P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 22-04-15, 08:18 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - April 25th, '15

Since 2002


































"I think [Tribal] totally blew it by bringing out a bunch of millionaires and billionaires and propping them up onstage and then having them all complain about not being paid." – Ben Gibbard






































April 25th, 2015




Once Comcast’s Deal Shifted to a Focus on Broadband, Its Ambitions Were Sunk
Jonathan Mahler

When it was announced a little more than a year ago, it felt to many like a sure thing.

After all, government regulators had approved Comcast’s acquisition of NBCUniversal in 2011. Comcast had an army of registered lobbyists, more than 100 strong, in Washington alone. The company’s chief executive, Brian L. Roberts, golfed on Martha’s Vineyard with President Obama. Its executive vice president, David L. Cohen, hosted three fund-raisers for Mr. Obama, two at his home in Philadelphia, raising a total of more than $10 million.

But now the $45 billion Comcast-Time Warner Cable merger is dead. Comcast is folding, in anticipation of regulators rejecting the deal.

The news, which broke on Thursday afternoon, was certainly dramatic. But the air of inevitability that once hung over the deal had been dissipating for months, as the debate over net neutrality — in short, the question of whether Internet providers should be allowed to charge content providers for speedier service — played out in Washington. And a merger that had at first seemed to be primarily about cable television turned into something much different.

The government’s verdict on the merger and its stance on net neutrality were separate issues, but they were very much intertwined. At the end of the day, the government’s commitment to maintaining a free and open Internet did not square with the prospect of a single company controlling as much as 40 percent of the public’s access to it. All the more so given the accelerating shift in viewing habits, with increasing numbers of consumers choosing streaming services like Netflix over traditional TV. In this sense, it didn’t really matter if Comcast and Time Warner’s cable markets overlapped. The real issue was broadband.

“The simple way to think about the problem with the Comcast merger is that once they get that big, they’re pretty much too big to regulate,” said Marvin Ammori, a lawyer who helped lead the campaign for net neutrality.

If there was a single moment when the winds seemed to shift against Comcast, it came in November, when President Obama released a video on the White House website in which he spoke about the future of the Internet. For the first time, Mr. Obama, who had long offered support for the idea of net neutrality but had always stopped short of suggesting how it might be achieved, was unambiguously clear about what he wanted. He called on the Federal Communications Commission to adopt “the strongest possible rules” to regulate the Internet.

“For almost a century, our law has recognized that companies who connect you to the world have special obligations not to exploit the monopoly they enjoy over access into and out of your home or business,” he said. “It is common sense that the same philosophy should guide any service that is based on the transmission of information — whether a phone call or a packet of data.”

The president may have been speaking about net neutrality, but the implications for the merger were clear.

“That was just huge,” said Susan Crawford, a co-director of the Berkman Center for Internet & Society at Harvard University. “It signaled that the cable industry was no longer calling the shots.”

Not long after the president’s video, the F.C.C. made good on his promise to regulate Internet service providers more rigorously when it voted to raise the speed required for broadband Internet connections. The decision was a nod to the fact that more than one person is often online at the same time in many of today’s households.

It was another move that may not have been explicitly aimed at the proposed merger, but it was ominous all the same. It meant that a lot of Americans living in rural areas no longer had what qualified as high-speed Internet access — making Comcast’s already large share of the broadband market considerably larger.

Then, in February, the chairman of the F.C.C., Tom Wheeler, formally proposed new rules treating Internet service as a public utility. It was a significant policy shift, and the clearest demonstration to date that the government intended to police the Internet beat with a new vigilance. And it was more bad news for Comcast.

For opponents of the merger, it helped that net neutrality was no longer such an esoteric concept to the American public. In June, an unlikely individual, John Oliver of HBO, devoted a lengthy segment to the subject that quickly lit up the Internet, attracting more than eight million views. (“The only two words that promise more boredom in the English language are ‘featuring Sting,’ ” he said of net neutrality.)

One of Mr. Oliver’s primary targets of ridicule was Comcast. He showed a graphic of the speed of Netflix videos on Comcast before and after it had negotiated a deal for faster service with the cable provider, comparing it to a “mob shakedown.”

Over the months, the chorus of critics of the Comcast deal grew, and grew louder. When the merger was announced in February 2014, Senator Al Franken, a Democrat from Minnesota, was its lone outspoken critic in Congress. Earlier this week, five other senators joined him in urging the Justice Department and the F.C.C. to block the acquisition.

Most media and tech companies have been wary of speaking out publicly against the deal because they did not want to antagonize a company with which they do business. But this did not stop them from making their case privately to government regulators.

The notable exception throughout has been Netflix. The company’s chief executive, Reed Hastings, could not have been clearer about where he stood from the start. A few days ago, in a conference call with analysts, he said that Netflix’s “main goal at this point is to get the government to block the Comcast-Time Warner merger.”

Mission accomplished.
http://www.nytimes.com/2015/04/24/bu...were-sunk.html





One in 2 Here OK with Illegal File-Sharing
Lester Hio

A survey has found that one in two people think it is not a crime to download files from unauthorised sources or share files illegally.

Yet nearly 82 per cent of the 1,002 respondents in the biennial survey by the Intellectual Property Office of Singapore (Ipos) said it was important to protect intellectual property (IP) rights.

Three in five also saw buying counterfeit products as a form of theft.

Despite their support for content creators, respondents were more cavalier when it came to obtaining content from dubious sources.

The survey was done last November and results were released yesterday. It found that 55 per cent saw unauthorised downloading as theft, down from 78 per cent in a similar survey done in 2010.

Consumers said they were unwilling to pay for content and found it more convenient to pirate content online.

"Downloaders may be aware that they are doing something wrong, but they might justify it as something not as serious as outright theft," said Koh Chia Ling, intellectual property lawyer at ATMD Bird & Bird.

The spotlight was cast on illegal downloading two weeks ago, when more than 500 people who had allegedly downloaded Oscar-winning film Dallas Buyers Club were served letters asking for compensation.

Consumers also pointed to the lack of available legal methods of obtaining digital content, such as streaming services like Netflix or HBO Now.

"There aren't enough ways to get TV shows on demand in a legal way," said banker Jeremy Ho, 25. "I'm more than willing to pay for something like Netflix, but it's not available here."

Said Mr Koh: "There will always be a small group of hardcore downloaders who want to download unauthorised material for free.

"But if there is content available legitimately, there will also be a large segment of people who will pay for cheap and easily available content."

Ipos said it will continue to build awareness of IP in Singapore through outreach programmes in primary schools and by sharing information on social media channels to educate consumers.

Said Ipos chairman Stanley Lai: "Education remains our top priority, and we must continue to give due recognition and respect to IP creators and their original works."

The survey findings were released yesterday at an appreciation event for World IP Day on Sunday.

At the event, Ipos also announced the launch of a free weekly legal clinic for clients to get preliminary legal advice on matters relating to IP rights and copyright infringement.

These clinics will benefit small companies and individuals who may not be equipped to handle such IP disputes, such as those with no access to lawyers or lack knowledge on such matters.
http://digital.asiaone.com/digital/n...l-file-sharing





Sweden, Isle of Man Move to Revoke Domain Names in Battle Against File-Sharing Sites
Scott Roxborough

On Friday, the Isle of Man took action against the world's leading online file-sharing site, KickassTorrents, revoking the .IM domain name from the site less than 24 hours after KickassTorrents moved its online location to the small island in the Irish sea.

It was the latest in what has become a cat-and-mouse game between filesharing sites and the copyright protection groups that accuse them of online piracy.

Anti-piracy groups continue to find new technical or legal ways to shut down people trying to illegally share films and TV series online and as soon as they do, the pirates find a new way around them.

Revoking a domain name – the lettered code at the end of an Internet address that denotes under which legal authority the site operates – is one method of disrupting file-sharers. Popular torrent site often see a drop in traffic after a domain is pulled. Most, however, quickly set up a new domain. KickassTorrents, for one, announced it is moving its site to the Costa Rica-based domain .cr.

Sweden is also looking to revoke the official online status of The Pirate Bay, another popular, and notorious, sharing site. A Swedish court will decide next week if The Pirate Bay should be stripped of its .se domain, an address it has had for the past two years. The Swedish case is unique because, for the first time, the country is directly suing the nation's Internet domain registry - Punkt SE, accusing it of "abetting criminal activity or breaching copyright law.”

If the case succeeds, Punkt SE will be forced to prevent anyone from registering the Pirate Bay domain names, a ruling that copyright holders could use as a precedent to get more alleged piracy sites yanked off registries across Europe.

It's questionable, however, how effective that would be in fighting piracy. Copyright holders have enjoyed some positive press in recent months. In April, British police arrested a 26-year-old man alleged to be behind the illegal leak of Expendables 3. Late last year, Swedish authorities managed to shut down The Pirate Bay for nearly a month.

But while traffic to shuttered sites drops, it tends to shift elsewhere. KickassTorrents and other filesharers noted an uptick after The Pirate Bay shutdown. The overall impact on online piracy appears, so far, to have been negligible.
http://www.hollywoodreporter.com/new...-domain-791209





KickassTorrents Back Online After Somalia, Redirected to Kat.cr After Seizure: Sweden Cracks Down On Own Internet Domain Registry

Within 24 hours, The Isle of Man Domain Registry removed KickassTorrents' domain name from their area at 9:30 AM. However, it was a planned move, with KAT directing users to a new site as well as to their previous domain. This was the latest blocking of a filesharing site, which Sweden is also set to remove The Piracy Bay's domain names.

KickassTorrents domain removed in 24 hours

When The Pirate Bay servers were closed down, various users began searching alternative sites for torrent downloads, which led them to go to KickassTorrents (KAT) site.

KAT was previously registered in Somalia (having ".so" suffix), but after enjoying a rise of popularity, it was also arrested quickly. Upon knowing that their site was halted, the group decided to open an ".a" domain suffix, owned by the Tonga government. However, it was also seized. Still, the group did not give up that easily as they directed users to an ".im" (Isle of Man government) domain. Nevertheless, its servers were downed within 24 hours.

This was because the Isle of Man government has a "zero tolerance policy towards copyright infringement."

An IM Domain Registry representative told The Independent that they "wish to make it very clear that we do not tolerate copyright infringement and withdrew the domain name from service at: 09:36 this morning."

KAT's planned move, nothing special

However, the KAT team reportedly told TorrentFreak that the domain name change was a "planned move." KAT said, "The domain name change is a planned move which KickassTorrents does every six months. Nothing special."

This "planned move" reportedly makes KAT site to re-open channels previously blocked, which was imposed by Internet providers in the UK and Google due to copyright issues. KAT admin Mr. Pink also said, "We have been seized by the Isle of Man domain registry. The new domain will be Kat.cr." Besides pointing users to a Kat.cr, KAT's original site is said to be working also.

Sweden joins the cat-and-mouse game

The revoke of the KAT's domain is the newest of what is termed as a "cat-and-mouse game between filesharing sites and the copyright protection groups." As anti-piracy groups continue to find new technical or legal ways to ban groups that illegally share files, pirate groups would then find ways to operate.

Recently, Sweden is looking to cancel the online status of The Pirate Bay, which is considered to be another notorious sharing site. A court in Sweden will be deciding next week if The Pirate Bay's ".se" domain should be removed.

Sweden is also suing its own Internet domain registry - Punkt SE, due to an accusation of "abetting criminal activity or breaching copyright law." Once the case gets successful, Punkt SE would be forced to stop anyone from registering Pirate Bay domain names, which could be used as an example in removing piracy sites off across Europe.
http://www.vcpost.com/articles/60879...n-registry.htm





How Tor is Building a New Dark Net with Help from the U.S. Military
Patrick Howell O'Neill

The Dark Net is under attack.

Actually, it’s always under attack. That's the smart attitude to take as the spotlight has been turned up on technology like the Tor-anonymizing network. Threats from governments and hackers around the world have pushed Tor’s decade-old hidden service technology to its limits.

To stay ahead in the security race, Tor is building the next-generation Dark Net in part with funding from the Defense Advanced Research Projects Agency, the U.S. military agency charged with inventing the cutting edge of new technology.

The funding, which began in 2014, comes as part of DARPA’s Memex project, a “groundbreaking” search engine designed to best commercial titans like Google at searching the Deep Web and other oft-ignored terrain for the U.S. intelligence, law enforcement, and military. To build Memex, DARPA is partnered with universities like Carnegie Mellon, NASA, private research firms, and several Tor Project developers.

DARPA is funding multiple projects focused on improving Tor’s hidden services across “1-3 years,” Tor’s director of communications Kate Krauss told the Daily Dot via email. Tor declined to give more specifics on the grant, like its monetary value and terms, and DARPA didn’t respond to a request for comment.

Roger Dingledine, Tor’s project leader, pointed to a dozen projects over the last year that utilized DARPA’s funding including an investigation team assigned to address recent attacks on some of the Dark Net’s most famous websites.

These attacks, which started in March, targeted several hidden services with a simple-but-effective cyberattack that slowed the entire Tor network and took the sites offline for more than a week, inspiring no small amount of worry about the security of many Tor users. Some of the sites are still struggling to return to normalcy.

New technology developments, fixes and upgrades, and in-depth statistics on hidden services were among the work funded by DARPA’s grant under the Memex project.

The Dark Net road map moving forward is ambitious. Tor plans to double the encryption strength of hidden service’s identity key and to allow offline storage for that key, a major security upgrade.

Next-generation hidden services may be run from multiple hosts to better deal with denial of service attacks and high traffic in general, a potentially big power boost that further closes the gap between the Dark Net and normal websites.

Led by data scientist Christopher White, Memex is explicitly not aimed at de-anonymizing any Tor user or “accessing information not intended to be publicly available,” according to a recent DARPA blog post. Still, government funding of Tor—which, by the way, was invented as a U.S. Navy research project in 2002—has always been somewhat controversial.

This isn't the first time DARPA has contributed financially to Tor. A 2001-2006 stint as sponsor stands next to similar grants from the U.S. Navy, State Department, and the National Science Foundation as government sponsorships over the past decade.

Hidden services, which make up about 4 percent of the entire Tor network, have until recently been relatively neglected when it comes to funding and developing.

“The challenge with hidden services is two-fold,” Tor director Roger Dingledine told the Daily Dot. “First they're hard to frame as being within the mission of most funders in our space. Funders care about resisting censorship better, or training users about being safe online, or writing research papers on anonymous communications, but none of those are specifically about hidden services.”

Convincing the money is the hard part. Tor’s existence as a non-profit dependent on grants and donations means that development is, in a significant way, driven by what Tor can convince its sponsors are worthwhile causes.

“And second, hidden services are early enough in their development process that their potential is not as obvious as it is for other parts of Tor,” he explained. “They're basically still the same design and implementation I came up with 10 years ago, and while many other parts of Tor have become much stronger and smarter, attention to hidden services has lagged behind. The result is that it's harder to paint a picture about how any specific proposed project will bring them the required distance.”

In addition to DARPA, the hackers behind Tor are looking away from the big funders that have traditionally financed the operation. They’re turning to the crowd to fund development and bring hidden services into modernity, a long-awaited step that could have some major implications about how strong and secure Tor really is.
http://www.dailydot.com/politics/nex...ion-tor-darpa/





After Hacks, A Dark Web Email Provider Says a Government Spied on Its Users
Lorenzo Franceschi-Bicchierai

About a week ago, the administrator of an email provider that caters to dark web denizens—be they security-conscious journalists, dissidents living in repressive regimes, or even criminals—noticed that someone was trying to hack their service.

“So apparently we have drawn attention to our humble little email service that mostly lives inside of the Tor network,” the anonymous admin wrote on Thursday in a mailing list post. “The attacker had been trying various exploits against our infrastructure overthe past few months.”

The attack allowed whoever was behind it to “read [the target’s] email as they typed it and harvest any new emails that came in,” the admin told Motherboard.

The humble little email service is called SIGAINT, a small but growing email provider for the privacy-minded folks that’s entirely hosted on the dark web and boasts 43,000 users. The service has an obvious paranoid, anti-surveillance ethos, which becomes clear when you visit their site’s contact page.

“If you are law enforcement, or some other government agency clown you are basically fucked,” reads the page. “We can't help you. Oh, and welcome to Tor!”

The admin, who wishes to remain anonymous, told Motherboard that the attempts to break into SIGAINT’s servers were unsuccessful. But the attackers apparently didn’t give up and resorted to another, clever way of attacking the service: they set up 70 malicious Tor exit nodes ostensibly to “spy in real-time” on SIGAINT’s users, according to the admin.

“We know what they were after,” the admin told Motherboard. “There is no way to spy on email that doesn't leave the darknet without spying on the mail service itself.”

Exit nodes are the last “hop” in the Tor network, where someone using the anonymizing software Tor reaches back to the clearnet. They are also the most vulnerable part of the Tor network. As it’s very well known, if you control a Tor exit node, you can—if you want—see what the Tor users going through your node are up to and potentially also tamper with what they see.

In this case, whoever the attackers were, they were trying to direct visitors of SIGAINT.org, the clearnet site that practically only serves to advertise the harder to remember .onion link (http://sigaintevyh2rzvw.onion/) to a different, yet similar, .onion site, according to SIGAINT’s admin.

In essence, they were acting as a “man in the middle” when users of SIGAINT connected to the clearnet site through one of the 70 malicious nodes, which allowed them to spy on users.

Although the admin said that “there is no way for us to the sure,” the culprits, given the amount of malicious nodes the attackers were using, and other “strange circumstances,” were likely a government agency “that one or more of our users have angered in the past.”

The strange circumstances, the admins said, were that for roughly a month prior to the attack, the administrators did not receive any law enforcement requests, when they normally receive around one a week.

But to experts, that is an unlikely scenario.

Yes, the attackers used a relatively high number of exit nodes, around 6 percent of the total. But in reality, according to Nicholas Weaver, a researcher at the International Computer Science Institute and UC Berkeley, there was only about a 2.7 percent probability that a random Tor user would connect to these malicious nodes and get spied on—pretty bad odds if you’re an intelligence agency trying to spy on some high-value SIGAINT user.

