Peer-To-Peer News - The Week In Review - October 20th, '12

[JackSpratts]

Since 2002


































"We're able to view just everything that they do." – Bill Diggins, Verizon Wireless


"Your enemies. Your slobbering enemies." – Robert McCarl



































October 20th, 2012




Recording Industry Association of New Zealand Withdraws Copyright Case

The Recording Industry Association of New Zealand (RIANZ) has withdrawn one of the first three cases to go to the Copyright Tribunal. The withdrawal happened after all submissions had been made but before the formal hearing at the Tribunal.

Tech Liberty helped the defendant with her submission along with pro bono assistance from lawyers and others.

The case

The defendant was a student in a flatting situation and was the account holder for the flat's shared internet account. She has never used file sharing software and we had to explain to her what it was and how it worked. It seems likely that one of her flatmates had it installed.

The flat never received the first detection notice and they didn't really understand the second warning notice. She did show it to her flatmates and asked them to stop doing anything they were doing. They denied doing anything, so she checked to make sure that their wireless network was properly protected by a password in case they had been hacked. The third notice was a mess - addressed to the wrong person, Telecom eventually withdrew it and replaced it with another one.

Then came the notice from the Ministry of Justice that action was being taken against the account holder. The defendant was very upset and worried, and contacted her local Citizen's Advice Bureau for help, who put her on to us.

The claims

RIANZ claimed a total of $2669.25 in penalties. This was made up as follows:

1. $1075.50 as the cost of the music.
2. $373.75 to repay the cost of the notices and tribunal fee.
3. $1250 as a deterrent.

The cost of the music was calculated as being five tracks (total number of notices) multiplied by the $2.39 cost of each track on the iTunes store. The observant may notice that this works out to $11.95 rather than $1075.50. RIANZ decided, based on some self-serving research, that each track had probably been downloaded 90 times and therefore the cost should be multipled by 90. There is no basis in the Copyright Act or Tribunal regulations for this claim.

The effects

When we met the defendant she was very worried about the case and what it would mean for her. It caused her significant distress and preparing a defence interrupted both her studies and her part time job. The thought of a $2669 penalty weighed heavily on her and her plans for the future.

She immediately cancelled the flat's internet account and her and her flatmates were from that point without an internet connection at home. Obviously this was not good for their studies, social lives or personal business (e.g. online banking).

The flatmates refused to acknowledge any responsibility or offer to pay any money towards the penalty. Relationships in the flat broke down and the defendant left the flat soon after.

The defence

The defence concentrated on three aspects:

1. The unfairness of the account holder being penalised for someone elses alleged infringement.
2. Technical faults with the notices (see below).
3. Criticism of the outrageously high sum requested by RIANZ as a penalty.

You may note that there is no denial that the infringing had occurred. This was not because the defendant admitted doing it or even that one of her flatmates admitted it. It's because there is really no way to prove that the allegations are true or false.

The notices from Telecom had a number of technical faults, of which the main ones were:

• Telecom sent out an incorrect notice then withdrew it and sent out another. Even the corrected notice had some errors and used different infringement numbers and the whole situation was very confusing.
• The second and third notices did not specify which first and second notices they were following on from, as required by the regulations. This made working out the timelines very difficult.
• The corrected third and final enforcement notice was sent for an infringement that happened within the 28 day stand down period after the warning notice, which means it was not a valid enforcement notice.

The defendant did ask the Copyright Tribunal for a formal hearing which she intended to attend.

The withdrawal

The defendant sent a submission to the Copyright Tribunal along with her request for a formal hearing.

A couple of weeks later she received notice from the Tribunal that RIANZ had withdrawn their claim and the file was closed. We do not know why RIANZ chose to withdraw their claim.

The law is unjust and unfair

This case exemplifies just how unjust and unfair the law is.

If you are the account holder you will be responsible for the actions of anyone using the account. There is no way for non-technical people to monitor or control what their flatmates or other people sharing the internet connection are doing. Even IT professionals would struggle to do so with the normal tools available on a home network.

The provisions in the law allowing for an internet account to be cut off have been suspended for now. This was because it is becoming increasingly clear that an internet account is becoming critical for engaging in modern society. However, the effect of this law was still the same - the defendant panicked at these allegations and cancelled her account, cutting off her entire flat from the internet.

The law is meant to act as a deterrent to infringing copyright, but the way it is written it is actually an incentive. "Just use a connection that doesn't have your name on the account and they'll be be the one who is penalised!" The only deterrent is to becoming an internet account holder.

Protecting yourself

How can you protect yourself against this unfair and unjust law?

1. Don't be the account holder. See if you can persuade your flatmates, family member or business to be the internet account holder so that they'll be the ones who are penalised. Of course this is just protecting yourself at the expense of someone else.
2. Don't use peer to peer file-sharing software to download copyrighted material without permission of the copyright holder. Tell anyone sharing your connection not to do so either.
3. If you do receive a notice, examine it very carefully to check whether it is valid. Our article about valid infringement notices might help.
4. If you get a second, warning, notice, cancel your account with that ISP and switch to a new one. This will reset the count.
5. If you get summonsed to the Tribunal, spend the time to write a proper submission in your defence and ask for a formal hearing.

Ultimately, the only real protection is to get the law changed.
http://techliberty.org.nz/





South Korea's Myung Film Sues Over Movie File-Sharing

The makers of "Architecture 101" hope unprecedented civil action can help raise piracy awareness.
Lee Hyo-won

South Korea’s Myung Film filed a lawsuit Wednesday against 12 individuals and a firm involved in leaking the local box office hit Architecture 101. The civil action is an unprecedented move, as defendants have already been indicted without detention last month.

“Police and prosecution investigations have revealed that the defendants did not illegally leak the movie for financial profit,” said a spokesperson for Myung Film. “However, we decided to take civil action in order to defend the rights and interests of the film’s investors and creators, and to raise public awareness about the importance of copyright protection.”

An employee of a company that organizes film screenings breached copyright laws by sharing a preview version of Architecture 101 with a friend. The movie was passed onto acquaintances before ending up on an online file-sharing service in May.

Though the retro romance by Lee Yong-zoo became the 10th most watched movie in Korea this year, with over 4.1 million in admissions, Myung Film says the piracy resulted in damages of an estimated 7.5 billion won (around $6.79 million). The movie was downloaded over 300,000 times by Internet users in just eight days.

Movie piracy is a prevalent problem in Korea, the most wired country in the world with over 40 million Internet users among a population of 50 million. Most notably CJ Entertainment lost 32 billion won (about $29 million) when the tsunami blockbuster Tidal Wave (Haeudae) leaked online in 2009. CJ Group did not, however, file a civil suit.

Local authorities have toughened measures against cyber crime, while major studios, film organizations and cineastes have joined forces to address piracy issues through the “Good Downloader” campaign.
http://www.hollywoodreporter.com/new...lm-sues-381264





The Biggest Music Pirates Are Also the Biggest Spenders on Recorded Music
Philippa Warr

Peer-to-peer file-sharers legally purchase 30 percent more digital music than non-P2P users, according to a study by The American Assembly at Columbia University.

The preview data comes from the Copy Culture survey which analysed American and German attitudes and behaviour towards digital music and adds to the growing body of evidence that those who share data are also more likely to purchase digital goods legally.

While file-sharing is not synonymous with illegal activity, the survey groups P2P and non-P2P service users into "high piracy" and "low piracy" groups respectively and, in his analysis of the data, American Assembly vice president Joe Karaganis states "The biggest music pirates are also the biggest spenders on recorded music."

The conclusions were supported by similar data from the German survey participants which revealed that P2P users bought around three times more digital music than non-P2P users in their peer group.

The study forms part of the organisation's upcoming Copy Culture in the US and Germany survey which "explores what Americans and Germans do with digital media, what they want to do, and how they reconcile their attitudes and values with different policies and proposals to enforce copyright online."
http://www.wired.co.uk/news/archive/...buy-more-music





U.S. College Top Pirates: Fact or Duped by VPN?

Summary: File-sharing remains a thorn in the side of U.S. colleges, with Rutgers and New York University hosting the most pirates -- or do they?
Charlie Osborne

The restriction of access to websites including The Pirate Bay and KickassTorrents has been a long-standing practice for universities in both the U.S. and United Kingdom. Suffering under the strain of heavy traffic due to students streaming films and downloading gigabytes of data via torrents, these academic institutions have attempted -- often in vain -- to curb the trend.

But when Game of Thrones isn't out for another week but has been broadcast already in another country, the temptation is no doubt difficult to resist.

Universities are not unaware of this, and put in place different guidelines for students to follow. Princeton University may suspend computer privileges for repeat offenders -- as well as pointing out the potential for criminal charges -- whereas Cambridge urges its students not to receive or distribute files that may be protected by intellectual property law.

TorrentFreak compiled a list containing the top college downloaders with hep from ScanEye, based on tracking hundreds of thousands of public torrent files. By combing through IP addresses of individual universities, you can see which collages have 'downloaded' the most torrents.

On the table below, Rutgers University leaders with 1809 "hits" from November 2011, followed by New York University (986 hits), University Of Houston (795), University of Southern California (776), and Texas A&M University (768).

However, compare this to Internet provider Comcast who has logged millions alone, and you can see that the BitTorrent network at these colleges may have indeed been scuppered by anti-piracy protocols at each college.

The figures do not include pirates who have set up a virtual private network (VPN) or proxy to cover their tracks -- a practice difficult to measure and increasing in popularity. So, in fact, it may be that file-sharing is rife in other colleges (consider MIT as an example), but are better informed over how to avoid being traced.

The average consumer may not know how to set up a VPN or use a proxy, but a student desperate to download that latest album and circumvent university systems may take the time to learn.

It would also be wrong to assume every seeded file is illegal -- as the file-sharing protocol itself is not, and can be used to distribute large, legal files. But for students wanting to save their beer tokens, "free" software and films are a continual temptation. Rutgers' most popular downloads, for example, were Microsoft Office for Mac, Witcher 2: Assassins of Kings, movie Fast Five and Pulp Fiction.
http://www.zdnet.com/u-s-college-top...pn-7000005772/





The Pirate Cloud

So, first we ditched the trackers.

Then we got rid of the torrents.

Now? Now we've gotten rid of the servers. Slowly and steadily we are getting rid of our earthly form and ascending into the next stage, the cloud.

The cloud, or Brahman as the hindus call it, is the All, surrounding everything. It is everywhere; immaterial, yet very real.

If there is data, there is The Pirate Bay.

Our data flows around in thousands of clouds, in deeply encrypted forms, ready to be used when necessary. Earth bound nodes that transform the data are as deeply encrypted and reboot into a deadlock if not used for 8 hours.

All attempts to attack The Pirate Bay from now on is an attack on everything and nothing. The site that you're at will still be here, for as long as we want it to. Only in a higher form of being. A reality to us. A ghost to those who wish to harm us.

Adapt or be forever forgotten beneath the veils of maya.
https://thepiratebay.se/blog/224





Pirate Bay Moves to The Cloud, Becomes Raid-Proof
Ernesto

The Pirate Bay has made an important change to its infrastructure. The world’s most famous BitTorrent site has switched its entire operation to the cloud. From now on The Pirate Bay will serve its users from several cloud hosting providers scattered around the world. The move will cut costs, ensure better uptime, and make the site virtually invulnerable to police raids — all while keeping user data secure.

The Pirate Bay is loved by millions of file-sharers but is also a thorn in the side of the entertainment industries.

The latter group continues to push authorities to take action against the site. The Pirate Bay was raided back in 2006 and there are rumors that the police might try again in the near future.

The Pirate Bay is not oblivious to this looming threat. They have backups in place and are shielding the true location of their servers. Nevertheless, should the site lose all its servers it might take a while to get back online.

This is one of the reasons why The Pirate Bay decided to move the site into the cloud yesterday. The switch resulted in five minutes downtime and was hardly noticed by the public, but it’s a big change for the infamous BitTorrent site.

Hosting in the cloud also makes the site easier to scale, it reduces downtime, and is also cheaper.

“Moving to the cloud lets TPB move from country to country, crossing borders seamlessly without downtime. All the servers don’t even have to be hosted with the same provider, or even on the same continent,” The Pirate Bay told TorrentFreak.

The Pirate Bay is currently hosted at cloud hosting companies in two countries where they run several Virtual Machine (VM) instances.

“Running on VMs cuts down operation costs and complexity. For example, we never need anyone to do hands-on work like earlier this month when we were down for two days because someone had to fix a broken power distribution unit,” The Pirate Bay says.

The setup also makes it possible for the BitTorrent site to take their business elsewhere without too much hassle.

“If one cloud-provider cuts us off, goes offline or goes bankrupt, we can just buy new virtual servers from the next provider. Then we only have to upload the VM-images and reconfigure the load-balancer to get the site up and running again.”

While most of Pirate Bay’s former servers are now obsolete, not everything was moved to the cloud.

The load balancer and transit-routers are still owned and operated by The Pirate Bay, which allows the site to hide the location of the cloud provider. It also helps to secure the privacy of the site’s users.

The hosting providers have no idea that they’re hosting The Pirate Bay, and even in the event they found out it would be impossible for them to gather data on the users.

“All communication with users goes through TPB’s load balancer, which is a disk-less server with all the configuration in RAM. The load balancer is not in the same country as the transit-router or the cloud servers,” The Pirate Bay told us.

“The communication between the load balancer and the virtual servers is encrypted. So even if a cloud provider found out they’re running TPB, they can’t look at the content of user traffic or user’s IP-addresses.”

In addition The Pirate Bay now believes it’s more raid proof.

The worst case scenario is that The Pirate Bay loses both its transit router and its load balancer. All the important data is backed up externally on VMs that can be re-installed at cloud hosting providers anywhere in the world.

“If the police decide to raid us again there are no servers to take, just a transit router. If they follow the trail to the next country and find the load balancer, there is just a disk-less server there. In case they find out where the cloud provider is, all they can get are encrypted disk-images,” The Pirate Bay says.

“They have to be quick about it too, if the servers have been out of communication with the load balancer for 8 hours they automatically shut down. When the servers are booted up, access is only granted to those who have the encryption password,” they add.

For Pirate Bay users the move to the cloud doesn’t change much though. If anything, they will notice significantly less downtime.
https://torrentfreak.com/pirate-bay-...-proof-121017/





Megaupload Is Dead. Long Live Mega!
Charles Graeber

They’ve been indicted by the U.S. government for conspiracy and briefly thrown in jail, but Kim Dotcom and his partners in the digital storage locker Megaupload have no intention of quitting the online marketplace.

