for access to the entire collection of Adobe software, which is all tied together with the company's cloud-based storage and offers other Web-based features.

With this move, the software we still fire up our laptops to use makes a significant shift toward a cloud-based, mobile world. Makes sense.

Uncracking The Creative Suite

Switching to a subscription model also makes it much harder to pirate the software. This is something Adobe has struggled with for a long time, routinely coming up with new ways to verify the authenticity of new installs.

Of course, each new form of copy protection also triggered a workaround from hackers who would crack the software and then make it available on file-sharing sites. The latest version of the Creative Suite Master Collection, for instance, can easily be torrented and, using easy-to-follow instructions, cracked to feign authenticity and block Adobe's servers from discovering that you did not in fact pay $1,300 for it.

Pirating Adobe's software — especially Photoshop — has become very common among consumers who can't or won't pay several hundred dollars for it, but who nonetheless rely on its state-of-the-art image editing features for school, work or personal projects. Older versions of Photoshop, Illustrator, Dreamweaver and the rest of the Creative Suite will still be available from Adobe — as well as the Pirate Bay — for some time to come.

But from now on, Adobe's product development will thrive behind a subscription paywall. Using Adobe CS6 will be sufficient for quite a while, but eventually anybody wanting to take advantage of the latest and greatest in photo-editing, Web design and other creative production will have to pay up.

An Opportunity For Competitors — And Consumers

For those not willing to subscribe to Creative Cloud, there's a growing list of alternatives. Nobody offers a suite quite as robust as Adobe's, which handles photos, graphic design, print layouts, Web development, video editing, animation and more. But for each of the creative needs that Adobe meets, there are other offerings.

The most sought-after alternatives will likely be to Photoshop. Again, the original CS6-and-earlier versions of Adobe's apps will still work. But if one ever tires of the feature set and wants to try a product that continues to evolve, desktop apps like Pixelmator and Inkscape are pretty impressive. For basic photo-editing, tablet-based apps like PhotoGene, Photoshop Touch and Apple's iPhoto for iPad are all surprisingly capable.

For each app in the suite, there's a different list of competitors. There's Final Cut Pro for video, Maya for animation and um, actually learning to code for Dreamweaver.

Perhaps most important, Adobe's shift to a subscription model presents new opportunities for other companies and developers to build new capable, competitively-priced alternatives. As for the software-crackers, we have no doubt that they'll be busy trying to find ways to trick Adobe's new system.
http://readwrite.com/2013/05/06/adob...rate-photoshop





Adobe’s Creative Cloud Illustrates How the Cloud Costs You

Cloud-based subscription services have a lot to offer customers. But over the long term, they may benefit IT companies even more.
Nick Kolakowski

Adobe plans on focusing the bulk of its software-development efforts on its Creative Cloud offering, with no plans to further update its “boxed” Creative Suite products. The move isn’t surprising, considering the tech industry’s general movement toward the cloud over the past few years; nonetheless, it could still come as a bit of shock for those customers used to InDesign, Illustrator and other Adobe products as traditional pieces of software.

Adobe argues that focusing on the cloud will allow it to innovate faster. And while Creative Cloud represents the bulk of the company’s software offerings, it will continue to offer other products in a boxed format.

In a recent interview with Mashable, Adobe CEO Shantanu Narayen discussed some of the ways his company would benefit from migrating to Creative Cloud’s SaaS model: better piracy controls, less money spent on product packaging (and shipping, presumably), and speedier upgrade cycles. “Companies that wish to thrive in this next tech era need to embrace or perish,” he told the publication. “We’re not only embracing, we’re leading.”

Creative Cloud will cost $19.99 per month for a “single app” version that features the full version of “selected apps,” 20GB of cloud storage, and limited access to services. Those who opt for the “complete” version will pay $49.99 per month for every Creative Cloud app, 20GB of cloud storage, and full access to services; it also requires an annual commitment.

At that price, it would take a little over a year for a customer spending $49.99 per month to exceed the full retail cost of box-based Adobe Creative Suite 6, which currently retails for $599.99 at Staples and $403.99 on Amazon.

But Narayen insisted to Mashable that the Creative Cloud’s cost to customers is lower, especially since they won’t have to pay for cloud storage and other services—never mind that 20GB doesn’t carry anyone far when it comes to visual design.

Adobe isn’t the only company poised to profit from the subscription cloud model. Take Microsoft’s Office 365, which costs $20 per user per month for the “recommended” Enterprise E3 edition. (Other Office 365 versions for SMBs and consumers will cost consumers a bit less—Office 365 Home Premium edition, for example, is priced at $99.99 per year.) Compare that to the single-license version of Microsoft Office Home and Business 2013, which retails on Amazon for $219.99: it would take over a year’s worth of monthly payments, but eventually the customer with cloud-based Office 365 would end up paying more than the one who opted for the box version of Office.

Microsoft executives’ arguments for Office 365 sound very similar to those offered by Narayen: a cloud-based platform can be continually updated, accessed from anywhere, and seamlessly upgraded to meet future needs. Companies that migrate their products to the cloud also inevitably argue that a significant portion of those monthly subscription fees go to maintaining the backend infrastructure that serves the software to users; but with the processes behind the cloud becoming more efficient (and hardware inevitably becoming cheaper and more automated), it’s hard to argue that the cloud isn’t a profitable business opportunity for any IT firm capable of executing properly.

In other words, customers stand to benefit from the cloud. But over a long enough timeline, and with the right financial model in place, the companies providing those services stand to benefit even more.
https://slashdot.org/topic/cloud/ado...oud-costs-you/





Tor Books Says Cutting DRM Out of its E-Books Hasn’t Hurt Business

A look at the sci-fi publisher a year after it announced it would do away with DRM.
Megan Geuss

Early this week, Tor Books, a subsidiary of Tom Doherty Associates and the world's leading publisher of science fiction, gave an update on how its decision to do away with Digital Rights Management (DRM) schemes has impacted the company. Long story short: it hasn't, really.

Tor announced last April that it would only retail e-books in DRM-free formats because its customers are “a technically sophisticated bunch, and DRM is a constant annoyance to them. It prevents them from using legitimately-purchased e-books in perfectly legal ways, like moving them from one kind of e-reader to another."

This week, Julie Crisp, editorial director at Tor UK, wrote that the publisher has seen “no discernible increase in piracy on any of our titles, despite them being DRM-free for nearly a year.”

Tor's 2012 decision was largely applauded by its customers, who enjoyed being able to share e-book files among various devices. Tor's authors are happy too. “All of our authors including bestsellers such as Peter F. Hamilton and China Miéville were incredibly supportive when we asked them to consider removing DRM from their titles,” Crisp wrote. “All of them [signed] up without hesitation to a scheme which would allow their readers greater freedom with their novels.”

Not everyone was on board with Tor's decision, however. In August 2012, a leaked letter from Hachette UK to a number of authors suggested that Tor's DRM-free e-books strategy would “make it difficult for the rights granted to us [Hachette] to be properly protected.” The letter urged authors to push pack against Tor's DRM-free policy.

This reaction was more of a flash in the pan, and Tor says it will continue to publish e-books DRM-free. “The move has been a hugely positive one for us, it’s helped establish Tor and Tor UK as an imprint that listens to its readers and authors when they approach us with a mutual concern—and for that we’ve gained an amazing amount of support and loyalty from the community,” Crisp wrote.

It's unclear whether Tor's success will sway other e-book publishers toward offering DRM-free titles. As Forbes contributor Suw Charman-Anderson points out, Tor has a unique customer base. Their readers are more engaged with authors than readers of other genres are. Still, one common argument is that DRM can be easily removed with a little know-how, so blocking a reader from sharing a book across multiple devices ends up being an inconvenience rather than a deterrent.
http://arstechnica.com/business/2013...hurt-business/





It's LEGAL to Download The Great Gatsby...
...in most of the world!

If you are in the US, then tough luck, the rights belong to the CBS Corporation, and you'll have to pay Amazon $7.80 $4.99 to get it legally on your Kindle.

If you are sober enough to know which country's laws you're subject to (not that sobriety is a guarantee of jurisdiction-awareness) then you probably still don't know whether it's legal to download The Great Gatsby from Project Gutenberg Australia or the University of Adelaide. It's too bad that SOPA didn't pass because then all the US-illegal links to The Great Gatsby would be censored by law, and you would automatically have infringing links removed or not as the case may require.

So this is a little auto-link-legalizer page here for you. Just click on the appropriate link:

• I'm subject to US copyright law.
• I'm subject to the copyright law of Australia, Canada, or some other pirate jurisdiction.
• I have no clue what copyright law I'm subject to.

http://go-to-hellman.blogspot.com/20...at-gatsby.html





Napster For Pirated 3D Printing Templates?
Josh Constine

Buy it in a store, laser-scan it at home, upload it to the web, print it anywhere. 3D printing is poised for the mainstream, but what happens when one person’s finely hand-crafted designs can be pirated and reproduced by anyone? Will 3D-printing-piracy social networks arise? And how will manufacturers lobby to stop them?

The ideas came out of my conversation at TechCrunch Disrupt NY with Alex Winter, director of the new documentary about Napster called “Downloaded”. While The Economist pondered these questions last year, and The Pirate Bay has coined the term “physibles” for 3D-printed objects, Winter takes the next step. He suggests a Napster for 3D printing models is inevitable.

I believe it. The way the music industry was unprepared for the mp3 revolution, the manufacturing industry seems similarly behind the curve. It might even be worse off. At least the record companies had the Digital Millennium Copyright Act to fall back on. As of now, physible designs could be interpreted as falling into a gray area between art and media protected by the DMCA, and what can be patented. 3D printing template marketplaces like 3DLT could also get sideswiped by piracy.

3D Printing PiracyI imagine this situation will lead to the rise of a Napster for 3D printing models along with websites like The Pirate Bay’s physibles section. People will build up curated collections of designs, pass them back and forth, and you’ll be able to print cheap versions of expensive objects from tools to jewelry, furniture to toys, and even guns. The idea of people being able to download an array of weapon designs could be terrifying or liberating depending on your perspective.

Eventually, the old manufacturing industry will wise up, and independent designers will band together to try to thwart physible piracy. They might aim for changes to the laws to make this kind of piracy more clearly illegal with stiff penalties. They might also aim for some sort of digital rights management standard. Imagine if pirated designs could be added to a blacklist and the most popular 3D printers like Makerbots, Printrbots, and Cubes wouldn’t allow you to print them.

However it all plays out, it’s sure to be exciting. It’d be a shame to see piracy erode the livelihood of craftsmen and women the way some believe it does for musicians and game designers. As amateur 3D printing turns from science fiction to destiny to reality, a new set of challenges will emerge for meatspace artists whose work can be boiled down to ones and zeros.
http://techcrunch.com/2013/05/04/3d-...acy-physibles/





State Department Demands Takedown Of 3D-Printable Gun Files For Possible Export Control Violations
Andy Greeberg

The battle for control of dangerous digital shapes may have just begun.

On Thursday, Defense Distributed founder Cody Wilson received a letter from the State Department Office of Defense Trade Controls Compliance demanding that he take down the online blueprints for the 3D-printable “Liberator” handgun that his group released Monday, along with nine other 3D-printable firearms components hosted on the group’s website Defcad.org. The government says it wants to review the files for compliance with arms export control laws known as the International Traffic in Arms Regulations, or ITAR. By uploading the weapons files to the Internet and allowing them to be downloaded abroad, the letter implies Wilson’s high-tech gun group may have violated those export controls.

“Until the Department provides Defense Distributed with final [commodity jurisdiction] determinations, Defense Distributed should treat the above technical data as ITAR-controlled,” reads the letter, referring to a list of ten CAD files hosted on Defcad that include the 3D-printable gun, silencers, sights and other pieces. “This means that all data should be removed from public acces immediately. Defense Distributed should review the remainder of the data made public on its website to determine whether any other data may be similarly controlled and proceed according to ITAR requirements.”

Wilson, a law student at the University of Texas in Austin, says that Defense Distributed will in fact take down its files until the State Department has completed its review. “We have to comply,” he says. “All such data should be removed from public access, the letter says. That might be an impossible standard. But we’ll do our part to remove it from our servers.”

As Wilson hints, that doesn’t mean the government has successfully censored the 3D-printable gun. While Defense Distributed says it will take down the gun’s printable file from Defcad.org, its downloads–100,000 in just the first two days the file was online–were actually being served by Mega, the New Zealand-based storage service created by ex-hacker entrepreneur Kim Dotcom, an outspoken U.S. government critic. It’s not clear whether the file will be taken off Mega’s servers, where it may remain available for download. The blueprint for the gun and other Defense Distributed firearm components have also been uploaded several times to the Pirate Bay, the censorship-resistant filesharing site.

Wilson argues that he’s also legally protected. He says Defense Distributed is excluded from the ITAR regulations under an exemption for non-profit public domain releases of technical files designed to create a safe harbor for research and other public interest activities. That exemption, he says, would require Defense Distributed’s files to be stored in a library or sold in a bookstore. Wilson argues that Internet access at a library should qualify under ITAR’s statutes, and says that Defcad’s files have also been made available for sale in an Austin, Texas bookstore that he declined to name in order to protect the bookstore’s owner from scrutiny.

Despite taking down his files, Wilson doesn’t see the government’s attempts to censor the Liberator’s blueprints as a defeat. On the contrary, Defense Distributed’s radical libertarian and anarchist founder says he’s been seeking to highlight exactly this issue, that a 3D-printable gun can’t be stopped from spreading around the global Internet no matter what legal measures governments take. “This is the conversation I want,” Wilson says. “Is this a workable regulatory regime? Can there be defense trade control in the era of the Internet and 3D printing?”

Wilson compares his new legal troubles to the widely-followed case in the mid-1990s of Philip Zimmermann, the inventor of the cryptographic software PGP, who was threatened with indictment under ITAR for putting his military-grade encryption software online. “It’s PGP all over again,” says Wilson.

In Zimmermann’s case, much of the technology community was outraged that PGP’s inventor was being treated as if he were selling bombs or missiles to a foreign regime when he had simply put a powerful piece of privacy software on the Internet. That public support is widely thought to have influenced the State Department decision in 1996 to drop its case against him.

In this case, by contrast, Cody Wilson is literally an arms manufacturer. But whether the government will have any more luck in controlling the spread of his invention remains to be seen.

I’ll provide updates as this story develops.

Correction: In an earlier version of this story I described Wilson as an “arms distributor.” In fact, he’s an arms manufacturer, while Defense Distributed is a software distributing non-profit. Since Defense Distributed–not Wilson himself–is the target of the State Department’s query, that may be an important distinction.

Update: Here’s the full text of the letter.

United States Department of State

Bureau of Political-Military Affairs

Offense of Defense Trade Controls Compliance

May 08, 2013

In reply letter to DTCC Case: 13-0001444

[Cody Wilson's address redacted]

Dear Mr. Wilson,

The Department of State, Bureau of Political Military Affairs, Office of Defense Trade Controls Compliance, Enforcement Division (DTCC/END) is responsible for compliance with and civil enforcement of the Arms Export Control Act (22 U.S.C. 2778) (AECA) and the AECA’s implementing regulations, the International Traffic in Arms Regulations (22 C.F.R. Parts 120-130) (ITAR). The AECA and the ITAR impose certain requirements and restrictions on the transfer of, and access to, controlled defense articles and related technical data designated by the United States Munitions List (USML) (22 C.F.R. Part 121).

The DTCC/END is conducting a review of technical data made publicly available by Defense Distributed through its 3D printing website, DEFCAD.org, the majority of which appear to be related to items in Category I of the USML. Defense Distributed may have released ITAR-controlled technical data without the required prior authorization from the Directorate of Defense Trade Controls (DDTC), a violation of the ITAR.

Technical data regulated under the ITAR refers to information required for the design, development, production, manufacture, assembly, operation, repair, testing, maintenance or modification of defense articles, including information in the form of blueprints, drawings, photographs, plans, instructions or documentation. For a complete definition of technical data, see 120.10 of the ITAR. Pursuant to 127.1 of the ITAR, it is unlawful to export any defense article or technical data for which a license or written approval is required without first obtaining the required authorization from the DDTC. Please note that disclosing (including oral or visual disclosure) or tranferring technical data to a foreign person, whether in the United States or abroad, is considered an export under 120.17 of the ITAR.

The Department believes Defense Distributed may not have established the proper jurisdiction of the subject technical data. To resolve this matter officially, we request that Defense Distributed submit Commodity Jurisdiction (CJ) determination requests for the following selection of data files available on DEFCAD.org, and any other technical data for which Defense Distributed is unable to determine proper jurisdiction:

1. Defense Distributed Liberator pistol
2. .22 electric
3. 125mm BK-14M high-explosive anti-tank warhead
4. 5.56/.223 muzzle brake
5. Springfield XD-40 tactical slide assembly
6. Sound Moderator – slip on
7. “The Dirty Diane” 1/2-28 to 3/4-16 STP S3600 oil filter silencer adapter
8. 12 gauge to .22 CB sub-caliber insert
9. Voltlock electronic black powder system
10. VZ-58 sight

DTCC/END requests that Defense Distributed submits its CJ requests within three weeks of the receipt of this letter and notify this office of the final CJ determinations. All CJ requests must be submitted electronically through an online application using the DS-4076 Commodity Jurisdiction Request Form. The form, guidance for submitting CJ requests, and other relevant information such as a copy of the ITAR can be found on DDTC’s website at http://www.pmddtc.state.gov.

Until the Department provides Defense Distributed with the final CJ determinations, Defense Distributed should treat the above technical data as ITAR-controlled. This means that all such data should be removed from public access immediately. Defense Distributed should also review the remainder of the data made public on its website to determine whether any additional data may be similarly controlled and proceed according to ITAR requirements.

Additionally, DTCC/END requests information about the procedures Defense Distributed follows to determine the classification of its technical data, to include aforementioned technical data files. We ask that you provide your procedures for determining proper jurisdiction of technical data within 30 days of the date of this letter to Ms. Bridget Van Buren, Compliance Specialist, Enforcement Division, at the address below.


Office of Defense Trade Controls Compliance

PM/DTCC, SA-1, Room L132

2401 E Street, NW

Washington, DC 20522

Phone 202-663-3323

We appreciate your full cooperation in this matter. Please note our reference number in any future correspondence.