“Claiming it was a state actor feels like a major reach to me,” Weaver told Motherbaord.

Weaver estimated the cost of mounting such an attack would be less than $400 dollars a day, if the attacked used their own servers. If they hacked other people’s servers, then the cost would drop to zero. Considering that, Weaver concluded that the attackers “could be anybody.”

People that work for the Tor Project, the nonprofit that runs Tor, seem to agree.

Philipp Winter, a researcher at Karlstad University in Sweden and the member of the Tor Project that handles malicious exit nodes, said that 70 is an unusually high number, but also “not a tragedy,” and that there are no signs that they were set up by a spy agency.

“The simplest explanation is usually the best one, and a state actor does not seem like a simple solution to me,” he told Motherboard. “Practically all attacks by exit relays that we discover seem to be done by random jerks, and I haven't seen any evidence that points in a different direction here.”

So, the attackers could be a spy agency, yes, or perhaps an angry drug dealer trying to spy on a competitor, or perhaps a very jealous boyfriend or girlfriend. In other words, we don’t know.

Yet, this attack should serve as a warning to both SIGAINT admins, as well as their users. Using an email provider on the dark web is not a guarantee of security or privacy; there are still ways for bad guys to spy on you. And in this case, it appears that SIGAINT could have done more to protect its users.

SIGAINT’s clearnet site is not encrypted with HTTPS, which made it possible for the attackers to impersonate it and replace the .onion URL and mount the man in the middle attack. Switching encryption on for the site, according to both Weaver and Winter, would completely thwart this type of attacks.

The SIGAINT admin told Motherboard that they used to have encryption on the site, but then users started complaining that they would have to go through “captchas” to visit the site with Tor, a common issue with sites using CloudFlare, a DDoS protection provider and content delivery network.

On the initial mailing list post, SIGAINT’s admin said the don’t use HTTPS on the site because spy agencies could still get around that using fake digital certificates—an attack that’s technically possible but rarely seen in the wild.

A commenter on Hacker News wrote that this argument is like “not putting a lock on your door because thieves can just bust it open anyway.”

Weaver had a more colorful reaction to that argument.

“That is 100 percent pure bovine excrement,” he told Motherboard.

Asked what they’re going to do now, SIGAINT’s admin said that they are considering turning encryption on again, or removing the .onion URL from the clearnet page. “We will probably do the latter,” he said.

In that case, users would have to bookmark the URL, or write it down somewhere, but at least an attacker impersonating the clearnet site wouldn’t be able to replace it with a malicious one.

It’s unclear how many users were targeted in the attack. The admin said that everyone who visited the clearnet site to find the dark web link “was advised to change their password.”

Who really was behind the attack, however, remains a mystery.
http://motherboard.vice.com/read/aft...d-on-its-users





Hacked Sony Emails Reveal that Sony had Pirated Books About Hacking

Sony doesn't like pirates—except, perhaps, when Sony feels like pirating.
Patrick Howell O'Neill

Hacked Sony Pictures Entertainment emails, published in full on Thursday by WikiLeaks, reveal that Sony had pirated ebooks on its servers. This is particularly notable because Sony has engaged in aggressive and even illegal anti-piracy actions in the past.

Here's another dose of irony for you: The books are educational tomes about hacking, exactly the subject that Sony would now like to be thoroughly educated in since last year's hacks put all this information into the public sphere.

So someone at @sony downloaded a pirated copy of my book. You guys couldn’t afford to buy a copy? https://t.co/KNT5ZvUdhU
— Jeffrey Carr (@jeffreycarr) April 17, 2015

Author Jeffrey Carr's Inside Cyber Warfare is a classic of the information-security genre that's been widely read and widely copied. Some of those readers and copiers work within Sony, it was revealed yesterday when WikiLeaks published their searchable version of the Sony archives. Both the PDF and TXT files are available.

Meanwhile, Sony was thinking of new ways to combat piracy including, the leaked emails reveal, putting out fake torrents on sites like Pirate Bay as part of their anti-piracy strategy.

The torrents would be disguised as Sony television shows, in this case Hannibal, but would actually be 60-second public service announcements urging users to watch the show legally.

The idea was nixed.

"Forget about a site blocking strategy if we start putting legitimate PSAs or promos on sites we’ve flagged to governments as having no legitimate purpose other than theft… PSAs being for public good, etc…," Sony executive vice president Keith Weaver wrote.

Later on, another Sony executive vice president, Amiee Wolfson, celebrated the arrest of a Pirate Bay founder as a "huge win" though she worried if hackers would retaliate.

Carr's book isn't alone.

Hacking the Next Generation, another book on information security from the same publisher (O'Reilly), can be found in full PDF format on Sony's servers.

O'Reilly did not respond to a request for comment in time for publication, and Sony declined to respond.

For what it's worth, both books are definitely worth a read.
http://www.dailydot.com/politics/sony-pirated-book-pdf/





Random House Told it Should Pay to Quote Joseph Goebbels in Biography

Nazi minister’s estate sues Random House Germany and imprint Siedler over the use of extracts from his diaries
Dalya Alberge

The estate of Joseph Goebbels, Adolf Hitler’s minister of propaganda, is taking legal action against the publisher Random House over a new biography, claiming payment for the use of extracts from his diaries.

Cordula Schacht – a lawyer whose own father, Hjalmar Schacht, was Hitler’s minister of economics – is suing Random House Germany and its imprint Siedler, over the book Goebbels, by Peter Longerich, professor of modern German history at Royal Holloway, University of London.

Longerich, an authority on the Holocaust and Nazi era Germany, drew extensively on Goebbels’ diaries in his biography, which was published in Germany in 2010. Now those same passages from the diaries are set to appear in the English #edition, which Penguin Random House UK and its imprint Bodley Head will publish on 7 May.

Rainer Dresen, general counsel of Random House Germany, told the Guardian that an important principle was at stake. “We are convinced that no money should go to a war criminal,” he said.

He recalled his surprise when Schacht first contacted the publisher as a representative of Goebbels’ heirs, demanding money: “I did not want to believe that anyone can claim royalties for Goebbels’ words, he said.

Last September, the district court of Munich ordered Random House Germany to disclose its earnings, but the publisher appealed on legal, copyright and moral grounds, and the case is due to be heard in Munich on 23 April.

Dresen suggested to Schacht – privately and in court – that royalties could be paid if she in turn donated them to a Holocaust charity. But she rejected the idea on the grounds that money should go to Goebbels’ family, thought to include descendants of Goebbels’ siblings.

Goebbels remained with Hitler in the besieged bunker in Berlin, poisoning his six children before he and his wife took their own lives. His diaries, from 1924 to 1945, remain in copyright until the end of 2015. Copies are in public libraries.

Hjalmar Schacht was minister of economics in Hitler’s National Socialist government from 1934 to 1937, and was president of Germany’s leading financial institution, the Reichsbank. Dresen said: “[He] helped Hitler finance his preparation of war.” Captured by the Allies, Schacht was tried at Nuremberg, but was eventually acquitted. He died in 1970.

Jörg Hensgen, Bodley Head’s #senior editor, said in reference to the case: “Schacht was acquitted at Nürnberg, but there’s something deeply, morally dubious about the whole thing.”

Dresen believes that other publishers have paid for the use of Goebbels’ diaries. He said: “We’re the first publishing house who avoided that – and have been sued.”

Longerich maintains this case has important censorship implications. “If you accept that a private person controls the rights to Goebbels’ diaries, then – theoretically – you give this person the right to control research,” he said.

He added: “Control of the rights could have included an inspection of the manuscript before publication, which did not happen in this case. But generally speaking we cannot allow such control from private persons, whatever their interests are.

“In this case, we are dealing with the daughter of a cabinet colleague of Mr Goebbels. This is an absolutely unacceptable situation. It’s a question not only of morality, but of professionalism for a historian.”

Part of Random House’s legal argument questions the copyright ownership, because the diaries were supposed to be published posthumously by Hitler’s own publisher. As the offices were destroyed by Allied bombing raids, no publisher’s contract is in existence. But Dresen points to evidence within one of Goebbels’ diary entries of 1936 which confirms the plans for publication, and he argues that the Bavarian government should own the copyright.

Initially, he feared that Schacht would take out an injunction against the book, preventing its publication altogether. Determined to avoid the destruction of any books “on the grounds of a claim from Goebbels”, he agreed to pay her 1% of the net retail price.

He said: “When she wanted to cash in on that agreement, I said that agreement is null and void … It’s against the moral rights … You haven’t been entitled to sell me any words as those words lie within the Bavarian government.”

Asked whether he thought the forthcoming legal case could affect the biography’s UK publication, Dresen said: “From a legal standpoint, it could, because the questions are the same.”

Schacht declined to comment.
http://www.theguardian.com/books/201...s-in-biography





We Can’t Let John Deere Destroy the Very Idea of Ownership

It’s official: John Deere and General Motors want to eviscerate the notion of ownership. Sure, we pay for their vehicles. But we don’t own them. Not according to their corporate lawyers, anyway.
Kyle Wiens

In a particularly spectacular display of corporate delusion, John Deere—the world’s largest agricultural machinery maker —told the Copyright Office that farmers don’t own their tractors. Because computer code snakes through the DNA of modern tractors, farmers receive “an implied license for the life of the vehicle to operate the vehicle.”

It’s John Deere’s tractor, folks. You’re just driving it.

Several manufacturers recently submitted similar comments to the Copyright Office under an inquiry into the Digital Millennium Copyright Act. DMCA is a vast 1998 copyright law that (among other things) governs the blurry line between software and hardware. The Copyright Office, after reading the comments and holding a hearing, will decide in July which high-tech devices we can modify, hack, and repair—and decide whether John Deere’s twisted vision of ownership will become a reality.

Over the last two decades, manufacturers have used the DMCA to argue that consumers do not own the software underpinning the products they buy—things like smartphones, computers, coffeemakers, cars, and, yes, even tractors. So, Old MacDonald has a tractor, but he owns a massive barn ornament, because the manufacturer holds the rights to the programming that makes it run.

(This is an important issue for farmers: a neighbor, Kerry Adams, hasn’t been able to fix an expensive transplanter because he doesn’t have access to the diagnostic software he needs. He’s not alone: many farmers are opting for older, computer-free equipment.)

Over the last two decades, manufacturers have used the DMCA to argue that consumers do not own the software that powers the products they buy.

In recent years, some companies have even leveraged the DMCA to stop owners from modifying the programming on those products. This means you can’t strip DRM off smart kitty litter boxes, install custom software on your iPad, or alter the calibration on a tractor’s engine. Not without potentially running afoul of the DMCA.

What does any of that have to do copyright? Owners, tinkerers, and homebrew “hackers” must copy programming so they can modify it. Product makers don’t like people messing with their stuff, so some manufacturers place digital locks over software. Breaking the lock, making the copy, and changing something could be construed as a violation of copyright law.

And that’s how manufacturers turn tinkerers into “pirates”—even if said “pirates” aren’t circulating illegal copies of anything. Makes sense, right? Yeah, not to me either.

It makes sense to John Deere: The company argues that allowing people to alter the software—even for the purpose of repair—would “make it possible for pirates, third-party developers, and less innovative competitors to free-ride off the creativity, unique expression and ingenuity of vehicle software.” The pièce de résistance in John Deere’s argument: permitting owners to root around in a tractor’s programming might lead to pirating music through a vehicle’s entertainment system. Because copyright-marauding farmers are very busy and need to multitask by simultaneously copying Taylor Swift’s 1989 and harvesting corn? (I’m guessing, because John Deere’s lawyers never explained why anyone would pirate music on a tractor, only that it could happen.)

John Deere may be out of touch, but it’s not alone. Other corporations, including trade groups representing nearly every major automaker, made the same case to the Copyright Office again and again. It’s worth noting Tesla Motors didn’t join automakers in this argument, even though its cars rely heavily on proprietary software.

General Motors told the Copyright Office that proponents of copyright reform mistakenly “conflate ownership of a vehicle with ownership of the underlying computer software in a vehicle.” But I’d bet most Americans make the same conflation—and Joe Sixpack might be surprised to learn GM owns a giant chunk of the Chevy sitting in his driveway.

Other automakers pointed out that owners who make unsanctioned modifications could alter their vehicles in bad ways. They could tweak them to go faster. Or change engine parameters to run afoul of emissions regulations.

Joe Sixpack might be surprised to learn GM owns a giant chunk of the Chevy sitting in his driveway.

They’re right. That could happen. But those activities are (1) already illegal, and (2) have nothing to do with copyright. If you’re going too fast, a cop should stop you—copyright law shouldn’t. If you’re dodging emissions regulations, you should pay EPA fines—not DMCA fines. And the specter of someone doing something illegal shouldn’t justify shutting down all the reasonable and legal modifications people can make to the things they paid for.

GM went so far as to argue locking people out helps innovation. That’s like saying locking up books will inspire kids to be innovative writers, because they won’t be tempted to copy passages from a Hemingway novel. Meanwhile, outside of Bizarroland, actual technology experts—including the Electronic Frontier Foundation—have consistently labeled the DMCA an innovation killer. They insist that, rather than stopping content pirates, language in the DMCA has been used to stifle competition and expand corporate control over the life (and afterlife) of products.

“The bad part is, my sense is, these companies are just locking up this technology, and increasing the sort of monopoly pricing structure that just doesn’t work for us,” Brian Talley, a farmer on California’s central coast, says of restrictions placed on his equipment. I toured his farm with a fellow from the Intellectual Property & Technology Law Clinic so we could tell the Copyright Office how manufacturers are hampering farmers. “We are used to operating independently, and that’s one of the great things about being a farmer. And in this particular space, they are really taking that away from us.”

The notion of actually owning the things you buy has become revolutionary.

The Electronic Frontier Foundation, the Intellectual Property & Technology Law Clinic, and the Digital Right to Repair Coalition (Disclaimer: I’m a founding member of the Coalition.) are fighting to preserve the notion of ownership. We’re trying to open the floodgates of information. To let owners investigate the code in their devices. To modify them for better functionality. To repair them, even without the blessing of manufacturer.

Thankfully, we aren’t alone. There’s a backlash against the slow creep of corporate product control.

Earlier this year, consumers sent 40,000 comments to the Copyright Office—all of them urging the restoration of ownership rights. The year before, consumers and activists forced a law through Congress that made it legal to unlock a cellphone and move it to a different carrier.

This week, Senator Ron Wyden and Representative Jared Polis will introduce the “Breaking Down Barriers to Innovation Act of 2015, which would substantially improve the DMCA process. Lawmakers in Minnesota and New York have introduced “Fair Repair” legislation that assert an owner’s right to repair electronic equipment they’ve purchased. They want equal access to repair information, replacement parts, and security updates.

Of course, taking back the stuff that we own won’t be easy. Corporations have better lobbyists than the rest of us. And, somehow, the notion of actually owning the things you buy has become revolutionary.

It doesn’t have to be. Tell the Copyright Office to side with consumers when it decides which gadgets are legal to modify and repair. Urge lawmakers to support legislation like the Unlocking Technology Act and the Your Own Devices Act, because we deserve the keys to our own produc
ts. And support Fair Repair legislation.

If you bought it, you should own it—simple as that. It’s time corporate lawyers left the bullshit to the farmers, who actually need it.
http://www.wired.com/2015/04/dmca-ownership-john-deere/





German Court Rules Adblock Plus is Legal
Emil Protalinski

Following a four-month trial, a German court in Hamburg has ruled that the practice of blocking advertising is perfectly legitimate. Germany-based Eyeo, the company that owns Adblock Plus, has won a case against German publishers Zeit Online and Handelsblatt.

These companies operate Zeit.de, Handelsblatt.com, and Wiwo.de. Their lawsuit, filed on December 3, charged that Adblock Plus should not be allowed to block ads on their websites.

While the decision is undoubtedly a big win for users today, it could also set a precedent for future lawsuits against Adblock Plus and any other tool that offers similar functions. The German court has essentially declared that users are legally allowed to control what happens on their screens and on their computers while they browse the Web.

“We are extremely happy with the decision reached today by the Hamburg regional court,” Eyeo said in a statement. “This is a victory for every single Internet user because it confirms each individual’s right to block annoying ads, protect their privacy, and, by extension, determine his or her own Internet experience. It is living proof of the unalienable right of every user to enjoy online self-determination.”

Adblock Plus has millions of users, it often comes under fire for providing the controversial service of ad blocking, which has been labeled everything from stealing from publishers to a security and privacy tool.

The company, however, wants to be seen as more than just an ad-blocking tool; it has an Acceptable Ads initiative with which it hopes to move the Internet toward better ads. Adblock Plus is designed to only block annoying ads but to allow decent ads through, a compromise between users and advertisers.

“Now that the legalities are out of the way, we want to reach out to other publishers and advertisers and content creators and encourage them to work with Adblock Plus rather than against us,” Eyeo’s Ben Williams wrote today. “Let’s develop new forms of nonintrusive ads that are actually useful and welcomed by users; let’s discover ways to make better ads; let’s push forward to create a more sustainable Internet ecosystem for everyone.”
http://venturebeat.com/2015/04/21/ge...plus-is-legal/





MPAA Strategized On How To 'Tell The Positive Side' Of Internet Censorship
Mike Masnick

Back in December, when the Sony emails first leaked, we wrote a detailed post about the bizarre views of the MPAA on site blocking, in that it was absolutely obsessed with putting site blocking in place while admitting it didn't understand the technical issues. That was based on the reporting done by some reporters who had seen a few of the emails. Now that Wikileaks has released the entire trove, we can discover some more details, like the fact that part of the MPAA's plan was to figure out how to create pro-censorship propaganda. It really is incredible, but that's a bulletpoint in an email from the MPAA's top lawyer, Steven Fabrizio, about part of the strategy at a "site blocking confab" the major studios held last fall:

Outreach to academics, think tanks and other third parties to foster the publication of research papers, white papers and other articles that tell the positive story of site blocking: e.g., it is commonplace around the world and working smoothly; it has not broken the internet; it is not incompatible with DNSSEC; it is effective; legitimate sites/content have not been blocked; etc.