Instead the co-defendants plan to introduce a much-anticipated new technology later this year that will allow users to once again upload, store, and share large data files, albeit by different rules. They revealed details of the new service exclusively to Wired.

They call it Mega and describe it as a unique tool that will solve the liability problems faced by cloud storage services, enhance the privacy rights of internet users, and provide themselves with a simple new business. Meanwhile, critics fear that Mega is simply a revamped version of Megaupload, cleverly designed to skirt the old business’s legal issues without addressing the concerns of Internet piracy.

(Dotcom and three of his partners remain in New Zealand, where they were arrested in January 2012. They face extradition to the U.S. on charges of “engaging in a racketeering conspiracy, conspiring to commit copyright infringement, conspiring to commit money laundering, and two substantive counts of criminal copyright infringement,” according to the Department of Justice.)

What Mega and Megaupload do have in common is that they are both one-click, subscriber-based cloud platforms that allow customers to upload, store, access, and share large files. Dotcom, and his Mega partner Mathias Ortmann say the difference is that now those files will first be one-click-encrypted right in a client’s browser, using the so-called Advanced Encryption Standard algorithm. The user is then provided with a second unique key for that file’s decryption.

It will be up to users, and third-party app developers, to control access to any given uploaded file, be it a song, movie, videogame, book, or simple text document. Internet libertarians will surely embrace this new capability.

And because the decryption key is not stored with Mega, the company would have no means to view the uploaded file on its server. It would, Ortmann explains, be impossible for Mega to know, or be responsible for, its users’ uploaded content — a state of affairs engineered to create an ironclad “safe harbor” from liability for Mega, and added piece of mind for the user.

“If servers are lost, if the government comes into a data center and rapes it, if someone hacks the server or steals it, it would give him nothing,” Dotcom explains. “Whatever is uploaded to the site, it is going to be remain closed and private without the key.”

Dotcom’s belief is that even the broad interpretation of internet law that brought down Megaupload would be insufficient to thwart the new Mega, because what users share, how they share it, and how many people they share it with will be their responsibility and under their control, not Mega’s.

Dotcom says that according to his legal experts, the only way to stop such a service from existing is to make encryption itself illegal. “And according to the U.N. Charter for Human Rights, privacy is a basic human right,” Dotcom explains. “You have the right to protect your private information and communication against spying.”

Dotcom says that the new Mega will be an attractive product for anyone concerned about the state of online security. And to address the concerns about data loss of the sort that affected Megaupload customers whose files were seized by the FBI, Mega will store all data on two sets of redundant servers, located in two different countries.

“So, even if one country decides to go completely berserk from a legal perspective and freeze all servers, for example — which we don’t expect, because we’ve fully complied with all the laws of the countries we place servers in — or if a natural disaster happens, there’s still another location where all the files are available,” Ortmann says. “This way, it’s impossible to be subjected to the kind of abuse that we’ve had in the U.S.”

Ultimately, Dotcom envisions a network hosted by thousands of different entities with thousands of different servers, in countries all over the world.

“We’re creating a system where any host in the world — from the $2,000 garage operation to the largest online host — can connect their own servers to this network,” Dotcom says. “We can work with anybody, because the hosts themselves cannot see what’s on the servers.”

One of the more unique wrinkles of the new service may come from Mega’s decision not to deploy so-called de-duplication on its servers, meaning that if a user decides to upload the same copyright-infringing file 100 times, it would result in 100 different files and 100 distinct decryption keys. Removing them would require 100 takedown notices of the type typically sent by rights holders like movie studios and record companies.

While Mega is adamant that this is not the point of their technology, others fear the service may atomize the piracy problem, turning internet policing into an even more elaborate game of Wack-a-Mole. “As we learned from the first iteration of Megaupload, how it describes itself and how it really operates can be two very distinct things,” says one industry spokesman who asked not to be named. “We’d rather not wade in here until we can see the thing with our own eyes.”

Julie Samuels, a staff attorney with the Electronic Frontier Foundation, says that while the new Mega may present an interesting development for internet users, it doesn’t answer the issues raised by the unique and, by her lights, questionable interpretation of Internet law used in the case against Megaupload. “It’s likely to change the cat-and-mouse game that goes on in terms of this issue on the Internet,” Samuels says. “But it’s still a cat-and-mouse game.”

Samuels says that the technology may affect how easy or difficult it is for rights holders or law enforcement to determine exactly what kind of files are being shared. “But there are still some fundamental questions that need to be answered. At this point, it’s not technology but the courts which need to address them.”

Dotcom insists that Mega is not “a giant middle finger to Hollywood and the DoJ,” or a relaunch of Megaupload. And Ortmann points out that if users choose to violate copyright with the new technology, there are already rules in place to address it. “If the copyright holder finds publicly posted links and decryption keys and verifies that the file is an infringement of their copyright, they can send a DMCA takedown notice to have that file removed, just like before,” he says.

As with Megaupload, Ortmann says, Mega will also grant direct access to their servers for entities such as film studios, allowing them to remove copyright-infringing material themselves. “But this time, if they want to use that tool, they’ll have to accept, prior to getting access, that they’re not going to sue us or hold us accountable for the actions of our users,” Dotcom says.

In any event, the Mega team believes that a government takedown of their new service is extremely improbable. “Unless our legal team tells us that the DoJ is likely to go berserk again,” Ortmann explains. “But in my view, they can’t pull off this stunt a second time.”
http://www.wired.com/threatlevel/201...gaupload-mega/





Internet Providers Set To Crack Down On Illegal File-Sharing
Jennifer Martinez

AT&T, Verizon, Comcast and other major Internet service providers are set to implement a copyright alert system aimed at cutting down on illegal peer-to-peer file sharing of copyrighted material "over the next several weeks," according to the head of the organization overseeing the new anti-piracy program.

"There are [implementation] dates in draft materials that are not set in stone and we don't want to create any expectations we can't meet, but we're really close and we'll start seeing alerts over the next several weeks," said Jill Lesser, the executive director of the Center for Copyright Information (CCI).

Under the new copyright alert system, Internet service providers (ISPs) will send a series of alerts to subscribers whose accounts may have been used to illegally distribute music, movies or other entertainment content via file-sharing. If the subscriber does not respond to the first set of alerts, which will include educational material on protecting copyrights and the consequences of illegal file-sharing, the Internet service provider may temporarily slow down their Internet speeds, direct them to an online tutorial when they try to access popular websites or implement other penalties--called "mitigation measures."

Internet service providers are preparing to implement their alert systems in November, according to someone familiar with CCI's thinking, and they will vary slightly from company to company. It was expected to rollout earlier this year but Lesser said it's taken some additional time for Internet providers to fit the alert systems within their infrastructure.

Cablevision and Time Warner are members of CCI's coalition, along with AT&T, Verizon and Comcast.

The new alert system is the product of an agreement struck among five major ISPs, the Recording Industry Association of America, and the Motion Picture Association of America last summer as a way to clamp down on copyright infringement via illegal file sharing. The success of the industry-led alert system will be watched closely as anti-piracy legislation was dealt a crushing blow earlier this year.

Critics of the effort have previously raised concern about Internet providers terminating people's Internet connection or access to certain websites if they don't respond to the alerts.

Lesser said there has been a lot of misinformation spread about the alert system and stressed that Internet subscribers' accounts will not be terminated as part of the program.

"In one case there's a temporary slow down of [Internet] speed, but that doesn't impact access to sites," Lesser said. "That's not the way this works at all."

"When you're in a walled garden, all you essentially have to do is go through the education [material] and then you're out of the walled garden" she said.

Under the alert system, copyright owners like a record label or film company will flag an Internet provider if they believe an IP address is illegally pirating their content on a peer-to-peer file-sharing network. The ISP will then determine which subscriber account matches up with the IP address, or the set of numbers used to identify a device, and send an alert to the subscriber notifying them that their Internet account may have be used for illegal file-sharing.

A subscriber will stop receiving alerts after an Internet provider sends them a sixth, and final, copyright alert, according to Lesser.

"If you continue to engage in copyright infringement, you're not going to continue to get alerts," she said. "In our mind, we're going to target consumers that respond to these alerts. The alerts stop after that last level and nothing else happens under the program."

CCI says on its site that "only a small fraction of all subscribers are likely to ever receive an alert and an even smaller fraction may face a Mitigation Measure due to their online activity." The organization anticipates that "most subscribers are far more likely to address the problem based on the initial alerts."

Some have raised concern that the alert system would open the door for content owners to sue Internet subscribers. Internal AT&T documents obtained by the blog TorrentFreak warn that a content owner may take legal against a customer after they receive their fifth copyright alert and require AT&T to turn over personal information to help with the case.

AT&T plans to make repeat copyright infringers' complete an educational tutorial on copyright before they can gain access to certain websites, TorrentFreak reported, citing the obtained documents.

An AT&T spokesman declined to comment on TorrentFreak's report and said "details on the next phase of the Copyright Alert System will be forthcoming." Lesser declined to comment on the documents obtained by TorrentFreak.

However, Lesser argues that the alert system won't make Internet subscribers more vulnerable to copyright infringement suits. Receiving an alert "doesn't mean you're anymore liable to be sued or the content owner has anymore eligibility to sue someone," she said.

People can also request an independent review if they believe they've received a copyright alert in error, she noted. That process is being developed by the American Arbitration Associates.

"The hope is the causal user and the user that doesn't realize the implications of what they're doing will respond to the system, and we'll see a decrease in the use of peer-to-peer networks for copyright infringement and we'll see an increase in legal services," Lesser said.
http://thehill.com/blogs/hillicon-va...l-file-sharing





Cable Operators Can Fight Theft by Encrypting Signals, FCC Rules
Todd Shields

Cable companies led by Comcast Corp. (CMCSA) won U.S. permission to encrypt their basic service to fight theft and reduce service calls.

The Federal Communications Commission voted 5-0 to allow encryption, the agency said in an order released yesterday. Cable companies already encrypt offerings on more expensive channel packages that feature more programming.

The FCC had prohibited encryption on basic service so customers wouldn’t need to rent a set-top box to view local stations. The prohibition didn’t hold for satellite providers DirecTV (DTV) and Dish Network Corp. (DISH) or for cable competitors such as TV services offered by AT&T Inc. (T) and Verizon Communications Inc.

The National Cable & Telecommunications Association in 2004 estimated that about 5 percent of homes near cable lines accessed service without paying, resulting in almost $5 billion in lost revenue. That was more than 8 percent of industry revenues that year, according to a filing at the FCC by the Washington-based trade group. The organization’s members include the biggest U.S. cable operator, Comcast, No. 2 provider Time Warner Cable Inc. (TWC) and Cablevision Systems Corp. (CVC), a New York-area provider.

“By permitting cable operators to join their competitors in encrypting the basic service tier, the commission has adopted a sensible, pro-consumer approach that will reduce overall in- home service calls,” Michael Powell, president of the trade group, said in an e-mailed statement. “Encryption of the basic tier also enhances security of the network which reduces service theft that harms honest customers.”

Encrypting basic service would let Comcast start and stop service remotely, which customers prefer to scheduling an appointment with a technician, Philadelphia-based Comcast said in a filing at the FCC.

Cablevision found that, when it encrypted basic service under a waiver from the FCC, it almost eliminated the need to send crews in trucks to disconnect service, the Bethpage, New York-based company told the agency in a filing.
http://www.bloomberg.com/news/2012-1...fcc-rules.html





The Big Drawback of Boxee TV Cloud-Based DVR

Boxee TV offers unlimited cloud-based storage for recorded shows, but no local storage, so users must play monthly fees -- which are bound to increase -- for as long as they want access. What if Boxee goes out of business?
Julie Jacobson

Boxee’s new Boxee TV could be a game changer with its $99 price point, dual HDTV tuners, input for antenna or basic cable service, electronic programming guide (EPG), pre-loaded apps and – the kicker – a DVR that records TV content automatically to the cloud for access from virtually any Web browser.

The service costs $14.99, and it is truly unlimited. Conceivably, you could record two channels simultaneously all day every day.

It definitely has the potential to triumph in cord-cutting circles, but there’s one big drawback: You cannot record content to local storage devices, be it USB- or network-attached, despite the unit boasting two USB ports and obviously an Ethernet port.

“We felt that it would be a confusing experience to have some content in the cloud and some locally (and therefore not available to stream from any device),” a Boxee spokesperson tells CE Pro, “and the cloud allows us to provide the unique offers of this product -- namely unlimited storage and access on all your devices.”

Of course this explanation is “total BS,” as networking and A/V specialist Bjorn Jensen of WhyReboot tells me (see his earlier piece on Boxee TV).

Technically, it would be simple to enable local storage for recorded content, but it wouldn’t fit Boxee’s business model. The service subsidizes the hardware, which is almost half the price of the original Boxee Box ($180).

Here’s the problem: If you want to watch your recorded TV content, you will have to pay $14.99 every month for as long as you want access to potentially hundreds or thousands of shows.

At that point, you are stuck with Boxee, even if they raise the rates to $19.99 per month or $29.99 per month …. You then become as much a hostage to Boxee as you would be to the cable or satellite providers whose cord you want to cut in the first place.

In fact, I suspect Boxee is offering unlimited storage to make users especially beholden to them. The more content you have, the less likely you are to drop the service.

Also, what if Boxee goes out of business? Again, you’ll be out of luck, as we have seen with HDGiants and even Walmart at one time.

Also, what if Boxee TV for some reason doesn’t pass muster with the DRM police, the paranoid folks in the cable industry, or even the FCC? It wouldn’t be the first time Boxee technology faced cord-cutting foes.

I like the idea of cloud-based DVR storage – especially of the unlimited variety -- with access from virtually any place at any time.

I don’t, however, want to be beholden to Boxee for eternity, especially if they increase the monthly service fees, which is bound to happen at some point.

Meanwhile, Boxee is limiting support for shared local content on the home network in this next product iteration compared to the original box.

A spokesperson tells CE Pro, “Boxee TV will still have good local file playback, it just is not a key feature of the product and will not be as exhaustive as the Boxee Box's local file support.”

I’m certainly not begrudging Boxee their business model. I just don’t know if it’s right for me.

It’s a deal-breaker for Jensen, who enjoys Windows Media Center paired with a good antenna and a HDHomerun dual tuner from Silicon Dust, with plenty of local storage and no monthly fees for DVR service, and few repercussions if his hardware/software providers go out of business.

Boxee’s approach, he says, “is just a way to steer people into buying the cloud service and for that reason I probably won’t purchase it.”
http://www.cepro.com/article/the_big...oud-based_dvr/





Apple Loses Tablet Copyright Appeal Against Samsung
Stephen Eisenhammer

Apple has lost its appeal against a ruling that cleared rival Samsung of copying its registered designs for tablet computers, in a decision which could end the two firms' legal dispute on the subject across Europe.

