P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 05-06-13, 07:11 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - June 8th, '13

Since 2002


































"This is a court that meets in secret, allows only the government to appear before it, and publishes almost none of its opinions. It has never been an effective check on government." – Jameel Jaffer






































June 8th, 2013




French Appear Ready to Soften Law on Media Piracy
Eric Pfanner

A French experiment in cracking down on digital media piracy by threatening to kick copyright cheats offline is about to end — without solving the problem.

In 2009, French lawmakers, aiming to curb unauthorized file-sharing and to slow the erosion of media industry revenue, approved what was billed as the toughest anti-piracy law in the world. Repeat offenders who ignored two warnings to quit downloading movies or music illegally were confronted with the prospect of a suspension of their Internet connection. The system was emulated in several other countries, including the United States, though generally with softer penalties.

But now the government of President François Hollande appears poised to shut down the agency that was created to enforce the law, imposed under Mr. Hollande’s predecessor, Nicolas Sarkozy, and to defang the measure of much of its menace.

Fleur Pellerin, the French minister in charge of Internet policy, said during a recent visit to a high-technology complex in Sweden that suspending Internet connections was incompatible with the French government’s hopes of spurring growth in the digital economy.

“Today, it’s not possible to cut off Internet access,” she said. “It’s something like cutting off water.”

A report on digital policy that was prepared for the government by Pierre Lescure, the former president of the pay-television company Canal Plus, in April recommended dropping the threat of disconnections and replacing it with a fine of €60, or $78, for repeat offenders. The report also recommended disbanding the enforcement agency, known by its French acronym, Hadopi, and subsuming some of its functions in the French media regulator, Conseil supérieur de l’ audiovisuel.

While government ministers have voiced support for Mr. Lescure’s recommendations, some lawmakers, including Patrick Bloche, an influential Socialist deputy, have suggested that the administration should go further and simply scrap the entire system of warnings and potential penalties.

Despite all the debate that the system has prompted, in and outside France, evidence of its effects remains skimpy. A study by researchers at Wellesley College near Boston and Carnegie Mellon University in Pittsburgh that was published last year showed that the threat of disconnection was directing more French Internet users toward Apple’s iTunes store, a licensed source of digital music. Separate studies, commissioned by Hadopi, have shown a decline in illegal file sharing.

Yet the French music business remains deeply troubled. SNEP, a French recording company group, said Friday that industry revenue fell by 6.7 percent in the first quarter of the year. More alarmingly, revenue from digital outlets fell by 5.2 percent — the first quarterly decline — though the organization said several special factors played a role in this.

Meanwhile, SNEP said the number of visits to illegal music sites by French Internet users had risen by 7 percent between January 2010 and January 2013, to 10.7 million.

Guillaume Leblanc, director general of SNEP, said the group was willing to accept dropping the threat of disconnection, as long as the warning system was preserved, but said the proposed €60 fine was too low.

“Maintaining graduated response is essential for the music industry,” he said. “For the legal offer to keep developing, it’s important to have strong copyright protection on the Internet.”

While Hadopi has sent out hundreds of thousands of warnings to those suspected of being pirates, only a handful of cases have reached the third and supposedly final stage. Several of these were thrown out by the courts; others resulted in fines or suspended sentences.

“If you cannot chop off a few heads as an example, then the chopping machine inspires less fear,” said Jérémie Zimmermann, spokesman for La Quadrature du Net, a group that has campaigned against the law.

Supporters of the law say cutting off large numbers of Internet connections was never the point.

“From our standpoint this was always meant to be an educational and deterrent measure,” said Frances Moore, chief executive of the International Federation of the Phonographic Industry, a trade group.

The Lescure report recommends that the downgraded penalty — a fine rather than disconnection — be accompanied by greater certainty that it would be applied, through the adoption of an administrative court procedure, like the one used for minor traffic violations.

A downgrade of the French system would leave South Korea, which also imposed a similar system in 2009, as the country with perhaps the toughest anti-piracy measures in place. More than 400 Internet accounts or Web sites have been suspended in South Korea since the law went into effect.

Recording industry revenue in South Korea rose by 26 percent from 2008 through 2012, a period in which sales worldwide fell by 14 percent, according to the international recording industry federation.

Whether the law is responsible for the gains is debatable; the surge has coincided with the K-Pop phenomenon, in which South Korean acts like Psy and his “Gangnam Style” have taken the world by storm.

The law is unpopular with free-speech groups, which are campaigning for a repeal.

In March, the Korean National Human Rights Commission recommended that the measure should be reviewed to determine whether it clashes with constitutional protections.

Elsewhere, countries that have adopted systems involving warnings and penalties, also known as graduated response, have tended to opt for less draconian measures than France or South Korea, sometimes involving private-sector deals rather than legislation.
In the United States, for example, five major Internet providers recently agreed to put in place a so-called copyright alert system, negotiated with the entertainment industry. Sanctions, which can include a temporary slowdown in Internet access speed, do not kick in until an account holder ignores at least five warnings.

Analysts say that the backtracking by the French could lessen legislators’ enthusiasm for graduated response systems in other countries, at least if they involve the threat of disconnection.

“Looking at this politically, if one of the few countries where they were able to get the political support to pass this — if they get rid of it, it could make it harder to do graduated response elsewhere,” said Brett Danaher, a professor at Wellesley College who worked on the study examining the effects of Hadopi on iTunes sales.

He and others said the entertainment industry and policy makers might now turn more of its attention to efforts to block Web sites that host content that infringes on copyright, rather than going after individual Internet users.

Ms. Moore said neither strategy would provide an easy solution.

“We have to take a holistic approach,” she said. “Web site blocking and alert systems are just two tools.”
https://www.nytimes.com/2013/06/03/t...-piracy03.html





Australia's De-Facto Internet Filter May Block 250k Sites

Baldrick's cunning plan turns into live grenade
Richard Chirgwin

The Australian Securities and Investment Commission (ASIC), has told a hearing of the Australian Parliament's Senate Estimates committee that its attempt to block access to the IP address of one investment scam site could have blocked 250,000 sites in total.

The Commission told Estimates yesterday that it first conceived of the idea of using “section 313 notices” to attack investment scammers in 2012. By the kind of thundering coincidence that would destroy any detective novel, that was also about the time that the Australian Federal Police (AFP) started using the same regime to get Australia's largest ISPs to filter out content on the Interpol “worst of the worst” list. The AFP did so after Australia backed away from a policy to build a national internet filter.

However, ASIC said the AFP's actions had nothing to do with its decision, and that it had been considering ways to block investment cold-call scams for some time. The problem ASIC is trying to deal with is mass-calling campaigns launched by scammers who then direct victims to Websites, at which they register and hand over their money.

In its opening statement to the committee (Crikey has a copy here), ASIC said that in addition to the blocking of an IP address that took out 1,200 sites hosted at the same address, a similar request in March blocked 250,000 sites. In its defence, the commission said most of the URLs hosted at the target IP “appear to contain no substantive content” and that fewer than 1,000 “active” sites had been affected (El Reg presumes that the remaining 249,000 were parked domains).

The agency told Estimates its use of requests under Section 313 of the Telecommunications Act to have sites taken down was, in part, conceived because domain registries often responded slowly to its requests to pull scammers' registrations.

The Estimates session also proved conclusively that fax is not yet dead in Australia: the Section 313 request is in the form of a letter “faxed out to the telecommunications carriers”. ASIC focuses on the largest carriers only, on the basis that any retailers using their wholesale services will also be unable to serve blocked sites.
http://www.theregister.co.uk/2013/06...sites_blocked/





Taiwan Proposes China-Style Block on Overseas Internet Services that Infringe Copyright
Jon Russell

China is famous for its unique Internet censorship policy — known as the Great Firewall — which restricts content, and in particular sites and services from overseas, preventing its 500 million-plus Internet users from having free reign online. Now that policy could be duplicated in Taiwan, where officials have proposed a list of sites that will be blocked.

Draft legislation to block links at IP and DNS level has been put forward by The Taiwan Intellectual Property Office (IPO), as Global Voices notes. The SOPA-like initiative is designed to make sites from overseas that specialize in copyright infringed content unavailable in the country, in effect it will see Taiwan raise a firewall of its own.

The IPO has clarified that it will only target international websites that are notorious for file-sharing and other activities that violate digital content rights, but, logically, Taiwanese citizens have expressed concern that the initiative could be hijacked for other — potentially political — purposes.

Looking at China’s example, social media and news websites are regularly combed for ‘unsuitable’ content which is deleted from the Internet. Indeed, things have developed to the point that social networks like Weibo, the Twitter-like platform, have their own in-house ‘content management team’, which removes content that might not sit well with authorities before they are exposed to it.

Fearing the possibilities, concerned Internet users in Taiwan have set up a Facebook event to rally for the cause and share ideas. The Global Voices article includes translated comments from leading thinkers in Taiwan’s online space and regular folk alike.
http://thenextweb.com/asia/2013/05/2...nge-copyright/





UK Police Launch Campaign to Shut Down Torrent Sites
Andy

City of London Police inform TorrentFreak that they have begun targeting sites that provide access to unauthorized content for “criminal gain.” The initiative is part of a collaboration with Hollywood studios represented by FACT and the major recording labels of the BPI. In letters being sent out now, police accuse site operators of committing offenses under the Serious Crime Act. The National Fraud Intelligence Bureau further warns that the crimes carry a jail sentence of 10 years.

Authorities and entertainment industry companies in the UK are working together on a new initiative which targets sites said to be offering copyrighted material without permission, TorrentFreak has learned.

The first signs came last week when a major torrent site received a letter from the National Fraud Intelligence Bureau (NFIB), a unit set up following the Government’s National Fraud Review. The unit has a mission to identify serial offenders and organized crime gangs in order to disrupt their activities.

The letter (copy below), sent to “The owners and/or operators of the website known as ‘XXXXX’,” states that the NFIB has become particularly concerned by websites causing harm to the UK’s creative economy.

“We are therefore currently working on an initiative with Government and industry bodies to help prevent, deter and disrupt the criminal activity linked to websites involved in online copyright infringement. In that regard, we have reasonable grounds to suspect that through your ownership and/or operation of the website known as ‘XXXXX’, you are involved in online copyright infringement,” NFIB explain.

So far TorrentFreak is aware that at least two torrent sites have already received letters from the NFIB. Their operations are detailed as follows:

“XXXXX is a BitTorrent website that – without the permission of the copyright holder – actively provides UK internet users with a bespoke directory and search engine for torrent files. This enables users to find and download copyright content which would otherwise be time consuming or impossible to locate,” the letter notes.

Even though neither site is located in the UK, police believe that sites’ operators are committing crimes there.

“We have grounds to suspect that as owners and/or operators of the XXXXX website, you are committing the offense of communication to the public under s.107(2A) of the Copyright, Designs & Patents Act 1988 (“CDPA”). Section 107(2A) is an indictable offence punishable by up to two years’ imprisonment,” NFIB state.

But while allegations of copyright-related offenses are nothing out of the ordinary, in their letter the National Fraud Intelligence Bureau elevate the seriousness of file-sharing offenses to unprecedented levels.

“Further, we have grounds to suspect that as owners and/or operators of the XXXXX website, you are committing offenses under the Serious Crime Act 2007 by doing acts capable of encouraging and assisting communication to the public (under s.107(2A) of the CDPA); and/or distribution (under s.107(1)(e) of the CDPA) of copyright content seeded by others – intending or believing that those offenses will be encouraged or assisted.

“Such activity is an indictable offense under the Serious Crime Act 2007 and is punishable by up to ten years’ imprisonment (two years for encouraging/assisting communication to the public; and ten years for encouraging/assisting distribution),” the NFIB warn.

The letters conclude with advice for site operators to contact the NFIB immediately in order to “prevent the further commission of offenses.”

“If no contact is made before 14th June 2013 then you and/or the XXXXX website may face police action,” the letter concludes.

TorrentFreak contacted NFIB who confirmed that an initiative is indeed underway.

“City of London Police has begun an initiative to target websites that attract visitors by providing unauthorised access to copyrighted content for criminal gain. These websites are able to operate and profit from advertising on their sites without having licenses or paying the creators and owners of the films, TV programmes, music and publications,” a spokesman said in a statement.

“Intellectual property crime is a serious offense that is costing the UK economy hundreds of millions of pounds each year. Working with the UK advertising industry, City of London Police and rights holder groups FACT (Federation Against Copyright Theft), BPI (British Recorded Music Industry) and The PA (The Publishers Association) are committed to tackling this problem.”

The BPI say that an NFIB officer was previously embedded with their anti-piracy unit.

“This appointment is the first secondment by NFIB into private industry, enabling City of London Police to develop a greater understanding of the illegal distribution and sale of music online by organised crime gangs,” the music group reveals.

The NFIB add that their initiative also seeks to protect UK consumers from “malware and other harmful programs that may be downloaded unwittingly from sites that provide illegally offered content.”

Any site or service in receipt of the NFIB letter can contact us in confidence at the usual address.
http://torrentfreak.com/uk-police-la...-sites-130604/





Warner Bros: We’re Fining File-Sharers Who Use Non Six-Strike ISPs
Andy

Customers of ISPs not involved in the so-called ‘Six Strikes’ anti-piracy scheme in the United States might be under the impression that warning notices are something they can avoid. However, TorrentFreak has learned that Warner Bros. are specifically targeting users of non-participating ISPs not only with warnings, but also with fines to settle the alleged copyright infringements.

After much preparation the MPAA and RIAA teamed up with U.S. Internet providers this February to launch their so-called “six strikes” anti-piracy notification system.

AT&T, Cablevision, Comcast, Time Warner Cable and Verizon are all on board but countless other ISPs either weren’t asked to join or decided not to participate in the project.

Needless to say, customers of ISPs such as Charter, CenturyLink and Cox have been comfortable that the entertainment companies won’t be sending warnings to them. Today they will have to think again.

It is not unusual for customers of any ISP to receive copyright infringement notices via email, in fact they are legally obliged to forward them at rightsholders’ request. However, in recent weeks there have been reports of customers of non-participating ISPs receiving DMCA notices with a special twist.

“Your ISP has forwarded you this notice. This is not spam. Your ISP account has been used to download, upload or offer for upload copyrighted content in a manner that infringes on the rights of the copyright owner. Your ISP service could be suspended if this matter is not resolved. You could be liable for up to $150,000 per infringement in civil penalties,” the notices begin.

What follows next is not a “strike”, but an offer of cash settlement to make any nasty legal proceedings go away.

“If you click on the link below and login to the Rightscorp, Inc. automated settlement system, for $20 per infringement, you will receive a legal release from the copyright owner,” the notice adds.

TorrentFreak has reported on Rightscorp’s activities before 1, 2. The company is not operating a scam, even if some people do find their activities unsavory.

However, what really piqued our interest are claims that Warner Bros., a company involved in the six-strikes campaign, are also working with Rightscorp on these cash settlement schemes. So we asked the studio if the reports are true.

“Yes. Warner Bros. is working with Digital Rights Corp on a test ISP/subscriber notification program to many ISPs that are not participating in the Copyright Alert System,” a Warner spokesman told TorrentFreak.

Although not mentioned specifically, the company said that the warnings being sent by Digital Rights Corp are for content that is already available through various authorized channels.

“The notices inform consumers that our content is readily available legitimately through multiple channels, including electronic sell through and video-on-demand services,” Warner add.

“The notices give consumers an opportunity to settle the identified infringement for a very nominal sum of $20 per title infringed–not as a measure of damage, but as a concrete reminder that our content has value and as a discouragement of future unauthorized activity.”

The warnings and demands for settlement are being tagged onto the end of regular DMCA notices and forwarded by ISPs. What this means is that although Warner and Rights Corp are managing to get a message to an account holder, they have absolutely no idea who that alleged infringer is. This means that if the account holder refuses to pay, it’s almost certain that no further action will be taken.

charterSome people, however, do pay. This post on Reddit details a case where an account holder paid Rights Corp $20.00 for an infringement of Warner copyrights but discovered that the matter was far from over.

After the initial payment, Rights Corp matched the notified (and settled) infringement with two others already on file. Since the guy had filled in his phone number, the company then called him up and asked for another $40.00 to clear his file.

TorrentFreak has discovered a few instances of these cash settlement demands, including the one above, which were sent by Charter Communications. It’s worth noting that while Warner stood by their actions and gave a statement, Charter failed to respond to multiple emails requesting comment.
http://torrentfreak.com/warner-bros-...e-isps-130607/





Danish Police Accuse Pirate Bay Swede

Danish police have identified Pirate Bay founder Gottfrid Svartholm Warg as the mastermind behind a hacker attack on the Danish police register of driving licence holders and wanted people across the EU.

The allegations emerged on Thursday in connection with charges pressed in a Copenhagen court against a 20-year-old Dane who is alleged to be the Swede's accomplice.

Stockholm District Court has previously confirmed that an arrest warrant has been issued for Svartholm Warg by the Danish authorities.

The 28-year-old is currently waiting on a court ruling in a case where he is accused of having gained access to personal data of thousands of people via the Swedish IT-firm Logica.

He is also suspected of aggravated fraud for having hacked into the Nordea bank and making several attempts to transfer money from others' accounts, one of which was successful.

Two other men from Malmö are also suspected of being accomplices to attempted aggravated fraud for allowing Svartholm Warg to use their accounts to carry about the bank transactions.

In April 2009 Svartholm Warg was found guilty of "assisting in making copyright content available" in the high-profile Pirate Bay trial. He was sentenced to a year's imprisonment and a 30 million kronor ($4.2 million) fine, to be shared with three co-defendants.

He was arrested at the request of Swedish authorities by Cambodian police in the capital Phnom Penh on August 30th 2012.
http://www.thelocal.se/48370/20130607/





The Aftermath Of Napster: Letting Incumbents Veto Innovation Slows Down Innovation Drastically
Mike Masnick

Last fall, law professor Michael Carrier came out with a really wonderful paper, called Copyright and Innovation: The Untold Story. He interviewed dozens of people involved in the internet world and the music world, to look at what the impact was of the legal case against Napster, leading to the shutdown of the original service (the name and a few related assets were later sold off to another company). The stories (again, coming from a variety of different perspectives) helps fill in a key part of the story that many of us have heard, but which has never really been written about: what an astounding chill that episode cast over the innovation space when it came to music. Entrepreneurs and investors realized that they, too, were likely to get sued, and focused their efforts elsewhere. The record labels, on the other hand, got the wrong idea, and became totally convinced that a legal strategy was the way to stem the tide of innovation.

The Wisconsin Law Review, which published Carrier's paper, asked a few people to write responses to Carrier's paper, and they recently published the different responses, including one from a lawyer at the RIAA, one from another law professor... and one from me. This post will be about my paper -- and I'll talk about the other papers in a later post. My piece is entitled When You Let Incumbents Veto Innovation, You Get Less Innovation. It builds on Carrier's piece, to note that the stories he heard fit quite well with a number of other stories that we've seen over the past fifteen years, and the way in which the industry has repeatedly fought innovation via lawsuits.

You can read the whole paper at the link above (or, if you prefer there's a pdf version). I talk about the nature of innovation -- and how it involves an awful lot of trial and error to get it right. The more trials, the faster what works becomes clear, and the faster improvement you get. But the industry's early success against Napster made that nearly impossible, and massively slowed down innovation in the sector. Yes, a few players kept trying, but it developed much more slowly than other internet-related industries. And you can see why directly in the Carrier paper, where entrepreneurs point out that it's just not worth doing something in the music space, because if you want to actually do what the technology enables, the kinds of things that are cool and useful and which consumers would really like... you'll get sued.

Take that away and you get less trial and error, and slower innovation (and less interesting innovation). Look where we are today, fifteen years later. We've basically reinvented radio and put it online. We're barely getting past that stage. You can read the whole paper for more on that, but I did want to highlight one key section in the paper: which is how the content industry always completely downplays the importance of the technology and services. Any time there's a successful new service -- whether it's iTunes or Netflix or Spotify or Pandora or YouTube -- you'll find stories about the incumbents trying to denigrate and mock it, or even outright kill it. They talk about how those services are "nothing without our content," and they get angry if any of those services make any money.