Think about that for a second. The MPAA, which likes to declare itself one of the foremost defenders of free speech, was literally conspiring on how to create propaganda in favor of censorship, pointing to countries that already censor the web as "good examples" to follow. You'd think they would have learned from the time Bono tried to use China's censorship as an example of how to deal with copyright infringement what a ridiculous idea this is.
https://www.techdirt.com/articles/20...nsorship.shtml





Former Dem Senator Chris Dodd Advised Execs to Give to GOP: “Fundraising Does Have An Impact”
Lee Fang

Chris Dodd’s first career was as the liberal U.S. Senator from Connecticut, a self-professed champion for working families and a Democratic presidential contender in 2008. But hacked emails from Sony offer new insight into how he operates in his second career, as the head of the Motion Picture Association of America, a lobby group for the movie industry.

On January 28, 2014, Dodd emailed executives from major motion picture studios to share two news articles. One revealed that Google had shifted its campaign donation strategy, giving more to Republican lawmakers, and another projected that the GOP would likely perform well in the midterm elections that year.

The articles, Dodd wrote, “underscore the point I’ve been trying to make, which I’m sure you all understand – while loyalty to a person and/or party is admirable, we also need to be smarter about being supportive of those who are and will be in positions to make decisions that affect this industry.”

Dodd listed a number of policy priorities for the industry, from tax credits to intellectual property law, and explained: “We need the capacity to gain and maintain relationships, and with campaigns getting more and more expensive, fundraising does have an impact.”

Dodd in particular encouraged industry executives to donate to Rep. Bob Goodlatte, R-Va., chairman of the House Judiciary Committee, which has jurisdiction over intellectual property and copyright issues important to the movie industry. Dodd evidently had to overcome one hurdle, however: Squeamishness about giving money directly to the National Republican Congressional Campaign, whose goal was to increase the GOP House majority.

In a November 7, 2013, email with “Call from Dodd regarding $$$ for Republicans” in the subject line, Keith Weaver, a senior government relations executive with Sony, wrote:

Chairman Goodlatte has established a new fundraising committee that would allow contributions to his effort WITHOUT giving to the NRCC (all of the studios had the same sensitivity on this as we did). Dodd is likely to call you with this news, tell you that the studio should support with $40k each, and tell you about the tentative date/time for this fundraiser (likely a lunch on 11/22). Our PAC can give $15k, the rest would need to come from individual execs.

Emphasis in the original.

Dodd chose not to run for reelection to his Senate seat in 2010, after revelations that he had received a special discount mortgage from Countrywide’s “VIP program.” During his time in Congress, Dodd was a senior member of the Banking Committee, a position that oversaw mortgage lenders.

As he retired, he told the public he would not become a lobbyist — though he soon signed up for the job as the movie industry’s top lobbyist, a gig compensated at over $3.2 million a year.

Dodd’s call for Democratic-leaning movie industry titans to give money to Republicans reveals a simple truth in American politics: Though pundits regularly complain about a bitter partisan divide, those with power and money can simply buy support from both parties. Indeed, the tech industry and much of the movie industry have come together on many major issues concerning intellectual property and privacy, from trade agreements to new cyber surveillance legislation — with strong bipartisan support in Congress.

As Dodd said, “fundraising does have an impact.”
https://firstlook.org/theintercept/2...aising-impact/





Small Film Producers Form a Group to Counter Piracy
Michael Cieply

In what they hope will be an aggressive attack on the web-based theft of intellectual property, some of Hollywood’s top foreign sales executives are banding together to fight digital movie pirates.

Five small film companies — Millennium, Voltage Pictures, Bloom, Sierra/Affinity and FilmNation Entertainment — said they were forming a new antipiracy coalition with the aim of mobilizing small businesses in the television, music, game and software industries against online theft.

The alliance is calling itself the Internet Security Task Force. Millennium’s president, Mark Gill, described it as a last-ditch effort by relatively fragile companies with fewer than 50 employees to avoid what they say is the near destruction of their prospective blockbusters, as happened to Millennium and its partners with “The Expendables 3” last year.

“Maybe larger businesses can afford to take a hit,” Mr. Gill said in a phone interview last week. “But we don’t have that luxury, we can’t survive.”

Precisely what the new task force can do that antipiracy efforts by organizations like the Motion Picture Association of America and CreativeFuture are not doing remains uncertain. But Mr. Gill said the group was considering a wide range of options, including a media campaign to be organized by the Mercury public affairs firm, a lobbying effort by Heather Podesta & Partners, which is based in Washington, and increased pressure on companies that advertise on pirate sites.

There are currently no plans to file any lawsuits, unless member companies pursue litigation on their own.

Nicolas Chartier, the chief executive of Voltage Pictures, touched off an Internet uproar in 2010 when he filed suit against 5,000 unnamed web users via their IP addresses, seeking damages for illegal downloads of “The Hurt Locker.”

Though wary of mass litigation, which invites the inevitable backlash and procedural quagmire, Mr. Gill said the group was closely watching Canada, where a legal process called “notice and notice” is now in place. Since January, Canada has required Internet service providers to immediately forward a notice of alleged copyright infringement to suspected thieves, rather than waiting for repeat violations, as in the United States.

Canadian service providers, Mr. Gill said, now deliver seven times as many notices as their counterparts in the United States to those suspected of illegal downloading, a rate that they hope will discourage potential violators once they are told that they are being tracked.

Jeremy Malcolm, a senior global policy analyst with the Electronic Frontier Foundation, a web freedom advocacy group, said his group — though often wary of Hollywood — actually favors a Canadian-style system, which makes notification easier but does not force more immediate action on service providers.

“But we do feel it needs some fine-tuning,” Mr. Malcolm added. He said some American companies were using the notices to deliver demands for damages much larger than those permitted under Canadian law.

Millennium, whose chairman, Avi Lerner, is an impetus behind the task force, was particularly damaged last year by the online theft of “The Expendables 3,” which leaked to the web on July 25, three weeks before its theatrical release. This month, police officers in London arrested a suspect in connection with the leak.

But, Mr. Gill said, more than 60 million illegal viewings had already taken a heavy toll. In all, according to Boxofficemojo.com, “The Expendables 3” took in only about $206 million at the worldwide box office, down sharply from $305 million in sales for its predecessor. The box office in some countries, Mr. Gill said, fell by as much as 89 percent.

Mr. Gill said the new task force would be more closely focused on piracy than the Motion Picture Association of America, which conducts a worldwide effort (and assisted in the recent arrest in the “Expendables” case), but must attend to the sometimes diverging needs of its six member companies, all big studios.

And, Mr. Gill said, the group expects to press its aims with advertising or legislative initiatives that may be sharper than similar efforts by CreativeFuture, a Hollywood antipiracy group whose 350 members include the major studios, agencies and guilds — along with Millennium and other companies.

“This is an aggressive game that’s only been played aggressively by the other side,” Mr. Gill said.
http://www.nytimes.com/2015/04/20/bu...er-piracy.html





All About PlayReady 3.0, Microsoft's Secret Plan to Lock Down 4K Movies to Your PC
Mark Hachman

It’s movie night, 2016. A crop of teens streams through the kitchen, snagging chips and drinks as they head downstairs to watch the latest blockbuster on the new 4K monitor. There’s excited chatter as the movie begins to play, then—

“Dad?! What’s going on? Why do we have to watch this movie in crappy standard-def?”

The name of the movie might as well be Digital Rights Management: The New Nightmare. It stars Microsoft, who is working with chip vendors Intel, AMD, Nvidia, and Qualcomm to protect Hollywood’s movies from piracy as they travel through your PC. The technology it’s promoting is called PlayReady 3.0.

Microsoft is also dangling promises for consumers: Buy a Windows 10 system with PlayReady, Microsoft says, and you’ll be able to view Hollywood’s latest movies in all their 4K glory. Without Microsoft’s hardware DRM technology—pay attention, those of you with older PCs—you may only be able to view a lower-quality version of the film.

Yeah, it’s complicated. Read on to learn more about the DRM technology that could change how you stream movies to your PC.

No PlayReady 3.0, no 4K?

Make no mistake, movie piracy is a problem. Hollywood studios take many steps to protect their content, but any weak link in the chain can lead to a security breach. In September, 2010, for instance, the HDCP key securing Blu-ray content from the player to the display was cracked, allowing pirates to record “encrypted” movies and re-encode and copy them however they wished.

Older generations of PCs used software-based DRM technology. The new hardware-based technology will know who you are, what rights your PC has, and won’t ever allow your PC to unlock the content so it can be ripped.

How PlayReady 3.0 does it remains a mystery, though. “PlayReady content keys and the unencrypted compressed and uncompressed video samples are never available outside of the devices Trusted Execution Environment (TEE) and secure video pipeline,” a Microsoft spokeswoman wrote in an email. But when Microsoft laid out some of its PlayReady 3.0 plans last month at the Windows Hardware Engineering Conference in Shenzhen, China, it stopped recording the session just as PlayReady 3.0 was being discussed in detail.

The benefits for the consumer are equally murky. Nishanth Lingamneni, a senior program manager in the Windows customer and partner engagement team, made the case that PlayReady 3.0 PCs (and therefore, their users) could be trusted with exclusive Hollywood content.

“If you’d like to have early-window releases—if a movie is playing in a movie theater right now, and you would like to have access to it on your Windows PC...they might make it available on some Windows PCs that have the higher bar for content protection,” Lingamneni said. “Or, if you want to support 4K quality video, or UHD-quality video, which is protected content on Windows, that demands a higher bar. And that bar is defined by hardware-based content protection.”

Other use benefits lie even deeper within PlayReady. The above slide from Microsoft’s DRM presentation is aimed at hardware developers, but there are a few key takeways: First, Microsoft thinks your laptop’s battery life will be unaffected by hardware DRM. Second, content protection will flow throught the GPU. And third, PlayReady 3.0 will support “throwing” movies from your laptop to a Miracast dongle connected to your TV.

PCWorld reached out to executives at AMD, Intel, and Nvidia, and received either no response, no comment, or a referral to Microsoft. It’s also not clear whether hardware makers will launch a new wave of PlayReady 3.0-compatible PCs at the time Windows 10 launches, or if the rollout is sometime in the future.

Bad news for older PCs

Unfortunately, it looks like the advent of PlayReady 3.0 could leave older PCs in the lurch. Previous PlayReady technology secured content up to 1080p resolution using software DRM—and that could be the maximum resolution for older PCs without PlayReady 3.0.

PlayReady 3.0 was specifically authored to allow both Windows and non-Windows devices to play back movies, according to the Microsoft spokeswoman. But it also introduces a new security level to differentiate devices that have hardware protections, and those that don’t—like older PCs.

People with older Windows 7 or Windows 8 hardware who upgrade to Windows 10 will still be able to rent, purchase, and stream movies, the Microsoft spokeswoman said. Microsoft is also working with the chip vendors to enable hardware content protection on “the widest range of devices possible,” she added. But while video services may work on older PCs, “there may be certain content (i.e. SD vs HD content) that the services will offer to devices that only support software content protection,” the Microsoft spokeswoman said.

PlayReady may have missed the boat

So far, Microsoft has painted a very idealized picture of PlayReady 3.0 as the PC’s answer to piracy. But as anyone who watches streamed video knows, it’s not so simple. Consumers still watch many, many movies on their PCs—especially kids.

According to Parks Associates, 68 percent of all American households watch streaming video on PCs, with about 53 percent of all streaming video consumed on computers. But many, many more have given up the PC to watch movies on connected TVs: 89 percent, Parks says.

In a sense, PlayReady is Microsoft’s attempt to convince Hollywood of the viability of the PC as a media streamer. “Microsoft appears to be future-proofing, evidenced by their proposed support for 8K video,” Glenn Hower, a research analyst for Parks, said in an email. “As long as the burden is not terribly substantial beyond supporting 4K, and as long as their technology can adapt to handle high dynamic range and upgrades in color gamut support for ultra HD, I think they are playing smart.”

But Hollywood itself isn’t necessarily as enthusiastic about 4K as Microsoft is—for one thing, all those additional pixels cost money to store. According to a panel of studio executives who were polled during a session at the National Association of Broadcasters (NAB) show in Las Vegas on April 14, studios are equally interested in movies authored in high-dynamic range (HDR) with a wider color gamut.

“At some point it is going to be overwhelming for people, for the consumer as well as the studios,” said Hanno Basse, the chief technology officer for 20th Century Fox Film Corp., of the efforts to keep track of what the next big thing in movie technology will be.

Content companies don’t even need PlayReady 3.0, either. In fact, Aaron Taylor, the executive vice president of sales and marketing for 4K streaming service Ultraflix, said that his services began recently making available the Paramount sci-fi hit Interstellar — without PlayReady 3.0. Each frame of Interstellar has been forensically watermarked by a company called Civolution, Taylor said, so that if the movie is pirated, investigators can quickly discover where the leak occurred.

A version of UltraFlix with PlayReady 3.0 is being developed, Taylor said. Otherwise, however, “Microsoft may be embellishing the truth a little bit,” Taylor said.

Richard Doherty, an analyst for Envisioneering, summed up the investments in hardware-based DRM on the PC as a “dry hole.” “People have decided that the dynamic DRM that is assigned to a movie on a PC or a Mac player is good enough,” he said.

Watching 4K video could be a real pain

But while Microsoft, chip vendors, and Hollywood seek to stop piracy once and for all, it’s unclear whether consumers will buy in.

In 2008, when the first version of PlayReady was introduced, users took up torches and pitchforks to protest Hollywood’s treatment of “their” content. Microsoft’s own Games for Windows Live initiative, for example, used SecuROM technology to authenticate games bought through the service—and gamers hated it so much that it was killed in 2013, three years after its launch. Securing 4K video on a television also requires you to buy an all-new monitor and cables that support both HDMI 2.0 and the new HDCP 2.2 copy-protection standard—which, chances are, none of your existing hardware does.

For all of the paranoia the industry has about securing content, some argue that Hollywood is trying to close the barn door after the horse left long ago.

“There are thousands of people in this world, technologists right through the spectrum to lawyers, me included, who lost probably a man-year of their life to these [content] meetings over the last twenty years,” Doherty said. “All these things seem to have been constructed for some Jurassic Park that closed its doors some years ago.”
http://www.pcworld.com/article/29080...o-your-pc.html





The Great Canadian Copyright Giveaway: Why Copyright Term Extension for Sound Recordings Could Cost Consumers Millions
Michael Geist

Randy Bachman, the well-known Canadian musician, found himself embroiled in a public fight with Prime Minister Stephen Harper last year when Harper used his song “Takin’ Care of Business” as a theme song for a major speech. Bachman said he probably would not have granted permission to use the song, since “I don’t think he’s taking care of business for the right people or the right reasons.” Bachman was singing a different tune yesterday as the government released its budget and apparently took care of the right people – record companies. Despite no study, no public demands, and the potential cost to the public of millions of dollars, the government announced that it will extend the term of copyright for sound recordings and performances from 50 to 70 years. For that giveaway, Bachman was quoted as saying “thanks for the term extension PM Harper, you really are taking care of business.”

While the government lined up industry supporters to praise the term extension, the decision is unexpected and unnecessary (it also announced that it will accede to the Marrakesh copyright treaty for the blind, but that should not require significant domestic reforms). The music industry did not raise term extension as a key concern during either the 2012 copyright reform bill or the 2014 Canadian Heritage committee study on the industry. Experience elsewhere suggests that the extension is a windfall for record companies, with little benefit to artists or the public. In fact, many countries that have implemented the extension have been forced to do so through trade or political agreements, while signalling their opposition along the way.

Canada will extend term without any public discussion or consultation, yet other studies have found that retroactive extension does not lead to increased creation and that the optimal term length should enable performers and record labels to recoup their investment, not extend into near-unlimited terms to the detriment of the public. For Canadian consumers, the extension could cost millions of dollars as works that were scheduled to come into the public domain will now remain locked down for decades.

For example, the 2006 Gowers Report on Intellectual Property, a wide ranging and well respected government-sponsored review in the UK, came out against term extension for sound recordings and performances:

In conclusion, the Review finds the arguments in favour of term extension unconvincing. The evidence suggests that extending the term of protection for sound recordings or performers’ rights prospectively would not increase the incentives to invest, would not increase the number of works created or made available, and would negatively impact upon consumers and industry. Furthermore, by increasing the period of protection, future creators would have to wait an additional length of time to build upon past works to create new products and those wishing to revive protected but forgotten material would be unable to do so for a longer period of time. The CIPIL report indicates that the overall impact of term extension on welfare would be a net loss in present value terms of 7.8 per cent of current revenue, approximately £155 million.

A Dutch study on intellectual property reached the same conclusion, noting that the arguments in favour of extension were unconvincing and that the extension would create significant costs for consumers and society as a whole. It concluded:

To conclude, the arguments made in favour of a term extension are not convincing. Many arguments already fall outside the objectives of related rights protection for phonograms. The fact that some recordings still have economic value as rights therein expire, cannot in itself provide a justification for extending the term of protection. Related rights were designed as incentives to invest, without unduly restricting competition, not as full-fledged property rights aimed at preserving ‘value’ in perpetuity. Other arguments do not convince because a term extension would either be ineffective in addressing the concerns in question, because there are other, better remedies available or advisable, or because the costs of an extension would outweigh its eventual benefits. The term of related rights must reflect a balance between incentives, market freedom and costs for society. This balance will be upset when terms are extended for the mere reason that content subject to expiration still has market value. The public domain is not merely a graveyard of recordings that have lost all value in the market place. It is also an essential source of inspiration to subsequent creators, innovators and distributors.

With many more studies and reports reaching the same conclusion (see here, here, here, and here) – some estimating that the costs to the public would exceed one billion euros with 72 percent of the benefits going to record labels – the issue unsurprisingly proved very controversial in Europe. The European Union ultimately passed an extension from 50 to 70 years in 2011, but not without significant opposition from member states. Eight countries – Belgium, Czech Republic, Luxembourg, Netherlands, Romania, Slovakia, Slovenia and Sweden – all voted against, while Austria and Estonia abstained. Sweden argued that the extension was “neither fair nor balanced”, while Belgium argued that it would mainly benefit record producers and negatively affect access to cultural materials in libraries and archives.