Sincerely,

Glenn E. Smith

Chief, Enforcement Division

http://www.forbes.com/sites/andygree...rol-violation/





BitTorrent Announces Bundle, a ‘Gated’ Torrent Aimed at Legitimizing File-Sharing
Graeme McMillan

Today, BitTorrent announced the BitTorrent Bundle, a new kind of torrent format that not only includes free content, but also acts as a gateway to additional material, offering creators a chance to distribute (and profit from) their work by themselves, outside of traditional methods. It’s part of a new push by BitTorrent to legitimize the format in the eyes of the entertainment industry and take the file-sharing software from piracy favorite to necessary part of the business for movie and music makers big and small.

Although many people know BitTorrent as “that thing that everyone uses to download Game of Thrones illegally,” significantly fewer know that the name actually belongs to the San Francisco-based company that developed the peer-to-peer file sharing technology. “We haven’t done a very good job of owning our brand over the past 10 years,” Matt Mason, BitTorrent’s VP of marketing, told Wired.

“Many people don’t realize that we have over 2 million pieces of licensed and legal content available in our ecosystem,” Mason said. “It is true that our technology is exploited as part of a stack of technologies used for piracy. But you’ll find that as a standalone tool we are not a very good piracy tool. We don’t rip CDs or capture movies on camcorders. We don’t host content that infringes on copyright, we don’t index it, point to it or promote it in any way. All of those things happen outside of BitTorrent.”

Inside of BitTorrent, it’s a different story. The BitTorrent Bundle is described by the company as an evolution of the torrent file concept. The user downloads the Bundle, which contains not only free content — in the case of the first Bundle, the Dada Life remix of the Kaskade track “Dynasty,” as well as the trailer for Kaskade’s Freaks of Nature tour documentary — but also a gateway to premium content, as well.

How you open that gate is determined by the creator of the content. For this launch Bundle, it’s simply by sharing your email, but alternatives include pay gates, pay-what-you-want gates, or even links to outside sites like Netflix or iTunes. BitTorrent Bundles, in other words, gives musicians, moviemakers and artists of all kinds more control over how their work gets shared and sold.

The Bundle is just one way in which the company is working to rehabilitate its reputation in the entertainment industry. In recent months, Mason pointed out, the company has worked with documentary filmmakers Vikram Gandhi and Stacy Peralta, author Tim Ferriss and musical artists like Death Grips and the Counting Crows to develop a series of programs that demonstrate BitTorrent can actually add value to content creators. “We’ve been piloting the transmedia and monetization potential of content published through BitTorrent,” he said.

BitTorrent’s efforts in this area prompted Fast Company to name it one of 2013′s Most Innovative Companies, an award Mason hopes might change the perception about what his company is, and can do. “One of the hurdles we face is the way we are perceived by Hollywood,” Mason said. “Many in that industry think we are Napster or The Pirate Bay. But they are misinformed. Although it’s true that Hollywood and Silicon Valley have long misunderstood one another, we see everyday the value we can offer.”

Others are starting to come around to the idea that BitTorrent not only isn’t the enemy, but could be a very helpful friend. Last month, indie film studio Cinedigm released the first seven minutes of the film Arthur Newman via BitTorrent ahead of its April 26 release in theaters, a move that surprised many. But when you look at the numbers, it makes a lot of sense, said Jill Calcaterra, the company’s chief marketing officer.

“When we learned that the BitTorrent protocol is used by over 170 million users, all of whom are avid consumers of entertainment and music and whom purchase 30 percent more of that content than average, we knew we wanted to reach out to them and engage them in our indie film,” she said. “This was an opportunity to engage a huge fanbase from the onset by giving them something unique and exclusive early on, with the hopes that in return they will support the film through its lifecycle. Being an indie, I think we are more nimble than most and more willing to try and pilot new programs. The entertainment business is moving at a remarkable pace and we want to keep up and stay in front of opportunities.”

According to Calcaterra, the Arthur Newman promotion, generated “hundreds of thousands of downloads” within just the first 24 hours and delivered a similar number of visitors to marketing channels for the movie. “We are also tracking the redirects to our website, monitoring social media and the overall conversation around the film, all of which is up since we launched with BitTorrent,” she added.

For BitTorrent, initiatives like the Arthur Newman promotion and the Kaskade Bundle are just the start of a process that, it’s hoped, will move the software and company further into the entertainment industry mainstream. It’ll be a long haul, Mason said, but once executives — who tend to be all about the numbers, after all — see the results BitTorrent can deliver in terms of fan engagement, they’ll get the picture.

“We find that once we do sit down and talk, there is a better understanding of how to work together,” he said. “No other medium offers as good of a way for content creators to engage directly with their fans in a way that BitTorrent can.”
http://www.wired.com/underwire/2013/...orrent-bundle/





Demonoid Resurrected? An Interview With the Admins of D2.vu
Andy

Yesterday the torrent world lit up with news that Demonoid had somehow been resurrected under the new domain D2.vu. However, the site was quickly taken offline by its host in the U.S. who claimed that it was serving up malware. With the site now back online with a new host, TorrentFreak caught up with its admins who tell us they have no malicious intent and simply want to bring a community back to together. While there is still uncertainty, one thing is absolutely clear – they do have the old Demonoid database.

Yesterday morning’s chaos is not something we experience often. Relentless emails all telling us the same thing – the great Demonoid seems to be back, but is it some kind of trap?

To try and discover more we spoke to a company called RamNode, the site’s host in the United States. Company owner Nick told us that D2.vu had been hosting malware, but by last evening his stance had softened a little.

“The malware may not have been intentionally hosted on this VPS,” Nick told TorrentFreak in an update. “It is possible that one of the ad banners running on the site triggered the malware alert. The server will still be removed from our network to prevent any further issues related to my company.”

Now, 24 hours later, D2.vu is back online with a new host outside the U.S. and fortunately some of our other inquiries have now paid off. So, with the owners of the site speaking with us directly, we put forward a few questions.

“As we all know these communities of free file-sharing are currently under scrutiny by government and media powers so all involved wish to remain anonymous to avoid unnecessary complications and any further risk,” the D2 domain owner told us.

Nothing particularly unusual there but what is somewhat strange is how D2.vu has somehow been able to launch with the database from Demonoid including user details, torrents and comments – how do they explain that?

“It was, as we stated in the email to the user base, an unlikely set of events that flowed from the last Ukraine install. We kept the code safe waiting for Demonoid to return. When it didn’t return we purposely rebranded, to separate from Demonoid’s past and related issues, with the main goal of maintaining the community,” we were told.

TorrentFreak tested an old Demonoid research account registered some years ago – it worked – as did one registered in more recent times. That goes someway to confirming the D2 owner’s claim that the database copy was taken from a July 2012 backup just after Demonoid’s shutdown.

So what other information culled from the old Demonoid is currently in D2′s possession?

“Everything except the domain names which led to the rebranding to d2.vu,” the admin explains.

“What you see is the tracker database of the old Demonoid. We aren’t launching the forum at this time but we do plan to start an IRC channel in the near future so the community can interact in real time,” the admin explains.

While on initial inspection there is a familiar look and feel (color changes aside), what D2 does not have is something that Demonoid was famous for – a tracker. All torrents are now tracked by outside sources/magnets which means that the site is now more like a sign-up version of The Pirate Bay than the semi-private offering users experienced before.

“This was done based on functional and legal necessity, efficiency and to take the site out of the negotiation of peer-to-peer file sharing. Also note that there is work in progress which will re-implement missing functionality and add new features,” TorrentFreak was told.

Technicalities aside, there is also another big issue – that of trust. How can former users of Demonoid be confident of the site’s intentions? For example, is the site endorsed or approved by any former senior staff?

“No former admins have been involved with this rebranding or launch. This effort is independent and undertaken entirely for the benefit of the community. We do welcome past community moderators to help with d2 if they wish,” we were told.

Thinking ahead, we posed another question to the admins of D2. Demonoid has a bit of a reputation as the comeback kid and in the past has reappeared online just when people think the show is over. If users migrate to D2 and that site gets momentum, what happens in the event that the real Demonoid comes back?

“If the previous admin group wanted the admin role back we’d have to figure out how to verify that it’s really them and then we’d work it out,” we were informed.

“The great effort we made here is for the Demonoid community. We completely understand the community’s need to be cautious and questioning. We aren’t phishing or pushing malware or attempting anything malicious. We intend to do our best to keep the site up and current. It’s in the hands of the community to participate as they did before to co-create and thrive,” the admins conclude.

More information as we get it…..
http://torrentfreak.com/demonoid-res...-d2-vu-130509/





Members of Congress Finally Introduce Serious DMCA Reform

Bill allows DRM circumvention for cell phone unlocking and other lawful purposes.
Timothy B. Lee

The Library of Congress sparked a firestorm late last year when it issued new rules that made it effectively illegal to unlock a cell phone to switch to a new wireless carrier. An online petition on the issue attracted more than 100,000 signatures and prompted a White House statement criticizing the new rule. Members of Congress sprang into action, introducing at least three bills to deal with the issue.

But copyright reform groups panned these bills. Not only did they provide only narrow and temporary relief on the cell phone unlocking issue, the groups said, but they completely ignored the underlying problem: a provision of the Digital Millennium Copyright Act (DMCA) that makes it a crime to "circumvent" copy protection even for lawful purposes.

New legislation sponsored by Zoe Lofgren (D-CA), Thomas Massie (R-KY), Anna Eshoo (D-CA), and Jared Polis (D-CO) takes a broader approach to the issue. In addition to explicitly legalizing cell phone unlocking, the Unlocking Technology Act of 2013 also modifies the DMCA to make clear that unlocking copy-protected content is only illegal if it's done in order to "facilitate the infringement of a copyright." If a circumvention technology is "primarily designed or produced for the purpose of facilitating noninfringing uses," that would not be a violation of copyright.

For example, Lofgren's bill would likely make it legal for consumers to rip DVDs for personal use in much the same way they've long ripped CDs. It would remove legal impediments to making versions of copyrighted works that are accessible to blind users. And it would ensure that car owners have the freedom to service their vehicles without running afoul of copyright law.

"Americans should not be subject to fines and criminal liability for merely unlocking devices and media they legally purchased," said Rep. Lofgren in a press release. "If consumers are not violating copyright or some other law, there's little reason to hold back the benefits of unlocking so people can continue using their devices."

Lofgren's bill attracted enthusiastic support from activists and advocacy groups that had been lukewarm about previous unlocking bills.

"This is the only piece of legislation so far introduced that legalizes both cell phone unlocking, but also the underlying technology for cell phone unlocking," said Derek Khanna, a conservative activist who was fired from his job on Capitol Hill for advocating copyright reform.

"This legislation is exactly what the digital community was asking for," he told us in a phone interview. "It's exactly what the small cell phone providers were looking for. Unlike the other legislation, it actually solves the problem."

Sherwin Siy, an attorney at the advocacy group Public Knowledge, also praised the bill, which he said "addresses a longstanding problem with the Digital Millennium Copyright Act. For too long, the DMCA has been a barrier to consumers, educators, researchers, and others, in ways that don't even protect artists."

"We intuitively understand that if we buy something, we should have the right to modify it, unlock it, or repair it," said Sina Khanifar, the activist who started the White House unlocking petition (and the founder of the activist website FixTheDMCA). "But the DMCA denies us those rights, and it's critical that we push Congress to pass a bill like the one proposed by Rep. Lofgren and her co-sponsors."
http://arstechnica.com/tech-policy/2...s-dmca-reform/





Will Downey Suit Up Again After $175M 'IM3' Haul?
David Germain

Iron Man reigns as the standard-bearer of Hollywood superheroes with a $175.3 million domestic opening weekend for his latest sequel and an overseas haul of a half-billion dollars in less than two weeks.

According to studio estimates Sunday, "Iron Man 3" has raced to a worldwide total of $680.1 million. That includes $175.9 million in its second weekend overseas, where the film has rung up $504.8 million so far.

No other solo superhero — not even Batman or Spider-Man — has managed this kind of business.

Yet the future of Marvel Studios' flagship franchise is in the hands of a mortal man with no metal armor, gadgets or special powers, other than his ability to rebound from Hollywood pariah to hottest star on the planet.

"Iron Man 3" hints that Robert Downey Jr.'s Tony Stark might hang up his high-tech suits and live a normal life from now on. As the centerpiece behind not only the "Iron Man" flicks but also Marvel's superhero ensemble "The Avengers," Downey seems crucial to this comic-book world.

Could Disney's Marvel Studios conjure anywhere near the same magic if it relaunched "Iron Man" with another actor? Without Downey, would the upcoming "Avengers" sequel have quite the same appeal as last year's record-grossing first installment?

"Your guess is as good as mine," said Dave Hollis, head of distribution for Disney. "Marvel has found a way to tell interesting stories with a variety of characters over time, and it will continue to do so."

"Iron Man 3" had the second-biggest domestic debut ever, behind the $207.4 million start over the same weekend last year for "The Avengers," which teamed Downey's Stark with other Marvel Comics heroes. The new sequel surpassed the $169.2 million opening for 2011's "Harry Potter" finale, the previous second-place debut.

In just nine days, the film shot past the $312 million international total for "Iron Man 2" in its entire theatrical run.

Among the overseas totals so far: $63.5 million in China, $42.6 million in South Korea, $38.3 million in Great Britain and $35.8 million in Mexico.

Domestically, "Iron Man 3" far outpaced the franchise's first two movies. "Iron Man" launched the series with a $98.6 million domestic debut in 2008, while 2010's "Iron Man 2" opened with $128.1 million.

The film also opened higher than last year's Batman finale "The Dark Knight Rises" ($160.9 million) and the biggest of the Spider-Man movies ($151.1 million for "Spider-Man 3").

If Downey doesn't sign on for more, it would leave a gaping hole in the expanding superhero universe Marvel is taking to the big-screen.

"I honestly don't know how you can go on with that character without Downey," said Paul Dergarabedian, an analyst with box-office tracker Hollywood.com. "I think he's as important to this franchise and to Marvel as any actor is to any character."

Downey seems just as vital to "The Avengers." That ensemble probably could thrive without him, given how the first film and previous solo superhero adventures have established a team that includes Chris Hemsworth's Thor, Chris Evans' Captain America, Scarlett Johansson's Black Widow and Mark Ruffalo's Hulk.

But without Downey, Marvel might have to settle for something less than the colossal $1.5 billion worldwide results for "The Avengers."

"He's the spark that ignites all those characters, it seems," Dergarabedian said. "He's the lead guitarist, and they're just all kind of following him."

Before convincing reluctant Marvel executives that he was the man to put on the metal suit, Downey still was trying to live down drug addiction and jail time in his 20s and 30s that nearly ruined his career.

The success of "Iron Man" led to another blockbuster franchise in "Sherlock Holmes," and Downey's professional choices now look limitless.

In an interview before the release of "Iron Man 3," Downey said that "Avengers" director Joss Whedon had been editing a first cut of that film and told him the movie didn't really start until Stark and girlfriend Pepper Potts (Gwyneth Paltrow) appeared together on screen.

Downey said that was a testament to the groundwork laid years earlier in "Iron Man," which "when we were shooting it, this kind of became the heart of several franchises."

"So you know we're having a nice time," Downey said, sidestepping comment on whether he might return for more "Iron Man" and "Avengers" sequels.

"Iron Man 3" did four times the domestic business of every other movie out there; the combined total of all other releases was $43.7 million, according to Hollywood.com.

While it was a huge weekend for Marvel and Disney, the overall industry continued to slump, thanks to the record start for "The Avengers" over the same weekend a year ago. Domestic revenues this weekend totaled $219 million, down 15 percent from the $258.1 million during that "Avengers" weekend last year.

Hollywood's domestic revenue this year is at $3.14 billion, off 11 percent from 2012's pace, according to Hollywood.com.

Estimated ticket sales for Friday through Sunday at U.S. and Canadian theaters, according to Hollywood.com. Where available, latest international numbers are also included. Final domestic figures will be released Monday.

1. "Iron Man 3," $175.3 million ($175.9 million international).

2. "Pain & Gain," $7.6 million.

3. "42," $6.2 million.

4. "Oblivion," $5.8 million ($6.5 million international).

5. "The Croods," $4.2 million ($17.4 million international).

6. "The Big Wedding," $3.9 million ($2.5 million international).

7. "Mud," $2.2 million.

8. "Oz the Great and Powerful," $1.8 million.

9. "Scary Movie 5," $1.4 million ($4 million international).

10. "The Place Beyond the Pines," $1.3 million.

___

Estimated weekend ticket sales at international theaters (excluding the U.S. and Canada) for films distributed overseas by Hollywood studios, according to Rentrak:

1. "Iron Man 3," $175.9 million.

2. "The Croods," $17.4 million.

3. "Oblivion," $6.5 million.

4 (tie). "Les Profs," $4 million.

4 (tie). "Scary Movie 5," $4 million.

6 (tie). "The Big Wedding," $2.5 million.

6 (tie). "Olympus Has Fallen," $2.5 million.

6 (tie). "Somos Tao Jovens," $2.5 million.

9. "Evil Dead," $2.47 million.

10. "Jurassic Park" in 3-D, $1.4 million.
http://www.newstimes.com/news/articl...ul-4489762.php





For Media Moguls, Paydays That Stand Out
David Carr

What’s the difference between a media mogul and a chief executive elsewhere in the business world? About $10 million in compensation, give or take.

Leaders in other industries may be well paid, but as the accompanying chart shows, they earn far less than their media counterparts.

Consider: the top 20 companies in the United States ranked by market capitalization include no media companies. But according to figures assembled for The New York Times by Equilar, which compiles data on executive compensation, media companies employ seven of the top 20 highest paid chief executives.

The names are familiar and the numbers are large: Leslie Moonves of CBS ($60,253,647), David M. Zaslav of Discovery Communications ($49,932,867), Robert A. Iger of Walt Disney ($37,103,208), Philippe P. Dauman of Viacom ($33,396,104), Jeffrey L. Bewkes of Time Warner ($25,670,263), Brian L. Roberts of Comcast ($25,087,379), and Rupert Murdoch of News Corporation ($22,418,292).

Mr. Moonves was the third highest paid executive in 2012, bested by Larry Ellison, who made $96.2 million as head of Oracle, and Robert Kotick, chief executive of Activision Blizzard, whose recently announced compensation came to $64.9 million, although much of it is in the form of stock options that vest over five years.

(Activision produces video games like Call of Duty, so depending on how you define media, he might be the highest paid in the industry.)

Mr. Moonves may be in a league of his own, but he is hardly the only chief executive banking hefty compensation. The data indicates that average pay of the 10 highest paid chief executives for media companies was about $30 million, more than the captains of technology or finance and other industries, who average $6 million to $14 million less.