This is ridiculous. Yes, the content is important, but if it was just the content, then those services never would have become successful in the first place. The reason those services are successful was because they actually innovated and provided convenience, access, ease of use and other nice features that were missing before. Too many copyright maximalists simply can't bring themselves to admit that you need both the content and the services working together. When you trash those services, and attack them or try to saddle them with ridiculously high fees, you break down what works, and you actually drive more people to infringing alternatives. Here's a snippet from my discussion on this point (with footnotes removed):

Throughout all of this, a unique pattern emerged. The labels would always massively overvalue their own content, while simultaneously undervaluing the various innovative services. Phrases along the lines, “without our music, they’d be nothing” were heard frequently in arguing why it was all about the content. The truth, however, is that it was the combination of the two that were important. Yes, the services needed the music to work, but so too did the labels need these new services to adapt to a changing marketplace. This should have been obvious from the fact that people would flock to these new services, yet failed to show up to the record labels’ own attempts to innovate or provide something new. However, as soon as any service showed any kind of promise, even if “licensed,” the labels would seek to kill the golden goose by claiming that the rates were unfair, and the innovators were making money unfairly off the backs of the copyright holders (by which they meant the labels, not the musicians, of course).

Take, for example, the brief heyday of music video games like Guitar Hero and Rock Band. For a year or two, the recording industry fell head over heels in love with these games, because people were playing them quite a bit, and they were (briefly) willing to pay a slight premium to get access to music from well-known bands and musicians. Rather than build on that, the industry did two things: it focused all of its attention on those kinds of games, absolutely flooding the market and making people get sick of the game genre, and demanded much higher royalties.

The viewpoint seemed to be that there could be almost no benefits for the innovators. Nearly all of the benefits had to accrue to the labels, or it would be seen as a problem. In fact, the one exception that got through was iTunes, and that was quickly seen as a “problem” by the labels, even as it was dragging them, kicking and screaming, into the marketplace for digital music. The view is one of an extreme zero-sum world, where if someone else is benefiting, it must mean that the labels were losing out. They didn't even hide this view of the world. Doug Morris, then head of Universal Music (now head of Sony Music) explained to a Wired reporter that investing in new innovations that weren’t paying money upfront meant that “someone, somewhere is taking advantage of you.” As laid out in the article, Morris was uninterested in technology, and didn’t even know how to hire a competent technology person, so his focus was on making sure everyone paid up immediately. Anyone making money in the music world without first paying a massive cut were dubbed “thieves.”


I find this tragic. If the entertainment industry had recognized early on that the tech industry wasn't an enemy, but a provider of wonderful new tools and services that helped to expand their market, we'd be much further along. Getting these things right takes time and experimentation, but the legacy players refuse to accept that. They want a perfect solution that fully replaces their old business 100% (or more) without any disruption -- and they want to accrue all of the benefits, without any going to the actual innovators. That, of course, doesn't help anyone, least of all the actual content creators.

There's so much innovation and opportunity available in the music space -- it's just sad that we've only made baby steps since Napster, when we should be leaps and bounds further along.
https://www.techdirt.com/blog/innova...novation.shtml





Rhapsody Announces Napster Launch in 14 Countries Across Europe
Edgar Alvarez

As part of its Napster (and Napster International) acquisition from a while back, Rhapsody promised it would spread the music service across more places worldwide, with one of the many focuses being to have a stronger presence in Europe. Well, staying true to its word, Rhapsody's announcing today that it's bringing the ripened Napster to more countries in The Old Continent, such as France, Italy, Portugal, Spain, Switzerland and more. For those Euro folks interested, the Napster membership is set to cost €9.95 per month, which includes, among other things, offline features and unlimited streaming of over 20 million tunes on both desktop and mobile apps. But, hey, if you'd rather see how it stacks up against similar services first, then maybe you oughta take up Rhapsody on its 30-day free trial offer at the source link below.
http://www.engadget.com/2013/06/03/r...apster-europe/





Facebook App ‘Pipe’ Bets Big on File Sharing
Ryan Tate

The Berlin-based team behind Pipe. From left: Marco Rydmann, product; Simon Hossell, CEO; Philip Eggersglüb, operations. Photo: Pipe

After more than a year of beta testing, a Berlin startup’s sophisticated new Facebook app will launch today. The app, Pipe, melds peer-to-peer technology with your social graph to enable a cutting-edge new way to share… files?

Indeed, Pipe will be the only file transfer utility on Facebook. It allows two friends to send files of up to 1GB — 40 times the maximum attachment size on Gmail, Yahoo Mail, and Hotmail — by simply dragging and dropping them into Pipe. If one of the friends is offline, Pipe can keep the file in an online locker.

Pipe arrives at a time when it’s passé to help people grub about with something as low level as a file. Today’s hot startups enable the sharing of entire photo collections, music playlists, and personal digital “experiences.” Just ask Facebook CEO Mark Zuckerberg, who years ago ditched a Pipe-like file-sharing app called Wirehog to focus on the richer, social core of Facebook.

It’s been fashionable for decades to bet against files. At various points, apps were going to kill files, Apple’s iCloud was going to kill files, Netscape and Oracle were going to kill files — even Microsoft was working, at one point, on essentially killing its own Windows filesystem.

And yet files remain stubbornly popular. A huge portion of internet traffic, for example, is given over to the sharing of individual computer files via BitTorrent. The startup Dropbox has put files squarely at the center of its value proposition, thus turning itself into a $4 billion company (reportedly) and a crucial part of how people work with the very tablets that were supposed to render files obsolete.

And now comes Pipe, another big bet on files. A team led by former online music executive Simon Hossell has been working on the app since 2011. Whether the startup can find a profitable niche somewhere in the vast gulf between email attachments and web publishing remains to be seen. But it’s hard to dispute that it’s attacking an interesting problem: People still care deeply about files, forecasts to the contrary notwithstanding.
http://www.wired.com/business/2013/0...s-unstoppable/





Apple Lawyers Put Judge in Ebook Antitrust Case On Defensive

Trial started this morning to determine whether Apple conspired with publishers to fix ebook prices
Greg Sandoval

The trial to determine whether Apple conspired to fix ebook prices got off to a dramatic start today when Apple's attorneys raised questions about whether the company can receive a fair trial from a judge who they say appears to have already made up her mind about the case.

After hearing evidence presented by both sides for nearly a year, US District Judge Denise Cote offered her opinion during a pretrial hearing last week about the case — although she cautioned that it was a "tentative" view.

"I believe that the government will be able to show at trial direct evidence that Apple knowingly participated in and facilitated a conspiracy to raise prices of ebooks," Cote said last Thursday, "and that the circumstantial evidence in this case, including the terms of the agreements, will confirm that."

""All we want is a fair trial." "

Early in his opening arguments, Orin Snyder, an Apple lawyer, brought up the comments gently. He said the judge's "tentative view" wasn't "great for [his] client" and he asked Cote to forget any prior opinions she might have formed so that Apple receives justice. He prepared to move on when Cote stopped him and — just as gently — tried to reassure him that Apple will be treated fairly. She noted that her policy of reviewing the evidence during the pretrial phase was designed to speed up the case, a strategy that Apple agreed to. She told Snyder that she had only seen some of the evidence and would reserve judgment until she heard it all. She said that "this isn't a vote about whether I like Apple ... the deck isn't stacked against Apple unless the evidence stacks against Apple."

Snyder told Cote that Apple was grateful and "all we want is a fair trial."

The exchange followed opening arguments made by lawyers from the US Department of Justice. After the DOJ laid out scores of emails and outlined testimony from some of Apple's alleged co-conspirators, it's hard to fault the judge for having doubts about Apple's case.

""The deck isn't stacked against Apple unless the evidence stacks against Apple.""

According to the DOJ, the publishers and Apple set out in late 2009 to weaken Amazon's ability to compete on price and reduce its market share, which at the time was over 90 percent. The defendant publishers feared Amazon would one day possess enough market power to dictate pricing terms to them. Apple was interested in setting the table for the iPad and iBookstore, which would make their public debut in January 2010. The government alleges that Apple CEO Steve Jobs wanted to strip Amazon of the ability to discount ebook prices while ensuring that Apple would make a sales commission of 30 percent.

The trial is expected to last three weeks. Top executives from Amazon and Apple are expected to testify, including Eddy Cue, Apple's iTunes chief and the man the government accuses of herding the publishers into the agency model. Cue is due to take the stand on June 13. The case promises to provide many more revelations about how these internet superpowers tussled for control of the nascent US ebook market, which now generates $3 billion in sales annually.

Apple allegedly encouraged the five publishers to drop the century-old business practice of allowing retailers to price books, for one that handed all the pricing power to the publishers. Under the alleged scheme, retailers would become agents of the publishers and earn a commission on sales.

"DOJ lawyers showed an email from one publisher who called Jobs comments "incredibly stupid""

But the government says it was no coincidence the five publishers simultaneously decided to drop their former business model after 100 years. DOJ attorneys showed scores of emails and quoted from witness testimony to try and illustrate how Apple helped the publishers share confidential pricing information with each other so they could act in unison. Each needed reassurance from Apple that they wouldn't be acting alone, the DOJ says. According to documents filed with the court, Penguin CEO David Shanks acknowledged that Apple was the publishers' "facilitator and go-between."

The DOJ cited a statement Jobs made shortly after unveiling the iPad, in which he knew Apple's ebook prices, $12.99 and $14.99, would not be higher than Amazon's. When reporters noted that Amazon sold many ebooks for $9.99, Jobs said the prices would be the same. Carolyn Reidy, CEO of Simon and Schuster was aghast, according to DOJ lawyers. They showed an email that Reidy sent to an exec at her company that read "I can't believe Jobs made the statement ... Incredibly stupid." The government suggested that the publisher was critical because Jobs was exposing their conspiracy.

Snyder told the court the government has twisted facts to paint a sinister picture of Apple. First, the DOJ hasn't offered any direct evidence that Apple conspired, something that antitrust law requires. He noted that the threshold for finding liability is high and requires nothing short of a confession, which the government is far from possessing in this case. On the contrary, Apple denies the government's contention that it was coordinating a price-fixing scheme. He said Apple executives would testify they had no idea that the publishers were discussing pricing policies among themselves.

An email from Steve Jobs to Apple exec Eddy Cue, which the government says is proof that Apple wanted publishers to force Amazon to adopt agency model.

He ridiculed the government's assertion that the Most Favored Nation (MFN) clause within Apple's agreements with the publishers — a stipulation that guaranteed Apple would be given access to the lowest ebook prices offered by any other retailer — was anticompetitive. The DOJ has said that the MFN was intended to push the publishers into forcing Amazon to adopt the agency model and cease discounting ebooks. They wouldn't want to make less money from Apple. Snyder said, however, that the MFN was proof of Apple's innocence. "If the fix was in with the publishers," the attorney told the court, "why would Apple need an MFN?"

Snyder argued that the government was trying to rewrite antitrust law. He claimed that no case in history has imposed liability on a company in Apple's position: a newcomer to a sector, facing a dominate player (Amazon), ushering in a period of falling prices. Apple maintains that prices fell as a result of the agency agreements. As for the government's allegations that Apple encouraged the publishers to pressure Amazon to adopt the agency model, Snyder said he will show that Amazon was considering such a move well before Apple entered the market.

"The trial is expected to last three weeks"

Whatever the trial's outcome, Apple has little to gain and lots to lose. All five publishers accused of participating in the conspiracy over the past year settled with the DOJ. Those settlements require the publishers to free retailers from the agency agreements, which means merchants can again offer discounts on ebooks, and Apple no longer has any price protection. On the other hand, if Apple is found liable, numerous state attorneys general will require the company to pay damages. Representatives from Connecticut, Colorado, and Ohio were in court today. An unfavorable decision could also lay the foundation for class-action suits.

The full presentation of the government's case against Apple can be found on the Department of Justice's website.
http://www.theverge.com/2013/6/3/438...e-on-defensive





Google’s Copyright Policy Spawns Mega-Meta Art From China
Pete Brook

The Google Art Project allows art enthusiasts to visit distant museums online by scanning them with the same 15-lens camera rigs used by Google Street View. Due to copyright restrictions, however, certain paintings needed to be blurred, just like faces are in GSV.



British artist Phil Thompson was intrigued by the foggy interruptions. His project Copyrights is his exploration of Google’s grand, utopian exercise in bringing culture to the masses. For it, Thompson makes screen grabs of the blurred images in his browser window, sends them to the Dafen Oil Painting Village in China (a company that makes acrylic paintings of absolutely anything to order) and then exhibits those works in a gallery.

“I am really interested in glitches; the moments when things fail and reveal themselves,” says Thompson.

The Google Art Project currently displays over 45,000 artworks by nearly 10,000 artists across 261 collections. It allows anyone to explore the halls of art meccas such as the Louvre and Tate Modern and take in their favorite Bruce Nauman or Caravaggio.

However, despite the hundreds of official partnerships Google has made with institutions, the Google Art Project must blur artworks that are copyright protected. Usually, it’s works that are not in institutions’ permanent collections that are hazed. Copyrights is meant to ask questions about the commodification and global reach of art as it is pushed through our digital lives.

“I managed to find out what the original works were behind some of the blurs, but ultimately decided that the piece worked better without revealing what the originals are,” he says. “I wanted the new blurred images to exist as things in themselves.”

Copyrights is not poking fun at Google’s Achilles’ heel; it’s an investigation into the images at our fingertips. Born in 1988, Thompson explains that he’s spent most of his life on the internet and is a huge fan of Google’s all-seeing exercises to map and see the world.

“The internet provides a huge amount of material which otherwise would be unattainable to most people,” he says. “It has led to a lot of creativity — whether it is with memes or highly skilled photoshop jobs — everyone is now able to create and edit images.”

Artists have found rich content amid Google’s shifting representations. Thompson particularly appreciates interventions that “that flips between virtual and real in order to investigate how they intertwine” such as art by Aram Bartholl, Andreas Rutkauskus and Andrew Norman Wilson’s play within Google Books, ScanOps.

The blurred artworks in the Google Art Project look like glitches, but exist due to pragmatic legal decisions and stem from Google’s immersive method of documenting museum and gallery spaces.

“The way in which the user interacts with the art works [of the Google Art Project] is quite unusual. Instead of presenting the art works as standard online images, Google attempts to recreate the act of walking through the gallery by using the same technology as Google Street View. This attempt at trying to make the experience more ‘real,’ in fact makes it seem even more strange.”

By presenting paintings — physical objects — of the Google Art Project blurred artworks, Copyrights in some ways completes the bizarre loop and simulates the online viewing experience in real space.

The role that anonymous Chinese painters had in the creation of Copyrights is significant and Google’s relationship with China and issues of internet freedom fascinate Thompson. He has worked in China both with and without a VPN channel and found the contrast between available websites is vast.

Google protested the SOPA and PIPA bills in the U.S. yet take a different approach to internet censorship in China.

“Google’s position in China has been greatly compromised, especially recently, given their decision to stop displaying warning messages about censorship,” explains Thompson. “Obviously the paintings in the Copyrights series are censored through the Art Project program itself. However, by getting the works painted in China the aim was to reflect the censorship of Google itself within China.”
http://www.wired.com/rawfile/2013/06...art-copyright/





Google Says it Won’t Approve Any Glass Apps with Facial Recognition Until it Has Protections in Place
Matthew Panzarino

Today, Google posted a notice to its Google Glass channel on G+ that lays out its plan to prevent abuse of facial recognition on the head-mounted computer. Its solution? Reject any Glassware that uses it until they have proper protections in place.

Since Glass began hitting people’s faces, the questions about how a wearable camera with a computer attached would affect privacy have been ramping up. Specifically, facial recognition technology jumped out as a concern. If Google Glass can take HD video of you, why couldn’t it match your face up with a G+ profile or other data set and allow the user access to more information at a ‘glance’ than you’d care to give them?

Now, Google has outlined an official policy about Glassware with facial recognition elements:

When we started the Explorer Program nearly a year ago our goal was simple: we wanted to make people active participants in shaping the future of this technology ahead of a broader consumer launch. We’ve been listening closely to you, and many have expressed both interest and concern around the possibilities of facial recognition in Glass. As Google has said for several years, we won’t add facial recognition features to our products without having strong privacy protections in place. With that in mind, we won’t be approving any facial recognition Glassware at this time.

We’ve learned a lot from you in just a few weeks and we’ll continue to learn more as we update the software and evolve our policies in the weeks and months ahead.


The updated developer policies on Google’s Glass developer site has added a new clause that states:

Don’t use the camera or microphone to cross-reference and immediately present personal information identifying anyone other than the user, including use cases such as facial recognition and voice print. Applications that do this will not be approved at this time.

As part of its response to congressional concerns over Glass privacy, Google has also codified its statement that it won’t allow the display to turn off while shooting an image or video. That’s now a hard rule as well. Google also added the Android section on content policies that cover things like gambling, viruses, hate speech and more.

Google engineers said something similar during an I/O session about Glass. Our own Alex Wilhelm reported on the facial recognition question:

Facial recognition is something that Google has worked on. They can imagine it existing through a third party. The company appeared to decline stating that they would build it themselves, likely to avoid painfully ignorant headlines. The company is “not scared” of it, but wants to ensure that it has clear user benefit.

Obviously wearable computing that combines camera technology, an always-on connection and a computing platform poses a bunch of privacy and security challenges, not just facial recognition. But it appears that Google has been feeling enough heat about this particular feature to ban the apps until they can get a policy in place.

Note that this official policy applies to apps that are ‘Glassware’. That means that they use the Mirror API and are installed via a web interface. These apps have limited access to the hardware and must be allowed by Google. Developers can build whatever native apps they like, root the device and install them directly. Google has even stated that it is working on a native API for Glass. But, for now, the official channel for facial recognition apps is closed.

I’ve been using Glass myself and have some mixed feelings about it. I’m not bullish or bearish on it, but find it interesting and something definitely worth ‘pulling the string’ on, to borrow Tim Cook’s phrase. There are some very interesting applications here, but it’s definitely a ‘far future’, not ‘near future’ technology.
http://thenextweb.com/google/2013/06...ions-in-place/





Researchers Say They Can Hack Your iPhone With A Malicious Charger

Careful what you put between your iPhone and a power outlet: That helpful stranger’s charger may be injecting your device with more than mere electrons.
Andy Greenberg

At the upcoming Black Hat security conference in late July, three researchers at the Georgia Institute of Technology plan to show off a proof-of-concept charger that they say can be used to invisibly install malware on a device running the latest version of Apple’s iOS.

Though the researchers aren’t yet sharing the details of their work, a description of their talk posted to the conference website describes the results of the experiment as “alarming. Despite the plethora of defense mechanisms in iOS, we successfully injected arbitrary software into current-generation Apple devices running the latest operating system (OS) software,” their talk summary reads. “All users are affected, as our approach requires neither a jailbroken device nor user interaction.”

The researchers’ malicious charger, which they’re calling “Mactans” in what seems to be a reference to the scientific name of the Black Widow spider, is built around an open-source single-board computer known as a BeagleBoard, sold by Texas Instruments for a retail price of around $45. “This hardware was selected to demonstrate the ease with which innocent-looking, malicious USB chargers can be constructed,” the researchers write.

It’s not clear just how convincing that charger will be, of course, given that a three-inch square BeagleBoard can’t fit into the smaller power adaptors Apple sells for charging its gadgets, like the one shown above. But a BeagleBoard could be hidden in a docking station or external battery, and the team hints that others with more resources may be able to advance their work: “While Mactans was built with [a] limited amount of time and a small budget, we also briefly consider what more motivated, well-funded adversaries could accomplish.”

When I spoke by phone Friday with Yeongjin Jang, one of the Georgia Tech researchers, he told me that the team had contacted Apple about their exploit, but hadn’t yet heard back from the company, and declined to comment further. I reached out to Apple, too, and will update this post if the company responds.

The researchers write that their attack can compromise an iOS device running the most recent version of Apple’s mobile operating system in less than a minute. They add that they can also demonstrate that the malware infection resulting from their malicious charger is persistent and tough to spot. “We show how an attacker can hide their software in the same way Apple hides its own built-in applications,” reads their description.

The Georgia Tech researchers would be far from the first to hack iOS devices via their USB connections. The devices’ combined data and power port has been the most common point of entry for hackers seeking to jailbreak their devices to remove Apple’s default restrictions on their devices. The “evasi0n” jailbreak released by a group of iOS hackers in February, for instance, took advantage of a flaw in iOS’s mobile backup system as well as four other bugs to dismantle the devices’ security measures.

That jailbreak was used more than 18 million times by iOS users eager to hack their iPhone, iPads and iPod touches before Apple updated their software to block the exploit in March. Given that Georgia Tech is demonstrating a far less friendly technique, expect Apple to move fast to patch the bugs they’re exposing.

Stay tuned for more as the Black Hat conference approaches.
http://www.forbes.com/sites/andygree...cious-charger/





China Has 'Mountains of Data' About U.S. Cyber Attacks: Official

China's top Internet security official says he has "mountains of data" pointing to extensive U.S. hacking aimed at China, but it would be irresponsible to blame Washington for such attacks, and called for greater cooperation to fight hacking.