Belgium’s concern regarding the lack of benefit for artists was also reflected in the Gowers report, which noted:

If the purpose of extension is to increase revenue to artists, given the low number of recordings still making money 50 years after release, it seems that a more sensible starting point would be to review the contractual arrangements for the percentages artists receive.

While the European experience on term extension for sound recordings and performances is instructive, there have been Canadian studies that have reached similar conclusions. Industry Canada commissioned University of Montreal economist Abraham Hollander to examine the issue in 2005. Hollander’s study found that the economic value of a term extension to the recording industry was very small:

[Sound recordings] are protected for a period of 50 years from fixation. Adding 20 years of protection would contribute 2.3% to the present value of royalties under a 7% discount rate, assuming that the flow of royalties remains unchanged during the whole period. Under identical assumptions, extending the protection period to 100 years would contribute a mere 3.0% to the present value. This, however, is true only if the royalty flow remains constant over time. When the annual royalties decline rapidly over time, as is typical, the increase in present value would be considerably smaller.

Not only have the studies come out against term extension, but copyright stakeholders have not publicly emphasized the issue. Term extension for sound recordings and performances was nowhere to be found among the thousands of submissions to the 2010 copyright consultation, it was not discussed in the 2002 Canadian roadmap for copyright reform, and groups like the Canadian Independent Record Production Association and the American Federation of Musicians of the United States and Canada did not raise it in their submissions on copyright reform. The music industry’s form letter did not discuss term extension and it was not an issue that was prominently raised in the 2012 copyright reforms. In fact, just last year the Standing Committee on Canadian Heritage conducted a major review of the music industry in Canada with dozens of witnesses taking the time to appear or submit briefs. The final report and the government’s response never raise the term of protection for sound recordings and performances as a concern.

Why is the government using the budget to enact copyright term extension that primarily benefits foreign record labels, has proven controversial elsewhere, has been largely dismissed by numerous studies (including one funded by the government), was not the subject of a major public campaign from stakeholders, and that could cost Canadians millions of dollars?

My best guess is the Trans Pacific Partnership agreement. The TPP is nearing the end game and the U.S. is still demanding many changes to Canadian copyright law, including copyright term extension for all works (not just sound recordings). The Canadian government’s strategy in recent years has been to enact reforms before the trade agreements are finalized in order to enhance its bargaining position. For example, it moved forward with notice-and-notice rules for Internet providers without the necessary regulations in order to have the system in place and protect it at the TPP talks. It may be trying to do the same here by extending term on sound recordings and hoping that that concession satisfies U.S. copyright demands. Yet the concession comes at a significant price – locked down works and increased costs to consumers - while providing another reminder that too often Canadian copyright law is effectively written by U.S. lobby groups who do not have Canadian interests in mind.
http://www.michaelgeist.ca/2015/04/t...mers-millions/





The Golden Age of Online Music Is Over (and Another Is Beginning)

Beyonce and Rihanna's exclusive Tidal releases show that what was once a listener's paradise is now being carved into fiefdoms as competition between streaming platforms intensifies.
Spencer Kornhaber

It might just be the platonic ideal of music listening: hear any song of your choice instantaneously, whenever and wherever, without having to pay for individual tracks. For the past five years, interactive streaming companies like Spotify, Rhapsody, and Rdio made a version of the dream possible, with Spotify staging the greatest push towards cultural ubiquity—it has 60 million active users worldwide, 15 million of whom pay to subscribe.

Now, a group of new services want to provide real competition against Spotify and grow the total number of people who pay monthly fees for on-demand music. The latest is Jay Z’s Tidal, announced a week ago with a splashy press conference involving some of today’s most popular musicians. In the coming months, Google will take its YouTube Music Key service out of beta and Apple will put on an ambitious relaunch of Beats Music. Competition, the maxim goes, is good for consumers. But for anyone who’s been paying to stream music for the past few years, it’s hard to see how that will turn out to be the case: To gain the edge, these companies will try to partition what used to be a utopia.

When Spotify ruled more or less uncontested, streaming felt like a pretty simple proposition. No longer did listeners have to juggle the time-honored hassles/joys of maintaining a music library. They could just trust that nearly everything they wanted to hear, a vast bulk of the music ever recorded, was on Spotify. If they were willing to sit through ads, they could listen for free; if not, they could pay $10 a month, a pretty good deal, given the amount of music one got for less than the price of most CDs. Competitors like Rdio offered alternative interfaces, but the selections in its library were much the same.

But last year, Taylor Swift deleted all her music from Spotify, ostensibly protesting the service’s ad-supported “freemium” tier, which pays paltry amounts per stream. Other artists, like Bjork and Thom Yorke, have withheld new releases from the stream for similar reasons. In doing so, they challenged the notion of a reliable celestial jukebox, and reminded users of what was lost in the transition from music-collecting to music-streaming—the sense of ownership, the knowledge that the songs you listened to were yours to access forever (that is, of course, until the disk gets scratched or your laptop dies).

The feeling of uncertainty around streaming is likely to get worse as companies try to edge one another out. When it was introduced a week ago, Tidal promised great, can’t-legally-find-it-anywhere-else offerings, but its specials were fairly paltry: a streamable version of the recently aired Rihanna single, a Daft Punk short film from 2006, a playlist curated by Coldplay, etc. But this past weekend, it sweetened the pot by premiering another new Rihanna song (a political ballad titled “American Oxygen”) and a video of Beyonce playing an unreleased tune (“Die With You”) in her living room. If those aren’t exactly rare Beatles tracks (the Fab Four still aren’t on any streaming platform), they’re still pretty enticing to pop lovers. It seems possible that the other high-profile owners of Tidal like Kanye West or Arcade Fire could release music exclusively on the platform (at least for a certain window of time), which could drive those acts' sizable fan bases to sign up in droves—except for the individuals who resort to piracy.

Then there are the quieter exclusives; already-released music that appears on one service but not another because of the vagaries of record-label licensing. I had considered switching to Tidal permanently after signing up last week, because the interface is nearly identical to Spotify (what’s missing are social-listening capabilities and a desktop app, though it’s possible both features are on their way), and because I like many of the artists who co-own the platform. But I keep running into gaps in its library; Grimes’s excellent 2012 album Visions, for example, and the well-reviewed new release from Jlin, are on Spotify but not Tidal. So what am I supposed to do? Pay for two services? Make up the important gaps by buying albums on iTunes, even though it’s not clear which gaps will be permanent? These aren’t the most pressing problems in the world, but they are, at least, more pronounced inconveniences than the ones streaming consumers have faced in the past few years.

When the new Beats arrives, this state of affairs may get more hectic. In an interview with Billboard, Jay Z made clear that Jimmy Iovine, the legendary record executive who now works with Apple, had been competing with Tidal for celebrity-musician endorsements. This might explain why big names like Taylor Swift and Drake didn’t join their friends Nicki Minaj and Madonna at last week's press conference; it's possible they're aligned with Beats instead. Apple’s huge market reach and deep pockets also means that record companies have another party to negotiate distribution rights with, which gives labels power to ask for more favorable deals. It seems likely that this will lead to the various services' catalogues becoming patchier, perhaps fluctuating over time à la Netflix’s Friends-one-month-then-gone-the-next offerings. (Probably not as dramatically, though; it’s in labels' interest, generally, to have their music as widely available as possible.)

Services compete on more than content, of course. Interface matters—but only to an extent. Rdio has consistently won glowing reviews for its ease of use, yet it doesn't publish user counts and is believed to lag far behind Spotify in popularity. Beats has touted its robust recommendation engine, but it's not clear how many people are using it. Tidal’s dashboard looks like a clone of Spotify's, and its much-publicized $20 subscription is for access to lossless audio, whose superior quality can only be discerned by some people on some sound systems.

What about competition’s effect on price? It was rumored that Apple's Beats would undercut Spotify on subscription fees, but recent reports say that the music industry has demanded a base subscription of $10 a month—the same as a Spotify paid membership, or the basic (no hifi audio) Tidal tier. Many in the record industry have also been vocal about opposing Spotify’s “freemium” model; if Spotify got rid of free streaming, some might call it a moral victory, but it would be hard to call it a win for consumers.

None of this is to say that streaming isn't going to continue its rise as the listening format of the future. The publicity around the Tidal rollout likely led to new users trying out the technology, and Beats will be able to directly market itself to iPhone and iTunes users. More players going after more people is probably a good thing for music in general. When artists lament Spotify’s meager payouts, the real culprit isn’t the streaming service, which pays out 70 percent of its revenue to labels and musicians—it’s the fact that streaming doesn't make a whole lot of revenue to begin with. The most likely way for that to change is for there to be more paying users in the system. So if the golden age of simplicity for streaming's early adopters is coming to an end, the health of the music industry might be worth it.
http://www.theatlantic.com/entertain...s-over/389730/





Mumford & Sons, Deathcab for Cutie Singer Rip Jay Z’s Tidal: ‘This Thing Is Going to Fail Miserably’

“We wouldn’t have joined it anyway, even if they had asked,” frontman Marcus Mumford says
Joe Otterson

British folk band Mumford & Sons and Deathcab for Cutie singer Ben Gibbard had some harsh words for Tidal, the music streaming service recently relaunched by Jay Z.

“I think they totally blew it by bringing out a bunch of millionaires and billionaires and propping them up onstage and then having them all complain about not being paid,” Gibbard said in an interview for The Daily Beast. “That’s why this thing is going to fail miserably.”

Gibbard was apparently unimpressed with Tidal’s star-studded launch in March which featured music artists Madonna, Rihanna, Nicki Minaj, Kanye West, Usher and Deadmau5, as well as Mrs. Carter herself, Beyoncé, who were on hand to support the mogul during New York event.

“We wouldn’t have joined it anyway, even if they had asked. We don’t want to be tribal,” frontman Marcus Mumford said in a separate interview with The Daily Beast.

“I think smaller bands should get paid more for it, too. Bigger bands have other ways of making money, so I don’t think you can complain,” Mumford added. “And when they say it’s artist-owned, it’s owned by those rich, wealthy artists.”

“We don’t want to be part of some Tidal ‘streaming revolution’ nor do we want to be Taylor Swift and be anti-it,” Mumford & Sons guitarist Winston Marshall said.

British singer Lily Allen took to Twitter to take on Tidal. “People are going to swarm back to pirate sites in droves.” Allen wrote in a Tweet. “My concern is that Tidal may set emerging artists back,” she wrote in another.

Jay Z and singer Jack White are personally calling users of the Tidal music streaming service amid CEO Andy Chen’s departure and layoffs at the company.

The company said Peter Tonstad, the former CEO of Tidal parent company Aspiro Group, will serve as interim CEO until a permanent replacement for Chen can be found.

Tidal launched last year and was bought by Jay Z in January. The newly relaunched app is seen as a rival to Spotify, though it doesn’t have a free, ad-supported version. Standard definition streaming starts at $9.99 a month, and a high definition audio version goes for $19.99.

The service is aiming to differentiate itself from competitors like Spotify by locking down exclusive streaming windows with artists. Beyonce recently released an exclusive track on the servicec to coincide with her and Jay Z’s seventh wedding anniversary.
http://www.thewrap.com/mumford-sons-...ail-miserably/





The Numbers Don’t Lie: Jay-Z’s Tidal Music Service is Already a Spectacular Flop
Tero Kuittinen

When Tidal made its big media push at the end of March, the core message was clear: while other streaming music services like Spotify and Pandora pay a pittance to artists, Tidal offers musicians a better deal. Unfortunately, Tidal also opted to use super stars like Nicki Minaj and Beyonce as spokespersons for the app. The result was the ultimate mixed message: You should feel sorry about how little money Nicki makes.

Two weeks after Tidal briefly cracked the U.S. iPhone top 20 download chart, the app has crashed out of the top 700. Apparently American consumers have limited empathy towards Beyonce and Nicki. Soon after the launch fiasco, Tidal’s CEO was kicked out in a “streamlining” move. The new CEO Peter Tonstad, a former consultant for the Norwegian Ministry of Environment, has his work cut out for him.

To make matters worse for Tidal, its main rivals are now surging. On April 20th, Pandora and Spotify occupied positions No. 3 and No. 4 on the U.S. iPhone revenue chart, respectively. This was the first time two music streaming services have hit the top 4 in sales simultaneously. In order to achieve the feat, Pandora and Spotify had to push Candy Crush Saga out of U.S. iPhone top 4 revenue chart, which is a remarkable achievement.

As a matter of fact, something curious can be seen in Spotify’s download performance right after Tidal media campaign started bashing its allegedly meager payouts. Spotify surged back into the iPad top 40 download chart on March 31st, right when Tidal’s anti-Spotify invective hit its peak in American media. This had not happened since November 2014.

It looks like Tidal’s attacks on Spotify and Pandora actually managed to increase public awareness of the services, boosting Spotify’s download performance in particular at the end of March. And now, a few weeks later, the combined revenue performance of the two music apps is hitting a new milestone. To add insult to injury, Beats Music has started cracking U.S. iPhone top 20 revenue chart.

This is the problem with attacking popular apps – negative media coverage often ends up just boosting them. Twitter rode a flurry of mocking or downright hostile news items to mainstream success. Snapchat leveraged sexual panic of US media about naughty photos to becoming a teen obsession. You can’t badmouth a strong app into a decline. In the hyper competitive app market, any media attention buoys apps with genuine consumer appeal.

Tidal is now facing no fewer than three deep-pocketed rival music apps and they’re all minting money and riding strong momentum. The new CEO must somehow find a way to mop up after the ill-advised March launch and find a way to reposition Tidal in a crowded market… preferably by not trying to make consumers feel bad for multimillionaires. Or giving its rivals extra attention.
http://bgr.com/2015/04/21/tidal-vs-pandora-vs-spotify/





The Man Who Broke the Music Business

The dawn of online piracy.
Stephen Witt

One Saturday in 1994, Bennie Lydell Glover, a temporary employee at the PolyGram compact-disk manufacturing plant in Kings Mountain, North Carolina, went to a party at the house of a co-worker. He was angling for a permanent position, and the party was a chance to network with his managers. Late in the evening, the host put on music to get people dancing. Glover, a fixture at clubs in Charlotte, an hour away, had never heard any of the songs before, even though many of them were by artists whose work he enjoyed.

Later, Glover realized that the host had been d.j.’ing with music that had been smuggled out of the plant. He was surprised. Plant policy required all permanent employees to sign a “No Theft Tolerated” agreement. He knew that the plant managers were concerned about leaking, and he’d heard of employees being arrested for embezzling inventory. But at the party, even in front of the supervisors, it seemed clear that the disks had been getting out. In time, Glover became aware of a far-reaching underground trade in pre-release disks. “We’d run them in the plant in the week, and they’d have them in the flea markets on the weekend,” he said. “It was a real leaky plant.”

The factory sat on a hundred acres of woodland and had more than three hundred thousand square feet of floor space. It ran shifts around the clock, every day of the year. New albums were released in record stores on Tuesdays, but they needed to be pressed, packaged, and shrink-wrapped weeks in advance. On a busy day, the plant produced a quarter of a million CDs. Its lineage was distinguished: PolyGram was a division of the Dutch consumer-electronics giant Philips, the co-inventor of the CD.

One of Glover’s co-workers was Tony Dockery, another temporary hire. The two worked opposite ends of the shrink-wrapping machine, twelve feet apart. Glover was a “dropper”: he fed the packaged disks into the machine. Dockery was a “boxer”: he took the shrink-wrapped jewel cases and stacked them in a cardboard box for shipping. The jobs paid about ten dollars an hour.

Glover and Dockery soon became friends. They lived in the same town, Shelby, and Glover started giving Dockery a ride to work. They liked the same music. They made the same money. Most important, they were both fascinated by computers, an unusual interest for two working-class Carolinians in the early nineties—the average Shelbyite was more likely to own a hunting rifle than a PC. Glover’s father had been a mechanic, and his grandfather, a farmer, had moonlighted as a television repairman. In 1989, when Glover was fifteen, he went to Sears and bought his first computer: a twenty-three-hundred-dollar PC clone with a one-color monitor. His mother co-signed as the guarantor on the layaway plan. Tinkering with the machine, Glover developed an expertise in hardware assembly, and began to earn money fixing the computers of his friends and neighbors.

By the time of the party, he’d begun to experiment with the nascent culture of the Internet, exploring bulletin-board systems and America Online. Soon, Glover also purchased a CD burner, one of the first produced for home consumers. It cost around six hundred dollars. He began to make mixtapes of the music he already owned, and sold them to friends. “There was a lot of people down my way selling shoes, pocketbooks, CDs, movies, and fencing stolen stuff,” he told me. “I didn’t think they’d ever look at me for what I was doing.” But the burner took forty minutes to make a single copy, and business was slow.

Glover began to consider selling leaked CDs from the plant. He knew a couple of employees who were smuggling them out, and a pre-release album from a hot artist, copied to a blank disk, would be valuable. (Indeed, recording executives at the time saw this as a key business risk.) But PolyGram’s offerings just weren’t that good. The company had a dominant position in adult contemporary, but the kind of people who bought knockoff CDs from the trunk of a car didn’t want Bryan Adams and Sheryl Crow. They wanted Jay Z, and the plant didn’t have it.

By 1996, Glover, who went by Dell, had a permanent job at the plant, with higher pay, benefits, and the possibility of more overtime. He began working double shifts, volunteering for every available slot. “We wouldn’t allow him to work more than six consecutive days,” Robert Buchanan, one of his former managers, said. “But he would try.”

The overtime earnings funded new purchases. In the fall of 1996, Hughes Network Systems introduced the country’s first consumer-grade broadband satellite Internet access. Glover and Dockery signed up immediately. The service offered download speeds of up to four hundred kilobits per second, seven times that of even the best dial-up modem.

Glover left AOL behind. He soon found that the real action was in the chat rooms. Internet Relay Chat networks tended to be noncommercial, hosted by universities and private individuals and not answerable to corporate standards of online conduct. You created a username and joined a channel, indicated by a pound sign: #politics, #sex, #computers. Glover and Dockery became chat addicts; sometimes, even after spending the entire day together, they hung out in the same chat channel after work. On IRC, Dockery was St. James, or, sometimes, Jah Jah. And Glover was ADEG, or, less frequently, Darkman. Glover did not have a passport and hardly ever left the South, but IRC gave him the opportunity to interact with strangers from all over the world.