Median pay for the top 20 media executives rose 10 percent in 2012, adding to a very tall stack. Not bad for a legacy industry that is supposedly under sustained attack from insurgents and secular challenges.

Many media companies file their proxy statements at the last possible minute, perhaps part of an effort to avoid ending up on annual surveys of executive compensation, like the one The Times did at the beginning of April. But now that everyone is accounted for, it’s clear that being a king in the media realm comes with a very lucrative crown.

A few important caveats. The margins in the media business can be spectacular when things are going well — operating income at CBS for 2012 was $2.98 billion — which explains in part why the chief executive at Kraft, which is about the same size as CBS and had net earnings of $1.64 billion, makes $6.8 million, not $60 million like Mr. Moonves. Making cheese is fine, but running a media outfit that sells cheese through commercials is where the money is.

Clearly, the market had a crush on media stocks last year. The stock price of CBS rose 42 percent in 2012 while Mr. Zaslav oversaw a 55 percent rise at Discovery. Corporate boards have employment agreements that are usually generous when the arrows on the charts are pointing sharply upward.

“David’s compensation is almost entirely tied to stock appreciation,” said David C. Leavy, a spokesman at Discovery. “With the market continuing to value Discovery’s global growth prospectives, there has been tremendous value creation for shareholders.”

Media companies are prospering by selling their content through all kinds of windows with some raking in cable and retransmission fees that just keep growing. Most major players drove their stock price up 30 percent or more, partly because of excellent results and generous stock buybacks. As might be expected, the vast majority of the compensation comes in the form of performance incentives, as opposed to salary. (Although some of those incentives are very generously structured.)

And it would be churlish to suggest that running a huge company in an industry full of big bets, big egos and big challenges is simple. The media business requires mastering various platforms, multiple divas and, increasingly, myriad foreign markets.

But approving the right projects while monetizing those assets through various channels of distribution is not akin to creating a hardware market, as Apple did, or reinventing the advertising model, as Google has. An average annual compensation of $30 million seems like an entrepreneurial reward being paid out for management execution.

The compensation numbers can add up quickly, especially in an industry that is madly spinning off divisions. Companies may get smaller as they are split into discrete units — Viacom and CBS are two halves of what used to be one orange, as are Time Warner and Time Warner Cable — but the payouts continue to storm along.

At Viacom, revenue dropped 7 percent in 2012, but its executives managed to get a 9 percent increase in net income. Besides Mr. Dauman’s $33.4 million in compensation, Sumner Redstone, the chairman, received $20.4 million — that’s in addition to the $31.3 million he earned at CBS — while Thomas Dooley, the chief operating officer at Viacom, received $26.3 million. Taken together, that’s big money.

The compensation experts I spoke with said that Viacom, CBS and News Corporation have closely held two-tiered stocks controlled by their chairmen, so they can pretty much do as they wish. But their practices inflate pay for the rest of the industry.

“Peer groups that include dual class stocks drive pay for others,” said Charles M. Elson, director of the John L. Weinberg Center for Corporate Governance at the University of Delaware. “It’s the leapfrog effect. The other guys get paid so much that even the executives that run less closely held companies benefit.”

In its current proxy statement, Disney was frank about the effects of compensation contagion.

“Some investors have expressed reservations about using some of these companies as a point of reference because the companies are effectively controlled by a single shareholder,” it read. “The compensation committee understands these concerns, but believes it is constrained by the competitive reality.”

So, even absent a dual share structure, Mr. Iger earned $37.1 million.

Zenia Mucha, a Disney spokeswoman, points out that Mr. Iger runs a much larger company than many of his media peers (more than three times the size of CBS or Viacom) and added, “Disney’s executive compensation is based on performance, and the company has delivered spectacular results during Mr. Iger’s seven-and-a-half-year tenure.” It far outperformed average stock market returns, she said. Spokesmen for the other executives whose compensation placed them in the top 20 declined to comment.

Still, not everyone was applauding. Citing compensations issues, the California State Teachers’ Retirement System, or Calstrs, a large teachers’ retirement fund, voted against Mr. Iger’s nomination to the board at the company’s annual meeting in March, and a nonbinding resolution in support of the compensation package received a tepid 58 percent approval.

Aeisha Mastagni, an investment officer for Calstrs, suggested that the compensation was not justified by market realities.

“We took a strong position in part because it is not like he is going to leave and go to News Corp.,” she said. “We have always taken the position that executives should be rewarded for good performance. But there comes a time when too much is too much.”

Even Wall Street has reined things in. The pay of Jamie Dimon, who had a rugged year at JPMorgan Chase, was cut almost in half to $11.5 million, down from $23 million in 2011. Morgan Stanley’s James Gorman took home $9.75 million, 7 percent less than the year before.

Then again, financial executives manage traders, not George Clooney, Beyoncé and franchises like “Iron Man 3.” Compensation experts say executives who negotiate in the rarefied air of glittering celebrities may begin to see themselves as magical themselves.

“It infiltrates your thinking,” said James Reda, a consultant at Gallagher Benefit Services specializing in executive compensation. “They begin to think of themselves as deserving as much as the talent.”

Of course, we all think we are worth more than we are paid, but that’s where boards and corporate governance come in. Or not.

“These companies have historically weak boards and super aggressive chief executives,” said Alan Johnson, a compensation consultant. “And I think the boards get dazzled by interacting with celebrities and going to parties.”

(At $3.3 million, Mark Thompson, chief executive of The Times, was far down the list because of the company’s lack of television assets. But that doesn’t mean it is immune to compensation controversy. When Janet Robinson left the post at the end of 2011, the $24 million payout she received raised many eyebrows.)

It’s worth pointing out that payouts in the digital world were a fraction of that at traditional media companies, although many are run by founders who will be very rich by the time they cash out.

At Netflix, the share price more than doubled last year, but Reed Hastings, the chief executive, took home $5.5 million, down from $9.3 million in 2011. Jeff Bezos of Amazon received just $1.7 million in compensation.

And Marissa Mayer of Yahoo, who runs a company just slightly smaller than CBS and managed to lift shares more than 50 percent, earned $5.6 million in compensation after taking over in July, part of a package that awarded her $35 million in stock awards that vest over five years.

That’s a very lucrative deal as well, but one could argue that the execution risk at her job, with a tattered brand and a hypercompetitive market that includes Google and Facebook, is a tad higher than for the average media boss.

For the time being, traditional media business models are prospering and the leaders of the incumbents are fat and happy. But that might make them bigger, slower targets and in the end, easier to overtake.
https://www.nytimes.com/2013/05/06/b...er-fields.html





Solving Equation of a Hit Film Script, With Data
Brooks Barnes

Forget zombies. The data crunchers are invading Hollywood.

The same kind of numbers analysis that has reshaped areas like politics and online marketing is increasingly being used by the entertainment industry.

Netflix tells customers what to rent based on algorithms that analyze previous selections, Pandora does the same with music, and studios have started using Facebook “likes” and online trailer views to mold advertising and even films.

Now, the slicing and dicing is seeping into one of the last corners of Hollywood where creativity and old-fashioned instinct still hold sway: the screenplay.

A chain-smoking former statistics professor named Vinny Bruzzese — “the reigning mad scientist of Hollywood,” in the words of one studio customer — has started to aggressively pitch a service he calls script evaluation. For as much as $20,000 per script, Mr. Bruzzese and a team of analysts compare the story structure and genre of a draft script with those of released movies, looking for clues to box-office success. His company, Worldwide Motion Picture Group, also digs into an extensive database of focus group results for similar films and surveys 1,500 potential moviegoers. What do you like? What should be changed?

“Demons in horror movies can target people or be summoned,” Mr. Bruzzese said in a gravelly voice, by way of example. “If it’s a targeting demon, you are likely to have much higher opening-weekend sales than if it’s summoned. So get rid of that Ouija Board scene.”

Bowling scenes tend to pop up in films that fizzle, Mr. Bruzzese, 39, continued. Therefore it is statistically unwise to include one in your script. “A cursed superhero never sells as well as a guardian superhero,” one like Superman who acts as a protector, he added.

His recommendations, delivered in a 20- to 30-page report, might range from minor tightening to substantial rewrites: more people would relate to this character if she had a sympathetic sidekick, for instance.

Script “doctors,” as Hollywood refers to writing consultants, have long worked quietly on movie assembly lines. But many top screenwriters — the kind who attain exalted status in the industry, even if they remain largely unknown to the multiplex masses — reject Mr. Bruzzese’s statistical intrusion into their craft.

“This is my worst nightmare” said Ol Parker, a writer whose film credits include “The Best Exotic Marigold Hotel.” “It’s the enemy of creativity, nothing more than an attempt to mimic that which has worked before. It can only result in an increasingly bland homogenization, a pell-mell rush for the middle of the road.”

Mr. Parker drew a breath. “Look, I’d take a suggestion from my grandmother if I thought it would improve a film I was writing,” he said. “But this feels like the studio would listen to my grandmother before me, and that is terrifying.”

But a lot of producers, studio executives and major film financiers disagree. Already they have quietly hired Mr. Bruzzese’s company to analyze about 100 scripts, including an early treatment for “Oz the Great and Powerful,” which has taken in $484.8 million worldwide.

Mr. Bruzzese (pronounced brew-ZEZ-ee), who is one of a very few if not the only entrepreneur to use this form of script analysis, is plotting to take it to Broadway and television now that he has traction in movies.

“It takes a lot of the risk out of what I do,” said Scott Steindorff, a producer who used Mr. Bruzzese to evaluate the script for “The Lincoln Lawyer,” a hit 2011 crime drama. “Everyone is going to be doing this soon.” Mr. Steindorff added, “The only people who are resistant are the writers: ‘I’m making art, I can’t possibly do this.’ ”

Audience research has been known to save a movie, but it has also famously missed the mark. Opinion surveys — “idiot cards,” as some unimpressed directors call them — indicated that “Fight Club” would be the flop of the century. It took in more than $100 million worldwide.

But, as the stakes of making movies become ever higher, Hollywood leans ever harder on research to minimize guesswork. Moreover, studios have trimmed spending on internal script development. Mr. Bruzzese is also pitching script analysis to studios as a duck-and-cover technique — for “when the inevitable argument of ‘I am not going to take the blame if this movie doesn’t work’ comes up,” his Web site says.

Mr. Bruzzese taught statistics at the State University of New York at Stony Brook on Long Island before moving into movie research about a decade ago, motivated by a desire for more money and a childhood love of movies.

He acknowledged that many writers are “skittish” about his service. But he countered that it is not as threatening as it may sound.

“This is just advice, and you can use all of it, some of it or none of it,” he said.

But ignore it at your peril, according to one production executive. Motion Picture Group, of Culver City, Calif., analyzed the script for “Abraham Lincoln: Vampire Hunter,” said the executive, who worked on the film, but the production companies that supplied it to 20th Century Fox did not heed all of the advice. The movie flopped. Mr. Bruzzese declined to comment.

Mr. Bruzzese emphasized that his script analysis is not done by machines. His reports rely on statistics and survey results, but before evaluating a script he meets with the writer or writers to “hear and understand the creative vision, so our analysis can be contextualized,” he said.

But he is also unapologetic about his focus on financial outcomes. “I understand that writing is an art, and I deeply respect that,” he said. “But the earlier you get in with testing and research, the more successful movies you will make.”

The service actually gives writers more control over their work, said Mark Gill, president of Millennium Films and a client. In traditional testing, the kind done when a film is almost complete, the writer is typically no longer involved. With script testing, the writer can still control changes.

One Oscar-winning writer who, at the insistence of a producer, had a script analyzed by Mr. Bruzzese said his initial worries proved unfounded.

“It was a complete shock, the best notes on a draft that I have ever received,” said the writer, who spoke on the condition of anonymity, citing his reputation.

Script analysis is new enough to remain a bit of a Hollywood taboo. Major film financiers and advisers like Houlihan Lokey confirmed that they had used the service, but declined to speak on the record about it. The six major Hollywood movie studios declined to comment.

But doors are opening for Mr. Bruzzese nonetheless, in part because he is such a character. For instance, he bills himself as a distant relative of Einstein’s, a claim that is unverifiable but never fails to impress studio executives.

Mr. Bruzzese, a movie enthusiast with a seemingly encyclopedic memory of screenplays, also speaks bluntly, a rarity in Hollywood.

“All screenwriters think their babies are beautiful,” he said, taking a chug of Diet Dr Pepper followed by a gulp of Diet Coke and a drag on a Camel. “I’m here to tell it like it is: Some babies are ugly.”
https://www.nytimes.com/2013/05/06/b...with-data.html





Newly Declassified Memo Shows CIA Shaped Zero Dark Thirty's Narrative
Adrian Chen

Kathryn Bigelow's Osama bin Laden revenge-porn flick Zero Dark Thirty was the biggest publicity coup for the CIA this century outside of the actual killing of Osama bin Laden. But the extent to which the CIA shaped the film has remained unclear. Now, a memo obtained by Gawker shows that the CIA actively, and apparently successfully, pressured Mark Boal to remove scenes that made them look bad from the Zero Dark Thirty script.

The CIA's whitewashing effort is revealed in a cache of documents newly released under a Freedom of Information Act request about the CIA's cooperation with Bigelow and Boal. The documents include a 2012 memo—initially classified "SECRET"—summarizing five conference calls between Boal and the CIA's Office of Public Affairs in late 2011. "The purpose for these discussions was for OPA officers to help promote an appropriate portrayal of the Agency and the Bin Ladin operation," according to the memo. (Hundreds of pages of CIA documents about the film were released last year; the memo obtained by Gawker was approved for release late last month.)

During these calls, Boal "verbally shared the screenplay" for Zero Dark Thirty in order to get the CIA's feedback, and the CIA's public affairs department verbally asked Boal to take out parts that they objected to. According to the memo, he did.

Here are the key changes:

The much-discussed opening scene of Zero Dark Thirty features the main character Maya, played by Jessica Chastain, observing a detainee at a CIA black site as he is water-boarded and shoved into a tiny box during an interrogation. It appears that an early version had Maya participating in the torture. But during their conference calls, the CIA told Boal that this was not true to life. The memo reads: "For this scene we emphasized that substantive debriefers [i.e. Maya] did not administer [Enhanced Interrogation Techniques] because in this scene he had a non-interrogator, substantive debriefer assisting in a dosing technique."

According to the memo, "Boal said he would fix this." Indeed, in the final film Maya doesn't touch the prisoner during this scene. The decision to have Maya abstain from the torture was as significant artistically as it was factually. Her ambivalence was a key part of her character, and critics picked over every detail of the torture scenes, including Maya's status as an observer rather than a participant, for meaning in the debate over torture that the movie sparked.

Wired's Spencer Ackerman, for example, interpreted Maya's complex relationship to on-screen torture as a sign of a complex inner life: "Maya is... a cipher: she is shown coming close to puking when observing the torture. But she also doesn’t object to it." Of course, the scene reads a bit differently if the choice was dictated by a CIA propaganda officer.

The CIA also took issue with an interrogation scene that featured a dog intimidating a detainee. Boal took it out: "We raised an objection that such tactics would not be used by the Agency," the memo reads. "Boal confirmed in January that the use of dogs was taken out of the screenplay."

The CIA might not have done it, but threatening detainees with dogs was a well-known feature of the War on Terror, even allowed in certain circumstances by U.S. Army interrogation manuals. The technique was pioneered in Guantanamo Bay and cruelly elaborated upon at Abu Ghraib. Some of the most disturbing photos from the Abu Ghraib scandal featured military dogs menacing naked prisoners.

The CIA also successfully pressed for a change outside of interrogation scenes. One scene in the early script featured a wild party in Islamabad, and the CIA asked Boal to take it out. He did.

From the memo:

"One scene early in the film that was objected to was a rooftop party in Islamabad where an officer, after drinking fires a celebratory burst of AK-47 gunfire into the air. We insisted mixing drinking and firearms is a major violation and actions like this do not happen in real life. We requested this be taken out of the film. Boal confirmed he took this out of the film."

To be fair, drunken firearms abuse was more a Blackwater thing.

Another minor issue was the fact that Maya analyzed videos of detainee interviews in order to track down Osama bin Laden's courier. The CIA told Boal that they didn't videotape interviews and use them in analysis. (This is itself a lie of course—the CIA did record 92 tapes, totaling hundreds of hours, of the interrogation and torture of Abu Zubaydah and Abd al-Rahim al-Nashiri. It subsequently destroyed them.) But Boal explained "visually this is the only way to show research in an interesting cinematic way," according to the memo. The CIA "did not request Boal take this scene out of the movie," and it remained.

The document reveals the extent to which CIA access was a quid pro quo arrangement, in which Boal made substantive changes to his script to appease them. "As an agency, we've been pretty forward-leaning with Boal," wrote a CIA flack to her peers in documents released last year. "He's agreed to share scripts and details about the movie with us so we're absolutely comfortable with what he will be showing."

Reached for via email, Mark Boal wouldn't comment on the record. But a person with knowledge of the Zero Dark Thirty production process confirmed that specific changes had been made to the script after suggestions from the CIA, including Maya's lack of participation in the torture scene. But this person said these changes were only due to security or accuracy concerns, and the CIA had no input on creative decisions.

Update: in an email, Boal wrote:

We honored certain requests to keep operational details and the identity of the participants confidential. But as with any publication or work of art, the final decisions as to the content were made by the filmmakers.
http://gawker.com/declassified-memo-...irty-493174407





U.S. Weighs Wider Wiretap Laws to Cover Online Activity
Charlie Savage

The Obama administration, resolving years of internal debate, is on the verge of backing a Federal Bureau of Investigation plan for a sweeping overhaul of surveillance laws that would make it easier to wiretap people who communicate using the Internet rather than by traditional phone services, according to officials familiar with the deliberations.

The F.B.I. director, Robert S. Mueller III, has argued that the bureau’s ability to carry out court-approved eavesdropping on suspects is “going dark” as communications technology evolves, and since 2010 has pushed for a legal mandate requiring companies like Facebook and Google to build into their instant-messaging and other such systems a capacity to comply with wiretap orders. That proposal, however, bogged down amid concerns by other agencies, like the Commerce Department, about quashing Silicon Valley innovation.

While the F.B.I.’s original proposal would have required Internet communications services to each build in a wiretapping capacity, the revised one, which must now be reviewed by the White House, focuses on fining companies that do not comply with wiretap orders. The difference, officials say, means that start-ups with a small number of users would have fewer worries about wiretapping issues unless the companies became popular enough to come to the Justice Department’s attention.