Cyber security is a major concern for the U.S. government and is expected to be at the top of the agenda when President Barack Obama meets with Chinese President Xi Jinping in California on Thursday and Friday.

Obama will tell Xi that Washington considers Beijing responsible for any cyber attacks launched from Chinese soil and must take action to curb high-tech spying, White House officials said on Tuesday.

China's Internet security chief complained that Washington used the news media to raise cyber security concerns which would be better settled through communication, not confrontation.

"We have mountains of data, if we wanted to accuse the U.S., but it's not helpful in solving the problem," said Huang Chengqing, director of the National Computer Network Emergency Response Technical Team/Coordination Center of China, known as CNCERT.

"They advocated cases that they never let us know about," Huang said in comments on Tuesday and carried by the government-run China Daily newspaper on Wednesday.

"Some cases can be addressed if they had talked to us, why not let us know? It is not a constructive train of thought to solve problems."

CNCERT has instead co-operated with the United States, receiving 32 Internet security cases from the United States in the first four months of 2013, and handling most promptly, except for a few that lacked sufficient proof, Huang said.

Designs for more than two dozen major U.S. weapons systems have been compromised by Chinese hackers, the Washington Post reported late last month.

The compromised designs included combat aircraft and ships, as well as missile defense systems vital for Europe, Asia and the Gulf, the newspaper said, citing a report prepared for the U.S. Defense Department by the Defense Science Board.

Huang did not deny the report, but suggested that if the U.S. government wants to keep weapons programs secure, it should not allow them to be accessed online.

"Even following the general principle of secret-keeping, it should not have been linked to the Internet," Huang said.

Cyber attacks from the United States have been as serious as the accusations from Washington, Huang said

CNCERT, which issues a weekly report on cyber attacks against China, says that 4,062 U.S.-based computer servers hijacked 2.91 million mainframe computers in China.

(Reporting by Terril Yue Jones; Editing by Michael Perry)
http://www.reuters.com/article/2013/...95404L20130605





Espionage Malware Infects Raft of Governments, Industries Around the World

"NetTraveler" stole data on space exploration, nanotechnology, energy, and more.
Dan Goodin

Security researchers have blown the whistle on a computer-espionage campaign that over the past eight years has successfully compromised more than 350 high-profile targets in 40 countries.

"NetTraveler," named after a string included in an early version of the malware, has targeted a number of industries and organizations, according to a blog post published Tuesday by researchers from antivirus provider Kaspersky Lab. Targets include oil industry companies, scientific research centers and institutes, universities, private companies, governments and governmental institutions, embassies, military contractors and Tibetan/Uyghur activists. Most recently, the group behind NetTraveler has focused most of its efforts on obtaining data concerning space exploration, nanotechnology, energy production, nuclear power, lasers, medicine, and communications.

"Based on collected intelligence, we estimate the group size to about 50 individuals, most of which speak Chinese natively and have working knowledge of the English language," the researchers wrote. "NetTraveler is designed to steal sensitive data as well as log keystrokes, and retrieve file system listings and various Office of PDF documents."

The highest number of infections were found in Mongolia, followed by India and Russia. Other countries with infections include Kazakhstan, Kyrgyzstan, Tajikistan, South Korea, Spain, Germany, the United States, Canada, the United Kingdom, Chile, Morocco, Greece, Belgium, Austria, Ukraine, Lithuania, Belarus, Australia, Hong Kong, Japan, China, Iran, Turkey, Pakistan, Thailand, Qatar, and Jordan. The earliest known samples of the malware are dated 2005, but there are references that indicate it existed as early as 2004, Kaspersky said. The largest number of observed samples were created from 2010 to 2013.

Six of the NetTraveler victims were also compromised by Red October, the much larger espionage campaign that went undetected for five years. With more than 1,000 distinct modules, the operators were able to craft highly advanced infections that were tailored to the unique configurations of infected machines and the profiles of those who used them.

For a much deeper dive into NetTraveler, see the full Kaspersky report.
http://arstechnica.com/security/2013...und-the-world/





Exclusive: Microsoft, FBI Take Aim at Global Cyber Crime Ring
Jim Finkle

Microsoft Corp and the FBI, aided by authorities in more than 80 countries, have launched a major assault on one of the world's biggest cyber crime rings, believed to have stolen more than $500 million from bank accounts over the past 18 months.

Microsoft said its Digital Crimes Unit on Wednesday successfully took down at least 1,000 of an estimated 1,400 malicious computer networks known as the Citadel Botnets.

Citadel infected as many as 5 million PCs around the world and, according to Microsoft, was used to steal from dozens of financial institutions, including: American Express, Bank of America, Citigroup, Credit Suisse, eBay's PayPal, HSBC, JPMorgan Chase, Royal Bank of Canada and Wells Fargo.

While the criminals remain at large and the authorities do not know the identities of any ringleaders, the internationally coordinated take-down dealt a significant blow to their cyber capabilities.

"The bad guys will feel the punch in the gut," said Richard Domingues Boscovich, assistant general counsel with Microsoft's Digital Crimes Unit.

Botnets are armies of infected personal computers, or bots, which run software forcing them to regularly check in with and obey "command and control" servers operated by hackers. Botnets are typically used to commit financial crimes, send spam, distribute computer viruses and attack computer networks. (See graphic link.reuters.com/vem68t)

Citadel is one of the biggest botnets in operation today. Microsoft said its creator bundled the software with pirated versions of the Windows operating system, and used it to control PCs in the United States, Western Europe, Hong Kong, India and Australia.

The U.S. Federal Bureau of Investigation told Reuters it is working closely with Europol and other overseas authorities to try to capture the unknown criminals. The FBI has obtained search warrants as part of what it characterized as a "fairly advanced" criminal probe.

"We are upping the game in our level of commitment in going after botnet creators and distributors," FBI Assistant Executive Director Richard McFeely said in an interview.

"This is a more concerted effort to engage our foreign partners to assist us in identifying, locating and - if we can - get U.S. criminal process on these botnet creators and distributors."

Microsoft has filed a civil lawsuit in the U.S. District Court in Charlotte, North Carolina against the unknown hackers and obtained a court order to shut down the botnets. The complaint, unsealed on Wednesday, identifies the ringleader as John Doe No. 1, who goes by the alias Aquabox and is accused of creating and maintaining the botnet.

Boscovich said investigators are trying to determine Aquabox's identity and suspect he lives in eastern Europe and works with at least 81 "herders," who run the bots from anywhere in the world.

The Citadel software is programmed so it will not attack PCs or financial institutions in Ukraine or Russia, likely because the creators operate in those countries and want to avoid provoking law enforcement officials there, Microsoft said.

FINDING 'JOHN DOE'

According to Microsoft, Citadel was used to steal more than $500 million from banks in the United States and abroad, but the company did not specify losses at individual accounts or firms.

The American Bankers Association, one of three financial industry groups that worked with Microsoft, said any success in reducing the number of active Citadel Botnets will reduce future losses incurred by banks and their customers.

"I am hopeful we have a model that will allow us to get closer and closer to those who are the ultimate perpetrators of these crimes," said ABA Vice President Doug Johnson.

In the United States, banks typically reimburse consumers when they are victims of cyber crime, but they may require business customers to absorb those losses, the ABA said.

Microsoft's team of digital detectives, who are based at corporate headquarters in Redmond, Washington, have been involved in seven efforts to attack botnets since 2010. Wednesday's marked its first collaboration with the FBI.

The software maker sought help from the FBI about 10 days ago. At that time the agency told Microsoft that it had already done significant work on a criminal probe into the Citadel Botnets, the FBI's McFeely said.

Microsoft said it and the FBI are working with law enforcement and other organizations in countries including: Australia, Brazil, Ecuador, Germany, Holland, Hong Kong, Iceland, India, Indonesia, Spain and the United Kingdom.

Of the more than 1,000 botnets that were shut down on Wednesday, Microsoft said 455 were hosted in 40 data centers in the United States. The rest were located in dozens of countries overseas.

Technicians from Microsoft, accompanied by U.S. Marshals, visited two U.S. data centers in Scranton, Pennsylvania and Absecon, New Jersey to collect forensic evidence.

Boscovich said the data center operators typically are not aware that their servers are being used to run botnets. "There is no responsibility on their part to see what is in the pipes," he said.

DEJA ZEUS

It was the second time Microsoft's Digital Crimes Unit sought to bring down a large number of botnets at once. In March 2012 it targeted hundreds of Zeus botnets, which use similar software and infrastructure as Citadel, though they were not as sophisticated.

That effort succeeded in shutting just a quarter of the approximately 800 targeted Zeus command and control servers, according to Microsoft. Zeus is not controlled by a single developer like Citadel, which made it harder for investigators to track and knock out herders.

Cyber criminals typically infect machines by sending spam emails containing malicious links and attachments, and by infecting legitimate websites with computer viruses that attack unsuspecting visitors. Some bot herders rent or sell infected machines on underground markets to other cyber criminals looking to engage in a wide variety of activities.

The Citadel software disables anti-virus programs on infected PCs so they cannot detect malicious software. It surfaced in early 2012 and is sold over the Internet in kits that cost $2,400 or more.

Boscovich said he believes that Aquabox also gets a percentage of money stolen by his customers using Citadel.

These kits allow herders to easily set up and run botnets on pirated versions of Microsoft's Windows XP operating system, according to court documents. The kits include modules for infecting PCs, as well as stealing from online banking sites, sending spam and engaging in other types of cyber crime.

Some Citadel Botnet operators have used infected machines to disrupt bank websites in so-called distributed denial of service attacks, hoping to distract those firms from thefts that are occurring or have occurred, according to the complaint.

Aquabox provided herders a secret forum where they could suggest new features for the Citadel kits, as well as exchange ideas on best practices in botnet herding, Microsoft said.

(Reporting by Jim Finkle; Editing by Tiffany Wu and Leslie Gevirtz)
http://www.reuters.com/article/2013/...9541KO20130605





American Gets Targeted by Digital Spy Tool Sold to Foreign Governments
Kim Zetter

The email appeared to come from a trusted colleague at a renowned academic institution and referenced a subject that was a hot-button issue for the recipient, including a link to a website where she could obtain more information about it.

But when the recipient looked closely at the sender’s email address, a tell-tale misspelling gave the phishing attempt away — the email purported to come from a professor at Harvard University, but instead of harvard.edu, the email address read “hardward.edu”.

Not exactly a professional con-job from nation-state hackers, but that’s exactly who may have sent the email to an American woman, who believes she was targeted by forces in Turkey connected to or sympathetic to the powerful Gülen Movement, which has infiltrated parts of the Turkish government.

The email contained a link to a web site in Turkey, where a malicious downloader file was waiting to install on her computer — a downloader that has been connected in the past to a spy tool purportedly sold exclusively to law enforcement and intelligence agencies around the world.

The woman, who asked to remain anonymous because she’s concerned about retaliation, sensed the email was a fraud and did not follow the link. Instead, the email was passed to researchers at digital forensics firm Arsenal Consulting, who set up a honeypot to visit the Turkish web site and obtained the downloader.

Though investigators didn’t obtain the file that the downloader was supposed to install, analysis of it showed that it was the same downloader that has been used in the past to install Remote Control System (RCS), a spy tool made by the Italian company Hacking Team and sold to governments. A digital certificate used to sign the downloader has also been used in the past with Hacking Team’s tool.

“It was the first hint that this was connected to Hacking Team and RCS,” Mark. G. Spencer, president of Arsenal, told Wired.

Hacking Team asserts that it sells the RCS tool only to law enforcement and government security agencies for lawful intercept purposes, but it has reportedly been used against activists and political dissidents in Morocco and the United Arab Emirates and possibly elsewhere, an issue for which Hacking Team has been severely criticized.

The company touts in marketing literature that the tool evades encryption and bypasses antivirus and other security protections to operate completely invisibly on a target’s machine.

The RCS tool, also known as DaVinci, records text and audio conversations from Skype, Yahoo Messenger, Google Talk and MSN Messenger, among other communication applications. It also steals Web browsing history and can turn on a computer’s microphone and webcam to record conversations in a room and take photos. The tool relies on an extensive infrastructure to operate and therefore is not easily copied and passed to non-government actors outside that infrastructure to use for their own personal spy purposes, according to a Hacking Team spokesman.

Spencer says there’s no definitive proof pointing to who is behind the attempted hack of the American woman, but notes there is circumstantial evidence that warrants further attention.

“We have an email, a purported sender, and a target all critical of the Gülen movement. We have professional malware launched from a server in Turkey. You can take it from there,” Spencer said.

Turkey is a member of the North Atlantic Treaty Organization alliance. If authorities there were behind the hack attack, it would mean that a NATO ally had attempted to spy on a U.S. citizen on U.S. soil, presumably without the knowledge or approval of U.S. authorities, and for reasons that don’t appear to be related to a criminal or counter-terrorism investigation.

Mustafa Kemal Sungur, a spokesman for the Turkish Embassy in Washington, DC, said he had no comment on the allegations.

Hacking Team spokesman Eric Rabe would not say if Turkey is a customer of its software, only that Hacking Team sells to “several dozen countries.”

Speaking generally, he said the company will investigate cases where it believes clients may have used its software in an illegal manner or in a manner that violates the terms of service, and that if a customer is found to be using its software in an illegitimate manner, Hacking Team has ways to render the software useless by halting updates to it.

“If we don’t update the software pretty regularly, antivirus programs will detect the software and it will be useless to the agencies,” he said, referring to tweaks and obfuscations the company adds to the program to thwart detection.

The woman believes she was targeted because she’s an outspoken critic of Turkish charter schools in the U.S. that are run by supporters of the Gülen Movement, a secretive organization led by charismatic Turkish imam and scholar Fethullah Gülen, who resides in exile in Pennsylvania. She believes the email was sent to an anonymous email address she uses in an attempt to identify her and gain access to her private data and communications in order to try to discredit her.

The Gülen Movement has millions of supporters around the world and is behind a network of schools operated in more than 100 countries, including a string of charter schools in the U.S. But critics say that members of the movement have heavily infiltrated the Turkish judicial system and the police intelligence services with the aim of increasing Islamic influences in Turkey and pushing the country in a more conservative direction. Members of the movement are accused of using government and media connections to retaliate against and discredit opponents, including using trumped-up charges to get them jailed.

“We are troubled by the secretive nature of the Gülen movement, all the smoke and mirrors,” an anonymous U.S. official told the New York Times last year. “It is clear they want influence and power. We are concerned there is a hidden agenda to challenge secular Turkey and guide the country in a more Islamic direction.”

The woman who received the phishing attempt says she’s been warned against traveling to Turkey due to her outspoken criticism of the movement’s charter schools.

“I’ve been told by a U.S. official that I should never travel to Turkey, that it would be dangerous for me,” she told Wired.

The body of the email she received read, “Hi, There is a new site about Gülen movement. It is http://www.hizmetesorulanlar.org/homepage.html. Also you should read an essay which I sent. (passwprd:12345).”

The email was signed by a Harvard professor who has written and spoken publicly about the Gülen movement in the past, but the URL in the email actually went to a different web site than the one cited — a poorly designed GeoCities-type page in Turkey with the URL www.mypagex.com/fileshare/questions/main.html.

When Spencer’s team visited the latter web site with a test machine, a malicious Flash component called Anim.swf that appeared to be part of a multi-stage attack got installed on their machine.

“It’s really nice and impressive code,” Spencer told Wired.

This component gathered intelligence about the infected machine’s operating system and browser and was programmed to then download a second-stage Flash attack. Spencer’s team didn’t get a look at the second part, however, because the file was removed from the site before they could grab it. They were, however, able to grab half-a-dozen other components that were stored in folders on the site before being removed. These included the downloader file, an executable program that was designed to grab screenshots from targeted systems and send them to a command-and-control server in Turkey. It was also designed to download another tool, which Spencer believes may have been the main RCS spykit, though he can’t say for certain since the attack wasn’t completed.

The downloader file was digitally signed with a certificate issued to an individual named Kamel Abed. GlobalSign, the certificate authority that issued the certificate, told Wired that the company issued the certificate last November after receiving a legitimate application. The certificate was revoked February 12 after GlobalSign learned of its misuse, following a report by Kaspersky Lab that tied the certificate to Hacking Team’s spy tool.

“The certificate was revoked as soon as our community contacts made us aware of the usage of the key for reasons we do not permit,” GlobalSign CEO Steve Waite said in an email. “We conduct revocation investigations 24/7, and in this case the revocation happened quickly.”

He would not say whether Abed himself had misused the certificate or if someone had stolen it from him to sign the malicious downloader, but he said that GlobalSign revoked the certificate after trying to contact the subscriber to discuss it with him and was unable to reach him.

Asked if Hacking Team had ever been issued a certificate in the name of Kamel Abed or used such a certificate to sign its spy tools, spokesman Rabe said only, “Kamel Abed is a common Arab name, and I‘m not going to comment further than that.”

Arsenal contacted Nicolas Brulez, principal security researcher at Kaspersky Lab, to examine the downloader file and certificate. Kaspersky has written extensively about Hacking Team’s tools in the past, and Brulez found that the downloader code and Kamel Abed certificate were identical to another downloader known to have been used with the RCS spykit in the past. He also found test code in the downloader file that matched exactly test code found in a component of the RCS spykit, and the two files used the same encryption algorithm to communicate with the command-and-control server. There were other similarities and exact matches as well, all of which led Brulez to conclude, “The guy who made the downloader that Arsenal found also made the RCS.”

Brulez believes the downloader is used by the attackers to first gather intelligence about a victim before determining if they want to send the entire RCS package to the machine. He also believes the RCS tool would have been installed on the U.S. victim’s machine through a zero-day Flash exploit that was used against other RCS victims around the same time she was targeted, before Adobe patched it.

Kaspersky has detected at least 50 incidents of RCS infections on computers in Italy, Mexico, Kazakhstan, Saudi Arabia, Turkey, Argentina, Algeria, Mali, Iran, India and Ethiopia.

Hacking Team came under fire last year after a number of security researchers linked the company’s spy kit to hacks that targeted political activists in Morocco and the United Arab Emirates for purposes of spying on and silencing dissenters.

In Morocco, an activist group known as Mamfakinch was reportedly a target of government spying in that country through use of Hacking Team’s software. And Ahmed Mansoor, an activist from the United Arab Emirate who was jailed for seven months in 2011 with four other activists on charges that they insulted the country’s vice president and threatened state security, was also reportedly targeted with the software.

Rabe called the claims “largely circumstantial,” but wouldn’t elaborate.

The company did investigate the claims, he said, but he wouldn’t disclose the outcome of the investigation.

“There are circumstances where we have refused to work with clients based on our examination of what they were doing or what we thought they were doing,” he said, but he would not say if Morocco and the UAE had been dropped as clients as a result of the allegations.

He said the company is careful about who it sells its software to, and won’t sell it to every country.

“We do our best to know who the agencies are and who the governments are who we’re selling to. There are certain governments we do not sell our software to,” he said, though he wouldn’t identify any countries that had been rejected.

Situations in which someone might abuse the software to spy on innocent people is something that “concerns” the company, he said, though he admits there is little Hacking Team can do to prevent it.

“We know how powerful is the tool that we’ve developed, so we’re doing our best to make sure it doesn’t get abused,” he said.”[b]ut there is a limit to how we can control what someone does with the software.”
http://www.wired.com/threatlevel/201...o-governments/





Brooks Pleads Not Guilty to Hacking Charges
AP

The former chief executive of Rupert Murdoch's News International on Wednesday denied all charges against her related to phone hacking.

Rebekah Brooks answered "not guilty" in a firm voice at a court hearing at London's Southwark Crown Court, where she appeared along with a dozen others, mostly former News International employees, facing similar charges over the scandal that rocked Britain's establishment.

Also in the dock were Brooks's husband, Charlie, and former News of the World royal reporter Clive Goodman, who like Brooks entered pleas of "not guilty" and also will face criminal trials.

Brooks is accused along with others of intercepting voicemail messages, conspiracy to commit misconduct involving public officials and obstructing a police investigation by withholding evidence.

The phone hacking scandal erupted in 2011, after it was revealed that journalists at News International's now-shuttered News of the World tabloid routinely hacked into the voicemail messages of the rich, the powerful and other potential information sources.