The world's two leading smartphone makers are fighting over patents, both for smartphones and for tablets like Apple's iPad, in courts around the world.

Britain's Court of Appeal on Thursday upheld the country's High Court judgment that, despite some similarities, Samsung's Galaxy tablet did not infringe Apple's designs, in part because its products were "not as cool".

The decision is valid throughout Europe and should prohibit further legal disputes between the two companies over the design of tablets in the region.

South Korea's Samsung welcomed the decision saying in a statement: "We continue to believe that Apple was not the first to design a tablet with a rectangular shape and rounded corners".

Apple declined to comment on the decision.

The U.S. company has been instructed to run advertisements saying Samsung did not copy its registered tablet designs, both on its website and in selected newspapers.

Apple can appeal to the Supreme Court.

"I expect this will be the end of the line. An appeal to the Supreme Court is in principle possible but there has been no indication so far that Apple plan such an appeal", Darren Smyth partner at EIP, a specialist intellectual property law firm, told Reuters.

"For the design of tablets in Europe this should be the final word."

(Reporting by Stephen Eisenhammer; Editing by Paul Sandle and Mark Potter)
http://www.reuters.com/article/2012/...89H0DW20121018





Canada-EU Trade Agreement Replicates ACTA’s Notorious Copyright Provisions
Carolina Rossini

The shadow of the Anti-Counterfeiting Trade Agreement (ACTA) is back in Europe. It is disguised as CETA, the Canada-European Union and Trade Agreement. As reported by EDRI, a rather strange and surprising e-mail was sent this summer from the General Secretariat of the Council of the European Union to the Member States and the European Commission. The e-mail explained that the criminal sanctions provisions of the draft CETA are modeled on those in ACTA.

A comparison of the leaked draft Canada-EU agreement shows the treaty includes a number of the same controversial provisions, specifically concerning criminal enforcement, private enforcement by Internet Service Providers (ISPs), and harsh damages. These provisions are particularly problematic, and were the key reasons why the European Parliament rejected ACTA. However, given the lack of transparency associated with the CETA discussions (both Canada and EU insist that the draft text remain secret), the concerns that CETA may replicate ACTA appear to be very real despite denials from some members of the European Commission.

CETA is a trade agreement designed to strengthen economic ties between Canada and the EU through “free” trade and increased investment. However, hidden within this treaty are provisions that were essentially lifted from ACTA word-for-word. And just like its close cousins, ACTA, KORUS, and TPP—and other trade agreements that are applauded by the entertainment industry for carrying expansive intellectual property provisions—CETA is being negotiated in secret. Jérémie Zimmermann declared:

The only hard evidence on which we can base our analysis suggests the worst: once again, the European Commission and the EU Member States governments are trying to impose repressive measures against cultural practices online. (…) This trend of sneaking repressive measures through negotiated trade agreements must stop.

This cut-and-paste strategy was confirmed yesterday by La Quadrature du Net, which had representatives present in a workshop on October 10th, where Philipp Dupuis, the European Commission negotiator, bragged that ACTA-like criminal sanctions were still in the CETA draft. Following the workshop, La Quadrature du Net sent letters to Mr Pierre Moscovici, Minister for Economic Affairs and Finance, requesting clarifications and demanding that the criminal measures be removed from CETA.

The 92% of the European Union Parliament who voted against ACTA in July 2012 demonstrated that the EU was overwhelmingly against provisions like this, and many expected that it would be the end of the matter. Sadly, that assumption appears to have been unfounded. Despite this there are encouraging signs of resistance—including that the Dutch government has stated that it would not accept CETA moving forward this way.

Civil society, which has mobilized and filled streets of France, Poland, and others, is calling on citizens to demand that their governments remove copyright provisions from CETA during the upcoming round of negotiations next week in Brussels.

The Consolidation of Policy Laundering and Increasing Secrecy in International Negotiations

The copyright lobbies have consolidated on the use of foreign and international forums as an indirect means of pushing policies—a strategy known as policy laundering—like those ones in CETA that might never win direct approval through the regular domestic political. The move from fora like the World Intellectual Property Organization (WIPO) or the World Trade Organization (WTO) to bilateral and regional trade agreements confirms it. Policy laundering takes advantage of the fact that the institutions nations have created for ensuring democratic control and input into the bureaucratic policymaking process have not yet been instituted into most international bodies and negotiation venues. And of course, the entertainment lobby applauds this. It is well known for instance, that provisions of the US DMCA were the result of policy laundering. This should not be the way we build 21st century agreements.

International negotiations are abstract and it’s hard to see how they may eventually affect one's life. When a trade agreement or treaty is signed by a country and later ratified however, it does manifest itself into national law. Therefore, the time to act is from the very beginning of such initiatives, not later. Secrecy around negotiations is not democratic, violates the open government principles many of the negotiating countries have signed onto, and purposefully makes taking action much more difficult.

Secrecy impacts civil society’s ability to comment or analyze agreements, just as it does with the Trans-Pacific Partnership agreement (TPP) and other FTAs. It’s hard enough to work within the participation system at places like WIPO, but at least there we are given some opportunity to observe and participate in the official discussions. When trade negotiators and copyright maximalists get together to launder IP rights expansion through secret agreements, we lose that small but vital voice that lets us speak truth to power.
https://www.eff.org/deeplinks/2012/1...eplicates-acta





Brazilian Newspapers Leave Google News En Masse
Isabela Fraga

Brazil’s main newspapers abandoned Google News after the world’s top search engine refused to compensate them for the rights to their headlines. The mass rush started last year when the National Association of Newspapers in Brazil, or ANJ, began recommending its members to opt out of the service.

ANJ’s recommendation was followed by all of the 154 newspapers that belong to the organization and account for more than 90 percent of the country’s newspaper circulation. Google argues the company doesn't need to pay for the rights to use headlines because Google News benefits newspapers by redirecting large volumes of user traffic to their websites.

The controversy fueled one of the most intense debates during the Inter American Press Association’s 68th General Assembly, which took place from Oct. 12 to 16 in São Paulo.

On one side of the debate were defenders of news companies’ authoring rights like German attorney Felix Stang, who said, “platforms like Google’s compete directly with newspapers and magazines because they work like home pages and use content from them.”

On the other, Google representatives said their platform provides a way to make journalistic content available to more people. According to Marcel Leonardi, the company’s public policies director, Google News channels a billion clicks to news sites around the world.

Leonardi criticized ANJ’s stance and, making a comparison, said it would be absurd for a restaurant to tax a cab driver for taking tourists to eat there.

Despite the arguments on both sides, IAPA’s general assembly came to an end without any new agreements between ANJ and Google. For Brazilian news companies, the number of visits that arrive from Google News has not been enough to justify the use of their headlines without receiving payment.

“Google News benefits commercially from that quality content and is unwilling to discuss a remuneration model for the production of these materials,” said ANJ president Carlos Fernando Lindenberg Neto in an e-mail interview with the Knight Center for Journalism in the Americas.

“We concluded (…) that staying in Google News was not helping us grow our digital audiences. On the contrary, by providing the first few lines of our stories to Internet users, the service reduces the changes that they will look at the entire story in our web sites,” Lindenberg said.

Google declined to comment for this story.

The debate has its ambiguities since search engines bring new online readers to news outlets' websites. However, the loss of online traffic caused by the newspapers’ departure from Google News hasn’t made ANJ change its position since, Lindenerg said, “Google News’ presence in the Brazilian market is small. We believe (the loss of traffic) is an acceptable price to protect our content and brands.”

Despite the decision, newspapers’ websites will continue to come up in Google’s regular search service. Lindenberg admitted their stance will affect general search results since Google’s ranking takes into account whether a site appears in Google News or not. Google is the number one search engine in Brazil with a 92.15 percent market share, according to a 2011 survey from Serasa Experian, which focuses in digital marketing.

In response, Google’s Leonardi fired back during the IAPA debate by saying that “if the reader is satisfied with the small blurb (we offer), that means the story did not call his attention that much.”

For Google, the goal is to reach a solution where both parties win – newspapers and news aggregators – instead of condemning sites like Google for not paying news outlets.

ANJ members, however, currently favor the other side of the argument. ANJ’s Lindenberg said the “ideal model would be to have both parties sit at a table and recognize the importance of each other in the value chain.”

Long-standing discussion

The debate between ANJ and Google has been a long one. On Dec. 2010, both agreed that Google News would display just one line from each article, which would attract readers’ attention and lead them to the original link. But the measure was not enough to increase the number of clicks at news websites, Lindenberg said. “With newspapers’ departure from Google News, most internet users that looked for news content in Google News began looking directly in newspapers’ websites,” he said.

The issue has its precedents, too. In 2010, the Associated Press also abandoned Google for the same reasons but returned seven weeks later. Nevertheless, this is the first time a newspaper association mobilizes and recommends its members to leave the news search service en masse.

One thing to take in mind is that, even though all of ANJ’s newspapers have left Google News, many of their Internet portals are still listed by the aggregator, such as the Internet portals of organizations like Globo or UOL. In other words, it’s not possible to search for content published by their print versions, but the material that was published by their respective sites can be found.

For example, if a user searches the term “Dilma” in Google News and he specifies he only want results from newspaper O Globo, a message will come up saying “The search - Dilma source:’O Globo’ – did not match any news results.” But if he searches the same term with only the word “Globo” – which would include all the other media properties of the company – he would find results that lead to the company’s Globo.com portal.
http://knightcenter.utexas.edu/blog/...-news-en-masse





Google Threatens French Media Ban Over Proposed Law
BBC

Google has threatened to exclude French media sites from search results if France goes ahead with plans to make search engines pay for content.

In a letter sent to several ministerial offices, Google said such a law "would threaten its very existence".

French newspaper publishers have been pushing for the law, saying it is unfair that Google receives advertising revenue from searches for news.

French Culture Minister Aurelie Filippetti also favours the idea.

She told a parliamentary commission it was "a tool that it seems important to me to develop".

Ad tax

Google France had said earlier that the plan "would be harmful to the internet, internet users and news websites that benefit from substantial traffic" that comes via Google's search engine.

It said it redirected four billion clicks to French media pages each month.

Print newspapers have seen their incomes gradually eroded in recent years as consumers and advertisers turn to the web.

Previously the French government has considered introducing a tax on online advertising revenues but it later dropped the plan, worried it would hurt small local companies more than global internet giants.

"France has a track record of enacting laws to protect its local media interest that seem out of step with the conventional wisdom in other markets," said Adrian Drury, an analyst with research firm Ovum.

"The question is whether by returning a search result Google is infringing the copyright of a site. The publishers will continue to contest this, but the general consensus is that it is not," he added.
http://www.bbc.co.uk/news/technology-19996351





Shut Up and Play Nice: How the Western World is Limiting Free Speech
Jonathan Turley

Free speech is dying in the Western world. While most people still enjoy considerable freedom of expression, this right, once a near-absolute, has become less defined and less dependable for those espousing controversial social, political or religious views. The decline of free speech has come not from any single blow but rather from thousands of paper cuts of well-intentioned exceptions designed to maintain social harmony.

In the face of the violence that frequently results from anti-religious expression, some world leaders seem to be losing their patience with free speech. After a video called “Innocence of Muslims” appeared on YouTube and sparked violent protests in several Muslim nations last month, U.N. Secretary General Ban Ki-moon warned that “when some people use this freedom of expression to provoke or humiliate some others’ values and beliefs, then this cannot be protected.”

It appears that the one thing modern society can no longer tolerate is intolerance. As Australian Prime Minister Julia Gillard put it in her recent speech before the United Nations, “Our tolerance must never extend to tolerating religious hatred.”

A willingness to confine free speech in the name of social pluralism can be seen at various levels of authority and government. In February, for instance, Pennsylvania Judge Mark Martin heard a case in which a Muslim man was charged with attacking an atheist marching in a Halloween parade as a “zombie Muhammed.” Martin castigated not the defendant but the victim, Ernie Perce, lecturing him that “our forefathers intended to use the First Amendment so we can speak with our mind, not to piss off other people and cultures — which is what you did.”

Of course, free speech is often precisely about pissing off other people — challenging social taboos or political values.

This was evident in recent days when courts in Washington and New York ruled that transit authorities could not prevent or delay the posting of a controversial ad that says: “In any war between the civilized man and the savage, support the civilized man. Support Israel. Defeat jihad.”

When U.S. District Judge Rosemary Collyer said the government could not bar the ad simply because it could upset some Metro riders, the ruling prompted calls for new limits on such speech. And in New York, the Metropolitan Transportation Authority responded by unanimously passing a new regulation banning any message that it considers likely to “incite” others or cause some “other immediate breach of the peace.”

Such efforts focus not on the right to speak but on the possible reaction to speech — a fundamental change in the treatment of free speech in the West. The much-misconstrued statement of Justice Oliver Wendell Holmes that free speech does not give you the right to shout fire in a crowded theater is now being used to curtail speech that might provoke a violence-prone minority. Our entire society is being treated as a crowded theater, and talking about whole subjects is now akin to shouting “fire!”

The new restrictions are forcing people to meet the demands of the lowest common denominator of accepted speech, usually using one of four rationales.

Speech is blasphemous

This is the oldest threat to free speech, but it has experienced something of a comeback in the 21st century. After protests erupted throughout the Muslim world in 2005 over Danish cartoons depicting the prophet Muhammad, Western countries publicly professed fealty to free speech, yet quietly cracked down on anti-religious expression. Religious critics in France, Britain, Italy and other countries have found themselves under criminal investigation as threats to public safety. In France, actress and animal rights activist Brigitte Bardot has been fined several times for comments about how Muslims are undermining French culture. And just last month, a Greek atheist was arrested for insulting a famous monk by making his name sound like that of a pasta dish.

Some Western countries have classic blasphemy laws — such as Ireland, which in 2009 criminalized the “publication or utterance of blasphemous matter” deemed “grossly abusive or insulting in relation to matters held sacred by any religion.” The Russian Duma recently proposed a law against “insulting religious beliefs.” Other countries allow the arrest of people who threaten strife by criticizing religions or religious leaders. In Britain, for instance, a 15-year-old girl was arrested two years agofor burning a Koran.

Western governments seem to be sending the message that free speech rights will not protect you — as shown clearly last month by the images of Nakoula Basseley Nakoula, the YouTube filmmaker, being carted away in California on suspicion of probation violations. Dutch politician Geert Wilders went through years of litigation before he was acquitted last year on charges of insulting Islam by voicing anti-Islamic views. In the Netherlandsand Italy, cartoonists and comedians have been charged with insulting religion through caricatures or jokes.