Also, he could share files. Online, pirated media files were known as “warez,” from “software,” and were distributed through a subculture dating back to at least 1980, which called itself the Warez Scene. The Scene was organized in loosely affiliated digital crews, which raced one another to be the first to put new material on the IRC channel. Software was often available on the same day that it was officially released. Sometimes it was even possible, by hacking company servers, or through an employee, to pirate a piece of software before it was available in stores. The ability to regularly source pre-release leaks earned one the ultimate accolade in digital piracy: to be among the “elite.”

By the mid-nineties, the Scene had moved beyond software piracy into magazines, pornography, pictures, and even fonts. In 1996, a Scene member with the screen name NetFraCk started a new crew, the world’s first MP3 piracy group: Compress ’Da Audio, or CDA, which used the newly available MP3 standard, a format that could shrink music files by more than ninety per cent. On August 10, 1996, CDA released to IRC the Scene’s first “officially” pirated MP3: “Until It Sleeps,” by Metallica. Within weeks, there were numerous rival crews and thousands of pirated songs.

Glover’s first visit to an MP3-trading chat channel came shortly afterward. He wasn’t sure what an MP3 was or who was making the files. He simply downloaded software for an MP3 player, and put in requests for the bots of the channel to serve him files. A few minutes later, he had a small library of songs on his hard drive.

One of the songs was Tupac Shakur’s “California Love,” the hit single that had become inescapable after Tupac’s death, several weeks earlier, in September, 1996. Glover loved Tupac, and when his album “All Eyez on Me” came through the PolyGram plant, in a special distribution deal with Interscope Records, he had even shrink-wrapped some of the disks. Now he played the MP3 of “California Love.” Roger Troutman’s talk-box intro came rattling through his computer speakers, followed by Dr. Dre’s looped reworking of the piano hook from Joe Cocker’s “Woman to Woman.” Then came Tupac’s voice, compressed and digitized from beyond the grave, sounding exactly as it did on the CD.

At work, Glover manufactured CDs for mass consumption. At home, he had spent more than two thousand dollars on burners and other hardware to produce them individually. His livelihood depended on continued demand for the product. But Glover had to wonder: if the MP3 could reproduce Tupac at one-eleventh the bandwidth, and if Tupac could then be distributed, free, on the Internet, what the hell was the point of a compact disk?

In 1998, Seagram Company announced that it was purchasing PolyGram from Philips and merging it with the Universal Music Group. The deal comprised the global pressing and distribution network, including the Kings Mountain plant. The employees were nervous, but management told them not to worry; the plant wasn’t shutting down—it was expanding. The music industry was enjoying a period of unmatched profitability, charging more than fourteen dollars for a CD that cost less than two dollars to manufacture. The executives at Universal thought that this state of affairs was likely to continue. In the prospectus that they filed for the PolyGram acquisition, they did not mention the MP3 among the anticipated threats to the business.

The production lines were upgraded to manufacture half a million CDs a day. There were more shifts, more overtime hours, and more music. Universal, it seemed, had cornered the market on rap. Jay Z, Eminem, Dr. Dre, Cash Money—Glover packaged the albums himself.

Six months after the merger, Shawn Fanning, an eighteen-year-old college dropout from Northeastern University, débuted a public file-sharing platform he had invented called Napster. Fanning had spent his adolescence in the same IRC underground as Glover and Dockery, and was struck by the inefficiency of its distribution methods. Napster replaced IRC bots with a centralized “peer-to-peer” server that allowed people to swap files directly. Within a year, the service had ten million users.

Before Napster, a leaked album had caused only localized damage. Now it was a catastrophe. Universal rolled out its albums with heavy promotion and expensive marketing blitzes: videos, radio spots, television campaigns, and appearances on late-night TV. The availability of pre-release music on the Internet interfered with this schedule, upsetting months of work by publicity teams and leaving the artists feeling betrayed.

Even before Napster’s launch, the plant had begun to implement a new anti-theft regimen. Steve Van Buren, who managed security at the plant, had been pushing for better safeguards since before the Universal merger, and he now instituted a system of randomized searches. Each employee was required to swipe a magnetized identification card upon leaving the plant. Most of the time, a green light appeared and the employee could leave. Occasionally, though, the card triggered a red light, and the employee was made to stand in place as a security guard ran a wand over his body, searching for the thin aluminum coating of a compact disk.

Van Buren succeeded in getting some of the flea-market bootleggers shut down. Plant management had heard of the technician who had been d.j.’ing parties with pre-release music, and Van Buren requested that he take a lie-detector test. The technician failed, and was fired. Even so, Glover’s contacts at the plant could still reliably get leaked albums. One had even sneaked out an entire manufacturing spindle of three hundred disks, and was selling them for five dollars each. But this was an exclusive trade, and only select employees knew who was engaged in it.

By this time, Glover had built a tower of seven CD burners, which stood next to his computer. He could produce about thirty copies an hour, which made bootlegging more profitable, so he scoured the other underground warez networks for material to sell: PlayStation games, PC applications, MP3 files—anything that could be burned to a disk and sold for a few dollars.

He focussed especially on movies, which fetched five dollars each. New compression technology could shrink a feature film to fit on a single CD. The video quality was poor, but business was brisk, and soon he was buying blank CDs in bulk. He bought a label printer to catalogue his product, and a color printer to make mockups of movie posters. He filled a black nylon binder with images of the posters, and used it as a sales catalogue. He kept his inventory in the trunk of his Jeep and sold the movies out of his car.

Glover still considered it too risky to sell leaked CDs from the plant. Nevertheless, he enjoyed keeping up with current music, and the smugglers welcomed him as a customer. He was a permanent employee with no rap sheet and an interest in technology, but outside the plant he had a reputation as a roughrider. He owned a Japanese street-racing motorcycle, which he took to Black Bike Week, in Myrtle Beach. He had owned several handguns, and on his forearm was a tattoo of the Grim Reaper, walking a pit bull on a chain.

His co-worker Dockery, by contrast, was a clean-cut churchgoer, and too square for the smugglers. But he had started bootlegging, too, and he pestered Glover to supply him with leaked CDs. In addition, Dockery kept finding files online that Glover couldn’t: movies that were still in theatres, PlayStation games that weren’t scheduled to be released for months.

For a while, Glover traded leaked disks for Dockery’s software and movies. But eventually he grew tired of acting as Dockery’s courier, and asked why the disks were so valuable. Dockery invited him to his house one night, where he outlined the basics of the warez underworld. For the past year or so, he’d been uploading the pre-release leaks Glover gave him to a shadowy network of online enthusiasts. This was the Scene, and Dockery, on IRC, had joined one of its most élite groups: Rabid Neurosis, or RNS. (Dockery declined to comment for this story.)

Instead of pirating individual songs, RNS was pirating entire albums, bringing the pre-release mentality from software to music. The goal was to beat the official release date whenever possible, and that meant a campaign of infiltration against the major labels.

The leader of RNS went by the handle Kali. He was a master of surveillance and infiltration, the Karla of music piracy. It seemed that he spent hours each week researching the confusing web of corporate acquisitions and pressing agreements that determined where and when CDs would be manufactured. With this information, he built a network of moles who, in the next eight years, managed to burrow into the supply chains of every major music label. “This stuff had to be his life, because he knew about all the release dates,” Glover said.

Dockery—known to Kali as St. James—was his first big break. According to court documents, Dockery encountered several members of RNS in a chat room, including Kali. Here he learned of the group’s desire for pre-release tracks. He soon joined RNS and became one of its best sources. But, when his family life began to interfere, he proposed that Glover take his place.

Glover hesitated: what was in it for him?

He learned that Kali was a gatekeeper to the secret “topsite” servers that formed the backbone of the Scene. The ultra-fast servers contained the best pirated media of every form. The Scene’s servers were well hidden, and log-ons were permitted only from pre-approved Internet addresses. The Scene controlled its inventory as tightly as Universal did—maybe tighter.

If Glover was willing to upload smuggled CDs from the plant to Kali, he’d be given access to these topsites, and he’d never have to pay for media again. He could hear the new Outkast album weeks before anyone else did. He could play Madden NFL on his PlayStation a month before it became available in stores. And he could get the same movies that had allowed Dockery to beat him as a bootlegger.

Dockery arranged a chat-room session for Glover and Kali, and the two exchanged cell-phone numbers. In their first call, Glover mostly just listened. Kali spoke animatedly, in a patois of geekspeak, California mellow, and slang borrowed from West Coast rap. He loved computers, but he also loved hip-hop, and he knew all the beefs, all the disses, and all the details of the feuds among artists on different labels. He also knew that, in the aftermath of the murders of Tupac and the Notorious B.I.G., those feuds were dying down. Def Jam, Cash Money, and Interscope had all signed distribution deals with Universal. Kali’s research kept taking him back to the Kings Mountain plant.

He and Glover hashed out the details of their partnership. Kali would track the release dates of upcoming albums and tell Glover which material he was interested in. Glover would acquire smuggled CDs from the plant. He would then rip the leaked CDs to the MP3 format and, using encrypted channels, send them to Kali’s home computer. Kali packaged the MP3s according to the Scene’s exacting technical standards and released them to its topsites.

The deal sounded good to Glover, but to fulfill Kali’s requests he’d have to get new albums from the plant much more frequently, three or four times a week. This would be difficult. In addition to the randomized search gantlet, a fence had been erected around the parking lot. Emergency exits set off alarms. Laptop computers were forbidden in the plant, as were stereos, portable players, boom boxes, and anything else that might accept and read a CD.

Every once in a while, a marquee release would come through—“The Eminem Show,” say, or Nelly’s “Country Grammar.” It arrived in a limousine with tinted windows, carried from the production studio in a briefcase by a courier who never let the master tape out of his sight. When one of these albums was pressed, Van Buren ordered wandings for every employee in the plant.

The CD-pressing machines were digitally controlled, and they generated error-proof records of their output. The shrink-wrapped disks were logged with an automated bar-code scanner. The plant’s management generated a report, tracking which CDs had been printed and which had actually shipped, and any discrepancy had to be accounted for. The plant might now press more than half a million copies of a popular album in a day, but the inventory could be tracked at the level of the individual disk.

Employees like Glover, who worked on the packaging line, had the upper hand when it came to smuggling CDs. Farther down the line and the disks would be bar-coded and logged in inventory; farther up and they wouldn’t have access to the final product. By this time, the packaging line was becoming increasingly complex. The chief advantage of the compact disk over the MP3 was the satisfaction of owning a physical object. Universal was really selling packaging. Album art had become ornate. The disks were gold or fluorescent, the jewel cases were opaque blue or purple, and the album sleeves were thick booklets printed on high-quality paper. Dozens, sometimes hundreds, of extra disks were now being printed for every run, to be used as replacements in case any were damaged during packaging.

At the end of each shift, employees put the overstock disks into scrap bins. These scrap bins were later taken to a plastics grinder, where the disks were destroyed. Over the years, Glover had dumped hundreds of perfectly good disks into the bins, and he knew that the grinder had no memory and generated no records. If there were twenty-four disks and only twenty-three made it into the grinder’s feed slot, no one in accounting would know.

So, on the way from the conveyor belt to the grinder, an employee could take off his surgical glove while holding a disk. He could wrap the glove around the disk and tie it off. He could then hide the disk, leaving everything else to be destroyed. At the end of his shift, he could return and grab the disk.

That still left the security guards. But here, too, there were options. One involved belt buckles. They were the signature fashion accessories of small-town North Carolina. Many people at the plant wore them—big oval medallions with the Stars and Bars on them. Gilt-leaf plates embroidered with fake diamonds that spelled out the word “boss.” Western-themed cowboy buckles with longhorn skulls and gold trim. The buckles always set off the wand, but the guards wouldn’t ask anyone to take them off.

Hide the disk inside the glove; hide the glove inside a machine; retrieve the glove and tuck it into your waistband; cinch your belt so tight it hurts your bladder; position your oversized belt buckle in front of the disk; cross your fingers as you shuffle toward the turnstile; and, if you get flagged, play it very cool when you set off the wand.

From 2001 on, Glover was the world’s leading leaker of pre-release music. He claims that he never smuggled the CDs himself. Instead, he tapped a network of low-paid temporary employees, offering cash or movies for leaked disks. The handoffs took place at gas stations and convenience stores far from the plant. Before long, Glover earned a promotion, which enabled him to schedule the shifts on the packaging line. If a prized release came through the plant, he had the power to ensure that his man was there.

The pattern of label consolidation had led to a stream of hits at Universal’s factory. Weeks before anyone else, Glover had the hottest albums of the year. He ripped the albums on his PC with software that Kali had sent, and then uploaded the files to him. The two made weekly phone calls to schedule the timing of the leaks.

Glover left the distribution to Kali. Unlike many Scene members, he didn’t participate in technical discussions about the relative merits of constant and variable bit rates. He listened to the CDs, but he often grew bored after only one or two plays. When he was done with a disk, he stashed it in a black duffelbag in his bedroom closet.

By 2002, the duffelbag held more than five hundred disks, including nearly every major release to have come through the Kings Mountain plant. Glover leaked Lil Wayne’s “500 Degreez” and Jay Z’s “The Blueprint.” He leaked Queens of the Stone Age’s “Rated R” and 3 Doors Down’s “Away from the Sun.” He leaked Björk. He leaked Ashanti. He leaked Ja Rule. He leaked Nelly. He leaked Blink-182’s “Take Off Your Pants and Jacket.”

Glover didn’t have access to big-tent mom-rock artists like Celine Dion and Cher. But his albums tended to be the most sought after in the demographic that mattered: generation Eminem. The typical Scene participant was a computer-obsessed male, between the ages of fifteen and thirty. Kali—whose favorite artists included Ludacris, Jay Z, and Dr. Dre—was the perfect example. For Glover, the high point of 2002 came in May, when he leaked “The Eminem Show” twenty-five days before its official release. The leak made its way from the Scene’s topsites to public peer-to-peer networks within hours, and, even though the album became the year’s best-seller, Eminem was forced to bump up its release date.

Every Scene release was accompanied by an NFO (from “info”), an ASCII-art text file that served as the releasing group’s signature tag. NFO files were a way for Scene crews to brag about their scores, shout out important associates, and advertise to potential recruits. Rabid Neurosis NFOs were framed by psychedelic smoke trails emanating from a marijuana leaf at the bottom:

Team Rns Presents
Artist: Eminem
Title: The Eminem Show
Label: Aftermath
Ripper: Team RNS
192 kbps-Rap
1hr 17min total-111.6 mb
Release Date: 2002-06-04
Rip Date: 2002-05-10

The most important line was the rip date, which emphasized the timeliness of the leak. Kali drafted many of the release notes himself, in a sarcastic tone, often taunting rival releasing groups. “The Eminem Show” NFO ended with a question: “Who else did you think would get this?”

Who was Kali? Glover wasn’t sure, but as their relationship evolved he picked up some clues. Kali’s 818 area code was from the Los Angeles region. The voice in the background that Glover sometimes heard on the calls sounded as if it might be Kali’s mother. There was also the marijuana leaf that served as RNS’s official emblem: Glover thought he could tell when Kali was high. Most striking was the exaggerated hip-hop swagger that Kali affected. He only ever referred to Glover as “D.” No one else called him that.

“He would try to talk, like, with a slang,” Glover told me. “Kinda cool, kinda hard.” Glover suspected that Kali wasn’t black, though he sensed that he probably wasn’t white, either.

Glover was not permitted to interact with the other members of the group, not even the one who served as the “ripping coördinator.” His online handle was RST, and his name was Simon Tai. A second-generation Chinese immigrant, Tai was brought up in Southern California before arriving at the University of Pennsylvania, in 1997. As a freshman with a T1 Internet connection, he’d been in awe of RNS. After hanging around in the chat channel for nearly a year, he was asked to join.

He also applied for a slot as a d.j. at the school’s radio station. For two years, Kali cultivated Tai’s interest in rap music and told him to make connections with the promotional people at various labels. In 2000, Tai, now a senior at Penn, was promoted to music director at the station and given a key to the office, where he had access to the station’s promo disks. Every day, he checked the station’s mail; when something good came in, he raced back to his dorm room to upload it. Beating rival Scene crews was sometimes a matter of seconds.

Tai scored two major leaks that year, Ludacris’s “Back for the First Time” and Outkast’s “Stankonia.” With his Scene credentials established, for the next two years Tai managed RNS’s roster of leakers. Along with Kali, he tracked the major labels’ distribution schedules and directed his sources to keep an eye out for certain albums.

To find the albums, RNS had international contacts at every level, who went by anonymous online handles. According to court testimony and interviews with Scene members, there were the radio d.j.s: BiDi, in the South; DJ Rhino, in the Midwest. There was the British music journalist who went by KSD, whose greatest coup was 50 Cent’s “lost” début, “Power of the Dollar,” scheduled for release in 2000 by Columbia, but cancelled after the rapper was shot. There was DaLive1, a house-music aficionado who lived in New York City, and used his connections inside Viacom to source leaks from Black Entertainment Television and MTV. There were two Italian brothers sharing the handle Incuboy, who claimed to run a music-promotion business and had reliable access to releases from Sony and Bertelsmann. In Japan, albums sometimes launched a week or two ahead of the U.S. release date, often with bonus tracks, and Tai relied on kewl21 and x23 to source them. Finally, there were the Tuesday rippers, like Aflex and Ziggy, who spent their own money to buy music legally the day that it appeared in stores.

The only leaker Tai didn’t manage was Glover—Kali kept his existence a secret, even from the other members of the group. Glover resented the isolation, but being Kali’s private source was worth the trouble. At any given time, global Scene membership amounted to no more than a couple of thousand people. Kali was close to the top. A typical Scene pirate, bribing record-store employees and cracking software, might be granted access to three or four topsites. By 2002, Glover had access to two dozen.

