Peer-To-Peer News - The Week In Review - March 31st, '12

[JackSpratts]

Since 2002


































"There are 51 seats in Saarland’s parliament. With all the votes counted, we see that the Piratenpartei has won four seats, twice that of the Green Party. The FDP party has been effectively eliminated." – Rickard Falkvinge


"The entire company started as a joke, honestly." – Charles Forman, omgpop


"We should stop trying to shoehorn the 21st-century problem of illegal downloading into a moral and legal regime that was developed with a pre- or mid-20th-century economy in mind. Second, we should recognize that the criminal law is least effective — and least legitimate — when it is at odds with widely held moral intuitions." – Stuart P. Green



































March 31st, 2012




TV Piracy Claims Heap More Pressure on Murdoch Empire
Georgina Prodhan and Sonali Paul

Pressure is building in Britain and Australia for fresh probes into Rupert Murdoch's News Corp, already under siege over phone-hacking claims, after allegations that it ran a secret unit that promoted pirating of pay-TV rivals.

The Australian Financial Review on Wednesday alleged that News Corp had used a special unit, Operational Security, set up in the mid-1990s, to sabotage its competitors, reinforcing claims in a BBC Panorama documentary aired earlier this week.

"These are serious allegations, and any allegations of criminal activity should be referred to the AFP (Australian Federal police) for investigation," a spokeswoman for Australian Communications Minister Stephen Conroy told Reuters.

Operational Security was a unit of News Corp's secure-encryption subsidiary NDS, which has denied any wrongdoing in relation to the Panorama claims.

News Corp, which this month sold NDS to Cisco Systems for $5 billion, said it accepted those assurances.

Its Australian arm, News Limited, denied the claims in the Australian Financial Review.

"The story is full of factual inaccuracies, flawed references, fanciful conclusions and baseless accusations which have been disproved in overseas courts," News Limited said.

NDS has faced several lawsuits over alleged piracy: one was dropped and the firm was largely cleared in the others, which News Limited highlighted in its statement.

NDS's Operational Security unit, staffed by former police and intelligence officers, used hackers to crack the codes of smartcards issued to customers of rival pay-TV services. The hackers then sold black-market smartcards using those codes to give viewers free access to those services, the Review said.

This cost News Corp's rivals millions of dollars, it added.

The Operational Security unit had originally been set up to hunt pirates targeting Murdoch's own operations but later turned into a dirty-tricks campaign to undermine competitors, it said.

The BBC Panorama documentary broadcast on Monday alleged that NDS hired a consultant to post the encryption codes of ITV Digital, a rival of Murdoch's then Sky TV, on his website.

Widespread piracy after the online publication of the codes contributed to the 2002 collapse of ITV Digital, which had been set up by the parties that later formed ITV, Britain's leading free-to-air commercial broadcaster, in 1998.

Australian police said they received a referral from UK police against the company in July last year, but declined to comment on whether that had to do with phone hacking or TV piracy claims.

"The AFP is assisting the UK police with their inquiries," an AFP spokeswoman said.

Sabotage Claims

UK regulator Ofcom is already investigating News Corp and a senior executive, James Murdoch, youngest son of Rupert, in the light of new evidence emerging from probes into phone and computer hacking and bribery at the News of the World tabloid, which News Corp shut down last July.

"These allegations, if true, are the most serious yet and I am referring the matter to Ofcom, who have a duty to investigate as part of their fit and proper test," lawmaker Tom Watson said of the claims made in the BBC's Panorama program.

"If what Panorama says is true, it suggests a global conspiracy to undermine a great British company, ITV Digital," the member of parliament told Reuters on Tuesday.

An Ofcom spokesman declined to comment on the specific allegations but said the regulator would consider "all relevant evidence" as part of its duty to be satisfied that the owner of the license was fit and proper.

James Murdoch has also served as an NDS director.

NDS said in a statement: "It is wrong to claim that NDS has ever been in the possession of any codes for the purpose of promoting hacking or piracy."

News Corp said: "NDS has consistently denied any wrongdoing to Panorama and we fully accept their assurances."

The Australian Financial Review, citing a four-year investigation and a trove of internal NDS emails, said the piracy undermined the value of competitors like DirecTV in the United States and Telepiu in Italy, and helped News Corp to take them over cheaply.

"NDS sabotaged business rivals, fabricated legal actions and obtained telephone records illegally," said the newspaper, which is owned by Fairfax Media, a rival of News Corp in Australia.

A spokesman for News Limited, the Australian arm of News Corp, was not immediately available for comment on the newspaper's claims.

News Corp owns 25 percent of Australia's top pay-TV firm, Foxtel, which is looking to take over rival Austar. Austar declined to comment on the report.

Foxtel said NDS was one of many service suppliers it had used, and the pay-TV company had worked hard to combat piracy. "Foxtel notes that there are no allegations of wrongdoing by Foxtel," a spokesman said in a statement emailed to Reuters.

British lawmaker Watson is known for his dogged questioning of James and Rupert Murdoch on their role in the phone-hacking affair, notoriously comparing James to a Mafia boss when he appeared at a parliamentary hearing on the hacking.

The committee has been due since early this year to present a report based on its investigations, which is expected to be critical of James Murdoch and may determine whether he has a future in Britain.

Watson said the report was now unlikely to be published before the Easter holiday on April 8. He said the new revelations were unlikely to affect the committee's work, since they were not part of its remit.

"There's no suggestion anywhere that Sky or News Corp knew what NDS was doing," broadcaster and media consultant Steve Hewlett told Reuters. "But if it all turns out to be true, then you have a News Corp company once again behaving in ways that are less than proper," he said.

Email Trail

The Australian Financial Review's investigation involved 14,400 emails from a hard drive in a laptop used by Ray Adams, who was the European chief for NDS Operational Security from January 1996 to May 2002.

The newspaper said Adams plotted a legal campaign in an attempt to ruin the reputation of a Swiss hacker, Jan Saggiori, who had evidence that NDS had sabotaged the products of News Corp's rivals. Emails between Adams and News executives raised "questions about whether News was involved in an abuse of process of the U.S. court system", it said.

News Limited said the only NDS lawsuit against Saggiori was an action taken with DirecTV, designed to protect their intellectual property and stop piracy.

"Saggiori admitted, under cross examination, hacking several NDS pay-TV card systems," News Limited said.

The BBC's Panorama interviewed Lee Gibling, owner of a satellite hacking website, who said NDS funded the expansion of his site and had him distribute ITV Digital's codes.

NDS said it had never used or intended to use the site for any illegal purpose, and said it had paid Gibling for his expertise so that information from the site could be used to track and catch hackers and pirates.

NDS also said it was common for companies in the pay-TV industry to discover one another's encryption codes - a view endorsed by Adam Laurie, a security researcher with UK-based Aperture Labs, which specializes in access control.

"It's possible they cracked them themselves in order to test the security of the algorithms," he told Reuters.

"To compare yours against others, you have to test them and there's a chance you'll succeed."

ITV Digital was beset by issues from the start, including internal competition between its shareholders, a lack of premium content, and a price war with BSkyB, which had been shut out of the venture by the regulator.

"It's a complex picture, but to say that ITV Digital failed because of piracy, I think, is not correct," said Hewlett, who was working for an ITV company at the time.

An industry source in Australia said hacking was a common problem in the 1990s but the industry had changed over the past decade as engineers had worked out how to address these issues.

NDS Unscathed

NDS was sued in a $3 billion lawsuit in 2002 by Canal Plus, which had supplied the scrambling technology for ITV Digital and accused NDS of extracting the code from the cards and leaking it onto the Internet.

Canal Plus dropped the action in 2003 when News Corp bought Italian satellite pay TV company Telepiu from Canal Plus's then debt-stricken owner, Vivendi, renaming it Sky Italia.

U.S. satellite TV provider EchoStar, which had tried to join the Canal Plus suit, then sued NDS in 2003 in a similar case. NDS was cleared of the main charges and EchoStar won a tiny fraction of the $2 billion in damages it had sought.

This month, NDS was awarded $19 million in damages after the U.S. Supreme Court denied a petition by EchoStar and Swiss digital security company Kudelski over their allegations that NDS had abetted piracy in the United States.

In Italy, a long-running pay-TV piracy trial is still going on. One of the defendants, Davide Rossi, says he was collecting intelligence on behalf of an NDS security officer.

NDS said on Tuesday: "NDS wholly refutes the allegation that Mr Rossi acted illegally on behalf of NDS. NDS is not a defendant in the trial in Sicily or any other."

(Additional reporting by James Grubel and Maggie Lu YueYang in CANBERRA; Editing by Mark Bendeich and Neil Fullick)
http://www.reuters.com/article/2012/...82R04720120328





Murdoch Cops Blast Over Pay TV Pirates
Neil Chenoweth

Rupert Murdoch’s media empire, still struggling with the crisis over telephone hacking by its journalists at News International, is facing fresh allegations that it promoted pay TV piracy to cripple a rival broadcaster in Britain.

Two former senior British policemen, a Metropolitan Police commander Ray Adams and a chief inspector with the Surrey police, Len Withall, are reported by the BBC’s Panorama investigative program to have operated a piracy website that released codes to unlock programming for faltering pay TV company ITV Digital.

ITV Digital collapsed in March 2002 with losses of more than £1 billion, overwhelmed by mass piracy, as well as technical restrictions and expensive sports contracts. Its collapse left Murdoch-controlled BSkyB the dominant pay TV provider in the UK.

Adams and Withall, who were secretly filmed by Panorama discussing their role operating a website called The House of Ill Compute (thoic.com), strenuously deny that they provided operating codes for ITV Digital, or that any codes for ITV Digital appeared on the Thoic site.

The Panorama program, which goes to air on Monday evening in the UK, includes an interview with Lee Gibling, the former hacker who was paid £5000 a month on top of operating costs to run Thoic. He said the website was controlled and funded by NDS Ltd, an Israeli technology company Murdoch set up in 1988 to provide encryption services to his new satellite operation, Sky Television. The claims come as UK media regulator Ofcom is reviewing whether News is a fit and proper person to hold a broadcast licence. Ofcom’s Project Apple officials are liaising with the Metropolitan Police’s Weeting and Elveden teams investigating hacking and bribery allegations – and studying evidence given to the Leveson inquiry on press standards.

It puts further pressure on Rupert and James Murdoch, both of whom appeared on July 19, 2011 before the UK parliamentary culture, media and sport select committee investigating the telephone hacking allegations. It was a day News Corporation chairman Rupert Murdoch described as “the most humble” of his life.

At its peak in 2000, Thoic was recording close to 2 million hits a day from hackers around the world, who posted codes for a wide range of pay TV companies, though not for NDS clients.

“It was NDS, it was their baby and it started to become more their baby as they fashioned it to their own design,” Gibling told Panorama.

Last week News Corporation lawyers wrote to British newspapers warning that Panorama’s allegations were “serious, defamatory, false and highly damaging; we urge your paper not to republish it, especially in circumstances where our client has not been given the opportunity to respond”.

NDS describes Thoic as a “honey pot” intelligence-gathering operation, in which hackers from around the world met in online chatrooms and communicated through Thoic email accounts, all under surveillance by NDS employees.

But the company comprehensively denies ever promoting piracy. It also says Gibling was an informant, never an employee.

Adams and Withall were part of a secretive unit within News Corporation called Operational Security, which was attached to NDS. Its role was to fight piracy _ but it has faced repeated claims that it gained advantage for NDS pay TV management products by encouraging piracy of its competitors.

“The sources of accusations that NDS participated in piracy of competitor conditional-access systems have been repeatedly discredited,” an NDS spokeswoman told The Australian Financial Review .

“The United States Department of Justice, a federal court jury, a federal trial court, and a federal appellate court all rejected allegations that NDS is responsible for TV piracy or distributed codes that facilitated that piracy.”

NDS has been sued for piracy by some of the world’s largest pay TV broadcasters, including Canal Plus in France, EchoStar and DirecTV (an NDS client) in the US, Sogecable in Spain and MEASAT’s Astro platform in Malaysia.

Canal Plus dropped its 2002 lawsuit as part of a deal to sell its Telepiu pay TV arm to News; DirecTV dropped its claim against NDS in 2004 after News took control of the group; Sogecable and MEASAT dropped their lawsuits after several years; while EchoStar won nominal damages on three counts in a 2008 trial and had to pay $18 million legal costs to NDS.

In Italy, a leading anti-piracy advocate, Davide Rossi, who was an NDS consultant, is facing trial on charges that he helped and protected an Italian hacker who was targeting the Swiss Nagra group, which was providing encryption for News’s Sky Italia.

The Italian hacker, known as Linixone, was also on a monthly payment from NDS, paid via News International.

Television piracy exists because of the difficulty pay TV groups have in ensuring that only paying subscribers get to watch the programming.

The answer is to scramble the satellite or cable stream. A smartcard that is inserted in the set-top box checks that the Foxtel or BSkyB subscriber is paid up, then unscrambles the picture.

But through the 1990s, sophisticated pay TV hackers were able to crack the smartcards used by leading pay TV companies and sell pirate cards that allow users to watch for free. While piracy could cost pay TV companies hundreds of millions of dollars in lost revenue, many people, including police, minimised the offence.

James Murdoch in particular has been a vehement critic of piracy, calling for tougher penalties in a speech in Abu Dhabi two years ago.

“These are property rights, these are basic property rights,” he said. “There is no difference from going into a store and stealing a packet of Pringles or a handbag, and stealing something online. Right?

“I think it’s crazy, frankly, people say, ‘Oh, it’s different, these kids, you know, these crazy kids.’ No. Punish them.”

When the Operational Security unit was set up in 1996, NDS smartcards for BSkyB and US satellite broadcaster DirecTV had been widely pirated.

Ray Adams, who had retired from the Metropolitan Police on health grounds in 1993 after a brilliant but controversial career, was hired to become European chief for Operational Security. Withall was his deputy.

“I am proud of my time at NDS,” Adams told the Financial Review earlier this month. “I took on the fight against SKY piracy when no one else could even evaluate the number of devices and the loss of revenue.

“I did this in record time by identifying the pirates and either arresting or recruiting them to a better cause.”

The recruits included Lee Gibling, who had been running a BBS online bulletin board which targeted BSkyB.

Gibling told Panorama: “They were offering me a way of taking The House of Ill Compute to a much wider community.”

This included setting up a US server, paying Gibling a monthly retainer, renting a property for the operation and paying operating costs.

Withall told Panorama: “I didn’t do it at all, it was nothing to do with me, it was set up by Ray Adams.”

Adams is secretly filmed saying, “Len was running [Thoic] on a day to day basis . . . I was in charge of the unit so technically I was running Thoic; but on a day to day basis, absolutely not.”

In one of the most controversial sections of the program, Gibling describes a meeting with Adams and other NDS staff where he was told that a hack was being worked on for OnDigital, as ITV Digital was then known.

Adams flatly denies any such conversation.

BSkyB and News had been bitterly critical of the launch of OnDigital in late 1998, after its shareholders Carlton and Grenada dropped an earlier decision to use NDS as its conditional access system (as the smartcard decryption process is termed). Instead, in February 1998 they announced they would use a French system called Seca, developed by Canal Plus.

Two months later, the NDS Black Hat team, a reverse engineering group set up by Operational Security chief Reuven Hasak in Haifa, set out to crack the Canal plus Seca card, a legal and common practice within the industry. Reverse engineering involves the microscopic deconstruction of the card, layer by layer, to reveal the embedded coding.

The team, which was led by German master hacker Oliver Koemmerling, travelled to Bristol to use a Focused Ion Beam and Scanning Electron Microscope in the university physics department.

By June 1998 the Black Hat team had extracted a part of the operating code for the Seca card known as the ROM binary file.

The ROM file is “like the plans of the safe, but it doesn’t give you the key to the safe”, the former chief executive of Canal Plus Technologies, Francois Carayol, told Panorama. “In fact what it did, it gave the hackers a very precise idea of where to drill to open the safe.”

Nine months later, a Canadian piracy site called DR7.com, run by a hacker called Al Menard, published a copy of the Seca ROM file. Koemmerling recognised that it had the same date and time stamp as the file created in Haifa. While time stamps can be fabricated, without knowledge of the Haifa file, the odds against creating the same time stamp in a 12-month period are 500,000 to one.

“The time stamp was like a fingerprint, I mean it’s not really a physical proof, but by statistics you can say it is an astronomically small [chance] that it is not coming from us,” Koemmerling says.

NDS denies that the DR7 file came from Haifa, and says the origins of the file are known only by the unknown person who posted it.

Adams says OnDigital was already hacked before the conversation that Gibling describes. In fact, it “was hacked from day one courtesy of DR7”.

The Seca card used by OnDigital had two sorts of keys that could unlock the programming—general operating keys which were changed each month, and management keys which were unique to a small family of cards.

Gibling claims Adams provided him with operating keys. Withall says this is “absolute rubbish, absolute rubbish”.

Adams says he never had OnDigital codes, never touched an OnDigital card and had never seen an OnDigital pirate card.

“I’ve never had any codes.”

NDS says that all conditional access companies come to possess codes, often when pirate technology is seized in raids by law enforcement agencies, or in the course of research and analysis.

NDS says it has never been in possession of any codes for the purposes of promoting piracy.

If Gibling had been putting OnDigital cards on Thoic, “I would have arrested him”, Adams says.

Panorama says it spoke to several former pirates who confirmed that OnDigital codes were on Thoic.

Adams told the Financial Review that he had arranged for an independent company to conduct a polygraph test upon him when he denied that he “provided any code or software, using many means to do so, to anyone that could use such material to hack”.

He was also tested on his denial that he had “provided update keys to enable anyone to overcome On Digital’s electronic counter measures”.

“It was established that there was no deception in my answers, he told the Financial Review in an email on Monday.

“ Indeed I was told that the test showed that there was 0.01 per cent chance that I was lying.

“After 14 years when no one has hinted that I ever did anything wrong in my fight against piracy the BBC have decided to make me a villain.”

An NDS spokesman told the Financial Review last week: “Panorama have chosen to focus on issues that have been conclusively disproven, and NDS will take all necessary action to hold responsible anyone who chooses to repeat these baseless and damaging allegations.”

NDS was a highly successful company, and it would be more appropriate to focus on the successful sale of NDS last week by its joint owners News Corp and private equity group Permira to US giant Cisco, for $5 billion.
http://www.afr.com/p/national/murdoc...bSwW5NaSnEk K





French ‘Three Strikes’ Law Slashes Piracy, But Fails to Boost Sales
Ernesto

A new report on the effectiveness of the French three-strikes anti-piracy law claims that it managed to cut Internet piracy in half last year. While lobbyists are making preparations to show these great results to politicians worldwide, there is one thing the report fails to mention. Despite the claimed decrease in piracy, revenues through legal channels are down as well. This is strange, because in previous years these losses were solely attributed to piracy.

piracy pictureIt’s a cheerful day for the copyright industry. In France the controversial “graduated response” law (Hadopi) has evaporated unauthorized file-sharing.