Even the Obama administration supported the passage of a resolution in the U.N. Human Rights Council to create an international standard restricting some anti-religious speech (its full name: “Combating Intolerance, Negative Stereotyping and Stigmatization of, and Discrimination, Incitement to Violence and Violence Against, Persons Based on Religion or Belief”). Egypt’s U.N. ambassador heralded the resolution as exposing the “true nature” of free speech and recognizing that “freedom of expression has been sometimes misused” to insult religion.

At a Washington conference last yearto implement the resolution, Secretary of State Hillary Rodham Clinton declared that it would protect both “the right to practice one’s religion freely and the right to express one’s opinion without fear.” But it isn’t clear how speech can be protected if the yardstick is how people react to speech — particularly in countries where people riot over a single cartoon. Clinton suggested that free speech resulting in “sectarian clashes” or “the destruction or the defacement or the vandalization of religious sites” was not, as she put it, “fair game.”

Given this initiative, President Obama’s U.N. address last month declaring America’s support for free speech, while laudable, seemed confused — even at odds with his administration’s efforts.

Speech is hateful

In the United States, hate speech is presumably protected under the First Amendment. However, hate-crime laws often redefine hateful expression as a criminal act. Thus, in 2003, the Supreme Court addressed the conviction of a Virginia Ku Klux Klan member who burned a cross on private land. The court allowed for criminal penalties so long as the government could show that the act was “intended to intimidate” others. It was a distinction without meaning, since the state can simply cite the intimidating history of that symbol.

Other Western nations routinely bar forms of speech considered hateful. Britain prohibits any “abusive or insulting words” meant “to stir up racial hatred.” Canada outlaws “any writing, sign or visible representation” that “incites hatred against any identifiable group.” These laws ban speech based not only on its content but on the reaction of others. Speakers are often called to answer for their divisive or insulting speech before bodies like the Canadian Human Rights Tribunal.

This month, a Canadian court ruled that Marc Lemire, the webmaster of a far-right political site, could be punished for allowing third parties to leave insulting comments about homosexuals and blacks on the site. Echoing the logic behind blasphemy laws, Federal Court Justice Richard Mosley ruled that “the minimal harm caused . . . to freedom of expression is far outweighed by the benefit it provides to vulnerable groups and to the promotion of equality.”

Speech is discriminatory

Perhaps the most rapidly expanding limitation on speech is found in anti-discrimination laws. Many Western countries have extended such laws to public statements deemed insulting or derogatory to any group, race or gender.

For example, in a closely watched case last year, a French court found fashion designer John Galliano guilty of making discriminatory comments in a Paris bar, where he got into a cursing match with a couple using sexist and anti-Semitic terms. Judge Anne-Marie Sauteraud read a list of the bad words Galliano had used, adding that she found (rather implausibly) he had said “dirty whore” at least 1,000 times. Though he faced up to six months in jail, he was fined.

In Canada, comedian Guy Earle was charged with violating the human rights of a lesbian couple after he got into a trash-talking session with a group of women during an open-mike night at a nightclub. Lorna Pardysaid she suffered post-traumatic stress because of Earle’s profane language and derogatory terms for lesbians. The British Columbia Human Rights Tribunal ruled last year that since this was a matter of discrimination, free speech was not a defense, and awarded about $23,000 to the couple.

Ironically, while some religious organizations are pushing blasphemy laws, religious individuals are increasingly targeted under anti-discrimination laws for their criticism of homosexuals and other groups. In 2008, a minister in Canada was not only forced to pay fines for uttering anti-gay sentiments but was also enjoined from expressing such views in the future.

Speech is deceitful

In the United States, where speech is given the most protection among Western countries, there has been a recent effort to carve out a potentially large category to which the First Amendment would not apply. While we have always prosecuted people who lie to achieve financial or other benefits, some argue that the government can outlaw any lie, regardless of whether the liar secured any economic gain.

One such law was the Stolen Valor Act, signed by President George W. Bush in 2006, which made it a crime for people to lie about receiving military honors. The Supreme Court struck it down this year, but at least two liberal justices, Stephen Breyer and Elena Kagan, proposed that such laws should have less of a burden to be upheld as constitutional. The House responded with new legislation that would criminalize lies told with the intent to obtain any undefined “tangible benefit.”

The dangers are obvious. Government officials have long labeled whistleblowers, reporters and critics as “liars” who distort their actions or words. If the government can define what is a lie, it can define what is the truth.

For example, in Februarythe French Supreme Court declared unconstitutional a law that made it a crime to deny the 1915 Armenian genocide by Turkey — a characterization that Turkey steadfastly rejects. Despite the ruling, various French leaders pledged to pass new measures punishing those who deny the Armenians’ historical claims.

The impact of government limits on speech has been magnified by even greater forms of private censorship. For example, most news organizations have stopped showing images of Muhammad, though they seem to have no misgivings about caricatures of other religious figures. The most extreme such example was supplied by Yale University Press, which in 2009 published a book about the Danish cartoons titled “The Cartoons That Shook the World” — but cut all of the cartoons so as not to insult anyone.

The very right that laid the foundation for Western civilization is increasingly viewed as a nuisance, if not a threat. Whether speech is deemed imflammatory or hateful or discriminatory or simply false, society is denying speech rights in the name of tolerance, enforcing mutual respect through categorical censorship.

As in a troubled marriage, the West seems to be falling out of love with free speech. Unable to divorce ourselves from this defining right, we take refuge instead in an awkward and forced silence.
http://www.washingtonpost.com/opinio...14a_print.html





The Long Reach Of US Extradition
Kellie Tranter

Should foreign governments give up their nationals to the US to 'face justice' over minor crimes committed outside US borders? What about in civil matters, like copyright infringement? Kellie Tranter on America's thirst for extradition

He was hailed as "incredibly brave" to stand up to the United States, but British computer hacker Gary McKinnon only narrowly avoided being extradited there. He had already been indicted by a US federal grand jury in Virginia in November 2002. UK home secretary Theresa May halted his extradition because of medical reports warning that McKinnon would kill himself were he to stand trial in the United States.

The US state department was disappointed with the decision not to extradite McKinnon for "long overdue justice". His case highlights unanswered questions about political extradition cases more generally. In 2007 former NSW Chief Judge in Equity, Justice Peter Young, highlighted in the Australian Law Journal "the bizarre fact that people are being extradited to the US to face criminal charges when they have never been to the US and the alleged act occurred wholly outside the US".

Justice Young’s comments were raised in the context of the case of Hew Griffiths, an Australian who was the first person in the world to be extradited and criminally prosecuted in the United States for copyright infringement. Griffiths had been involved with the group Drink or Die, which decoded copy-protected software and media products and distributed them free of cost. He was indicted by the now infamous US District Court in Alexandria, Virginia for copyright infringement and conspiracy to infringe copyright under the US Code.

Griffiths was clinically depressed, unemployed, had never made money from his activities, had no prior convictions, and was incarcerated in Silverwater and Parklea for three years, because there is no presumption of bail in extradition cases. British-based members of Drink or Die were tried in Britain, just as Griffiths could have been charged, and tried, in an Australian court.

Justice Young pointed out at the time that:

"…although International copyright violations are a great problem… there is also the consideration that a country must protect its nationals from being removed from their homeland to a foreign country merely because the commercial interests of that foreign country are claimed to have been affected by the person’s behaviour in Australia and the foreign country can exercise influence over Australia.. Assuming this decision is correct, should not the Commonwealth Parliament do more to protect Australians from this procedure?"

The Howard government was widely criticised at the time for forsaking Hew Griffiths. Australia’s negotiations for a free trade agreement with the United States were then underway. They covered cooperation on intellectual property issues and theoretically enhanced the risk of Australian citizens being extradited and prosecuted in the United States for copyright infringement carried out here. But the focus was on harmonising copyright laws and there was nothing specifically providing for the extradition of nationals from one country to the other.

Justice Young’s surprise remains well founded. There appears to be a trend to use extradition laws in US copyright and intellectual property cases. If copyright and/or intellectual property laws are not enforced they are worth nothing. Some may argue that global enforcement of IP rights is a new form of economic imperialism, with the long arm of the Government using criminal enforcement powers to enforce commercial interests at the behest of corporations and their lobbyists. It’s about power.

The 2010 US Joint Strategic Plan (pdf) on Intellectual Property Enforcement describes the use of foreign based and foreign controlled websites and web services to infringe American intellectual property rights as a growing problem that undermines America’s national security, particularly national economic security, and vowed to increase international collaborative efforts through international organisations, such as the World Intellectual Property Organisation, the World Trade Organisation, the World Customs Organisation, the World Health Organisation, the Group of Twenty Finance Ministers and Central Bank Governors, INTERPOL (used by some to pursue political dissenters), Asia Pacific Economic Cooperation and the Organisation for Economic Co-operation and Development.

Add to that the possible ratification of the Anti-Counterfeiting Trade Agreement (ACTA), criticised by Australia’s Joint Standing Committee on Treaties because of the ambiguity of its language, the disproportionality of criminal offences for copyright infringement and the need for independent economic analysis of the anticipated costs and benefits to Australia.

And to cap it off there’s Australia’s participation in negotiations for the secretive, multi-national Trans Pacific Partnership Agreement which contains an intellectual property chapter. Members of the press are barred from attending the sessions but 600 corporations are directly participating.

In March this year Australia’s lead negotiator, Hamish McCormick, reportedly declined to give assurances that participants will not agree to anything that undermines Australian law.

All of these developments fit the international trend towards the enactment of harmonised laws that give multinational protection to commercial interests to the detriment of national sovereignty.

And is it any coincidence that the international IP protective matrix is being constructed in tandem with a co-ordinated international move towards increased social media monitoring and data gathering, and hugely expanded data retention and analysis capabilities? According to the Electronic Frontier Foundation, unnamed parties are even seeking to broaden the uses of European Union Data Retention Directive to include prosecution of copyright infringement.

As recently amended, Australia’s extradition laws enable a person to be extradited for minor offences (punishable by less than 12 months imprisonment); any offence proscribed by Australian regulations are among those that will no longer be considered political, and extradition is not precluded if the person faces cruel, inhuman or degrading treatment or punishment that is not severe enough to amount to torture. The level of proof required for US extradition isn’t high: "evidence sufficient to cause a person of ordinary prudence and caution to conscientiously entertain a reasonable belief of the accused’s guilt".

Justice Young’s comments reflected concerns about basic conceptions of laws and individual liberty. The game has changed, and is changing, for the worse. What is to become of kids who blithely ignore intellectual property rights online? What is to become of individuals who engage in non-violent political protest on the internet? How many of us really consider the potential risks of our online activities? Will our Attorney-General use the discretion she has to stop extradition of an Australian citizen? Into what other areas will extraditable offences stretch merely to protect commercial interests reframed as "national economic security"?
http://newmatilda.com/2012/10/19/lon...us-extradition





Reid Vows Fresh Effort to Pass Stalled Cybersecurity Bill in November
Ben Geman

Senate Majority Leader Harry Reid (D-Nev.) said he will try and revive stalled cybersecurity legislation on the heels of Defense Secretary Leon Panetta’s warning that the U.S. is at risk of a devastating cyber-attack.

Panetta, in a speech Thursday, said the country could face a “cyber Pearl Harbor,” with attacks targeting the power grid, trains carrying chemicals, water plants and other critical systems.

Reid, in a statement Saturday, said that when Congress returns in November he will bring back legislation that stalled in August. “My colleagues who profess to understand the urgency of the threat will have one more chance to back their words with action, and work with us to pass this bill,” Reid said.


A bipartisan cybersecurity bill failed to secure the needed 60 votes to advance in early August, an impasse fueled by GOP concerns that the bill would require too much from businesses.

The failed Senate bill would have empowered the Department of Homeland Security (DHS) to set minimum, voluntary cybersecurity standards for operators of critical infrastructure, such as gas pipelines, electric grids and banks.

The measure would have also encouraged the government and the private sector to share information about cyberthreats.

While renewing the legislative push, Reid also defended White House plans to beef up cybersecurity with an executive order, which has drawn concerns from a number of Republicans. Reid noted that “Secretary Panetta has made clear that inaction is not an option.

“Cybersecurity is an issue that should be handled by Congress, but with Republicans engaging in Tea Party-motivated obstruction, I believe that President Obama is right to examine all means at his disposal for confronting this urgent national security threat,” Reid said.

A group of House and Senate Republicans, including House Energy and Commerce Committee Chairman Fred Upton (R-Mich.), offered a number of criticisms of the planned executive order in a letter to President Obama Thursday.

The White House has drafted an executive order aimed at protecting critical infrastructure systems from cyber-attacks amid congressional gridlock on cybersecurity legislation. The draft order would establish a voluntary program in which companies that operate critical infrastructure would take steps to better secure their computer systems and meet a set of security standards crafted, in part, by DHS.

The GOP members' letter calls this "the wrong approach," adding that it would create "a top-down, one-size-fits-all bureaucracy to address cybersecurity" that will slow down the nation's response time to a cyber-attack and add more costs to the economy.

They also voiced skepticism about DHS's ability to manage these cybersecurity efforts.

Panetta issued stark warnings in his speech in New York before the group Business Executives for National Security.

“The most destructive scenarios involve cyber actors launching several attacks on our critical infrastructure at one time, in combination with a physical attack on our country. Attackers could also seek to disable or degrade critical military systems and communication networks,” he said, according to a Department of Defense transcript.

“The collective result of these kinds of attacks could be a cyber Pearl Harbor; an attack that would cause physical destruction and the loss of life. In fact, it would paralyze and shock the nation and create a new, profound sense of vulnerability,” said Panetta, who called for action on the bill sponsored by Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine).
http://thehill.com/blogs/hillicon-va...rsecurity-bill





Draft White House Order Seeks to Stop Cyberattacks by Sharing Threat Details with Companies
Richard Lardner

A new White House executive order would direct U.S. spy agencies to share the latest intelligence about cyberthreats with companies operating electric grids, water plants, railroads and other vital industries to help protect them from electronic attacks, according to a copy obtained by The Associated Press.

The seven-page draft order, which is being finalized, takes shape as the Obama administration expresses growing concern that Iran could be the first country to use cyberterrorism against the United States. The military is ready to retaliate if the U.S. is hit by cyberweapons, Defense Secretary Leon Panetta said. But the U.S. also is poorly prepared to prevent such an attack, which could damage or knock out critical services that are part of everyday life.

The White House declined to say when the president will sign the order.

The draft order would put the Department of Homeland Security in charge of organizing an information-sharing network that rapidly distributes sanitized summaries of top-secret intelligence reports about known cyberthreats that identify a specific target. With these warnings, known as tear lines, the owners and operators of essential U.S. businesses would be better able to block potential attackers from gaining access to their computer systems.