The scandal spawned a police investigation and a host of official inquiries. Allegations of wrongdoing have since spread to other papers outside the Murdoch empire, and scores of journalists, police officials, and executives have been arrested or dismissed from their jobs.
https://www.nytimes.com/aponline/201...e-hacking.html





A Feature Film, Starring Google
Claire Cain Miller

Coming soon to a theater near you: an advertisement for Google, in the form of a feature film.

“The Internship” is a comedy starring Vince Vaughn and Owen Wilson as two washed-up, laid-off salesmen who get internships at Google. They have no tech experience and, past 40, are ancient by Silicon Valley standards.

The movie is funny in parts, predictable in others, but underlying it all is an extended product placement for all things Google.

“Imagine the greatest amusement park you’ve ever been to as a kid,” Mr. Wilson’s character says upon arriving on Google’s campus. “Now imagine nothing like it and a million times better. That’s where we are.”

Shawn Levy, the film’s director, said at the San Francisco premiere that the movie was irreverent and that he was not trying to serve any agenda other than entertainment. “There was no way to do this movie well if the company wasn’t willing to have a sense of humor about themselves,” he said.

Still, there are lines that sound as if they were written by Google’s marketing department instead of by the screenwriters, Mr. Vaughn and Jared Stern.

Mr. Wilson’s love interest in the movie earnestly explains that she works such long hours because she believes that Google is making the world a better place. At one point, a character says, “You can actually have the same tabs open across all your devices” — which happens to be one of the features of the Chrome browser that Google is trying to promote.

And when a character asks for a definition of Googliness, a word that Google employees actually use to describe one another, someone replies, “The intangible stuff that made a search engine into an engine for doing good.”

Even if the marketing department did not write those lines, it did create the closing credits sequence, in which nearly every Google product makes an appearance, like Gmail, YouTube, Hangouts and Now to Drive. It was made by the Google Creative Lab, which also prepares Google’s ads.

And all the typical Google perks have cameos. Mr. Wilson’s love interest picks up her dry cleaning at the office and they flirt in nap pods. And when Mr. Vaughn’s character first orders coffee and discovers it’s free, he adds seven bagels to his order. There is even a chase scene on Google’s primary-color bikes.

Lorraine Twohill, Google’s vice president of global marketing, said at the premiere that Mr. Vaughn approached Google with the idea two years ago, and the company agreed. The marketing department worked with the film’s producers throughout the process and read the script. Mr. Levy said that Google did not have editorial control and that much of the final film was improvised by Mr. Vaughn and Mr. Wilson anyway.

Still, according to news reports, Google had some veto power: it jettisoned a scene in which one of its driverless cars crashed. (Instead, as the two stars stare at the empty driver’s seat, Mr. Wilson’s character says, “It’s scary because it’s new.”) Yet Google didn’t step in with other elements, like the Google employee who moonlights at a strip club.

Google clearly thinks the film can do wonders for recruiting. Last month, Larry Page, Google’s chief executive, said the company had participated because the movie made computer science cool and might encourage people to pursue it. Last week, Google drove employees and interns in buses to see the movie, drink at an open bar and see Mr. Vaughn, Mr. Wilson and Mr. Levy in person. (Ms. Twohill, though, was quick to tell the interns that the movie did not portray real life at Google.)

“The Internship” depicts Google as some dreamy foreign land. Mr. Levy said he shot the first part of the movie, before arriving at Google, without much color, to paint Google as the Emerald City.

Though only some scenes were shot on Google’s Silicon Valley campus, and the rest at Georgia Tech, many of the surprising details are realistic. Self-driving cars really do drive by, and Sergey Brin, one of Google’s co-founders, really does randomly show up riding an elliptical bike in workout clothes.

Other details, not so much. For instance, moviegoers may be disappointed to discover when they search for a 1-800 number that Google has no help line for questions about all its products.
http://bits.blogs.nytimes.com/2013/0...arring-google/





The Distasteful Side of Social Media Puts Advertisers on Their Guard
Tanzina Vega and Leslie Kaufman

As social media sites pursue advertising in a bid for new revenue, they are finding that they must simultaneously create a safe space for the advertisers they attract.

With the money, they are discovering, comes responsibility.

Facebook learned that the hard way last week. After failing to get the social network to remove pages glorifying violence against women, feminist activists waged a digital media campaign that highlighted marketers whose ads were found alongside those pages. Nissan and several smaller advertisers temporarily removed their ads from the site.

As public pressure mounted, Facebook acknowledged that its systems to identify and remove such content had not worked effectively and promised to improve those processes. The company began removing the pages in question.

The episode underscored a conundrum for social media sites forged from the philosophy that free speech should thrive on the Internet: will they be able to control content created by their users, so that advertisers are not embarrassed by material beyond their control?

“Certainly advertisers have a singular purpose, they want to reach consumers in a positive way,” said David Reuter, the vice president for corporate communications at Nissan Americas. “It is up to the social companies to create an environment that provides that level of support and safety for the companies.”

Nissan immediately began working with Facebook to find a solution, Mr. Reuter said, and the brand has resumed advertising on the site. Mr. Reuter praised Facebook for acting quickly and said the company “assured us that Nissan will be able to opt out of advertising on any pages that may be deemed offensive.”

Dove, another brand that activists cited for having ads on Facebook pages denigrating women, said in a statement that it was working with Facebook to have such pages removed. “We are also refining our targeting terms in case any further pages like these are created,” said Stacie Bright, global director of marketing communications for Dove, which is owned by Unilever. “Facebook advertising targets people’s interests, not pages, and we do not select the pages our adverts appear on.”

Exactly how advertisers will be able to prevent their brands from appearing on Facebook pages with offensive content is unclear. Sarah Feinberg, director of policy communications at Facebook, declined to offer specifics about how advertisers would be able to better manage where their ads appear but said that Facebook had a policy that “if a page is flagged as controversial, there are not ads on those sites.” The site, she said, does not pre-emptively identify content as controversial until it is reported.

While traditional media companies have provided advertisers with more predictable ad positions — during a certain television show, for instance, or in specific pages of a magazine — the level of control that marketers have over online display ads is not as precise. Digital ads are often placed using high-speed algorithmic technologies that allow advertisers to aim ads at a certain demographic, say men ages 30 to 40.

“You don’t have any control, quite honestly,” said Audrey Siegel, the president of the media agency TargetCast TCM, part of MDC Partners’ Maxxcom Global Media Group. “You’re never going to know your ad was here or there. It will change every time a user refreshes their browser.”

Robert J. Quigley, a senior lecturer specializing in social media at the University of Texas’s journalism school, said that it only made sense that social media companies would face more pressure from companies as they demanded more ad dollars.

“More and more advertising dollars are moving to nontraditional online forums. That is why there is more pressure to conform: money is behind it,” he said.

Many social media sites are also free for users, so as these companies expand, they must look to advertising for revenue. (Facebook had its initial public offering last year, and there is widespread speculation that Twitter will follow its lead soon, putting additional pressure on these sites to satisfy investors.)

Advertising on social media is also becoming a bigger piece of many digital advertising budgets. According to the research firm eMarketer, revenue from social media advertising in the United States is expected to reach $6.43 billion by 2015, or 12.2 percent of all digital advertising spending. Revenue from Facebook advertising in the United States is expected to reach $3.87 billion, up from $2.75 billion in 2013. Revenue from Twitter advertising in the United States is expected to reach $484 million in 2013 and just over $1 billion by 2015, eMarketer said.

Matt Britton, the founder and chief executive of the advertising agency MRY, whose clients include Coca-Cola, Visa and Sony, said some brands were nervous about advertising on social media. “That sort of controlled environment is slowly going away, and brands are losing control,” he said.

Other brands, Mr. Britton said, are less reactive. “They trust that Facebook is doing everything they can and they trust that that’s where consumers are,” he said.

In April 2010, Twitter started allowing advertisers to post promotional messages, which would be seen by users who searched words like “pizza” or “new black dress.” But marketers soon found themselves in discussions where they did not want to be.

So as of last December, Twitter began offering clients another service: negative matching.

In real time, Twitter advertisers can adjust their campaign to avoid matching specific phrases or hash tag trends. That way, if a discussion about pizza turns into a discussion about anorexia or bulimia, for example, the advertisers can make sure their promoted messages do not appear in those searches.

YouTube also has mechanisms that give advertisers some control over where their brands appear. “When we become aware of ads that are showing against sensitive content, we immediately remove them,” Lucas Watson, the company’s vice president for video online global sales, wrote in an e-mail. “We also give advertisers control to target specific content, and they can choose to block ads against certain content categories or individual videos.”

Last month, LinkedIn, the networking site for business professionals, clarified its terms of service to explicitly ban the selling of sexual services. “Even if it is legal where you are located,” the terms read, users cannot “create profiles or provide content that promotes escort services or prostitution.”

Hani Durzy, a company spokesman, said the decision had nothing to do with concerns about making the site safer for advertisers and was only about making LinkedIn a better place for members.

In contrast, when Yahoo recently acquired Tumblr, Marissa Mayer, Yahoo’s chief, said the company did not intend to remove pornography from the blogging platform, even as it created more ad products for marketers.

Mr. Quigley, of the University of Texas, warned that trying to please big companies also had its pitfalls. “There is a danger of caring too much about what an advertiser cares about,” he said. “Violence against women is one thing that is clearly over the line, but much of the rest of it is about politics, and that is much harder.”
https://www.nytimes.com/2013/06/04/t...ee-speech.html





How To Use Your Smartphone To Protect And Uphold Your Civil Rights
Guy McDowell

“Why do you push us around?” She remembered him saying, “I don’t know, but the law’s the law, and you’re under arrest.” Rosa Parks Interview, Academy of Achievement, 2 June 1995, accessed 29 May 2013. Can you imagine how much quicker the Civil Rights Movement of the 1950′s and 60′s would have come to a head if they had the power that we hold in our pocket? Some would say that the Civil Rights Movement is still going on, and The Arab Spring shows us that it is. Here’s how you can document the challenge and make a difference with just a smartphone, some courage, and compassion.

Once again, I’m jumping out of the frying pan and into the fire with an article filled with legal situations. Folks, I am not a lawyer. I don’t think anyone at MakeUseOf.com is a lawyer or anything even close. So, please, check with your local, state, provincial, and federal laws before implementing any of these methods of using your smartphone to protect your civil liberties. If you happen to know a lawyer who practices civil liberties or constitutional law, talk to them about these methods. For the purposes of this article, I am, unfortunately, focusing on the police being the alleged infringers upon your civil liberties. It really could be anyone – a neighbour, teacher, employer…anyone who infringes on your fundamental human rights. Chances are you’ll never have any issues with the police, and more often than not, they’ll prove to be defenders of your rights.

That being said, you may be wondering what gives me the authority to write an article like this. Let’s say that civil liberties are a hobby of mine. I’ve been spending the better part of my life learning how to live an independent life and keeping government out of my personal business. I have worked in security as well as the military, so I’ve been on the government side of the equation as well. I’ll give you what I know from personal experience and from what the research shows on this topic. Just like my article, I obviously can’t go through the laws for all the countries of our readers so I will keep it to Canadian and US law as best as I can. Canadian law will be somewhat similar to the law through the British Commonwealth countries.

1. Put Your Lawyer’s Phone Number in Your Contacts

This is by far the most important thing to do to protect your civil liberties. Time and time again, no matter what kind of peace officer I speak to, they all say the same thing. “If you don’t want to get yourself in trouble, don’t say anything but, “I want to call my lawyer!”.” If you are a minor, then you should be saying, “I want to call my parents.” If you have your lawyer and/or your parents in your contacts list, make sure it’s obvious that their information shows that they are a lawyer or your parents. Or, if luck would have it, maybe they’re both your parent and your lawyer.

If you have any doubt whatsoever that you should say anything but, “I want my lawyer.”, or “I want my parents.”, watch these videos. Yes, they are long but they are dead on correct.

In this video, Prof. James Duane, a law professor and former defense attorney in the U.S.A., lays out all the reasons why you should not tell police anything if you are arrested. It’s lengthy, sometimes academic, but definitely enlightening.

In the Part Two of the video, Officer George Bruch of the Virginia Beach Police Department quickly replies, “Everything he said was true.” I bet you were thinking that he might refute Prof. Duane’s argument, point-by-point, telling you it’s best to tell the police everything you can. Confession is good for the soul, not so good for the criminal record. Officer Bruch actually explains how he can take what you said and use it against you in court. In fact, the Miranda Warning is often said using the phrase,”…anything you say can AND WILL be used against you in a court of law.” (Author’s emphasis.)

The types of things that are discussed in these videos also ring true in Canada, and I would imagine any other country where there is a legal right to silence and to not incriminate yourself. Sometimes low-tech is the best tech, and it doesn’t get anymore low-tech than just zipping your lip.

2. Record Your Situation

This is a difficult one to advise people to do, in light of so many cases recently where people have been arrested and convicted for filming police officers. Gemma Atkinson, of the United Kingdom, filmed the police questioning of her boyfriend in the Underground, in a ‘routine stop and search’. First off, there should be nothing routine about stop-and-search. Police unlawfully detained her, arrested her, and prosecuted her. With the aid of a lawyer, she sued the government and the police officers. Gemma won her court battle and the wording of the anti-terrorism act that the police arrested her under was clarified for police. With the proceeds from winning her civil suite against the police officers, she made a mini-documentary to help educate you, the public. I recommend you watch it if you are in the U.K.

In the United States, several people have been arrested in recent years under similar terrorist reasoning, for taking pictures or video of police and other peace officers. If you want to find out if it is legal to record police, a good place to start is the Reporters’ Committee for Freedom of The Press, State by State Recording Guide

In Canada, according to David T.S. Fraser, a Canadian privacy lawyer, “There is no law in Canada that prevents a member of the public from taking photographs or video in a public place (other than some limitations related to sensitive defense installations).”

Now that you are forewarned, and forearmed, how could you record police actions? Some suggestions include using a video streaming service, like one of the ones featured in How To Stream Live Video From Your Smartphone or Qik, so that the video that you record is automatically going to a server somewhere. With these services, the video stream could be accessed as it is happening, and the stream is saved so it can be viewed later. I tried out Bambuser and I really like it! Below, you can see the screen as if someone were watching the video live. It even shows that I’m recording in Canada.

Some privacy advocates recommend that to wherever you are streaming your video, that it not be publicly available, or at least not publicly available until after you can speak with your lawyer. This may prevent police from getting an order to take the video down. The ability to make the video public is, in my opinion, very important.

Tools for recording voice-only might also be of assistance. I prefer using Easy Voice Recorder, since it has one-button operation, but there are many other excellent free voice-recorder apps available. You might like MP3 InCall Recorder, if you’re getting harassing phone calls.

There are apps that make your smartphone function like a spy camera. What that means is that when you are recording, there are no outward signs that the phone is recording. In most situations, using a spy camera to film the police or others can put you on legally shaky ground. In my opinion, this is the last resort for recording ongoing civil rights violations. If this is the avenue that you choose to go, check out the article, Secretly Take Pictures On Your Android or iPhone Without Being Seen.

You may not get justice from the police or from the courts, but if you can stream that video to the public, the hue and cry may go up, forcing the courts to re-evaluate their decision. Media, we are the media.

3. Use the Security the Phone Gives You

Every smartphone out there has at least one way to lock the phone. Whether it be by a pass code, swipe pattern, or facial recognition, there is a way to lock up your phone. Generally, you don’t have to tell the police what the pass code is, or enter it for them. Nor are you obligated to delete photos or videos.

In this case, I don’t recommend the facial recognition. If the police should gain physical control of your phone, they may be able to unlock it by just pointing it at you. Wouldn’t it be nice if this self-locking function existed on DSLRs and video cameras?

You may also choose to encrypt your device and your external SD card, if you have one. You can even lock your SIM card, making it harder for them to extract information without your consent.

The Take Away

If you have any doubt that videotaping anyone infringing your civil rights could help, I suggest you look back on the story of Mido Macia. He was a South African man who was arrested and then dragged until dead behind a police van. Someone managed to record the situation and, because of that, 8 police officers are now charged with murder. One could make the argument that the investigation and the arrest would have never happened, if it weren’t for the video going out to the public. If you want to see the video – I don’t recommend it as it is just too graphic – you can see it on The Mirror’s article, by Steve White, Eight Cops on Murder Charges After Shocking Video of Taxi Driver Being Dragged to His Death.

It is important to note that the police are an important part of keeping our society livable, even enjoyable. They are your neighbours, maybe even your friends. Understand that, when you start to record them. Understand that cops have bad days too. Think of how annoying it would be to have someone walk into your office and randomly record you. Be nice, even if you have to be firm. Be respectful of all of the people involved. Making these kinds of videos isn’t a lark or a gag and only should be done when you see a serious breach of civil rights. Your rights and the power to protect them are in your hands. Don’t abuse it.

Have you had to use your smartphone to help protect your rights? If so, how? Did it help or hinder the process? Do you know of any other ways you could use your smartphone to protect your civil liberties? Let’s congregate peacefully in the comments section. Together we stand, divided we’re a bunch of people just standing around.
http://www.makeuseof.com/tag/how-to-...-civil-rights/





Saudi Arabia Bans Viber Web Communication Tool

Saudi Arabia's telecom regulator has banned use of the web-based communication application Viber, which is hard for the state to monitor and deprives licensed telecom companies of revenue from international calls and texts.

"The Viber application has been suspended ... and the (regulator) affirms it will take appropriate action against any other applications or services if they fail to comply with regulatory requirements and rules in force in the kingdom," the Communications and Information Technology Commission (CITC) said in a statement on its website.

Viber allows subscribers to make free calls, send instant messages and share files over the internet. CITC did not explain what regulatory requirements and rules it breached, but the kingdom appears to be pushing for greater control over cyberspace as Internet and smart phone usage soars.

Attempts to use Viber on two different smartphones and to download it onto a computer in Saudi Arabia failed to work on Wednesday. A message on the Viber website explained the service had been banned in Saudi Arabia.

The regulator issued a vaguely worded directive in March warning that such tools as Viber, Whatsapp and Skype broke local laws, without specifying how.

Local media reported at the time that Saudi Arabia's three main operators Saudi Telecom Co, Etihad Etisalat (Mobily) and Zain Saudi had been asked to tell CITC if they were able to monitor or block such applications.

CITC did not respond to requests for comment on Wednesday or when the earlier announcement was made in March.

Earlier this year, the Interior Ministry's spokesman complained that Islamist militants were taking advantage of social media to foment unrest. However, in a separate interview with Reuters he argued against imposing stricter controls.

Mobile penetration was 188 percent by the end of 2012, CITC data shows. Saudi now has 15.8 million Internet subscribers and the average user watches three times as many online videos per day as counterparts in the United States, according to YouTube.

Conventional international calls and texts are a lucrative earner for telecom operators in Saudi Arabia, which hosts around nine million expatriates. These foreign workers are increasingly using Internet-based applications such as Viber to communicate with relatives in other countries, analysts say.

(Reporting by Angus McDowall and Marwa Rashad; Editing by Matt Smith and Alistair Lyon)
http://www.reuters.com/article/2013/...9540FH20130605





The Feds’ ‘Ultimate Solution’ to Curb Distracted Driving
Damon Lavrinc

Distracted driving kills more than 3,000 people each year in the United States, a figure that represents about 10 percent of all traffic fatalities. How many of those people die because they were fiddling with their phones or navigating their navigation systems isn’t clear, but no matter. The feds say they’ve got “the ultimate solution” for curbing the use of mobile devices while we’re mobile.

Nathaniel Beuse, associate administrator for vehicle safety research at the National Highway Traffic Safety Administration, says government regulation coupled with standards set by automakers and the electronics industry could reduce fatalities. He says we need “a technological solution, some sort of innovation” in which the device or the car would recognize when the driver is using a mobile device and deactivate it.

“This would be the ultimate solution,” he says.

Federal regulators want to make it impossible for you to send a text, update Facebook or surf Instagram while driving, a campaign that could have as big an impact on mobile phone manufacturers as automakers. This spring, the NHTSA and its parents at the Department of Transportation laid out — in a 281-page report (.pdf) — several guidelines for accomplishing this.

As we noted at the time, a key objective is limiting the amount of time a driver takes his eyes off the road or hands off the wheel, with a maximum of two seconds for each input and total of 12 seconds to complete a task. NHTSA wants automakers to make it impossible to enter text for messaging and internet browsing while the car is in motion, disable any kind of video functionality and prevent text-based information such as social media content or text messages from being displayed.

Beuse, speaking at the Telematics Detroit 2013 conference, says two paths could be taken to this destination. The first is less than feasible because it would require drivers to physically connect their smartphones or mobile devices to the vehicle’s embedded system, disabling functionality while the car is in motion. You can see the problem with that idea.