A new report from the Hadopi office, conveniently written in English so it can be used by lobbyists all around the world, is claiming the following.

“Benchmarking studies covering all of the sources available shows a clear downward trend in illegal P2P downloads. There is no indication that there has been a massive transfer in forms of use to streaming technologies or direct downloads.”

The report goes on to cite a variety of statistics ranging from a 29 percent decrease in visits to “pirate” sites in 2011, to a 66 percent drop in illegal file-sharing traffic in France in the same period. Impressive figures indeed, and Hadopi is quick to point out that it’s directly related to their three-strikes law.

While we’re not going to dispute the validity of the provided statistics, it is worth pointing out that there’s something missing from the report. Something big.

For more than a decade the entertainment industry has claimed that digital piracy is the main cause for the gradual decline in revenues. So if piracy is down massively in France, one would expect that the revenues are soaring, right? But they’re not.

If we look at the French music industry we see that overall revenues were down by 3.9 percent in 2011.

Likewise, the French movie industry is still going through a rough period with revenues dropping 2.7 percent in 2011. Ironically, an industry insider even blamed online piracy for this drop.

To sum it up. in 2011 online piracy was slashed in half according to the Hadopi report, but despite this unprecedented decline the movie and music industries managed to generate less revenue than in 2010. If we follow the logic employed by the anti-piracy lobby during the past decade, this means that piracy is actually boosting sales.

But that would be a silly conclusion wouldn’t it?

As we’ve said in the past, we think that the entertainment industries are overlooking a very significant third factor – technology. In the music industry, for example, highly profitable CDs are being replaced by less profitable MP3s, subscription services and free streaming services such as YouTube.

It wouldn’t be going too far to say that the Internet has revolutionized the music industry.

File-sharing is obviously a by-product of this digital revolution, but its effect on revenues has been much overstated. The music industry continues to blame piracy for its troubles, even though digital sales, which directly compete with piracy, are booming.

Could it be that the format shift from physical to digital music, and the change in buying habits that came along with it, may explain the decline in revenue more than piracy can? The Hadopi report is suggesting that this may indeed be the case.

The worst part is of course that this is not how the anti-piracy lobbyists will use the report. That would kill their business. Instead, they will use the report to show how immensely effective anti-piracy laws can be, lobbying for similarly draconian laws all over the world.
https://torrentfreak.com/french-thre...-sales-120330/





European Parliament Committee Rejects ACTA Delay as MEPs Seek to "Bury" the Agreement
Michael Geist

The European Parliament's INTA Committee yesterday soundly rejected a proposal to refer the Anti-Counterfeiting Trade Agreement to the European Court of Justice for review. ACTA critics viewed the proposal as a delay tactic designed with the hope that public opposition to the agreement would subside in the year or two it would take for a court review. The 21-5 vote against the motion means that the INTA committee will conclude its ACTA review later this spring with a full European Parliament vote expected in June or July. The lack of support for ACTA within the European Parliament is now out in the open with multiple parties indicating they will not support the agreement. For example, MEP Bernd Lange stated:

Today's decision not to ask for legal advice from the Court of Justice is the first sign that this Parliament is ready to reject ACTA. It was a mistake from the beginning to put counterfeit goods and internet content in the same agreement. The European Parliament was not involved in the negotiations and now we are asked to say either yes or no, without the possibility of amending the shortcomings. We cannot support the text as it is. ACTA will probably be buried before the summer.

There were similar comments from other MEPs, who, after being shut out of the ACTA process for years, are now unwilling to delay voting on the agreement within the next few months. I spoke at the INTA Committee workshop on ACTA earlier this month - the sense the European Parliament would reject ACTA was openly discussed then - and my report on the agreement should be released shortly.
http://www.michaelgeist.ca/content/view/6396/125/





MPs Threaten New Laws If Google Won’t Censor Searches

Cross-party committee tells government to consider legislation if Google does not develop filtering technology to preserve privacy
Jiten Karia

The UK Government’s Joint Committee on Privacy and Injunctions has asked Google to censor its searches, filtering out references deemed to be a breach of privacy. Should the search giant fail to comply, the committed has cesuggested the government introduce laws forcing Google to filter searches.

The report, written by MPs and peers, addresses privacy issues on sites including Twitter and Facebook, but Google gets the brunt of criticism for its “totally unconvincing” stance on developing censoring technology.

Digital privacy

Twitter’s role in privacy breaches was highlighted by the Ryan Giggs incident last year, where details of the footballer’s so-called “superinjunction”, whose existence should not have been mentioned, were anonymously leaked through the site and repeated upwards of 75,000 times.

While the flouting of the injunction was highly publicised, decimating the footballer’s privacy in the process, the committee notes that measures are in place on Twitter to take action against those in contempt of court. The company recently announced it would begin censoring content on a country-by-country basis to comply with national laws, and a precedent has been set in identifying and charging users who break court orders, allowing for further civil prosecutions in the future.

The committee suggests that in the case of Twitter and Facebook “when granting an injunction, courts should be proactive in directing the claimant to serve notice on Internet content platforms, such as Twitter and Facebook”. It also promoted more stringent action in civil contempt of court cases to act as a deterrent.

In Google’s case, the proposed action to ensure court orders are met was more direct. Citing the Max Mosley case in 2011, where the former F1 boss took the search engine to court to demand proactive filtering of links to illegally obtained images of him, the committee said that Google should develop technology to actively comply with such privacy orders.

“We recommend that if legislation is necessary to require them to do so it should be introduced,” the report said.

Google said that while it does not currently have a system to censor links to, and copies of, offending content, such a pro-active monitoring was not necessary as part of the Electronic Commerce Directive and that any algorithms would not fit in with the company’s policy.

“As a policy matter, I do not think that would be a good idea,” said Daphne Keller, associate general counsel at Google, “simply because an algorithm or a computer programme that tried to do something like that would not have the ability that a judge does or any person does to see the context, to see if a particular phrase is actually appearing in a news report or in political commentary.”

The committee dismissed Google’s objections to pro-active monitoring as “totally unconvincing” and pressed the pro-active response.

Based on the full report however, some members of the committee suggested leaving content removals in human hands due to the potential pitfalls of automated censorship. The proposed amendment, which did not include any reference to legislation, was rejected 6-13.
http://www.techweekeurope.co.uk/news...searches-69648





Microsoft Censors Pirate Bay Links from IM

Malware blamed – but other torrent links still allowed
Iain Thomson

Microsoft has confirmed that users of its instant messaging app will not be able to send each other links to popular torrent site The Pirate Bay, citing malware fears.

"We block instant messages if they contain malicious or spam URLs based on intelligence algorithms, third-party sources, and/or user complaints. Pirate Bay URLs were flagged by one or more of these and were consequently blocked," Redmond told The Register in an emailed statement.

One can understand banning links to malware, even if that's something that IM providers have been less than successful at managing in the past. But Redmond's ban does rather raise the question as to why Pirate Bay has been singled out for blocking, when there are plenty of other sites to choose from, many with a much worse record for malware content than the Swedish site.

When asked about this, Microsoft declined to give any more details for their censorship choice. Certainly Pirate Bay is still the most popular torrent indexing site – even if, strictly speaking, it's not indexing torrents any more. But no security vendors with whom El Reg has spoken says it's any worse than others, and having such a large and comment-happy user base it actually provides more protection, since malware torrents are flagged-up earlier than on less-popular sites.

Torrent sites are certainly a security problem. Security vendors at the recent RSA 2012 conference repeatedly lambasted the technology for allowing users to bypass security perimeter controls and download malware directly, while grudgingly acknowledging that the technology has legitimate uses. The same arguments were being made five years ago about peer-to-peer technology.

There's plenty of legitimate material for download using Pirate Bay's feeds, and that too is being censored by Microsoft's move to block all links, not just those that it knows contain malware. It would be difficult, expensive, and largely a waste of time to identify each link that contained malware and just ban those, since new ones can be created faster than they can be banned.

But in singling out this target, Redmond is opening itself up to claims that it is joining the global jihad against Pirate Bay – certainly its lack of explanation for targeting just that the site and not others indicates this. The owners of the Pirate Bay are still enmeshed in legal problems, and the group appears to be willing to consider highly unorthodox measures to keep the service up and running – and this latest move will not help the site's operators.
http://www.theregister.co.uk/2012/03...pirate_bay_im/





Microsoft Raids Tackle Internet Crime
Nick Wingfield and Nicole Perlroth

Microsoft employees, accompanied by United States marshals, raided two nondescript office buildings in Pennsylvania and Illinois on Friday, aiming to disrupt one of the most pernicious forms of online crime today — botnets, or groups of computers that help harvest bank account passwords and other personal information from millions of other computers.

With a warrant in hand from a federal judge authorizing the sweep, the Microsoft lawyers and technical personnel gathered evidence and deactivated Web servers ostensibly used by criminals in a scheme to infect computers and steal personal data. At the same time, Microsoft seized control of hundreds of Web addresses that it says were used as part of the same scheme.

The sweep was part of a civil suit brought by Microsoft in its increasingly aggressive campaign to take the lead in combating such crimes, rather than waiting for law enforcement agencies to act. The company’s targets were equipment used to control the botnets, which criminals, known as bot-herders, use for ill intent.

Microsoft has a big interest in making the Internet a safer place. Despite inroads made by Apple and others in some parts of the technology business, Microsoft’s Windows operating system still runs the vast majority of the computers connected to the Internet. The prevalence of its software has made Windows the most appealing target for online criminals, and the security holes they discover in the software are a persistent nuisance for Windows users.

Microsoft’s involvement in what had been considered largely a law enforcement function — fighting computer crime — is the brainchild of Richard Boscovich, a former federal prosecutor who is a senior lawyer in Microsoft’s digital crimes unit. That group watches over fraud that could affect the company’s products and reputation.

Mr. Boscovich, who handled drug, computer and financial crime cases in Miami in his former job, devised a novel legal strategy to underpin the growing number of Microsoft’s civil suits against bot-herders. Among other things, he argued that the culprits behind botnets were violating Microsoft’s trademarks through fake e-mails they used to spread their malicious software.

Mr. Boscovich said the Friday sweep was meant to send a message to the criminals behind the scheme, whose identities are unknown. “We’re letting them know we’re looking at them,” said Mr. Boscovich after participating in the Pennsylvania raid, in Scranton.

Before Friday’s sweep, Microsoft attacked three botnets in the last couple of years through civil suits. In each case, Microsoft obtained court orders that permitted it to seize Web addresses and computers associated with the botnets without first notifying the owners of the property. The secrecy was necessary, Microsoft argued, to prevent criminals from re-establishing new communications links to their infected computers.

Some security experts said Microsoft’s tactics had been effective, even if they had not eradicated the scourge of botnets.

“Taking the disruption into the courthouse was a brilliant idea and is helping the rest of the industry to reconsider what actions are possible, and that action is needed and can succeed,” said Richard Perlotto, director at the Shadowserver Foundation, a nonprofit group that tracks data about tools used for online fraud and forms of computer crime.

Mr. Perlotto and Microsoft said they did not see civil legal action against people who commit online crime as a replacement for law enforcement action, which can result in much stiffer criminal penalties. “We equate this to a neighborhood watch,” Mr. Boscovich said.

Jose Nazario, a senior security researcher at Arbor Networks, an Internet security firm, said that Microsoft’s record against botnets had been a “mixed bag” and that some of its gains were only temporary. After an earlier action against a botnet known as Waledac, for example, the software behind it was modified slightly to create a new botnet.

“You can take out a botnet, but unless you take down the coders and put the clients behind bars, they’re just going to go ahead and do this again,” Mr. Nazario said.

The computers that make up a botnet are usually conscripted without the knowledge of their owners, who unwittingly infect their machines after clicking on links in legitimate-looking e-mails for things like security updates from Microsoft and notices of tax refunds from the Internal Revenue Service. Clicking those links takes users to Web sites that exploit security holes in their browsers or other programs on their computers.

Criminals use the holes to install malicious programs that siphon personal information from the infected computers, like online bank account passwords and credit card numbers. They can also harness the infected machines to send millions of e-mail messages to other users on the Internet, including scam messages that help propagate the botnet. Sometimes botnets are rented to clients to send spam messages advertising products like counterfeit pharmaceuticals.

On Friday, Microsoft was attacking its most complex target yet, known as the Zeus botnets. The creators of Zeus offer their botnet code for sale to others and, depending on the level of customer support and customization of the code that clients require, charge them $700 to $15,000 for the software, Microsoft said in a lawsuit filed in federal court in Brooklyn on March 19.

That, in turn, has resulted in many variants of Zeus botnets, making them harder to combat. Most of them are aimed at perpetrating various financial scams against online victims. Mr. Boscovich of Microsoft said he had a “high degree of confidence” that the unnamed culprits behind Zeus were in Eastern Europe.

To carry out the scams, they have hired people known as money mules to travel to different countries, including the United States, to set up bank accounts so they can receive transfers of stolen money from victims’ accounts, Microsoft said in its complaint. Microsoft said that the Zeus botnets had enabled the theft of more than $100 million from victims since 2007 and that 13 million computers were infected with some form of software associated with it.

Because of the financial fraud involved, Microsoft rallied support from two financial industry associations — the Financial Services Information Sharing and Analysis Center and the National Automated Clearing House Association — both of which filed court declarations endorsing Microsoft’s sweep on Friday.

Microsoft does not believe the operators of the facilities it raided on Friday, which rent space to clients on computers connected to the Internet, are in league with the people behind the botnets. And those operators said they had no idea that equipment inside their facilities was being used to issue commands to Zeus.

“It’s very difficult, unless they draw attention to themselves, to pick up on it,” said Joe Marr, chief technology officer of BurstNet Technologies, the facility in Scranton that Microsoft entered Friday.

Mr. Boscovich said he did not think the Friday sweep would be as big a blow to Zeus as Microsoft’s previous actions against botnets, but he said it was just the beginning of actions aimed at raising the cost of doing business for the botnet’s masterminds. “The plan is to disrupt, disrupt, disrupt,” he said.

Nick Wingfield reported from Seattle, and Nicole Perlroth from San Francisco.
https://www.nytimes.com/2012/03/26/t...ine-crime.html





Mass BitTorrent Lawsuits Return to the UK
Ben Jones

Speculative invoicing might be returning to the UK, thanks to a High Court judgment Monday. The practice, all but abandoned in the UK in the wake of the ACS:Law fiasco, has restarted but with conditions. Meanwhile, over 9,000 people could get letters from the plaintiff, Ben Dover.

Ben DoverSpeculative invoicing – the practice of claiming people pirated files on BitTorrent, listing hundreds or thousands of people in one case to get details, then harassing them outside the courts for payment – was thought to be dead in the UK, after ACS:law collapsed last year.

The solicitor at the center of that lawfirm, Andrew Crossley, was both fined and suspended from practicing law, which seemed to put a hold on similar cases.

However, it didn’t dissuade everyone. Yesterday, the UK’s High Court approved a case involving UK pornographer Ben Dover (real name Stephen James Honey) and his company Golden Eye International. Now, ISP O2 will have to release the details of up to 9000+ subscribers listed in the document for Dover and Golden Eye. The precise number is unclear, as other companies that attempted to send letters through Golden Eye were denied the opportunity.

It’s success at last for the pornographer, as he’s had several similar cases thrown out in the past including a partnership with 170-year-old law firm Tilly Baily Irvine which ended in sanctions last year.

This claim process started 6 months ago, and with O2 stating they would not contest the case. Chief Master Weingarten, in response, suggested that Consumer Focus (a government funded body looking after consumer rights) represent the IP addresses – the intended defendants – in court instead, a role Consumer Focus accepted.

Despite a strong defense, including pointing out all the issues with these kinds of actions, Weingarten approved the order, but with conditions. In perhaps a first for this sort of litigation, the court will be supervising the content of letters sent out to the alleged infringers, partly because of the ACS:law debacle.

In particular, the one-sided nature of the letters – only indicating the consequences should the alleged infringer lose – was not deemed appropriate, being indicative of bullying. Instead consequences should they successfully defend themselves should also be included.

Yet the most important part of the ruling is near the end, and might stop this practice once and for all; blanket fees to “make it all go away” are not acceptable.

137. Fifthly, I think that Mr Becker’s response in his second witness statement to the point made by counsel for Consumer Focus referred to in sub-paragraph 60(v) above is telling:

“… it assumes that £700 will be successfully obtained from each of the 9000, when that is plainly wrong. In fact, it is likely that only a small proportion will result in a successfully obtained payment of any sum.”

This comes quite close to an admission that the figure of £700 has been selected so as to maximise the revenue obtained from the letters of claim, rather than as a realistic estimate of the damages recoverable by the relevant Claimant from each Intended Defendant. In any event, that is the inference I draw in the light of the matters discussed above and in the absence of any disclosure of the information referred to in paragraph 88 above.

138. Accordingly, I do not consider that the Claimants are justified in sending letters of claim to every Intended Defendant demanding the payment of £700. What the Claimants ought to do is to proceed in the conventional manner, that is to say, to require the Intended Defendants who do not dispute liability to disclose such information as they are able to provide as to the extent to which they have engaged in P2P filesharing of the relevant Claimants’ copyright works. In my view it would be acceptable for the Claimants to indicate that they are prepared to accept a lump sum in settlement of their claims, including the request for disclosure, but not to specify a figure in the initial letter. The settlement sum should be individually negotiated with each Intended Defendant.

No more fee demands. Instead they can only state that they will accept a lump sum payment as settlement, to be negotiated if the accused accept liability. Otherwise, it will be down to the courts. It also seems that after many cases, Chief Master Weingarten has understood that these cases are about profits, not protecting rights. Very little money and a lot of grief was the prediction we highlighted earlier this month, and that seems to be the case.

Meanwhile, up to 9124 households are going to get a letter through their door talking about the porn they’ve allegedly downloaded. Let’s just hope that the tracking software, claimed to be ‘forensically accurate’ (huh?) does better than in times past, or there’s going to be a lot of needlessly embarrassed families, and unnecessary family strife when the postman calls.
https://torrentfreak.com/bittorrent-...the-uk-120328/





EU to Get Tough on Cybercrime, File-Sharers to Be Spared
Jennifer Baker

The European Commission is to get tough on cybercrime, but won't target illegal file-sharing, it revealed on Wednesday.

The Commission proposes to set up a European Cybercrime Centre as part of the European police force, Europol, in The Hague in the Netherlands. The center would have a separate governing board, but would be charged with identifying organized cybercriminal networks and providing operational support.