An organized, broad-based approach for sharing cyberthreat information gathered by the government is widely viewed as essential for any plan to protect U.S. computer networks from foreign nations, terrorist groups and hackers. Existing efforts to exchange information are narrowly focused on specific industries, such as the finance sector, and have had varying degrees of success.

Yet the order has generated stiff opposition from Republicans on Capitol Hill who view it as a unilateral move that bypasses the legislative authority held by Congress.

Administration officials said the order became necessary after Congress failed this summer to pass cybersecurity legislation, leaving critical infrastructure companies vulnerable to a serious and growing threat. Conflicting bills passed separately by the House and Senate included information-sharing provisions. But efforts to get a final measure through both chambers collapsed over the GOP's concerns that the Senate bill would expand the federal government's regulatory power and increase costs for businesses.

The White House has acknowledged that an order from the president, while legally binding, is not enough. Legislation is needed to make other changes to improve the country's digital defenses. An executive order, for example, cannot offer a company protection from liabilities that might result from a cyberattack on its systems.

The addition of the information-sharing provisions is the most significant change to an earlier draft of the order completed in late August. The new draft, which is not dated, retains a section that requires Homeland Security to identify the vital systems that, if hit by cyberattack, could "reasonably result in a debilitating impact" on national and economic security. Other sections establish a program to encourage companies to adopt voluntary security standards and direct federal agencies to determine whether existing cyber security regulations are adequate.

The draft order directs the department to work with the Pentagon, the National Security Agency, the director of national intelligence and the Justice Department to quickly establish the information-sharing mechanism. Selected employees at critical infrastructure companies would receive security clearances allowing them to receive the information, according to the document. Federal agencies would be required to assess whether the order raises any privacy or civil liberties risks.

To foster a two-way exchange of information, the government would ask businesses to tell the government about cyberthreats or cyberattacks. There would be no requirement to do so.

The NSA has been sharing cyberthreat information on a limited basis with companies that conduct business with the Defense Department. These companies work with sensitive data about weapon systems and technologies and are frequently the targets of cyberspying.

But the loss of valuable information has been eclipsed by fears that an enemy with the proper know-how could cause havoc by sending the computers controlling critical infrastructure systems incorrect commands or infecting them with malicious software. Potential nightmare scenarios include high-speed trains being put on collision courses, blackouts that last days or perhaps even weeks or chemical plants that inadvertently release deadly gases.

Panetta underscored the looming dangers during a speech last week in New York by pointing to the Shamoon virus that destroyed thousands of computer systems owned by Persian Gulf oil and gas companies. Shamoon, which spreads quickly through networked computers and ultimately wipes out files by overwriting them, hit the Saudi Arabian state oil company Aramco and Qatari natural gas producer RasGas.

Panetta did not directly connect Iran to the Aramco and RasGas attacks. But U.S. officials believe hackers based in Iran were behind them.

Shamoon replaced files at Aramco with the image of a burning U.S. flag and rendered more than 30,000 computers useless, Panetta said. The attack on RasGas was similar, he said.

A spokeswoman for the National Security Council, Caitlin Hayden, said the administration is consulting with members of Congress and the private sector as the order is being drafted. But she provided no information on when an order would be signed. "Given the gravity of the threats we face in cyberspace, we want to get this right in addition to getting it done swiftly," she said.
http://www.greenfieldreporter.com/vi...security-Order





British Hacker Spared Extradition to U.S

A British computer hacker accused by the United States of breaking into military systems will be spared from extradition because he is at risk of committing suicide, interior minister Theresa May said on Tuesday.

Gary McKinnon, who has been fighting extradition for seven years, faced up to 60 years in an American jail if found guilty of what one U.S. prosecutor called the "biggest military computer hack of all time".

"I have concluded that Mr. McKinnon's extradition would give rise to such a high risk of him ending his life that a decision to extradite would be incompatible with Mr. McKinnon's human rights," May told parliament

"I have therefore withdrawn the extradition order against Mr. McKinnon."

McKinnon, 46, admits hacking into Pentagon and NASA computers under the pseudonym "Solo" but said he was just looking for suppressed evidence of UFOs.

U.S. officials say the former computer systems administrator accessed 97 military and NASA computers between 2001 and 2002, disabling key naval systems and causing more than $700,000 of damage.

He suffers from Asperger's Syndrome, a form of autism, and has been fighting extradition since British police arrested him in 2005.

May said she had taken her decision not to extradite him after studying medical reports and taking "extensive" legal advice.

"Mr. McKinnon is accused of serious crimes, but there is also no doubt that he is seriously ill," she said.

It would now be up to British prosecutors to decide whether McKinnon had any case to answer in a court in Britain, May added.

(Reporting by Tim Castle; editing by Steve Addison)
http://www.reuters.com/article/2012/...89F0MZ20121016





Hacked Terminals Capable of Causing Pacemaker Deaths
Darren Pauli

IOActive researcher Barnaby Jack has reverse-engineered a pacemaker transmitter to make it possible to deliver deadly electric shocks to pacemakers within 30 feet and rewrite their firmware.

The effect of the wireless attacks could not be overstated — in a speech at the BreakPoint security conference in Melbourne today, Jack said such attacks were tantamount to “anonymous assassination”, and in a realistic but worse-case scenario, “mass murder”.

In a video demonstration, which Jack declined to release publicly because it may reveal the name of the manufacturer, he issued a series of 830 volt shocks to the pacemaker using a laptop.

The pacemakers contained a “secret function” which could be used to activate all pacemakers and implantable cardioverter-defibrillators (ICDs) in a 30 foot -plus vicinity.

Each device would return model and serial numbers.

“With that information, we have enough information to authenticate with any device in range,” Jack said.

In reverse-engineering the terminals – which communicate with the pacemakers – he discovered no obfuscation efforts and even found usernames and passwords for what appeared to be the manufacturer’s development server.

That data could be used to load rogue firmware which could spread between pacemakers with the “potential to commit mass murder”.

“The worst case scenario that I can think of, which is 100 percent possible with these devices, would be to load a compromised firmware update onto a programmer and … the compromised programmer would then infect the next pacemaker or ICD and then each would subsequently infect all others in range,” Jack said.

He was developing a graphical adminstration platform dubbed “Electric Feel” which could scan for medical devices in range and with no more than a right-click, could enable shocking of the device, and reading and writing firmware and patient data.

“With a max voltage of 830 volts, it's not hard to see why this is a fairly deadly feature. Not only could you induce cardiac arrest, but you could continually recharge the device and deliver shocks on loop," he said.

Jack said his goal was not to cause harm, but to help manufacturers secure their devices.

“Sometimes you have to demonstrate the darker side," he said.
http://www.scmagazine.com.au/News/31...ss-murder.aspx





Computer Viruses Are "Rampant" on Medical Devices in Hospitals

A meeting of government officials reveals that medical equipment is becoming riddled with malware.
David Talbot

Computerized hospital equipment is increasingly vulnerable to malware infections, according to participants in a recent government panel. These infections can clog patient-monitoring equipment and other software systems, at times rendering the devices temporarily inoperable.

While no injuries have been reported, the malware problem at hospitals is clearly rising nationwide, says Kevin Fu, a leading expert on medical-device security and a computer scientist at the University of Michigan and the University of Massachusetts, Amherst, who took part in the panel discussion.

Software-controlled medical equipment has become increasingly interconnected in recent years, and many systems run on variants of Windows, a common target for hackers elsewhere. The devices are usually connected to an internal network that is itself connected to the Internet, and they are also vulnerable to infections from laptops or other device brought into hospitals. The problem is exacerbated by the fact that manufacturers often will not allow their equipment to be modified, even to add security features.

In a typical example, at Beth Israel Deaconess Medical Center in Boston, 664 pieces of medical equipment are running on older Windows operating systems that manufactures will not modify or allow the hospital to change—even to add antivirus software—because of disagreements over whether modifications could run afoul of U.S. Food and Drug Administration regulatory reviews, Fu says.

As a result, these computers are frequently infected with malware, and one or two have to be taken offline each week for cleaning, says Mark Olson, chief information security officer at Beth Israel.

"I find this mind-boggling," Fu says. "Conventional malware is rampant in hospitals because of medical devices using unpatched operating systems. There's little recourse for hospitals when a manufacturer refuses to allow OS updates or security patches."

The worries over possible consequences for patients were described last Thursday at a meeting of a medical-device panel at the National Institute of Standards and Technology Information Security & Privacy Advisory Board, of which Fu is a member, in Washington, D.C. At the meeting, Olson described how malware at one point slowed down fetal monitors used on women with high-risk pregnancies being treated in intensive-care wards.

"It's not unusual for those devices, for reasons we don't fully understand, to become compromised to the point where they can't record and track the data," Olson said during the meeting, referring to high-risk pregnancy monitors. "Fortunately, we have a fallback model because they are high-risk [patients]. They are in an IC unit—there's someone physically there to watch. But if they are stepping away to another patient, there is a window of time for things to go in the wrong direction."

The computer systems at fault in the monitors were replaced several months ago by the manufacturer, Philips; the new systems, based on Windows XP, have better protections and the problem has been solved, Olson said in a subsequent interview.

At the meeting, Olson also said similar problems threatened a wide variety of devices, ranging from compounders, which prepare intravenous drugs and intravenous nutrition, to picture-archiving systems associated with diagnostic equipment, including massive $500,000 magnetic resonance imaging devices.

Olson told the panel that infections have stricken many kinds of equipment, raising fears that someday a patient could be harmed. "We also worry about situations where blood gas analyzers, compounders, radiology equipment, nuclear-medical delivery systems, could become compromised to where they can't be used, or they become compromised to the point where their values are adjusted without the software knowing," he said. He explained that when a machine becomes clogged with malware, it could in theory "miss a couple of readings off of a sensor [and] erroneously report a value, which now can cause harm."

Often the malware is associated with botnets, Olson said, and once it lodges inside a computer, it attempts to contact command-and-control servers for instructions. Botnets, or collections of compromised computers, commonly send spam but can also wage attacks on other computer systems or do other tasks assigned by the organizations that control them (see "Moore's Outlaws").

In September, the Government Accountability Office issued a report warning that computerized medical devices could be vulnerable to hacking, posing a safety threat, and asked the FDA to address the issue. The GAO report focused mostly on the threat to two kinds of wireless implanted devices: implanted defibrillators and insulin pumps. The vulnerability of these devices has received widespread press attention (see "Personal Security" and "Keeping Pacemakers Safe from Hackers"), but no actual attacks on them have been reported.

Fu, who is a leader in researching the risks described in the GAO report, said those two classes of device are "a drop in the bucket": thousands of other network-connected devices used for patient care are also vulnerable to infection. "These are life-saving devices. Patients are overwhelmingly safer with them than without them. But cracks are showing," he said. (Fu was Technology Review's Innovator of the Year in 2009.)

Malware problems on hospital devices are rarely reported to state or federal regulators, both Olson and Fu said. This is partly because hospitals believe they have little recourse. Despite FDA guidance issued in 2009 to hospitals and manufacturers—encouraging them to work together and stressing that eliminating security risks does not always require regulatory review—many manufacturers interpret the fine print in other ways and don't offer updates, Fu says. And such reporting is not required unless a patient is harmed. "Maybe that's a failing on our part, that we aren't trying to raise the visibility of the threat," Olson said. "But I think we all feel the threat gets higher and higher."

Speaking at the meeting, Brian Fitzgerald, an FDA deputy director, said that in visiting hospitals around the nation, he has found Beth Israel's problems to be widely shared. "This is a very common profile," he said. The FDA is now reviewing its regulatory stance on software, Fitzgerald told the panel. "This will have to be a gradual process, because it involves changing the culture, changing the technology, bringing in new staff, and making a systematic approach to this," he said.

In an interview Monday, Tam Woodrum, a software executive at the device maker GE Healthcare, said manufacturers are in a tough spot, and the problems are amplified as hospitals expect more and more interconnectedness. He added that despite the FDA's 2009 guidance, regulations make system changes difficult to accomplish: "In order to go back and update the OS, with updated software to run on the next version, it's an onerous regulatory process."

Olson said that in his experience, GE Healthcare does offer software patches and guidance on keeping devices secure, but that not all manufacturers have the same posture. He added that the least-protected devices have been placed behind firewalls. But to do that with all a hospital's software-controlled equipment would require more than 200 firewalls—an unworkable prospect, he said.

John Halamka, Beth Israel's CIO and a Harvard Medical School professor, said he began asking manufacturers for help in isolating their devices from the networks after trouble arose in 2009: the Conficker worm caused problems with a Philips obstetrical care workstation, a GE radiology workstation, and nuclear medical applications that "could not be patched due to [regulatory] restrictions." He said, "No one was harmed, but we had to shut down the systems, clean them, and then isolate them from the Internet/local network."

He added: "Many CTOs are not aware of how to protect their own products with restrictive firewalls. All said they are working to improve security but have not yet produced the necessary enhancements."

Fu says that medical devices need to stop using insecure, unsupported operating systems. "More hospitals and manufacturers need to speak up about the importance of medical-device security," he said after the meeting. "Executives at a few leading manufacturers are beginning to commit engineering resources to get security right, but there are thousands of software-based medical devices out there."
http://www.technologyreview.com/news...dical-devices/





Hackers Exploit 'Zero-Day' Bugs For 10 Months On Average Before They're Exposed
Andy Greenberg

Software vendors are constantly on the watch for so-called “zero day” vulnerabilities–flaws in their code that hackers find and exploit before the first day companies become aware of them. But the term “zero-day” doesn’t capture just how early hackers’ head-starts often are: Day zero, it seems, often lasts more than 300 days.

That’s one of the findings of a broad study of hackers’ zero-day exploits by two researchers at the antivirus firm Symantec that they plan to present at the Association for Computing Machinery’s Computer and Communications Security conference in Raleigh, North Carolina this week. Leyla Bilge and Tudor Dumitra used data collected from 11 million PCs running Symantec’s antivirus software to correlate a catalogue of zero-day attacks with malware found on those machines. Using that retrospective analysis, they found 18 attacks that represented zero-day exploits between February 2008 and March of 2010, only seven of which were previously known to have been exploited prior to their public discovery. And most disturbingly, they found that those attacks continued 312 days on average–up to 2.5 years in some cases–before the security community became aware of them.