His contacts made him an incomparable movie bootlegger. He built another tower to replace the first, with burners for DVDs instead of CDs. He upgraded his Internet connection from satellite to cable. He downloaded the past few years’ most popular movies from the topsites, then burned a couple of dozen copies of each. Expanding his customer base beyond his co-workers, he started meeting people in the parking lot of a nearby convenience store. Around Cleveland County, Glover became known as “the movie man.” For five dollars, he would sell you a DVD of “Spider-Man” weeks before it was available at Blockbuster, sometimes even while it was still in theatres.

Glover started selling between two hundred and three hundred DVDs a week, frequently making more than a thousand dollars in cash. He built a second PC and another burn tower to keep up with demand. He knew that this was illegal, but he felt certain that he had insulated himself from suspicion. All transactions were hand to hand, no records were kept, and he never deposited his earnings in the bank. He didn’t sell music, DVDs weren’t made at the Universal plant, and he was sure that his customers had never heard of the Scene.

Scene culture drew a distinction between online file-sharing and for-profit bootlegging. The topsites were seen as a morally permissible system of trade. Using them for the physical bootlegging of media, by contrast, was viewed as a serious breach of ethical principles. Worse, it was known to attract the attention of the law. Kali put the word out that anyone suspected of selling material from the topsites would be kicked out of the group. Thus, for most participants membership in RNS was a money-losing proposition. They spent hundreds of dollars a year on compact disks, and thousands on servers and broadband, and got only thrills in return.

Glover was an exception: he knew that he wouldn’t be kicked out of anything. With Universal’s rap acts ascending, Kali needed Glover.

Napster lasted barely two years, in its original incarnation, but at its peak the service claimed more than seventy million registered accounts, with users sharing more than two billion MP3 files a month. Music piracy became to the early two-thousands what drug experimentation had been to the late nineteen-sixties: a generation-wide flouting of both social norms and the existing body of law, with little thought for consequences. In late 1999, the Recording Industry Association of America, the music business’s trade and lobbying group, sued Napster, claiming that the company was facilitating copyright infringement on an unprecedented scale. Napster lost the lawsuit, appealed, and lost again. In July, 2001, facing a court order to stop enabling the trade of copyrighted files, Napster shut down its service.

That legal victory achieved little. Former users of Napster saw Internet file-sharing as an undeniable prerogative, and instead of returning to the record stores they embraced gray-market copycats of Napster, like Kazaa and Limewire. By 2003, global recording-industry revenues had fallen from their millennial peak by more than fifteen per cent. The losing streak continued for the next decade.

The R.I.A.A. tried to reassert the primacy of the industry’s copyrights. But civil suits against the peer-to-peer services took years to move through the appeals courts, and the R.I.A.A.’s policy of suing individual file-sharers was a public-relations disaster. To some at the music labels, Congress seemed disinclined to help. Harvey Geller, Universal’s chief litigator, spent years futilely petitioning legislators for better enforcement of copyright law. “Politicians pander to their constituents,” Geller said. “And there were more constituents stealing music than constituents selling it.”

Leaking was viewed differently. No one was advocating for the smuggler. So album leakers adhered to a rigid code of silence. Scene groups were the source for almost all of the new releases available on the peer-to-peer networks, but most file-sharers didn’t even suspect their existence. Civil litigation against such actors was impossible: unlike Kazaa, RNS did not have a business address to which a subpoena could be sent. Only criminal prosecutions would work.

In January, 2003, Glover leaked 50 Cent’s official début, “Get Rich or Die Tryin’,” to Kali. It became the bestselling U.S. album of the year. He followed that up with albums from Jay Z, G Unit, Mary J. Blige, Big Tymers, and Ludacris, and then began the following year with Kanye West’s début, “The College Dropout.” After a scare, in which Glover worried that a release might be traced to him, the timing of leaks became more and more a point of focus. Glover’s leaks began to hit the Internet about two weeks before the CDs were due in stores, neither so early that the leak could be traced to the plant nor so late that RNS risked being bested by other pirates.

The group’s ascendancy came during a period of heightened scrutiny by law enforcement. In April, 2004, the F.B.I. and foreign law-enforcement agencies conducted coördinated raids in eleven countries, identifying more than a hundred pirates. The R.I.A.A.’s anti-piracy unit was staffed with investigators, who hung around the chat rooms of the Scene and learned its language. They tried to infiltrate the Scene, and tracked the leaked material and its dissemination throughout the Internet. Their research began to point them to one increasingly powerful crew, RNS, and they shared their findings with the F.B.I.

Journalists poked around the fringes of the Scene, too. A December, 2004, article in Rolling Stone, by Bill Werde, introduced RNS to the general public. A photo caption in the piece read, “In a four-day period, one group leaked CDs by U2, Eminem and Destiny’s Child.” The article quoted a source close to Eminem: “The rapper’s camp believes Encore was leaked when it went to the distributors, who deliver albums from the pressing plants to chain stores such as Wal-Mart.”

The information was wrong. The CD hadn’t come from the distributor; it had come from Glover. Three days later, he leaked the U2 album “How to Dismantle an Atomic Bomb.” (Destiny’s Child’s “Destiny Fulfilled” had come from elsewhere.) Facing increased attention, Kali decided to strip the group’s NFO files of potentially identifying information; from now on, they would consist only of the date that the album was ripped and the date that it was due in stores.

Kali ordered the RNS chat channel moved from the public IRC servers to a private computer in Hawaii. He instructed members to communicate only through this channel, which was encrypted, banning methods like AOL Instant Messenger. And he reasserted the prohibition against physical bootlegging. But Glover refused to follow the Scene’s rules. He used I.M. whenever he felt like it, and kept his duffelbag of leaked CDs in his closet. He wasn’t as interested in music anymore, or in earning Brownie points from some Internet group. All he cared about was topsites. The more he could join, the more leaked movies he could get, and the more DVDs he could sell.

In a good week, Glover on his own might sell three hundred disks, and make fifteen hundred dollars in cash. Now he began to branch out. At the beginning of each week, he dropped off four hundred disks at each of three trusted barbershops in Shelby. At the end of the week, he returned to collect his share of the profits—roughly six hundred dollars a week per shop. His best salesman made more selling bootleg movies than he did cutting hair. Seeing the profits Glover was earning, other bootleggers began moving into his territory. But Glover retained a pronounced edge. “I had access to so much stuff,” he said. “No one on the street could beat me.”

Many of Glover’s best customers worked at the plant, and for those he trusted most he devised an even better deal. Rather than paying five dollars per movie, for twenty dollars a month you could buy an unlimited subscription—and you didn’t even need the disks. Glover had set up his own topsite, and once you’d bought an account you could download anything you wanted. There were current DVDs, plus the latest copies of games, music, software, and more. At the time, video on demand was the technology of the future, but, if you knew Glover, it had already arrived. He was running a private Netflix out of his house.

Glover began to make extravagant purchases. He bought game consoles and presents for his friends and his family. He bought a new off-road quad bike, then a second. He bought a used Lincoln Navigator, and upgraded it with xenon headlights, a hood scoop, and an expensive stereo. For years, rappers had favored rims called “spinners”—metal hubcaps on independent bearings, which continued rotating even when the car had stopped. Looking to switch up the game, Glover bought “floaters”: the weighted rims stood still even when the wheels were moving.

In 2005, RNS leaked four of the five best-selling albums in the U.S. The No. 1 and No. 2 slots were occupied by Mariah Carey’s “The Emancipation of Mimi” and 50 Cent’s “The Massacre,” and Glover had leaked them both. RNS leaks quickly made their way onto public file-sharing networks, and, within forty-eight hours of appearing on the topsites, copies of the smuggled CDs could be found on iPods across the globe.

By the end of 2006, Glover had leaked nearly two thousand CDs. He was no longer afraid of getting caught. Universal had sold its compact-disk-manufacturing holdings, which allowed the company to watch the deterioration of physical media from a comfortable distance. Although still on contract to print music for Universal, the new ownership treated the plant like a wasting asset, and stopped investing in maintenance. The musicians signed to Universal complained constantly of album leaks, but the label’s supply chain was as insecure as ever.

Although RNS was still wildly successful, many of its members were tiring of its activities. When the group started, in 1996, most of the participants were teen-agers. Now they were approaching thirty, and the glamour was fading. They outgrew their jobs at college radio stations or found more lucrative fields than music journalism, and lost their access to advance albums.

Listening to hundreds of new releases a year could lead to a kind of cynicism. The musicians all used Auto-Tune to pitch-correct their voices; the songwriters all copied the last big hit; the same producers worked on every track. Glover didn’t connect with rap in the way that he used to. Tony Dockery had been born again, and listened primarily to gospel. Simon Tai still hung around the chat channel, but he hadn’t leaked an album in years. Even Kali seemed a little bored.

Glover had been thinking about retiring from the Scene. He started leaking when he was in his mid-twenties. He was now thirty-two. He had worn the same haircut for ten years, and dressed in the same screen-print T-shirts and bluejeans, but his perception of himself was changing. He didn’t remember why he had been so attracted to street bikes, or why he’d felt it necessary to own a handgun. He found his Grim Reaper tattoo impossibly stupid.

Glover’s DVD profits began to decline. Leaks from the Scene were now publicly available within seconds of being posted to the topsites, and even those who were technologically challenged could figure out how to download them. Within a couple of years, Glover’s income from bootlegging dropped to a few hundred dollars a week.

Glover began to make his feelings known to Kali. “We’ve been doing this shit for a long time,” he said in a phone call. “We never got caught. Maybe it’s time to stop.” Surprisingly, Kali agreed. Though the plant’s security was increasingly loose, the risks for leakers were greater. Between foreign law enforcement, the F.B.I., and the R.I.A.A.’s internal anti-piracy squads, there were multiple teams of investigators working to catch them. Kali understood the lengths to which law enforcement was willing to go. Some of the targets of the 2004 raids were his friends, and he had visited them in federal prison.

Then, in January of 2007, one of RNS’s topsites mysteriously vanished. The server, which was hosted in Hungary, began refusing all connections, and the company that owned it didn’t respond. Kali ordered the group shut down. RNS’s final leak, released on January 19, 2007, was Fall Out Boy’s “Infinity on High,” sourced from inside the plant by Glover.

Dozens of former members flooded into the chat channel to pay their respects. Dockery, logging in as St. James, started changing his handle, over and over, in tribute to former members. “Even if we quit now, I’ll think about it always,” Kali wrote. “I don’t know about you guys, but why keep taking a chance.” Soon afterward, the RNS channel was closed forever.

Within months, Glover was once again leaking CDs from the plant, to a guy he knew as RickOne, a leader in a Scene releasing group called OSC. Though this was no longer as profitable for Glover, his desire for free media was undiminished. “To know that I could be playing Madden two months before the stores even had it—to me, that was heaven,” Glover told me.

Kali wasn’t able to give up, either. After RNS was shut down, he had continued sourcing and leaking albums, attributing the leaks to nonsense three-letter acronyms that bewildered even Scene veterans. In the summer of 2007, he contacted Glover and told him that there were two more leaks they had to have: new albums by 50 Cent and Kanye West, both with the same release date. The rappers were competing over whose album would sell more copies, and the feud had made the cover of Rolling Stone. 50 Cent said that if he didn’t win he would retire.

But, as Kali probably knew better than anyone, both artists were distributed and promoted by Universal. What looked like an old-school hip-hop beef was actually a publicity stunt designed to boost sales, and Kali was determined to get involved. RNS had leaked every release the artists had ever put out, and going after 50’s “Curtis” and Kanye’s “Graduation” was a matter of tradition.

The official release date was September 11, 2007, but the albums were first pressed at the plant in mid-August. Glover obtained them through his smuggling network and listened to both. “Graduation” was an ambitious marriage of pop rap and high art, sampling widely from sources as diverse as krautrock and French house music, with cover art by Takashi Murakami. “Curtis” played it safer, favoring hard-thumping club music anchored by hits like “I Get Money” and “Ayo Technology.”

Glover enjoyed both albums, but he was in an unusual position: he had the power to influence the outcome of this feud. If he leaked “Graduation” and held on to “Curtis,” Kanye might sell fewer records. But if he leaked “Curtis” and held on to “Graduation”—well, he might make 50 Cent retire.

Glover decided that he would release one album through Kali and the other through RickOne. He offered RickOne the Kanye West album. On August 30, 2007, “Graduation” hit the topsites of the Scene, with OSC taking credit for the leak. Within hours, an anguished Kali called Glover, who told him that he wasn’t sure how it had happened. He said that he hadn’t seen the album at the plant yet. But, he said, “Curtis” had just arrived. On September 4, 2007, Kali released “Curtis” to the Scene.

Universal officially released the albums on Tuesday, September 11th. Despite the leaks, both sold well. “Curtis” sold almost seven hundred thousand copies in its first week, “Graduation” nearly a million. Kanye won the sales contest, even though Glover had leaked his album first. He’d just run a controlled experiment on the effects of leaking on music sales, an experiment that suggested that, at least in this case, the album that was leaked first actually did better. But Glover was happy with the outcome. “Graduation” had grown on him. He liked Kanye’s album, and felt that he deserved his victory. And 50 didn’t retire after all.

On Wednesday, September 12th, Glover went to work at 7 P.M. He had a double shift lined up, lasting through the night. He finished at 7 A.M. As he was preparing to leave, a co-worker pulled him aside. “There’s someone out there hanging around your truck,” he said.

In the dawn light, Glover saw three men in the parking lot. As he approached his truck, he pulled the key fob out of his pocket. The men stared at him but didn’t move. Then he pressed the remote, the truck chirped, and the men drew their guns and told him to put his hands in the air.

The men were from the Cleveland County sheriff’s office. They informed Glover that the F.B.I. was currently searching his house; they had been sent to retrieve him.

In his front yard, half a dozen F.B.I. agents in bulletproof vests were milling around. Glover’s door had been forced open, and agents were carting away the thousands of dollars’ worth of technology purchases he’d made over the years. He found an F.B.I. special agent named Peter Vu waiting for him inside.

Vu, a veteran of the bureau’s computer-crimes division, had spent years searching for the source of the leaks that were crippling the music industry. His efforts had finally led him to this unremarkable ranch house in small-town North Carolina. He introduced himself, then began pressing Glover for information. Vu was particularly interested in Kali, and Glover gave him the scattered details he had picked up over the years. But Vu wanted Kali’s real name, and, although Glover had talked on the phone with Kali hundreds of times, he didn’t know it.

The next day, Kali called Glover. His voice was agitated and nervous.

“It’s me,” Kali said. “Listen, I think the Feds might be onto us.”

Vu had anticipated the possibility of such a call and had instructed Glover to act as if nothing had happened. Glover now had a choice to make. He could play dumb, and further the investigation of Kali. Or he could warn him off.

“You’re too late,” Glover said. “They hit me yesterday. Shut it down.”

“O.K., I got you,” Kali said. Then he said, “I appreciate it,” and hung up.

In the next few months, the F.B.I. made numerous raids, picking up RickOne, of OSC, and several members of RNS. They also found the man they believed to be Kali, the man who had cost the music industry tens of millions of dollars and transformed RNS into the most sophisticated piracy operation in history: Adil R. Cassim, a twenty-nine-year-old Indian-American I.T. worker who smoked weed, listened to rap music, and lived at home in the suburbs of Los Angeles with his mother.

On September 9, 2009, Glover arrived at the federal courthouse in Alexandria, Virginia, and was indicted on one count of felony conspiracy to commit copyright infringement. At his indictment, Glover saw Adil Cassim for the first time. Cassim was clean-shaven and wore his hair cropped short. He was stocky, with a noticeable paunch, and was dressed in a black suit.

A month later, Glover pleaded guilty to the charge. The decision to plead was a difficult one, but Glover thought that his chances of acquittal were poor. In exchange for sentencing leniency, he agreed to testify against Cassim. The F.B.I. needed the help; the agency had thoroughly searched Cassim’s residence, and a forensic team had inspected his laptop, but they had found no pre-release music. Cassim did not admit to being a member of RNS, though two pieces of physical evidence suggested a connection to the group. One was a burned compact disk taken from his bedroom, containing a copy of Cassim’s résumé, on which, in the “Properties” tab, Microsoft Word had automatically included the name of the document’s author: Kali. The second was Cassim’s mobile phone, which contained Glover’s cell number. The contact’s name was listed only as “D.”

Cassim’s trial began in March, 2010, and lasted for five days. Glover testified, as did several other confessed members of RNS, along with a number of F.B.I. agents and technical experts. In the previous ten years, the federal government had prosecuted hundreds of Scene participants, and had won nearly every case it had brought. But on March 19, 2010, after a short period of deliberation, a jury found Cassim not guilty.

After the trial, Glover began to regret his decision to testify and to plead guilty. He wondered if, with a better legal defense, he, too, might have been acquitted. He’d never been sure exactly what damage leaking music actually caused the musicians, and at times he seemed to regard it as something less than a crime.

“Look at 50 Cent,” he said. “He’s still living in Mike Tyson’s house. Ain’t nobody in the world that can hurt them.” He continued, “It’s a loss, but it’s also a form of advertising.” He paused. “But they probably lost more than they gained.” In the end, Glover served three months in prison. (Tony Dockery also pleaded guilty to conspiracy to commit copyright infringement, and spent three months in prison. Simon Tai was never charged with any wrongdoing.)

In their sentencing guidelines, the attorneys for the Department of Justice wrote, “RNS was the most pervasive and infamous Internet piracy group in history.” In eleven years, RNS leaked more than twenty thousand albums. For much of this time, the group’s best asset was Glover—there was scarcely a person younger than thirty who couldn’t trace music in his or her collection to him.

On the day that Glover’s home was raided, F.B.I. agents confiscated his computers, his duplicating towers, his hard drives, and his PlayStation. They took a few pictures of the albums he’d collected over the years, but they left the duffelbag full of compact disks behind—even as evidence, they were worthless.
http://www.newyorker.com/magazine/20...music-business





iTunes Stops Working for Windows XP Users, Apple Security Change Likely to Blame
Emil Protalinski

Successful CMOs achieve growth by leveraging technology. Join us for GrowthBeat Summit on June 1-2 in Boston, where we'll discuss how to merge creativity with technology to drive growth. Space is limited. Request your personal invitation here!

iTunes users who still run Windows XP started to experience connectivity issues this week. As documented in an Apple Support Communities thread, they can’t log into the iTunes store, meaning functions like buying content, watching already purchased movies and TV shows, playing DRM-protected content, backing up, updating, and syncing all do not work.