Europol helps European Union law enforcement organizations exchange criminal intelligence, but has no executive powers. It primarily targets trafficking in people, drugs and vehicles; terrorism; counterfeiting of the euro, and money laundering. It already has a mandate to monitor cybercrime, which the proposed center would expand on by adding digital forensics and other capabilities, according to a Europol statement.

But European Commissioner for Home Affairs, Cecilia Malmström, was keen to underline that the center would not be looking at illegal file-sharing.

Instead, the Commissioner wants to shut down organized crime groups generating large criminal profits.

There's plenty of work to be done: research by PricewaterhouseCoopers found that cyber attacks accounted for 38 percent of all economic crime incidents that finance companies experienced in 2011.

Malmström cited figures putting the global cost of cybercrime at between US$114 billion and $388 billion a year, and pointed to German Criminal Police Office statistics showing recorded cases of 'phishing in online banking in Germany increasing from just under 2,000 incidents in 2008 to more than 5,000 in 2010.

The new center is expected to cost around €3.6 million (US$4.8 million) in the first year, and could start operations in January of next year. However the proposal still needs to be adopted by the budgetary authority of Europol.
https://www.pcworld.com/businesscent...be_spared.html





O2 Forced to Expose 'Porn Downloaders'

Thousands of O2 broadband customers will have their personal details handed to a pornographer who claims they unlawfully downloaded his films.
Christopher Williams

The High Court ordered O2 to hand over the personal details of more than 9,000 O2 broadband subscribers to Golden Eye International and the pornography firm Ben Dover Productions.

Ben Dover is a pseudonym of Lindsay Honey, a British performer, director and producer of pornography, who set up Golden Eye International in 2009.

The judge however said his intention to demand £700 from each of the O2 customers he accuses of unlawful filesharing was “unsupportable”.

The judge also said the letter Golden Eye International intended to send demanding payment was “capable of causing unnecessary distress because it could be read as an implicit threat of publicity once proceedings have been commenced”. It intended to threaten those who did not pay the damages with court action.

O2 had fought the bid to access its customers' details, which Golden Eye international made with a total of 13 pornography firms.

The court rejected 12 of the applications but found in favour Ben Dover Productions, saying that “the claimants' interests in enforcing their copyrights outweigh the intended defendants' interest in protecting their privacy and data protection rights”.

Should O2 be forced to hand over its customers' data?

O2 will now be forced to match 9,124 IP addresses that have been observed infringing Ben Dover Productions' copyright with its customer database and hand over personal details. A spokesman for telecoms firm said: “Clearly we respect the court order and will therefore be co-operating fully.”

The judge rejected the other applications for O2 customers’ personal details because Golden Eye International would pursue alleged unlawful downloaders on its own and take 75 per cent of any damages paid.

“That would be tantamount to the court sanctioning the sale of the intended defendants' privacy and data protection rights to the highest bidder,” said Mr Justice Arnold.

Ben Dover Productions will meanwhile jointly pursue its copyright infringement claims with Golden Eye International .

Consumer Focus, which was allowed to intervene in the case on behalf of the O2 customers, said that although personal details will be released it had set an “important precedent” to protect internet users from so-called speculative invoicing by putting a greater burden of proof on the claimant.

“This case sets an important precedent for the rights of consumers, particularly those who are innocent, and the responsibilities of companies seeking redress on behalf of copyright owners,” said chief executive Mike O’Connor.

“It is very welcome that the court has recognised the bill-payer should not be automatically assumed to be guilty when a copyright owner believes they have detected copyright infringement on that internet connection.”

The issue of speculative invoicing by copyright holders came to the fore because of the activities of ACS:Law, a London firm of solicitors that sent out thousands of letters demanding payment from alleged unlawful filesharers, having done deals with film and video games copyright holders.

In January, the Solicitors Disciplinary Tribunal found the firm’s founder Andrew Crossley guilty on seven charges of conduct unbefitting a solicitor, suspended him for two years and ordered him to pay more than £76,000 in costs. ACS:Law had already ceased trading following an attack on its systems by hackers operating under the Anonymous banner, who published its internal emails online. Andrew Crossley also told a court he had received death threats and bomb threats.
http://www.telegraph.co.uk/technolog...wnloaders.html





Rapidshare Heads for German Supreme Court in Copyright Battle

Case has implications for Germany and beyond
Robert Jaques

Swiss-Based Filesharing Web Site Rapidshare announced today that it is going to the German Supreme Court to fight the music rights association GEMA, which accused the company of copyright infringement on a grand scale.

The elevation of this legal action marks the latest in a long running battle between Rapidshare, which describes itself as a file hoster, and GEMA.

"Rapidshare, with over 160 million stored files, 500,000 new uploads per day, and more than 42 million visitors daily, is one of the world's largest file-hosting services in the world. This service allows users to unlawfully acquire contents on a large scale. The resulting loss to copyright holders is immense," GEMA alleged.

As the world waits to see what is going to happen to filesharing and hosting web sites after the Megaupload takedown, the case has taken on new significance in Germany and beyond. This legal battle first saw Rapidshare's business model declared illegal in a German court. But that ruling was subsequently overturned by Hamburg's higher regional court, apparently letting the file hosting company off the hook.

The regional court ruled that the file hoster must monitor third party web sites that link to files on its servers and block links to copyrighted material. Confusingly, both Rapidshare and GEMA said that this court decision was in their favour.

GEMA argued that the ruling confirms that Rapidshare must implement effective measures to prevent the use of illegal content. "The measures implemented by Rapidshare so far were determined to be insufficient. In particular, it is insufficient to only delete content after notification by the copyright holders. In fact, Rapidshare is obligated to implement additional measures to prevent a copyright infringement from occurring repeatedly," according to the rightsholders group.

In the wake of this ruling Rapidshare, which argues that it does take adequate action to monitor external web sites in a bid to fight copyright infringement, has elected to go to Germany's highest court, according to a report at The Hollywood Reporter. The company said that it has been forced to take this action as it hopes to prevent a German law from being passed that would make it compulsory for web sites to monitor other third party web sites.

We are waiting for comment from Rapidshare.
http://www.theinquirer.net/inquirer/...pyright-battle





Megaupload User Demands Return of Seized Content
David Kravets

An Ohio man is asking a federal judge to preserve data of the 66.6 million users of Megaupload, the file-sharing service that was shuttered in January following federal criminal copyright-infringement indictments that targeted its operators.

Represented by civil rights group Electronic Frontier Foundation, Kyle Goodwin wants U.S. District Judge Liam O’Grady, the judge overseeing the Megaupload prosecution, to order the preservation of the 25 petabytes of data the authorities seized in January. Goodwin, the operator of OhioSportsNet, which films and streams high school sports, wants to access his copyrighted footage that he stored on the file-sharing network. His hard drive crashed days before the government shuttered the site Jan. 19.

“What is clear is that Mr. Goodwin, the rightful owner of the data he stored on Megaupload, has been denied access to his property. It is also clear that this court has equitable power to fashion a remedy to make Mr. Goodwin — an innocent third party — whole again,” the group wrote the judge in a Friday legal filing.

The legal filing, the first representing a Megaupload customer, follows a similar move by the Motion Picture Association of America, whose desire to save the data is very different from Goodwin’s. Last week, it asked Carpathia, Megaupload’s Virginia-based server host, to retain the Megaupload data, which includes account information for Megaupload’s millions of users. The MPAA said it wants that data preserved because it might sue Megaupload and other companies for allegedly contributing to copyright infringement.

Megaupload allowed users to upload large files and share them with others, but the feds and Hollywood allege the service was used almost exclusively for sharing copyright material — which Megaupload denies.

A hearing on the data issue is set for next month.

Federal authorities have said they have copied some, but not all of the Megaupload data, and said Carpathia could delete the 25 million gigabytes of Megaupload data it is hosting.

Carpathia said it is spending $9,000 daily to retain the data, and is demanding that Judge O’Grady relieve it of that burden. Megaupload, meanwhile, wants the government to free up some of the millions in dollars of seized Megaupload assets to be released to pay Carpathia to retain the data for its defense and possibly to return data to its customers.

The criminal prosecution of Megaupload targets seven individuals connected to the Hong Kong-based file-sharing site, including founder Kim Dotcom. They were indicted in January on a variety of charges, including criminal copyright infringement and conspiracy to commit money laundering.

Five of the members of what the authorities called a 5-year-old “racketeering conspiracy” have been arrested in New Zealand, pending possible extradition to the United States.

The government said the site, which generated hundreds of millions in user fees and advertising, facilitated copyright infringement of movies, often before their theatrical release, in addition to music, television programs, electronic books, and business and entertainment software. The government said Megaupload’s “estimated harm” to copyright holders was “well in excess of $500 million.”
http://www.wired.com/threatlevel/201...eized-content/





MegaUpload Lawyer Claims the Feds are Impeding its Defense

MegaUpload wants access to its servers to defend against U.S. charges of piracy and racketeering. But its lawyer says officials won't release $1 million necessary to get the information.
Greg Sandoval

The U.S. government has refused to allow the MegaUpload defendants access to information on their servers, which in turn is impeding their ability to defend themselves, the company's lawyer told CNET.

Ira Rothken, the U.S. attorney overseeing MegaUpload's international defense team, said the U.S. has refused to release funds that would enable MegaUpload to preserve and gather materials from company servers vital to its defense. Rothken said that he fears U.S. officials are withholding the money in an attempt to unfairly hobble MegaUpload's defense.

"It's hard to reconcile the chain of events in this matter with any other conclusion," Rothken said. "MegaUpload is frustrated and wants to preserve the data for litigation and to defend itself and ultimately -- with the approval of the court -- to provide consumers access to their data."

In January, the U.S. issued an indictment against MegaUpload, founder Kim DotCom and six other managers of the cyberlocker service, where users could store e-files and then share the contents with others. MegaUpload's leadership is accused of conspiring to commit Internet piracy, racketeering and wire fraud. DotCom's home in Auckland was raided by New Zealand police, his assets seized and the service shut down.

The U.S. wants to try DotCom in this country and an extradition hearing is scheduled for August. Rothken said there is no criminal secondary copyright infringement in the United States and said MegaUpload will prevail.

The case is important because until now, copyright infringement was largely a civil, not a criminal matter. For the most part, the worst thing that could happen to a service accused of helping customers infringe intellectual property was that someone might sue it.

Not any more.

U.S. officials seem intent on making some types of copyright infringement a criminal offense. U.S. authorities say MegaUpload was responsible for $500 million in damages to copyright owners, and the feds appear to have dedicated some serious resources to prosecuting the company. To defend itself against the U.S. government, MegaUpload will need all the material to which it is entitled, said Rothken.

As the extradition hearing nears, company lawyers say they're unable to collect emails, files and other documents they claim will refute the allegations against MegaUpload. The company's servers are hosted by Virginia-based Carpathia Hosting. The government initially locked the servers up while its agents collected evidence, but in January released all claims to them.

MegaUpload believed it would then be able to copy information from the servers itself. Rothken said he attempted to hire an electronic-discovery expert from KPMG to collect the data, but found that the cost would exceed $7 million. U.S. officials declined to release funds from MegaUpload's seized assets to pay for the operation, the lawyer said.

Rothken then negotiated a deal with Carpathia to buy the servers for a little over $1 million, but he says the government again refused to release the money. Rothken said that the servers were worth more than the $1 million and that after the case was over their sale would bring the cost of the transaction to zero.

Rothken said he also told the government that he would restrict access to the data to only lawyers involved in the case. Still, the government wouldn't budge.

A spokesman for the U.S. Attorney for the Eastern District of Virginia, where the MegaUpload indictment was issued, suggested in an e-mail that the office didn't consider Rothken's requests reasonable.

"As we've stated previously," the spokesman wrote, "we continue to give careful and thoughtful consideration to any reasonable and detailed proposal by MegaUpload's counsel that addresses the practical and technical issues of this matter for the court. Ultimately, it is the court that will decide what is appropriate and whether any funds will be released to carry it out."

A hearing on the issue of what will be done with the MegaUpload's data is expected in mid-April. Carpathia has said the cost of maintaining the servers has topped $500,000 and pleaded with the court to either allow the company to delete the information or to figure out a way to pay for the data storage.

The Motion Picture Association of America (MPAA) has said that it wants to preserve the data so that it can use it as evidence should it decide to file civil litigation. The Electronic Frontier Foundation wants the material saved so that legal files stored on the service can be returned to consumers at the earliest possible time.
http://news.cnet.com/8301-31001_3-57...g-its-defense/





Kim Dotcom: The US Government is Wrong, Here’s Why
Ernesto

For the first time since his arrest in January, Megaupload founder Kim Dotcom is responding to allegations in what he calls the “MPAA-sponsored” indictment. Eager to fight back, Dotcom refutes several “nonsense” claims made by the Government. In addition, he shows that Mega wasn’t a big bad pirate haven, but a legitimate service that may have been shutdown for political reasons.

For a man who’s the main defendant in one of the biggest criminal cases ever brought in the US, Kim Dotcom is surprisingly composed.

The Megaupload founder is convinced of his innocence, and instead of letting fear or anger get to him, he is excited. Deep into the night, Dotcom digs through heaps of paperwork, collecting evidence that shows how he was framed by the US Government.

Talking to TorrentFreak by phone, he gives example after example of why he thinks the indictment twists the truth. While Megaupload’s lawyers are still working on the first motion in response to the indictment, he agreed to exclusively share the first details with us.

Stealing from 50 Cent?

One of the claims of the US Government is that Kim Dotcom personally shared copyrighted files on Megaupload, so-called ‘direct infringement’. He supposedly shared a link to a 50 Cent song, but the indictment fails to include the necessary context.

“A link distributed on December 3, 2006 by defendant DOTCOM links to a musical recording by U.S. recording artist ’50 Cent’. A single click on the link accesses a Megaupload.com download page that allows any Internet user to download a copy of the file from a computer server that is controlled by the Mega Conspiracy,” the indictment reads.

Dotcom told TorrentFreak that the file in question wasn’t infringing at all. He explained that he actually bought that song legally, and that he uploaded the file in private to test a new upload feature. He quickly picked a random file from his computer, which turned out to be this song.

“The link to the song was sent using the private link-email-feature of Megaupload to our CTO with the file description ‘test’. I was merely testing the new upload feature,” Dotcom said.

“The URL to this song had zero downloads. This was a ‘private link’ and it has never been published,” he added.

Aside from the above, Dotcom told us that the US may not even have jurisdiction over the issue. The song was uploaded from a Philippine IP-address to a European server. Also, since the upload occurred in 2006, the statute of limitations renders the evidence unusable.

Dotcom further said that the Louis Armstrong song mentioned in the indictment wasn’t an infringement either.

“I also bought the Louis Armstrong song that was sent to me by a co-defendant via the private link-email-feature of Megaupload. According to the Department of Justice I am an infringer, and this is all they got? One song?”

Warner’s Mass Deletions

In addition to direct infringements, the indictment also suggests that Mega was actively preventing copyright holders from taking down content. An example given in the indictment is that Warner Bros. at one point was unable to delete content through the abuse tool, because they had hit the limit.

Warner Bros. contacted Megaupload about the issue, and an email quoted in the indictment shows that Dotcom refused to raise the limit above 5,000 deleted per day. However, according to Dotcom this version of the truth leaves out some crucial facts.

“First of all, Mega’s direct delete feature was provided to content owners voluntary and was not a legal requirement,” Dotcom says. But there is more.

“The indictment contained an email in which I suggested to provide Warner Bros. with a limited number of deletes per day. In fact, days later Warner Bros. got the maximum quota of 100,000 deletes per day.”

With the limit of 100,000 links per day Warner Bros was certainly not limited anymore. This is also apparent from takedown statistics provided to TorrentFreak. In total they show that Warner removed 1,933,882 links from Mega sites, making it by far the largest deleter of all copyright holders.

To provide some context, Disney removed 127,934 links in total, the RIAA removed 17,108 links, Sony removed just 3,003 links in total and the BBC was least bothered with just 132 removals.

Google to the Rescue

Another controversial part in the indictment is that Mega should not be eligible for DMCA safe harbor protection because it only removed links, and not the actual files. The indictment describes this issue as follows.

“During the course of the Conspiracy, the Mega Conspiracy has received many millions of requests to remove infringing copies of copyrighted works and yet the Conspiracy has, at best, only deleted the particular URL of which the copyright holder complained, and purposefully left the actual infringing copy of the copyrighted work on the Mega Conspiracy-controlled server and any other access links completely intact.”

The indictment suggests that not removing the actual file is wrong, but as Google pointed out in the Hotfile lawsuit recently, this is exactly what a content provider is supposed to do under the DMCA. Removing the actual file is not standard procedure at all, and could lead to all sorts of problems.

The above examples are just the tip of the iceberg. According to Dotcom he can refute pretty much each and every claim in the indictment. Also, Dotcom can do much more than that, and he was willing to share more details with us that shows how Megaupload and Megavideo were not the big bad pirate sites the indictment claims they are.

Big Content & US Soldiers Loved Mega

Megaupload’s founder shared five emails with TorrentFreak that were sent by representatives from big media companies including Disney, Warner Bros. and Fox. Instead of requesting Mega to take down content, they suggested various partnerships.

Warner Bros., for example, asked Megavideo if they could provide a tool to automatically upload content from the movie studio. “We would like to upload our content all at once instead of one video at a time,” Warner’s Joshua Carver wrote.

And then there’s the issue of the millions of site users that didn’t use it as a pirate haven. US Government workers had many accounts at Megaupload, as did those at MPAA member companies and those employed by the US Military.

Many of these users paid for a premium account and uploaded a variety of content. Talking to TorrentFreak, Kim Dotcom suggested that of the 15,634 soldiers that used Megaupload, many were probably using it to share pictures and videos with their loved ones at home.

A Political Scandal?

Having digested the above, it does indeed seem that the US indictment doesn’t tell the whole story, or that it’s one-sided to say the least. This begs the question of why Mega was so aggressively targeted.

What we do know is that the copyright lobby, headed by the MPAA, has been one of the main facilitators of the criminal investigation. It’s also not a secret that the MPAA and other lobby groups hire former high ranked Government officials and vice versa.

The current head of the MPAA for example is former Senator Chris Dodd, and in recent months alone the MPAA also hired former employees from the Justice Department, the White House staff and the Senate Judiciary Committee. Needless to say, the movie industry group is well-connected in Washington.

On the other hand we see that Neil MacBride, the U.S attorney who filed the Mega indictment, has connections to the copyright lobby as well. In fact, he served as the Vice President for Anti-Piracy and General Counsel of the Business Software Alliance (BSA), MPAA’s software counterpart.

