P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 31-10-12, 07:33 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - November 3rd, '12

Since 2002


































"Here is a lesson every Web site manager may be taking away from Hurricane Sandy: It is probably not a good idea to put the backup power generators where it floods." – Quentin Hardy and Jenna Wortham


"FBI agents pressing reload...We see their IP addresses." – Kim Dotcom



































November 3rd, 2012




Hurricane Sandy Disrupts Northeast Telecom Networks
Sinead Carew

Power outages and flooding caused by Hurricane Sandy disrupted telecommunications services on Tuesday and coverage was spotty for everything from cellphones and home telephones to Internet services in Northeastern states.

Verizon Communications said in the early hours of Tuesday that its wireline service was suffering as flooding in its central offices in lower Manhattan affected its back-up generators and batteries.

The company said that its engineers were on site during the night and were beginning to assess damage.

"Verizon is discovering that many poles and power lines/Verizon cables are down throughout the region due to heavy winds and falling trees," the company said in a statement.

Sprint Nextel, the No. 3 U.S. mobile provider said it was seeing outages at some cell sites because of the power outages across all the states in Sandy's path including New York, New Jersey, Connecticut, Pennsylvania, Washington DC, Maryland, North Virginia and New England.

People complained of outages to their cable telephone, Internet and television services from providers ranging from Comcast Corp, Cablevision Systems Corp and Verizon in New Jersey, Connecticut, and New York.

Cablevision said it was experiencing widespread service interruptions primarily related to loss of power. Comcast had no immediate comment.

Cellphone service also appeared to be spotty for other top providers AT&T Inc and T-Mobile USA, a unit of Deutsche Telekom, according to some customers.

AT&T declined to comment on whether it was having network problems but said that it "will continue to monitor" its wireline and wireless networks.

"Once we have a clear sense what's happening and where we'll communicate it," spokesman Mark Siegel said.

Verizon Wireless declined immediate comment expect to say that it is assessing the situation. A T-Mobile USA representative was not immediately available for comment.

Several Time Warner Cable customers in Brooklyn said that their Internet, television and phone services stopped working Monday night but were back again by Tuesday morning.

Time Warner Cable said that while it has not seen any major damage to its infrastructure, its customers who do not have electricity do not have cable services.

Millions of people in the eastern United States awoke on Tuesday to flooded homes, fallen trees and widespread power outages caused by Sandy, which swamped New York City's subway system and submerged streets in Manhattan's financial district.

At least 15 people were reported killed in the United States by one of the biggest storms to ever hit the country. Sandy dropped just below hurricane status before making landfall on Monday night in New Jersey. [ID:nL3E8LU2KJ] (Additional reporting by Jennifer Saba in New York and other Reuters reporters)
http://www.reuters.com/article/2012/...89T0YU20121030





When Floodwaters Rise, Web Sites May Fall
Quentin Hardy and Jenna Wortham

Here is a lesson every Web site manager may be taking away from Hurricane Sandy: It is probably not a good idea to put the backup power generators where it floods.

As computer centers in Lower Manhattan and New Jersey shut down or went to emergency operations after power failures and water damage Monday night, companies scrambled to move the engines of modern communication to other parts of the country. Others rushed to find fuel for backup power generation. In some cases, things just stopped.

“Suddenly, nobody could get online,” said Arianna Huffington, president and chief executive of The Huffington Post, which went offline about 7 p.m. Monday when the computer servers of Datagram, which distribute its work on the Internet, stopped working because of rising water in Lower Manhattan.

About six hours later, Huffington Post was online, but it crashed again several hours later. It was running again at 8 a.m. Tuesday.

As more of life moves online, damage to critical Internet systems affect more of the economy, and disasters like Hurricane Sandy reveal vulnerabilities from the sometimes ad hoc organization of computer networks. In places like Manhattan, advanced technology comes up against aging infrastructure and space constraints, forcing servers and generators to use whatever space is available.

Power is the primary worry, since an abrupt network shutdown can destroy data, but problems can also stem from something as simple as not keeping a crisis plan updated.

“If you have an e-commerce system taking an order from the Web, it may touch 17 servers, all in different locations,” said James Staten, an analyst with Forrester Research. One server might contain customer information, he said, while others work with logistics, product availability or billing. “If you don’t list them all as mission critical, you’re in trouble when disaster occurs.”

Big nationwide providers of Internet service, like Google and Amazon Web Services, were for the most part unaffected by the storm. Their cavernous facilities, holding more than 100,000 computer servers each, were located out of the storm’s path, and had extensive backup power generation. Amazon’s facilities in Virginia, which had been affected in a storm last summer, had no problems.

The largest telecommunications company affected by the storm appeared to be Verizon, which lost a considerable amount of old-fashioned wired phone service to the flooding. Bill Kula, a Verizon spokesman, said the storm surge from the hurricane flooded its central offices in Lower Manhattan, Queens and Long Island, causing power failures. Cellphone service at both AT&T and Verizon Wireless appeared to be less affected.

In the days leading to the hurricane, the carriers staged fleets of emergency response vehicles — trucks that act as temporary cell towers — in strategic locations along the storm’s edge. They also took safety measures, like installing backup batteries on cell sites and moving important equipment to less vulnerable areas. They advised customers to use text messaging instead of placing phone calls to use fewer network resources.

Large companies avoided problems by moving data and people out of town before the hurricane hit, using specialized nationwide service providers.

“They fan out across the U.S.,” said Nick Magliato, chief operations officer of SunGuard. “They move data from New York to Philadelphia, Philadelphia to Phoenix.” His company also provides offices for workers across the country, with computers that replicate their office systems and phones that have their personal numbers.

Peer 1 Hosting, like many other service providers, updated customers via its blog Tuesday. Robert Miggins, senior vice president for business development, said the main options for customers were to shut down in an orderly way, preserving data, risk staying online, or consider moving data to Peer 1’s computers in other parts of the country. “We’re telling them to back up everything,” he said, “sometimes they are dealing with us with nothing but a smartphone.”

Besides Huffington Post, Internet media sites including Gawker and BuzzFeed were taken out by the flooding at the Internet services company Datagram. The sites later recovered, sometimes with reduced service, by transferring work to other providers in different locations. Services remained intermittent, however.

Datagram executives could not be reached for comment. According to the company’s Web site, flooding in the basement of its facilities at 33 Whitehall Street, in Lower Manhattan, damaged the building’s electrical system. The site said Datagram’s computers were not affected.

Many companies affected by the storm and its aftermath built out distributed virtual networks of people, as well. Ben Smith, the editor of BuzzFeed, said that engineers worked throughout the night to shift the site to Amazon Web Services. Mr. Smith said that one man, Eugene Ventimiglia of Emerson, N.J., continued working from home as a tree crashed through his house.

BuzzFeed also rerouted readers to blogs on the Tumblr publishing service, in order to maintain social distribution of its content while its own site was down. Despite the power failures, Mr. Smith said, BuzzFeed still received about two million unique visitors on Monday.