Still, the plan is likely to set off a debate over the future of the Internet if the White House submits it to Congress, according to lawyers for technology companies and advocates of Internet privacy and freedom.

“I think the F.B.I.’s proposal would render Internet communications less secure and more vulnerable to hackers and identity thieves,” said Gregory T. Nojeim of the Center for Democracy and Technology. “It would also mean that innovators who want to avoid new and expensive mandates will take their innovations abroad and develop them there, where there aren’t the same mandates.”

Andrew Weissmann, the general counsel of the F.B.I., said in a statement that the proposal was aimed only at preserving law enforcement officials’ longstanding ability to investigate suspected criminals, spies and terrorists subject to a court’s permission.

“This doesn’t create any new legal surveillance authority,” he said. “This always requires a court order. None of the ‘going dark’ solutions would do anything except update the law given means of modern communications.”

A central element of the F.B.I.’s 2010 proposal was to expand the Communications Assistance for Law Enforcement Act — a 1994 law that already requires phone and network carriers to build interception capabilities into their systems — so that it would also cover Internet-based services that allow people to converse. But the bureau has now largely moved away from that one-size-fits-all mandate.

Instead, the new proposal focuses on strengthening wiretap orders issued by judges. Currently, such orders instruct recipients to provide technical assistance to law enforcement agencies, leaving wiggle room for companies to say they tried but could not make the technology work. Under the new proposal, providers could be ordered to comply, and judges could impose fines if they did not. The shift in thinking toward the judicial fines was first reported by The Washington Post, and additional details were described to The New York Times by several officials who spoke on the condition of anonymity.

Under the proposal, officials said, for a company to be eligible for the strictest deadlines and fines — starting at $25,000 a day — it must first have been put on notice that it needed surveillance capabilities, triggering a 30-day period to consult with the government on any technical problems.

Such notice could be the receipt of its first wiretap order or a warning from the attorney general that it might receive a surveillance request in the future, officials said, arguing that most small start-ups would never receive either.

Michael Sussman, a former Justice Department lawyer who advises communications providers, said that aspect of the plan appeared to be modeled on a British law, the Regulation of Investigatory Powers Act of 2000.

Foreign-based communications services that do business in the United States would be subject to the same procedures, and would be required to have a point of contact on domestic soil who could be served with a wiretap order, officials said.

Albert Gidari Jr., who represents technology companies on law enforcement matters, criticized that proposed procedure. He argued that if the United States started imposing fines on foreign Internet firms, it would encourage other countries, some of which may be looking for political dissidents, to penalize American companies if they refused to turn over users’ information.

“We’ll look a lot more like China than America after this,” Mr. Gidari said.

The expanded fines would also apply to phone and network carriers, like Verizon and AT&T, which are separately subject to the 1994 wiretapping capacity law. The FBI has argued that such companies sometimes roll out system upgrades without making sure that their wiretap capabilities will keep working.

The 1994 law would be expanded to cover peer-to-peer voice-over-Internet protocol, or VoIP — calls between computers that do not connect to the regular phone network. Such services typically do not route data packets through any central hub, making them difficult to intercept.

The F.B.I. has abandoned a component of its original proposal that would have required companies that facilitate the encryption of users’ messages to always have a key to unscramble them if presented with a court order. Critics had charged that such a law would create back doors for hackers. The current proposal would allow services that fully encrypt messages between users to keep operating, officials said.

In November 2010, Mr. Mueller toured Silicon Valley and briefed executives on the proposal as it then existed, urging them not to lobby against it, but the firms have adopted a cautious stance. In February 2011, the F.B.I.’s top lawyer at the time testified about the “going dark” problem at a House hearing, emphasizing that there was no administration proposal yet. Still, several top lawmakers at the hearing expressed skepticism, raising fears about innovation and security.
https://www.nytimes.com/2013/05/08/u...web-users.html





DOJ: We Don't Need Warrants for E-Mail, Facebook Chats

An FBI investigation manual updated last year, obtained by the ACLU, says it's possible to warrantlessly obtain Americans' e-mail "without running afoul" of the Fourth Amendment.
Declan McCullagh

The U.S. Department of Justice and the FBI believe they don't need a search warrant to review Americans' e-mails, Facebook chats, Twitter direct messages, and other private files, internal documents reveal.

Government documents obtained by the American Civil Liberties Union and provided to CNET show a split over electronic privacy rights within the Obama administration, with Justice Department prosecutors and investigators privately insisting they're not legally required to obtain search warrants for e-mail. The IRS, on the other hand, publicly said last month that it would abandon a controversial policy that claimed it could get warrantless access to e-mail correspondence.

The U.S. attorney for Manhattan circulated internal instructions, for instance, saying a subpoena -- a piece of paper signed by a prosecutor, not a judge -- is sufficient to obtain nearly "all records from an ISP." And the U.S. attorney in Houston recently obtained the "contents of stored communications" from an unnamed Internet service provider without securing a warrant signed by a judge first.

"We really can't have this patchwork system anymore, where agencies get to decide on an ad hoc basis how privacy-protective they're going to be," says Nathan Wessler, an ACLU staff attorney specializing in privacy topics who obtained the documents through open government laws. "Courts and Congress need to step in."

The Justice Department's disinclination to seek warrants for private files stored on the servers of companies like Apple, Google, and Microsoft continued even after a federal appeals court in 2010 ruled that warrantless access to e-mail violates the Fourth Amendment. A previously unreleased version of an FBI manual, last updated two-and-a-half years after the appellate ruling, says field agents "may subpoena" e-mail records from companies "without running afoul of" the Fourth Amendment.

The department did not respond to queries from CNET Tuesday. The FBI said in a statement that:

In all investigations, the FBI obtains evidence in accordance with the laws and Constitution of the United States, and consistent with Attorney General guidelines. Our field offices work closely with U.S. Attorney's Office to adhere to the legal requirements of their particular districts as set forth in case law or court decisions/precedent.

Not all U.S. attorneys have attempted to obtain Americans' stored e-mail correspondence without a warrant. The ACLU persuaded a judge to ask whether warrantless e-mail access has taken place in six of the 93 U.S. Attorneys' offices -- including the northern California office that's prosecuted an outsize share of Internet cases. The answer, according to assistant U.S. attorney Christopher Hardwood, was "no."

Still, the position taken by other officials -- including the authors of the FBI's official surveillance manual -- puts the department at odds with a growing sentiment among legislators who insist that Americans' private files should be protected from warrantless search and seizure. They say the same Fourth Amendment privacy standards that require police to obtain search warrants before examining hard drives in someone's living room, or a physical letter stored in a filing cabinet, should apply.

After the IRS's warrantless e-mail access policy came to light last month, a dozen Republican and Democratic senators rebuked the agency. Their letter opposing warrantless searches by the IRS and signed by senators including Mark Udall (D-Colo.), Mike Lee (R-Utah), Rand Paul (R-Ky.), and Ron Wyden (D-Ore.) said: "We believe these actions are a clear violation of the Fourth Amendment's prohibition against unreasonable searches and seizures."

Steven Miller, the IRS' acting commissioner, said during a Senate hearing that the policy would be changed for e-mail. But he left open the possibility that non-email data -- Google Drive and Dropbox files, private Facebook and Twitter messages, and so on -- could be accessed without a warrant.

Albert Gidari, a partner at the Perkins Coie law firm who represents technology companies, said since the Sixth Circuit Court of Appeals' 2010 ruling in U.S. v. Warshak, the Justice Department has generally sought court warrants for the content of e-mail messages, but is far less inclined to take that step for non-email files.

Before the Warshak decision, the general rule since 1986 had been that police could obtain Americans' e-mail messages that were more than 180 days old with an administrative subpoena or what's known as a 2703(d) order, both of which lack a warrant's probable cause requirement and are less privacy protective. Some e-mail providers, including Google, Microsoft, Yahoo, and Facebook, but not all, have taken the position after Warshak that the Fourth Amendment mandates warrants for e-mail all over the country.

The 180-day rule stems from the Electronic Communications Privacy Act, which was adopted in the era of telephone modems, BBSs, and UUCP links, and long before gigabytes of e-mail stored in the cloud was ever envisioned. Since then, the appeals court ruled in Warshak, technology had changed dramatically: "Since the advent of e-mail, the telephone call and the letter have waned in importance, and an explosion of Internet-based communication has taken place. People are now able to send sensitive and intimate information, instantaneously, to friends, family, and colleagues half a world away... By obtaining access to someone's e-mail, government agents gain the ability to peer deeply into his activities."

A phalanx of companies, including Amazon, Apple, AT&T, eBay, Google, Intel, Microsoft, and Twitter, as well as liberal, conservative, and libertarian advocacy groups, have asked Congress to update ECPA to make it clear that law enforcement needs a warrant to access private communications and the locations of mobile devices.

In November, a Senate panel approved the e-mail warrant requirement, and acted again last month. Rep. Zoe Lofgren, a Democrat whose district includes the heart of Silicon Valley, introduced similar legislation in the House of Representatives.

The political pressure, coupled with public petitions and increased adoption of cloud-based services, has had an effect. In 2011, James Baker, the associate deputy attorney general, warned that requiring search warrants to obtain stored e-mail could have an "adverse impact" on criminal investigations. By March 2013, however, Elana Tyrangiel, an acting assistant attorney general, indicated that the department would acquiesce on some privacy reforms.

"They dropped their opposition in Congress, but they're going to try to wiggle out from under the Fourth Amendment whenever possible," says the ACLU's Wessler. "They probably realize that they couldn't figure out a way to respond to hard questions from Congress anymore."

Separately, the New York Times reported Tuesday evening that the Obama administration may embrace the FBI's proposal for a federal law mandating that tech companies build in backdoors for surveillance. CNET reported last year that the FBI has asked the companies not to oppose such legislation, and that the FBI has been building a case for a new law by collecting examples of how communications companies have stymied government agencies.

Last week, FBI former counterterrorism agent Tim Clemente told CNN that, in national security investigations, the bureau can access records of a previously-made telephone call. "All of that stuff is being captured as we speak whether we know it or like it or not," he said. Clemente added in an appearance the next day that, thanks to the "intelligence community" -- a likely reference to the National Security Agency -- "there's a way to look at digital communications in the past."
http://news.cnet.com/8301-13578_3-57...acebook-chats/





Are All Telephone Calls Recorded and Accessible to the US Government?

A former FBI counterterrorism agent claims on CNN that this is the case
Glenn Greenwald

The real capabilities and behavior of the US surveillance state are almost entirely unknown to the American public because, like most things of significance done by the US government, it operates behind an impenetrable wall of secrecy. But a seemingly spontaneous admission this week by a former FBI counterterrorism agent provides a rather startling acknowledgment of just how vast and invasive these surveillance activities are.

Over the past couple days, cable news tabloid shows such as CNN's Out Front with Erin Burnett have been excitingly focused on the possible involvement in the Boston Marathon attack of Katherine Russell, the 24-year-old American widow of the deceased suspect, Tamerlan Tsarnaev. As part of their relentless stream of leaks uncritically disseminated by our Adversarial Press Corps, anonymous government officials are claiming that they are now focused on telephone calls between Russell and Tsarnaev that took place both before and after the attack to determine if she had prior knowledge of the plot or participated in any way.

On Wednesday night, Burnett interviewed Tim Clemente, a former FBI counterterrorism agent, about whether the FBI would be able to discover the contents of past telephone conversations between the two. He quite clearly insisted that they could:

BURNETT: Tim, is there any way, obviously, there is a voice mail they can try to get the phone companies to give that up at this point. It's not a voice mail. It's just a conversation. There's no way they actually can find out what happened, right, unless she tells them?

CLEMENTE: "No, there is a way. We certainly have ways in national security investigations to find out exactly what was said in that conversation. It's not necessarily something that the FBI is going to want to present in court, but it may help lead the investigation and/or lead to questioning of her. We certainly can find that out.

BURNETT: "So they can actually get that? People are saying, look, that is incredible.

CLEMENTE: "No, welcome to America. All of that stuff is being captured as we speak whether we know it or like it or not."


"All of that stuff" - meaning every telephone conversation Americans have with one another on US soil, with or without a search warrant - "is being captured as we speak".

On Thursday night, Clemente again appeared on CNN, this time with host Carol Costello, and she asked him about those remarks. He reiterated what he said the night before but added expressly that "all digital communications in the past" are recorded and stored:

Let's repeat that last part: "no digital communication is secure", by which he means not that any communication is susceptible to government interception as it happens (although that is true), but far beyond that: all digital communications - meaning telephone calls, emails, online chats and the like - are automatically recorded and stored and accessible to the government after the fact. To describe that is to define what a ubiquitous, limitless Surveillance State is.

There have been some previous indications that this is true. Former AT&T engineer Mark Klein revealed that AT&T and other telecoms had built a special network that allowed the National Security Agency full and unfettered access to data about the telephone calls and the content of email communications for all of their customers. Specifically, Klein explained "that the NSA set up a system that vacuumed up Internet and phone-call data from ordinary Americans with the cooperation of AT&T" and that "contrary to the government's depiction of its surveillance program as aimed at overseas terrorists . . . much of the data sent through AT&T to the NSA was purely domestic." But his amazing revelations were mostly ignored and, when Congress retroactively immunized the nation's telecom giants for their participation in the illegal Bush spying programs, Klein's claims (by design) were prevented from being adjudicated in court.

That every single telephone call is recorded and stored would also explain this extraordinary revelation by the Washington Post in 2010:

Every day, collection systems at the National Security Agency intercept and store 1.7 billion e-mails, phone calls and other types of communications.

It would also help explain the revelations of former NSA official William Binney, who resigned from the agency in protest over its systemic spying on the domestic communications of US citizens, that the US government has "assembled on the order of 20 trillion transactions about US citizens with other US citizens" (which counts only communications transactions and not financial and other transactions), and that "the data that's being assembled is about everybody. And from that data, then they can target anyone they want."

Despite the extreme secrecy behind which these surveillance programs operate, there have been periodic reports of serious abuse. Two Democratic Senators, Ron Wyden and Mark Udall, have been warning for years that Americans would be "stunned" to learn what the US government is doing in terms of secret surveillance.
tia logo

Strangely, back in 2002 - when hysteria over the 9/11 attacks (and thus acquiescence to government power) was at its peak - the Pentagon's attempt to implement what it called the "Total Information Awareness" program (TIA) sparked so much public controversy that it had to be official scrapped. But it has been incrementally re-instituted - without the creepy (though honest) name and all-seeing-eye logo - with little controversy or even notice.

Back in 2010, worldwide controversy erupted when the governments of Saudi Arabia and the United Arab Emirates banned the use of Blackberries because some communications were inaccessible to government intelligence agencies, and that could not be tolerated. The Obama administration condemned this move on the ground that it threatened core freedoms, only to turn around six weeks later and demand that all forms of digital communications allow the US government backdoor access to intercept them. Put another way, the US government embraced exactly the same rationale invoked by the UAE and Saudi agencies: that no communications can be off limits. Indeed, the UAE, when responding to condemnations from the Obama administration, noted that it was simply doing exactly that which the US government does:

"'In fact, the UAE is exercising its sovereign right and is asking for exactly the same regulatory compliance - and with the same principles of judicial and regulatory oversight - that Blackberry grants the US and other governments and nothing more,' [UAE Ambassador to the US Yousef Al] Otaiba said. 'Importantly, the UAE requires the same compliance as the US for the very same reasons: to protect national security and to assist in law enforcement.'"

That no human communications can be allowed to take place without the scrutinizing eye of the US government is indeed the animating principle of the US Surveillance State. Still, this revelation, made in passing on CNN, that every single telephone call made by and among Americans is recorded and stored is something which most people undoubtedly do not know, even if the small group of people who focus on surveillance issues believed it to be true (clearly, both Burnett and Costello were shocked to hear this).

Some new polling suggests that Americans, even after the Boston attack, are growing increasingly concerned about erosions of civil liberties in the name of Terrorism. Even those people who claim it does not matter instinctively understand the value of personal privacy: they put locks on their bedroom doors and vigilantly safeguard their email passwords. That's why the US government so desperately maintains a wall of secrecy around their surveillance capabilities: because they fear that people will find their behavior unacceptably intrusive and threatening, as they did even back in 2002 when John Poindexter's TIA was unveiled.

Mass surveillance is the hallmark of a tyrannical political culture. But whatever one's views on that, the more that is known about what the US government and its surveillance agencies are doing, the better. This admission by this former FBI agent on CNN gives a very good sense for just how limitless these activities are.
http://www.guardian.co.uk/commentisf...ed-fbi-boston/





Apple Will Reportedly Unlock Your iPhone for Police, But There’s a Wait List

The volume of requests has created at least a seven-week wait for law enforcement.
Andrew Cunningham

If your smartphone is encrypted and protected by a long passcode, you're going to keep most people from being able to get at the data stored on it. However, companies like Apple and Google are being asked by law enforcement officials to bypass these protections to aid in investigations, and the frequency of requests is creating lengthy wait lists—one agent at the Bureau of Alcohol, Tobacco, Firearms, and Explosives (ATF) was reportedly told by an Apple legal representative that the agency would need to wait at least seven weeks to have a phone unlocked.

CNET reports that the ATF agent tried for three months to find "a local, state, or federal law enforcement agency with the forensic capabilities to unlock" an iPhone as part of a drug investigation last year but came up short. At that point, he approached Apple, which may be able to bypass the iOS security measures and dump the contents of an iOS device to a USB drive, and was put on the company's wait list. Though the Apple representative allegedly gave the agent an estimate of at least seven weeks, CNET reports that in the end the wait "appear[ed] to have been at least four months."

There are a few software packages that claim to be able to extract some or all information stored on encrypted iOS devices and other mobile phones, but a quick look at the landscape suggests that they often can't recover all of the information on the phone, and they generally don't support the latest hardware or iOS versions. Elcomsoft's iOS Forensic Toolkit only supports iOS versions 3, 4, and 5, for example, while the Oxygen Forensics Suite 2013 supports all current devices but notes that "password-protected devices will require password to perform data extraction," which sort of defeats the purpose.
http://arstechnica.com/apple/2013/05...s-a-wait-list/





Biometric Database of All Adult Americans Hidden in Immigration Reform
David Kravets

The immigration reform measure the Senate began debating yesterday would create a national biometric database of virtually every adult in the U.S., in what privacy groups fear could be the first step to a ubiquitous national identification system.