It wouldn’t be a huge surprise if the Mega investigation was somewhat of a ‘gift’ to Hollywood, a theory which Megaupload’s founder subscribes to.

“Mega has become a re-election pawn in the White House / MPAA affair. If I was a Republican presidential candidate I would investigate this,” Dotcom says.

However, this gift isn’t as free as it may seem. Dotcom says that the witch hunt against his company is putting the US technology sector at a disadvantage.

“The MPAA / White House corruption has weakened US technology leadership. Internet businesses, hosting, cloud, payment processors, ad networks, etc. are going to avoid the US,” Dotcom told TorrentFreak.

“There is an opportunity for liberal countries to welcome those businesses with better laws,” he predicts. “The loss of IT business & jobs in the US will substantially outweigh the inflated losses claimed by the MPAA & their billionaire club.”

For now, however, Dotcom is mainly concerned with taking the criminal indictment apart. He is confident that he and his legal team will succeed in this and promises fireworks when the complete motion is published.

“We did nothing wrong. Watch out for our first motion in response to the MPAA-sponsored Department of Justice indictment. It will be enlightening and maybe entertaining,” Dotcom concludes.
https://torrentfreak.com/kim-dotcom-...es-why-120326/





Dotcom Says Hollywood Studios Once Courted Megaupload
Timothy B. Lee

Megaupload founder Kim Dotcom spent the first few weeks after his arrest in prison, with the US government arguing that he posed a flight risk. But he was finally released from prison last month, and his wife recently gave birth to twin daughters.

Dotcom is now speaking out about his case as he continues to fight extradition to the United States. On Monday, TorrentFreak posted one of the most in-depth interviews Dotcom has done since his arrest. Dotcom told TorrentFreak he can "refute pretty much each and every claim in the indictment."

He provides some specific examples of important details the government ignored in its indictment. He points out that thousands of military members had Megaupload accounts. And he reveals that between 2008 and 2010, multiple Hollywood studios expressed interest in working directly with Megaupload.

Personal uploads and unanswered questions

While Hollywood's antipathy to Megaupload is focused on widespread infringement by Megaupload users, the government's indictment devotes significant attention to direct infringement by senior Megaupload officials themselves. Several senior Megaupload employees, including Dotcom himself, are alleged to have uploaded copyrighted songs to the site. The government likely focused on these allegations because the legal issues seem clear-cut. Distributing entire copyrighted works without permission is almost always illegal, and the DMCA's safe harbor doesn't apply.

But Dotcom argues the story isn't as simple. He admits to uploading a 50 Cent song to Megaupload in 2006, but Dotcom says he ripped the track from a legally purchased CD and that it was a "private link" never distributed to the public. Rather, he says he chose the track from his hard drive at random and only sent the link to Megaupload's CTO to test the site's functionality. Dotcom argues that even if his 2006 upload broke the law, the statute of limitations has expired. Dotcom says a similar point applies to the upload of a Louis Armstrong song mentioned in the indictment.

Dotcom may say he can refute nearly everything in the indictment, but some of the most damning charges against Megaupload were not addressed in TorrentFreak's published interview. For example, the government has alleged Megaupload scraped content from YouTube and posted it on Megaupload servers "with utter indifference to what people wanted or whether it was infringing." Dotcom did not address those allegations.

The government also alleges Megaupload "made payments to uploaders who were known to have uploaded infringing copies of copyrighted works." For example, one internal e-mail by a Megaupload employee said, "Our old famous number one on MU, still some illegal files but I think he deserves a payment." New York Law School professor James Grimmelmann told Ars in January that the government has "a pretty slam-dunk case on inducement." TorrentFreak's interview does not discuss payments Megaupload allegedly made to infringing uploaders.

Megaupload's broad reach

Dotcom also gave TorrentFreak new evidence of the breadth of Megaupload's user base. Addresses like fbi.gov, djs. gove, and senate.gov accounted for 1058 user accounts, of which 344 were paid premium accounts. And Megaupload had 15,634 registered users from .mil addresses. More than 10,000 of these shelled out for a premium account. The military users uploaded 340,000 files, accounting for almost 100 TB of data.

Dotcom speculated many of these users were using their Megaupload accounts to engage in non-infringing uses, such as deployed soldiers sharing personal video with family and friends back home. The Electronic Freedom Foundation is fighting to get legitimate Megaupload users access to their files.

Most strikingly, Dotcom revealed that Megaupload received friendly overtures from several major Hollywood studios. E-mails supplied to TorrentFreak show employees at Disney, Warner Brothers, Turner Broadcasting, and Fox all e-mailed Megaupload between 2008 and 2010 seeking assistance.

For example, a Disney executive e-mailed Megaupload in 2008. He said he was interested in having Megaupload host Disney content, but said he would need Megaupload to tweak its terms of service to make it clear Disney retained ownership of files uploaded to the site. He sent Megaupload a proposed alternative to the standard Megaupload TOS.

In 2009, Fox e-mailed seeking "third party partners" for Fox's recently launched ad network. "Please let me know if you have some time to chat this week about how we can work together to better monetize your inventory," the Fox employee wrote.

In 2010, a Warner Brothers executive e-mailed Megaupload seeking to expedite the process of uploading Warner content to Megaupload. "I would like to know if your site can take a Media RSS feed for our syndications," he wrote. "We would like to upload our content all at once instead of one video at a time."

Of course, the fact that some people used Megaupload for legitimate purposes doesn't disprove the allegations in the government's indictment. But the breadth of Megaupload's user base, and the fact that multiple Hollywood studios apparently viewed the site as a potential business partner as recently as 2010, suggests that branding Megaupload as a criminal conspiracy was probably overkill. A court is currently considering whether Hotfile, one of Megaupload's competitors, is liable for its users' copyright infringement after Hollywood studios filed a civil lawsuit. The government could have encouraged Hollywood to take the same approach with Megaupload.

Instead, Megaupload was subjected to what Dotcom characterizes, not implausibly, as a "death penalty without a trial." Even if Megaupload is ultimately acquitted of the charges against it, the months-long shutdown will have done irreparable damage to Megaupload's business. We would have liked to see Dotcom get his day in court before his site was shuttered and his assets seized.
http://arstechnica.com/tech-policy/n...megaupload.ars





Death of a Data Haven: Cypherpunks, WikiLeaks, and the World's Smallest Nation
James Grimmelmann

A few weeks ago, Fox News breathlessly reported that the embattled WikiLeaks operation was looking to start a new life under on the sea. WikiLeaks, the article speculated, might try to escape its legal troubles by putting its servers on Sealand, a World War II anti-aircraft platform seven miles off the English coast in the North Sea, a place that calls itself an independent nation. It sounds perfect for WikiLeaks: a friendly, legally unassailable host with an anything-goes attitude.

But readers with a memory of the early 2000s might be wondering, "Didn't someone already try this? How did that work out?" Good questions. From 2000 to 2008, a company called HavenCo did indeed offer no-questions-asked colocation on Sealand—and it didn't end well.

HavenCo's failure—and make no mistake about it, HavenCo did fail—shows how hard it is to get out from under government's thumb. HavenCo built it, but no one came. For a host of reasons, ranging from its physical vulnerability to the fact that The Man doesn't care where you store your data if he can get his hands on you, Sealand was never able to offer the kind of immunity from law that digital rebels sought. And, paradoxically, by seeking to avoid government, HavenCo made itself exquisitely vulnerable to one government in particular: Sealand's. It found that out the hard way in 2003 when Sealand "nationalized" the company.

For the last two years, I've researched the history of Sealand and HavenCo. I used the Wayback Machine to reconstruct long-since-vanished webpages. I dug through microfilm of newspapers back to the 1960s. I pored over thousands of pages of documents, only recently unsealed, from the United Kingdom's National Archives.

My findings have just been published in a new 80-page article in the University of Illinois Law Review, one called "Sealand, HavenCo, and the Rule of Law" (PDF). It tells the full—and very weird—story of how this micronation happened to be in the right place (the North Sea) at the right time (the late 1990s) to provide some cypherpunk entrepreneurs with the most impractical data center ever built. Here, I'll give the condensed version of the tale, hitting the important points in HavenCo's history and explaining what went wrong.

Cryptographers in paradise

The story starts on the Caribbean island of Anguilla, at the 1998 Financial Cryptography conference. The conference, dedicated to building secure online payment systems, drew hackers who believed in better living through crypto. One of them was an expatriate American, Sean Hastings, a cynical but cheerful libertarian with a healthy suspicion of any and all forms of authority. (His website sports the chipper slogan "Keep Calm and Carry" and features his PDF book God Wants You Dead.) The freedom-minded Hastings had moved to Anguilla to work on online gambling projects and explore the idea of starting a data haven.

A Sealand/HavenCo timeline

1942: Roughs Tower constructed off the coast of East Anglia.

1948: Roughs Tower abandoned by English government following World War II.

1966: Pirate radio entrepreneur Roy Bates occupies Roughs Tower.

1967: Bates declares an independent Principality of Sealand.

1968: Bates acquitted of British firearms charges, causing Britain to adopt policy of leaving him alone.

1978: German-led coup takes control of Sealand on August 10; Roy Bates retakes Sealand in dawn helicopter raid on August 15.

1987: Britain extends territorial waters to 12 miles, encompassing Sealand. Sealand claims its own 12-mile territorial waters.

1999: Sean Hastings and Ryan Lackey conceive of idea for HavenCo.

2000: HavenCo launches to massive press hoopla.

2002: HavenCo taken over by Sealand after commercial failure and mounting tensions.

2006: Sealand badly damaged in generator fire.

2008: HavenCo website goes offline.

2009: Sealand launches Twitter account.

A data haven is "the information equivalent to a tax haven," a country that helps you evade other countries' rules on what you can and can't do with your bits. (Think "Swiss banking" for data.) The best-known example comes from Neal Stephenson's 1999 best-seller Cryptonomicon, whose heroes go up against murderous warlords, rapacious venture capitalists, and epic authorial digressions in their quest to bring untraceable communications to the masses and get rich in the process.

The idea, and the term, come out of 1970s and 1980s debates over whether companies could get around pesky privacy protections by shipping their magnetic tape reels to a country with laxer privacy laws. What started off as a pejorative term flipped to a positive in the eyes of the cypherpunks. They saw governmental restrictions on the free flow of information—privacy, copyright, sedition, drug-making instructions, or whatever—as grave threats to personal freedom. Cypherpunks hoped a borderless Internet, together with strong cryptography and a friendly data haven or two for their servers, would destroy the government's ability to snoop on and censor online speech. It would all lead to a new age of genuine liberty.

Hastings was a true believer. On Anguilla, he founded a data haven company named IsleByte and worked on open-source electronic currency software. But he was getting increasingly frustrated with Anguilla. He expected a "libertarian mecca," but the actual Anguilla sharply restricted both gambling and pornography. Worse, he was finding Anguilla's legal system frustrating to deal with, something between a bureaucratic nightmare and a straight-up shakedown.

At the Financial Cryptography conference, Hastings amused and fascinated the other attendees with a data haven variant soon dubbed the "Toxic Barge Project". The idea was to buy a ship, fill the top of the hold with computer severs and the bottom with the nastiest toxic waste imaginable, then plant yourself in international waters near a major port and start offering co-location services. As Hastings explained, the toxic waste "forces the large military power to protect you from outside threats, while being very hesitant to attempt to board your vessel."

The barge idea went nowhere, but it marked Hastings as the go-to guy for out-of-the-box data haven schemes. After Hastings moved back to the United States, one of the other conference attendees, a gregarious and energetic MIT dropout named Ryan Lackey, crashed with him in early 1999. Lackey had his own geek and libertarian cred, along with a sense of adventure that would later take him to Iraq to perform IT work during the American occupation.

The two men started thinking seriously about where to place an actual, practical data haven. They looked at several Pacific islands and even contemplated building their own artificial island on the Cortes Bank, a hundred miles out into the Pacific from San Diego. But then, flipping through Erwin Strauss's cult classic How to Start Your Own Country, they found Sealand. Strauss described it as the most successful micronation of all time—and it looked like a perfect fit for their project.

The Principality of Sealand

"Sealand" is a 120-foot by 50-foot deck on a pair of hollow concrete legs. It stands proudly a few dozen feet off the waves in the North Sea, seven miles off the English coast. It was built during World War II to provide antiaircraft defense for the Thames Estuary and given the name "Roughs Tower." The platform and legs were mounted on a pontoon, which was towed into place, then flooded to create a stable base on the seabed.

After the war, Roughs Tower sat empty until the pirate radio bubble of the 1960s. Entrepreneurs trying to get around the BBC's broadcasting monopoly took to ships and offshore forts, setting up primitive radio stations staffed by adventuresome young music lovers who didn't mind bad food and harsh conditions. One such station, Radio Essex, was run by one of world's great lovable rogues, Roy Bates. As one of his DJs, David Sinclair, would later put it, "Roy was a throwback. He should have been born in the time of the first Queen Elizabeth and sailed with Drake. ... [H]e was the kind of man who had creditors everywhere, but it never seemed to bother him."

Bates first set up shop on Knock John, one of Roughs Tower's sister platforms, by evicting the staff of another pirate station already onsite. But Knock John was inside the three-mile limit of English territorial waters, and the government successfully prosecuted Bates for unlicensed broadcasting in the fall of 1966.

Unfazed, Bates packed up his equipment and moved out to Roughs Tower on Christmas Day 1966. That it was already occupied by employees of Radio Caroline didn't slow him down. Roy Bates's crew, Sinclair explained, "had earnt a fearsome reputation for skulduggery, as 'the hard bastards of the North Sea.'" They intimidated Radio Caroline into leaving.

Unfortunately, the penny-pinching Bates left his men alone on Roughs Tower with only three days worth of food—they lasted 17 days before calling a lifeboat to be evacuated. Radio Caroline moved back to the platform in April 1967, but foolishly entered into a joint operating agreement with Bates. Through a combination of subterfuge and force, Bates managed to replace all of the Caroline employees with his own men. He spent the next few months fighting off Radio Caroline boarding parties with an air rifle and petrol bombs. (The violence was hardly unusual: Adrian Johns's excellent Death of a Pirate tells the particularly memorable story of how one pirate broadcaster shot and killed another.)

A new broadcasting act, passed in the summer of 1967, put an end to Roughs Tower's usefulness as a pirate radio base by sharply cracking down on the landlubbing advertisers and suppliers who kept the offshore stations going. But Roy Bates had an even grander scheme by this point: running his own country. On September 2, 1967, he declared that Roughs Tower was now the independent Principality of Sealand, and he named himself Prince.

If the British government had been worried about Roy Bates before, it was positively alarmed once he started hurling Molotov cocktails and calling himself Prince Roy. But every time the government came up with a scheme to oust him, Bates found a way to spin the story to make the bureaucrats look like bumbling bullies. He turned out to be a grandmaster of the preemptive press strike.

Five stranger-than-fiction Sealand facts

• During the initial flooding, the pontoon filled unevenly with water, causing the tower to list 30 degrees to starboard—with 100 crewmen aboard.

• The one ship to fly the Sealand flag was ultimately sold to MGM and blown up for a scene in the Tommy Lee Jones movie Blown Away.)

• After failing to seize control of Sealand in 1978, Alexander Achenbach set up a government-in-exile that dabbles in perpetual motion machines, UFOs, conspiracy theories, and revisionist history.

• A generator on Sealand caught fire in 2006, requiring an RAF rescue helicopter to airlift the lone crewmember on board to the British mainland for medical treatment.

• A shadowy Spanish crime ring produced thousands of "Sealand" passports in the late 1990s, including fake diplomatic credentials.

Customs tried to deny Bates permission to take his leaky boat out of port, arguing that it was unseaworthy. Bates got the Times of London to run a story saying his children were "marooned" on Sealand, and Customs backed down.

The government tried to buy him out, but Bates caught wind that a marine detachment was on standby to occupy the platform as soon as he left. "Commandos Set to Seize Fort," read the Times headline and the plan was dropped.

Bates even appears to have run one of his employees as a double agent, tricking the Ministry of Defense into making an ill-considered offer to take over the fort if the employee took it from Bates. "Ministry Planned to Seize Sea Fort," read the headline in the Daily Telegraph. The government had to submit to the embarrassment of Parliamentary questioning over the incident.

The government's last serious attempt to get rid of Bates involved bringing him up on firearms charges after his son Michael fired a pistol at a government vessel working on a nearby buoy. Bates was acquitted in October 1968 when the court ruled it lacked jurisdiction over firearms offenses committed on Roughs Tower. At this, the government gave up. An ad hoc committee in the Cabinet Office concluded:

Mr. Bates' continued occupation of the Tower was undesirable, because of the shooting incident and the possibility of further violence, and also because of the small but continuing threat that the Tower could be used for some illegal activity not at present foreseen. Nevertheless, he was doing no actual harm, so far as was known, and the Ministry of Defense had no need of the Fort themselves. There were no pressing reasons for evicting Mr. Bates, certainly none that would justify the use of force or the passage of special legislation.

The next 30 years in Sealand history are one improbable scheme after another. Stamps and coins quickly turned into grandiose plans for offshore banking and tourism. By the mid-1970s, Sealand's associates were passing around a brochure showing how Sealand would be built out to include a hotel, a golf course, a tanker port, and even an airport. In the late 1980s, Sealand served as a flag of convenience for an American pirate broadcaster who lasted three days off of Long Island before the FCC shut him down. The Bateses optioned their story to a screenwriter, and although Emma Watson was at one point allegedly attached to the project, nothing came of it. Even a 2008 Red Bull skateboarding video was filmed on Sealand—watch for the board over the side at 2:49.

If this all sounds rather two-bit, it was. Whether or not Roy Bates spent a million pounds on Sealand, as he sometimes claims, the "rusting heap of junk" was no Monaco. For most of its history, Sealand has been the world's most impractical vacation home. The Bateses visit regularly and keep the place manned at all times, but they live ashore. HavenCo remains Sealand's one true brush with real money and real fame.

The founding of HavenCo

Sealand was an inspired choice for the data haven project. Roy Bates's son, Michael, was running Sealand on a day-to-day basis as the Prince Regent by the 1990s. Michael inherited his father's distaste for authority and his fondness for swashbuckling antics. A professional fisherman, he was hardly a computer geek. But he recognized in Hastings and Lackey the same cheeky outlaw spirit that had brought his own family to Sealand and kept it there for decades. Hastings and his wife flew out to visit Sealand, and a mutual love-in quickly followed.

Like any good dot-com-trepreneurs, Hastings and Lackey incorporated. They called the new venture HavenCo, for "Haven Co-location." The pitch was simple. HavenCo would offer secure, anonymous hosting from Sealand. Microwave, fiber, and satellite links would provide fast and redundant bandwidth. Sealand's concrete legs would be kitted out with server racks and uninterruptible power supplies—and then, for additional security, flooded with nitrogen, so that only authorized techies wearing scuba gear could would have physical access.