“[We would need] 100 percent compliance to get drivers to pair their phones,” Beuse said. If such integration isn’t user-friendly and dead simple, “[drivers] will be right back to using their handhelds.”

That makes the second idea far more viable: a proximity sensor, in the vehicle or the device, that recognizes when the driver is using the device and requires them to pass it off to a passenger. Think of a seatbelt chime, but more annoying.

This isn’t the first time NHTSA and the DOT have required companies to eliminate certain distracting features while driving. The most obvious example has been disabling video playback while the car is in motion. But Beuse admits the NHTSA must “figure out how to monitor compliance.” And this won’t just extend to automakers, but the automotive aftermarket that produces in-dash stereos with increasingly complex functionalities.

NHTSA and the DOT, led by outgoing honcho Ray LaHood, have made distracted driving a signature cause during the past four years. Although distracted driving is indeed a problem — the phenomenon accounted for 3,331 fatalities in 2011, up from 3,092 the year before — it’s hard to know just how many crashes and deaths resulted from the use of mobile devices behind the wheel.

“If you look at crash data, there are a number of crashes that are due to distracted driving,” Beuse says, but “our data is not refined enough to pinpoint [the exact cause of those] crashes.”

What’s going to be more difficult is to get what NHTSA wants: 100 percent compliance from automakers, consumer electronics companies, aftermarket manufacturers and the public.

“We can’t force consumers to pair their device to the vehicle,” Beuse says. “We need a technological solution.”
http://www.wired.com/autopia/2013/06...mate-solution/





Internet Surveillance and Free Speech: the United Nations Makes the Connection
Katitza Rodriguez

Frank La Rue, the United Nations Special Rapporteur on Freedom of Expression and Opinion delivered this week a landmark report [PDF] on state surveillance and freedom of expression. In preparation, the Special Rapporteur reviewed relevant studies, consulted with experts including EFF, and participated in the state surveillance and human rights workshop we organized last year. Today, EFF's Katitza Rodriguez has been taking part in the first detailed conversation about State Surveillance and Human Rights at the U.N., held by the 47 member states of the Human Rights Council during the U.N.'s 23th session in Geneva.

At a time when efforts by states to conduct communications surveillance are rapidly proliferating across the globe, La Rue makes the case for a direct relationship between state surveillance, privacy and freedom of expression:

The right to privacy is often understood as an essential requirement for the realization of the right to freedom of expression. Undue interference with individuals’ privacy can both directly and indirectly limit the free development and exchange of ideas. … An infringement upon one right can be both the cause and consequence of an infringement upon the other.

La Rue’s landmark report could not come at a better time. The explosion of online expression we've seen in the past decade is now being followed by an explosion of communications surveillance. For many, the Internet and mobile telephony are no longer platforms where private communication is shielded from governments knowing when, where, and with whom a communication has occurred.

The report acknowledges the benefits of technological innovations that have enabled rapid, anonymous, cross-cultural dialogues around the world. Nevertheless, the report warns that these same technologies can open a Pandora's box of previously unimaginable state surveillance intrusions.

“The Internet has facilitated the development of large amounts of transactional data by and about individuals. This information, known as communications data or metadata, includes personal information on individuals, their location and online activities, and logs and related information about the e-mails and messages they send or receive.”

The report explains how metadata can reveal sensitive information that can be easily accessed, stored, mined and exploited.

Communications data are storable, accessible and searchable, and their disclosure to and use by State authorities are largely unregulated. Analysis of this data can be both highly revelatory and invasive, particularly when data is combined and aggregated. As such, States are increasingly drawing on communications data to support law enforcement or national security investigations. States are also compelling the preservation and retention of communication data to enable them to conduct historical surveillance.”

As La Rue indicates, it is the capacity of new technologies to instantly aggregate and analyze data makes it a beacon of one’s online presence. EFF believes that “metadata”1—information logging individuals’ communication activities—is as sensitive as the content of communication and therefore deserves strong human rights protections.

For example, with all the amount of information and evolving surveillance technologies, law enforcement agencies now can:

• Directly observe people's relationships and interactions and make inferences about their intimate and protected relationships.

• Examine millions of people's communications and rapidly identify precise communications interactions on any given topic.

• Track any person's physical movements almost all of the time and draw conclusions about one’s professional, sexual, political, and religious activities, and attitudes from individuals' associations and Internet traffic.

• Routinely retain data for decades, so that statements and interactions can be searched, analyzed, and recalled long after they have been made.

• Do all of the above simultaneously.

La Rue reminds States that in order to meet their human rights obligations, they must ensure that the rights to free expression and privacy—and metadata protection in particular—are at the heart of their communications surveillance frameworks. To this end, the Special Rapporteur urges states to review national laws regulating surveillance and update and strengthen laws and legal standards:

Communications surveillance should be regarded as a highly intrusive act that potentially interferes with the rights to freedom of expression and privacy and threatens the foundations of a democratic society.

Legislation must stipulate that State surveillance of communications must only occur under the most exceptional circumstances and exclusively under the supervision of an independent judicial authority.


At present, access to communications data has been conducted by a variety of public bodies for a broad range of purposes, often without judicial authorization and independent oversight. Such overbroad access threatens basic democratic values.

La Rue recommends that legal frameworks to ensure that communication surveillance measures:

Are prescribed by law, meeting a standard of clarity and precision that is sufficient to ensure that individuals have advance notice of and can foresee their application,

Are strictly and demonstrably necessary to achieve a legitimate aim,

Adhere to the principle of proportionality, and are not employed when less invasive techniques are available which have not yet been exhausted.


EFF could not agree more that individuals have a legal right to be notified when they have been subjected to communications surveillance and have had their communications data accessed by the state. We celebrate La Rue’s invaluable recommendations and will begin immediately using his report in our own advocacy work throughout the world. EFF will continue to blog about additional findings in the La Rue's report in the following days.

You can access the report delivered by Frank La Rue to the Human Rights Council here: http://www.ohchr.org/Documents/HRBod...C.23.40_EN.pdf
https://www.eff.org/deeplinks/2013/0...the-connection





NSA Collecting Phone Records of Millions of Verizon Customers Daily

Exclusive: Top secret court order requiring Verizon to hand over all call data shows scale of domestic surveillance under Obama
Glenn Greenwald

Read the Verizon court order in full here

The National Security Agency is currently collecting the telephone records of millions of US customers of Verizon, one of America's largest telecoms providers, under a top secret court order issued in April.

The order, a copy of which has been obtained by the Guardian, requires Verizon on an "ongoing, daily basis" to give the NSA information on all telephone calls in its systems, both within the US and between the US and other countries.

The document shows for the first time that under the Obama administration the communication records of millions of US citizens are being collected indiscriminately and in bulk – regardless of whether they are suspected of any wrongdoing.

The secret Foreign Intelligence Surveillance Court (Fisa) granted the order to the FBI on April 25, giving the government unlimited authority to obtain the data for a specified three-month period ending on July 19.

Under the terms of the blanket order, the numbers of both parties on a call are handed over, as is location data, call duration, unique identifiers, and the time and duration of all calls. The contents of the conversation itself are not covered.

The disclosure is likely to reignite longstanding debates in the US over the proper extent of the government's domestic spying powers.

Under the Bush administration, officials in security agencies had disclosed to reporters the large-scale collection of call records data by the NSA, but this is the first time significant and top-secret documents have revealed the continuation of the practice on a massive scale under President Obama.

The unlimited nature of the records being handed over to the NSA is extremely unusual. Fisa court orders typically direct the production of records pertaining to a specific named target who is suspected of being an agent of a terrorist group or foreign state, or a finite set of individually named targets.

The Guardian approached the National Security Agency, the White House and the Department of Justice for comment in advance of publication on Wednesday. All declined. The agencies were also offered the opportunity to raise specific security concerns regarding the publication of the court order.

The court order expressly bars Verizon from disclosing to the public either the existence of the FBI's request for its customers' records, or the court order itself.

"We decline comment," said Ed McFadden, a Washington-based Verizon spokesman.

The order, signed by Judge Roger Vinson, compels Verizon to produce to the NSA electronic copies of "all call detail records or 'telephony metadata' created by Verizon for communications between the United States and abroad" or "wholly within the United States, including local telephone calls".

The order directs Verizon to "continue production on an ongoing daily basis thereafter for the duration of this order". It specifies that the records to be produced include "session identifying information", such as "originating and terminating number", the duration of each call, telephone calling card numbers, trunk identifiers, International Mobile Subscriber Identity (IMSI) number, and "comprehensive communication routing information".

The information is classed as "metadata", or transactional information, rather than communications, and so does not require individual warrants to access. The document also specifies that such "metadata" is not limited to the aforementioned items. A 2005 court ruling judged that cell site location data – the nearest cell tower a phone was connected to – was also transactional data, and so could potentially fall under the scope of the order.

While the order itself does not include either the contents of messages or the personal information of the subscriber of any particular cell number, its collection would allow the NSA to build easily a comprehensive picture of who any individual contacted, how and when, and possibly from where, retrospectively.

It is not known whether Verizon is the only cell-phone provider to be targeted with such an order, although previous reporting has suggested the NSA has collected cell records from all major mobile networks. It is also unclear from the leaked document whether the three-month order was a one-off, or the latest in a series of similar orders.

The court order appears to explain the numerous cryptic public warnings by two US senators, Ron Wyden and Mark Udall, about the scope of the Obama administration's surveillance activities.

For roughly two years, the two Democrats have been stridently advising the public that the US government is relying on "secret legal interpretations" to claim surveillance powers so broad that the American public would be "stunned" to learn of the kind of domestic spying being conducted.

Because those activities are classified, the senators, both members of the Senate intelligence committee, have been prevented from specifying which domestic surveillance programs they find so alarming. But the information they have been able to disclose in their public warnings perfectly tracks both the specific law cited by the April 25 court order as well as the vast scope of record-gathering it authorized.

Julian Sanchez, a surveillance expert with the Cato Institute, explained: "We've certainly seen the government increasingly strain the bounds of 'relevance' to collect large numbers of records at once — everyone at one or two degrees of separation from a target — but vacuuming all metadata up indiscriminately would be an extraordinary repudiation of any pretence of constraint or particularized suspicion." The April order requested by the FBI and NSA does precisely that.

The law on which the order explicitly relies is the so-called "business records" provision of the Patriot Act, 50 USC section 1861. That is the provision which Wyden and Udall have repeatedly cited when warning the public of what they believe is the Obama administration's extreme interpretation of the law to engage in excessive domestic surveillance.

In a letter to attorney general Eric Holder last year, they argued that "there is now a significant gap between what most Americans think the law allows and what the government secretly claims the law allows."

"We believe," they wrote, "that most Americans would be stunned to learn the details of how these secret court opinions have interpreted" the "business records" provision of the Patriot Act.

Privacy advocates have long warned that allowing the government to collect and store unlimited "metadata" is a highly invasive form of surveillance of citizens' communications activities. Those records enable the government to know the identity of every person with whom an individual communicates electronically, how long they spoke, and their location at the time of the communication.

Such metadata is what the US government has long attempted to obtain in order to discover an individual's network of associations and communication patterns. The request for the bulk collection of all Verizon domestic telephone records indicates that the agency is continuing some version of the data-mining program begun by the Bush administration in the immediate aftermath of the 9/11 attack.

The NSA, as part of a program secretly authorized by President Bush on 4 October 2001, implemented a bulk collection program of domestic telephone, internet and email records. A furore erupted in 2006 when USA Today reported that the NSA had "been secretly collecting the phone call records of tens of millions of Americans, using data provided by AT&T, Verizon and BellSouth" and was "using the data to analyze calling patterns in an effort to detect terrorist activity." Until now, there has been no indication that the Obama administration implemented a similar program.

These recent events reflect how profoundly the NSA's mission has transformed from an agency exclusively devoted to foreign intelligence gathering, into one that focuses increasingly on domestic communications. A 30-year employee of the NSA, William Binney, resigned from the agency shortly after 9/11 in protest at the agency's focus on domestic activities.

In the mid-1970s, Congress, for the first time, investigated the surveillance activities of the US government. Back then, the mandate of the NSA was that it would never direct its surveillance apparatus domestically.

At the conclusion of that investigation, Frank Church, the Democratic senator from Idaho who chaired the investigative committee, warned: "The NSA's capability at any time could be turned around on the American people, and no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn't matter."

Additional reporting by Ewen MacAskill and Spencer Ackerman
http://www.guardian.co.uk/world/2013...on-court-order




U.S. Collects Vast Data Trove

NSA Monitoring Includes Three Major Phone Companies, as Well as Online Activity
Siobhan Gorman, Evan Perez and Janet Hook

The National Security Agency's monitoring of Americans includes customer records from the three major phone networks as well as emails and Web searches, and the agency also has cataloged credit-card transactions, said people familiar with the agency's activities.

The disclosure this week of an order by a secret U.S. court for Verizon Communications Inc.'s phone records set off the latest public discussion of the program. But people familiar with the NSA's operations said the initiative also encompasses phone-call data from AT&T Inc. and Sprint Nextel Corp., records from Internet-service providers and purchase information from credit-card providers.

The National Security Agency is obtaining phone records from all Verizon U.S. customers under a secret court order, according to a newspaper report and ex-officials. WSJ intelligence correspondent Siobhan Gorman joins MoneyBeat. Photo: AP.

The agency is using its secret access to the communications of millions of Americans to target possible terrorists, said people familiar with the effort.

The NSA's efforts have become institutionalized—yet not so well known to the public—under laws passed in the wake of the Sept. 11, 2001, attacks. Most members of Congress defended them Thursday as a way to root out terrorism, but civil-liberties groups decried the program.

"Everyone should just calm down and understand this isn't anything that is brand new,'' said Senate Majority Leader Harry Reid (D., Nev.), who added that the phone-data program has "worked to prevent'' terrorist attacks.

Senate Intelligence Chairman Dianne Feinstein (D., Calif.) said the program is lawful and that it must be renewed by Congress every three months. She said the revelation about Verizon, reported by the London-based newspaper the Guardian, seemed to coincide with its latest renewal.

Civil-liberties advocates slammed the NSA's actions. "The most recent surveillance program is breathtaking. It shows absolutely no effort to narrow or tailor the surveillance of citizens," said Jonathan Turley, a constitutional law expert at George Washington University.

The arrangement with the country's three largest phone companies means that every time the majority of Americans makes a call, NSA gets a record of the location, the number called, the time of the call and the length of the conversation, according to people familiar with the matter. The practice, which evolved out of warrantless wiretapping programs begun after 2001, is approved by all three branches of the U.S. government.

AT&T has 107.3 million wireless customers and 31.2 million landline customers. Verizon has 98.9 million wireless customers and 22.2 million landline customers while Sprint has 55 million customers in total.

NSA also obtains access to data from Internet service providers on Internet use such as email or website visits, several former officials said. NSA has established similar relationships with credit-card companies, three former officials said.
From the Archives

In a rare test of a tool expanded in the U.S. Patriot Act, a telecom company is fighting the government's use of a secretive tool called a national security letter to get access to customer records without a court order. WSJ's Jennifer Valentino-DeVries reports. (Originally published July 17, 2012)

It couldn't be determined if any of the Internet or credit-card arrangements are ongoing, as are the phone company efforts, or one-shot collection efforts. The credit-card firms, phone companies and NSA declined to comment for this article.

Though extensive, the data collection effort doesn't entail monitoring the content of emails or what is said in phone calls, said people familiar with the matter. Investigators gain access to so-called metadata, telling them who is communicating, through what medium, when, and where they are located.

But the disconnect between the program's supporters and detractors underscored the difficulty Congress has had navigating new technology, national security and privacy.

The Obama administration, which inherited and embraced the program from the George W. Bush administration, moved Thursday to forcefully defend it. White House spokesman Josh Earnest called it "a critical tool in protecting the nation from terror threats."

But Sen. Ron Wyden (D., Ore.), said he has warned about the breadth of the program for years, but only obliquely because of classification restrictions.

"When law-abiding Americans call their friends, who they call, when they call, and where they call from is private information," he said. "Collecting this data about every single phone call that every American makes every day would be a massive invasion of Americans' privacy."

In the wake of the Sept. 11 attacks, phone records were collected without a court order as a component of the Bush-era warrantless surveillance program authorized by the 2001 USA Patriot Act, which permitted the collection of business records, former officials said.

The ad hoc nature of the NSA program changed after the Bush administration came under criticism for its handling of a separate, warrantless NSA eavesdropping program.

President Bush acknowledged its existence in late 2005, calling it the Terrorist Surveillance Program, or TSP.

When Democrats retook control of Congress in 2006, promising to investigate the administration's counterterrorism policies, Bush administration officials moved to formalize court oversight of the NSA programs, according to former U.S. officials.

Congress in 2006 also made changes to the Patriot Act that made it easier for the government to collect phone-subscriber data under the Foreign Intelligence Surveillance Act.

Those changes helped the NSA collection program become institutionalized, rather than one conducted only under the authority of the president, said people familiar with the program.

Along with the TSP, the NSA collection of phone company customer data was put under the jurisdiction of a secret court that oversees the Foreign Intelligence Surveillance Act, according to officials.

David Kris, a former top national security lawyer at the Justice Department, told a congressional hearing in 2009 that the government first used the so-called business records authority in 2004.

At the time he was urging the reauthorization of the business-records provisions, known as Section 215 of the Patriot Act, which Congress later approved.

The phone records allow investigators to establish a database used to run queries when there is "reasonable, articulable suspicion" that the records are relevant and related to terrorist activity, Ms. Feinstein said Thursday.

The database allows investigators to "map" individuals connected with that information, said Jeremy Bash, who until recently was chief of staff at the Pentagon and is a former top aide to the House Intelligence committee.

"We are trying to find a needle in a haystack, and this is the haystack," Mr. Bash said, referring to the database.

Sen. Wyden on Thursday questioned whether U.S. officials have been truthful in public descriptions of the program. In March, Mr. Wyden noted, he questioned Director of National Intelligence James Clapper, who said the NSA did not "wittingly" collect any type of data pertaining to millions Americans. Spokesmen for Mr. Clapper didn't respond to requests for comment.

For civil libertarians, this week's disclosure of the court authorization for part of the NSA program could offer new avenues for challenges. Federal courts largely have rebuffed efforts that target NSA surveillance programs, in part because no one could prove the information was being collected. The government, under both the Bush and Obama administrations, has successfully used its state-secrets privilege to block such lawsuits.

Jameel Jaffer, the American Civil Liberties Union's deputy legal director, said the fact the FISA court record has now become public could give phone-company customers standing to bring a lawsuit.

"Now we have a set of people who can show they have been monitored," he said.

—Danny Yadron and Jennifer Valentino-DeVries
contributed to this article.
http://online.wsj.com/article/SB1000...eno64-wsj.html





Documents: U.S. Mining Data From 9 Leading Internet Firms; Companies Deny Knowledge
Barton Gellman and Laura Poitras

The National Security Agency and the FBI are tapping directly into the central servers of nine leading U.S. Internet companies, extracting audio and video chats, photographs, e-mails, documents, and connection logs that enable analysts to track one target or trace a whole network of associates, according to a top-secret document obtained by The Washington Post.

The program, code-named PRISM, has not been made public until now. It may be the first of its kind. The NSA prides itself on stealing secrets and breaking codes, and it is accustomed to corporate partnerships that help it divert data traffic or sidestep barriers. But there has never been a Google or Facebook before, and it is unlikely that there are richer troves of valuable intelligence than the ones in Silicon Valley.

Equally unusual is the way the NSA extracts what it wants, according to the document: “Collection directly from the servers of these U.S. Service Providers: Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.”

PRISM was launched from the ashes of President George W. Bush’s secret program of warrantless domestic surveillance in 2007, after news media disclosures, lawsuits and the Foreign Intelligence Surveillance Court forced the president to look for new authority.

Congress obliged with the Protect America Act in 2007 and the FISA Amendments Act of 2008, which immunized private companies that cooperated voluntarily with U.S. intelligence collection. PRISM recruited its first partner, Microsoft, and began six years of rapidly growing data collection beneath the surface of a roiling national debate on surveillance and privacy. Late last year, when critics in Congress sought changes in the FISA Amendments Act, the only lawmakers who knew about PRISM were bound by oaths of office to hold their tongues.

The court-approved program is focused on foreign communications traffic, which often flows through U.S. servers even when sent from one overseas location to another. Between 2004 and 2007, Bush administration lawyers persuaded federal FISA judges to issue surveillance orders in a fundamentally new form. Until then the government had to show probable cause that a particular “target” and “facility” were both connected to terrorism or espionage.