Buried in the more than 800 pages of the bipartisan legislation is language mandating the creation of the innocuously-named “photo tool,” a massive federal database administered by the Department of Homeland Security and containing names, ages, Social Security numbers and photographs of everyone in the country with a driver’s license or other state-issued photo ID.

Employers would be obliged to look up every new hire in the database to verify that they match their photo.

This piece of the Border Security, Economic Opportunity, and Immigration Modernization Act is aimed at curbing employment of undocumented immigrants. But privacy advocates fear the inevitable mission creep, ending with the proof of self being required at polling places, to rent a house, buy a gun, open a bank account, acquire credit, board a plane or even attend a sporting event or log on the internet. Think of it as a government version of Foursquare, with Big Brother cataloging every check-in.

“It starts to change the relationship between the citizen and state, you do have to get permission to do things,” said Chris Calabrese, a congressional lobbyist with the American Civil Liberties Union. “More fundamentally, it could be the start of keeping a record of all things.”

For now, the legislation allows the database to be used solely for employment purposes. But historically such limitations don’t last. The Social Security card, for example, was created to track your government retirement benefits. Now you need it to purchase health insurance.

“The Social Security number itself, it’s pretty ubiquitous in your life,” Calabrese said.

David Bier, an analyst with the Competitive Enterprise Institute, agrees with the ACLU’s fears.

“The most worrying aspect is that this creates a principle of permission basically to do certain activities and it can be used to restrict activities,” he said. “It’s like a national ID system without the card.”

For the moment, the debate in the Senate Judiciary Committee is focused on the parameters of legalization for unauthorized immigrants, a border fence and legal immigration in the future.

The committee is scheduled to resume debate on the package Tuesday.
http://www.wired.com/threatlevel/201...form-dossiers/





Indian Government Can Now Snoop On Your SMSs, Online Chats
Indu Nandakumar

The government last month quietly began rolling out a project that gives it access to everything that happens over India's telecommunications network—online activities, phone calls, text messages and even social media conversations. Called the Central Monitoring System, it will be the single window from where government arms such as the National Investigation Agency or the tax authorities will be able to monitor every byte of communication.

But privacy and internet freedom advocates are worried that in the name of security, the government could end up snooping on people, possibly abusing a system that does not have enough safeguards to protect ordinary citizens.

"In the absence of a strong privacy law that promotes transparency about surveillance and thus allows us to judge the utility of the surveillance, this kind of development is very worrisome," warned Pranesh Prakash, director of policy at the Centre for Internet and Society. "Further, this has been done with neither public nor parliamentary dialogue, making the government unaccountable to its citizens."

After the Mumbai blasts in November 2008, the government has been arming itself with powers and technology to help it eavesdrop on digital communications. The information technology law, enacted in 2000 and amended twice in 2008 and 2011, gives designated government officials the authority to listen in on phone calls, read SMSes, emails, and monitor websites.

Such access is allowed for purposes of "reasonable security practices and procedures."

However, Pavan Duggal, a Supreme Court advocate specialising in cyberlaw, said the government has given itself unprecedented powers to monitor private internet records of citizens. "This system is capable of tremendous abuse," he said. The Central Monitoring System, being set up by the Centre for Development of Telematics, plugs into telecom gear and gives central and state investigative agencies a single point of access to call records, text messages and emails as well as the geographical location of individuals.

Duggal, who closely follows New Delhi's battle with internet firms, said there hasn't been much details from the government on what exactly the system intends to monitor and under what conditions.

In December 2012, the then information technology minister Milind Deora told Parliament that the monitoring system, on which the government is spending Rs 400 crore, will "lawfully intercept internet and telephone services".

Work on the system has been kept under wraps for nearly two years. Several government agencies have issued tenders seeking specialised equipment and systems for such monitoring.

As part of modernisation, the home ministry is updating all its offices in state capitals with such gear. C-Dot group head Shikha Srivastava declined comment. Information technology ministry spokeswoman Mamta Verma redirected the queries to Gulshan Rai, director of India's Cyber Emergency Response Team, but Rai declined comment.

With over 100 million users, India is one of the fastest-growing internet markets in the world. The government has come under criticism from activists for increased censorship and tracking of user records. Internet activist group Anonymous has started raising the pitch against the monitoring system, claiming that security is just a pretext for spying on citizens.

Disclosures by Google show that the number of requests from the government seeking personal information has been on the rise. In the second half of 2012, the government made nearly 2,500 requests, Google said.

"Even legitimate conversations could end up being tracked," cautioned Duggal, the Supreme Court lawyer.
http://timesofindia.indiatimes.com/t...w/19932484.cms





Did the Queen Just Resurrect the Snooper’s Charter?
David Gilbert

In her annual speech, Queen Elizabeth spoke about proposals to help investigate "crime in cyberspace" sparking debate that the unsuccessful and highly-criticised Snooper's Charter could be back on the agenda.

Last month Deputy Prime Minister Nick Clegg said the Communications Data Bill went too far and was thrown out. The Bill, dubbed by its opponents as the Snooper's Charter, proposed to force UK internet service providers (ISPs) to retain the information relating to their customers online activity for up to one year.

While the Bill seemed to be dead in the water, and wasn't officially mentioned by the Queen, she did suggest the government was planning on implementing at least some of the proposals the Bill suggested.

Opening the new session of parliament and outlining the plans of the Coalition government for the next year, the Queen said the proposals would address "the problem of matching Internet protocol addresses" which lies at the heart of the problem for the police in the UK.

At the moment, police can monitor phone calls and text messages and are able to pinpoint who, where and when the call was made. However the same cannot be said for communications over the internet.

Who, when and where

Because of the way the internet works, IP addresses are often assigned to multiple users at once, making it difficult to assess where or when an email, instant message or Skype call was sent. Users are also assigned different IP addresses each time they log into their machines.

Attempting to address this was the Communications Data Bill, which proposed to give police access to the who, when and where of messages sent over internet though not the content of those messages. Police would also have had the power to monitor which websites people were visiting.

According government briefing notes on the Queen's Speech the need to know this information is still there: "In order to know who has actually sent an email or made a Skype call, the police need to know who used a certain IP address at a given point in time. Without this, if a suspect used the Internet to communicate instead of making a phone call, it may not be possible for the police to identify them.

"The government is looking at ways of addressing this issue with CSPs [communication service providers]. It may involve legislation."

Moving quickly

The problem facing the police in the UK is that criminals are moving quickly from using traditional phone calls and text messages to using calls made over the internet using services like Skype or instant messaging services such as WhatsApp, Viber and Apple's iMessage app.

The situation is further muddied by the use of more sophisticated systems such as Tor and VPNs which make it virtually impossible to track online communications.

One possible solution would be to completely change the system of attributing IP addresses, whereby every user online would have a specific IP address tied to each devices they used. However this would require a fundamental shift in the way the internet works and would require international agreement - something which is increasingly difficult to facilitate in the realm of the internet.

Remaining vague

The Home Office is remaining vague on what plans it has in place following the collapse of the Communications Data Bill, which was first introduced officially by the Queen in her speech this time last year.

The problem remains for the government of trying to strike a balance between giving the police the powers to track criminals online, while at the same time protect the privacy of UK citizens.

It seems clear from the Queen's Speech that this is not a problem which is going to go away anytime soon, though it's unlikely the government will make the same mistake of trying to go too far, too quickly.

Another problem for the government will be in relation to resources. Since May 2010, the government has spent £405m on what is called the Communications Capabilities Development Project. While the government has insisted this money has not been spent on the much-criticised and now canned Snooper's Charter, it is difficult to see where else it has been spent.

The official line from the government is that it has been spent on "sustaining and enhancing existing capabilities."
http://www.ibtimes.co.uk/articles/46...tions-data.htm





U.S. Directly Blames China’s Military for Cyberattacks
David E. Sanger

The Obama administration on Monday explicitly accused China’s military of mounting attacks on American government computer systems and defense contractors, saying one motive could be to map “military capabilities that could be exploited during a crisis.”

While some recent estimates have more than 90 percent of cyberespionage in the United States originating in China, the accusations relayed in the Pentagon’s annual report to Congress on Chinese military capabilities were remarkable in their directness. Until now the administration avoided directly accusing both the Chinese government and the People’s Liberation Army of using cyberweapons against the United States in a deliberate, government-developed strategy to steal intellectual property and gain strategic advantage.

“In 2012, numerous computer systems around the world, including those owned by the U.S. government, continued to be targeted for intrusions, some of which appear to be attributable directly to the Chinese government and military,” the nearly 100-page report said.

The report, released Monday, described China’s primary goal as stealing industrial technology, but said many intrusions also seemed aimed at obtaining insights into American policy makers’ thinking. It warned that the same information-gathering could easily be used for “building a picture of U.S. network defense networks, logistics, and related military capabilities that could be exploited during a crisis.”

It was unclear why the administration chose the Pentagon report to make assertions that it has long declined to make at the White House. A White House official declined to say at what level the report was cleared. A senior defense official said “this was a thoroughly coordinated report,” but did not elaborate.

On Tuesday, a spokeswoman for the Chinese Ministry of Foreign Affairs, Hua Chunying, criticized the report.

‘‘China has repeatedly said that we resolutely oppose all forms of hacker attacks,’’ she said. ‘‘We’re willing to carry out an even-tempered and constructive dialogue with the U.S. on the issue of Internet security. But we are firmly opposed to any groundless accusations and speculations, since they will only damage the cooperation efforts and atmosphere between the two sides to strengthen dialogue and cooperation.’’

Missing from the Pentagon report was any acknowledgment of the similar abilities being developed in the United States, where billions of dollars are spent each year on cyberdefense and constructing increasingly sophisticated cyberweapons. Recently the director of the National Security Agency, Gen. Keith Alexander, who is also commander of the military’s fast-growing Cyber Command, told Congress that he was creating more than a dozen offensive cyberunits, designed to mount attacks, when necessary, at foreign computer networks.

When the United States mounted its cyberattacks on Iran’s nuclear facilities early in President Obama’s first term, Mr. Obama expressed concern to aides that China and other states might use the American operations to justify their own intrusions.

But the Pentagon report describes something far more sophisticated: A China that has now leapt into the first ranks of offensive cybertechnologies. It is investing in electronic warfare capabilities in an effort to blind American satellites and other space assets, and hopes to use electronic and traditional weapons systems to gradually push the United States military presence into the mid-Pacific nearly 2,000 miles from China’s coast.

The report argues that China’s first aircraft carrier, the Liaoning, commissioned last September, is the first of several carriers the country plans to deploy over the next 15 years. It said the carrier would not reach “operational effectiveness” for three or four years, but is already set to operate in the East and South China Seas, the site of China’s territorial disputes with several neighbors, including Japan, Indonesia, the Philippines and Vietnam. The report notes a new carrier base under construction in Yuchi.

The report also detailed China’s progress in developing its stealth aircraft, first tested in January 2011.

Three months ago the Obama administration would not officially confirm reports in The New York Times, based in large part on a detailed study by the computer security firm Mandiant, that identified P.L.A. Unit 61398 near Shanghai as the likely source of many of the biggest thefts of data from American companies and some government institutions.

Until Monday, the strongest critique of China came from Thomas E. Donilon, the president’s national security adviser, who said in a speech at the Asia Society in March that American companies were increasingly concerned about “cyberintrusions emanating from China on an unprecedented scale,” and that “the international community cannot tolerate such activity from any country.” He stopped short of blaming the Chinese government for the espionage.

But government officials said the overall issue of cyberintrusions would move to the center of the United States-China relationship, and it was raised on recent trips to Beijing by Treasury Secretary Jacob J. Lew and the chairman of the Joint Chiefs of Staff, Gen. Martin E. Dempsey.

To bolster its case, the report argues that cyberweapons have become integral to Chinese military strategy. It cites two major public works of military doctrine, “Science of Strategy” and “Science of Campaigns,” saying they identify “information warfare (I.W.) as integral to achieving information superiority and an effective means for countering a stronger foe.” But it notes that neither document “identifies the specific criteria for employing a computer network attack against an adversary,” though they “advocate developing capabilities to compete in this medium.”

It is a critique the Chinese could easily level at the United States, where the Pentagon has declined to describe the conditions under which it would use offensive cyberweapons. The Iran operation was considered a covert action, run by intelligence agencies, though many techniques used to manipulate Iran’s computer controllers would be common to a military program.

The Pentagon report also explicitly states that China’s investments in the United States aim to bolster its own military technology. “China continues to leverage foreign investments, commercial joint ventures, academic exchanges, the experience of repatriated Chinese students and researchers, and state-sponsored industrial and technical espionage to increase the level of technologies and expertise available to support military research, development and acquisition.”

But the report does not address how the Obama administration should deal with that problem in an economically interconnected world where the United States encourages those investments, and its own in China, to create jobs and deepen the relationship between the world’s No. 1 and No. 2 economies. Some experts have argued that the threat from China has been exaggerated. They point out that the Chinese government — unlike, say, Iran or North Korea — has such deep investments in the United States that it cannot afford to mount a crippling cyberstrike on the country.

The report estimates that China’s defense budget is $135 billion to $215 billion, a large range attributable in part to the opaqueness of Chinese budgeting. While the figure is huge in Asia, the top estimate would still be less than a third of what the United States spends every year.

Some of the report’s most interesting elements examine the debate inside China over whether this is a moment for the country to bide its time, focusing on internal challenges, or to directly challenge the United States and other powers in the Pacific.

But it said that “proponents of a more active and assertive Chinese role on the world stage” — a group whose members it did not name — “have suggested that China would be better served by a firm stance in the face of U.S. or other regional pressure.”
https://www.nytimes.com/2013/05/07/w...erattacks.html





China Calls U.S. the "Real Hacking Empire" After Pentagon Report

China on Wednesday accused the United States of sowing discord between China and its neighbors after the Pentagon said Beijing is using espionage to fuel its military modernization, branding Washington the "real hacking empire".

The latest salvo came a day after China's foreign ministry dismissed as groundless a Pentagon report which accused China for the first time of trying to break into U.S. defense computer networks.

The Pentagon also cited progress in Beijing's effort to develop advanced-technology stealth aircraft and build an aircraft carrier fleet to project power further offshore.

The People's Liberation Army Daily called the report a "gross interference in China's internal affairs".

"Promoting the 'China military threat theory' can sow discord between China and other countries, especially its relationship with its neighboring countries, to contain China and profit from it," the newspaper said in a commentary that was carried on China's Defense Ministry's website.

The United States is "trumpeting China's military threat to promote its domestic interests groups and arms dealers", the newspaper said, adding that it expects "U.S. arms manufacturers are gearing up to start counting their money".

The remarks in the newspaper underscore the escalating mistrust between China and the United States over hacking, now a top point of contention between Washington and Beijing.

A U.S. computer security company, Mandiant, said in February a secretive Chinese military unit was likely behind a series of hacking attacks that targeted the United States and stole data from more than 100 companies.

That set off a war of words between Washington and Beijing.

China has said repeatedly that it does not condone hacking and is the victim of hacking attacks -- most of which it claims come from the United States.

"As we all know, the United States is the real 'hacking empire' and has an extensive espionage network," the People's Daily, a newspaper regarded as a mouthpiece of the Chinese Communist Party, said in a commentary.

The article -- which was published under the pen name "Zhong Sheng", meaning "Voice of China" -- said "in recent years, the United States has continued to strengthen its network tools for political subversion against other countries".

"Cyber weapons are more frightening than nuclear weapons," the People's Daily said. "To establish military hegemony on the Internet by repeatedly smearing other countries is a dangerous and wrong path to take and will ultimately end up in shooting themselves in the foot."

(Reporting by Sui-Lee Wee; Editing by Michael Perry)
http://www.reuters.com/article/2013/...94702L20130508





Special Report: U.S. Cyberwar Strategy Stokes Fear of Blowback
Joseph Menn

Even as the U.S. government confronts rival powers over widespread Internet espionage, it has become the biggest buyer in a burgeoning gray market where hackers and security firms sell tools for breaking into computers.

The strategy is spurring concern in the technology industry and intelligence community that Washington is in effect encouraging hacking and failing to disclose to software companies and customers the vulnerabilities exploited by the purchased hacks.

That's because U.S. intelligence and military agencies aren't buying the tools primarily to fend off attacks. Rather, they are using the tools to infiltrate computer networks overseas, leaving behind spy programs and cyber-weapons that can disrupt data or damage systems.

The core problem: Spy tools and cyber-weapons rely on vulnerabilities in existing software programs, and these hacks would be much less useful to the government if the flaws were exposed through public warnings. So the more the government spends on offensive techniques, the greater its interest in making sure that security holes in widely used software remain unrepaired.

Moreover, the money going for offense lures some talented researchers away from work on defense, while tax dollars may end up flowing to skilled hackers simultaneously supplying criminal groups. "The only people paying are on the offensive side," said Charlie Miller, a security researcher at Twitter who previously worked for the National Security Agency.

A spokesman for the NSA agreed that the proliferation of hacking tools was a major concern but declined to comment on the agency's own role in purchasing them, citing the "sensitivity" of the topic.

America's offensive cyber-warfare strategy - including even the broad outlines and the total spending levels - is classified information. Officials have never publicly acknowledged engaging in offensive cyber-warfare, though the one case that has been most widely reported - the use of a virus known as Stuxnet to disrupt Iran's nuclear-research program - was lauded in Washington. Officials confirmed to Reuters previously that the U.S. government drove Stuxnet's development, and the Pentagon is expanding its offensive capability through the nascent Cyber Command.

Stuxnet, while unusually powerful, is hardly an isolated case. Computer researchers in the public and private sectors say the U.S. government, acting mainly through defense contractors, has become the dominant player in fostering the shadowy but large-scale commercial market for tools known as exploits, which burrow into hidden computer vulnerabilities.

In their most common use, exploits are critical but interchangeable components inside bigger programs. Those programs can steal financial account passwords, turn an iPhone into a listening device, or, in the case of Stuxnet, sabotage a nuclear facility.

Think of a big building with a lot of hidden doors, each with a different key. Any door will do to get in, once you find the right key.

The pursuit of those keys has intensified. The Department of Defense and U.S. intelligence agencies, especially the NSA, are spending so heavily for information on holes in commercial computer systems, and on exploits taking advantage of them, that they are turning the world of security research on its head, according to longtime researchers and former top government officials.

Many talented hackers who once alerted companies such as Microsoft Corp to security flaws in their products are now selling the information and the exploits to the highest bidder, sometimes through brokers who never meet the final buyers. Defense contractors and agencies spend at least tens of millions of dollars a year just on exploits, which are the one essential ingredient in a broader cyber-weapons industry generating hundreds of millions annually, industry executives said privately.