Who would host data there? HavenCo had plenty of ideas, including businesses looking to avoid pesky subpoenas, the Tibetan government-in-exile, anonymous currencies, and porn. Only a few things were off limits: spam, child pornography, and hacking attempts directed at HavenCo itself.

Well-known geeks Avi Freedman and Joi Ito came onboard as investors. Sameer Parekh was named chairman of the board. The company copied its bylaws from a do-it-yourself guide and drew up a detailed business plan with the kind of explosive growth assumptions everyone made during the dot-com boom: $65 million in revenue by the end of three years and a half-billion-dollar IPO.

The new company promised customers "First World" infrastructure but with "Third World" regulations and taxes. Its slogan—"the free world just milliseconds away"—played up the cyberlibertarian idea that the Internet was about to make geography irrelevant.

The violence inherent in the system

Roy Bates has always been eager to find business partners. One of them, Alexander Achenbach, a former diamond dealer who seems to have been involved with an illegal diploma mill, drafted a constitution for Sealand, was named its minister for foreign affairs, and went around trying to persuade other nations to recognize Sealand. For reasons that are still unclear, he decided to oust Bates and install himself as head of state in 1978.

Achenbach invited Roy and Joan Bates to a meeting in Austria with a group of investors. It was a trick to get them off of Sealand while his lawyer, Gernot Pütz, together with a pair of Dutchmen, occupied it from a helicopter. Michael Bates had been left alone on Sealand and let them land. They repaid his kindness by locking him inside, holding him prisoner for a few days, then putting him on a passing fishing boat.

Roy Bates was never the kind of man to take anything lying down. He assembled a helicopter strike team of his own. They attacked at dawn on August 15, 1978, five days after the original invasion. A brief and tense standoff ended after Michael Bates accidentally discharged his shotgun, leading Pütz and the Dutchmen to surrender. Prince Roy now put the erstwhile invaders on trial, holding Pütz prisoner until he could pay a fine of 75,000 Deutschmarks (more than $50,000).

The German government threw a diplomatic snit fit. They called the incident "in a way an act of piracy, committed on the high sea but still in front of British territory by British citizens." But the British government was now happy with their position: what happened on Sealand was not its problem. The whole affair only blew over with Pütz's release on September 28.

The story is slightly fishy. At one point during the hostage drama, the German embassy told the press the whole affair was a publicity stunt. The Bateses would later retain Pütz as their own lawyer. But there is no conclusive evidence to establish that the coup was real or fake. The truth may well be somewhere in between.

The next thing to do was drum up publicity for the new venture. Here, too, the HavenCo-Sealand pairing was made in heaven. Roy and Michael Bates had been working the press brilliantly for years. Add charismatic geeks to Sealand's inherent romance and the story was irresistible. HavenCo parlayed its memorable business model into a Wired cover story by Simson Garfinkel. Even today, it remains one of the best pieces of tech journalism of all time. That was quickly followed by dozens of other newspaper and TV stories. The press queries came so fast and furious HavenCo barely had the time to respond to inquiries from potential customers.

As journalists covering HavenCo's launch recognized, security was absolutely central to its business model. It seemed likely that a data center hosting content too hot to put anywhere else was likely to attract some enemies. The press asked some probing questions about how HavenCo would protect its customers' data, both physically and virtually.

No problem, according to HavenCo. The redundant communications links would make it impossible for any one country to cut off access. The nitrogen-flooded server rooms would keep casual intruders out. Not that they'd have an easy time getting there in the first place. Sealand's main deck stands 24 feet off the surface of the waves:. The only ways on are by helicopter, an extraordinarily precarious ladder, or the hair-raising experience of being winched on board in a bosun's chair. Just to make sure, HavenCo planned to post round-the-clock guards packing machine guns. Even in the worst case, HavenCo would destroy the server rather than hand over the data—but if it did, the customer would receive a full refund.

Even better, Sealand had a demonstrated history of fighting off invaders. It started with the defense against Radio Caroline in 1967, and continued for years with Michael Bates's habit of taking the occasional shot across the bow of passing ships. That wasn't all. In 1978, Sealand defeated an honest-to-goodness armed coup orchestrated by its own minister for foreign affairs, Alexander Achenbach. After a five-day occupation, the Bateses retook the platform at shotgun-point.

HavenCo falls apart

Despite all the big talk, HavenCo never came even close to success. It had at most a dozen customers. Other than the makers of an unauthorized accelerator for IBM's AS/400 minicomputers, most of the business came from online gambling. The huge racks of servers, the nitrogen, and the machine guns never even existed in the first place. The dot-com crash not only cut the bottom out from colocation pricing, but also took out HavenCo's fiber-optic link when the company providing it went bankrupt. That left the entire operation with a pokey 128Kbps satellite link, which staggered badly under denial-of-service attacks.

Sean Hastings left the company for undisclosed personal reasons in 2000. Relations between Lackey and the Bates family gradually deteriorated. Lackey could tell the Bateses and their advisors didn't share his cypherpunk enthusiasm and he decried their bumbling and self-dealing attempts to make technical decisions. But his own increasingly secretive ways—he started an anonymous remailer without telling anyone, for instance—undermined Sealand's trust in him. In a recent e-mail interview with Ars Technica's Nate Anderson, Michael Bates explained that Lackey "was out of control" and "became doctor evil in his lair."

The final straw came in May 2002, when Sealand's advisors decided against allowing HavenCo to host an unlicensed streaming-video service. (The scheme, which involved buying DVDs and streaming video from them to one customer at a time, bears a striking resemblance to the recently-enjoined Zediva.) Lackey saw it as exactly the sort of service HavenCo had been created to host, but the Sealanders decided that it risked undermining Sealand's relationship with the United Kingdom. A deal was negotiated, under which Lackey would be repaid the $220,000 he had put into HavenCo and continue as a reseller of HavenCo services but turn over day-to-day operational control.

Lackey was barely off the platform when the deal broke down. In his view, HavenCo had been "nationalized" by Sealand. This locked him out, physically and virtually. The company even confiscated his personal computers. The newly reorganized HavenCo issued a statement that Lackey was no longer an employee, and it adopted a new and much more restrictive acceptable use policy. The next five years were a sad study in decline. HavenCo no longer had real technical experts or the competitive advantage of being willing to host legally risky content. What it did have was an absurdly inefficient cost structure. Every single piece of equipment, drop of fuel, and scrap of food had to be brought in by boat or helicopter. By 2006, "Sealand" hosting was in a London data center. By 2008, even the HavenCo website was offline.

What went wrong

Despite all of HavenCo's worst-case planning and bring-it-on rhetoric, the nations of the world never had to lift a finger to topple it. It failed of its own accord. In hindsight, it's hard to identify just one cause; HavenCo had so many problems, its failure was overdetermined.

As a starting point, HavenCo's only serious advantage was its liberal acceptable use policy. Seven miles out into the North Sea is a terrible place to put a data center. HavenCo was never going to be able to compete with the big boys in the colocation business who can choose between cheap real estate and being right next to interconnection points. So it needed to be able to offer its customers security advantages that outweighed its high costs. Unfortunately, it couldn't.

Wikimedia Commons

Most importantly, Sealand almost certainly isn't an independent nation, notwithstanding Roy Bates's claims to the contrary. The 1968 decision acquitting him on firearms charges was hardly a ringing endorsement of Sealand's claims. Instead, it had much more to do with England's byzantine legal system, which at the time was chock-full of medieval holdovers. The court made clear that Parliament could have set up the English legal system in a way that gave the county courts jurisdiction over Roughs Tower, it just hadn't actually done so. In 1987, when the United Kingdom extended its territorial waters from three up to 12 miles, it did just that.

In fact, Alexander Achenbach, the German pretender, accidentally precipitated a court ruling that Sealand isn't a real country. When he was still in Sealand's good graces, he attempted to renounce his German citizenship on the grounds that he was now a citizen of Sealand. In May 1978, a German court denied the request in a ruling that explicitly considered—and rejected—the idea that Sealand is an independent country.

Even if Sealand were "officially" its own country, independence isn't worth much without allies. Any nation with warplanes—no, make that any nation with an inflatable boat and an outboard motor—could blow the place up. The only thing stopping it would be the United Kingdom's displeasure at explosions in its territorial waters. Any protection offered by Sealand's larger neighbor, however, would presumably come with enough strings attached to raise the question of why the servers should be on Sealand rather than onshore. The United Kingdom has been leaving the Bateses alone since 1968 mostly because they're such clever chaps that ousting them would be more embarrassment than it's worth.

HavenCo's collapse also shows a truly deep irony in its business model. By putting itself outside of other countries' legal systems, it put itself completely at Sealand's mercy. In hindsight, Ryan Lackey explained, "While I could sue HavenCo and/or directors for breach of contract, etc., ... it would presumably lead to a negative resolution of the Sealand sovereignty issue." Sealand is a toy nation with a toy legal system, not a stable business environment. Prince Roy and Prince Regent Michael might be fun to raise a glass with, but they don't inspire the kind of confidence an independent judiciary would. On Sealand, Sean Hastings and Ryan Lackey unwittingly recreated everything that drove them out of Anguilla in the first place.

HavenCo's heirs

Sealand isn't going to save WikiLeaks any more than putting the site's servers in a former nuclear bunker would. The legal system figured out a long time ago that throwing the account owner in jail works just as well as seizing the server. Unless Julian Assange is willing to move to Sealand for the rest of his life, he'll be somewhere the long arm of some country's law can reach. The corollary is that if WikiLeaks thrives, it will be because some country—one the rest of the world respects more than Sealand—decides it sees nothing seriously wrong with what WikiLeaks has done.

The same goes for everyone else who's muttered about moving to Sealand. With monotonous regularity, someone proposes putting outlaw data there and asks for money to make it happen. In 2001, a Canadian college student tried to raise $15,000 to put an OpenNap server on Sealand. In 2007, the Pirate Bay started passing the hat for a "buy Sealand" fund. It took in $20,000—roughly one ten-thousandth of the estimated price. But Sealand alone isn't going to gain them much.

Take one of HavenCo's classic lines of business: porn. Why would someone wanting to send vanilla pornography into Saudi Arabia need to bother with Sealand? That stuff's legal in the United States. The only content that couldn't be hosted somewhere else would be content that's illegal everywhere—meaning the nations of the world would find it quite easy to gang up on Sealand, or be willing to look the other way while someone knocked it into the sea.

Governments have powerful virtual tools as well. In the last decade, China has proven that national Internet filtering can be made to work, if not perfectly, than at least reasonably well. Other repressive regimes have been paying attention. SOPA and PIPA's proposed Internet filtering regime showed many in the United States would be willing to go there, too. Discrete data havens are going to have recognizable IP addresses, and as soon as a government sets up a blacklist, you can bet those addresses will go on it. Indeed, the very pressure for SOPA-style blocking shows why data havens as such have been a sideshow to the real fights over Internet policy. Copyright owners have discovered, to their horror, there are plenty of foreign sites hosting the kind of rips and wares that might get you shut down within the United States. Who needs Sealand when you've got Spain?

That's the deal with the Anti-Counterfeiting Trade Agreement (ACTA) and other trade agreements, too. These put diplomatic and political pressure on other governments to make their IP enforcement systems more beholden to United States copyright owners. The very fact this is still an ongoing battle shows that plenty of countries will still host material the United States government disapproves. In a sense, the state of free speech on the Internet has never gotten bad enough to make HavenCo necessary.

Learning from HavenCo

HavenCo was always an awkward way station on the road to the real cypherpunk vision: perfect, anonymous cryptography in the hands of the masses. It doesn't matter where the bits are stored if no one can tell what they are. HavenCo's founders understood this. Sealand was just a temporary stopgap until the good crypto was up and running. Tor and PGP have done far more for free speech than Sealand has, albeit with less nautical flair.

HavenCo's trouble also underscores the dangers of treating "law" as though it were "code." HavenCo thought it had found the perfect legal loophole: a country with the legal right to ignore other countries' laws. But this legal Gödel sentence didn't work because, in the real world, if a country's laws aren't catching the people they're intended to catch, the country can just change its laws. As Cindy Cohn of the Electronic Frontier Foundation likes to say, "You can't hack the law."

Legal systems are like Soylent Green: they're made out of people. If you want to protect civil liberties using law, you need to get people on your side who share your vision of what law stands for. That's why the SOPA protests were so effective. They converted an argument about justice into real-world political power.

One more story from pirate radio history illustrates the paradox at the heart of HavenCo. In the summer of 1967, the pirate radio ship Laissez Faire radioed a distress call. Two factions on board were fighting. There were threats of murder. The authorities did nothing, explaining that the pirates "had deliberately placed themselves outside the reach of the law." Touché.

HavenCo couldn't live with law, and it couldn't live without it.
http://arstechnica.com/tech-policy/n...-havenco.ars/1





Strong Showing for the Pirate Party in German Elections

Saarland is the smallest (apart from the city-states) of 16 states within Germany, with a population of just over 1 million inhabitants. Politically it is generally considered to be a conservative area.

This weekend it held the first of three regional ballots over the next eight weeks that will provide a snap-shot on Chancellor Merkel’s chances of retaining power after the federal elections due next year. The political press will highlight that Merkel’s Christian Democratic Union (CDU) received 35% of the votes, providing, says Peter Altmaier the majority whip for Merkel’s party in Berlin (reported by Bloomberg) “a vote of confidence in Angela Merkel’s policies” that “will give new impetus to the federal government.”

But more surprising, lower down the list, the Pirate Party received 7.4% of the votes, outperforming the Greens. The original Pirate Party was formed in Sweden by Rickard Falkvinge, to fight censorship (especially online censorship) and seek copyright and patent reform. It evolved from the same organization that also developed The Pirate Bay file sharing website.

On his own blog, Falkvinge waxes victorious. “There are 51 seats in Saarland’s parliament,” he writes. “With all the votes counted, we see that the Piratenpartei has won four seats, twice that of the Green Party. The FDP party has been effectively eliminated, clocking in at a mere 1.2%, which will pose problems for Angela Merkel’s CDU next year.”

But it is the longterm implications that are of greatest interest. “This will change technology policy and net legislation in a progressive direction,” he says. “Not just in Saarland and Germany short-term, but also in all of Europe mid-term, as the other political players realize that they need to change their policies to not lose more votes to the Pirate Party.” It’s an interesting point. He is not yet claiming that the Pirate Party can achieve anything directly in government; but he is suggesting that its growing strength will force the main companies to take public opinion on copyright issues more seriously. Growing support for the Green Party forced all major parties to take the environment more seriously; the same may now happen over copyright issues.
http://www.infosecurity-magazine.com...man-elections/





When Stealing Isn’t Stealing
Stuart P. Green

THE Justice Department is building its case against Megaupload, the hugely popular file-sharing site that was indicted earlier this year on multiple counts of copyright infringement and related crimes. The company’s servers have been shut down, its assets seized and top employees arrested. And, as is usual in such cases, prosecutors and their allies in the music and movie industries have sought to invoke the language of “theft” and “stealing” to frame the prosecutions and, presumably, obtain the moral high ground.

Whatever wrongs Megaupload has committed, though, it’s doubtful that theft is among them.

From its earliest days, the crime of theft has been understood to involve the misappropriation of things real and tangible. For Caveman Bob to “steal” from Caveman Joe meant that Bob had taken something of value from Joe — say, his favorite club — and that Joe, crucially, no longer had it. Everyone recognized, at least intuitively, that theft constituted what can loosely be defined as a zero-sum game: what Bob gained, Joe lost.

When Industrial Age Bob and Joe started inventing less tangible things, like electricity, stocks, bonds and licenses, however, things got more complicated. What Bob took, Joe, in some sense, still had. So the law adjusted in ad hoc and at times inconsistent ways. Specialized doctrines were developed to cover the misappropriation of services (like a ride on a train), semi-tangibles (like the gas for streetlights) and true intangibles (like business goodwill).

In the middle of the 20th century, criminal law reformers were sufficiently annoyed by all of this specialization and ad hoc-ness that they decided to do something about it.

In 1962, the prestigious American Law Institute issued the Model Penal Code, resulting in the confused state of theft law we’re still dealing with today.

In a radical departure from prior law, the code defined “property” to refer to “anything of value.” Henceforth, it would no longer matter whether the property misappropriated was tangible or intangible, real or personal, a good or a service. All of these things were now to be treated uniformly.

Before long, the code would inform the criminal law that virtually every law student in the country was learning. And when these new lawyers went to work on Capitol Hill, at the Justice Department and elsewhere, they had that approach to theft in mind.

Then technology caught up.

With intangible assets like information, patents and copyrighted material playing an increasingly important role in the economy, lawyers and lobbyists for the movie and music industries, and their allies in Congress and at the Justice Department, sought to push the concept of theft beyond the basic principle of zero sum-ness. Earlier this year, for example, they proposed two major pieces of legislation premised on the notion that illegal downloading is stealing: the Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (PIPA) and the Stop Online Piracy Act (SOPA).

The same rhetorical strategy was used with only slightly more success by the movie industry in its memorably irritating advertising campaign designed to persuade (particularly) young people that illegal downloading is stealing. Appearing before the program content on countless DVDs, the Motion Picture Association of America’s much-parodied ad featured a pounding soundtrack and superficially logical reasoning:

You wouldn’t steal a car.

You wouldn’t steal a handbag.

You wouldn’t steal a mobile phone.

You wouldn’t steal a DVD.

Downloading pirated films is stealing.

Stealing is against the law.

Piracy: It’s a crime.

The problem is that most people simply don’t buy the claim that illegally downloading a song or video from the Internet really is like stealing a car. According to a range of empirical studies, including one conducted by me and my social psychologist collaborator, Matthew Kugler, lay observers draw a sharp moral distinction between file sharing and genuine theft, even when the value of the property is the same.

If Cyber Bob illegally downloads Digital Joe’s song from the Internet, it’s crucial to recognize that, in most cases, Joe hasn’t lost anything. Yes, one might try to argue that people who use intellectual property without paying for it steal the money they would have owed had they bought it lawfully. But there are two basic problems with this contention. First, we ordinarily can’t know whether the downloader would have paid the purchase price had he not misappropriated the property. Second, the argument assumes the conclusion that is being argued for — that it is theft.

So what are the lessons in all this? For starters, we should stop trying to shoehorn the 21st-century problem of illegal downloading into a moral and legal regime that was developed with a pre- or mid-20th-century economy in mind. Second, we should recognize that the criminal law is least effective — and least legitimate — when it is at odds with widely held moral intuitions.