In four new orders, which remain classified, the court defined massive data sets as “facilities” and agreed to occasionally certify that the government had reasonable procedures in place to minimize collection of “U.S. persons” data without a warrant.

Several companies contacted by The Post said they had no knowledge of the program and responded only to individual requests for information.

“We do not provide any government organization with direct access to Facebook servers,” said Joe Sullivan, chief security officer for Facebook. “When Facebook is asked for data or information about specific individuals, we carefully scrutinize any such request for compliance with all applicable laws, and provide information only to the extent required by law.”

“We have never heard of PRISM,” an Apple spokesman said. “We do not provide any government agency with direct access to our servers, and any government agency requesting customer data must get a court order.”

Government officials and the document itself made clear that the NSA regarded the identities of its private partners as PRISM’s most sensitive secret, fearing that they would withdraw from the program if exposed. “98 percent of PRISM production is based on Yahoo, Google and Microsoft; we need to make sure we don’t harm these sources,” the briefing’s author wrote in his speaker’s notes.

An internal presentation of 41 briefing slides on PRISM, dated April 2013 and intended for senior analysts in the NSA’s Signals Intelligence Directorate, described the new tool as the most prolific contributor to the President’s Daily Brief, which cited PRISM data in 1,477 articles last year. According to the slides and other supporting materials obtained by The Post, “NSA reporting increasingly relies on PRISM” as its leading source of raw material, accounting for nearly 1 in 7 intelligence reports.

That is a remarkable figure in an agency that measures annual intake in the trillions of communications. It is all the more striking because the NSA, whose lawful mission is foreign intelligence, is reaching deep inside the machinery of American companies that host hundreds of millions of American-held accounts on American soil.

The technology companies, which knowingly participate in PRISM operations, include most of the dominant global players of Silicon Valley, according to the document. They are listed on a roster that bears their logos in order of entry into the program: “Microsoft, Yahoo, Google, Facebook, PalTalk, AOL, Skype, YouTube, Apple.” PalTalk, although much smaller, has hosted significant traffic during the Arab Spring and in the ongoing Syrian civil war.

Dropbox, the cloud storage and synchronization service, is described as “coming soon.”

Government officials declined to comment for this article.

“I would just push back on the idea that the court has signed off on it, so why worry?” said Jameel Jaffer, deputy legal director of the American Civil Liberties Union. “This is a court that meets in secret, allows only the government to appear before it, and publishes almost none of its opinions. It has never been an effective check on government.”

Roots in the ’70s

PRISM is an heir, in one sense, to a history of intelligence alliances with as many as 100 trusted U.S. companies since the 1970s. The NSA calls these Special Source Operations, and PRISM falls under that rubric.

The Silicon Valley operation works alongside a parallel program, code-named BLARNEY, that gathers up “metadata” — address packets, device signatures and the like — as it streams past choke points along the backbone of the Internet. BLARNEY’s top-secret program summary, set down alongside a cartoon insignia of a shamrock and a leprechaun hat, describes it as “an ongoing collection program that leverages IC [intelligence community] and commercial partnerships to gain access and exploit foreign intelligence obtained from global networks.”

But the PRISM program appears to more nearly resemble the most controversial of the warrantless surveillance orders issued by President George W. Bush after the al-Qaeda attacks of Sept. 11, 2001. Its history, in which President Obama presided over exponential growth in a program that candidate Obama criticized, shows how fundamentally surveillance law and practice have shifted away from individual suspicion in favor of systematic, mass collection techniques.

The PRISM program is not a dragnet, exactly. From inside a company’s data stream the NSA is capable of pulling out anything it likes, but under current rules the agency does not try to collect it all.

Analysts who use the system from a Web portal in Fort Meade, Md., key in “selectors,” or search terms, that are designed to produce at least 51 percent confidence in a target’s “foreignness.” That is not a very stringent test. Training materials obtained by The Post instruct new analysts to submit accidentally collected U.S. content for a quarterly report but add that “it’s nothing to worry about.”

Even when the system works just as advertised, with no American singled out for targeting, the NSA routinely collects a great deal of American content. That is described as “incidental,” and it is inherent in contact chaining, one of the basic tools of the trade. To collect on a suspected spy or foreign terrorist means, at minimum, that everyone in the suspect’s inbox or outbox is swept in. Intelligence analysts are typically taught to chain through contacts two “hops” out from their target, which increases “incidental collection” exponentially. The same math explains the aphorism, from the John Guare play, that no one is more than “six degrees of separation” from any other person.

Sens. Ron Wyden (D-Ore.) and Mark Udall (D-Colo.), who had classified knowledge of the program as members of the Senate Intelligence Committee, were unable to speak of it when they warned in a Dec. 27, 2012, floor debate that the FISA Amendments Act had what both of them called a “back-door search loophole” for the content of innocent Americans who were swept up in a search for someone else.

“As it is written, there is nothing to prohibit the intelligence community from searching through a pile of communications, which may have been incidentally or accidentally been collected without a warrant, to deliberately search for the phone calls or e-mails of specific Americans.”

A ‘directive’

In exchange for immunity from lawsuits, companies such as Yahoo and AOL are obliged to accept a “directive” from the attorney general and the director of national intelligence to open their servers to the FBI’s Data Intercept Technology Unit, which handles liaison to U.S. companies from the NSA. In 2008, Congress gave the Justice Department authority for a secret order from the Foreign Surveillance Intelligence Court to compel a reluctant company “to comply.”

In practice, there is room for a company to maneuver, delay or resist. When a clandestine intelligence program meets a highly regulated industry, said a lawyer with experience in bridging the gaps, neither side wants to risk a public fight. The engineering problems are so immense, in systems of such complexity and frequent change, that the FBI and NSA would be hard pressed to build in back doors without active help from each company.

Apple demonstrated that resistance is possible when it held out for more than five years, for reasons unknown, after Microsoft became PRISM’s first corporate partner in May 2007. Twitter, which has cultivated a reputation for aggressive defense of its users’ privacy, is still conspicuous by its absence from the list of “private sector partners.”

“Google cares deeply about the security of our users’ data,” a company spokesman said. “We disclose user data to government in accordance with the law, and we review all such requests carefully. From time to time, people allege that we have created a government ‘back door’ into our systems, but Google does not have a ‘back door’ for the government to access private user data.”

Like market researchers, but with far more privileged access, collection managers in the NSA’s Special Source Operations group, which oversees the PRISM program, are drawn to the wealth of information about their subjects in online accounts. For much the same reason, civil libertarians and some ordinary users may be troubled by the menu available to analysts who hold the required clearances to “task” the PRISM system.

There has been “continued exponential growth in tasking to Facebook and Skype,” according to the PRISM slides. With a few clicks and an affirmation that the subject is believed to be engaged in terrorism, espionage or nuclear proliferation, an analyst obtains full access to Facebook’s “extensive search and surveillance capabilities against the variety of online social networking services.”

According to a separate “User’s Guide for PRISM Skype Collection,” that service can be monitored for audio when one end of the call is a conventional telephone and for any combination of “audio, video, chat, and file transfers” when Skype users connect by computer alone. Google’s offerings include Gmail, voice and video chat, Google Drive files, photo libraries, and live surveillance of search terms.

Firsthand experience with these systems, and horror at their capabilities, is what drove a career intelligence officer to provide PowerPoint slides about PRISM and supporting materials to The Washington Post in order to expose what he believes to be a gross intrusion on privacy. “They quite literally can watch your ideas form as you type,” the officer said.

Poitras is a documentary filmmaker and MacArthur Fellow. Julie Tate and Robert O’Harrow Jr. contributed to this report.
http://www.washingtonpost.com/invest...497_story.html





Tech Companies Concede to Surveillance Program
Claire Cain Miller

When government officials came to Silicon Valley to demand easier ways for the world’s largest Internet companies to turn over user data as part of a secret surveillance program, the companies bristled. In the end, though, many cooperated at least a bit.

Twitter declined to make it easier for the government. But other companies were more compliant, according to people briefed on the negotiations. They opened discussions with national security officials about developing technical methods to more efficiently and securely share the personal data of foreign users in response to lawful government requests. And in some cases, they changed their computer systems to do so.

The negotiations shed a light on how Internet companies, increasingly at the center of people’s personal lives, interact with the spy agencies that look to their vast trove of information — e-mails, videos, online chats, photos and search queries — for intelligence. They illustrate how intricately the government and tech companies work together, and the depth of their behind-the-scenes transactions.

The companies that negotiated with the government include Google, which owns YouTube; Microsoft, which owns Hotmail and Skype; Yahoo; Facebook; AOL; Apple; and Paltalk, according to one of the people briefed on the discussions. The companies were legally required to share the data under the Foreign Intelligence Surveillance Act. People briefed on the discussions spoke on the condition of anonymity because they are prohibited by law from discussing the content of FISA requests or even acknowledging their existence.

In at least two cases, at Google and Facebook, one of the plans discussed was to build separate, secure portals, like a digital version of the secure physical rooms that have long existed for classified information, in some instances on company servers. Through these online rooms, the government would request data, companies would deposit it and the government would retrieve it, people briefed on the discussions said.

The negotiations have continued in recent months, as Martin E. Dempsey, chairman of the Joint Chiefs of Staff, traveled to Silicon Valley to meet with executives including those at Facebook, Microsoft, Google and Intel. Though the official purpose of those meetings was to discuss the future of the Internet, the conversations also touched on how the companies would collaborate with the government in its intelligence-gathering efforts, said a person who attended.

While handing over data in response to a legitimate FISA request is a legal requirement, making it easier for the government to get the information is not, which is why Twitter could decline to do so.

Details on the discussions help explain the disparity between initial descriptions of the government program and the companies’ responses.

Each of the nine companies said it had no knowledge of a government program providing officials with access to its servers, and drew a bright line between giving the government wholesale access to its servers to collect user data and giving them specific data in response to individual court orders. Each said it did not provide the government with full, indiscriminate access to its servers.

The companies said they do, however, comply with individual court orders, including under FISA. The negotiations, and the technical systems for sharing data with the government, fit in that category because they involve access to data under individual FISA requests. And in some cases, the data is transmitted to the government electronically, using a company’s servers.

“The U.S. government does not have direct access or a ‘back door’ to the information stored in our data centers,” Google’s chief executive, Larry Page, and its chief legal officer, David Drummond, said in a statement on Friday. “We provide user data to governments only in accordance with the law.”

Statements from Microsoft, Yahoo, Facebook, Apple, AOL and Paltalk made the same distinction.

But instead of adding a back door to their servers, the companies were essentially asked to erect a locked mailbox and give the government the key, people briefed on the negotiations said. Facebook, for instance, built such a system for requesting and sharing the information, they said.

The data shared in these ways, the people said, is shared after company lawyers have reviewed the FISA request according to company practice. It is not sent automatically or in bulk, and the government does not have full access to company servers. Instead, they said, it is a more secure and efficient way to hand over the data.

Tech companies might have also denied knowledge of the full scope of cooperation with national security officials because employees whose job it is to comply with FISA requests are not allowed to discuss the details even with others at the company, and in some cases have national security clearance, according to both a former senior government official and a lawyer representing a technology company.

FISA orders can range from inquiries about specific people to a broad sweep for intelligence, like logs of certain search terms, lawyers who work with the orders said. There were 1,856 such requests last year, an increase of 6 percent from the year before.

In one recent instance, the National Security Agency sent an agent to a tech company’s headquarters to monitor a suspect in a cyberattack, a lawyer representing the company said. The agent installed government-developed software on the company’s server and remained at the site for several weeks to download data to an agency laptop.

In other instances, the lawyer said, the agency seeks real-time transmission of data, which companies send digitally.

Twitter spokesmen did not respond to questions about the government requests, but said in general of the company’s philosophy toward information requests: Users “have a right to fight invalid government requests, and we stand with them in that fight.”

Twitter, Google and other companies have typically fought aggressively against requests they believe reach too far. Google, Microsoft and Twitter publish transparency reports detailing government requests for information, but these reports do not include FISA requests because they are not allowed to acknowledge them.

Yet since tech companies’ cooperation with the government was revealed Thursday, tech executives have been performing a familiar dance, expressing outrage at the extent of the government’s power to access personal data and calling for more transparency, while at the same time heaping praise upon the president as he visited Silicon Valley.

Even as the White House scrambled to defend its online surveillance, President Obama was mingling with donors at the Silicon Valley home of Mike McCue, Flipboard’s chief, eating dinner at the opulent home of Vinod Khosla, the venture capitalist, and cracking jokes about Mr. Khosla’s big, shaggy dogs.

On Friday, Mark Zuckerberg, Facebook’s chief executive, posted on Facebook a call for more government transparency. “It’s the only way to protect everyone’s civil liberties and create the safe and free society we all want over the long term,” he wrote.
https://www.nytimes.com/2013/06/08/t...e-efforts.html





Analysis: U.S. Domestic Spying Controversy Complicates Cybersecurity Efforts
Andrea Shalal-Esa and Joseph Menn

The Obama administration's cybersecurity agenda, which includes expanding the military's Cyber Command and beefing up protection for critical infrastructure, faces more intense scrutiny after two vast domestic surveillance programs were exposed this week.

Civil liberties groups say the revelations give new life to several privacy lawsuits against the National Security Agency, which hit the headlines twice in two days for secretly monitoring Americans' phone records and internet activity.

Renewed concerns about the spy agency's domestic surveillance programs could also hamper efforts to give it a broader role in defending the country's infrastructure, and put pressure on lawmakers to update laws protecting online privacy, say congressional aides and defense and security experts.

"They're going to make it harder to do the work that is now going on," said former chief Pentagon weapons buyer Mike Wynne, who also served as Air Force secretary from 2005 to 2008.

Wynne said growing unease about domestic surveillance could have a chilling effect on proposed cyber legislation that calls for greater information-sharing between government and industry.

Republican Mike Rogers and Democrat Dutch Ruppersberger, who are top lawmakers in the House of Representatives Intelligence Committee, had rewritten the cyber bill to designate the civilian Department of Homeland Security, and not the NSA, as the hub of information exchange between the government and private sector.

But the bill still allows sharing of information with the NSA, which could prove troubling to some lawmakers disturbed by the scope of the intelligence agency's surveillance powers.

The Democratic-controlled Senate already represented a steep obstacle for the cyber bill, which has been passed by the Republican House, even before this week's revelations.

While support for strong national security measures is one of the few issues that crosses Washington's party lines in the aftermath of the September 11, 2001, attacks on the United States, a few lawmakers did call for probes or closed-door hearings on the NSA's surveillance programs.

"Our investment in protecting American lives and liberties simultaneously is not a blank check," said Republican Senator Lisa Murkowski, who called on Friday for a "thorough vetting of this policy."

President Barack Obama on Friday staunchly defended the sweeping U.S. surveillance of Americans' phone and internet activity, calling it a "modest encroachment" on privacy that was necessary to defend the United States from attack.

Since news of the surveillance programs broke in the Guardian and Washington Post, more lawmakers have signed on to legislation that would strengthen privacy protections in the Electronic Communications Privacy Act in 1986, according to the offices of the bill's backers.

Republican Senator Rand Paul became the latest supporter of the Senate version of the bill, co-sponsored by Democratic Senator Patrick Leahy and Republican Senator Mike Lee.

Leahy and Lee have said the law should be strengthened so that law enforcement authorities need a search warrant if they want to read personal emails stored with third-party providers.

Currently, government investigators only need a subpoena, which has a lower threshold than a warrant because it does not need a judge to sign off. A subpoena can give investigators access to emails that are more than 180 days old, and sometimes newer emails if they are already opened by recipients.

Companion legislation in the House garnered 16 co-sponsors this week, said Matt Manda, spokesman for the bill's co-author, Republican Kevin Yoder.

CYBERSECURITY CHALLENGES

Some security industry insiders said this week's news could also increase pressure on the Pentagon to appoint separate officials to head Cyber Command, the military command that oversees offensive and defensive operations in cyberspace, and the NSA. Both hats are now worn by Army General Keith Alexander.

"This concept of civilian control over the military applies here," Wynne said.

Alexander has pushed to elevate Cyber Command to an independent military entity and to quadruple its size. But the latest controversy could make officials skittish about what some already see as a dangerous power grab.

"It's definitely going to make people think twice about expanding and elevating Cyber Command and new cyber legislation," said Jesselyn Radack, a lawyer who represented NSA whistleblower Thomas Drake. "People are going to take a more careful look now, and those overreaching laws will be blocked."

Civil liberties groups that have sued the government over suspected call-record programs and wiretapping, said they would use this week's new disclosures to bolster their cases.

In particular, they plan to argue against two of the main defenses used by the Justice Department to date - that a full trial on the issues would be impossible without revealing "state secrets" and that consumers lack standing to sue because they cannot show impact from the spying programs.

But privacy advocates say such arguments have been punctured by the disclosures of the surveillance programs, which have been largely confirmed by federal authorities and lawmakers.

"I hope it means that the court will agree that we need to get to the bottom of this," said Cindy Cohn, legal director of the Electronic Frontier Foundation, which is suing the NSA in a San Francisco case.

"It would be a terrible tragedy if we can talk about it in the press and in the halls of Congress, and the courts decide they can't hear it."

(Reporting by Andrea Shalal-Esa and Alina Selyukh in Washington and Joseph Menn in San Francisco; Editing by Karey Van Hall, Tiffany Wu and Peter Cooney)
http://www.reuters.com/article/2013/...95702R20130608





Obama Orders US to Draw Up Overseas Target List for Cyber-Attacks

Exclusive: Top-secret directive steps up offensive cyber capabilities to 'advance US objectives around the world'
Glenn Greenwald and Ewen MacAskill

Read the secret presidential directive here

Barack Obama has ordered his senior national security and intelligence officials to draw up a list of potential overseas targets for US cyber-attacks, a top secret presidential directive obtained by the Guardian reveals.

The 18-page Presidential Policy Directive 20, issued in October last year but never published, states that what it calls Offensive Cyber Effects Operations (OCEO) "can offer unique and unconventional capabilities to advance US national objectives around the world with little or no warning to the adversary or target and with potential effects ranging from subtle to severely damaging".

It says the government will "identify potential targets of national importance where OCEO can offer a favorable balance of effectiveness and risk as compared with other instruments of national power".

The directive also contemplates the possible use of cyber actions inside the US, though it specifies that no such domestic operations can be conducted without the prior order of the president, except in cases of emergency.

The aim of the document was "to put in place tools and a framework to enable government to make decisions" on cyber actions, a senior administration official told the Guardian.

The administration published some declassified talking points from the directive in January 2013, but those did not mention the stepping up of America's offensive capability and the drawing up of a target list.

Obama's move to establish a potentially aggressive cyber warfare doctrine will heighten fears over the increasing militarization of the internet.

The directive's publication comes as the president plans to confront his Chinese counterpart Xi Jinping at a summit in California on Friday over alleged Chinese attacks on western targets.

Even before the publication of the directive, Beijing had hit back against US criticism, with a senior official claiming to have "mountains of data" on American cyber-attacks he claimed were every bit as serious as those China was accused of having carried out against the US.

Presidential Policy Directive 20 defines OCEO as "operations and related programs or activities … conducted by or on behalf of the United States Government, in or through cyberspace, that are intended to enable or produce cyber effects outside United States government networks."

Asked about the stepping up of US offensive capabilities outlined in the directive, a senior administration official said: "Once humans develop the capacity to build boats, we build navies. Once you build airplanes, we build air forces."

The official added: "As a citizen, you expect your government to plan for scenarios. We're very interested in having a discussion with our international partners about what the appropriate boundaries are."

The document includes caveats and precautions stating that all US cyber operations should conform to US and international law, and that any operations "reasonably likely to result in significant consequences require specific presidential approval".

The document says that agencies should consider the consequences of any cyber-action. They include the impact on intelligence-gathering; the risk of retaliation; the impact on the stability and security of the internet itself; the balance of political risks versus gains; and the establishment of unwelcome norms of international behaviour.

Among the possible "significant consequences" are loss of life; responsive actions against the US; damage to property; serious adverse foreign policy or economic impacts.

The US is understood to have already participated in at least one major cyber attack, the use of the Stuxnet computer worm targeted on Iranian uranium enrichment centrifuges, the legality of which has been the subject of controversy. US reports citing high-level sources within the intelligence services said the US and Israel were responsible for the worm.

In the presidential directive, the criteria for offensive cyber operations in the directive is not limited to retaliatory action but vaguely framed as advancing "US national objectives around the world".