Providers of critical Internet services to business in the area will be set back until full power is restored. A large building on Eighth Avenue in Manhattan, owned by Google which houses several other service providers as well, was relying on a 90,000-gallon tank of diesel fuel to run emergency operations, according to one of the building’s tenants.

“We’re good for about 72 hours at a full load of customers,” said Ron Sterbenz, vice president for marketing at Telx, which maintains data services for financial companies and communications providers from the facility. “We don’t know when the power will be back up.” Google would not comment on its building’s operations.

Another downtown building, at 75 Broad Street, had one generator in the basement, which was damaged by water. There is another generator, but it is on a higher floor.

“We’re on a very limited amount of fuel,” said Mr. Miggins of Peer 1, which maintains computers there. “We’ve got a truck full of diesel pulled up to the building, and now we’re trying to figure out how to get fuel up to the 19th floor.”

Quentin Hardy reported from San Francisco and Jenna Wortham from New York. Brian X. Chen contributed reporting from New York.
https://www.nytimes.com/2012/10/31/t...-may-fall.html





Flamboyant Megaupload Founder Unveils File-Sharing Sequel
Naomi Tajitsu

Like a good Hollywood sequel, Megaupload is back.

Kim Dotcom, the founder of the shuttered file-sharing site that housed everything from family photos to blockbuster films, on Thursday announced a new online storage service called Mega that will give users direct control - and responsibility - over their files.

Mega will launch in January 2013, just before the internet entrepreneur is scheduled to face an extradition hearing to the United States where he and other Megaupload operators face charges of online piracy, fraud and money laundering.

In a snub to U.S. prosecutors, the site will not utilize U.S.-based hosting companies as partners in order to avoid being shut down by U.S. authorities.

The U.S. government alleges that Megaupload, once one of the world's most popular websites, was directly responsible for illegally uploaded content on the site and that it netted $175 million from unlawful activities.

"The new Mega will not be threatened by U.S. prosecutors," Dotcom told Reuters in an interview, adding that he was confident Mega would avoid violating U.S. law.

"The new Mega avoids any dealings with U.S. hosters, U.S. domains and U.S. backbone providers and has changed the way it operates to avoid another takedown," he said.

ENCRYPTION KEYS

Mega is the follow-up to Megaupload, which was shut down in January this year when New Zealand police helicopters swooped into the flamboyant Dotcom's mansion outside Auckland to seize computers and other evidence at the request of U.S. authorities.

Users of the new cloud-based service will be able to upload, store and share photos, text files, music and films, encrypt those files and grant access using unique decryption keys.

"You hold the keys to what you store in the cloud, not us," a statement on the Mega website said.

While the new site will operate faster and boast a bigger storage capacity, the encryption technology marks a major change from Megaupload as Mega operators will not have access to files and will therefore be immune to content liability.

Ensuring that files are not pirated will be the job of content owners, a major change from Megaupload, which the U.S. film industry says was directly responsible for taking down illegally uploaded content.

"Content owners can still remove infringing material and they will even get direct delete access if they agree not to make us responsible for actions of users," Dotcom said.

Dotcom's announcement comes just weeks after a U.S. federal judge ruled that Washington's criminal case against Megaupload will go forward for now.

Dotcom, a German national who holds New Zealand residency, faces an extradition hearing in March even though a New Zealand court ruled that the January raid and seizure were unlawful, while the nation's spy agency was found to have illegally spied on Dotcom.

Thursday's announcement was delayed for about one hour after the website was overloaded by users. According to Dotcom, much of the traffic was driven by U.S. authorities.

"FBI agents pressing reload...We see their IP addresses," he said on his Twitter feed.

(Reporting by Naomi Tajitsu; Editing by Matt Driskill)
http://www.reuters.com/article/2012/...8A007M20121101





Megaupload Founder Dotcom Will Face New Charges if He Launches New File-Sharing Service

The agency questions Dotcom's plans to launch a service similar to Megaupload
Grant Gross

Megaupload founder Kim Dotcom could violate the terms of his bail, or face new criminal charges, if he launches a new file-sharing and storage service as planned, the US Department of Justice said in a court filing this week.

Dotcom, who said earlier this month he plans to launch a service called Mega, would renege on assurances he made to a New Zealand court before he was granted bail in the DOJ's copyright infringement case against him and Megaupload, the DOJ said in a court document filed late Wednesday.

"Defense Counsel's claim that the corporate defendant can and should be allowed to operate undermines the sworn statements of Dotcom that he has no plans or ability to continue to operate or fund the businesses in the Indictment during pendency of the extradition process," the DOJ's lawyers wrote in a court filing opposing a motion by Dotcom's lawyers to dismiss the case against Megaupload. "If defendant Dotcom intentionally misled the court in New Zealand about his intentions and capabilities in order to obtain his release from pre-extradition confinement, it seems Defense Counsel's representation might endanger Dotcom's bail situation or even subject him to additional charges."

Dotcom, in a January affidavit given in New Zealand, said he had no plans to relaunch Megaupload or a similar service until the DOJ's case against him is resolved.

"There is no realistic prospect or possibility of restoring the business or recommencing the business having regard to both the seizure of the requisite servers and data storage equipment and to the seizure of all funds, monies and assets held both by Megaupload and by me personally," he said then."Further, it is likely that users would consider any new iteration of Megaupload as inherently unreliable as it could be subject to a further incident in which the US government takes action to close the site down and thereby prevents users from having legitimate access to their data."

Ira Rothken, a lawyer representing Dotcom and Megaupload, dismissed the DOJ's assertions. Dotcom has a "top-notch" legal team in New Zealand working with the court there to assure that he complies with the terms of his bail, Rothken said.

The DOJ's suggestion that Dotcom could face new criminal charges lacks merit, he added.

"It sounds like the United States is attacking a technology before they fully investigate it," Rothken said. "This looks to be the second time they're doing that. Kim Dotcom is innocent, and he's entitled to be involved in technology and business."

The DOJ has accused Dotcom and Megaupload of running a massive file-sharing operation infringing the copyrights of many US companies. In January, the agency seized the website and charged Dotcom and three other executives with conspiracy to commit racketeering, copyright infringement and money laundering.
http://news.techworld.com/mobile-wir...s-new-service/





Feds Say No Dice in Retrieving Your Data Seized in Megaupload Case
David Kravets

Federal prosecutors are proposing a process that would make it essentially impossible for former Megaupload users to recover their data following the government’s seizure of the file-sharing service’s servers and domain names in January as part of its prosecution of a criminal copyright infringement indictment of Megaupload’s employees.

That’s according to Julie Samuels, an Electronic Frontier Foundation attorney representing an Ohio man seeking the return of his high school sports footage.

“It’s almost an insurmountable hurdle for any individual or small business,” Samuels, in a telephone interview Wednesday, said of the government’s position.

The government asserted in a court filing Tuesday that the process of returning videos to EFF client Kyle Goodwin, so far the only individual to come forward demanding return of data, “may require the testimony of numerous witnesses, including potential expert witnesses.”

The government’s position comes as people increasingly store documents in the cloud, while the government, in the name of protecting intellectual property, has shown a willingness to seize servers and domain names first and worry later about the consequences, like there being no clear process on how to return data to their rightful owners.