Illegal downloading is, of course, a real problem. People who work hard to produce creative works are entitled to enjoy legal protection to reap the benefits of their labors. And if others want to enjoy those creative works, it’s reasonable to make them pay for the privilege. But framing illegal downloading as a form of stealing doesn’t, and probably never will, work. We would do better to consider a range of legal concepts that fit the problem more appropriately: concepts like unauthorized use, trespass, conversion and misappropriation.

This is not merely a question of nomenclature. The label we apply to criminal acts matters crucially in terms of how we conceive of and stigmatize them. What we choose to call a given type of crime ultimately determines how it’s formulated and classified and, perhaps most important, how it will be punished. Treating different forms of property deprivation as different crimes may seem untidy, but that is the nature of criminal law.
https://www.nytimes.com/2012/03/29/o...t-century.html





E-books are the Fastest-Growing Area of Book Sales, Especially for Youngsters
Jolie O'Dell

New data from the Association of American Publishers shows that a lot of y’all got e-readers over the holidays. Year-over-year, e-book sales have skyrocketed, especially for young adult and kids’ titles.

In January 2011, publishers sold 3.9 million children’s and young adults e-books. One year later, that monthly sales figure is up to a whopping 22.6 million.

For the older set, e-books are also showing huge growth, surging from 66.6 million e-books sold in January 2011 to 99.5 million sold in January 2012.

In fact, adult e-books are set to overtake adult paperbacks as the highest volume product for publishers in America. This past January, paperbacks outsold e-books by less than 6 million units; if e-book market growth continues, it will have far outpaced paperbacks to become the number-one category for U.S. publishers.

As it is, e-books accounted for 31.1 percent of all young adult, children’s, and adult book sales in January 2012, up from 24.8 percent in January 2011.

All in all, January 2012 was a good month for publishers, with overall sales up 27 percent and sales in the children’s/young adult category up 80.5 percent.

At VentureBeat HQ, we’re hardly surprised by these stats. We were watching the white-hot e-reader/tablet/hybrid gadgets market between last November and now, and what we saw completely backs up the e-book sales growth.

For example, we noted that tablet ownership doubled over the holidays — a feat that was in no small part due to the wild success of Amazon’s Kindle Fire. Shortly after Kindle Fire pre-sales began in September 2011, the company announced it was selling the device at a rate of one million units per week.

“Kindle Fire is the most successful product we’ve ever launched -– it’s the bestselling product across all of Amazon for 11 straight weeks; we’ve already sold millions of units, and we’re building millions more to meet the high demand,” said Dave Limp, Amazon’s Kindle-focused vice president, shortly before the January e-book sales began.
http://venturebeat.com/2012/03/29/ebook-sales-growth/





A Game Explodes and Changes Life Overnight at a Struggling Start-Up
Brian X. Chen and Jenna Wortham

At a cocktail party on the second floor of the expensive Bowery Hotel in Manhattan on Thursday night, as trays of stuffed mushrooms and thinly sliced filet mignon circulated, Charles Forman was marveling at how quickly things can change.

“I had $1,700 in my bank account yesterday, and now I have a whole lot more,” Mr. Forman said.

The party was in celebration of Zynga’s purchase of Omgpop, a New York-based game maker founded by Mr. Forman, and it was extravagant to an extent that Omgpop’s employees could only have dreamed of until recently.

Omgpop had been limping along until Draw Something, a smartphone game it introduced just seven weeks ago, became a breakout hit. That drew the attention of Zynga, the maker of FarmVille and the current king of social games, which last week bought Omgpop for $180 million.

Draw Something transformed Omgpop from a little-known, nearly broke start-up into a must-have for an industry giant. The Zynga deal shows how companies are moving at Internet speed to stay on top of online trends, generating quick reversals of fortune.

“They bought a property that went from 0 to 60 in four seconds,” said Lewis Ward, a research analyst at IDC who focuses on the game industry.

Draw Something, a twist on Pictionary, involves making quick sketches that illustrate words and phrases like “swimming pool” and “starfish” for a friend to guess. It has been downloaded more than 35 million times since its release on Feb. 6, and players have generated more than a billion drawings, according to Zynga.

Mr. Forman, 32, was not directly involved in creating Draw Something. He left the company a year ago but kept his stake in it, and has been trying to get another start-up off the ground. In an interview he declined to say how much the deal was worth to him, but he said it was “way more” than $22 million. “It’s the kind of money where I’ll be wearing whatever I want when somebody invites me to a wedding.”

Omgpop did not start as a game company. Six years ago, Mr. Forman, a workout enthusiast whose Facebook page features a close-up of his abdominal muscles, founded what was then called I’m in Like With You, a dating site where users could essentially put themselves up for auction.

“The entire company started as a joke, honestly,” Mr. Forman said. He saw the site as a form of entertainment, he said, and only later realized that people were spending a lot of time on it. To capitalize on that audience, he converted it into a game site and renamed it Omgpop. “It’s one for the record books,” he said of the success of the company. “It is something I did not expect.”

Mr. Forman brought on Dan Porter, the former president of Teach for America who had experience at other start-ups, to be chief executive in December 2008.

Omgpop raised $17 million from investors and made about 35 games, but was not bringing in much revenue. In fact it was on track to run out of money by May, and probably would have shut down by now if not for the wild success of Draw Something, according to two former employees who were familiar with its finances but insisted on anonymity because of confidentiality agreements.

Mr. Porter, who will become Zynga’s general manager of operations in New York, declined to confirm this, but said: “Before this game came out, we raised a bunch of money, and we hadn’t made any hit games. That can’t go on forever.”

The company’s first drawing game, created by Mr. Forman and E. J. Mablekos, Omgpop’s chief technology officer, was a Web-based game called Draw My Thing. It was competitive, with a timer restricting how long a player could take to guess words, and participants would race to type the answer in a chat room.

Last fall, after Mr. Forman left the company on what he said were his own terms, Mr. Porter led a team of five in developing Draw Something.

He said some of his ideas for the game came from playing catch with his son and the son’s friend in Prospect Park in Brooklyn. He offered the boys ice cream if they could toss the football back and forth 100 times without dropping it.

“I had this moment where I thought, that’s exactly what the game is,” he said. “This game is like catch because we’re working collaboratively together to try to achieve something.” Draw Something has no time limits, and no real winning or losing.

On release day last month, Mr. Porter watched a counter ticking off the number of game downloads. It reached 30,000 that day — not too impressive. But about 10 days later, the downloads accelerated exponentially, soon topping a million.

People began posting their sketches on Twitter and Facebook, helping the game spread rapidly. And the game topped the Apple App Store charts, guaranteeing that many more people would hear of it and try it. Draw Something, offered as a $1 download and a free version with ads, both with the option of paying for extra features, began generating hundreds of thousands of dollars a day.

“It never slowed down,” Mr. Porter said. “The bigger it got, the bigger it got.”

That success attracted suitors, and soon executives of Zynga, which is based in San Francisco, were boarding planes for New York to talk about an acquisition. Mr. Ward of IDC said Zynga’s pursuit of Omgpop was a sign that it was emphasizing mobile apps, instead of the Facebook-based Web games that drove its initial success.

Zynga certainly wasted no time: the deal was announced last Wednesday, and by Thursday all 40 or so employees of Omgpop were already working for Zynga, having been briefed on company policies and their new health coverage. About 60 people attended the party that night, many of them members of the Omgpop crew, who congratulated one another with high-fives, hugs and celebratory photographs.

Mr. Porter said he was planning to take a family trip to Costa Rica before settling into his new job. Mr. Forman, who now works on Picturelife, a photo storage service, said that after the deal closed he was in such a daze that he wandered into traffic.

“I walked across the street, and all I heard was ‘honk,’ ” he said. “It was surreal.”

Evelyn M. Rusli and Nick Bilton contributed reporting.
https://www.nytimes.com/2012/03/26/t...or-omgpop.html





As 60th Anniversary Nears, Tape Reinvents Itself

Streaming media, the cloud and Big Data will play important roles in tape's future.
Lucas Mearian

The 60th anniversary of IBM's digital tape is coming up in May. Oh yeah, and tape is dead. Or so industry pundits have declared, echoing similar prognostications for the mainframe.

But in reality, tape has a long life ahead of it. At 60, in many ways, it's just getting started.

That's because, unlike the mainframe, tape's role in the enterprise is dramatically changing. Only a few years ago, with the emergence of cheap, high-capacity disk drives, many pundits thought tape would be relegated to the dusty storerooms of long-term data archive. Gone were the days when tape was used for primary backup and recovery or streaming media.

But, with the performance of next-generation tape drives hitting 525MB/sec. -- and at a price of around $25 per terabyte of capacity -- tape is too fast and too cheap to write off. New open file formats are also making it possible to use tape in new markets.

IBM's first magnetic tape device for digital storage, the 7-track tape, was introduced in 1952. The IBM 726 tape was about the size of a pizza and held 2.3MB of data with a transfer rate of about 7.5KB/sec. That's about enough to store a minute and a half of a song on your smartphone.

IBM arrived in the tape market a year after the first magnetic tape was introduced. It was used to store data from the Eckert-Mauchly UNIVAC I, the enormous piece of equipment that was the first commercial computer in the U.S. That tape reel held just 224KB of data.

IBM 726

Tape rules the wallet

Today, an 800GB LTO-4 tape cartridge (1.6TB with compressed data) sells for as little as $22. In comparison, the lowest price of a 1TB 7200-rpm, 3.5-in. SATA hard drive is about $104 and a 1TB 2.5-in. hard drive costs about $128 on the low end.

So it's easy to see that tape cartridges sell for roughly one-fifth the cost of spinning disk. Multiply that by thousands of tapes and petabytes or exabytes of corporate legacy data, and the cost savings can be monumental.

Any cost comparison also has to take into account the fact that an enterprise might need just one tape library for backup and archive. That compares with the expense of running rack upon rack of spinning disk storage arrays.

The Ultrium Linear Tape Open (LTO) specification, by far the most widely used tape spec in the industry, has a road map that takes tape out to 32TB per cartridge and up to 1.2GB/sec. throughput. "We've done a public demonstration of 29.5Gbits of data in a square inch of tape," said Brian Truskowski, IBM's general manager of system storage and networking. "We see a lot of headroom in terms of areal density."

In comparison, Seagate recently announced it had achieved a density of 1 terabit (1 trillion bits) per square inch on a disk drive platter. That breakthrough should lead to 20TB laptop drives within the decade.

LTO

LTFS and LTO-5

Today, two major advances -- LT0-5 and the Linear Tape File System (LTFS) -- are allowing tape to handle new applications, such as cloud storage, Big Data and streaming media.

"A lot of people joke that you don't hear the words tape and excitement in the same sentence, but LTFS is one reason you do now," said Truskowski. "The point is, archive data is becoming more important to clients, as is the ability to keep that data in a near-line environment."

The LTFS specification and file system was released in 2010. It's supported by major tape vendors, including IBM, HP, Quantum and Oracle, as well as the LTO Consortium. Oracle has integrated its T10KC enterprise tape drives with LTFS.

The LTO-5 format was introduced in 2010. It offers 1.5TB of uncompressed data (3TB compressed) and, when combined with LTFS, allows users to access files on tape drives as easily as if they were on a USB flash drive or an external hard disk drive.

LTO-5, like every Linear Tape Open generation before it, offers twice the capacity and double the data transfer rates of its predecessor. LTO-5 tape drives can stream data at up to 140MB/sec. native and 280MB/sec. compressed. And, with LTO-6 due out in this year, those data rates will be moving to a maximum of 525MB/sec. and the capacity point to 8TB.

LTO-5

An LTO-5 tape drive is smaller than a breadbox. Each tape holds up to 3TB of data.

Like LTO-4, LTO-5 offers AES 256-bit hardware-based encryption, and write once, read many (WORM) functionality. Unlike its predecessor, LTO-5 offers dual partitioning for faster data access and improved data management.

LTFS itself is a file system with a POSIX interface that applications such as File Explorer can access. A user can then add a network-attached storage stack (e.g. NFS and/or CIFS) on top of LTFS, allowing seamless access to files from any desktop. LTFS is enabled by the dual partitioning capability of LTO-5.

For example, Partition 0 would hold the tape's content index, which can be more quickly accessed. The second partition, Partition 1, holds the content of the tape.

The partitions allow users to view that data without having to read through an entire tape. Once the desired data is located in the index, a simple copy command can be used to move the data from the tape to, for instance, a disk drive.

"At the end of the day, the benefits are that you have the ability to store data on a tape cartridge and you can retrieve that data without any unique host system software or application," said Robert Amatruda, an IDC analyst specializing in data protection and recovery.

Film and broadcast industries love LTFS

Mark Lemmons, CTO of Thought Equity Motion, said that when television broadcasters and motion picture companies went to disk storage from standardized video tape for media, they lost seamless, global interoperability with no overhead.

"There's no such thing as a film that gets created without 20 companies being involved. There's no such thing as broadcaster that doesn't distribute to 40 or 50, or 400 or 500 broadcast outlets. Seamless interoperability was baked into the business and we threw it out like the trash," he said.

Thought Equity, a cloud-based storage service for master-quality video, stores stock content for Paramount Pictures, Sony Pictures Entertainment, National Geographic, The New York Times and the NCAA. It recently changed over to an LTO-5 tape library using LTFS to handle more than 10 petabytes of data. The company estimates that data will soon exceed 50 petabytes.

Disk is not something the broadcast industry or film industry can even consider for storing media for longer than 10 years, Lemmons said, because it doesn't have the retrieval attributes the video media business needs.

"Over the last two years, disk drives have gotten bigger, they've gone from 1TB to 3TB, but they haven't gotten faster," he said. "They're more like tape. Meanwhile, tape is going the other direction, it's getting faster."

LTFS was a critical upgrade for Thought Equity, Lemmons said, because the company needs to ensure that its clients will be able to access video files no matter type of IT infrastructure they have.

The LTO tape had never been an appropriate medium for media in any big way, Lemmons said, because it was built for large banks or other corporations performing backups that were stored for catastrophic data recovery scenarios -- not for ubiquitous access and video.

"Historically, tape was complex enough just to get working, and the IT software layer on top of it was not sharable," he said. "If Client X gives me a petabyte of data, then it's on my system, on my tape and with my software interpreting it. If I was to take that tape and ship it to them, it would be a paperweight unless they had the same IT stack."

"It's IBM Tivoli, Oracle SAM-FS... it's the HSM layer or the file system layer. It's a very expensive, proprietary layer, and it makes it impossible to share at the tape level," Lemmons said.

LTFS allows any file system to access the data, so the backup software used to store it becomes irrelevant.

Lemmons can write a video file to a tape; the tape then shows up on any desktop, such as a Mac, Windows or Linux machine, and it presents itself just as if it were a hard drive volume.

"I can drag and drop the file, write it to the tape at essentially the same speed as a SATA drive, and ship it around the world just like a Digibeta or HDcam tape, and without having to have the same level of infrastructure that would be required for a front porch integration. I don't have to have anything but a little piece of open-source software, thanks to IBM and HP and Oracle and others in this LTFS initiative," he said.

Cloud and Big Data to drive tape adoption

Along with streaming media, Big Data and the cloud have opened new markets for tape storage.

Both private and public cloud infrastructures require massive amounts of data to be available in a near-line fashion. Depending on the service-level agreement, cloud providers might offer a tiered storage infrastructure where data that needs to be accessed quickly and easily is stored on solid-state drives and data that doesn't have to be immediately available is kept on disk drives or tape drives, with the latter offering the least expensive option yet delivering "good enough" performance for storage of large files.

Tape also natively offers greater security in a multitenant cloud environment.

When disks are used for cloud storage, disk drive arrays use deduplication and thin-provisioning to compress data and reduce capacity requirements. RAID is also used to break up and spread data at the block level across disks for data resiliency. Metadata mapping tables are required to find the data across massive disk arrays in a cloud environment.

Additional software is also required to ensure that any given customer's data is securely isolated from every other user on a given disk or array.

In LTO tape environments, however, each tape cartridge is a separate object. The customer or cloud provider has control over what's on each one. Tape libraries can also be partitioned, offering many virtual libraries to a cloud customer while denying any inter-accessibility.

Tape is also positioned to play a key role in the world of Big Data.

Big Data -- an all-encompassing term referring any kind of data, structured or unstructured, that an entity stores -- has sparked the use of distributed computing software such as Map Reduce and batch data analytics tools to extrapolate business information that can be used for marketing, sales and other business operations.

The lion's share of big data resides in unstructured file formats, such as email documents, computer logs, Internet search data, seismic data, business informatics, music, videos and photos.

Currently, the digital universe (all digitally stored data worldwide) is made up of 1.8 trillion gigabytes stored in 500 quadrillion files. Over the next four years, the amount of file-based data will grow by a factor of eight, according to IDC's 2011 Digital Universe Study.

In order to access corporate archives, Map Reduce applications such as Apache Hadoop need access to vast data stores, and tape libraries with petabytes and even exabytes of capacity fill that role perfectly, said IDC's Amatruda.

"That's where you'll see more of the tools in analytics being wrapped around tape," Amatruda said. "That's the next phase of integration and investment: the ability to sort that data effectively and mine it."
https://www.computerworld.com/s/arti...9&pageNumber=1





Europe Changes Tone on Telecommunications Initiatives
Kevin J. O'Brien

By creating the world’s dominant mobile phone technology standard in the 1980s, Europe and the companies that worked on the effort, like Ericsson and Nokia, played a major role in the birth of the global wireless industry. But three decades later, industrywide initiatives are no longer in vogue in Europe. Quite the contrary.

This month, the European Commission’s powerful competition directorate, whose antitrust investigations can lead to hefty fines, said it was examining a series of meetings that had been held since late 2010 by the chief executives of the five largest mobile operators in Europe to see whether they had colluded on standards.

The commission said it was looking into whether the group — Telefónica, Deutsche Telekom, Vodafone, France Télécom and Telecom Italia — was trying to develop standards that would exclude or penalize rivals that tap into the carriers’ wireless networks, which are becoming the ubiquitous platforms for financial transactions and other forms of digital commerce.

A commission spokeswoman, Maria Madrid, said the decision to send questionnaires to the carriers had been a preliminary step that might or might not lead to a formal investigation. The chief executives have publicly complained about the inquiry, denying that collusion took place and saying that the commission has been kept apprised of events at each meeting.

Given European success at setting standards in the mobile phone business, there are several unanswered questions and a certain amount of irony about the current situation.

In 1982, Europe essentially sanctioned the same form of collaboration when it began work on Groupe Spécial Mobile, later the Global System for Mobile Communications. The effort drew together industry and government postal services, which ran European phone monopolies. Today, networks running the GSM standard, which specifies how cellphones connect to networks and to each other, cover more than 90 percent of the world’s population.