The revelation that the US is preparing a specific target list for offensive cyber-action is likely to reignite previously raised concerns of security researchers and academics, several of whom have warned that large-scale cyber operations could easily escalate into full-scale military conflict.

Sean Lawson, assistant professor in the department of communication at the University of Utah, argues: "When militarist cyber rhetoric results in use of offensive cyber attack it is likely that those attacks will escalate into physical, kinetic uses of force."

An intelligence source with extensive knowledge of the National Security Agency's systems told the Guardian the US complaints again China were hypocritical, because America had participated in offensive cyber operations and widespread hacking – breaking into foreign computer systems to mine information.

Provided anonymity to speak critically about classified practices, the source said: "We hack everyone everywhere. We like to make a distinction between us and the others. But we are in almost every country in the world."

The US likes to haul China before the international court of public opinion for "doing what we do every day", the source added.

One of the unclassified points released by the administration in January stated: "It is our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as preferred courses of action."

The full classified directive repeatedly emphasizes that all cyber-operations must be conducted in accordance with US law and only as a complement to diplomatic and military options. But it also makes clear how both offensive and defensive cyber operations are central to US strategy.

Under the heading "Policy Reviews and Preparation", a section marked "TS/NF" - top secret/no foreign - states: "The secretary of defense, the DNI [Director of National Intelligence], and the director of the CIA … shall prepare for approval by the president through the National Security Advisor a plan that identifies potential systems, processes and infrastructure against which the United States should establish and maintain OCEO capabilities…" The deadline for the plan is six months after the approval of the directive.

The directive provides that any cyber-operations "intended or likely to produce cyber effects within the United States" require the approval of the president, except in the case of an "emergency cyber action". When such an emergency arises, several departments, including the department of defense, are authorized to conduct such domestic operations without presidential approval.

Obama further authorized the use of offensive cyber attacks in foreign nations without their government's consent whenever "US national interests and equities" require such nonconsensual attacks. It expressly reserves the right to use cyber tactics as part of what it calls "anticipatory action taken against imminent threats".

The directive makes multiple references to the use of offensive cyber attacks by the US military. It states several times that cyber operations are to be used only in conjunction with other national tools and within the confines of law.

When the directive was first reported, lawyers with the Electronic Privacy Information Center filed a Freedom of Information Act request for it to be made public. The NSA, in a statement, refused to disclose the directive on the ground that it was classified.

In January, the Pentagon announced a major expansion of its Cyber Command Unit, under the command of General Keith Alexander, who is also the director of the NSA. That unit is responsible for executing both offensive and defensive cyber operations.

Earlier this year, the Pentagon publicly accused China for the first time of being behind attacks on the US. The Washington Post reported last month that Chinese hackers had gained access to the Pentagon's most advanced military programs.

The director of national intelligence, James Clapper, identified cyber threats in general as the top national security threat.

Obama officials have repeatedly cited the threat of cyber-attacks to advocate new legislation that would vest the US government with greater powers to monitor and control the internet as a means of guarding against such threats.

One such bill currently pending in Congress, the Cyber Intelligence Sharing and Protection Act (Cispa), has prompted serious concerns from privacy groups, who say that it would further erode online privacy while doing little to enhance cyber security.

In a statement, Caitlin Hayden, national security council spokeswoman, said: "We have not seen the document the Guardian has obtained, as they did not share it with us. However, as we have already publicly acknowledged, last year the president signed a classified presidential directive relating to cyber operations, updating a similar directive dating back to 2004. This step is part of the administration's focus on cybersecurity as a top priority. The cyber threat has evolved, and we have new experiences to take into account.

"This directive establishes principles and processes for the use of cyber operations so that cyber tools are integrated with the full array of national security tools we have at our disposal. It provides a whole-of-government approach consistent with the values that we promote domestically and internationally as we have previously articulated in the International Strategy for Cyberspace.

"This directive will establish principles and processes that can enable more effective planning, development, and use of our capabilities. It enables us to be flexible, while also exercising restraint in dealing with the threats we face. It continues to be our policy that we shall undertake the least action necessary to mitigate threats and that we will prioritize network defense and law enforcement as the preferred courses of action. The procedures outlined in this directive are consistent with the US Constitution, including the president's role as commander in chief, and other applicable law and policies."
http://www.guardian.co.uk/world/2013...cyber-overseas





Modern Data Centers Fuel NSA’s Verizon Phone Spying
Michael Hickins and Rachael King

Technical question: How much computing power does it take to store and analyze data on every call in the U.S.?

Answer: A lot.

The National Security Agency maintains several data center facilities around the U.S. and is about to build another – a $1.2 billion facility in Utah that will be called Bumblehive and open this fall, where, according to one expert, it will analyze voice traffic from Verizon’s telephone network.

According to the NSA, the storage capacity of the new data center will be measured in zettabytes. Each zettabyte is a thousand exabytes; an exabyte represents over 1 billion gigabytes.

“The steady rise in available computer power and the development of novel computer platforms will enable us to easily turn the huge volume of incoming data into an asset to be exploited, for the good of the nation,” the agency said in an undated press release about the facility.

These modern computing platforms allow analysts to run queries against huge data sets and get responses, often within seconds, because they allow data to be stored in solid state drives rather than traditional spinning disks, making access to data much faster. In other words, the can get results in about as much time as it takes for someone to get results from a Google query.

The facility and another in Maryland will be used to “provide U.S. authorities with intelligence and warnings about cyber threats,” according to NSA spokesperson Vanee M. Vines. The Utah facility is expected to become operational later this year, while the one in Maryland is not expected to go live until 2016.

Meanwhile, the NSA is also vacuuming up huge amounts of data on phone calls and electronic communications in the U.S.

The Guardian newspaper on Wednesday published an apparent court order requiring Verizon to turn over data on all calls within, to and from the U.S. to the NSA. It’s long been known that the NSA has been gathering such data in bulk, in operations that have been going on for more than half a decade and aren’t limited to a single carrier.

The Obama administration and members of Congress defended the practice as an effective bulwark against terrorism.

All of that data has to go somewhere to be analyzed. Advances in computer technology and software mean the price of that storage has fallen dramatically.

The technology needed to outfit data centers of the sort necessary to store and analyze phone call records by all Americans has become “orders of magnitude” less expensive than in the past, according to Tom Davenport, an expert on analytics and a professor of information technology at Harvard University’s Babson College. It is also much faster. “Analyzing data like this is a great deal faster now and much closer to real time,” Mr. Davenport said. Analytics performed against data in live solid-state memory rather than on traditional spinning disks “can reduce processing time from many hours to a few minutes, yielding near-real-time results,” Mr. Davenport said.

The task of storing and processing the metadata for all the calls in the U.S. is actually rather trivial, according Jack Norris, chief marketing officer at MapR Technologies Inc., a company that provides commercial-grade services based on open source database technology such as Hadoop, originally developed by Google Inc.

“This amount of data is easily analyzed on a MapR Hadoop cluster,” Mr. Norris said in an email. He assumed, in his calculation, that there are 250 million teenagers and adults in the U.S., each making an average of 10 calls a day, or 2.5 billion calls in total. He also assumed that the average call data record is 2,000 kilobytes. That means all the calls records take up five terabytes worth of storage. “We have customers today that are processing and analyzing many times this on a daily basis,” Mr. Norris said.

Mr. Norris said the company supports near real-time data analysis.

According to David J. Cappuccio, a chief of research at consulting firm Gartner Inc. , total server and storage costs are 20% less expensive using open source storage and server technology than standard proprietary technology. Assuming a 100,000 square-foot data center capable of handling one zettabyte of data, the yearly costs would break down as follows:

• Storage: $ 46.8 million (20% less if open source)
• Server costs (standard proprietary configuration): $28.7 million (20% less if open source)
• Total software: $37.7 million
• Total maintenance staff: $77.9 million

“The cost savings are just too big to ignore,” Mr. Davenport said during a phone interview.

According to a press release by the agency, the one million square-foot Utah facility will house a 100,000 square foot data center along with administrative space, water treatment facilities, air-conditioning, and sixty diesel-fueled emergency standby generators and enough fuel to provide backup power for three days.

The $1.2 billion cost doesn’t include servers and other computer equipment that will be used inside the center, according to a contract award for the construction of the facility posted to the General Services Administration FedBizOpps website reviewed by CIO Journal. Some observers believe the project will end up costing between $1.5 and $2.0 billion.

The data center isn’t the largest in the U.S., but it’s comparable to a data center for a large bank. By size, it’s probably in the top 10% of data centers in the U.S., said Richard Fichera, vice president and principal analyst who covers data centers for Forrester Research Inc. According to Mr. Fichera, the data center is comparable to one operated by Facebook Inc. three years ago.

According to Mr. Fichera, if the NSA is collecting all call records from Verizon, it’s likely the call details would be stored temporarily in live memory and then be archived in traditional spinning disk archives. If the NSA is only collecting selected records, the volume — and the process to collect it — is trivial and wouldn’t require spinning disks to archive.

James Bamford, an expert on the NSA’s use of technology, a visiting professor at the University of California, Berkeley, and author of several books about the NSA, including The Shadow Factory, said in an interview that the NSA will use the new data center to monitor Verizon’s voice network. He said the agency also has data centers in San Antonio, Atlanta, Aurora, Colo., and one in Hawaii. In The Shadow Factory, Mr. Bamford wrote that Verizon’s voice network is currently monitored from a Verizon facility in Irving, Texas, near Dallas.

The NSA also owns a large data center, at Fort Meade, Md.

The NSA has a data center in San Antonio, Texas, that will be mirrored – or backed up – by the data center in Utah, Mr. Bamford said.

Steve Rosenbush contributed to this story.
http://blogs.wsj.com/cio/2013/06/06/..._sections_tech





Glenn Greenwald: U.S. Wants to Destroy Privacy Worldwide
Katie Glueck

The journalist who broke the news that the government is monitoring vast quantities of American phone records is claiming the U.S. is building a “massive” snooping apparatus committed to destroying privacy worldwide.

“There is a massive apparatus within the United States government that with complete secrecy has been building this enormous structure that has only one goal, and that is to destroy privacy and anonymity, not just in the United States but around the world,” charged Glenn Greenwald, a reporter for the British newspaper “The Guardian,” speaking on CNN. “That is not hyperbole. That is their objective.”

Greenwald, speaking with CNN’s Piers Morgan, appeared during a week in which Americans learned that according to reports, the National Security Agency and other parts of the government have been monitoring the phone records of Verizon users and accessing Internet information as part of intelligence-gathering procedures. Some Republicans and Democrats have defended the phone records strategy, including the highest-ranking members of the Senate Intelligence Committee — Sens. Dianne Feinstein (D-Calif.) and Saxby Chambliss (R-Ga.). But Greenwald dismissed those arguments.

“So whatever the Justice Department wants to do, they can beat their chests all they want,” he said. “People like Dianne Feinstein and Saxby Chambliss can have press conferences threatening people for bringing … light to what it is they’re doing, but the only people who are going to be investigated are them. It’s well past time that these threats start to be treated with the contempt that they deserve. That’s certainly how I intend to treat them moving forward, with more investigation and disclosures.”

He also bashed the Obama administration for issuing “threats.”

“The Obama administration has been very aggressive about bullying and threatening anybody who thinks about exposing it or writing it or even doing journalism about it, and it’s well past time that come to an end,” he said.

Greenwald also told CNN’s Jake Tapper that the administration has taken a “warped and distorted” view of the PATRIOT Act, the legislation that authorized certain kinds of surveillance for security reasons in the wake of the Sept. 11, 2001, terrorist attacks.

“What the Obama administration is doing in interpreting the PATRIOT Act is so warped and distorted and it vests themselves with such extremist surveillance powers over the United States and American citizens that Americans, in their words, would be stunned to learn what the Obama administration is doing,” he said on CNN’s “The Lead.”

Speaking with MSNBC host Lawrence O’Donnell, Greenwald dared lawmakers to investigate how information about the Verizon phone records leaked, as Feinstein has said should happen.

“Let them go and investigate,” Greenwald said.

He added, “There is this massive surveillance state that the United States government has built up that has extraordinary implications for how we live as human beings on the earth and as Americans in our country, and we have the right to know what it is that that government and that agency is doing. I intend to continue to shine light on that, and Dianne Feinstein can beat her chest all she wants and call for investigations, and none of that is going to stop and none of it is going to change.”
http://www.politico.com/story/2013/0...acy-92400.html





US Government Invokes Special Privilege to Stop Scrutiny of Data Mining

Officials use little-known 'military and state secrets privilege' as civil liberties lawyers try to hold administration to account
Pilkington

The Obama administration is invoking an obscure legal privilege to avoid judicial scrutiny of its secret collection of the communications of potentially millions of Americans.

Civil liberties lawyers trying to hold the administration to account through the courts for its surveillance of phone calls and emails of American citizens have been repeatedly stymied by the government's recourse to the "military and state secrets privilege". The precedent, rarely used but devastating in its legal impact, allows the government to claim that it cannot be submitted to judicial oversight because to do so it would have to compromise national security.

The government has cited the privilege in two active lawsuits being heard by a federal court in the northern district of California – Virginia v Barack Obama et al, and Carolyn Jewel v the National Security Agency. In both cases, the Obama administration has called for the cases to be dismissed on the grounds that the government's secret activities must remain secret.

The claim comes amid a billowing furore over US surveillance on the mass communications of Americans following disclosures by the Guardian of a massive NSA monitoring programme of Verizon phone records and internet communications.

The director of national intelligence, James Clapper, has written in court filings that "after careful and actual personal consideration of the matter, based upon my own knowledge and information obtained in the course of my official duties, I have determined that the disclosure of certain information would cause exceptionally grave damage to the national security of the United States. Thus, as to this information, I formally assert the state secrets privilege."

The use of the privilege has been personally approved by President Obama and several of the administration's most senior officials: in addition to Clapper, they include the director of the NSA Keith Alexander and Eric Holder, the attorney general. "The attorney general has personally reviewed and approved the government's privilege assertion in these cases," legal documents state.

In comments on Friday about the surveillance controversy, Obama insisted that the secret programmes were subjected "not only to congressional oversight but judicial oversight". He said federal judges were "looking over our shoulders".

But civil liberties lawyers say that the use of the privilege to shut down legal challenges was making a mockery of such "judicial oversight". Though classified information was shown to judges in camera, the citing of the precedent in the name of national security cowed judges into submission.

"The administration is saying that even if they are violating the constitution or committing a federal crime no court can stop them because it would compromise national security. That's a very dangerous argument," said Ilann Maazel, a lawyer with the New York-based Emery Celli firm who acts as lead counsel in the Shubert case.

"This has been legally frustrating and personally upsetting," Maazel added. "We have asked the government time after time what is the limit to the state secrets privilege, whether there's anything the government can't do and keep it secret, and every time the answer is: no."

Virginia Shubert, a housing expert from Brooklyn who is the first named plaintiff in the case, said she joined it because she considered the vast monitoring of telecommunications and emails in the wake of 9/11 to be an erosion of her rights. She called the use of the state secret privilege in blocking the action "absurd. When the government faces allegations that it has violated the constitution, it cannot hide behind state secrets to avoid accountability."

The Shubert lawsuit, first lodged with the courts in May 2006, alleges that the US government has operated a massive dragnet of private citizens' communications across the country. Drawing on the testimony of several whistleblowers, the suit accuses the Bush and then Obama administration of having broken the fourth amendment of the US constitution that guards against unwarranted searches and seizures by intercepting "en masse the communications of millions of ordinary Americans".

In the course of protracted legal argument the government has invoked the military and state secrets privilege no fewer than three times. The privilege was originally laid down in 1953 in a case in which the widows of Air Force personnel involved in a secret test run of a B-29 bomber that crashed sued to see a copy of the accident investigation report and were rebuffed under a claim of privilege that disclosure of the document would "expose military matters … in the interest of national security".

In court motions, the Obama administration has set out the information that it claims is exempt from legal scrutiny under the privilege, including "information that may tend to confirm or deny whether the plaintiffs have been subject to any alleged NSA intelligence activity" and "any information concerning NSA intelligence activities, sources, or methods that may relate to or be necessary to adjudicate plaintiffs' allegations."

The government goes further and says that the state secrets privilege also covers "allegations that the NSA, with the assistance of telecommunications carriers such as AT&T and Verizon, indiscriminately intercepts the content of communications and also collects the communication records of millions of Americans."

The second case, Jewel versus National Security Agency, was lodged in 2008 following the disclosures of an AT&T whistleblower, Mark Klein. He revealed in 2006 that the telecoms firm had set up a secret NSA room within its San Francisco office in which all phone calls from the region were passing through a splitter cabinet that sent a copy to the NSA.

Mark Rumold, an attorney with the Electronic Frontier Foundation working on Jewel, said that this week's disclosures by the Guardian would make it increasingly difficult for the administration to claim the state secrets privilege.

"The Guardian's disclosures may fundamentally alter the government's approach as they are going to have a tough time convincing a judge that this stuff is secret," he said.
http://www.guardian.co.uk/world/2013...-scrutiny-data





Government Likely to Open Criminal Probe Into NSA Leaks: Officials
Mark Hosenball

President Barack Obama's administration is likely to open a criminal investigation into the leaking of highly classified documents that revealed the secret surveillance of Americans' telephone and email traffic, U.S. officials said on Friday.

The law enforcement and security officials, who were not authorized to speak publicly, said the agencies that normally conduct such investigations, including the FBI and Justice Department, were expecting a probe into the leaks to a British and an American newspaper.

Such investigations typically begin after an agency that believes its secrets have been leaked without authorization files a complaint with the Justice Department.

It was unclear on Friday whether a complaint had been submitted by the publicity-shy National Security Agency, which was most directly involved in the collection of trillions of telephone and email communications.

However, one U.S. official with knowledge of the situation said that given the extent and sensitivity of the recent leaks, federal law may compel officials to open an investigation.

A criminal probe would represent another turn in the Obama administration's battle against national security leaks. This effort has been under scrutiny lately because of a Justice Department investigation that has involved searches of the phone records of Associated Press journalists and a Fox News reporter.

Leaks to media outlets this week have revealed a government campaign of domestic surveillance going far beyond anything that had been acknowledged previously.

Late on Wednesday, Britain's Guardian newspaper published what U.S. officials later acknowledged was an order, approved by the secretive U.S. Foreign Intelligence Surveillance Court, requiring a subsidiary of Verizon Communications to give the NSA raw data showing phone calls made from numbers within the United States and from U.S. numbers to those overseas.

The data did not include the identities of people who made the calls or the contents of the calls.

On Thursday, the Guardian and the Washington Post published slides from a secret NSA powerpoint presentation that described how the agency gathered masses of email data from prominent Internet firms, including Google, Facebook and Apple under a Top-Secret program called PRISM.

Some of the companies denied that the NSA and FBI had "direct access" to their central servers, as the Post reported.

On Friday, for example, Facebook founder and Chief Executive Mark Zuckerberg said his company "is not and has never been part of any program to give the U.S. or any other government direct access to our servers."

"We have never received a blanket request or court order from any government agency asking for information or metadata in bulk, like the one Verizon reportedly received," Zuckerberg said. "And if we did, we would fight it aggressively. We hadn't even heard of PRISM" before Thursday, he said.

James Clapper, the director of U.S. national intelligence, condemned the leaks and asserted that the news articles about PRISM contained "numerous inaccuracies."

WIKILEAKS

Journalists involved in The Guardian and Washington Post articles have reported in depth on WikiLeaks, the website known for publishing secret U.S. government documents.

The Post report on the PRISM program was co-written by Laura Poitras, a filmmaker who has been working on a documentary on WikiLeaks, with the cooperation of its founder Julian Assange, and who last year made a short film about Bill Binney, a former NSA employee who became a whistleblowing critic of the agency.

Last year, the web magazine Salon published a lengthy article by the author of the Guardian report, Glenn Greenwald, accusing U.S. authorities of harassing Poitras when she left and re-entered the United States. Greenwald also has written frequently about Assange.

The Guardian and Post stories appeared in the same week that U.S. Army Private First Class Bradley Manning went on trial in Maryland accused of leaking hundreds of thousands of classified documents to WikiLeaks.

In an email to Reuters on Friday, Poitras rejected the notion that the trial had any impact on the timing of her story.

"I am fully aware we are living in a political climate where national security reporting is being targeted by the government, however, I don't think fear should stop us from reporting these stories," Poitras wrote.

"To suggest that the timing of the NSA PRISM story is linked in any way to other events or stories I'm following is simply wrong. Like any journalist, I have many contacts and follow multiple stories."