The government fears a rush of some of 60 million-plus former Megaupload customers could make a claim to get their data back. The government says that Goodwin’s court declaration asserting he owns files in a Megaupload account is not good enough.

“Mr. Goodwin has yet to demonstrate whether he has an interest in any property seized by the government,” the authorities said in a brief filing. The government added that “the mere fact that he may claim, for example, an initial copyright to a version of the files he uploaded is not sufficient to establish that he has an ownership interest in the property that is the subject of this motion.”

Goodwin wants U.S. District Judge Liam O’Grady, the judge overseeing the Megaupload criminal infringement prosecution, to continue his order preserving the 25 petabytes of data the authorities seized in January. Goodwin, the operator of OhioSportsNet, which films and streams high school sports, wants to access his copyrighted footage that he stored on the file-sharing network. His hard drive crashed days before the government shuttered the site Jan. 19, he claims in a court filing.

The government also suggested that Goodwin may have uploaded unauthorized music to Megaupload, too, which cannot be returned.

The authorities suggested that “cheaper remedies” might exist for Goodwin to retrieve his content, “such as data recovery from Mr. Goodwin’s hard drive.”

Here’s what the government said the judge should consider before agreeing that Goodwin should get back his files:

(1) whether Mr. Goodwin has ‘clean hands’ or whether he is barred from obtaining equitable relief;

(2) the cost and technical feasibility of finding a single user’s data on the Carpathia servers;

(3) the number of other affected parties similarly situated to Mr. Goodwin;

(4) how, if at all, the government can prevent the return of infringing materials and other contraband from the servers;

(5) and whether other, cheaper remedies exist, such as data recovery from Mr. Goodwin’s hard drive.

Such issues may require the testimony of numerous witnesses, including potential expert witnesses. Many of these difficult issues may be avoided if the Court determines that Mr. Goodwin’s lacks an interest in the seized property, or that his interest is narrower than he currently claims.

Megaupload allowed users to upload large files and share them with others, but the feds and Hollywood allege the service was used almost exclusively for sharing copyrighted material without permission — which Megaupload denies.


A hearing on the data issue is pending.

Federal authorities have said they have copied some, but not all of the Megaupload data, and said Carpathia, Megaupload’s Virginia-based server host, could delete the 25 million gigabytes of Megaupload data it is hosting on 1,100 servers — a decision the judge in the case has tentatively halted.

Carpathia has said it is spending $9,000 daily to retain the data, and is demanding that Judge O’Grady relieve it of that burden. Megaupload, meanwhile, wants the government to free up some of the millions in dollars of seized Megaupload assets to be released to pay Carpathia to retain the data for its defense and possibly to return data to its customers.

The criminal prosecution of Megaupload targets seven individuals connected to the Hong Kong-based file-sharing site, including founder Kim Dotcom. They were indicted in January on a variety of charges, including criminal copyright infringement and conspiracy to commit money laundering.

Five of the members of what the authorities called a five-year-old “racketeering conspiracy” have been arrested in New Zealand, pending possible extradition to the United States — though that has devolved into political mess, after the New Zealand government admitted to spying illegally on Dotcom.

The U.S. government said the site, which generated hundreds of millions in user fees and advertising, facilitated copyright infringement of movies, often before their theatrical release, in addition to music, television programs, electronic books, and business and entertainment software. The government said Megaupload’s “estimated harm” to copyright holders was “well in excess of $500 million.”
http://www.wired.com/threatlevel/201...gaupload-data/





U.S. Piracy Warning System's "Independent Consultant" a Paid Lobbyist for RIAA
Kevin Collier

The independent consulting firm responsible for making sure you don’t get unfairly punished for downloading copyrighted content this fall has actually functioned for years as a paid lobbyist for the Recording Industry Association of America (RIAA).

That’s potentially a severe conflict of interest, because the RIAA has a notorious history of pursuing copyright enforcement at the expense of Internet rights, ranging from suing a man for $675,000 for downloading 30 songs, to advocating that users suspected of illegal downloading have their Internet connections shut down, to lobbying for the infamous Stop Online Piracy Act (SOPA) while privately admitting that bill was “not ... an effective tool.”

Whether this is truly a scandal boils down to the functions of the upcoming Copyright Alerts System (CAS). Also known as the “six strikes” system, the CAS forces the five most popular Internet service providers (ISPs) in the U.S. to issue up to six graduated warnings and punishments to those who use peer-to-peer file sharing software. Many fear the CAS is a threat to Internet freedom, citing the fact that it could lead to users being misidentified as criminals, sued by copyright holders, and even disconnected from their Internet service.

The executive director of the program, Jill Lesser, insists that copyright-holding corporations wouldn’t be able to unduly influence how Internet users are treated under the CAS, because the system CAS uses to catch illegal activity, MarkMonitor, will be monitored by an independent consulting firm called Stroz Friedberg. In a blog post dated Oct. 18, Lesser wrote:

[W]e retained a recognized technology expert, Stroz Friedberg, to evaluate the content community’s system (run by MarkMonitor) for identifying alleged infringement over peer-to-peer networks. MarkMonitor uses both trained professionals and automated processes to identify illegal downloading[...]and the system is designed to eliminate false positives. Stroz Friedberg has completed its initial review of MarkMonitor’s methodologies and found that the system is accurate and works properly.

However, as TorrentFreak points out, Stroz Friedberg was the RIAA’s lobbying firm in Washington from 2004-2009. According to lobbying records hosted at OpenSecrets.org, the RIAA paid Stroz Friedberg a total of $637,000 during that period, and save a $20,000 payment from the French media conglomerate Vivendi in 2004, the firm hasn’t received lobbying money from any group except the RIAA.

It bears noting that the RIAA, as well as another industry group that aggressively pursues copyright protections, the Motion Picture Association of America (MPAA), has openly been part of the CAS’s development since it was first announced in 2011.

Lesser, who has twice before granted interviews to the Daily Dot to clarify how the CAS works, denied a request to speak about Stroz Friedberg’s involvement. Instead, she issued a statement defending the decision to hire that firm:

We are confident in the Stroz team's skill, competency and ability to honestly and fairly review the content community’s methodologies [...] The prior, and completely separate, relationship between Stroz Friedberg and RIAA is irrelevant to our choice and our work.”

She added that the CAS would continue to retain Stroz for consulting.

If you’re uncomfortable with a Stroz-approved Internet connection, you’ve only got a few weeks to switch to a smaller Internet service provider. AT&T users will see the CAS take effect Nov. 28. The other participating ISPs—Comcast, Cablevision, Time Warner, and Verizon—will begin the process in “the coming weeks,” according to Lesser’s blog post.
http://www.dailydot.com/news/piracy-...IAA-lobbyists/





RIAA Failed To Disclose Expert’s Lobbying History to “Six-Strikes” Partners
Ernesto

A month before the controversial “six strikes” anti-piracy plan goes live in the U.S., the responsible Center of Copyright Information (CCI) is dealing with a small crisis. As it turns out the RIAA failed to mention to its partners that the “impartial and independent” technology expert they retained previously lobbied for the music industry group. In a response to the controversy, CCI is now considering whether it should hire another expert to evaluate the anti-piracy monitoring technology.