“In fact, 60% of the zero-day vulnerabilities we identify in our study were not known before, which suggests that there are many more zero-day attacks than previously thought—perhaps more than twice as many,” the researchers write. And they add that their estimate for the average time to discovery of those vulnerabilities may be conservative, too. “While the average duration is approximately 10 months, the fact that all but one of the vulnerabilities disclosed after 2010 remained unknown for more than 16 months suggests that we may be underestimating the duration of zero-day attacks.”

One aspect of zero-day exploits use that’s made them tough to track and count has been how closely targeted they are. Unlike the mass malware infections that typically infect many thousands of machines using known vulnerabilties, the majority of the exploits in Symantec’s study only affected a handful of machines–All but four of the exploits infected less than 100 targets, and four were found on only one computer.

That careful use of zero-day exploits, often reserved for stealthy espionage tactics rather than credit-card harvesting or other for-profit crime, reflects their price. As I reported earlier this year based on conversations with brokers of zero-day exploit code, a single zero-day exploit can cost as much as $250,000, and the fees are often paid in installments based on the vulnerability remaining secret and unpatched.

Unsurprisingly, the study shows that hackers target common software like Microsoft Word, Flash and Adobe Reader. Sixteen of the 18 zero-day exploits discovered and analyzed in the study affected Microsoft and Adobe software.

Symantec's study shows that hackers grab onto new exploits, using them hundreds or thousands of times more often, around the time of their revelation to the public.

Once a certain vulnerability does come to public light, Symantec’s study shows that hackers quickly pile on to exploit the flaw before it can be fixed by the software’s vendor. In some cases tracked by Symantec, a single exploit jumped from a handful of cases to tens of thousands within days of a bug’s disclosure.

Those findings lend some numbers to an issue that’s been a subject of fiery debate in the security community: Whether security researchers should expose vulnerabilities they find to the public or report them privately to the company whose software is affected. Broadcasting bugs to the public, a strategy researchers have labelled “full disclosure,” leads to that spike in attacks before users have access to secure software, as Symantec’s study shows. But in other cases, researchers argue that companies don’t have an incentive to patch bugs reported to them until their users are at risk of being widely attacked. In August, for instance, Oracle waited until thousands of users had been attacked via a bug in its Java program before patching it, despite the fact that Polish researchers had reported the flaw to Oracle four months earlier.

One clear conclusion of Symantec’s study, regardless of that full-disclosure debate, is the value of the benevolent hackers who find and report bugs in software before they’re exploited. Without someone to dig them up and demand they be fixed, those hackable flaws are far more common, and remain secret far longer, than anyone may have realized.
http://www.forbes.com/sites/andygree...-theyre-fixed/





Threats and Technology from Iran
Patrick Thibodeau

Everyone in tech goes to trade shows and conferences, if only to mingle. Iran has them as well, and the country just wrapped up its security trade show.

This show drew users who appeared to have serious buying power. You can tell this from their uniform insignias.

Local notables attended as well. Among them, Iran’s police chief, Brig. Gen. Esmail Ahmadi-Moqadam. He talked about Stuxnet and how the U.S. can expect retaliation, according to translated remarks on Iran’s PressTV.

“Now it’s all about cyber-attacks, which only shows their desperation but Iran is doing just fine with cyber defense. It’s true that the U.S. made Stuxnet virus did some damage to our facilities but we were able to get them all up and running in no time. However, those who attack should expect retaliation and we haven’t gone there just yet.”

Iran has been getting blame recently for some attacks on financial services firms.

In a recent speech, Defense Secretary Leon Panetta said “a cyber-attack perpetrated by nation states are violent extremists groups could be as destructive as the terrorist attack on 9/11. Such a destructive cyber-terrorist attack could virtually paralyze the nation. “

Panetta also said that Iran “has also undertaken a concerted effort to use cyberspace to its advantage.”

The video shows mostly physical security devices. Iranian press reports also said the products on display included, “a supercomputer for security assessment,” called Ara, and ‘Raya,’ and described as “the first domestic safe tablet.”

I've been following Iran's supercomputer developments for a number of years, and the reference to "Ara" is what drew me to this conference. But there's very little information about the latest high performance computing developments, and the video is focused on physical security devices. Nontheless, this video shows scenes that seem familiar and unfamiliar.
http://blogs.computerworld.com/cyber...echnology-iran





Verizon Draws Fire for Monitoring App Usage, Browsing Habits

"We're able to view just everything that they do," Verizon Wireless exec has boasted. Privacy groups say initiative -- including linking databases showing whether customers own pets -- may violate wiretap law.
Declan McCullagh

Verizon Wireless has begun selling information about its customers' geographical locations, app usage, and Web browsing activities, a move that raises privacy questions and could brush up against federal wiretapping law.

The company this month began offering reports to marketers showing what Verizon subscribers are doing on their phones and other mobile devices, including what iOS and Android apps are in use in which locations. Verizon says it may link the data to third-party databases with information about customers' gender, age, and even details such as "sports enthusiast, frequent diner or pet owner."

"We're able to view just everything that they do," Bill Diggins, U.S. chief for the Verizon Wireless marketing initiative, told an industry conference earlier this year. "And that's really where data is going today. Data is the new oil."

Verizon Wireless says that its initiative, called Precision Market Insights, is legal because the information is aggregated and doesn't reveal customers' identities. Also, the company says, its customers can opt out at any time.

But hyper-detailed monitoring of customers' activity looks a lot like the deep packet inspection techniques that landed NebuAd in hot water -- including a congressional investigation -- four years ago. NebuAd's chief executive, Robert Dykes, claimed he had created "anonymous profiles that cannot be hacked or reverse-engineered," but the controversy led to the company's demise.

Hanni Fakhoury, a staff attorney at the Electronic Frontier Foundation in San Francisco, said a wireless carrier that discloses information about which URLs a customer visits could run afoul of the Wiretap Act. In general, the law says, carriers may not "divulge the contents of any communication."

"I don't see any substantive difference between collecting content from one person and turning it over to someone, and collecting it from multiple people, aggregating that information and then turning the aggregated data over to someone else," Fakhoury says. "In the end, there is still a capturing of content from the user at some point -- and that's what the potential (Wiretap Act) problem is."

Paul Ohm, a professor at the University of Colorado Law School currently working at the Federal Trade Commission, concluded in a law review article that federal privacy law "likely forbids many invasive forms of ISP monitoring."

In a video that was posted of the industry event sponsored by PricewaterhouseCoopers in Los Angeles, Verizon's Diggins touted the carrier's extensive monitoring abilities: "We're able to analyze what people are viewing on their handsets. If you're at an MLB game, we can tell if you're viewing ESPN, we can tell if you're viewing MLB, we can tell what social networking sites you're activating, if you're sending out mobile usage content that's user-generated on video."

Verizon Wireless declined to answer questions that CNET posed last week about how its technology works, but it did provide this statement:

Verizon is committed to customer privacy and takes the issue seriously. The Precision program complies with the law and protects the privacy of our customers. The reports available through the program will not disclose the content of specific customer communications because each report will contain aggregate data from a large number of customers to protect privacy. Customers who do not want their data used as part of the program can opt-out at any time.

"Deep" vs. "shallow" packet inspection

It's true, of course, that any company selling Internet connectivity needs to know the destination of packets so it can route them properly, a practice sometimes referred to as shallow packet inspection.

But monitoring which mobile apps customers are using and which URLs are visited typically means engaging in deep packet inspection, which is controversial because it's more intrusive.

Verizon Wireless' marketing literature acknowledges that it sells "mobile-usage data that offers insights on the mobile-device habits of an audience, including URL visits, app downloads and usage." (Not all carriers do: Google guarantees that its proof-of-concept Google Fiber project "will not engage in deep packet inspection" except when necessary to fend off network attacks.)

Ryan Radia, associate director of technology studies at the Competitive Enterprise Institute think tank, agrees with the EFF's Fakhoury that disclosing aggregated URLs visited can be legally risky. "If Verizon Wireless discloses the URLs you've accessed without your consent, it has violated (the Wiretap Act) -- even if Verizon Wireless doesn't disclose any other identifying information," Radia said.

But, Radia argues, Verizon has obtained consent for its Precision Market Insights program by updating its privacy policy and allowing customers to opt out. That's sufficient to satisfy the Wiretap Act by putting the company's subscribers on notice, he says, and notes that a lawsuit that arose out of NebuAd's monitoring was dismissed last year.

The 2003 In Re Pharmatrak decision from the U.S. Court of Appeals for the 1st Circuit offers a glimpse of how judges view whether customers truly consented. The court ruled in a case involving Web tracking "that it makes more sense to place the burden of showing consent on the party seeking the benefit of the exception." The judges approvingly cited a second case, which said "consent can only be implied when the surrounding circumstances convincingly show that the party knew about and consented to the interception."

In addition, a Florida appeals court has ruled that a state law closely resembling the Wiretap Act is violated when information about "websites visited by the user" is intercepted without consent. Wiretap Act violations can be punished by damages of $100 per victim per day or $10,000 per victim, whichever is greater.

Verizon's Diggins said the carrier had created "a very sophisticated system" so advanced it can predict what customers will want: "We're able to identify what that customer likes not by filling out a form, but by analyzing what they do on a day-to-day basis. We're able to serve them products that we know they like because we've seen that they've gone through and downloaded products like it." One potential customer for the Precision program, he said, is a sports arena that wants to know more about who's attending a game.

There is an irony here: as the online advertising market is shifting toward behavioral targeting, sometimes called interest-based ads, companies like Facebook, Yahoo, Google, and Microsoft are able to compile detailed profiles on their users. But because of legal twists -- and, perhaps, an old-fashioned cultural norm skeptical of the telephone company listening in on calls -- broadband and wireless providers are being left behind.

However, ads make Facebook and Google free to use. Says Christopher Soghoian, principal technologist with the ACLU's Speech, Privacy and Technology Project: "When you pay a company $80 a month, they have no business monetizing the data they're collecting."
http://news.cnet.com/8301-13578_3-57...owsing-habits/





New "Surveillance-Proof" App To Secure Communications Has Governments Nervous

Silent Circle promises to make encryption easy for everyone.
Ryan Gallagher

Lately, Mike Janke has been getting what he calls the “hairy eyeball” from international government agencies. The 44-year-old former Navy SEAL commando, together with two of the world’s most renowned cryptographers, was always bound to ruffle some high-level feathers with his new project—a surveillance-resistant communications platform that makes complex encryption so simple your grandma can use it.

This week, after more than two years of preparation, the finished product has hit the market. Named Silent Circle, it is in essence a series of applications that can be used on a mobile device to encrypt communications—text messages, plus voice and video calls. Currently, apps for the iPhone and iPad are available, with versions for Windows, Galaxy, Nexus, and Android in the works. An email service is also soon scheduled to launch.

The encryption is peer to peer, which means that Silent Circle doesn’t centrally hold a key that can be used to decrypt people’s messages or phone calls. Each phone generates a unique key every time a call is made, then deletes it straight after the call finishes. When sending text messages or images, there is even a “burn” function, which allows you to set a time limit on anything you send to another Silent Circle user—a bit like how “this tape will self destruct” goes down in Mission: Impossible, but without the smoke or fire.

Silent Circle began as an idea Janke had after spending 12 years working for the U.S. military and later as a security contractor. When traveling overseas, he realized that there was no easy-to-use, trustworthy encrypted communications provider available to keep in touch with family back home. Cellphone calls, text messages, and emails sent over the likes of Hotmail and Gmail can just be “pulled right out of the air,” according to Janke, and he didn’t think the few commercial services offering encryption—like Skype and Hushmail—were secure enough. He was also made uneasy by reports about increased government snooping on communications. “It offended what I thought were my God-given rights—to be able to have a free conversation,” Janke says. “And so I began on this quest to find something to solve it.”

Janke assembled what he calls an “all-star team”: Phil Zimmerman, a recent inductee to the Internet’s Hall of Fame, who in 1991 invented PGP encryption, still considered the standard for email security. Jon Callas, the man behind Apple’s whole-disk encryption (which is used to secure hard drives in Macs across the world), became Silent Circle’s chief technology officer. Other employees were top engineers and ex-special-forces communications experts based in England, Latvia, and Germany. Together, they designed their own software, created a new encryption protocol called SCimp, registered their company offshore and outside U.S. jurisdiction, then built up their own network in Canada. (They eventually plan to expand to Switzerland and Hong Kong.)

Though many encryption options already exist, they are often difficult to use, which is a barrier for those without the skills, patience, or time to learn. Silent Circle helps remove these hurdles. As a result, organizations that have a real need for secure communications but have maybe not understood how to implement them are coming forward and expressing interest in Silent Circle.

Janke says he’s already sold the technology worldwide to nine news outlets, presumably keen to help protect their journalists’ and sources’ safety through encryption. (ProPublica, for one, confirmed it’s had “preliminary discussions” with Silent Circle.) A major multinational company has already ordered 18,000 subscriptions for its staff, and a couple of A-list actors, including one Oscar winner, have been testing the beta version. The basic secure phone service plan will cost $20 a month per person, though Janke says a number of human rights groups and NGOs will be provided with the service for free.

The company has also attracted attention from 23 special operations units, intelligence agencies, and law enforcement departments in nine countries that are interested in using Silent Circle to protect the communications of their own employees—particularly on the personal devices that they use at home or bring to work. Some of these same agencies, perhaps unsurprisingly, have contacted Janke and his team with concerns about how the technology might be used by bad guys. Because Silent Circle is available to just about anyone, Janke accepts there is a real risk that a minority of users could abuse it for criminal purposes. But he argues you could say the same thing about baseball bats and says if the company is ever made aware someone is using the application for “bad illegal things”—he cites an example of a terrorist plotting a bomb attack—it reserves the right to shut off that person’s service and will do so “in seven seconds.”

The very features that make Silent Circle so valuable from a civil liberties and privacy standpoint make law enforcement nervous. Telecom firms in the United States, for instance, have been handing over huge troves of data to authorities under a blanket of secrecy and with very little oversight. Silent Circle is attempting to counter this culture by limiting the data it retains in the first place. It will store only the email address, 10-digit Silent Circle phone number, username, and password of each customer. It won’t retain metadata (such as times and dates calls are made using Silent Circle). Its IP server logs showing who is visiting the Silent Circle website are currently held for seven days, which Janke says the company plans to reduce to just 24 hours once the system is running smoothly.

Almost every base seems to have been covered. Biannually, the company will publish requests it gets from law enforcement in transparency reports, detailing the country of origin and the number of people the request encompassed. And any payment a person makes to Silent Circle will be processed through third-party provider Stripe, so even if authorities could get access to payment records, Janke says, “that in no way gives them access to the data, voice, and video the customer is sending-receiving ... nor does it tie the two together.” If authorities wanted to intercept the communications of a person using Silent Circle, it is likely they’d have to resort to deploying Trojan-style tools—infecting targeted devices with spyware to covertly record communications before they become encrypted.