Former White House cybersecurity advisors Howard Schmidt and Richard Clarke said in interviews that the government in this way has been putting too much emphasis on offensive capabilities that by their very nature depend on leaving U.S. business and consumers at risk.

"If the U.S. government knows of a vulnerability that can be exploited, under normal circumstances, its first obligation is to tell U.S. users," Clarke said. "There is supposed to be some mechanism for deciding how they use the information, for offense or defense. But there isn't."

Acknowledging the strategic trade-offs, former NSA director Michael Hayden said: "There has been a traditional calculus between protecting your offensive capability and strengthening your defense. It might be time now to readdress that at an important policy level, given how much we are suffering."

The issue is sensitive in the wake of new disclosures about the breadth and scale of hacking attacks that U.S. intelligence officials attribute to the Chinese government. Chinese officials deny the allegations and say they too are hacking victims.

Top U.S. officials told Congress this year that poor Internet security has surpassed terrorism to become the single greatest threat to the country and that better information-sharing on risks is crucial. Yet neither of the two major U.S. initiatives under way - sweeping cybersecurity legislation being weighed by Congress and President Barack Obama's February executive order on the subject - asks defense and intelligence agencies to spread what they know about vulnerabilities to help the private sector defend itself.

Most companies, including Microsoft, Apple Inc and Adobe Systems Inc, on principle won't pay researchers who report flaws, saying they don't want to encourage hackers. Those that do offer "bounties", including Google Inc and Facebook Inc, say they are hard-pressed to compete financially with defense-industry spending.

Some national-security officials and security executives say the U.S. strategy is perfectly logical: It's better for the U.S. government to be buying up exploits so that they don't fall into the hands of dictators or organized criminals.

UNINTENDED CONSEQUENCES

When a U.S. agency knows about a vulnerability and does not warn the public, there can be unintended consequences. If malign forces purchase information about or independently discover the same hole, they can use it to cause damage or to launch spying or fraud campaigns before a company like Microsoft has time to develop a patch. Moreover, when the U.S. launches a program containing an exploit, it can be detected and quickly duplicated for use against U.S. interests before any public warning or patch.

Some losses occur even after a patch.

That happened to Microsoft and its customers with a piece of malicious software known as Duqu. Experts say it was designed to steal industrial-facility designs from Iran and that it used an exploit that tricked computers into installing malicious software disguised as a font to render type on the screen.

Those who dissected the program after its discovery in 2011 believe it was created by a U.S. agency. Though Duqu resembled Stuxnet in some respects, they couldn't say for sure how it was assembled, or whether the spying tool had accomplished its mission.

What's certain is that criminal hackers copied Duqu's previously unheard-of method for breaking into computers and rolled it into "exploit kits," including one called Blackhole and another called Cool, that were sold to hackers worldwide.

Microsoft had by then issued a patch for the vulnerability. Nevertheless, hackers used it last year to attack 16 out of every 1,000 U.S. computers and an even greater proportion in some other countries, according to Finland-based security firm F-Secure.

The flaw became the second-most frequently tried among tens of thousands of known vulnerabilities during the second half of 2012, F-Secure said. Hackers installed a variety of malicious software in cases when the exploit worked, including copies of Zeus, a notorious program for stealing financial login information that has been blamed for hundreds of millions of dollars in bank thefts. Microsoft won't say whether it has confronted U.S. officials about Duqu and other programs, but an executive said the company objects "to our products being used for malicious purposes."

THE BUSINESS OF "ZERO-DAYS"

Former NSA Director Hayden and others with high-level experience have boasted that U.S. offensive capabilities in cyberspace are the best in the world. But few outsiders had any idea what was possible before 2010, when a small laboratory discovered the worm called Stuxnet.

It took teams of security experts in several countries months to dissect the program. They discovered that it had been meticulously engineered to launch invisibly from a portable flash drive and spread through connected Windows-based personal computers in search of machines running a specific piece of industrial control software made by Siemens AG of Germany.

If Stuxnet found that software and a certain configuration, it changed some of the instructions in the program and hid its tracks. Eventually, the truth came out: The only place deliberately affected was an Iranian nuclear facility, where the software sped up and slowed down uranium-enriching centrifuges until they broke.

Stuxnet was unique in many ways, one of them being that it took advantage of four previously unknown flaws in Windows. In the industry, exploits of such vulnerabilities are called "zero-days," because the software maker has had zero days' notice to fix the hole before the tool's discovery.

It can take months for security patches to be widely installed after a vulnerability is reported, so even a "two-day" exploit, one released two days after a warning, is valuable.

But exploits can't be counted on to work once the holes they rely on are disclosed. That means contractors are constantly looking for new ones that can be swapped in to a particular program after the original vulnerability is fixed. Some security firms sell subscriptions for exploits, guaranteeing a certain number per year.

"My job was to have 25 zero-days on a USB stick, ready to go," said a former executive at a defense contractor that bought vulnerabilities from independent hackers and turned them into exploits for government use.

HOW THE MARKET WORKS

Zero-day exploits will work even when the targeted software is up to date, and experts say the use of even a single zero-day in a program signals that a perpetrator is serious. A well-publicized hacking campaign against Google and scores of other companies in early 2010, attributed by U.S. officials and private experts to Chinese government hackers, used one zero-day.

Many zero-day exploits appear to have been produced by intelligence agencies. But private companies have also sprung up that hire programmers to do the grunt work of identifying vulnerabilities and then writing exploit code. The starting rate for a zero-day is around $50,000, some buyers said, with the price depending on such factors as how widely installed the targeted software is and how long the zero-day is expected to remain exclusive.

It's a global market that operates under the radar, often facilitated by other companies that act as brokers. On the buy side are U.S. government agencies and the defense contractors that fold the exploits into cyber-weapons. With little or no regulation, it is impossible to say who else might be purchasing zero-days and to what end, but the customers are known to include organized crime groups and repressive governments spying on their citizens.

Even one of the four exploits used by Stuxnet may have been purchased. Swedish Defense Research Agency expert David Lindahl said the same trick employed by the exploit in question was used in a piece of Russian crime software called Zlob prior to Stuxnet's discovery. The same person may have sold the exploit to both the United States and to Russian criminals. However, Lindahl and other experts said simultaneous invention can't be ruled out.

The issue of rival countries or gangs using a flaw that U.S. officials have known about but decided to keep secret is a big concern. The National Security Agency declined to say whether or how often that happens, but researchers said simultaneous security discoveries occur often.

"It's pretty naïve to believe that with a newly discovered zero-day, you are the only one in the world that's discovered it," said Schmidt, who retired last year as the White House cybersecurity coordinator. "Whether it's another government, a researcher or someone else who sells exploits, you may have it by yourself for a few hours or for a few days, but you sure are not going to have it alone for long."

China is thought to do a lot of its work on exploits in-house, relying on its own programmers, though Reuters has reviewed email from self-declared Chinese buyers offering large sums. "I really need some 0days,if you have some remote exploit 0days of windows system, I think I can buy it. you know, money is not the problem," one hopeful wrote in 2006.

ON THE FRONT LINE

Cesar Cerrudo, a researcher in Argentina and the recipient of the 2006 email, was among the first to sell zero-days in the open, targeting experts who wanted to test the security of networks for their employers or clients.

Cerrudo said he ignored some requests from China that seemed suspiciously detailed, such as one for an exploit for an out-of-date version of Microsoft Office. Cerrudo said he regrets selling to a research institution in Europe he won't name that he later realized received a great deal of funding from a national government. Now Cerrudo works at IOActive Inc, a Seattle-based consulting firm that advises corporate clients on security.

"Fewer people are publishing details about vulnerabilities and exploits," Cerrudo said, and that hurts overall safety. "People are trying to keep their techniques and exploits private so they can make a lot of money."

A Paris-based security company called Vupen sells tools based on exploits to intelligence, law-enforcement and military authorities in most of the world. It refrains from selling to countries such as Iran or North Korea, and says it voluntarily follows European and U.S. rules limiting arms exports, though others say it isn't clear whether exploits are subject to the most restrictive U.S. rules.

Until 2010, Vupen often notified software vendors for free when it found vulnerabilities, said chief executive Chaouki Bekrar. That has now changed. "As our research costs became higher and higher, we decided to no longer volunteer for multi-billion-dollar companies," Bekrar said. When software makers wouldn't agree to a compensation system, he said, Vupen chose to sell to governments instead. "Software vendors created this market by not decently paying researchers for their hard work."

In Bekrar's estimation, Vupen is doing good. "Exploits are used as part of lawful intercept missions and homeland security operations as legally authorized by law," he said, "to protect lives and democracies against both cyber and real world threats."

The company is one of the most visible players in the business. Vupen sent a dozen researchers to an elite April conference on offensive hacking techniques at the luxury Fontainebleau Hotel in Miami Beach, where attendees eschewed nametags, dined on stone crab and heard such talks as "Advanced Heap Manipulation in Windows 8." The only larger contingents were one from the conference's organizer, zero-day reseller Immunity Inc, and one from the U.S. government.

A newer entrant to the market is ReVuln, based in Malta. ReVuln says it specializes in crafting exploits for industrial control systems that govern everything from factory floors to power generators.

This is a major concern for governments because such systems are considered prime targets for terrorists and enemy nations, with the potential for high loss of life. Additionally, the software that controls them is much harder to patch than something like Windows, which Microsoft frequently fixes with updates over the Internet. Employees at several large makers of control systems say they don't know how to reach all their users, let alone convince them to make changes when holes are discovered.

ReVuln's founders, Italian researcher Luigi Auriemma and former Research in Motion vulnerability hunter Donato Ferrante, declined to say anything about their customers. In an email interview, they said they sold some exploits exclusively and others more widely. Asked if they would be troubled if some of their programs were used in attacks that caused death or destruction, they said: "We don't sell weapons, we sell information. This question would be worth asking to vendors leaving security holes in their products."

DEFENSE CONTRACTORS

Much of the work on offensive cyber-warfare is done by publicly traded U.S. defense contractors, now joined by a handful of venture capital-backed start-ups seeking government buyers for a broad array of cyber-weapons that use exploits. Defense contractors both buy exploits and produce them in-house.

Major players in the field include Raytheon Co, Northrop Grumman Corp and Harris Corp, all of which have acquired smaller companies that specialize in finding new vulnerabilities and writing exploits. Those companies declined to discuss their wares. "It's tough for us, when you get into the realm of offensive," said Northrop spokesman Mark Root.

Reuters reviewed a product catalogue from one large contractor, which was made available on condition the vendor not be named. Scores of programs were listed. Among them was a means to turn any iPhone into a room-wide eavesdropping device. Another was a system for installing spyware on a printer or other device and moving that malware to a nearby computer via radio waves, even when the machines aren't connected to anything.

There were tools for getting access to computers or phones, tools for grabbing different categories of data, and tools for smuggling the information out again. There were versions of each for Windows, Apple and Linux machines. Most of the programs cost more than $100,000, and a solid operation would need several components that work together. The vast majority of the programs rely on zero-day exploits.

Intelligence agencies have a good reason to leave a lot of the spyware development work to outsiders, said Alex Stamos, chief technology officer at an Internet security unit of NCC Group Plc. "It's just like munitions development," he said. "They don't purchase it until the vendors can demonstrate it works."

Another newcomer with U.S. agencies as clients is Atlanta-based Endgame Inc, which in March raised $23 million in a second round of funding led by the blue-chip Silicon Valley venture capital firm Kleiner Perkins Caufield & Byers. Endgame is chaired by the chief executive of In-Q-Tel, a venture capital firm set up in 1999 at the request of the CIA to fund private companies developing technology that could be useful to the intelligence community.

Some of Endgame's activities came to light in purloined emails published by hackers acting under the banner Anonymous. In what appear to be marketing slides, the company touted zero-day subscriptions as well as lists of exactly which computers overseas belonged to specific criminal "botnets" - networks of compromised machines that can be mobilized for various purposes, including stealing financial passwords and knocking websites offline with traffic attacks.

The point was not to disinfect the botnet's computers or warn the owners. Instead, Endgame's customers in the intelligence agencies wanted to harvest data from those machines directly or maintain the ability to issue new commands to large segments of the networks, three people close to the company told Reuters.

Endgame declined to comment.

Ted Schlein, a Kleiner partner who sits on Endgame's board, said he couldn't comment on the company's classified business. But he defended the idea of captive botnets.

"If you believe that wars are going to be fought in the world of cyber in the future, wouldn't you want to believe you would have a cyber-army at your disposal? Why wouldn't you want to launch a cyber-army if needed?"

(Reporting by Joseph Menn; Editing by Jonathan Weber and Claudia Parsons)
http://www.reuters.com/article/2013/...9490EL20130510





Anti-Virus Software for Android Fooled by Common Techniques, Researchers Say
Steve Ragan

A group of researchers from Northwestern University and North Carolina State University tested ten of the most popular AV products on Android, and discovered that they were easily fooled by common obfuscation techniques.

In a paper published earlier this year, the researchers said they tested AV software from Symantec, AVG, Kaspersky Lab, Trend Micro, ESET, ESTSoft, Lookout, Zoner, Webroot, and Dr. Web. In order to evaluate the mobile security software, the researchers developed a tool called DroidChameleon, which is a framework that automatically applies a number of transformation techniques (some of the same ones seen in PC malware and others unique to the Android platform) to Android applications.

Android MalwareKnown malware samples were transformed to generate new variants that contain the exact malicious functions as before. These new variants were then passed to the AV products, and much to the surprise of the paper’s authors, they were rarely flagged – if at all.

“Our findings show that all the anti-malware products evaluated are susceptible to common evasion techniques and may succumb to even trivial transformations not involving code-level changes,” the paper explains.

According to the research, 43% of the signatures used by the AV products are based on file names, checksums (or binary sequences) or information obtained by the PackageManager API. This means that, as mentioned, common transformations will render their protection useless for the most part.

For example, the researchers transformed the Android rootkit DroidDream for their test. DroidDream is a widely-known and highly dangerous application. Yet, when it was transformed, every AV program failed to catch at least two variants.

Lookout Inc., a company that only does mobile protection, failed to flag every single variant of DroidDream that it was tested against – all 14 of them. Lookout was one of the first security vendors to alert the public to the existence of DroidDream, and yet they failed to stop basic variants of it that were created in the lab.

Trend Micro also had serious problems, as they failed to detect 9 out of 10 variants of the SMS Trojan, Fake Player. This is noteworthy because they discovered the first incarnation of this mobile malware in 2010.

There is hope however. Last year 45% of the AV programs were bypassed by trivial transformations, but 12 months later that number fell to just 16%.

“We find that in all such cases where we see changes, anti-malware authors have moved to content-based matching, such as matching identifiers and strings,” the researchers noted.

“Although the changes in the signatures over the past one year may be seen as improvement, we point out that the new signatures still lack resilience against polymorphic malware as our results aptly demonstrate.”
https://www.securityweek.com/anti-vi...esearchers-say





Huge Cyber Bank Theft Spans 27 Countries
Jessica Dye, Joseph Ax and Jim Finkle

In one of the biggest ever bank heists, a global cyber crime ring stole $45 million from two Middle Eastern banks by hacking into credit card processing firms and withdrawing money from ATMs in 27 countries, U.S. prosecutors said on Thursday.

The U.S. Justice Department accused eight men of allegedly forming the New York-based cell of the organization, and said seven of them have been arrested. The eighth, allegedly a leader of the cell, was reported to have been murdered in the Dominican Republic on April 27.

The ringleaders are believed to be outside the United States but prosecutors declined to give details, citing the ongoing investigation. What's clear is the sheer scope and speed of the crimes: in one of the attacks, in just over 10 hours, $40 million was raided from ATMs in 24 countries involving 36,000 transactions.

"In the place of guns and masks, this cyber crime organization used laptops and the Internet," U.S. Attorney for the Eastern District of New York Loretta Lynch said at a news conference. "Moving as swiftly as data over the Internet, the organization worked its way from the computer systems of international corporations to the streets of New York City."

The case demonstrates the major threat that cyber crime poses to banks around the world. It also shows how increasingly international and sophisticated criminal gangs have become, particularly those using the Internet.

Prosecutors highlighted the "surgical precision" of these hackers, the global nature of their organization, and the speed and coordination with which they executed operations in 27 countries.

According to the complaint, the gang broke into the computers of two credit card processors, one in India in December 2012 and the other in the United States this February. The companies were not identified.

The hackers increased the available balance and withdrawal limits on prepaid MasterCard debit cards issued by Bank of Muscat of Oman, and National Bank of Ras Al Khaimah PSC (RAKBANK) of the United Arab Emirates, according to the complaint. They then distributed counterfeit debit cards to "cashers" around the world, enabling them to siphon millions of dollars from ATMs in a matter of hours.

In New York, for example, members of the cell fanned out into the city on the afternoon of February 19, armed with cards bearing a single Bank of Muscat account number. Ten hours later, they had completed 2,904 withdrawals for $2.4 million in all, the final transaction coming around 1:26 a.m., prosecutors said.

Casher crews in other countries were busy doing the same, pulling some $40 million from Bank of Muscat to add to the $5 million they stole from RAKBANK in December, according to the indictment. In total, cashers made some 40,500 withdrawals in 27 countries during the two coordinated incidents.

Prosecutors said the method of attack was known as "Unlimited Operations" in the cyber underworld.

Representatives for the two banks could not be reached for comment outside of regular business hours.

In a statement, Mastercard said it had cooperated with law enforcement in the investigation and stressed that its systems were not involved or compromised in the attacks.

In late February, Bank Muscat disclosed that it would take an impairment charge of up to 15 million rials ($39 million) because it had been defrauded overseas by 12 prepaid debit cards used for travel. That charge was equal to more than half of the 25 million rials profit it posted in its first quarter ended March 31.

HIGHLY SKILLED HACKERS

Cyber experts said they believe the operation likely required the work of several hundred people, at least several of whom were highly skilled hackers capable of devising ways to penetrate well-protected financial systems.

"Hackers only need to find one vulnerability to cause millions of dollars of damage," said Mark Rasch, a former federal cyber crimes prosecutor, based in Bethesda, Maryland.

The group may have targeted Middle Eastern banks because they tend to allow customers to put much larger sums on cards and do not monitor them as closely as banks in other regions, said Shane Shook, global vice president of consulting for the security firm Cylance Inc.

"It's a target-rich environment in terms of soft electronic security," said Shook, an Arabic speaker who has spent more than a decade investigating cyber crimes.