Starting next month the MPAA, RIAA and five major Internet providers in the United States will start punishing persistent BitTorrent pirates,

The scheme is being coordinated by the Center for Copyright Information (CCI) who agreed to hire an impartial and independent expert to review the evidence that will be used to accuse suspected subscribers.

However, earlier this week the news broke that the touted independent technology expert, Stroz Friedberg, is not so neutral. In fact, the company is a former RIAA lobbying firm.

The lobbying job earned the company more than half a million dollars ($637,000), which makes it hard to view the company as “independent and impartial” as the agreement between the copyright holders and ISPs requires.

In our initial report we already noted that it was rather surprising that, of all the available companies, this one was picked. Stroz Friedberg may operate without any bias, but given the public’s skepticism CCI should have anticipated the backlash.

That is, if they knew about Stroz Friedberg’s history with the RIAA.

A source at the CCI tells TorrentFreak that the RIAA had not informed the participating Internet providers or CCI’s Executive Director Jill Lesser about this unfortunate relationship. Our report on Monday came as a complete surprise to them, and it has been the topic of a heated internal discussion during the days that followed.

While Jill Lesser appears to be unaffected by the controversy in her comments to the press, she and the board members are facing a small crisis which they plan to “do something” about shortly.

TorrentFreak was informed that behind the scenes a few options have been discussed this week.

The first option that’s being considered is to make Stroz Friedberg’s review of the BitTorrent tracking technology public. This would allow the world to see whether it was done properly, as opposed to taking CCI’s word that everything is in order.

A second option that has been discussed is to hire another independent expert, possibly an academic, to confirm that Stroz Friedberg did a proper review.

Initially some forces at the CCI pushed to deliver a quick response to alleviate the concerns about the impartiality of the review, but things appear to be moving slowly. TorrentFreak is informed that it might take a week or two before the group makes an announcement.

Ironically enough, the CCI owes most of the bad press it received over the past months to itself. The group has been very reluctant to give out information to the public, thereby allowing rumors to continue and conspiracy theories to bubble up.

This might be a good time for them to start realizing that sharing information is not always a bad thing.
https://torrentfreak.com/riaa-failed...rtners-121026/





Illegal File-Sharer Gets Slapped with $1.5 Million in Damages

In the largest BitTorrent damages award ever, a judge orders Kywan Fisher to pay an exorbitant amount of money for sharing 10 movies on the file-sharing site.
Dara Kerr

The damages award against illegal file-sharer Kywan Fisher will most likely send him to the poor house. Illinois federal court Judge John Lee ordered Fisher to fork out $1.5 million to adult entertainment company Flava Works this week, according to TorrentFreak.

Flava Works sued Fisher for sharing 10 movies he'd previously paid for via BitTorrent. The damages award amount was reached by fining Fisher $150,000 per movie. This is the largest damages award ever ordered in a BitTorrent case.

Flava Works caught Fisher sharing its movies by tracing the illegal copies he was accused of sharing back to him using an encryption code inserted in the films he originally bought.

"Defendant's conduct was willful to the extent that he copied or distributed Flava Works, Inc.' intellectual property at least 10 times and caused the videos to be infringed or downloaded at least 3,449 times," Flava Works wrote in a legal memo in support of damages.

Hundreds of lawsuits have been filed against users who have illegally shared copyrighted material on BitTorrent. One of the most well known instances is when movie studio Voltage Pictures sued more than 27,000 individuals who allegedly downloaded the Oscar-winning film "The Hurt Locker."

Many of these lawsuits have been dropped or settled because finding hard evidence against alleged file-sharers is typically difficult. Many cases relied on evidence based on users' IP addresses. But, in May, a U.S. federal judge ruled that an IP address alone was not enough to accuse a specific individual of illegal downloads.

The difference in Fisher's case is that Flava Works had the additional encryption code evidence against him.

According to TorrentFreak, one of the reasons that Fisher was slapped with such exorbitant damages is because he didn't show up in court and therefore didn't have any defense.

"Given the materials submitted by Plaintiff in support of its motion and in light of the absence of any objection by Defendant, Plaintiff's motion for entry of default against defendant 11 is granted. Judgment is entered in favor of the Plaintiff Flava Works, Inc., and against the Defendant Kywan Fisher in the amount of One Million Five Hundred Thousand Dollars ($1,500,000.00)," Judge Lee's judgement reads, according to TorrentFreak.
http://news.cnet.com/8301-1023_3-57544158-93/illegal-file-sharer-gets-slapped-with-$1.5-million-in-damages/





$1.5 Million Default Judgment Against Kywan Fisher (Flava Works INC., 1:12-cv-01888, NDIL)

Let me just start off by saying this is not your typical pornography Copyright Troll case. At the start it looked like a typical one where Plaintiff/Troll filed a single case against 15 named defendants (27 Oct 11). On 7 Mar 12, the court agreed with one of the defendant’s motion and severed all the defendants because there was no evidence to support joinder. A separate case was initiated against Fisher and Plaintiff paid the $350 filing fee.

In the Second Amended Complaint (SAC), Plaintiff states all of the defendants resided outside of IL, with one even living in Fiorenzoula, Italy. Plaintiff claims the jurisdiction is correct because IL is one of its primary places of its business and also due to the IL Long Arm Statute. On 7 Dec 11, Plaintiff served a summons/complaint on Fisher at his residence in Hampton, VA. Fisher declined to respond to the summons and Plaintiff moved for a default judgment. On 9 Aug 12, Fisher failed to appear for a default motion hearing and the court granted the default judgment for Plaintiff. Plaintiff later submitted a memorandum and affidavit in support of damages against Fisher. On 30 Oct 12, the court issued an order against Fisher for $1.5 million, plus costs; Plaintiff was also awarded reasonable attorneys fees and costs. The court granted Plaintiff the maximum statutory damages for 10 movies (10 X $150K).

So What Is The Difference?

The case against Fisher was different because he was a paid member of a Flava site. When he joined the Web site, Fisher agreed to not copy and distribute Plaintiff’s movies. Plaintiff stated Fishers’s account downloaded 10 movies and they were later found on two torrent Web site. One of the torrent Web sites showed the 10 movies were downloaded a total of 3416 times. Plaintiff told the court they knew the movies found via the torrent Web site were from Fisher’s account because each time a person downloads a movie, a small code identifying the account is written to the file. Flava’s account code was “xvyynuxl”.

It does look pretty bad for Fisher, but there are other possibilities to consider. First off, the information provided by Plaintiff does tie back to Fisher’s ACCOUNT. It is extremely possible Fisher was responsible for this, but what if a roommate or a friend took the movies from Fisher’s computer without his knowledge and decided to upload them as a torrent? Yes I’m playing Devil’s Advocate for a reason. Or his system was hacked or infected with malware and the user name and password was exfiltrated off the system. Note the simple password; that is an indication of piss-poor security at that Web site. Plaintiff shows Fisher’s AOL email account and IP address. Did they bother to get a subpoena and see who the registered account hold of these accounts was? Or from the credit card account? In all likelihood, these will probably come back to Fisher, but that is something Plaintiff should have done. As Fisher decided to ignore the summons, the Troll only had to do the minimal amount of work to prove their case.