The GSM effort, in many respects, could be viewed as a larger, more inclusive version of what the Big 5 carriers are doing as the mature industry looks to fend off advances by competitors like Apple and Google. While the smartphones and Internet services those companies provide can energize wireless traffic, they also provide a means to circumvent entrenched networks, siphoning revenue from carriers.

The timing of the commission’s scrutiny also raises questions.

The examination in Brussels was opened two weeks after one of the chief executives, Vittorio Colao of Vodafone, publicly feuded with the European commissioner for telecommunications, Neelie Kroes, during the industry’s annual convention in Barcelona, over the commission’s efforts to lower the regulated prices of many mobile fees, which has eroded revenue for carriers.

The action by the competition panel has shaken the world of well-financed lobbying organizations in Brussels, where many industry associations routinely hold meetings of top business leaders that could, in a certain light, be construed as locales for potential collusion. Some lobbyists wonder whether legal lobbying efforts will now be tarred as illegal.

“We hold a lot of the same kind of industrywide meetings as the Big 5 telco operators,” said one lobbyist from the telecommunications industry, who wanted to be anonymous to avoid inviting similar scrutiny. “Everyone does.”

What is clear is that the tone of exchanges between carriers and lawmakers in Brussels, which has been deteriorating since the first caps on roaming fees were adopted in 2007, has hit a new low. The commission needs operators to build new networks to fulfill its Digital Agenda, which calls for every E.U. resident to have broadband service with download speeds of at least 30 megabits per second by 2020. In 2011, only 5 percent of the population did.

But operators are wary of investing in networks when regulators in Brussels are cutting roaming and mobile termination fees, two chief sources of income. They are also trying, without much success, to bill big content companies like Google and Apple for the digital traffic those companies’ services generate on mobile networks.
https://www.nytimes.com/2012/03/26/t...rawdata26.html





Most of World Interconnected Through Email, Social Media
Patricia Reaney

Most of the world is interconnected thanks to email and social networking sites such as Facebook and Twitter, according to a new poll released on Tuesday.

Eighty five percent of people around the globe who are connected online send and receive emails and 62 percent communicate through social networking sites, particularly in Indonesia, Argentina and Russia, which have the highest percentage of users.

More than eight in 10 Indonesians and about 75 percent of people in Argentina, Russia and South Africa visit social media sites, the new Ipsos/Reuters poll showed.

Although Facebook and other popular social networking sites, blogs and forums, were founded in the United States the percentage of users was lower at six in 10, and in Japan it fell to 35 percent, the lowest of the 24 countries in the global survey.

"Even though the number in the United States was 61 percent, the majority of Americans are using social media sites," said Keren Gottfried, research manager at Ipsos Global Public Affairs.

The fact that more than six in 10 people worldwide use social networks and forums, she added, suggests a transformation in how people communicate with each other.

"It is true interconnection and engagement with each other. It is not just about a message back and forth but building messages across communities and only the meaningful messages stick," she explained.

"It looks like a majority of the world is communicating this way," she said, adding the numbers were more than half in almost every country polled.

Ipsos questioned a total of 19,216 adults around the world in the online survey.

Email usage was highest in Hungary, where 94 percent of people communicated online. The numbers were similar in Sweden, Belgium, Indonesia, Argentina and Poland.

Saudi Arabia, where 46 percent of people said they communicate via email, had the lowest usage, followed by India at 68 percent and Japan at 75 percent. In all the other countries eight or nine out of 10 people were email users.

Although Americans and Japanese are thought to be very tech savvy, voice-over IP (VOIP), audio conversations conducted via an Internet connection, were not very popular in both countries with less than 10 percent of people using the relatively new technology, compared to 36 percent in Russia, 32 percent in Turkey and 25 percent in India.

Ipsos questioned people in Argentina, Australia, Belgium, Brazil, Canada, China, France, Germany, Britain, Hungary, India, Indonesia, Italy, Japan, Mexico, Poland, Russia, Saudi Arabia, South Africa, South Korea, Spain, Sweden, Turkey and the United States.

(Reporting by Patricia Reaney; editing by Paul Casciato)
http://www.reuters.com/article/2012/...82Q0C420120327





How Social Networks Sold Your Privacy

Stewart Mitchell investigates how sites such as Facebook and Google+ are cashing in on your personal information

When Facebook persuaded 800 million users to sign up, few subscribers would have realised they were the raw materials in a multibillion-pound production line, yet this is exactly how the company treats their information.

Facebook, Google+ and advertising networks have turned exploiting personal data into an art form – and for the most part, consumers have given the information freely.

Last year, Facebook generated $4.27 billion in revenue, according to figures from research house eMarketer, and estimates from various market watchers have suggested the company will be worth $100 billion if it floats later this year as expected. No wonder Google wanted a piece of the action and launched a rival to supplement its already groaning repositories of user information.

Yet companies using personal details online face ongoing battles, with privacy advocates bemoaning the way they share with advertisers. For marketing professionals, on the other hand, the privacy debate is effectively over. Once users upload their information, it’s open season.

“Facebook, Google+, Twitter and the like give users a huge degree of control in terms of the information they provide or that is made available to others,” says Dave Bird, managing director of UK digital marketing agency Webtistic.co.uk. “If anybody feels uncomfortable revealing information then they don’t have to.”

Even so, users may still be surprised by just how much data is available to advertisers or anyone else who wants to snoop on their (once personal) information.

What’s shared?

Between Facebook, Google, Twitter, cookies and information sold by the Government to companies such as 192.com, there’s a wealth of personal data available on most people online, and even if it isn’t shared in an identifiable way, that doesn’t stop it spreading.

Facebook, for example, has no interest in selling identifiable personal information to its advertisers, but that doesn’t mean it won’t share details – just that they’ll be anonymous, in part to protect user privacy, but also to safeguard its greatest asset.

“One of the biggest misconceptions is that Facebook passes on information, but actually it doesn’t,” says Max Schrems, a driving force behind the Europe-v-Facebook.org action group that’s seeking action against Facebook’s practices via the Irish data commissioner. “It gives you the option to advertise to certain people, and to use that information, but it wouldn’t give your information to other people – that would be stupid because that’s Facebook’s treasure; you wouldn’t give that out to anyone else.”

Facebook confirms that it won’t share anything personally identifiable, but that doesn’t mean it won’t cash in on the information in other ways.

“Our privacy policy is clear: we’re permitted to help our advertising customers measure the effectiveness of their ads, so advertisers receive anonymised, aggregated data about ad performance – for example, clickthrough rates within specific demographic groups – so they can optimise campaigns,” Facebook says. “If the advertiser chooses to run the advert, we serve the advert to people who meet the criteria the advertiser selected, but we don’t tell the advertiser who any of those people are.”

With users posting their relationship status, interests and location data, and interacting with groups and friends, Facebook can generate finely honed profiles for its advertisers to target.

It may feel like an invasion of privacy, but web businesses point out the information has been freely given and is essential to keep many websites running, because targeted advertising pays the bills.

“Contrary to what may be the popular opinion, the majority of websites don’t make a profit: taking the example of newspapers, most are losing money on their online versions,” says Bird. “Unless website owners are allowed to make use of demographic data to target advertising, even more of them would feel the pinch and they would have to either close down or move to a subscription model.”

Detailed data

Demographic data is one thing, but social networks have more than mere demographics at their disposal. As part of its case against Facebook, Schrems’ organisation used EU privacy rules that allow citizens to access any data that a company holds on them.

The campaigners were eventually handed 57 data sets for the account in question. The data revealed records associated with almost every facet of user behaviour, from religious views and credit card information to email contacts and removed friends.

At least Facebook had user agreement via its terms and conditions. Google fell foul of the law when it launched the predecessor to Google+ – it was fined when it automatically signed Gmail users into the now defunct Buzz social experiment. Yet social networks are by no means alone in making money from our personal data; even official sources are eager to profit.

The electoral roll, the official data repository for registered voters, collects data such as names and addresses when citizens register to vote and, unless they specifically opt out of data sharing, their details are passed to companies such as 192.com, which make them available for a fee.

192.com stresses that the information is already in the public domain, but centralised online searches make finding people’s details far quicker and easier, presenting serious privacy issues for citizens who hadn’t realised the need to opt out.

According to official documents, access to these details in data form is sold for only £20 plus £1.50 per 1,000 entries – or a paltry 2p a head. Given that the Government-funded Get Safe Online initiative cautions against sharing some of the data available through 192.com and similar services, the state is at the very least guilty of breathtaking hypocrisy.

Once the data is released, it’s impossible to put back into the bottle – and even marketing professionals think sharing such data is a step too far.

“I don’t think the electoral registry should be providing what can be highly confidential information to companies that then sell or use it for commercial gain,” says Bird. “Information provided to the electoral roll should generally be kept under lock and key, and used only for very specific purposes.”

At least Facebook provides a service in return for the data it collects and distributes.

Personal wealth

The value of this data pool only really becomes clear when you wear an advertiser’s hat and try to reach end users that might be interested in your wares.

For example, a campaign to reach everyone on Facebook in the UK would potentially be seen by 26 million users, according to an ad-targeting tool on the website. Many users, however, would find the advert irrelevant, and it would effectively be a waste of money.

A local business based in, say, Dorking may cut that down to five million users if it targeted people within a 50-mile radius, but that would drop to 50,000 users living within ten miles.

That’s still a generic selection of people and an advertiser may want to target a specific age group, say 18 to 21-year-olds – reducing the sample size to 14,000. A local nightclub may want to target only males for a certain event, which reduces the advert’s reach to 7,360, which is fairly targeted, but Facebook’s data drills down even further.

Four hundred people matching the criteria so far also list “nightclubs” as an interest, or are otherwise flagged by Facebook as having an interest in clubbing, which may be drawn from other user interactions, such as having “Liked” another nightclub.

Only 120 of them are single, but the database also records sexual preferences, so an advertiser can narrow the list further, and for a gay night could pitch the advert at single men interested in meeting other men, which whittles the list down to fewer than 20 people.

The value of each advert is much higher for specific searches. At this level of detail, Facebook “suggests a bid of £0.71 per click” to ensure adverts are shown to relevant people, whereas marketing to everyone within a ten-mile radius of Dorking costs almost three times less – at 28p a click.

That’s the real power of information, as far as Facebook is concerned, and the reason that behavioural advertising networks have proved so popular with free-to-view websites.

Identifying “anonymous” users

There are serious concerns about such micro-targeting, with security experts warning that such a small sample could make it possible to discover religious, sexual or lifestyle choices that the subject may prefer to keep private.

Indeed, a 2010 Stanford University report (Privacy Violations Using Microtargeted Ads: A Case Study) highlighted four different types of attack that would allow malicious users to manipulate Facebook’s system to identify end users. Although it said Facebook had moved to plug some potential flaws, it’s still possible to infer a user’s ID.

When we questioned Facebook about this possibility, it referred us to the adjudication in the privacy cases investigated by the Irish data protection commissioner.

“The Office had some concern that Facebook advertising could be used as a means to target a specific individual through the very specific selection of user criteria,” the commissioner ruled late last year. “We’re satisfied, following the audit, that Facebook Ireland has put adequate safeguards in place to prevent this from occurring.”

But there are other tactics that can provide personal information to an advertiser – or someone masquerading as an advertiser – if it has targeted niche groups.

For example, if a set of adverts is sent out – as in our case to single gay men in Dorking – the end user might not know the criteria on which they were shown the ad, and fill in a form providing their identity directly.

“Facebook lets you target gay people and other groups,” says Paul Francis, scientific director of the Max Planck Institute for Software Systems. “For other groups, you’d have to come up with keywords or Facebook groups that you think would primarily target these minorities.

“Once a person clicks an ad, the advertiser can deduce with some probability something about that person. From there what they do with that information is wide open. An advertiser can potentially get personally identifying information directly from the user, through a registration or selling a product.”

Even worse, a hate group could use these tools to target victims.

“I think the worst scenario might be where someone who hates gays uses Facebook’s targeting to identify gay users and later attack them,” Francis says. “This does strike me as rather remote, but it’s conceivable.”

Data controllers

While free, commercial websites need data, it’s the way they deal with it that perhaps causes the most adverse publicity. The European case against Facebook centred not so much on the data it stored, but how clear it was about what it did with the information, and whether it gave users enough control and the ability to delete content.

“Our complaints are about transparency and user control. That’s a real transparency issue, because I don’t know what it [Facebook] is storing about me or what they’re doing with it,” says Schrems. “When you delete something it isn’t actually deleted, it should do what it says.”

And here we have the crux of the matter – if we accept that it’s too late to put the data genie back in the bottle, then as consumers the least we can expect is some control over how our data is stored.

The lack of clarity on these issues was one of the central complaints in the Irish case against Facebook, and one that the Irish data watchdog demanded action on in December 2011.

The commissioner called for an opt-in mechanism, “for users to convey an informed choice for how their information is used, including in relation to third-party apps”.

Improve transparency

Facebook was also told to improve transparency by providing users with all information held by the company, as well a better system for deleting user data when requested, and to be much clearer on how it shared data with consumers.

The company was also censured last year by the US Federal Trade Commission (FTC) over its habit of changing privacy practices without user consent: a growing problem since more functions such as facial recognition and timeline were turned on by default.

In a landmark case dating back to 2009 and resolved late last year, Facebook agreed to settle charges it “deceived consumers by telling them they could keep their information on Facebook private, and then repeatedly allowing it to be shared and made public”.

“Facebook is obligated to keep the promises about privacy that it makes to its hundreds of millions of users,” Jon Leibowitz, chairman of the FTC, said at the time. “Facebook’s innovation doesn’t have to come at the expense of consumer privacy.”

Yet all the legislation in the world can’t prevent privacy glitches, especially if the companies involved have little incentive. For example, that other bugbear of privacy advocates – user tracking via cookies – has been legislated against in Europe, but the UK’s Information Commissioner’s Office has insisted that no-one will be punished for breaching the rules in the near future.

With little motive to take action that would effectively undermine business models, web companies are unlikely to protect user privacy as thoroughly as we may wish.

“It’s easy to point a finger at US companies, but this is a European problem as well because we don’t enforce our laws,” says Schrems. “If there are no penalties from a business standpoint, it makes sense to break the law.”

Personal data privacy might be a thing of the past, and as consumers we have actively – arguably, inadvertently – sold our data for the convenience of connectivity and social tools. But there remains a case for the social networks and their ilk to answer. They might have the data, but they should still play by the rules.

The battle to guard personal data is long lost, but the next fight will be retaining some control over how it’s used.
http://www.pcpro.co.uk/features/3737...d-your-privacy





Warned of an Attack on the Internet, and Getting Ready
Somini Sengupta

On a quiet Sunday in mid-February, something curious attracted the attention of the behind-the-scenes engineers who scour the Internet for signs of trouble. There, among the ubiquitous boasts posted by the hacking collective Anonymous, was a call to attack some of the network’s most crucial parts.

The message called it Operation Global Blackout, and rallied Anonymous supporters worldwide to attack the Domain Name System, which converts human-friendly domain names like google.com into numeric addresses that are more useful for computers.

It declared when the attack would be carried out: March 31. And it detailed exactly how: by bombarding the Domain Name System with junk traffic in an effort to overwhelm it altogether.

There was no way to know for sure whether this was a pre-April Fool’s Day hoax or a credible threat. After all, this was Anonymous, a decentralized movement with no leaders and no coherent ideology, but a track record of considerable damage. The call to arms would have to be treated as one would treat a bomb threat called in to a high school football game. The engineers would have to prepare.

Those preparations turned into a fast-track, multimillion-dollar global effort to beef up the Domain Name System. They offer a glimpse into the largely unknown forces that keep the Internet running in the face of unpredictable, potentially devastating threats.

Among those leading the effort was Bill Woodcock, whose nonprofit based in San Francisco, Packet Clearing House, defends vital pieces of Internet infrastructure. By his calculation, the Anonymous threat was as good a reason as any to accelerate what might have been done anyway over the next several months: fortify the network, chiefly by expanding the capacity of the root servers that are its main pillar.

“Whether or not Anonymous carries out this particular attack, there are larger attacks that do happen,” Mr. Woodcock said. “A forewarning of this attack allowed everyone to act proactively for a change. We can get out in front of the bigger attacks.”

In an attack, the hackers would in effect point virtual cannons at the name servers and blast them with data in what is called a distributed denial of service attack, or DDoS. The only effective way to mitigate such an attack is to expand capacity — so much so that the system can absorb the extra traffic thrown at it, while still accommodating the normal load.

“DDoS is very much a numbers game,” Mr. Woodcock said. “If the target has more than the sum of the attackers’ capability and normal day-to-day traffic, then it is fine.”

In the last few weeks, in a campaign financed mostly by companies that maintain Internet infrastructure, several huge 40-gigabit routers and hundreds of servers have been shipped across the world and hooked into the network, giving the Domain Name System additional computing power. It was part of what is often called an arms race between attackers and defenders on the Internet.

On Saturday, if an attack takes place, it is likely to be imperceptible, at least initially, to the bulk of the world’s Internet users, though service could slow down in places that have narrow bandwidth to begin with — much of sub-Saharan Africa, for instance. In the improbable event of a huge attack that goes unabated for several days, the ability to connect to Web sites could be impaired.

But if the defenses are effective, the result will be something akin to what happened with the Y2K bug: advance warning, plenty of preparation and then barely a blip on the Internet.

Still, it will be anything but a normal Saturday for the people who run the Domain Name System. They plan to be glued to their monitors, looking out for signs of unusual network traffic, communicating with one other through encrypted, digitally signed e-mails or through a private telephone hot line maintained just for this purpose.

“For us, it’s not going to be another day at the office,” said Paul Vixie, whose nonprofit Internet Systems Consortium in Redwood City, Calif., runs a root server known as the F-root. “We are going to be on alert.”

There are 13 root servers worldwide, run by government institutions, universities and private companies. The operators of several of them declined to talk about the threat, including VeriSign, which runs two root servers. Some insisted that they routinely expand capacity to guard against attacks that come from different quarters all the time.

Mr. Vixie, for his part, warned against what he called “panic engineering” in the face of any particular threat. “We are using the threatened attack,” he said, “to go kick the tires on everything, make sure there’s no loose dangly parts.”

Part of the challenge here is the mercurial and leaderless nature of the Anonymous movement. Just after one so-called Anonymous member called for the attack to protest, among other things, “our irresponsible leaders and the beloved bankers who are starving the world for their own selfish needs out of sheer sadistic fun,” another unnamed member of the movement pushed back. “I don’t think this is a good idea,” this person wrote on an Anonymous-affiliated site. “The collateral damage is not worth it.”

A pragmatist wondered how participants would know when to end the attack, if indeed the Domain Name System was overwhelmed. Another suggested that they attack only “the 10 most used sites.” Yet another reckoned that root servers would be so heavily protected that an Anonymous attack could only disrupt them for “a few minutes.”