The error message reads as follows: “We could not complete your iTunes request. An unknown error occurred (error 0x80090326).” Some users also report they get an “error -50″ message, that the error messages switch between the two codes, or they simply get an “unknown error.”

The issue has to do with the secure connection iTunes uses to connect to the iTunes Store, meaning it doesn’t affect users until they try to log in. While the support thread in question only has some 50 replies at the time of publishing, we expect it to grow quickly as more and more users get logged out and try to log back in.

Users who run network connection (iTunes Help => Diagnostics) get some variation of the following:

Connection attempt to Apple web site was successful.
Connection attempt to browsing iTunes Store was successful.
Connection attempt to purchasing from iTunes Store was unsuccessful.
An unknown error occurred (0x80090326).
Connection attempt to iPhone activation server was successful.
Connection attempt to firmware update server was successful.
Connection attempt to Gracenote server was successful.


In other words, the iTunes version doesn’t matter — it’s the communication protocol that seems to have changed. Most users are on iTunes 12.1.2, and there was no update this week that could be blamed. One user even booted up an old Windows XP machine to try iTunes 11, but got the same error.

It appears that Apple changed something on Monday night or Tuesday morning and either didn’t bother testing on Windows XP or simply didn’t care it would leave XP users behind. Apple Support has not managed to help iTunes users figure out a solution, though one user was pointed to a Microsoft Support page describing an update that adds the following Advanced Encryption Standard (AES) cipher suites to Windows Server 2003:

• TLS_RSA_WITH_AES_128_CBC_SHA AES128-SHA
• TLS_RSA_WITH_AES_256_CBC_SHA AES256-SHA

If this is what Windows XP users need in order for iTunes working properly again, they aren’t going to get it. Microsoft retired Mainstream Support for Windows XP on April 14, 2009, and then pulled Extended Support for the operating system on April 8, 2014.

It looks like Apple will need to revert to the previous security encryption settings for the iTunes connection, assuming it still wants to support Windows XP users. Last month, Windows XP still had over 16 percent market share, according to Net Applications, though it’s difficult to say how many use iTunes.

We have contacted both Apple and Microsoft about this issue and will update you if we hear back.
http://venturebeat.com/2015/04/22/it...kely-to-blame/





Wi-Fi Hack Creates 'No iOS Zone' that Cripples iPhones and iPads

The only solution for Apple users? Leave the affected area immediately
Alex Hern

A newly revealed bug in iOS lets attackers force iPhones and iPads into restart loops, repeatedly crashing and rebooting, using nothing but aWi-Fi network.

Once the user has entered what its discoverer, security researchers Skycure, dubs the “no iOS Zone”, there’s no way to fix their phone other than escaping the range of the malicious network; every time it reboots, it crashes almost immediately.

The basis of the attack uses a “specially crafted SSL certificate”, typically used to ensure a secure connection, to trigger a bug in the operating system that crashes out any app using SSL.

“With our finding, we rushed to create a script that exploits the bug over a network interface,” the researchers wrote. “As SSL is a security best practice and is utilized in almost all apps in the Apple app store, the attack surface is very wide. We knew that any delay in patching the vulnerability could lead to a serious business impact: an organized denial of service (DoS) attack can lead to big losses.”

But in addition to crashing individual apps, the bug can be used to crash the underlying operating system as well. “With heavy use of devices exposed to the vulnerability, the operating system crashes as well. Even worse, under certain conditions, we managed to get devices into a repeatable reboot cycle, rendering them useless.

“Even if victims understand that the attack comes from a Wi-Fi network, they can’t disable the Wi-Fi interface in the repeated restart state as shown in the video.”

When combined with an earlier vulnerability, named “Wi-Figate”, which lets attackers force a device to automatically connect to a given WiFi network, Skycure warns that an attack could be crafted which would deny service to any iOS attack in a given area. “Victims in range cannot do anything about it. Think about the impact of launching such an attack on Wall Street, or maybe at the world’s busiest airports, or at large utility plants. The results would be catastrophic.”

The researchers say they have warned Apple of the error, and are refraining from releasing technical details about it until after the company has issued a fix. Apple did not respond to a comment request ahead of publication.
http://www.theguardian.com/technolog...one-ipad-apple





Computer Attacks Spur Congress to Act on Cybersecurity Bill Years in Making
Jennifer Steinhauer and Jonathan Weisman

Responding to a series of high-profile computer security breaches, Congress is now turning its attention to far-reaching cybersecurity legislation, after years of false starts and bitter disappointments for the Obama administration.

The House is expected Wednesday to pass a bill, years in the making, that would push private companies to share access to their computer networks and records with federal cybercrime investigators.

The cybersecurity bill, similar to a measure approved overwhelmingly by the Senate Intelligence Committee, would be Congress’s most aggressive response yet to a burst of computer attacks that helped sink a major motion picture release by Sony Pictures Entertainment, exposed the credit card numbers of tens of thousands of Target customers and compromised the personal records of millions of people who did business with the health insurer Anthem. The House Intelligence Committee passed the bill unanimously last month.

The complex issue of policing the nation’s computer networks — which, like much of President Obama’s agenda, has been mired in partisan bickering — has more support both from Republicans, who once expressed concerns for the private sector, and from privacy advocates in light of the recent breaches.

“We expect a big bipartisan vote,” said Representative Adam B. Schiff of California, the ranking Democrat on the House Intelligence Committee who helped negotiate the bill with Republicans and the White House.

Lawmakers have been grappling with cybersecurity legislation since 2012, when a bipartisan Senate effort twice blew up over business concerns that the legislation was putting too onerous a burden on the private sector.

Leon E. Panetta, who was then defense secretary, and intelligence leaders implored lawmakers to shrug off the furious opposition of the U.S. Chamber of Commerce, but lawmakers were not persuaded.

A House effort in the last Congress mustered strong opposition from the White House, which was concerned that it would jeopardize the privacy rights of consumers.

But since then, a series of spectacular cyberattacks has changed the political equation. The attack on Sony Pictures, which the Federal Bureau of Investigation blamed on the North Korean government, thwarted the wide release of a comedy portraying the assassination of North Korea’s leader, Kim Jong-un. Early this year, Anthem reported a major breach that exposed the records of nearly 80 million people. Just last week, Target agreed to reimburse MasterCard $19 million for losses associated with the theft of 40 million credit and debit card numbers from its computer network in December 2013.

“The president has come our way,” said a Republican aide on the House Intelligence Committee.

But the White House issued a statement on Tuesday that commended the effort while also saying that the liability protections offered to private companies in the House bill would be so sweeping they might backfire and prevent companies from reporting cyberthreats. It also suggested that safeguards should be added to keep companies from using the cloak of cybersecurity to punish competitors.

The House bill would provide legal liability protections for companies that share cyberthreat information with one other or with the government. But negotiators added what they see as key privacy protections. If a company shares information with the government, it would get liability protection only if its data undergoes two rounds of washing out personal information — once by the company before it gives the data to the government, and another round by the government agency that receives the data.

The data would also go first to a civilian agency, not the National Security Agency or the Department of Defense, for that scrub.

Privacy changes in the bill won over Mr. Schiff, who opposed it last year, and both parties expect the president to come along as well. Mr. Schiff said consultations with White House aides and National Security Council officials have been “sometimes weekly, sometimes daily, and close to hourly now.”

While House passage of the bill is not in question, timing may be a hurdle in the Senate, where an open amendment process is slowing legislation. That chamber is already snarled over a bill that would give Congress more say in a nuclear deal with Iran and a major trade measure. The Highway Trust Fund is nearly broke and requires legislative action before the end of the month, and a national security program at issue also requires renewal.
http://www.nytimes.com/2015/04/23/us...in-making.html





EFF to Congress: Stop the Cybersurveillance Bills
Mark Jaycox

EFF joined over 50 privacy and civil society organizations that sent two letters to Congress demanding it vote against the Senate Intelligence Committee's cybersecurity "information sharing" bill, the Cybersecurity Information Sharing Act of 2015 (CISA, S. 754) and the House Intelligence Committee’s bill, the Protecting Cyber Networks Act (PCNA, HR 1560). The letters demand Congress oppose the bills as the House will be voting on the cybersecurity bills shortly.

As the letter points out, CISA and the PCNA are surveillance bills in disguise that may not even improve computer security. In fact:

CISA would significantly increase the National Security Agency’s (NSA) access to personal information, and authorize the federal government to use that information for a myriad of purposes unrelated to cybersecurity.

The two bills are part of a slew of cybersecurity bills that have been introduced in Congress this year that are ostensibly intended to facilitate more information sharing about computer security threats from the private sector to the government. But the bills aren't about "information sharing." They're about surveillance. The bill's vague definition and broad legal immunity for new spying powers will facilitate a potentially enormous amount of unrelated personal information to government agencies like the NSA.

The bills' immunity provisions could even increase the militarization of the internet by encouraging companies to conduct computer network exfiltration attacks on adversary's computers.

To make matters worse, companies are granted broad legal immunity leaving them free to share the information without being concerned about what it might be used for. And as one of the letters points out: "CISA allows everyday police to use the information to investigate crimes that have nothing to do with cybersecurity, such as robbery, arson, and carjacking."

The letter is being sent as the cybsersecurity fight heats up in Congress. Five cyber bills have been introduced, all of which have serious problems, and the Senate could vote on CISA at any time. CISA’s past iterations have faced several veto threats from President Obama, a petition with over 800,000 signatures, and a widespread online campaign dubbed "Stop Cyber Spying Week." That means we need your voice to defeat this bad legislation too. Contact your lawmaker and tell them that this privacy invasive cybersecurity surveillance bill must be killed.

You can read the full text of the letters and see the signatories against CISA and against the PCNA here and here.
https://www.eff.org/es/deeplinks/201...eillance-bills





Privacy Supergroup Aims to Kill 5 Cybersecurity Bills at Once
Dell Cameron

A coalition of digital-rights and civil-liberties organizations have founded a campaign under the hashtag #CyberFail that aims to shed light on five cybersecurity bills presently under consideration in Congress.

The privacy supergroup says the bills, which are ostensibly intended to address the nation’s growing computer-security concerns, will only heighten the risk to consumers while providing federal law enforcement and intelligence agencies new authority to gather users’ personal information.

“These bills create brand new privacy-invasive surveillance powers,” said Access, one of the organizations involved, in a statement on Wednesday. “Every single one of these proposals would reward companies that send user information to the government, including the NSA and FBI, without adequately protecting user privacy.”

The campaign is supported by several organizations that have played an integral role in defeating unpopular Internet-related legislation in the past, such as the Stop Online Piracy Act (SOPA). The coalition includes Demand Progress, the Electronic Frontier Foundation (EFF), Fight for the Future, and the American Civil Liberties Union (ACLU), among others.

The five bills opposed by the coalition are (via Access):

• The Cyber Intelligence Sharing and Protection Act (CISPA), introduced in the House of Representatives and referred to the House Judiciary Subcommittee on the Constitution and Civil Justice.
• The Cyber Information Sharing Act (CISA), which passed the Senate Intelligence Committee and is expected to be voted on by the full Senate as soon as this week.
• The Protecting Cyber Networks Act (PCNA), which passed the House Intelligence Committee and is expected to be voted on by the full House on April 22.
• The Cyber Threat Sharing Act (CTSA), which was introduced in the Senate and referred to the Senate Committee on Homeland Security and Governmental Affairs.
• The National Cybersecurity Protection Advancement Act (NCPA), which passed by the House Intelligence Committee and is expected to be voted on by the full House on April 23.

On a new campaign website, the group asks users’ to sign a petition aimed at convincing President Barack Obama to veto bills that would “undermine network security” while allowing “surveillance at the expense of [privacy].”

“The White House has pledged to veto legislation that does not require industry and government to ‘minimize and protect personally identifiable information’ and doesn't have ‘clear legal protections and independent oversight,’” an analysis published on the website says. “Cybersecurity legislation should not permit private entities or the government to distribute users' personal information that is unrelated to any cybersecurity threat.”

Two of the bills, the Protecting Cyber Networks Act (PCNA) and the National Cybersecurity Protection Advancement Act of 2015 (NCPA), are expected to be voted on by the house this week. Both provide broad liability protection to companies that share information with the government, a provision that was not included in President Obama’s Executive Order signed earlier this year, which merely encouraged collaboration between the federal government and the private sector.

Privacy watchdogs warn that the broad legal immunity granted to companies will inevitably result in the reckless sharing of Americans’ personal information, which in turn may be used by the government for purposes other than protecting the country’s digital infrastructure.

“The bills aim to allow private companies to share large swaths of private information with the government with no legal process whatsoever, essentially carving a giant hole in the country’s myriad privacy laws,” wrote Trevor Timm, executive director of the Freedom of the Press Foundation, on Tuesday. Timm adds that the bills include exemptions from the Freedom of Information Act that he says "would prevent the public from ever being able to find out what type or amount of information these companies handed over.”

Last week, more than 65 cybersecurity professional and academics signed a letter urging members of Congress to withdraw support from the bills, warning that excess sharing of information would “significantly harm privacy and could actually undermine our ability to effectively respond to threats.”

The signatories included professors from Yale University; the University of California, Berkeley; and the Massachusetts Institute of Technology; and security professionals from over a dozen major Internet companies, including Twitter, Mozilla, and Amazon.

“We appreciate your interest in making our networks more secure, but the legislation proposed does not materially further that goal, and at the same time it puts our users’ privacy at risk,” they authors wrote. “These bills weaken privacy law without promoting security. We urge you to reject them.”
http://www.dailydot.com/politics/cyb...isa-pcna-ncpa/





House Passes Bill Allowing Corporations to Share Your Data
James Trew

If you wanted to explain the dilemma of privacy versus security to a curious relative, the Protecting Cyber Networks Act would be a good place to start. The bill has just been passed by the House of representatives (voting 307-116 in favor), and is designed to prevent future cyber attacks by allowing corporations to share information with each other and the government. Civil liberties groups claim the bill tramples on the privacy of the customers, and opens the door for agencies like the NSA to access their data (not that it needs much help, it seems).

A letter signed by over 50 privacy groups concedes that the bill is "less pernicious" than other recent similar legislation, but notes that under the PCNA, data shared through the government could be exempt from disclosure under the Freedom of Information Act, creating a "new secret cyber-intelligence coordinating body." Naturally, the government doesn't see it this way, and with high profile attacks on Sony and Target (among others) still in recent memory, it's likely corporations are eager for the senate to pass the bill too.

The issue appears to be the bill's lack of specificity. The PCNA would allow for data to flow between corporations via a government intermediary. Crucially, there are provisions that would allow the government to use these data outside of cyber threats. The civil liberties groups criticize the bill for allowing any data to also be used with the Espionage Act, making it ripe for abuse for things such as surveillance of journalists and their sources. While all this is going on, there's still the very real threat of more large scale attacks on corporations that could expose this very same data to anyone on the internet. The bill is still being finalized as it awaits approval from the Senate.
http://www.engadget.com/2015/04/23/h...-networks-act/





Some Tech Firms Being 'Friendly to Terrorists' Says UK Police Chief

Some technology and communication firms are helping militants avoid detection by developing systems that are "friendly to terrorists", Britain's top anti-terrorism police officer said on Tuesday.

Mark Rowley, the national police lead for counter-terrorism, said companies needed to think about their "corporate social responsibility" in creating products that made it hard for the authorities to access material during investigations.

"Some of the acceleration of technology, whether it's communications or other spheres, can be set up in different ways," Rowley told a conference in London.

"It can be set up in a way which is friendly to terrorists and helps them ... and creates challenges for law enforcement and intelligence agencies. Or it can be set up in a way which doesn't do that."

Ever since former U.S. spy agency contractor Edward Snowden disclosed the extent of surveillance by U.S. and British security agencies in 2013, intelligence chiefs have said the authorities' ability to monitor terrorism suspects had been severely degraded.

Documents leaked by Snowden showed spies had harvested data from the likes of Google, Yahoo and Microsoft, leading some other firms to create new encryption and privacy products that make it hard for agents to intercept communications.

"Snowden has created an environment where some technology companies are less comfortable working with law reinforcement and intelligence agencies and the bad guys are better informed," Rowley told Reuters after his speech.

"We all love the benefit of the internet and all the rest of it, but we need their support in making sure that they're doing everything possible to stop their technology being exploited by terrorists. I'm saying that needs to be front and centre of their thinking and for some it is and some it isn't."

He declined to identify which firms he was referring to.

Rowley's comments echo those made in January by John Sawers, the former head of Britain's foreign intelligence service, who said trust between technology firms and governments had been shattered and needed to be rebuilt.

Prime Minister David Cameron has vowed to give the security and intelligence services new powers to monitor Internet communications should he win an election on May 7.

(Reporting by Michael Holden; editing by Stephen Addison)
http://uk.reuters.com/article/2015/0...0NC1HX20150421





This Machine Catches Stingrays: Pwnie Express Demos Cellular Threat Detector

An exclusive first look at Pwnie's new tool for catching cellular network attacks.
Sean Gallagher

At the RSA Conference in San Francisco today, the network penetration testing and monitoring tool company Pwnie Express will demonstrate its newest creation: a sensor that detects rogue cellular network transceivers, including "Stingray" devices and other hardware used by law enforcement to surreptitiously monitor and track cell phones and users.

In an exclusive demonstration for Ars, Pwnie Express CTO Dave Porcello and Director of Research and Development Rick Farina showed off the company's new cell network threat detection capabilities, which integrate into Pwnie's Pulse security auditing service. The capability will give companies the ability to monitor cellular networks around them and detect anomalies caused by rogue cellular base stations, IMSI catchers, and devices used to extend cellular coverage into areas where it may not be authorized.