The case is similar to one in 2009 that targeted the prepaid debit-card unit of Royal Bank of Scotland, which lost more than $9 million in less than 12 hours, said Jason Weinstein, a former federal prosecutor who supervised the Justice Department's handling of that case.

That case was considered a watershed moment in cyber crime prosecutions at the time. "This dwarfs that case," he said.

It is not clear if banks can seek to recover losses from card processors, legal experts said. Contracts usually have specific language governing the security protocols that must be in place, said Frederick Rivera, an attorney with Perkins Coie who specializes in financial services litigation.

If the processors failed to follow those requirements, they could be liable for the losses. If they had adequate security, however, the banks "could be left holding the bag," Rivera said.

The banks might also be able to seek reimbursement under their insurance policies, many of which now have cyber crime provisions, or from the processors' insurance carriers.

Weinstein also said that the processors could face regulatory scrutiny over whether they provided proper security.

The eight defendants - all U.S. citizens and residents of Yonkers, New York - were charged with withdrawing cash from the ATMs and transporting money, not hacking into the credit card processing firms or managing the operation.

The seven arrested are: Jael Mejia Collado, Joan Luis Minier Lara, Evan Jose Peña, Jose Familia Reyes, Elvis Rafael Rodriguez, Emir Yasser Yeje and Chung Yu-Holguin (known as "Chino El Abusador"). All except for Rodriguez were arraigned on Thursday and pleaded not guilty. Rodriguez's attorney was unavailable. Only Pena has been released on bail.

The defendant who reportedly had been killed was Alberto Yusi Lajud-Peña, also known as "Prime" and "Albertico." Lynch said it was unclear whether the murder was related to this case.

Prosecutors said cashers often laundered their proceeds by purchasing luxury goods, and sending a portion of the money back to the organization's leaders.

Lynch said the New York gang kept roughly 20 percent of their takes, and sent the rest to the organizers. Authorities said they seized hundreds of thousands of dollars in cash and bank accounts, as well as two Rolex watches and a Mercedes SUV, from the defendants.

Investigators said that they found an email exchange with an account associated with a criminal money laundering operation in St. Petersburg, Russia, describing wire transfers.

An investigation is ongoing to see if other cells are operating in the country, Lynch said, adding that U.S. law enforcement had worked with counterparts in Japan, Canada, Germany, Romania, the United Arab Emirates, Dominican Republic, Mexico, Italy, Spain, Belgium, France, United Kingdom, Latvia, Estonia, Thailand, and Malaysia to uncover the ring.

No individual bank accounts were compromised by the scheme, Lynch said.

The case is U.S. v. Lajud-Pena et al., U.S. District Court, Eastern District of New York, No. 13-cr-259.

(Editing by Noeleen Walder, Tiffany Wu, Leslie Gevirtz and Phil Berlowitz)
http://www.reuters.com/article/2013/...9480PZ20130510





Teacher 'Powerless' to Stop Ex-Girlfriend's Cyberstalking

Court order fails to prevent comments from being posted online
Kathy Tomlinson

A Vancouver teacher says his career has been derailed by an ex-girlfriend who won’t stop posting countless defamatory and offensive comments about him on the web.

"I feel not only shut out of my own profession — but any job I apply for," said Lee David Clayworth, 35, who has applied for several teaching jobs since January, with no positive response.

He believes prospective employers are turned off by the web postings. "This is a dark place. It’s a very, very dark place to be … and I am powerless."

He said he's been cyberstalked relentlessly for 2½ years, despite a court ruling ordering the material be removed and his ex-girlfriend jailed for contempt of court.

"The secondary part of it — where the court order is enforced — people just ignore it," he said.

Clayworth is a Canadian who dated a woman named Lee Ching Yan for several months while he was teaching in Malaysia in 2010.

Theft, hacking and harassment

After they split up, she broke into his apartment and stole his laptop and hard drive, along with other personal belongings.

She then hacked into his email account and sent messages to all of his contacts — posing as him — talking about how he had sex with underage students.

"Little did I know, this was just the beginning of this campaign of harassment and cyberstalking," said Clayworth, who has several glowing references indicating he is an exemplary teacher.

"The support I received from my [former] school, from colleagues, from students, from my principal, from my deputy principal was incredible."

Court documents show Yan retrieved nude photos of Clayworth that were in his computer — pictures she had taken — and posted them on several sites.

She’s also placed hundreds of comments on various social media sites, accusing him of disgusting, even criminal, behaviour.

"I did a Google search of my name and I saw profiles listed saying … I am a psychopath, I am a child molester, a pedophile, I am involved with my students and so on — and then that just steamrolled," said Clayworth.

"I remember waking up in the morning and going online. Two hundred new postings would be there from throughout the night. And the things they said were the most hurtful."

Useless court rulings

He sued Yan in Malaysia, where the judge found her guilty of defamation and ordered her pay him the equivalent of $66,000 in damages. However, the harassment didn’t stop.

"We’d both be in court for proceedings and, you know, four hours later, she would be at it again. Online, posting stuff," said Clayworth.

The judge then ordered Yan imprisoned for contempt of court — for continuing her smear campaign — but she left the country. Clayworth believes she’s now in Australia.

"Everything that was digital and saved in my life — whether it was in the hard drive or laptop — is just at the disposal of this woman," said Clayworth, who returned to Canada in January when his contract at the Malaysian school ended.

"It will never stop … it will go on and on. It’s been almost 2½ years now."

The court also ordered search engine providers Google, Yahoo and Bing to block Clayworth’s name from being searchable, but that has also proved unenforceable.

He’s sent the court order to all three companies, but said he’s had no positive response.

"There are people out there who could help me out and I’ve been through the proper channels to be helped out. And people just ignore it."

Go Public contacted the search engine providers, but only Google sent a response.

Google no help

"Google’s search results are a reflection of the content and information that is available on the web. Users who want content removed from the internet should contact the webmaster of the page directly," said spokesperson Wendy Bairos.

"We do not remove content from our search results, except in very limited cases such as illegal content and violations of our webmaster guidelines."

When Yan was told the Malaysian court deemed the postings were illegal, Bairos suggested that didn’t make any difference.

"Again, even if we did remove the name it would not make the content disappear from other places on the web, since Google’s search results are a reflection of the content and information that is available on the web."

Clayworth said he’s also tried to get the posts removed from various websites, with limited success. Some sites didn’t respond, while others were helpful.

The manager of one site — liarsandcheaters.com — got very upset when Clayworth complained to the site's web host company, which then shut it down temporarily.

"Do you really want to start a war with a website that sometimes gets over [20,000] visits a day?" wrote the manager.

"You may send the court order. However, because of you, we are relocating to Germany so it must be from a German court. That was your choice. In the meantime … the post will remain permanently for the rest of your life."

Even when websites have taken the offensive posts down, Clayworth's ex-girlfriend simply puts them back up, he said.

Authorities outpaced

Lawyers and police told Go Public there is little recourse for victims in Clayworth's shoes, because his court orders are from Malaysia.

Halifax internet law expert David Fraser pointed out that American-based service providers and websites are governed by U.S. law, which protects freedom of expression and does not hold them legally responsible for content users post.

"These companies have a very large user base and have a large number of complaints, many of which are frivolous, and they have to filter through them."

He said sites often do remove posts voluntarily, but in most cases only a U.S. judgment forces them to do it.

"If it’s a judgment that is contrary to U.S. public policy … you may be completely out of luck," he said. "They will tend to err on the side of leaving it up because they are going to err on the side of freedom of expression."

Fraser said he has never heard of a search engine blocking someone’s name from being searchable, as the court ordered Google and others to do in this case.

Clayworth also went to Vancouver police, hoping it could get Interpol involved, to eventually get an international arrest warrant issued for Yang.

Det. Mark Fenton told Go Public the best they could do is initiate a whole new investigation and — if they could get the Crown to approve a charge — issue a Canada-wide warrant for Yan's arrest.

That wouldn’t help Clayworth, though, because Yan is not in Canada. “The authorities really aren’t interested,” he said.

Fenton said police share his frustration. He said the numerous legal and jurisdictional obstacles they face make it almost impossible to help victims of internet harassment, even when both parties are in Canada.

"The internet and society has moved at such a fast pace, that government and law enforcement are unable to keep pace," said Fenton. "This is a huge mess … and it feels awful."

As bad as it is for him, Clayworth feels worse for young people — like his former students — who are increasingly victimized.

"I know what it was like to walk into school as the teacher who has got this going on — so for a teenager I can only imagine," he said.

"Now, the internet is like a hunting ground, basically. Where you can just throw anybody you want up there that you don’t like and let the whole world rain down on them. It’s an insane concept."
http://www.cbc.ca/news/canada/britis...-stalking.html





Google's Eric Schmidt On Data Privacy: The Internet Needs A Delete Button

Your personal data is being over-shared with companies and advertisers. So how much control should you have over your private info?
Austin Carr

With so much data being collected about us online, can our offline identities ever be divorced from our web personas? Today, Google executive chairman Eric Schmidt offered a simple solution for kids being brought up in the age of Facebook, Twitter, and Snapchat.

"I propose that at the age of 18, you should, just as a policy, change your name," Schmidt said, with a smile. "Then you can say, 'That really wasn't me; I really didn't do that!'"

Schmidt was being facetious, of course. But Google and its competitors are amassing endless troves of personal user data--tracking everything from browsing history to email to mobile usage--at times controversially. Google has already faced a number of high-profile lawsuits over privacy issues related to targeted advertising and mapping, and is likely to encounter more in the future as products like Google Glass reshape our interactions with technology. Today, at NYU's Stern business school, economist Nouriel Roubini grilled Schmidt about Google's evolving role in personal privacy.

The conversation, which was generally good-natured, took on a slightly serious tone when Roubini pressed Schmidt on what privacy would look like in 10 or 20 years, when smartphones became "stone age technology," replaced by wearable gadgets and perhaps even embedded ones. Roubini described a future when we might embed technology into our eyes or skin that could track, say, our heart rates or other consumption patterns. Even Google Glass is a step in this direction. So what could that data mean for corporations? And what would it mean for users?

"Let me be very clear that Google is not tracking you...it's not doing all these things," Schmidt said, after trying to interject Roubini's question several times, to clarify that this was a hypothetical discussion. "Does everyone get that we're not doing this? He's talking about a different company or set of companies."

Schmidt then explained that Roubini's assessment of the future was not one he agreed with. "I think you're describing a world of tracking which I think is highly unlikely to occur, because people will be upset about it in the same way you are," Schmidt said. "Governments won't allow it, and it'll be bad business. And ultimately, in a competitive market, companies want the consumers to be happy. So it's true tracking in this context...you're taking a much broader view of the word ['tracking'] than any I would use. A situation where you go to people and say, 'Oh, here's our phone, and we're going to track you to death,' people are not going to buy that phone. It's just a bad business model."

The issue, however, is that it's actually turned out to be a very good business model for many tech companies, especially in the mobile market. Targeted mobile advertising is becoming increasingly crucial to the bottom lines of companies like Google and Facebook; last quarter, for example, mobile advertising revenue represented roughly 30% of Facebook's ad revenue. Yet recent studies indicate many people are wary of growing data collection. And the average user is confronted with a general lack of transparency regarding what data is being tracked and for what purposes.

Though market competition (or regulation) may dispel some inappropriate corporate uses of personal data tracking, the likelihood is the more ways we interact with technology, the more data we're likely to share--perhaps unknowingly.

Schmidt does not believe this to be the case. "Not everyone is going to track all your behavior," he stressed. "There is no central Borg tracking all of these things."

Still, the former Google CEO did touch on some moral issues related to certain types of data collection. "In America, there is a sense of fairness, culturally true for all of us...if you have a teenage boy or girl who makes a mistake--does some sort of crime, goes to juvenile hall, is released--in our system, they can apply and have that expunged from their record. They can legally state that they were never convicted of anything. That seems like a reasonable thing," Schmidt said. "Today, that's not possible because of the Internet...[and] that seems to violate our innate sense of fairness."

"This lack of a delete button on the Internet is in fact a significant issue," Schmidt said. "There are times when erasure [of data] is the right thing...and there are times when it is inappropriate. How do we decide? We have to have that debate now."
http://www.fastcompany.com/3009390/t...-delete-button





Google Glass Picks Up Early Signal: Keep Out
David Streitfeld

Google’s wearable computer, the most anticipated piece of electronic wizardry since the iPad and iPhone, will not go on sale for many months.

But the resistance is already under way.

The glasseslike device, which allows users to access the Internet, take photos and film short snippets, has been pre-emptively banned by a Seattle bar. Large parts of Las Vegas will not welcome wearers. West Virginia legislators tried to make it illegal to use the gadget, known as Google Glass, while driving.

“This is just the beginning,” said Timothy Toohey, a Los Angeles lawyer specializing in privacy issues. “Google Glass is going to cause quite a brawl.”

As personal technology becomes increasingly nimble and invisible, Glass is prompting questions of whether it will distract drivers, upend relationships and strip people of what little privacy they still have in public.

A pair of lens-less frames with a tiny computer attached to the right earpiece, Glass is promoted by Google as “seamless and empowering.” It will have the ability to capture any chance encounter, from a celebrity sighting to a grumpy salesclerk, and broadcast it to millions in seconds.

“We are all now going to be both the paparazzi and the paparazzi’s target,” said Karen L. Stevenson, a lawyer with Buchalter Nemer in Los Angeles.

Google stresses that Glass is a work in progress, with test versions now being released to 2,000 developers. Another 8,000 “explorers,” people handpicked by Google, will soon get a pair.

Among the safeguards to make it less intrusive: you have to speak or touch it to activate it, and you have to look directly at someone to take a photograph or video of them.

“We are thinking very carefully about how we design Glass because new technology always raises new issues,” said Courtney Hohne, a Google spokeswoman.

Developers, however, are already cracking the limits of Glass. One created a small sensation in tech circles last week with a program that eliminated the need for gestures or voice commands. To snap a picture, all the user needs to do is wink.

The 5 Point Cafe, a Seattle dive bar, was apparently the first to explicitly ban Glass. In part it was a publicity stunt — extremely successful, too, as it garnered worldwide attention — but the bar’s owner, Dave Meinert, said there was a serious side. The bar, he said, was “kind of a private place.”

The legislators in West Virginia were not joking at all. The state banned texting while driving last year but hands-free devices are permitted. That left a loophole for Google Glass. The legislation was introduced too late to gain traction before the most recent session ended, but its sponsor says he is likely to try again.

In Las Vegas, a Caesars Entertainment spokesman noted that computers and recording devices were prohibited in casinos. “We will not allow people to wear Glass while gambling or attending our shows,” he said.

Louis Brandeis and Samuel Warren famously noted in 1890 that “numerous mechanical devices threaten to make good the prediction that ‘what is whispered in the closet shall be proclaimed from the house-tops.’ ”

Glass is arriving just as the courts, politicians, privacy advocates, regulators, law enforcement and tech companies are once again arguing over the boundaries of technology in every walk of life.

The Senate Judiciary Committee voted last month to require law enforcement to have a warrant to access e-mail, not just a subpoena. The Federal Bureau of Investigation’s use of devices that mimic cellphone towers to track down criminals is being challenged in an Arizona case. A California district court recently ruled that private messages on social media were protected without a warrant.

“Google Glass will test the right to privacy versus the First Amendment,” said Bradley Shear, a social media expert at George Washington University.

Google has often been at the forefront of privacy issues. In 2004, it began a free e-mail service, making money by generating ads against the content. Two dozen privacy groups protested. Regulators were urged to investigate whether eavesdropping laws were being violated.

For better or worse, people got used to the idea, and the protests quickly dissipated. Gmail now has over 425 million users. In a more recent episode, the company’s unauthorized data collection during its Street View mapping project prompted government investigations in a dozen countries.

Like many Silicon Valley companies, Google takes the attitude that people should have nothing to hide from intrusive technology.

“If you have something that you don’t want anyone to know, maybe you shouldn’t be doing it in the first place,” said Eric Schmidt, then Google’s chief executive, in 2009.

Glass is a major step in Google’s efforts to diversify beyond search, and potentially an extremely lucrative move. Piper Jaffray, an analyst firm, estimates that wearable technology and another major initiative, self-driving cars, could ultimately be a $500 billion opportunity for the company. In the shorter term, IHS, a forecasting firm, estimates that shipments of smart glasses, led by Google Glass, could be as high as 6.6 million in three years.

Thad Starner, a pioneer of wearable computing who is a technical adviser to the Glass team, says he thinks concerns about disruption are overblown.

“Asocial people will be able to find a way to do asocial things with this technology, but on average people like to maintain the social contract,” Mr. Starner said. He added that he and colleagues had experimented with Glass-type devices for years, “and I can’t think of a single instance where something bad has happened.”

An incident at a Silicon Valley event shows, however, the way the increasing ease in capturing a moment can lead to problems — even if unintentionally.

Adria Richards, who worked for the Colorado e-mail company SendGrid, was offended by the jokes two men were cracking behind her at the PyCon developers conference. She posted a picture of them on Twitter with the mildly reproving comment, “Not cool.”

One of the men, who has not been identified, was immediately fired by his employer, PlayHaven. “There is another side to this story,” he wrote on a hacking site, saying it was barely one lame sexual joke. “She gave me no warning, she smiled while she snapped the pic and sealed my fate,” he complained.

Critics lashed out at Ms. Richards, using language much more offensive than the two men used. SendGrid was hacked. The company dismissed Ms. Richards, saying there was such an uproar over her conduct, it “put our business in danger.”

“I don’t think anyone who was part of what happened at PyCon that day could possibly have imagined how this issue would have exploded into the public consciousness,” Ms. Richards reflected later. She has not posted on Twitter since.
https://www.nytimes.com/2013/05/07/t...-keep-out.html





CCTV Cameras Switched Off in Nowra CBD

CCTV cameras in the Nowra CBD have been switched off following a ruling made by the Administrative Decisions Tribunal.

The decision was made after Shoalhaven City Council was found to have breached several clauses of the Privacy and Personal Information Act.

After allegations made by a member of the public, only identified as SF, that the council had used its CCTV cameras to obtain personal information from him, the council was ordered to refrain from any conduct or action in contravention of the act.

The tribunal also ordered the council to render a written apology to SF for the breaches and advise him of any steps to be taken by council to remove the possibility of similar breaches in the future.

The cameras are to remain turned off until the decision of the tribunal has been considered.

Shoalhaven Mayor Joanna Gash said she was disappointed with the tribunal’s decision to turn off the cameras.