Since late February, there has been little to no chatter about Operation Global Blackout on Twitter, which Anonymous often uses to spread the word about its campaigns.

Even so, computer security professionals point out, anyone can act in the name of Anonymous, and Anonymous has certainly swung its wrecking ball around in the last few years: its denial of service attacks have impaired private sites like that of PayPal, and some of its offshoots have penetrated the e-mail communications of global law enforcement agencies.

Dan Kaminsky, a security researcher who pointed out the inherent vulnerabilities of the Domain Name System several years ago, put the probability of an effective attack this way: as unlikely as a shark descending from the sky, jaws open.

Nevertheless, on the Internet, no warning should go unheeded, he said: “It is belt-and-suspenders stuff: Is everything where it should be? You have to be ready for disaster.”
https://www.nytimes.com/2012/03/31/t...anonymous.html





FBI Taught Agents They Could ‘Bend or Suspend the Law’
Spencer Ackerman

The FBI taught its agents that they could sometimes “bend or suspend the law” in their hunt for terrorists and criminals. Other FBI instructional material, discovered during a months-long review of FBI counterterrorism training, warned agents against shaking hands with “Asians” and said Arabs were prone to “Jekyll & Hyde temper tantrums.”

These are just some of the disturbing results of the FBI’s six-month review into how the Bureau trained its counterterrorism agents. That review, now complete, did not result in a single disciplinary action for any instructor. Nor did it mandate the retraining of any FBI agent exposed to what the Bureau concedes was inappropriate material. Nor did it look at any intelligence reports that might have been influenced by the training. All that has a powerful senator saying that the review represents a “failure to adequately address” the problem.

“This is not an effective way to protect the United States,” Sen. Richard Durbin, a member of the Senate Judiciary Committee overseeing the FBI, tells Danger Room about the inappropriate FBI counterterrorism training. “It’s stunning that these things could be said to members of our FBI in training. It will not make them more effective in their work and won’t make America safer.”

At the least, Durbin adds, “those responsible for some of the worst parts of this should be reassigned. I want FBI agents who were exposed to some of these comments to at least have a chance to be spoken to and given valid, positive information that can help them.”

One FBI PowerPoint — disclosed in a letter Durbin sent to FBI Director Robert Mueller on Tuesday and shared with Danger Room — stated: “Under certain circumstances, the FBI has the ability to bend or suspend the law to impinge on the freedom of others.” An incredulous Durbin told Danger Room, “Time and time again when that is done, it has not made us safer.” Like other excerpts from FBI documents Danger Room reviewed for this story, it was not dated and did not include additional context explaining what those “circumstances” might be.

FBI spokesman Christopher Allen did not dispute the documents’ authenticity. He said he would not share the full documents with Danger Room, and was “unable to provide” additional information about their context, including any indication of how many FBI agents were exposed to them.

“Of the approximately 160,000 pages of training material reviewed, less than one percent contained factually inaccurate or imprecise information or used stereotypes,” Allen told Danger Room. “But mistakes were made, and we are correcting those mistakes. Through this review process, we recognized that we lacked a centralized process to ensure all training materials were reviewed and validated. We are addressing that gap so this does not happen again.”

The FBI’s counterterrorism training review was prompted by a Danger Room series revealing the Bureau taught agents that “mainstream” Muslims were “violent“; that Islam made its followers want to commit “genocide“; and that an FBI intelligence analyst compared Islam to the Death Star from Star Wars. The review led the bureau to remove hundreds of pages of documents from its training course.

On Friday, the FBI announced the results of its internal review. After six months of internal inquiry, it released a statement instructing that “training would conform to constitutional principles” and “emphasize the protection of civil rights and civil liberties.” Written materials “must be reviewed carefully by supervisory-level personnel possessing an appropriate level of understanding of relevant topics.”

No one who prepared any of the “factually inaccurate or imprecise” instructional material faced disciplinary action. “All FBI employees who prepared inaccurate, imprecise, or stereotyped materials were interviewed,” Allen said. “It was made clear to them what was wrong with the materials and why they were not acceptable for FBI training.”

That’s left Sen. Durbin dissatisfied.

On Tuesday, Durbin wrote to FBI Director Mueller objecting to the FBI’s plans not to disclose the results of the inquiry; not to discipline those responsible for the offending documents; to exclude “FBI intelligence analyses of Islam and American Muslims” from the inquiry’s purview; and not to retrain agents who were exposed to the shoddy instructional material.

“If the FBI does not identify agents who received inaccurate information and take steps to retrain them, there is a real risk that agents will be operating on false assumptions about Arab Americans and American Muslims,” Durbin wrote to Mueller. “This could harm counterterrorism efforts by leading FBI agents to target individuals based on their religion or ethnicity, rather than suspicion of wrongdoing.”

A sample of that possibly harmful training comes from a document on “Establishing Relationships,” which instructed: “Never attempt to shake hands with an Asian. Never stare at an Asian. Never try to speak to an Arab female prior to approaching the Arab male first.”

Another document, titled “Control and Temper,” contrasted the “Western Mind” with that of the “Arab World.” The “Western” mind possessed an “even keel” and “outbursts” of emotion were “exceptional.” In the “Arab World,” by contrast, “Outburst and Loss of Control [is] Expected.” A bullet point below asked, “What’s wrong with frequent Jekyll & Hyde temper tantrums?”

Many U.S. Muslims have been under government surveillance since 9/11, even without suspicion of a crime. The FBI has created “geo-maps” of where Muslims around the U.S. congregate and do business, untethered to specific criminal investigations. The New York Police Department has performed similar surveillance on Muslim communities in New York City, as an extensive Associated Press inquiry has revealed.

Durbin said he wants to give Mueller, with whom he has a “positive working relationship,” a chance to respond to his letter before taking any further steps with the Judiciary Committee to compel additional FBI action. But he expressed surprise that the FBI could have taught its agents that “bending or suspending” the law was sometimes acceptable.

“I cannot imagine that was actually said,” Durbin said, adding that the FBI provided him no context as to what circumstances might justify acting outside the law. “It creates a license for activity that could on its face be illegal, and certainly inconsistent with our values.”
http://www.wired.com/dangerroom/2012...d-suspend-law/





Here's How Law Enforcement Cracks Your iPhone's Security Code
Andy Greenberg

Set your iPhone to require a four-digit passcode, and it may keep your private information safe from the prying eyes of the taxi driver whose cab you forget it in. But if law enforcement is determined to see the data you’ve stored on your smartphone, those four digits will slow down the process of accessing it by less than two minutes.

Here’s a video posted last week by Micro Systemation, a Stockholm, Sweden-based firm that sells law enforcement and military customers the tools to access the devices of criminal suspects or military detainees and siphon off their personal information.

As the video shows, a Micro Systemation application the firm calls XRY can quickly crack an iOS or Android phone’s passcode, dump its data to a PC, decrypt it, and display information like the user’s GPS location, files, call logs, contacts, messages, even a log of its keystrokes.

Mike Dickinson, the firm’s marketing director and the voice in the videos, says that the company sells products capable of accessing passcode-protected iOS and Android devices in over 60 countries. It supplies 98% of the U.K.’s police departments, for instance, as well as many American police departments and the FBI. Its largest single customer is the U.S. military. ”When people aren’t wearing uniforms, looking at mobile phones to identify people is quite helpful,” Dickinson says by way of explanation.

With smartphone adoption rocketing around the world, Dickinson says Micro Systemation’s “business is booming.” The small company has grown close to 25% in revenue year-over-year, earned $18 million in revenue in 2010 up from $12 million the year before, and doubled its employees since 2009.

“It’s a massive boom industry, the growth in evidence from mobile phones,” says Dickinson. “After twenty years or so, people understand they shouldn’t do naughty things on their personal computers, but they still don’t understand that about phones. From an evidential point of view, it’s of tremendous value.”

“If they’ve done something wrong,” he adds.

XRY works much like the jailbreak hacks that allow users to remove the installation restrictions on their devices, Dickinson says, though he wouldn’t say much about the exact security vulnerability that XRY exploits to gain access to the iPhone. He claims that the company doesn’t use backdoor vulnerabilities in the devices created by the manufacturer, but rather seeks out security flaws in the phone’s software just as jailbreakers do, one reason why half the company’s 75 employees are devoted to research and development. “Every week a new phone comes out with a different operating sytems and we have to reverse engineer them,” he says. “We’re constantly chasing the market.”

After bypassing the iPhone’s security restrictions to run its code on the phone, the tool “brute forces” the phone’s password, guessing every possible combination of numbers to find the correct code, as Dickinson describes it. In the video above, the process takes seconds. (Although admittedly, the phone’s example passcode is “0000″, about the most easily-guessed password possible.)

Dicksinson acknowledges that users who set longer passcodes for devices can in fact make the devices far tougher to crack. “The more complex the password, the longer and harder it’s going to be to access the phone,” he says. “In some cases, it takes so long to brute force that it’s not worth doing it.” That may have been the situation, for instance, in one recent case involving the phone of Dante Dears, a paroled convict accused of running a prostitution ring known as “Pimping Hoes Daily” from his Android phone; The FBI, apparently unable or unwilling to crack the phone, asked Google to help in accessing it.

Aside from uncrackable passwords, there may be few legal barriers stopping police from cracking a suspect’s phone, says Hanni Fakhoury, an attorney with the Electronic Frontier Foundation. A suspect may in some cases refuse to give police the password to a device, pleading the fifth amendment that protects against self-incrimination. But when police have a search warrant, it often gives them the right to access the device without the suspect’s cooperation, even if that means cracking security measures. In California and other states, police can legally search phones even without a warrant, though courts around the country are still producing conflicting rulings on the issue.

“If police have a warrant to be in the phone, this is just a way to get access to what they’re legally allowed to,” Fakhoury says of the XRY tool. “But if they’re going to a protest and seizing folks for booking, and immediately running this on their phones and sucking everything out, we’ve got a real problem.”

Micro Systemation’s Dickinson says that it strictly adheres to export control laws that limit which governments it can sell to. But beyond those export restrictions, the company leaves it up to its customers to adhere to local laws. ”Once it’s approved for supply, it’s down to the laws of that country,” says Dickinson. “Hopefully its use is in proportion to what’s required.”
http://www.forbes.com/sites/andygree...ty-code-video/





Anatomy of a Leak: How iPhones Spill the ID of Networks They Access
Dan Goodin

An Ars story from earlier this month reported that iPhones expose the unique identifiers of recently accessed wireless routers, which generated no shortage of reader outrage. What possible justification does Apple have for building this leakage capability into its entire line of wireless products when smartphones, laptops, and tablets from competitors don't? And how is it that Google, Wigle.net, and others get away with publishing the MAC addresses of millions of wireless access devices and their precise geographic location?

Some readers wanted more technical detail about the exposure, which applies to three access points the devices have most recently connected to. Some went as far as to challenge the validity of security researcher Mark Wuergler's findings. "Until I see the code running or at least a youtube I don't believe this guy has the goods," one Ars commenter wrote.

According to penetration tester Robert Graham, the findings are legit.

In the service of our readers, and to demonstrate to skeptics that the privacy leak is real, Ars approached Graham and asked him to review the article for accuracy and independently confirm or debunk Wuergler's findings.

"I can confirm all the technical details of this 'hack,'" Graham, who is CEO of Errata Security, told Ars via e-mail. "Apple products do indeed send out three packets that will reveal your home router MAC address. I confirmed this with my latest iPad 3."

He provided the image at the top of this post as proof. It shows a screen from Wireshark, a popular packet-sniffing program, as his iPad connected to a public hotspot at a Starbucks in Atlanta. Milliseconds after it connected to an SSID named "attwifi" (as shown in the section labeled #1), the iPad broadcasted the MAC address of his Linksys home router (shown in the section labeled #2). In section #3, the iPad sent the MAC address of this router a second time, and curiously, the identifier was routed to this access point even though it's not available on the local network. As is clear in section #4, the iPad also exposed the local IP address the iPad used when accessing Graham's home router. All of this information is relatively simple to view by anyone within radio range.

The image is consistent with one provided by Wuergler below. Just as Wuergler first claimed, it shows an iPhone disclosing the last three access points it has connected to.

Graham used Wireshark to monitor the same Starbucks hotspot when he connected with his Windows 7 laptop and Android-based Kindle Fire. Neither device exposed any previously connected MAC addresses. He also reviewed hundreds of other non-Apple devices as they connected to the network, and none of them exposed previously accessed addresses, either.

As the data makes clear, the MAC addresses were exposed in ARP (address resolution protocol) packets immediately after Graham's iPad associated with the access point but prior to it receiving an IP address from the router's DHCP server. Both Graham and Wuergler speculate that Apple engineers intentionally built this behavior into their products as a way of speeding up the process of reconnecting to access points, particularly those in corporate environments. Rather than waiting for a DHCP server to issue an IP address, the exposure of the MAC addresses allows the devices to use the same address it was assigned last time.

"This whole thing is related to DHCP and autoconfiguration (for speed and less traffic on the wire)," Wuergler told Ars. "The Apple devices want to determine if they are on a network that they have previously connected to and they send unicast ARPs out on the network in order to do this."

Indeed, strikingly similar behavior was described in RFC 4436, a 2006 technical memo co-written by developers from Apple, Microsoft, and Sun Microsystems. It discusses a method for detecting network attachment in IPv4-based systems.

"In this case, the host may determine whether it has re-attached to the logical link where this address is valid for use, by sending a unicast ARP Request packet to a router previously known for that link (or, in the case of a link with more than one router, by sending one or more unicast ARP Request packets to one or more of those routers)," the document states at one point. "The ARP Request MUST use the host MAC address as the source, and the test node MAC address as the destination," it says elsewhere.

Of course, only Apple engineers can say for sure if the MAC disclosure is intentional, and representatives with the company have declined to discuss the issue with Ars. What's more, if RFC 4436 is the reason for the behavior, it's unclear why there's no evidence of Windows and Android devices doing the same thing. If detecting previously connected networks is such a good idea, wouldn't Microsoft and Google want to design their devices to do it, too?

In contrast to the findings of Graham and Wuergler were those of Ars writer Peter Bright, who observed different behavior when his iPod touch connected to a wireless network. While the Apple device did expose a MAC address, the unique identifier belonged to the Ethernet interface of his router rather than the MAC address of the router's WiFi interface, which is the identifier cataloged by Google, Skyhook, and similar databases.

Bright speculated that many corporate networks likely behave the same way. And for Apple devices that connect to access points with such configurations, exposure of the MAC address may pose less of a threat. Still, while it's unclear what percentage of wireless routers assign a different MAC address to wired and wireless interfaces, Graham and Wuergler's tests show that at least some wireless routers by default make no such distinction.

Wuergler also debunked a few other misconceptions that some people had about the wireless behavior of Apple devices. Specifically, he said claims that iPhones don't broadcast the SSID they are looking for from Errata Security's Graham are incorrect. Some Ars readers had invoked the 2010 blog post from Graham to cast doubt on Wuergler's findings

"The truth is Apple products do probe for known SSIDs (and no, there is no limit as to how many)," Wuergler wrote in a post published on Friday to the Daily Dave mailing list. He included the following screenshot to document his claim.

Connecting the dots

What all of this means is that there's good reason to believe that iPhones and other Apple products—at least when compared to devices running Windows or Android—are unique in leaking MAC addresses that can uniquely identify the locations of networks you've connected to recently. When combined with other data often exposed by virtually all wireless devices—specifically the names of wireless networks you've connected to in the past—an attacker in close proximity of you can harvest this information and use it in targeted attacks.

Over the past year or so, Google and Skyhook have taken steps to make it harder for snoops to abuse the GPS information stored in their databases. Google Location Services, for instance, now requires the submission of two MAC addresses in close proximity of each other before it will divulge where they are located. In many cases, this requirement can be satisfied simply by providing one of the other MAC addresses returned by the Apple device. If it's within a few blocks of the first one, Google will readily provide the data. It's also feasible for attackers to use war dialing techniques to map the MAC addresses of wireless devices in a given neighborhood or city.

Since Apple engineers are remaining mum, we can only guess why iDevices behave the way they do. What isn't in dispute is that, unlike hundreds of competing devices that Wuergler and Graham have examined, the Apple products leak connection details many users would prefer to keep private.

A video demonstrating the iPhone's vulnerability to fake access point attacks is here.
http://arstechnica.com/apple/news/20...phone-leak.ars





Apple Offers Refund to Australian Buyers of New iPad

Apple Inc will email all buyers of its new iPad in Australia to offer them a refund, a lawyer for the company said on Wednesday, after the nation's consumer watchdog accused it of misleading advertising over one key aspect of the product.

The Australian Competition and Consumer Commission has taken legal action to ensure Apple makes consumers aware its third-generation iPad cannot connect to a 4G mobile data network in Australia due to technical incompatibility.

Apple agreed to post warnings that its new iPad "is not compatible with current Australian 4G LTE networks and WiMAX networks" over the next week.

In documents lodged with the court, the ACCC says Apple advertised that "iPad with WiFi can with a SIM card, connect to a 4G mobile data network in Australia, which it cannot do".

Apple "seems to accept that there's a lack of compatibility," said Colin Golvan, senior counsel for the ACCC said at the Federal Court in Melbourne. "It's been completely indifferent to the Australian market," he said.

A trial has been set for May 2, with a hearing a preceding that on April 16.

Apple promoted its third-generation tablet as the iPad with Wifi+4G, but Australia has only one 4G network, operated by Telstra Corp, which operates on a different frequency to the 4G on Apple's new iPad. Rival Optus, the Australian unit of Singapore Telecommunications Ltd, is due to launch a second 4G network in April but that will not be iPad-compatible either.

Apple barrister Paul Anastassiou told the Federal Court in Melbourne that the company would send emails to all Australian buyers to date, offering the refund.

Apple rolled out the first wave of new iPad tablets on March 16.

While the iPad is the clear market leader, and the new version with its faster chips, fourth-generation wireless and a sharper display is only expected to cement Apple's lead, the company has hit some bumps in the road.

It is waging a battle with a Chinese technology company, Proview, that claims to own the iPad trademark in China, in a long-running dispute that has threatened to disrupt iPad sales in one of its fastest growing markets.

In Australia, a small but a key launch market for Apple products, it lost a bid to ban the sales of Samsung Electronics Co Galaxy tablet late last year.

That battle is part of bruising global patent war between the two firms that spans about 30 legal cases in 10 countries.

(Reporting by Miranda Maxwell; Editing by Alex Richardson)
http://www.reuters.com/article/2012/...82Q06Y20120328

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

March 24th, March 17th, March 10th, March 3rd

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public." - Hugo Black