Of all the potential security threats to companies and individuals that have emerged over the past few years, perhaps the hardest to crack is rogue cellular base stations. Whether they're used to attack the privacy of a cell phone user's communications or as a backdoor out of places where cell phone usage is restricted, configuring unauthorized cell "towers" has become increasingly simple. It doesn't necessarily even require law enforcement-grade hardware. Anyone with a HackRF card or other software-defined radio kit and open-source software can turn a laptop computer into a cellular network transceiver—or even a cellular jammer.

Call baiting

"The real thing that scares people the most is that we have no visibility into these things," Porcello said. "Nobody knows how many of them are out there." But they definitely are out there. Last September, ESD America—which manufactures the CryptoPhone secure cell phone—reported that more than a dozen rogue cell "towers" had been discovered in Washington DC. It's not clear if all of these were being operated by law enforcement.

Way back in 2010 at the Washington DC Shmoocon security conference, Chris Paget (now known as Kristin Paget) demonstrated that he could capture the cell phone data of attendees using a rig that cost about $1,500. "He just bought a commodity [software-defined radio] card and loaded OpenBTS (an open-source GSM cellular base station software package) on his laptop," Porcello said. "He made a point of using a very small antenna so he only hijacked about half of the audience in the auditorium. I'm sure that this sort of thing was being done before that, but I think that was the first public demonstration."

At the same time, law enforcement use of such systems grew. Using the same principle as malicious cellular base stations, authorities could capture cellular phones' International Mobile Subscriber Identity (IMSI) as a way to identify a targeted phone and execute a "man in the middle" attack against it, acting as an intermediary between the phone and a legitimate cell tower in order to intercept and record conversations. These devices, called "IMSI catchers" or "stingrays," have been controversially used by local law enforcement across the US, often under non-disclosure agreements.

Another threat faced by companies in highly regulated industries is the unauthorized use of microcells or femtocells—small base stations often sold by cell carriers to extend cellular network coverage in places where towers might not have coverage. If a company is trying to prevent personal cell phone usage within a facility through passive means, for example, an employee might plug a femtocell base station in at their desk to make outbound calls that aren't through the company's call logging system. This also introduces the potential threat of cellular jamming by someone seeking to block service for malicious reasons.

While all this has been recognized as a threat for some time, there's been one major obstacle in the way of companies protecting themselves against cellular network attacks. Until now, using hardware that could detect such networks would break federal law. There are already some tools available to detect IMSI catchers such as SnoopSnitch, an Android application that can warn a phone user of suspicious cell tower signals that might indicate an IMSI catcher or rogue base station. But other tools available to detect the full spectrum of potential cellular threats are largely restricted to government customers, and many carry six-digit price tags.

"It's actually real easy to make something that can do this but can only be used by government or law enforcement," said Farina. "But so many people have these problems and no way to solve them. If you've got a good sized company, you're absolutely a target for somebody setting up a small base station and grabbing your data, pretty cheaply."

Setting a watchman

Pwnie's cellular threat detection capability is based on FCC-certified cellular transceiver hardware, and it will be integrated into the company's Pwn Pro network sensor line (the corporate version of the Pwn Plug). A 4G cellular transceiver is integrated directly into the device.

"What we're focusing on is the malicious use of cellular—a handful of specific things we can detect passively now," said Porcello. "And there will be a lot more by the time we ship." He added that the rule sets used for identifying some of the potentially malicious behaviors "are pretty rudimentary at this point," and additional work will be required to tune out false positive alerts.

But the rules are good enough now to detect rogue and malicious cellular base stations and IMSI catchers and interceptors with some reliability. "Based on our testing so far, we have some good data to zero out false positives," Farina said. "We're looking for a couple of things right now that we think are reasonable to infer."

The cellular threat detection system looks at a number of factors to determine whether a cellular base station is of concern:

• Unauthorized or unknown cell providers. The Mobile Network Code (MNC) and Mobile Country Code (MCC) of the base station and the frequency range they provide service on could be indicators of someone running a rogue base station. They could be from unknown carriers, carriers not authorized to operate in a certain area, or an operator that is "suddenly offering something that shouldn't be available," Farina said.

• Anomalous or suspicious base stations. Signal strength variation could indicate a base station has moved or changed its transmitting power. "The standard deviation of power from base stations is relatively sane," said Farina. "We can flag when a base station's signal changes wildly." This will be extended to detect changes in existing cell service, Porcello said, "such as going down to 2G service, for example." New stations suddenly popping up could also set off an alarm, possibly indicating a femtocell or other unauthorized cellular base station.

• IMSI catcher/interceptor identification. This is based on whether a base station is advertising itself as a major carrier but provides only 2G service—the surest sign someone is trying to intercept cell data.

• Rogue or malicious cellular base stations based on open source software. One of the rule sets in the current capability can detect Yate default base station configurations, indicating someone is configuring a cellular base station as a gateway for phone calls or for malicious purposes.

Reach out and punch someone

Cellular base stations aren't the only mobile network-based attack vector faced by many companies. Cheap and readily available GSM-based devices have found their way into a number of criminal activities. "You're seeing all sorts of rogue devices moving to GSM," Porcello said. "Hackers and criminals are taking advantage of this like crazy because they know you can't legally monitor them."

Porcello cited credit card and ATM skimmers as an example. "The credit card skimmer of choice now is a GSM-connected skimmer. You don't have to be near it and never have to collect it; it can just dump all the credit card numbers by SMS message back to a throwaway phone number."

Eventually, Porcello said, the FCC will have to give companies a way of spotting these sorts of devices without breaking the law. "The FCC is going to have to create some exceptions for companies to monitor this traffic because their workforces are moving to 4G LTE," he said. And with more and more business taking place over cellular broadband, cellular network attacks could become increasingly costly.
http://arstechnica.com/information-t...reat-detector/





NSA Spied on EU Politicians and Companies with Help from German Intelligence

Spies failed to check properly what was being passed across to the US.
Glyn Moody

Germany's intelligence service, the Bundesnachrichtendienst (BND), has been helping the NSA spy on European politicians and companies for years, according to the German news magazine Der Spiegel. The NSA has been sending lists of "selectors"—identifying telephone numbers, e-mail and IP addresses—to the BND, which then provides related information that it holds in its surveillance databases. According to the German newspaper Die Zeit, the NSA sent selector lists several times a day, and altogether 800,000 selectors have been requested.

The BND realized as early as 2008 that some of the selectors were not permitted according to its internal rules, or covered by a 2002 US-Germany anti-terrorism "Memorandum of Agreement" on intelligence cooperation. And yet it did nothing to check the NSA's requests systematically. It was only in the summer of 2013, after Edward Snowden's revelations of massive NSA and GCHQ surveillance, that the BND finally started an inquiry into all the selectors that had been processed.

According to Der Spiegel, investigators found that the BND had provided information on around 2,000 selectors that were clearly against European and German interests. Not only were European businesses such as the giant aerospace and defense company EADS, best-known as the manufacturer of the Airbus planes, targeted, so were European politicians—including German ones.

However, the BND did not inform the German Chancellor's office, which only found out about the misuse of the selector request system in March 2015. Instead, the BND simply asked the NSA to make requests that were fully covered by the anti-terrorism agreement between the two countries. According to Die Zeit, this was because the BND was worried that the NSA might curtail the flow of its own intelligence data to the German secret services if the selector scheme became embroiled in controversy.

The information about this activity has finally come out thanks to a long-running committee of inquiry, set up by the German Bundestag (federal parliament), which has been trying to get to the bottom of the NSA activities in Germany, and of the BND's involvement in them. The committee's investigation suggests that as many as 40,000 of the selectors were targeting European and German interests—far more than the 2,000 found by the BND.

There is likely to be considerable political fallout from the latest news. Because of the way the affair has been handled, with the German Chancellor kept in the dark for years, it is widely expected that the head of the BND, Gerhard Schindler, will be forced to resign. News that the BND has been actively helping the NSA to spy on European companies and politicians will also deepen the public's already considerable anger at US surveillance of Germans, first revealed by Snowden's leaks.

That, in its turn, could make it even harder to persuade them to accept the huge US-EU trade agreement currently being negotiated behind closed doors, known as the Transatlantic Trade and Investment Partnership (TTIP). The Germans are already the leading skeptics: over a million of them have signed an online petition calling for the TTIP talks to be halted, while thousands took to the streets earlier this month to protest against the proposed deal.
http://arstechnica.com/tech-policy/2...-intelligence/





Declassified Report Shows Doubts About Value of N.S.A.’s Warrantless Spying
Charlie Savage

The secrecy surrounding the National Security Agency’s post-9/11 warrantless surveillance and bulk data collection program hampered its effectiveness, and many members of the intelligence community later struggled to identify any specific terrorist attacks it thwarted, a newly declassified document shows.

The document is a lengthy report on a once secret N.S.A. program code-named Stellarwind. The report was a joint project in 2009 by inspectors general for five intelligence and law enforcement agencies, and it was withheld from the public at the time, although a short, unclassified version was made public. The government released a redacted version of the full report to The New York Times on Friday evening in response to a Freedom of Information Act lawsuit.

Shortly after the terrorist attacks on Sept. 11, 2001, President George W. Bush secretly told the N.S.A. that it could wiretap Americans’ international phone calls and collect bulk data about their phone calls and emails without obeying the Foreign Intelligence Surveillance Act. Over time, Stellarwind’s legal basis evolved, and pieces of it emerged into public view, starting with an article in The Times about warrantless wiretapping in 2005.

The report amounts to a detailed history of the program. While significant parts remain classified, it includes some new information. For example, it explains how the Bush administration came to tell the chief judge of the Foreign Intelligence Surveillance Court at the time of the Sept. 11 attacks, Royce C. Lamberth, about the program’s existence in early 2002.

James A. Baker, then the Justice Department’s top intelligence lawyer, had not been told about the program. But he came across “strange, unattributed” language in an application for an ordinary surveillance warrant and figured it out, then insisted on telling Judge Lamberth. Mr. Baker is now the general counsel to the F.B.I.

It also says that Mr. Baker developed procedures to make sure that warrant applications using information from Stellarwind went only to the judges who knew about the program: first Judge Lamberth and then his successor, Judge Colleen Kollar-Kotelly.

The White House would not let Judge Kollar-Kotelly keep a copy of a letter written by a Justice Department lawyer, John C. Yoo, explaining the claimed legal basis of the program, and it rejected a request by Attorney General John Ashcroft to tell his deputy, Larry Thompson, about the program.

The report said that the secrecy surrounding the program made it less useful. Very few working-level C.I.A. analysts were told about it. After the warrantless wiretapping part became public, Congress legalized it in 2007; the report said this should have happened earlier to remove “the substantial restrictions placed on F.B.I. agents’ and analysts’ access to and use of program-derived information due to the highly classified status” of Stellarwind.

In 2003, after Mr. Yoo left the government, other Justice Department officials read his secret memo approving the program — most of which has not been made public — and concluded that it was flawed.

Among other things, the report said, Mr. Yoo’s reasoning was premised on the assumption that the surveillance act, which requires warrants for national security wiretaps, did not expressly apply to wartime situations. His memo did not mention that a provision of that law explains how it applies in war: The warrant rule is suspended for the first 15 days of a war.

The report has new details about a dramatic episode in March 2004, when several Justice Department officials confronted Alberto R. Gonzales, the White House counsel at the time, in the hospital room of Mr. Ashcroft over the legality of the program. The officials included Mr. Thompson’s successor as deputy attorney general, James B. Comey, who is now the F.B.I. director, and the new head of the office where Mr. Yoo had worked, Jack Goldsmith.

The showdown prompted Mr. Bush to make two or three changes to Stellarwind, the report said. But while the report gives a blow-by-blow account of the bureaucratic fight, it censors an explanation of the substance of the legal dispute and Mr. Bush’s changes.

Last year, the Obama administration released a redacted version of a memo that Mr. Goldsmith later wrote about Stellarwind and similarly censored important details.

Nevertheless, it is public knowledge, because of documents leaked by the former intelligence contractor Edward J. Snowden, that one part of the dispute concerned the legality of the component of Stellarwind that collected bulk records about Americans’ emails.

Mr. Snowden’s disclosures included a working draft version of the N.S.A. inspector general’s contribution to this report, roughly 50 pages long. The final document — with many passages redacted as still classified — was part of Friday’s release.

Another part of the newly disclosed report provides an explanation for a change in F.B.I. rules during the Bush administration. Previously, F.B.I. agents had only two types of cases: “preliminary” and “full” investigations. But the Bush administration created a third, lower-level type called an “assessment.”

This development, it turns out, was a result of Stellarwind. F.B.I. agents were asked to scrutinize phone numbers deemed suspicious because of information from the program. But the agents were not told why the numbers had been deemed suspicious, only “not to use the information in legal or judicial proceedings.”

That made some agents uncomfortable, and it was not clear how such mysterious leads fit into their rules for investigations. The Justice Department created the new type of investigation, initially called a “threat assessment,” which could be opened with lower-grade tips. Agents now use them tens of thousands of times a year.

But little came of the Stellarwind tips. In 2004, the F.B.I. looked at a sampling of all the tips to see how many had made a “significant contribution” to identifying a terrorist, deporting a terrorism suspect, or developing a confidential informant about terrorists.

Just 1.2 percent of the tips from 2001 to 2004 had made such a contribution. Two years later, the F.B.I. reviewed all the leads from the warrantless wiretapping part of Stellarwind between August 2004 and January 2006. None had proved useful.

Still, the report includes several redacted paragraphs describing “success” cases.
http://www.nytimes.com/2015/04/25/us...d-reports.html





Britt McHenry and the Upsides of a Surveillance Society

The omnipresence of cameras is a legitimate source of anxiety. But the possibility of exposure can also encourage us to be a little kinder to each other.
Megan Garber

“I’m in the news, sweetheart.”

So began the tirade—if a steely, sneering string of vitriol can fairly be called a "tirade"—delivered to an anonymous recipient, a worker at a towing garage, by the ESPN reporter Britt McHenry. McHenry's car had apparently been towed while she was having dinner two weeks ago in Arlington, Virginia; she was forced to go to the garage to retrieve it—and, of course, to pay for the towing. McHenry, understandably, was not happy about this. She also did not seem to realize that the garage in question was equipped with a surveillance camera. These two facts culminated in a conversation with the garage attendant that included such comments as:

“I will fucking sue this place.”

“So I could be a college dropout and do the same thing?”

“I’m on television and you’re in a fucking trailer, honey.”

“Lose some weight, baby girl.”

The towing company released the video of McHenry to the site LiveLeak; yesterday, LiveLeak released it to the world. As a result—McHenry being a popular personality on ESPN—a hefty chunk of the Internet has witnessed McHenry's comments. (Deadspin's post on the fracas has gotten more than 1 million views.) Even if you don't watch sports TV, there's something irresistibly sad—and intriguing, and thought-provoking, and sad once again—about a famous woman who bears an uncanny resemblance to Regina George sneering at an anonymous service worker, “I’m on television and you’re in a fucking trailer, honey.”

Many news outlets, in reporting on the video, referred to the exchange as a "meltdown" on McHenry's part. It was not, to be clear, a meltdown. Sure, McHenry may have been frustrated and flummoxed and angry—who wouldn't be, after having had a car towed?—but her reaction did not, fundamentally, reflect frustration or anger. It was instead a very measured, ad-hominem attack on a person whom McHenry clearly deemed to be—in terms of appearance and education and wealth and class and status—beneath her.

McHenry, after the video was released, apologized for the behavior it revealed, explaining, "I allowed my emotions to get the best of me and said some insulting and regrettable things." She has also been suspended from ESPN for a week. And you could debate, the outrage economy being what it is, about whether those punishments and compensations are too punitive or too lax. You could debate about whether the video is, at its core, evidence of "fat-shaming." You could also join #teambritt by pointing out that towing companies can occasionally be rapacious, which is both true and laughably besides the point.

The McHenry video is a logical extension of the hot-mic moment, of the caught-on-tape trope, of the blooper reel—and also of the role cameras have played in exposing crime and police brutality.

The core facts, here, are that McHenry—whatever may have triggered her self-satisfied screed—acted deplorably. And she was revealed to have acted deplorably. And her deplorable actions were revealed by way of the inconspicuous technology that has outed so many other deplorable acts: the surveillance camera.

The "surveillance state" is a sweeping term, and this is appropriate. It concerns fundamental aspects of citizenship—privacy, liberty, policing both grassroots and government-sanctioned—and considers what the infrastructures of culture will look like in an age of documentational promiscuity. These are complex and crucial ideas. The McHenry video, though, is a reminder of the more atomized aspects of the surveillance state: the surveillance society. It is a reminder of what happens when surveillance is distributed and small-sized and iterative. It is a logical extension of the hot-mic moment, of the caught-on-tape trope, of the blooper reel—and also, in its way, of the role cameras have recently played in exposing crime and police brutality.

It is, overall, a reminder that technology is making it harder to differentiate between the people we perform and the people we are.

Yes, there are panoptical elements to all that. Yes, we should seriously consider—and debate, and perhaps even fear—what those elements will do to us, as a messy human collective. But one of the positive aspects of the presence of all those cameras—all these devices, there to capture not just our beautiful children and our sumptuous meals, but also our worst and pettiest and most immoral moments—is a basic one: Terrible behavior, whether cruel or violent or something in between, has a greater possibility than it ever has before of being exposed. Just as Uber tracks ratings for both its drivers and its users, and just as Yelp can be a source of shaming for businesses and customers alike, technology at large has afforded a reciprocity between people who, in a previous era, would have occupied different places on the spectrum of power.

Which can, again, be a bad thing—but which can also, in McHenry's case, be an extremely beneficial one. It's good that her behavior has been exposed. It's good that her story going viral might discourage similar behavior from other people. It's good that she has publicly promised "to learn from this mistake." Britt McHenry is "in the news," she scoffed to a service worker a couple of weeks ago. Now she's in the news in another way. And that's because of a thing that doesn't discriminate between the thin and the fat, the rich and the poor, the famous and the anonymous, the kind and the cruel: a well-placed camera.
http://www.theatlantic.com/technolog...ociety/390801/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

April 18th, April 11th, April 4th, March 28th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 04:42 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)