So What Does This Mean For The Rest Of Us?

I assume the Trolls will be updating their settlement letters and emails to reflect this default judgment. I also expect we will have John Steele make a few drunken posts claiming a victory against piracy. This should be an example of what NOT to do – ignore a court summons. This was not the normal Copyright Troll case – there was some actual evidence beyond a public IP address. Not a smoking gun by far, but certainly enough to show a preponderance of evidence.

I expect Fisher has little to no assets the Plaintiff will be able to come after, but the judgment in my opinion is more beneficial as a threatening story to scare Does into settling. I did like it that Plaintiff was taking some steps to protect its content. I bet after this gets out, people will be editing out the code section once they locate it.

One unexpected thing this judgment may bring out is if Plaintiff may not be able to sue anyone else who downloaded the same movies (with Fisher’s account code “xvyynuxl”). I would certainly make a claim that the 3416+ personnel who downloaded these movies were jointly and severally liable with Fisher – his account downloaded and shared the movies). That would mean that only fisher could go after those people for damages. I’m not a lawyer, but I have certainly heard worse arguments from some Trolls.

DieTrollDie
http://dietrolldie.com/2012/11/01/1-...cv-01888-ndil/





Camcording Movie Pirates Sentenced to Prison
David Kravets

Two members of the in-theater camcording gang known as IMAGiNE Group were sentenced Friday to lofty prison terms.

Sean Lovelady, 28, of California, was handed 23 months and had agreed to cooperate with the authorities. Willie Lambert, 57, of Pennsylvania, was given 30 months and ordered to pay $450,000 in restitution, the authorities said.

Two other men connected to the group have also pleaded guilty and are to be sentenced soon.

According to the indictment, “The conspirators informally identified themselves as the IMAGiNE Group and sought, among other things, to be the premier group to first release to the internet copies of new motion pictures only showing in movie theaters.”

Group members would audio-record films such as Friends With Benefits and Captain America: The First Avenger. Others members would record the film at a theater with a camcorder. Then the sound and video would be combined into a full-featured movie, the authorities said.

Other films the group recorded and uploaded included The Men Who Stare at Goats, Avatar, Clash of the Titans, Iron Man 2, The Sorcerer’s Apprentice, and, among others, The Green Hornet.

The authorities said the group utilized servers in France, Canada and the United States to offer in-theater-only movies from websites like unleashthe.net, pure-imagination.us and pure-imagination.info.

The indictment said the group accepted donations “to fund expenses, including the cost of renting servers used by the conspirators, and to accept payments for the unauthorized distribution and sale of pirated copies of copyrighted works.”

The indictment alleges that the IMAGiNE Group’s websites included member profiles, a torrent tracker, discussion forums and a message board.
http://www.wired.com/threatlevel/201...irates-prison/





Police Need New Internet Surveillance Tools, Say Chiefs

Bill C-30 would give police access to internet communications without a warrant
CBC News

The Canadian Association of Police Chiefs is calling on the federal government to pass its controversial internet surveillance bill so police can fight cybercrime more effectively.

Association president and Vancouver police Chief Jim Chu says he is concerned Bill C-30 will die on the order paper, meaning officers investigating criminal activity on cellphones and the internet will still have to get a warrant every time they want to intercept communications by cybercriminals.

"Law enforcement continues to be handcuffed by legislation introduced in 1975, the days of the rotary telephone," said Chu on Friday morning in Vancouver.

Bill C-30 was introduced by Public Safety Minister Vic Toews last winter and was immediately criticized by many groups concerned about the sweeping powers it would give the government to track the ordinary activities of citizens online without judicial oversight.

Bill C-30 stalled in the House

The legislation was tabled in the House but has not been debated since a massive public backlash when it was released.

But Chu insists it's not about spying — it's about getting timely information from telecommunications providers.

"If we don't take a strong stance on this issue Canadians won't appreciate the limitations that constrain law enforcement in the cyberworld," said Chu on Friday in Vancouver.

Chu said that if Bill C-30 passes internet and cellphone providers will have to release the name, address, phone number, email and IP information of suspects to police.

That's essential in this era of gangsters and cyberbullies, he said.

Deputy police chief Warren Lemcke agrees.

"Like the chief said, I can tell you right now there are gangsters out there communicating about killing someone and we can't intercept that," said Lemcke.
Critics question unchecked powers

Section 34 of the bill essentially would give any government appointed agents, who may or may not be a police or intelligence officer, the right to access and copy any information and documentation collected by internet providers and telecommunications companies, without the need for a warrant, judicial oversight or even a criminal investigation.

It would also require those communications companies to install the surveillance technology and software necessary to enable them to monitor and gather phone and internet traffic for the government.

Critics say the information will be more vulnerable to hackers and consumers will end up paying for the cost of the equipment needed for companies to implement the legislation.

Chu said he agrees that Section 34 is problematic.

"While the CACP endorses Bill C-30, we would like to make it clear there is one part of the bill that has posed concerns to some and we share that concern," Chu said in a release.

"It is easy to understand why some might conclude from that wording that inspectors would have unfettered access to Canadians' personal records when doing these inspections. While we realize that's not the intention of this section, this must be clarified."
http://www.cbc.ca/news/canada/britis...veillance.html





FBI Accused of Dragging Feet on Release of Info About "Stingray" Surveillance Technology
Ryan Gallagher

Tracking cell phones by tricking them into operating on a bogus network is a law enforcement tactic shrouded in secrecy. Now the FBI is under pressure to release information about it—but the bureau doesn’t want to let go of 25,000 pages of documents on sophisticated cell surveillance technology.

In an Arizona court case last year (U.S. v. Rigmaiden), it emerged the FBI had used a “cell-site simulator” in order to track down a suspect. The portable equipment, sometimes described as either an “IMSI catcher” or a “Stingray,” covertly sends out a signal that dupes all phones within a specific area into hopping onto a fake network. The spy tool can force targeted phones to release unique identity codes that can then be used to track a person’s movements in real time.

Now, the Electronic Privacy Information Center is attempting to obtain internal FBI documents relating to the technology. EPIC is taking legal action to force the prompt disclosure of records concerning Stingray devices or other cell site simulator technologies, alleging that the FBI has “failed to comply with statutory deadlines” by not handing them over quickly enough following a freedom of information request made in February. The FBI has found 25,000 pages of documents that relate to the request, about 6,000 of which are classified—but says it may need up to three years to process the files before they can be released.

In a bid to appease EPIC’s grumbles about timescale, earlier this month the bureau released a 0.3 percent slither of the 25,000. The meager 67 pages were heavily redacted—containing only a glossary of jargon that related to cell networks along with blanked out copies of an internal manual called "GSM cell phone tracking for dummies.” EPIC’s Alan Butler told me the FBI has promised to assess 1,000 documents per month, drip-releasing the portions it has deemed suitable for public consumption. But EPIC is asking that a district judge force the feds to disclose all of the non-classified documents within 60 days, with the 6,000 classified documents assessed for release within six months.