Among security geeks and privacy advocates, however, there’s still far from consensus how secure Silent Circle actually is. Nadim Kobeissi, a Montreal-based security researcher and developer, took to his blog last week to pre-emptively accuse the company of “damaging the state of the cryptography community.” Kobeissi’s criticism was rooted in an assumption that Silent Circle would not be open source, a cornerstone of encrypted communication tools because it allows people to independently audit coding and make their own assessments of its safety (and to check for secret government backdoors). Christopher Soghoian, principal technologist at the ACLU's Speech Privacy and Technology Project, said he was excited to see a company like Silent Circle visibly competing on privacy and security but that he was waiting for it to go open source and be audited by independent security experts before he would feel comfortable using it for sensitive communications.

When I asked Janke about this, he said he recognized the importance of the open-source principle. He says the company, contrary to Kobeissi’s assertion, will be using a noncommercial open-source license, which will allow developers to “do their own builds” of Silent Circle. “We will put it all out there for scrutiny, inspection, and audit by anyone and everyone,” he added.

Another factor is that a number of countries are pushing for new surveillance laws that will force many communications providers to build in backdoors for wiretapping. The Silent Circle team has been following these developments closely, and it seems to have played into the decision to register offshore and locate its multimillion-dollar network outside U.S. jurisdiction. Janke says he has consulted with Canada’s privacy commissioners and understands that the new push to upgrade surveillance capabilities in Canada will not affect the company because its technology is encrypted peer-to-peer (making it technically incapable of facilitating a wiretap request even if it receives one).

But what if, one day down the line, things change and Canada or another country where Silent Circle has servers tries to force them to build in a secret backdoor for spying? Janke has already thought about that—and his answer sums up the maverick ethos of his company.

“We won’t be held hostage,” he says, without a quiver of hesitation. “All of us would rather shut Silent Circle down than ever allow a backdoor or be bullied into an ‘or else’ position.”

In an age of ever-increasing surveillance, it’s a gutsy stance to take. Perhaps Big Brother has finally met its match.
http://www.slate.com/articles/techno...ts.single.html





Pension Funds Oppose Murdoch Re-election: Paper

The two largest public pension funds in the U.S. have voted to oust Rupert Murdoch as chairman of News Corporation ahead of the company's annual shareholders meeting this week, the Sunday Telegraph reported.
Reuters

The California Public Employees Retirement System (CALPERS) and the California State Teachers' Retirement System (CALSTRS), have backed a resolution calling for News Corp to split the role of chairman and chief executive that Murdoch has held since founding the company, the newspaper said without citing sources.

Calpers, which manages $273 billion of assets, said it would not back the re-election of Rupert Murdoch and his sons James and Lachlan, the paper said. Calstrs, which has $153 billion under management, has voted against the re-election of every News Corp director.

Calpers owns a 0.3 percent stake in News Corp valued at about $113 million, while Calstrs holds 0.2 percent valued at $83 million, Thomson Reuters data showed.

A third pension fund with $12.5 billion of assets, Calvert Investments, is also thought to have voted against their re-election, the Sunday Telegraph said. None of the companies were immediately available for comment.

News Corp's annual shareholders meeting is scheduled for October 16 in Los Angeles.

(Reporting by Brenda Goh; Editing by Erica Billingham)
https://www.nytimes.com/reuters/2012...e-murdoch.html





Do Not Track? Advertisers Say ‘Don’t Tread on Us’
Natasha Singer

THE campaign to defang the “Do Not Track” movement began late last month.

Do Not Track mechanisms are features on browsers — like Mozilla’s Firefox — that give consumers the option of sending out digital signals asking companies to stop collecting information about their online activities for purposes of targeted advertising.

First came a stern letter from nine members of the House of Representatives to the Federal Trade Commission, questioning its involvement with an international group called the World Wide Web Consortium, or W3C, which is trying to work out global standards for the don’t-track-me features. The legislators said they were concerned that these options for consumers might restrict “the flow of data at the heart of the Internet’s success.”

Next came an incensed open letter from the board of the Association of National Advertisers to Steve Ballmer, the C.E.O. of Microsoft, and two other company officials. Microsoft had committed a grievous infraction, wrote executives from Dell, I.B.M., Intel, Visa, Verizon, Wal-Mart and other major corporations, by making Do Not Track the default option in the company’s forthcoming Internet Explorer 10 browser. If consumers chose to stay with that option, the letter warned, they could prevent companies from collecting data on up to 43 percent of browsers used by Americans.

“Microsoft’s action is wrong. The entire media ecosystem has condemned this action,” the letter said. “In the face of this opposition and the reality of the harm that your actions could create, it is time to realign with the broader business community by providing choice through a default of ‘off’ on your browser’s ‘do not track’ setting.”

So far, Microsoft has shrugged off advertisers’ complaints. In an e-mailed statement, Brendon Lynch, Microsoft’s chief privacy officer, said a recent company study of computer users in the United States and Europe concluded that 75 percent wanted Microsoft to turn on the Do Not Track mechanism.

“Consumers want and expect strong privacy protection to be built into Microsoft products and services,” Mr. Lynch wrote.

The tone of the industry offensive may seem a bit strident, given that the W3C has yet to decide how to implement the don’t-track-me mechanisms — or even what they signify. For the moment, that means the browser buttons are little more than digital bumper stickers whose sentiments companies are free to embrace or entirely ignore.

But what is really at stake here is the future of the surveillance economy.

The advent of Do Not Track threatens the barter system wherein consumers allow sites and third-party ad networks to collect information about their online activities in exchange for open access to maps, e-mail, games, music, social networks and whatnot. Marketers have been fighting to preserve this arrangement, saying that collecting consumer data powers effective advertising tailored to a user’s tastes. In turn, according to this argument, those tailored ads enable smaller sites to thrive and provide rich content.

“If we do away with this relevant advertising, we are going to make the Internet less diverse, less economically successful, and frankly, less interesting,” says Mike Zaneis, the general counsel for the Interactive Advertising Bureau, an industry group.

But privacy advocates argue that in a digital ecosystem where there may be dozens of third-party entities on an individual Web page, compiling and storing information about what a user reads, searches for, clicks on or buys, consumers should understand data mining’s potential costs to them and have the ability to opt out.

“If you are looking up the word ‘cancer’ ” on a health site, says Dan Auerbach, a staff technologist at the Electronic Frontier Foundation, a digital rights group in San Francisco, “there’s a high probability that you have cancer or are interested in that. This is the sort of data that can be collected.” He adds: “Consumers absolutely have a right to know how their information is being used and to opt out of having their information used in ways they don’t like.”

But the two sides seem to have reached an impasse. When the W3C met recently in Amsterdam to hammer out Do Not Track standards, as my colleague Kevin J. O’Brien reported in an article earlier this month, advertising industry executives and privacy advocates accused each other of trying to stymie the process.

“There is a strong concern that the W3C is not the right forum to be making this decision,” says Rachel Thomas, the vice president of government affairs at the Direct Marketing Association, a trade group based in Manhattan. “The attempt to set public policy is entirely outside their area of expertise.”

During the Amsterdam meeting, Ms. Thomas proposed that Do Not Track signals should actually permit data collection for advertising purposes, the very thing the mechanisms were designed to control. That provocative idea went over with European privacy advocates about as well as a smoker lighting up in a no-smoking zone full of asthmatics.

Indeed, some prominent consumer advocates have interpreted the industry’s proposal as an act of bad faith.

“While many advertisers do support privacy, there is clearly a rogue element of advertising networks that wants to subvert the process,” says Jon D. Leibowitz, the chairman of the Federal Trade Commission. “Or so it seems to me.”

Earlier this year at a White House event, the Digital Advertising Alliance, or D.A.A., an industry consortium, pledged to honor don’t-track-me signals so long as the systems required consumers to make an affirmative choice. But last Tuesday, the consortium published guidelines saying that it viewed Microsoft’s latest browser setting as an automatic, machine-driven choice preselected by a company — not a choice actively made by an individual consumer. During the installment process, Microsoft’s new software actually does give users a choice of whether to keep the mechanism on, or to turn it off. Nevertheless, the consortium said it would not require members to honor the forthcoming browser’s don’t-track-me signals.

Besides, the D.A.A. has already established its own program for consumers who want to opt out of receiving ads tailored to their online behavior, says Mr. Zaneis, whose own group is a member of that consortium. The consortium remains committed to incorporating browser signals into its program, he says, provided that the systems require consumers to make affirmative choices and give them information on the potential effects of eschewing tailored ads.

“We have self-regulation. It’s working very well,” he says. “Why don’t we give that a chance to succeed?”

SOME government officials vehemently disagree. In a letter to the F.T.C. earlier this month, Senator John D. Rockefeller IV, Democrat of West Virginia, called the industry program an “ineffective regime” riddled with exceptions.

“To date, self-regulation for the purposes of consumer privacy protection has failed,” Mr. Rockefeller wrote.

Now regulators are warning that opposition to Do Not Track could backfire on advertisers, by giving browsers more incentive to empower frustrated users.“We might see a technology arms race with browsers racing to see — by letting consumers block ads — who can be the most privacy-protective,” says Mr. Leibowitz of the F.T.C. “Maybe that’s not a bad thing.”
https://www.nytimes.com/2012/10/14/t...sers-fire.html





Nobody “Goes Online” Anymore
Liz Gannes

A large survey of Internet users found that they say they spend fewer hours per week online than they did a year ago.

Wait, really?

Well, it’s a matter of perception. This was a Forrester survey, and people were asked how much time they spend using the Internet. On average, they said 19.6 hours per week, versus 21.9 hours per week when asked the same question in 2011.

But Forrester thinks that the drop is more about perception than reality, because many people are virtually always online these days.

“Despite the fact that they always have connected devices and are always online, they don’t really realize they’re online,” said Forrester analyst Gina Sverdlov. “They’re using Google Maps or checking in on Facebook, but that’s not considered online because it has become such a part of everyday life.”

When Forrester separately does tracking studies to measure how much time people spend online, it’s way more than they realize, she said. But this particular study was a survey of 58,000 U.S. online adults, who were asked to talk about their own habits.

It makes sense. Why talk or think about “going online” when you’re already there?

Sverdlov said she sees this difference between how people talk about the Internet and what they actually do in other areas, too.

So, for instance, the Forrester survey found that lots of people say they visit social networking sites regularly: 70 percent this year versus 58 percent in 2010.

Meanwhile, other activities like using photo-sharing sites and contributing to online forums and discussion groups saw drops in reported usage.

People still post photos and talk to each other online all the time, Sverdlov said, but they may think of them differently because they may be doing them on services like Facebook and Twitter. “We’re seeing somewhat of a cannibalization of other Internet activities because it’s possible to do all that on social networking sites,” she said.

What we actually do is generally more important than the words we use to describe it — but the fact that these labels are trailing behind is another indicator of the significance of these shifts.
http://allthingsd.com/20121017/nobod...nline-anymore/





SNL’s Sketch Pits iPhone 5 Factory Workers Problems Against The Tech Critics
Mike Butcher

Saturday Night Live’s latest parody sketch gives life to that oft-quted phrase ‘first world problems’. (Here’s an alternative link if the one above doesn’t work). In a biting take-down of some of the legitimate, but sometimes whiny niggles us tech press have with the new iPhone 5, the show assembled a mock Tech TV show called Tech Talk. Chaired by Christina Applegate, it features ‘writers’ from Cnet, Wired and Gizmodo who initially complain about Maps, a purplish hue in photos of the sun, and the unbearable lightness of the iPhone. These problems are variously described as a ‘nightmare,’ ‘unacceptable’ and ‘impossible’ to deal with.

Three Chinese factory workers who made the iPhone are lined up to put these ‘problems’ into perspective. “You wanted Starbucks, but it took you to Dunkin’ Donuts?” says one worker. “That must be so hard for you… I guess we are lucky that we don’t use Maps since we SLEEP where we work,” says one. Ouch, this is going to hurt.

It turns out the workers have a few ‘bugs’ with the iPhone too – mainly the lice in their beds in the factory.

No amount of back-pedalling or apologizing gets the tech commentators out of the situation, including the workers bringing out a Chinese violin to accompany the whining.

Applegate asks the workers if they’d, in turn, like to complain about any American products. We won’t spoil the answer for you, but it’s a doozy.

Suffice to say, it’s a sketch worth catching.
http://techcrunch.com/2012/10/14/snl...-tech-critics/





How Evil Is Your Smartphone?
Fruzsina Eördögh

In a recent post, ReadWriteWeb's Adam Popescu vowed to boycott Apple due to its association with Foxconn, the Taiwanese contract manufacturer infamous for sowing despair among its workers. Reading the article, I had to ask myself: Did the maker of my smartphone - a RIM BlackBerry - also help drive workers to suicide? Did it release toxic pollutants into the environment or fuel wars in places far away from its head offices? So I set about looking for the world's most ethical smartphone. What I learned surprised me.

Participants in the comment thread below Popescu's article were quick to point out the many electronic products that can be traced to Foxconn. The company's factories churn out devices for Amazon, Microsoft, and Samsung. In a related Skype chat, ReadWriteWeb editor Ted Greenwald commented that there are no ethical gadgets, period; their manufacture and use are not sustainable, he argued.

Okay, maybe there are no ethical smartphones. But some must be better than others, right?

Ethical Consumer, a UK organisation “researching and recording the social and environmental records of companies” since 1989, is a leader in evaluating products for their impact on human rights, animal rights, the environment, and other factors that might fall under the heading "ethics". Its report on smartphones isn't very positive, in general. It awards points from a possible score of 20, and nobody scores more than 10.5.

That said, I was happy to find that my BlackBerry appeared near the top of the heap, just below Amplicom (a maker of cordless phones that doesn't offer a smartphone as far as I can tell.)

BlackBerry fell considerably short - behind Apple, Nokia, Toshiba, LG and Samsung - in waste management and the level of toxins in the production process. RIM never filed an environmental report, so Ethical Consumer gave the company a 0 in those areas. BlackBerry’s failures in the green category, however, were enough bouy its score compared to that of other mobile manufacturers.

The 38 page report by Ethical Consumer is extensive, and includes goodies like: Samsung has ties to human rights abuses in the Congo - as does Toshiba, Motorola and Sony - and Sony has raised flags among animals rights groups for abuses including killing a goat at a promotional party. Several female Nokia factory workers in Thailand had to be hospitalized for severe lead poisoning in 2006, after they were told lead wasn’t harmful. Workers had to buy their own protective gear, like gloves and face masks, and were told to drink a carton of milk a day to remove the birth-defect causing toxin from their bodies. (Milk does not, in fact, help you pee out lead.)