Kris Coratti, a Washington Post spokeswoman, said the timing of the paper's publication of Poitras' story had nothing to do with Manning's trial and that Assange had played no role in arranging or encouraging the story.

Greenwald did not respond to emailed requests for comment. The Guardian's editor-in-chief, Alan Rusbridger, declined to comment.

(Editing by David Lindsey and David Brunnstrom)
http://www.reuters.com/article/2013/...95700K20130608





Public Documents Contradict Claim Email Spying Foiled Terror Plot

Defenders of “PRISM” say it stopped subway bombings. But British and American court documents suggest old-fashioned police work nabbed Zazi.
Ben Smith

Defenders of the American government’s online spying program known as “PRISM” claimed Friday that the suddenly controversial secret effort had saved New York City’s subways from a 2009 terrorist plot led by a young Afghan-American, Najibullah Zazi.

But British and American legal documents from 2010 and 2011 contradict that claim, which appears to be the latest in a long line of attempts to defend secret programs by making, at best, misleading claims that they were central to stopping terror plots. While the court documents don’t exclude the possibility that PRISM was somehow employed in the Zazi case, the documents show that old-fashioned police work, not data mining, was the tool that led counterterrorism agents to arrest Zazi. The public documents confirm doubts raised by the blogger Marcy Wheeler and the AP’s Adam Goldman, and call into question a defense of PRISM first floated by House Intelligence Committee Chairman Mike Rogers, who suggested that PRISM had stopped a key terror plot.

Reuters’s Mark Hosenball advanced the claim Friday, based on anonymous “government sources”:

A secret U.S. intelligence program to collect emails that is at the heart of an uproar over government surveillance helped foil an Islamist militant plot to bomb the New York City subway system in 2009, U.S. government sources said on Friday.

The sources said Representative Mike Rogers, chairman of the House of Representatives Intelligence Committee, was talking about a plot hatched by Najibullah Zazi, an Afghan-born U.S. resident, when he said on Thursday that such surveillance had helped thwart a significant terrorist plot in recent years.

President Barack Obama’s administration is facing controversy after revelations of details of massive programs run by the National Security Agency for collecting information from telephone and Internet companies.

The surveillance program that halted the Zazi plot was one that collected email data on foreign intelligence suspects, a U.S. government source said.


The New York Times also emphasized the Zazi case Friday:

To defenders of the N.S.A., the Zazi case underscores how the agency’s Internet surveillance system, called Prism, which was set up over the past decade to collect data from online providers of e-mail and chat services, has yielded concrete results.

“We were able to glean critical information,” said a senior intelligence official, who spoke on the condition of anonymity. “It was through an e-mail correspondence that we had access to only through Prism.”


But public — though not widely publicized — details of the Zazi plot cast into doubt the notion that a data mining program had much to do with the investigation. Zazi traveled to Pakistan in 2008 to train with al Qaeda. He was charged in 2009 with leading two other men in a plot to detonate suicide bombs in the New York subways.

The path to his capture, according to the public records, began in April 2009, when British authorities arrested several suspected terrorists. According to a 2010 ruling from Britain’s Special Immigration Appeals Commission, one of the suspects’ computers included email correspondence with an address in Pakistan.

The open case is founded upon a series of emails exchanged between a Pakistani registered email account sana_pakhtana@yahoo.com and an email account admittedly used by Naseer humaonion@yahoo.com between 30 November 2008 and 3 April 2009. The Security Service’s assessment is that the user of the sana_pakhtana account was an Al Qaeda associate…”

“For reasons which are wholly set out in the closed judgment, we are sure satisfied to the criminal standard that the user of the sana_pakhtana account was an Al Qaeda associate,” the British court wrote.

Later that year, according to a transcript of Zazi’s July, 2011 trial, Zazi emailed his al Qaeda handler in Pakistan for help with the recipe for his bombs. He sent his inquiry to the same email address: sana_pakhtana@yahoo.com.

An FBI agent, Eric Jurgenson, testified, “I was notified, I should say. My office was in receipt of several e-mail messages, e-mail communications.” Those emails — from Zazi to the same sana_pakhtana@yahoo.com — “led to the investigation,” he testified.

The details of terror investigations are not always laid out this clearly in public; but they appear to belie the notion, advanced by anonymous government officials Friday, that sweeping access to millions of email accounts played an important roil in foiling the subway attack. Instead, this is the sort investigation made possible by ordinary warrants under the Foreign Intelligence Surveillance Act; authorities appear simply to have been monitoring the Pakistani email account that had been linked to terrorists earlier that year.

This was, in fact, reported at the time. That November, British authorities were bragging to the Telegraph about their role in arresting Zazi:

The plan, which reportedly would have been the biggest attack on America since 9/11, was uncovered after Scotland Yard intercepted an email….The alleged plot was unmasked after an email address that was being monitored as part of [the 2009 U.K. case] was suddenly reactivated.

The existence of PRISM was revealed Thursday by the Washington Post and the Guardian. Authorities are now scrambling to justify the program.
http://www.buzzfeed.com/bensmith/pub...-foiled-terror





Microsoft Details Xbox One Used Games, “Always Online,” and Privacy Policies

No rentals, daily online check-ins, Kinect disabling, and more from a massive data dump.
Kyle Orland

Weeks after first revealing the Xbox One to the world and days before its follow-up events at E3 next week, Microsoft has finally broken its silence on a number of important and, until now, confusing Xbox One issues. Today, the company published a post spanning topics from used games and disc lending to online connections and Kinect-based privacy concerns.

First off—the big questions about used games and game licensing. "Today, some gamers choose to sell their old disc-based games back for cash and credit," Microsoft wrote. "We designed Xbox One so game publishers can enable you to trade in your games at participating retailers. Microsoft does not charge a platform fee to retailers, publishers, or consumers for enabling transfer of these games."

Microsoft didn't go into detail on exactly how this resale process would work, but we can glean a bit from the language they did use. For instance, the "games publishers can enable you" bit heavily implies that those publishers can also decide not to allow for used discs to be resold at all. In fact, later in the announcement, they confirm that "third-party publishers may opt in or out of supporting game resale and may set up business terms or transfer fees with retailers."

The "participating retailers" phrasing implies that not just any store will be able to accept your trades. Rather, the retailer will probably have to sign on to some sort of online system to confirm that the game is no longer associated with your Xbox Live account (more on that account linkage is described below). Microsoft for its part "does not receive any compensation as part of this [used game sales process]" and "does not charge a platform fee to retailers, publishers, or consumers for enabling transfer of these games."

What if you don't want to go through a retailer to sell your disc or give it to a friend? Microsoft has you covered there to some extent. The company writes that "Xbox One is designed so game publishers can enable you to give your disc-based games to your friends. There are no fees charged as part of these transfers. There are two requirements: you can only give them to people who have been on your friends list for at least 30 days and each game can only be given once."

Again, publishers can block the ability to give away games if they choose. The limit on giving each game disc only once also severely limits how freely discs can be passed around among Xbox One owners. Many games on trading services get passed around multiple times before reaching their final owners.

The Xbox One licensing system means an end to game rentals as we know them, at least at launch. "Loaning or renting games won’t be available at launch, but we are exploring the possibilities with our partners," Microsoft announced bluntly.

All games for Xbox One will be available the same day on discs or as downloads. Even if you buy the disc, though, the game will be playable without it after being installed on any Xbox One system. That is, as long as you log in to the associated Xbox Live account. You'll be able to download the digital version of the game to any system too, even if you originally bought it on disc.

That should handle the problem of bringing games over to a friend's house (though loaning a disc to a friend long term could be a different matter). Family members won't have to log in as you in order to play games on your own personal system, though; those games will be playable by anyone using that primary system. You can "share" access to your games with up to 10 family members, giving them the added ability to bring those games over to a friend's house for instance.

All of this, of course, is not set in stone. "As we move into this new generation of games and entertainment, from time to time, Microsoft may change its policies, terms, products and services to reflect modifications and improvements to our services, feedback from customers and our business partners, or changes in our business priorities and business models or for other reasons," the company writes. "We may also cease to offer certain services or products for similar reasons."

Always Online? Always watching?

Apparently, Microsoft doesn't see the Xbox One as a system intended for people who don't have broadband in the home at all. "Because every Xbox One owner has a broadband connection, developers can create massive, persistent worlds that evolve even when you’re not playing," the company writes. Microsoft recommends a connection of at least 1.5Mbps, or using mobile broadband "in areas where an Ethernet connection is not available."

While the broadband connection doesn't have to be "persistent" to use the Xbox One, Microsoft says the console is "designed to verify if system, application, or game updates are needed and to see if you have acquired new games, or resold, traded in, or given your game to a friend." Your primary console can be offline for up to 24 hours without this online check-in, while a secondary console (i.e. one accessing your library/account at a friend's house) can only be offline for an hour at a time.

While gaming is not possible if these online check-in times are not met, you'll still be able to watch TV or DVD movies without a connection. In addition, "games that are designed to take advantage of the cloud may require a connection."

In response to privacy concerns raised by the "always on" description of the Xbox One and its attached Kinect, Microsoft has clarified that "you are in control of when Kinect sensing is On, Off or Paused." When the system is "off," the Kinect will only listen for a single phrase—"Xbox On"— and even that feature can be turned off.

Microsoft stresses that the Xbox One will "navigate you through key privacy options, like automatic or manual sign in, privacy settings, and clear notifications about how data is used" when it is first set up. The Kinect will not record or upload "simply having a conversation," Microsoft says, and it will not send data "such as videos, photos, facial expressions, heart rate, and more... without your explicit permission." In addition, navigation for the Xbox One UI can be controlled with a regular controller as well as voice and gesture commands.

There's a lot of information in this afternoon data dump from Microsoft, and we're still sifting through and processing it all. Expect more analysis and opinion about the system's unique features soon.
http://arstechnica.com/gaming/2013/0...vacy-policies/





Judge: Child Porn Suspect Doesn't Need to Decrypt Files

Earlier court order requiring a Wisconsin suspect in underage porn case to decrypt his hard drives for the FBI by the end of the day Tuesday -- or face contempt of court -- has been lifted.
Declan McCullagh

Jeffrey Feldman has won a reprieve from a federal court order that had given him until Tuesday to decrypt his hard drives for the FBI -- or face contempt of court.

A federal judge in Wisconsin today granted an emergency motion filed by Feldman's attorney for additional time to establish that her client's Fifth Amendment right to self-incrimination would be violated.

U.S. District Judge Rudolph Randa lifted the threat of contempt of court and jail time, at least temporarily, and asked for additional briefs from Feldman's attorney and Justice Department prosecutors. A hearing is likely to take place this fall.

The Wisconsin case, in which an FBI agent accused Feldman of possessing underage porn, is the latest to test the limits of the Fifth Amendment in the digital age. The Fifth Amendment says that nobody may be "compelled in any criminal case to be a witness against himself," which has become known as the right to avoid self-incrimination.

Feldman's attorney, Robin Shellow, argued in an emergency motion filed yesterday that a previous magistrate judge had "no authority to issue an order" to require her client to decrypt his Western Digital My Book and Maxtor Black Armor hard drives. Of approximately 20 terabytes of storage, about 80 percent is encrypted, the government claims.

Shellow also argued that the decryption order was improper because the previous proceedings were held before a magistrate judge with only prosecutors -- not defense counsel -- permitted to attend. Judge Randa agreed, and requested both sides submit additional arguments in briefs due in July and August.

Prosecutors did not respond to a request for comment. Shellow told CNET this afternoon that:

I will move heaven and earth to make sure that the war on the infinitesimal amount of child pornography that recirculates on the Internet does not eradicate the Fifth Amendment the way the war on drugs has eviscerated the Fourth Amendment. This case is going to go many rounds. Regardless of who wins the next round, the other side will appeal, invariably landing in the lap of the Seventh Circuit Court of Appeals and quite possibly the U.S. Supreme Court. The grim reality facing our country today is one where we currently have a percentage of our population behind bars that surpasses even the heights of the gulags in Stalinist Russia. On too many days criminal lawyers lose all rounds. But for today: The Shellow Group: 1, Government: 0.

FBI agent Brett Banner said in an affidavit the bureau obtained a warrant to seize hard drives and other electronic gear from Feldman's house in January 2013. They found 20 terabytes of hard drives, but agents in the Milwaukee field office could not break the encryption despite spending "over 10 weeks working" on the task. Banner said agents did find evidence that suggested Feldman was using a peer-to-peer program called eMule to exchange files with titles suggestive of child pornography.

While the U.S. Supreme Court has not confronted the topic of the Fifth Amendment and encryption, a handful of lower courts have.

A federal judge in Colorado ruled last year that a woman accused of being involved in a mortgage scam would have to decrypt her laptop. A Vermont federal judge reached the same conclusion in 2009.

But in March 2010, a federal judge in Michigan ruled that Thomas Kirschner, facing charges of receiving child pornography, would not have to give up his password. That's "protecting his invocation of his Fifth Amendment privilege against compelled self-incrimination," the court ruled (PDF).

The question of encryption and the Fifth Amendment has been around at least since the 1990s, with law review articles sparring over which traditional legal analogy is most apt. Prosecutors tend to view passphrases as akin to someone possessing a key to a safe filled with incriminating documents. That person can, in general, be legally compelled to hand over the key. Other examples include the U.S. Supreme Court saying that defendants can be forced to provide fingerprints, blood samples, or voice recordings.

Civil libertarians, however, cite a different set of Supreme Court cases that conclude Americans can't be forced to give "compelled testimonial communications." Courts already have ruled that that such protection extends to the contents of a defendant's mind, the argument goes, so why shouldn't a passphrase be shielded as well?

In the current Wisconsin case, the now-vacated order from U.S. Magistrate Judge William Callahan ordered Feldman to meet with the FBI and either "enter the appropriate password or passwords...to decrypt those devices" or otherwise help them decrypt it by the end of the day today.
http://news.cnet.com/8301-13578_3-57...decrypt-files/





Obama Promises to Have High-Speed Internet in Most Schools in 5 Years
Jackie Calmes and Edward Wyatt

President Obama visited an innovative middle school in central North Carolina on Thursday to demonstrate the Internet-based education programs that he is proposing to make available nationwide.

Speaking to an audience of excited teenagers in a steamy gymnasium, Mr. Obama called on the Federal Communications Commission to expand an existing program to provide discounted high-speed Internet service to schools and libraries, even if it meant increasing the fees that for years had been added to consumers’ phone bills. He said the initiative could lead to better technology at 99 percent of schools in five years.

“There’s no reason why we can’t replicate the success you’ve found here,” Mr. Obama said to the students’ cheers. “And for those of you who follow politics in Washington, here’s the best news — none of this requires an act of Congress.” To further applause, he added, “We can and we will get started right away.”

Mr. Obama was joined by his education secretary, Arne Duncan, whose department would work with the F.C.C. to revamp the initiative, known as the Schools and Libraries program or E-rate, to provide local schools with Internet speeds of up to 1 gigabit per second, among the fastest commercially available. With the federal money that Mr. Obama proposes to redirect for this purpose, schools also could pay for wireless networks throughout their buildings and campuses.

The president singled out Mooresville for its program, which not only upgraded technology but also provided a computer to each student and extra training for teachers. School performance has improved in turn.

Mr. Duncan, speaking to reporters on Air Force One en route to North Carolina, said that he had learned of the innovations in Mooresville, a town near Charlotte, because the local school superintendent was a friend. Mr. Duncan said the school quit purchasing textbooks several years ago to pay for the technology. Mr. Obama, he added, wants to “shine a spotlight on best practices and try to take them to scale.”

To pay for a similar technology expansion throughout the United States, the administration wants to improve the efficiency of the current program, and for telephone customers to pay up to $5 a year extra, or about 40 cents monthly, on their bills.

The Schools and Libraries program is part of the Universal Service Fund, an $8.7 billion program that distributes money for several purposes. Nearly half the money goes to a program that has long subsidized telephone and Internet service to rural or remote areas. About $2.2 billion goes to Schools and Libraries, a similar amount supports phone service to low-income consumers, and $200 million pays for telephone and Internet service to health care professionals in rural areas.

As an independent agency, the F.C.C. does not answer directly to the president, but he nominates the agency’s chairman. Any changes to the program’s structure would have to go through a rule-making procedure and be approved by a majority of the commission’s members. Currently there are three members; two seats are vacant.

The program assesses the fees on phone companies, but they typically pass the cost to consumers. The tax is roughly 15 percent on the long-distance portion of phone bills, resulting in a monthly assessment of a few dollars on the average combined home and mobile phone plan.

Schools and libraries that qualify for E-rate support receive discounts of 20 to 90 percent on services and equipment, depending on the household income levels of students and whether the school is in an urban or rural area.

Administration officials say that while the E-rate program, established in 1996, provides low-cost Internet connections to community institutions, the speed of those services is rarely different from those that home subscribers can receive, about 20 megabits per second.

That is fast enough for the average home consumer to stream video, but if dozens of classrooms are trying to view video or listen to digital audio files at the same time, a school’s network will operate much more slowly.

Officials say they also expect private companies to expand their offerings of devices and products like electronic textbooks in response to the expanded program.

Jackie Calmes reported from Mooresville, N.C., and Edward Wyatt from Washington.
https://www.nytimes.com/2013/06/07/u...libraries.html





Chicago Sun-Times Trains Reporters to Shoot With iPhones After Laying Off All its Photographers
Amar Toor

The Chicago Sun-Times this week laid off all 28 of its staff photographers, and has reportedly begun training its remaining reporters on "iPhone photography basics." Media journalist Robert Feder first reported the news in a post to his Facebook page Friday, citing an internal memo from Sun-Times managing editor Craig Newman.

"In the coming days and weeks, we'll be working with all editorial employees to train and outfit you as much as possible to produce the content we need," Newman wrote in the memo, which Feder published in full Saturday morning. Newman goes on to highlight key areas of focus, including iPhone photography, "video and basic editing," and social media.

The paper cut its entire photography staff on Thursday, including Pulitzer Prize winner John H. White. In a statement, the Sun-Times said the move was part of a broader shift, as the company focuses more on video and digital multimedia. Going forward, the company will rely exclusively on freelance photographers — an approach that's common in magazine publications, but rare among newspapers.

"The Sun-Times business is changing rapidly and our audiences are consistently seeking more video content with their news," the paper said Thursday. "We have made great progress in meeting this demand and are focused on bolstering our reporting capabilities with video and other multimedia elements."

"The Chicago Sun-Times continues to evolve with our digitally savvy customers, and as a result, we have had to restructure the way we manage multimedia, including photography, across the network."

Sources close to the company tell the Chicago Tribune that Thursday's cuts were largely motivated by financial interests, as the paper tries to return to profitability. In March, the Sun-Times laid off several suburban editors, following reports that it was struggling to make payments on a $70 million print and distribution deal with the Tribune.

Following this week's announcement, the Chicago Newspaper Guild said it would consider legal action against the paper, while urging the Sun-Times to bring back its staff. The union represents 20 of the 28 photographers laid off Thursday.

"We will be looking into all of our options, legal and nonlegal" Craig Rosenbaum, the union's executive director, told Chicago Business. "We think this is a terrible move for the paper and community."
http://www.theverge.com/2013/6/1/438...porters-iphone





Burner Phone

Introducing the Burner Kit
The simplest, most anonymous, and most affordable disposable cell phone ever manufactured. Made for people who value security and privacy.

• 30 day disposable phone number.
• Unlimited talk and text for 30 days.
• Nationwide coverage.
• 16 hour talk time.
• 30 day standby time.
• Arrives fully charged.
• Power cord included.
• Completely anonymous.

About

Need real anonymity?

Our Burner Kit is the simplest, most secure, and most affordable pre-paid cell phone kit in the US. The Burner Kit comes with a quality disposable cell phone, in addition to unlimited voice and SMS messaging for 30 days.

After 30 days, just throw away your Burner Kit and you'll never have to worry about compromising your identity.

When you receive your Burner Kit in the mail, it'll be fully ready to go. Your Burner will be fully charged and ready for usage as soon as you snap your battery into the phone! Your 30 days of usage start counting after your phone turns on for the first time.

We take your privacy seriously. You can purchase your Burner Kit using Credit or Debit card or Bitcoin (an anonymous digital crypto currency). Every time you make a purchase we'll package and ship your order, then destroy all transaction records in our system. We make it impossible to give or share your information with anyone.

$75.00 — Free Shipping

Got questions? Email us.
https://www.burnerphone.us/
















Until next week,

- js.



















Current Week In Review





Recent WiRs -

June 1st, May25th, May18th, May 11th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 04:05 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)