One reason stingray technology is particularly contentious is because by design they result in “collateral” snooping. During the Arizona court case, FBI special agent Bradley Morrison stated in an affidavit that “all wireless devices in the immediate area of the FBI device that subscribe to a particular provider may be incidentally recorded, including those of innocent, non-target devices.” (The FBI has insisted that the information it gathers using the tracking tools is routinely deleted, with a spokesperson telling the Wall Street Journal last year that "our policy since the 1990s has been to purge or 'expunge' all information obtained during a location operation.")

There are also questions about the constitutionality of how the technology is used. According to EPIC, the devices are sometimes deployed with no warrant—possibly rendering their use a violation of the Fourth Amendment, which prohibits unreasonable searches and seizures. The Supreme Court in January ruled that the use of GPS trackers constituted a “search,” but when it comes to mobile phone tracking the government has continued to argue that Americans should have no reasonable expectation of privacy over their location data.

Though more advanced versions of Stingray-style technology can intercept text messages and phone calls, the focus on the FBI’s use of the technology has predominantly concerned location tracking. The 25,000 documents held by the FBI likely contain sensitive and controversial details about the full capabilities of its cell surveillance gear—which could partially explain the bureau’s aversion to full disclosure.

But this isn’t just a federal-level issue. According to a report by LA Weekly last month, state cops in California, Florida, Texas, and Arizona have also used Stingray technology. Farther afield, in the Czech Republic, there are concerns that similar devices may be in the hands of criminals. And DIY Stingrays can be built by anyone with $1,500 to burn and a bit of hacker savvy. One way to help protect yourself is to use encryption. Another is to revert back to a 1980s mindset by scrapping your cell phone and sticking to landlines.
http://www.slate.com/blogs/future_te...documents.html





US, Canada Launch Joint Cybersecurity Plan
AFP

Canada and the United States announced Friday they were launching a joint cybsersecurity plan to protect their digital infrastructure from online threats.

The action plan, under the auspices of the US Department of Homeland Security and Public Safety Canada, aims to better protect critical digital infrastructure and improve the response to cyber incidents.

"Canada and the US have a mutual interest in partnering to protect our shared infrastructure," said the Public Safety Minister Vic Toews.

"We are committed to working together to protect vital cyber systems, to respond to and recover from any cyber disruptions and to make cyberspace safer for all our citizens."

Homeland Security Secretary Janet Napolitano said the plan "reinforces the robust relationship" between their two agencies.

Through the plan, Washington and Ottawa hope to improve collaboration on managing cyber incidents between their respective cyber security operation centers, enhance information sharing and engagement with the private sector and pursue US-Canadian collaboration to promote cyber security awareness to the public.

The announcement came after the US House Intelligence Committee warned earlier this month that equipment supplied by Chinese telecoms groups Huawei and ZTE could be used for spying and called for their exclusion from government contracts and acquisitions.
Canada later invoked a "national security exception" that could exclude China's Huawei Technologies from a role in helping build its new super secure government network.
https://www.securityweek.com/us-cana...rsecurity-plan





Irked by Cyberspying, Georgia Outs Russia-Based Hacker -- With Photos

In an unprecedented move, Georgia reveals startling details of a hacker it says is stealing its confidential information
Jeremy Kirk

In one of the photos, the dark-haired, bearded hacker is peering into his computer's screen, perhaps puzzled at what's happening. Minutes later, he cuts his computer's connection, realizing he has been discovered.

In an unprecedented move, the country of Georgia -- irritated by persistent cyber-spying attacks -- has published two photos of a Russia-based hacker who, the Georgians allege, waged a persistent, months-long campaign that stole confidential information from Georgian government ministries, parliament, banks and NGOs.

The photos are contained in a report that alleges the intrusions originated from Russia, which launched a five-day military campaign in August 2008 against Georgia that was preceded by a wave cyberattacks.

The photos of the hacker were taken after investigators with the Georgian government's Computer Emergency Response Team (Cert.gov.ge) managed to bait him into downloading what he thought was a file containing sensitive information. In fact, it contained its own secret spying program.

The hacker had been tricked and hacked, with his mugshot taken from his own webcam.

Georgia began investigating the cyber spying linked to the hacker in March 2011 after a file on a computer belonging to a government official was flagged as "suspicious" by a Russian antivirus program called Dr. Web.

The investigation uncovered a sophisticated operation that planted malicious software on numerous Georgian news websites, but only on pages with specific articles that would interest the kinds of people that the hacker wanted to target, said Giorgi Gurgenidze, a cyber security specialist with Cert.gov.ge, which handles computer security incidents.

The news stories selected to attract victims had headlines such as "NATO delegation visit in Georgia" and "US-Georgian agreements and meetings," according to the report, jointly published with Georgia's Ministry of Justice and the LEPL Data Exchange Agency, which is part of the ministry.

CERT-Georgia won't say exactly who that first infected computer belonged to. But what followed is best described as an epic electronic battle between Georgia's good guys and a highly skilled hacker -- or likely team of hackers -- based in Russia.

The agency quickly discovered that 300 to 400 computers located in key government agencies were infected and transmitting sensitive documents to drop servers controlled by the hacker. The compromised computers formed a botnet nicknamed "Georbot."

The malicious software was programmed to search for specific keywords -- such as USA, Russia, NATO and CIA -- in Microsoft Word documents and PDFs, and was eventually modified to record audio and take screenshots. The documents were deleted within a few minutes from the drop servers, after the hacker had copied the files to his own PC.

Georgia blocked connections to the drop servers receiving the documents. The infected computers were then cleansed of the malware. But despite knowing his operation had been discovered, the hacker didn't stop. In fact, he stepped up his game.

In the next round, the hacker sent a series of emails to government officials that appeared to come from the president of Georgia, with the address "admin@president.gov.ge." Those emails contained a malicious PDF attachment, purportedly containing legal information, with an exploit that delivered malware.

Neither the exploit nor the malware were detected by security software.

The PDF attacks used the XDP file format, which is an XML data file that contains a Base64 encoded copy of a standard PDF file. The method at one time evaded all antivirus software and intrusion detection systems. It was only in June of this year that the U.K.'s Computer Emergency Response Team warned of it after its government agencies were targeted. Georgia saw such attacks more than a year prior to the warning.

That was one of the major clues that Georgia wasn't dealing with an average hacker, but one who may have been part of a team with solid knowledge of complex attacks, cryptography and intelligence.

"This guy had high-class skills," Gurgenidze said.

Throughout 2011, the attacks continued and became more sophisticated. Investigators found the hacker was connected with at least two other Russian hackers as well as a German one. He was also active on some cryptography forums. Those clues, along with some weak security practices, allowed investigators to get closer to him.

Then, an irresistible trap was set.

They allowed the hacker to infect one of their computers on purpose. On that computer, they placed a ZIP archive entitled "Georgian-Nato Agreement." He took the bait, which caused the investigators' own spying program to be installed.