‘‘Council will need to wade through the details of the judgement and discuss where to go from here,’’ Cr Gash said.

‘‘I believe that the law seems to be making it extremely difficult for councils to help the community and police reduce crime.’’
http://www.illawarramercury.com.au/s...wra-cbd/?cs=12





Rupert Murdoch Must Step Down as News Corporation Chair – Shareholders

Christian Brothers Investment Services demands action to 'dramatically revise corporate governance practices'
Dominic Rushe

Dissident shareholders are pressing once more for the media mogul Rupert Murdoch to step down as chairman of News Corporation.

Shareholders from the US, UK and Canada filed a resolution on Tuesday, calling for News Corp to appoint an independent chairman. A similar resolution attracted strong support at the media company's annual shareholder meeting last year.

The proposal was introduced by Christian Brothers Investment Services (CBIS), which manages $4.6bn for Catholic institutions worldwide. It is backed by the UK's Local Authority Pension Fund Forum, with assets of £115bn ($178.9bn), and British Columbia Investment Management Corporation, one of Canada's largest institutional investors.

In a separate resolution, Nathan Cummings Foundation, an ethical investment group, has called on News Corp to end the dual-class share structure that allows the Murdoch family to control its media empire despite owning a minority of shares.

A CBIS statement said: "A resolution introduced at last year's meeting which called for an independent chairman was approved by two-thirds of the independent shareholders, while another calling for the elimination of the company's dual-class share structure was approved by 62% of the public shareholders.

"The shareholders believe that by responding positively to these corporate governance issues, News Corporation can improve oversight of management, reduce business risk and better represent the interests of all shareholders. These two resolutions are the latest salvos in an ongoing campaign by concerned institutional investors to dramatically revise the corporate governance practices at News Corporation."

Pressure for change from shareholders has been mounting since the phone-hacking scandal at News Corp's UK newspapers triggered investigations on both sides of the Atlantic. Given the Murdoch family's control of News Corp's shares, the measures are unlikely to succeed.

The company announced last year that it is intending to split its publishing assets, including the Wall Street Journal, Dow Jones and Times newspapers, from its faster-growing TV and film assets. Murdoch plans to be chairman of both companies.

News Corp released its latest quarterly results in New York later on Wednesday. The company's revenues rose 14% from a year earlier to $9.5bn in the quarter ended 31 March, ahead of analysts' expectations. Net income increased to $2.85bn as a 17% rise in its cable business offset a dip in its publishing earnings.

The company announced that the hacking scandal had cost it $42m over the quarter – the company has now incurred more than $380m in costs related to the scandal.

Chase Carey, News Corp's chief operating officer, said the new publishing company, News Corp, would update investors about future plans at the end of May. The TV and film business, to be called 21st Century Fox, will hold an investor conference in August.

Carey said he was "disappointed" with ratings at Fox, where viewership of the declining hit American Idol has slipped dramatically in the show's 12th season. The decline of Idol has helped CBS take the top slot among key advertising demographics, ending an eight-year run at the top for Fox. Fox will be unveiling new shows to advertisers and the press at the "upfronts" – the major media firms' seasonal showcases – next week.
http://www.guardian.co.uk/media/2013...ws-corporation





Buffett Predicts 10 Pct Return On His Newspapers
AP

Billionaire Warren Buffett says Berkshire Hathaway shareholders should expect decent returns on the newspapers the company has bought in recent years.

But Buffett said at Saturday's meeting that he doesn't expect the newspapers to generate enough profits to make much difference to Berkshire.

Buffett says Berkshire has paid cheap enough prices for the newspapers it has purchased that he expects them to deliver 10 percent returns every year, but he also expects newspaper earnings to continue declining.

Berkshire Vice Chairman Charlie Munger pointed out that Buffett made an exception to his usual investing habits for newspapers because he likes them.

Berkshire has acquired 28 daily newspapers over the past two years.
http://www.businessweek.com/ap/2013-...his-newspapers





Hearst Hires Digital Chief to Oversee Web Brands
Leslie Kaufman

Hearst Magazines, the publisher of such venerable titles as Esquire and Cosmopolitan, said on Wednesday that it was creating a new position, president of digital media.

The job will go to Troy Young, 45, who will be responsible for content, revenue production and development strategies for Hearst Magazines’ 26 online properties, which include Cosmopolitan.com, Elle.com and RealBeauty.com. The job’s purview extends only to magazines’ online brands, not to their print editions.

Mr. Young has not been employed in traditional media since the 1990s, when he worked for Canadian television. He has spent the last 20 years of his career in what is known as the “pure play” digital-only space.

Mr. Young comes most recently from Say Media, an integrated digital media company that builds its own online brands around themes (like ReadWrite, a technology Web site) or charismatic editors (like xoJane, edited by Jane Pratt, the founding editor of Sassy magazine) and then helps advertisers build branded content for those properties.

Before his time at Say, Mr. Young was chief experience officer of the Omnicom digital agency Organic, with clients such as American Express, Virgin Mobile and Chrysler.

David Carey, president of Hearst Magazines, said he chose Mr. Young because “Pure plays are increasingly the companies to watch in terms of how quickly they produce product, the orthodoxies they set aside and how they assemble their talent.”

“We want the pulse of a pure play,” he added.

Mr. Young said he had always worked “at the intersection of strategy and content,” which was particularly useful for what he described as a coming era where advertiser content would blend “seamlessly” with editorial content.

“We are seeing an integration of the advertisers and the content in native advertising,” he said, “and this is not going away.”
https://www.nytimes.com/2013/05/09/b...dia-chief.html





New Zealand Software Patents are History: How it Will Work
Guy Burgess

Following significant concerns being raised by the Institute of IT Professionals and others within the industry, Commerce Minister Craig Foss today announced a significant change to the Patents Bill currently before parliament, replacing the earlier amendment with far clearer law and re-affirming that software really will be unpatentable in New Zealand.

This is great news for New Zealand's most innovative software companies. But what does the new amendment mean and how does it work? IT Lawyer Guy Burgess explains.

[If you haven't been keeping track of this long-running issue, take a look at IITP's Press Release today welcoming the amendment, or check out this NZ Software Patents site for background - Ed]


Compromises can be good or bad. The latest and hopefully final amendment to the Patents Bill is a good compromise - and a major step towards eliminating software patents in New Zealand.

You can download the new proposed amendment here (PDF).

The amendment ensures that the availability of software patents in New Zealand will at least be greatly restricted, although it may take some years to work out just how far it goes and whether it is enough. There are many reasons why most technologists oppose software patents, as outlined in this prior Newsline article from last year.

In any event, it's a big change to the status quo. When the Bill passes it will be the first time that parliament has specifically legislated on the subject of software patents: the current Patents Act is silent on the subject - which is not surprising given it was passed in 1953.

The current regime simply allows patents for anything that meet the relevant criteria, whether or not they are implemented in software. When software-based applications first arose, IPONZ and the courts had no legislative guidance. Early applications were knocked back, but faced with no provision saying that they should not be granted, software patents have been generally available since the mid-1990s although have only really exploded in recent times.

Options for reform

In the past fifteen years, the trickle of software patents worldwide has turned into a flood. When it was decided to haul our patent law into the twenty-first century, it was logical that software patents be on the agenda.

Perhaps inevitably, controversy arose over which direction New Zealand should take, with patent lawyers and (primarily US-based) multinationals lobbying in favour of patentability, while the local IT community was mostly (though not unanimously) opposed.

There were, broadly speaking, four options that New Zealand could choose from:

1. The first was to allow "patents on anything under the sun", to use a description of the US regime, and allow software patents without any particular restrictions (the status quo). This option was effectively ruled out by the multi-party Commerce Committee review, which accepted that software patents were becoming increasingly problematic. That view has been dramatically borne out in the US in recent years with software patents coming under fierce criticism, even from President Obama, and studies highlighting the economic and innovative harm they are causing.

2. The second option was to implement a partial or 'weak' exclusion of software patents, as in the European Union. This is unlikely what the EU intended, but is what they ended up with as a result of the now infamous "as such" proviso added to their patent legislation - a term so vague and malleable that it has effectively negated the software patent exclusion in the EU and led to much confusion and criticism.

3. The third option was to implement a broad, 'strong' exclusion of software patents, as in the UK. As part of the EU, the UK also uses the "as such" language, but the UK judges have taken a rather more robust approach than their continental counterparts and in 2006 developed a legal test specifically for evaluating patents involving software (known as the Aerotel test). The result is that the UK has tougher criteria for software patents than other EU countries, although that might not remain the case forever.

4. The fourth option was to chart our own course to clearly exclude software patents. This was the preferred option of many software developers, although MED and MFAT officials were concerned that this may give rise to international trade/IP issues (these concerns were unwarranted in my view - but that's another story).

The original wording change, reported back unanimously from the Commerce Committee in 2010 was a clear, simple exclusion that avoided the EU/UK approach (i.e. it implemented option 4). However, concerns were raised about how this may affect embedded software (Fisher & Paykel smart washing machines being the usual example), and whether the new "untested" language may expose New Zealand to international challenges under the TRIPS treaty.

In August 2012, Commerce Minister Craig Foss, in an attempt to apparently assuage those concerns, amended the Bill to include the controversial "as such" language. While the Minister claimed that the purpose was simply to "clarify" the intention to exclude software patents, this amendment proved highly controversial.

Experts and pundits had differing views as to whether it signalled a change back to the status quo (option 1), or to the EU approach (option 2), the UK approach (option 3), or something else altogether (option 4). Pro-patent lobby groups, lawyers, and in March this year the US Government, claimed that the change meant software patents had been restored under the Bill. Meanwhile, the Minister claimed that the intention remained to exclude software patents.

The local IT community mounted a concerted pushback on the unclear "as such" amendment. An industry petition (backed by key groups IITP, InternetNZ, NZRise and NZOSS) was set up and gained wide support. The petition called on the Government to remove the ambiguous "as such" language, and replace it with a simpler clause that clarified the underlying intention. Labour's Clare Curran adopted the petition's proposed alternative clause as an official proposed amendment to the Patents Bill, and other MPs and parties, including United Future MP Peter Dunne, also raised concerns about the lack of clarity in the Bill.

To its credit, and thanks to the concentrated efforts of many people and not inconsiderable political pressure, the Government decided to take another look at the Bill and has now put forward a new amendment.

The new amendment

The new amendment clears up most if not all of the concerns following the first "as such" amendment. With the new amendment, New Zealand has unequivocally chosen the third path - a broad exclusion similar to the UK, but with some key improvements to ensure that the exclusion is not watered down as it has been in the EU.

Key features are:

1. The new amendment is a compromise: it retains the controversial "as such" language, but - crucially - it now clarifies what that term means and the intentions behind it. While I would still prefer not to have "as such" in the Bill, the new amendment adds sufficient meaning to make it acceptable.

2. It ensures that we will not go down the EU path, by effectively "hard coding" parts of the UK Aerotel test (with changes) into the legislation. This means that even if the UK does drift towards a more liberal regime for software patents, New Zealand will not (unless the Patents Act is changed again). This also ensures that IPONZ will be able to implement robust guidelines for examining patents involving software.

3. Helpfully, it adds two examples into the Bill - one for a software patent application which may be granted, and one which should be declined. Examples in legislation are a good way to demonstrate how a section is intended to be interpreted. The "valid" example is of a washing machine that uses embedded software - so this truly could be called the Fisher & Paykel amendment! The "invalid" example is of a software process for automating company incorporation. It includes the key comment: "The mere execution of a method within a computer does not allow the method to be patented."

4. Importantly, the explanatory note has been enhanced to make the intention of the Bill very clear, including the following comments: "... where the actual contribution of an invention lies solely in it being a computer program, it is ineligible for patent protection... it will not be possible to obtain a patent for an invention that involves or makes use of the computer program if the sole inventive feature is that it is a computer program".

Why not just remove "As such"?

That's a good question, and certainly many people thought they should do just that.

It appears that the concern was whether doing so would open New Zealand up for a legal challenge for allegedly not meeting its TRIPS treaty obligations. By aligning the law with wording from another jurisdiction that hasn't been challenged, it provided some comfort that New Zealand would be safe.

Whether or not this would have happened is moot now - it was a significant enough concern to the powers that be for the above approach to be adopted.

Vigilance is required

Will the new law prove a sufficient exclusion of software-based patents? Only time will tell. Software patents are notoriously complex, controversial, and (at least in the US) much litigated. There is not even agreement on what exactly constitutes a "software patent". Many can be dressed up as business method patents, which are not directly addressed in the new amendment (that's an issue for another day).

So the boundaries of the exclusion will be tested in due course. Those of us opposed to the patenting of software should be vigilant to watch that IPONZ, and eventually the Courts, enforce the new law robustly. In time it may be necessary to mount a challenge to ensure the intention of the new law is upheld.

But patent applicants are on notice: the local IT community will not tolerate patents that threaten software innovation. If an inappropriate patent is sought and granted, there will be a push for further reform.
http://www.iitp.org.nz/newsletter/article/430





Divided US Court Finds Many Software Patents Ineligible

CLS Bank v. Alice Corp. (Fed. Cir. 2013) (en banc)
Dennis Crouch

In a much awaited en banc decision, the Federal Circuit has affirmed the patent ineligibility of Alice Corp’s claims to a computerized method, a computer-readable medium containing computer instructions, and a computer system that implements those instructions. The ten-member en banc panel released seven different decisions. While none of the opinions garnered majority support, seven of the ten judges agreed that the method and computer-readable medium claims lack subject matter eligibility. And, eight of the ten concluded that the claims should rise and fall together regardless of their claim type.

All of the judges recognized that the test for patent eligibility under section 101 should be “a consistent, cohesive, and accessible approach” that provides “guidance and predictability for patent applicants and examiners, litigants, and the courts.” However, the judges hotly disagree as to the pathway that will lead to that result.

The leading five-member opinion written by Judge Lourie provides three guideposts for its analysis:

• First and foremost is an abiding concern that patents should not be allowed to preempt the fundamental tools of discovery—those must remain “free to all . . . and reserved exclusively to none.” . . . [T]he animating concern is that claims should not be coextensive with a natural law, natural phenomenon, or abstract idea; a patent-eligible claim must include one or more substantive limitations that, in the words of the Supreme Court, add “significantly more” to the basic principle, with the result that the claim covers significantly less. Thus, broad claims do not necessarily raise § 101 preemption concerns, and seemingly narrower claims are not necessarily exempt. What matters is whether a claim threatens to subsume the full scope of a fundamental concept, and when those concerns arise, we must look for meaningful limitations that prevent the claim as a whole from covering the concept’s every practical application.

• Next, the cases repeatedly caution against overly formalistic approaches to subject-matter eligibility that invite manipulation by patent applicants. . . . Thus, claim drafting strategies that attempt to circumvent the basic exceptions to § 101 using, for example, highly stylized language, hollow field-of-use limitations, or the recitation of token post-solution activity should not be credited.

• Finally, the cases urge a flexible, claim-by-claim approach to subject-matter eligibility that avoids rigid line drawing.

Abstract Ideas are Disembodied Concepts: Alice Corp’s claims are drawn to methods of reducing settlement risk by effecting trades through a third party intermediary (a supervisory institution) empowered to verify that both parties can fulfill their obligations before allowing the exchange to be completed. This essence, the method is a form of third-party escrow that helps overcome the risk of fraud and non-payment. In thinking about that method, the court determined that it is an abstract idea because it is a “disembodied” concept that is a basic building block of human ingenuity and untethered from any real-world application. Lourie writes:

CLS describes that concept as “fundamental and ancient,” but the latter is not determinative of the question of abstractness. Even venerable concepts, such as risk hedging in commodity transactions, see Bilski, 130 S. Ct. at 3231, were once unfamiliar, just like the concepts inventors are unlocking at the leading edges of technology today. But whether long in use or just recognized, abstract ideas remain abstract. The concept of reducing settlement risk by facilitating a trade through third-party intermediation is an abstract idea because it is a “disembodied” concept, In re Alappat, 33 F.3d 1526, 1544 (Fed. Cir. 1994) (en banc), a basic building block of human ingenuity, untethered from any real-world application. Standing alone, that abstract idea is not patent-eligible subject matter.

After identifying the portion of the claim directed to an abstract idea, Judge Lourie then looked to see whether “the balance of the claim adds ‘significantly more.’” Answering that question in the negative, the court found the claims lack eligibility.

Writing in Dissent, Chief Judge Rader disagreed with the court’s decision. He writes:

I enjoy good writing and a good mystery, but I doubt that innovation is promoted when subjective and empty words like “contribution” or “inventiveness” are offered up by the courts to determine investment, resource allocation, and business decisions. Again, it is almost . . . well, “obvious” . . . to note that when all else fails, it makes sense to consult the simplicity, clarity, and directness of the statute.

As I start my next quarter century of judicial experience, I am sure that one day I will reflect on this moment as well. I can only hope it is a brighter reflection than I encounter today.

http://www.patentlyo.com/patent/2013...neligible.html





Spotify's Nightmare Realized: Chrome Extension Allows MP3 Download of Any Song (update)
Chris Welch

A new Chrome extension lets Spotify users permanently download any song currently available from the streaming music service, a massive slip-up that could quickly upset record labels and music publishers. The Downloadify tool appears to take advantage of nonexistent encryption in Spotify's web player, which the company launched in beta back in November. By simply installing the extension — freely available in the Chrome Web Store — and starting to play a song, users will download a full, DRM-free MP3 file of the track.

Spotify allows its premium users to "store" music files locally so long as they keep their monthly subscription active, in turn providing royalties to artists and industry groups. But thanks to this non-sanctioned "tool," any customer can ransack Spotify's 20 million-plus song catalog. The Verge recommends against our readers using Downloadify; its very purpose should be enough to have you questioning its legality. We've reached out to Spotify and Google for more information.

Update: Downloadify is no longer available from the Chrome Web Store. We await word from both Spotify and Google regarding the short-lived exploit.

Update 2: Google has responded to our inquiry, though the company wouldn't discuss Downloadify specifically. Instead, a spokesperson offered the following statement: "We remove apps from the Chrome Web Store that do not comply with our terms of service."

Update 3: Downloadify may have been axed from Google's Chrome Store, but the extension and its associated code remain available via a repository at GitHub. Unfortunately for Spotify, the file-grabbing exploit remains fully functional as of 11:15 PM.
http://www.theverge.com/2013/5/7/430...nload-any-song
















Until next week,

- js.



















Current Week In Review





Recent WiRs -

May 4th, April 27th, April 20th, April 13th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 04:12 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)