CrackBerry Supports Human Rights

If we are judging how ethical a smartphone is based on its treatment of workers, BlackBerry is near the top. Incidentally, RIM's report is surprisingly free of negative human rights indicators: no riots, no illnesses, nothing. The worst things about RIM, according to Ethical Consumer, was its failure to file an environmental report and that it had a factory in a repressive regime, namly China.

RIM has (or used to have) factories in Canada, United States, Hungary, Brazil, Asia, and Mexico, where my BlackBerry says it was made in. After a casual disassembly, the small electronic parts in my phone reveal they come from China or Korea, but further information on exactly where and what factory is hard to find, as RIM is notorious for its lack of transparency. According to a 2009 Bloomberg article, “RIM’s five biggest suppliers account for almost 90 percent of its production costs,” suppliers that operate mostly in China. BlackBerry still beats the Android and especially Apple on this factory issue, however, because riots and suicides at RIM factories are unheard of (so far).

Due to declining profits, RIM recently shut down one factory in Canada and one in Hungary, countries with strict labor laws and therefore high wages and good working conditions. There is nothing to indicate that RIM’s failure to dominate the market like it once did is due to its adherence to fair labor laws. Rather, RIM’s decline is a result of mismanagement and lack of innovation leading to low demand.

If RIM Can Do It, Why Can’t Apple?

Apple and its Android competitors don’t have RIM’s problems. So why are they still relying on Foxconn? Apple is incredibly profitable - reputedly the most profitable company of all time.

Apple set the smartphone standard and turned us into a touchscreen society. Why can’t it set the standard in labor conditions? Sources in the know say Apple would love to have its factories closer to home anyway to keep an eye on quality control. According to Ethical Consumer, Apple has been providing unsafe conditions to its overseas factory workers since 2008 and using factories in 10 countries classified as “oppressive regimes” since 2006.

Until Apple moves its manufacturing operations closer to home and/or makes as commitment to setting high standards for its labor practices, I will keep using and loving my BlackBerry despite ridicule from the Apple snobs and Android fanatics. I eagerly await RIM's upcoming BlackBerry 10 phones.
http://www.readwriteweb.com/mobile/2...smartphone.php





The BlackBerry as Black Sheep
Nicole Perlroth

Rachel Crosby speaks about her BlackBerry phone the way someone might speak of an embarrassing relative.

“I want to take a bat to it,” Rachel Crosby, of Los Angeles, says of her creaky BlackBerry. “You can’t do anything with it.”

“I’m ashamed of it,” said Ms. Crosby, a Los Angeles sales representative who said she had stopped pulling out her BlackBerry at cocktail parties and conferences. In meetings, she says she hides her BlackBerry beneath her iPad for fear clients will see it and judge her.

The BlackBerry was once proudly carried by the high-powered and the elite, but those who still hold one today say the device has become a magnet for mockery and derision from those with iPhones and the latest Android phones. Research in Motion may still be successful selling BlackBerrys in countries like India and Indonesia, but in the United States the company is clinging to less than 5 percent of the smartphone market — down from a dominating 50 percent just three years ago. The company’s future all depends on a much-delayed new phone coming next year; meanwhile RIM recorded a net loss of $753 million in the first half of the year compared with a profit of more than $1 billion a year earlier.

Among the latest signs of the loss of cachet: One of the first steps Marissa Mayer took as Yahoo’s newly appointed chief executive to remake the company’s stodgy image was to trade in employees’ BlackBerrys for iPhones and Androids. BlackBerrys may still linger in Washington, Wall Street and the legal profession, but in Silicon Valley they are as rare as a necktie.

As the list shrinks of friends who once regularly communicated using BlackBerry’s private messaging service, called BBM, many a BlackBerry owner will not mince words about how they feel about their phone.

“I want to take a bat to it,” Ms. Crosby said, after waiting for her phone’s browser to load for the third minute, only to watch the battery die. “You can’t do anything with it. You’re supposed to, but it’s all a big lie.”

The cultural divide between BlackBerry loyalists and everyone else has only grown more extreme over the last year as companies that previously issued employees BlackBerrys — and only BlackBerrys — have started surrendering to employee demands for iPhones and Android-powered smartphones.

Goldman Sachs recently gave its employees the option to use an iPhone. Covington & Burling, a major law firm, did the same at the urging of associates. Even the White House, which used the BlackBerry for security reasons, recently started supporting the iPhone. (Some staff members suspect that decision was influenced by President Obama, who now prefers his iPad for national security briefings. A spokesman for the White House declined to comment.)

Out in the world, the insults continue. Victoria Gossage, a 28-year-old hedge fund marketer, said she recently attended a work retreat at Piping Rock Club, an upscale country club in Locust Valley, N.Y., and asked the concierge for a phone charger. “First he said, ‘Sure.’ Then he saw my phone and — in this disgusted tone — said, ‘Oh no, no, not for that.’ ”

“You get used to that kind of rejection,” she said.

“BlackBerry users are like Myspace users,” sneers Craig Robert Smith, a Los Angeles musician. “They probably still chat on AOL Instant Messenger.”

BlackBerry outcasts say that, increasingly, they suffer from shame and public humiliation as they watch their counterparts mingle on social networking apps that are not available to them, take higher-resolution photos, and effortlessly navigate streets — and the Internet — with better GPS and faster browsing. More indignity comes in having to outsource tasks like getting directions, booking travel, making restaurant reservations and looking up sports scores to their exasperated iPhone and Android-carting partners, friends and colleagues.

“I feel absolutely helpless,” said Ms. Gossage. “You’re constantly watching people do all these things on their phones and all I have going for me is my family’s group BBM chats.”

Ryan Hutto, a director at a San Francisco health information company, said he frequently depended on others, often his wife, for music playlists, navigation and sports scores. “After two or three questions, people start to get irritated,” Mr. Hutto said.

His wife, Shannon Hutto, says with a sigh: “Anytime we go anywhere, I always have to pull up the map. If we’re searching for a restaurant, I pull up the Yelp app. If we need a reservation, I pull up OpenTable. I kind of feel like his personal assistant.”

Still, a few BlackBerry users say they’re sticking with the device, mainly because of the BlackBerry’s efficient, physical keyboard. “I use my BlackBerry by choice,” said Lance Fenton, a 32-year-old investor who frequently travels and needs to send e-mails from the road. “I can’t type e-mails on touch-screen phones.”

Mr. Fenton said he could not wrap his head around iPhone fever. “I constantly ask people, ‘What is so great about it?’ and they have these nonsensical answers,” he said. “Someone told me I’m missing out on some app that maps their ski runs. I ski four days a year. On the road, I don’t need a ski app.”

RIM’s most recent efforts to hold on to loyal customers, as well as software developers building apps for its next generation of phones scheduled to be available next year, have elicited universal cringes. In a recent promotional video, Alec Saunders, RIM’s vice president for developer relations, is shown belting out a rock song titled “Devs, BlackBerry Is Going to Keep on Loving You,” a riff on the 1981 power ballad by REO Speedwagon “Keep on Loving You.”

“This is the sign of a desperate company,” said Nick Mindel, a 26-year-old investment analyst. “Come on, BlackBerry, I always had some faith, but you just lost a customer. Frankly, I don’t think they can afford to lose many more.”

After eight years with a BlackBerry, Mr. Mindel said he just joined the wait list for the iPhone 5. When it arrives, he said, "I’m considering removing my BlackBerry battery, pouring in cement, and using the BlackBerry as an actual paperweight.”
https://www.nytimes.com/2012/10/16/t...for-users.html





Flip This App: Secondary Mobile App Market Quietly Taking Off

Low-level app sales help drive startups like Apptopia forward
Jon Gold

The practice of flipping is probably most familiar to the general public from reality TV shows like "Flip This House" on A&E. The idea is to buy a house for a lowish price, fix it up a bit, and then sell it on to a buyer, hopefully at a profit.

Now, the secondary market for Android and iOS apps is beginning to see the same pattern. App creators without the time or inclination to service or monetize their apps can simply sell them off for a flat, up-front sum of money. Buyers can then either tweak them as they like or not, and either attempt to monetize them themselves or re-sell the apps to still another party.

To Jonathan Kay, founder of app trading website Apptopia, much of the market is driven by an imbalance between supply and demand.

"Probably 80% of people who want to get involved in mobile either don't know how to code an app or don't know an app developer," he says. "So there's this massive demand, but kind of a little bit of a barrier to entry."

The typical sale on Apptopia -- which has attracted investment from Mark Cuban, among others -- ranges between about $1,000 and $250,000, he says -- hardly Instagram territory, but more of a "micro-scale."

Kay uses the example of humor site 9gag -- which had modest success with an iPhone app, but not nearly as much as an Android app created by one of the site's users.

"Oftentimes, paying an app development shop in New York City $100,000 to build your app isn't valuable because they don't understand your business," he says.

"We have a buyer on our site ... I believe he works at a hedge fund. So he kind of has the mentality to begin with. He bought this [9gag] app for $25,000, and I'm almost positive his intent is to then flip this app back to 9gag."

Depending on the eventual fee, this might not look like a great deal to the original creator -- who could wind up with $25,000 having done all the actual work, while the speculator takes home the rest. Kay estimates that the speculator could sell the app to 9gag for $80,000 -- $120,000.

However, Kay says, some developers are creating apps specifically to sell on Apptopia. Something as simple as a slot machine app -- though it obviously couldn't be played for real money -- could nonetheless be profitable, based on the huge number of potential ads served, he says.

The emphasis, according to Kay, is on letting developers focus on what they're good at.

"Building a good app, getting a good user base ... and then they can sell it to someone who knows how to monetize it," he says.

*

There are other possibilities provided by a thriving secondary market in mobile apps, according to Ty Rollin, CTO of business mobility specialist Mobiquity.

"The cool thing about this model is the analytics collected could help inform the value of an app before a developer even builds it. We're not sure how big this is yet, but like any secondary market, if there are arbitrage opportunities, people will find them!" he said in an email.

Kay admits, however, that the secondary market doesn't see a lot of businesses seeking out apps for internal use.

"Most companies that are big enough to need an internal app ... work with another really, really big company that specializes in internal catalogs," he says.

That said, it doesn't need to be the case, according to Rollin.

"These marketplaces would be ... good, as long as they have (or will have) a process in place to certify these apps for enterprise use, both at the code and executable levels," he said.
http://www.networkworld.com/news/201...ng-263338.html





In Wi-Fi Intoxicated Manhattan, a Generation of Teetotalers
Cara Buckley

Mary Kipin, 82, has a computer, but all she really uses it for is to play bridge. Marie Mutz, also in her 80s, is eager to find out what a PDF is — “I’m waiting for my neighbor to tell me,” she said. Sally Anderson, 78, has been promising herself a new computer for years — her old one was a dial-up that spent the bulk of the early aughts gathering dust. “I did send a few e-mails,” Ms. Anderson, who lives near Gramercy Park, said. “The first one I sent 16 times.”

Thus did the three women find themselves in a ground-floor room, bathed in fluorescence, on Thursday at the First Presbyterian Church, in Greenwich Village, just north of Washington Square Park. Every month the church hosts a seminar as part of its Aging Well series, and on this night the topic was “What’s Wi-Fi and Do I Really Need a Smartphone?” New York may be one of the most wired, smartphone addicted-slash-addled cities in the nation, but the pace of the technological leaps has left a lot of older people behind, wondering what they were missing and whether it was worth finding out.

About three dozen people attended, most in their 70s and 80s. Many came armed with answers of their own. Whatever Wi-Fi was, it sounded a little scary, untrustworthy or hopelessly complicated. As for smartphones, they had turned people, body snatcher-like, into distracted drones.

“They’ve dropped out of social intercourse on the street,” said Bob Moran, a 76-year-old mostly retired social worker who owns a dying computer but no cellphone.

Mr. Moran said he cursed out people who chatted on smartphones in restaurants or who texted their way down sidewalks, heads in that telltale bend. “I think it’s going to end badly, this lack of contact in the world,” he said.

Sandy Guzik, 72, proud to own neither a smartphone nor a cellphone, was there “so I can tell people even more about why I don’t want one.”

“People say, ‘What if there’s an emergency?’ I say, ‘There’s nine people around me who have one,’ ” she said. “I’ve never had that emergency, and neither have they.”

“I’ve seen children neglected,” she added darkly. “I’ve seen friends neglected.”

Several others said they were there for the light dinner that was served beforehand — $7 a head for cold cuts on baguettes with tortilla chips, soda, coffee and a pastry. Still, the place really filled in at 6:45 p.m., when the seminar began.

Robert Finkenthal stood before them, a technology trainer at NYU Langone Medical Center who spent six years working at a nonprofit organization that specialized in teaching technology to older people. Many of his elderly students felt fearful or anxious about technology, he said beforehand, or were embarrassed about not being in the digital mainstream. “The worst is not knowing what it is, not knowing how to get there, and knowing that everyone around you is completely hooked in,” Mr. Finkenthal said.

PowerPoint slides glowed on a roll-down screen. Mr. Finkenthal explained what smartphones were, and what the differences between them were, and what apps were.

“Has anybody heard of Angry Birds?” he asked. Murmurs followed. Not one hand went up.

He moved onto Wi-Fi.

“WiFi,” a seminar participant wrote on a pad of paper, adding the phonetic pronunciation for Wi: “Y.”

After an hour and a half, Mr. Finkenthal took questions. Do all smartphones have Internet connections? Is there a way to turn the Internet off? Did he use a headset and was he concerned about radiation? Could you watch an Audrey Hepburn movie on your phone?

Afterward, the Rev. Richard Pease, who organizes the seminars, thanked Mr. Finkenthal, saying, “I’m too old to understand this, but I think it’s great.”

The audience began filtering out. Ms. Guzik said the seminar reinforced her resolve to never get Wi-Fi. The Internet was addictive enough, she said; when she logged on at libraries, whole afternoons vanished.

Ms. Anderson said that when she did get around to buying a computer, she would be sure to get wireless, to obviate the need for wires.

Robert McCarl, 81, found it terrifying that smartphones could pinpoint the user’s location. “They could put a bomb on your head anytime,” he said. Who could? “Your enemies,” he replied. “Your slobbering enemies.” Still, Mr. McCarl deemed Mr. Finkenthal’s presentation “terrific.”

“It was fascinating,” he said as he rose to leave. “But it’s not my generation, so I didn’t know what he was talking about half the time.”
https://www.nytimes.com/2012/10/20/n...etotalers.html

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

October 13th, October 6th, September 29th, September 22nd

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public." - Hugo Black