From there, his webcam was turned on, which resulted in fairly clear photos of his face. But after five to 10 minutes, the connection was cut off, presumably because the hacker knew he had been hacked. But in those few minutes, his computer -- like the ones he targeted in the Georgian government -- was mined for documents.

One Microsoft Word document, written in Russian, contained instructions from the hacker's handler over which targets to infect and how. Other circumstantial evidence pointing to Russian involvement included the registration of a website that was used to send malicious emails. It was registered to an address next to the country's Federal Security Service, formerly known as the KGB, the report said.

"We have identified Russian security agencies, once again," it concludes.

Because of the strained relations between Russia and Georgia, it's unlikely the hacker -- whose name was not revealed -- would ever be prosecuted if he lives in Russia.
http://www.networkworld.com/news/201...ts-263790.html





As of Today, the FBI is Working 24/7 to Investigate Hackers and Network Attacks
Emil Protalinski

The Federal Bureau of Investigation (FBI) is finally stepping up its game when it comes to hackers. Maybe it was Anonymous that did it or maybe it was statements from the US Secretary of Defense two weeks ago, but either way, the FBI is now hunting hackers 24/7.

You’re not the only one who was under the impression that the FBI was already doing this. Yet only today, the agency announced that it has been working on this new initiative for the past year. Its goal is to “uncover and investigate web-based intrusion attacks and develop a cadre of specially trained computer scientists able to extract hackers’ digital signatures from mountains of malicious code.”

The FBI is forming relationships with the technical leads at financial, business, transportation, and other critical infrastructures, plus it has hired specialists to work at its Cyber Division’s Cyber Watch command. Starting today, investigators in the field can send their findings to the centre, which will be operating 24/7, looking for patterns or similarities in reported cases.

The division’s main focus is now cyber intrusions, working closely with the Bureau’s Counterterrorism and Counterintelligence divisions. More importantly, the FBI-led “National Cyber Investigative Joint Task Force” (NCIJTF), as it’s being called, will share information with partner intelligence and law enforcement agencies, including the Departments of Defense, Homeland Security, and the National Security Agency.

Special Agent Richard McFeely, executive assistant director of the Bureau’s Criminal, Cyber, Response, and Services Branch, explains the NCIJTF is interested in “the attribution piece” of a cyber attack. Once they have that data, they can determine an appropriate response:

The attribution piece is: who is conducting the attack or the exploitation and what is their motive. In order to get to that, we’ve got to do all the necessary analysis to determine who is at the other end of the keyboard perpetrating these actions. We are obviously concerned with terrorists using the Internet to conduct these types of attacks. As the lead domestic intelligence agency within the United States, it’s our job to make sure that businesses’ and the nation’s secrets don’t fall into the hands of adversaries.

Ah, so it was the terrorist angle that did it. I guess that’s what it takes for the FBI to work 24/7 to and take hackers seriously.
http://thenextweb.com/us/2012/10/26/...twork-attacks/





U.S. Looks to Replace Human Surveillance with Computers

Security cameras that watch you, and predict what you'll do next, sound like science fiction. But a team from Carnegie Mellon University says their computerized surveillance software will be capable of "eventually predicting" what you're going to do.
Declan McCullagh

Computer software programmed to detect and report illicit behavior could eventually replace the fallible humans who monitor surveillance cameras.

The U.S. government has funded the development of so-called automatic video surveillance technology by a pair of Carnegie Mellon University researchers who disclosed details about their work this week -- including that it has an ultimate goal of predicting what people will do in the future.

"The main applications are in video surveillance, both civil and military," Alessandro Oltramari, a postdoctoral researcher at Carnegie Mellon who has a Ph.D. from Italy's University of Trento, told CNET yesterday.

Oltramari and fellow researcher Christian Lebiere say automatic video surveillance can monitor camera feeds for suspicious activities like someone at an airport or bus station abandoning a bag for more than a few minutes. "In this specific case, the goal for our system would have been to detect the anomalous behavior," Oltramari says.

Think of it as a much, much smarter version of a red light camera: the unblinking eye of computer software that monitors dozens or even thousands of security camera feeds could catch illicit activities that human operators -- who are expensive and can be distracted or sleepy -- would miss. It could also, depending on how it's implemented, raise similar privacy and civil liberty concerns.

A paper (PDF) the researchers presented this week at the Semantic Technology for Intelligence, Defense, and Security conference outside of Washington, D.C. -- today's sessions are reserved only for attendees with top secret clearances -- says their system aims "to approximate human visual intelligence in making effective and consistent detections."

Their Army-funded research, Oltramari and Lebiere claim, can go further than merely recognizing whether any illicit activities are currently taking place. It will, they say, be capable of "eventually predicting" what's going to happen next.

This approach relies heavily on advances by machine vision researchers, who have made remarkable strides in last few decades in recognizing stationary and moving objects and their properties. It's the same vein of work that led to Google's self-driving cars, face recognition software used on Facebook and Picasa, and consumer electronics like Microsoft's Kinect.

When it works well, machine vision can detect objects and people -- call them nouns -- that are on the other side of the camera's lens.

But to figure out what these nouns are doing, or are allowed to do, you need the computer science equivalent of verbs. And that's where Oltramari and Lebiere have built on the work of other Carnegie Mellon researchers to create what they call a "cognitive engine" that can understand the rules by which nouns and verbs are allowed to interact.

Their cognitive engine incorporates research, called activity forecasting, conducted by a team led by postdoctoral fellow Kris Kitani, which tries to understand what humans will do by calculating which physical trajectories are most likely. They say their software "models the effect of the physical environment on the choice of human actions."

Both projects are components of Carnegie Mellon's Mind's Eye architecture, a DARPA-created project that aims to develop smart cameras for machine-based visual intelligence.

Predicts Oltramari: "This work should support human operators and automatize video-surveillance, both in military and civil applications."
http://news.cnet.com/8301-1009_3-575...ith-computers/





Cybersecurity Bill Likely Dead
Jennifer Martinez

Cybersecurity legislation faces long odds of passing Congress this year despite forceful calls for action from the White House and Defense Secretary Leon Panetta.

After Panetta warned in a speech last month that the cyber threat facing the United States represents a "pre-9/11 moment," Senate Majority Leader Harry Reid (D-Nev.) said he planned to bring cybersecurity legislation to the floor in November and take another shot at clearing a bill through the upper chamber.

But there are several roadblocks that could prevent a bill from even reaching the Senate floor, and observers say Congress will likely punt the issue to next year.

One of the chief complicating factors is the packed docket of legislation the Senate needs to complete before adjourning at the end of the year.

"It's so hard. The timing is bad [and] the amount of work that has to be done in the lame duck is so substantial," said Stewart Baker, a partner at Steptoe & Johnson and former assistant secretary for policy at the Department of Homeland Security.

Another key question mark is whether both parties have the political will to hammer out a compromise. Senators met for weeks this summer to try and break the logjam over the Cybersecurity Act of 2012 by Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine) — only to come up empty handed.

After Republicans blocked the Cybersecurity Act from moving forward to a vote, Senate Minority Leader Mitch McConnell (R-Ky.) and Sen. Kay Bailey Hutchison (R-Texas) said talks would continue on cybersecurity. They held out hope that legislation could be revived in the fall.

But industry sources say discussions lost steam after the bill was blocked, then came to a standstill as campaign season took hold.

"Not one thing has changed to shift the political dynamic to get [a bill] passed," said one tech lobbyist. "It's going to take a lot of time to find a compromise and it doesn't seem like they're fighting for one. I don't see either side feeling the pressure to compromise."

The lobbyist noted that even if a version of the Cybersecurity Act made it through the Senate, it's doubtful that it would get support in the House.

A departure from Hutchison’s office has added to the general feeling that the cybersecurity talks have lost momentum. Will Carty, who had been the point person for Senate Republicans on cybersecurity talks, left Capitol Hill in September to join Twitter's Washington shop.

Even Lieberman, the bill's lead author, isn't enthusiastic about the prospects for passing cybersecurity legislation before the end of the year. He is set to retire at the end of the session.

"The senator, by nature an optimistic man, puts the odds of passing comprehensive cybersecurity legislation in the lame duck session at less than 50-50," said Leslie Phillips, a spokeswoman for the Senate Homeland Security and Government Affairs Committee that Lieberman chairs.

The outcome of the election will also affect whether a bill gets done. Baker said if GOP presidential candidate Mitt Romney wins the White House, his new administration would determine the legislative path forward on cybersecurity. It would also determine whether to carry over a cyber executive order from the Obama administration — assuming one is issued at all.

"I don't think an executive order on this topic by a president that's just been defeated is likely," Baker said.

Still, Baker said Republicans might be more open to compromise on cybersecurity legislation if Obama wins and the White House puts forward an aggressive draft executive order.

The executive order, if issued, will likely be released in December, but could come as early as mid-November, according to a former administration official.

During a keynote address this week, Homeland Security Secretary Janet Napolitano said the draft order has been circulated but "the president has not had the opportunity to review or make a final decision about it." She said the administration will be keeping a close eye on whether the Senate can make any progress on a bill in the lame-duck session, but stands ready to issue the order.

"But again, my hope [and] the ideal way to go is through Congress, but if Congress cannot act, then the executive branch is going to have to," Napolitano said.
http://thehill.com/blogs/hillicon-va...ad-in-congress





Senate Likely to Revisit Cyber Bill When Congress Returns
Andrea Shalal-Esa

Senate Majority Leader Harry Reid hopes to reintroduce cyber security legislation opposed by business groups once lawmakers return after Tuesday's election, a Senate aide said, adding that a White House executive order might pave the way for a compromise on the bill.

Senator Joe Lieberman, one of the authors of the bill, would consider dropping a provision aimed at shoring up protection of critical infrastructure that had raised concerns among Senate Republicans, if that issue could be addressed in an executive order, Jeffrey Ratner, senior adviser for cybersecurity on the Senate Homeland Security Committee, said Wednesday.

Lieberman, who heads the committee, "wants legislation, but he's willing to focus on the rest of this bill, because there are important things there that he believes need to be implemented," Ratner said after a cyber security event hosted by the Washington Post.

"That is the easiest mechanism but we're open to other things," Ratner said, noting that Lieberman viewed it as critical to move ahead on a measure that would increase information-sharing between intelligence agencies and private companies.

He said final decisions on how to proceed would be made depending on the outcome of the election, but the cyber security bill was one of the first items Reid wanted to tackle when lawmakers came back to Washington.

The Senate bill floundered in August after just 52 of the 60 votes needed to advance the bill to a final vote were secured. Business groups opposed what they viewed as over-regulation, while privacy groups worried that the measure would open the door to Internet eavesdropping.

But congressional aides and cyber experts say the bill could get some fresh momentum given a spate of cyber attacks in recent weeks targeted at banks and financial institutions, as well a virus that disabled more than 30,000 computers at Saudi Arabia's state oil company, ARAMCO.

Defense Secretary Leon Panetta gave a major policy speech earlier this month about cyber threats, and the White House is expected to issue an executive order to increase oversight of security measures in the private sector.

CONCERN ON VULNERABILITIES

Homeland Security Secretary Janet Napolitano on Wednesday again urged Congress to pass legislation that would help expand information-sharing between the government and private industry, noting that U.S. financial institutions and stock exchanges had already been targeted.

"We know there are … vulnerabilities. We are working with them on that," Napolitano told executives at the Washington Post event. She said her agency was trying to adopt a more proactive approach to anticipate the next sector that could be targeted, noting that the U.S. energy sector was a particular concern.

James Lewis, cyber expert at the Center for Strategic and International Studies, said one possibility might be to conference the Senate bill and a separate, bipartisan measure introduced in the House of Representatives by Chairman of the House Intelligence Committee Mike Rogers and the top Democrat on that panel, C.A. Ruppersberger.

The idea, he said, would be to come up with some "minimally acceptable, passable thing."

Dmitri Alperovitch, chief technology officer of CrowdStrike, said passing legislation was only part of the solution and congressional passage of a watered-down bill might make it tough to get other needed changes enacted in coming years.

He said private companies and the government already shared information, but the bigger issue was that the government had been unwilling to take action against cyber attackers, even in cases involving major penetrations of private networks.

"We're having the wrong debate," he said, noting that private companies were also nervous about sharing information with the government given leaks in previous cases. "What's the benefit of information-sharing if you're not going to act on the information?"

(Editing by Cynthia Osterman)
http://www.reuters.com/article/2012/...89U1QK20121031





Judge Prods FBI Over Future Internet Surveillance Plans

Federal judge tells FBI to do more to comply with open government laws when disclosing what backdoors it wants Internet companies to create for government surveillance.
Declan McCullagh

A federal judge has rejected the FBI's attempts to withhold information about its efforts to require Internet companies to build in backdoors for government surveillance.

CNET has learned that U.S. District Judge Richard Seeborg ruled on Tuesday that the government did not adequately respond to a Freedom of Information Act request from the Electronic Frontier Foundation.

Seeborg, in San Francisco, ordered (PDF) a "further review of the materials previously withheld" in the lawsuit, which seeks details about what the FBI has dubbed "Going Dark" -- the bureau's ongoing effort to force companies including Apple, Microsoft, Facebook, Yahoo, and Google to alter their code to ensure their products are wiretap-friendly.

"We must ensure that our ability to obtain communications pursuant to court order is not eroded," FBI Director Robert Mueller told a U.S. Senate committee in September. Currently, Mueller said, many companies "are not required to build or maintain intercept capabilities."

The FBI says lawful investigations are thwarted because Internet companies aren't required to build in back doors in advance, or because technology doesn't permit it. In May, CNET reported that the bureau has quietly asked Web companies not to oppose a law that would levy new wiretap requirements on social-networking Web sites and providers of VoIP, instant messaging, and Web e-mail. During an appearance two weeks later at a Senate hearing, Mueller confirmed that the bureau is pushing for "some form of legislation."

Judge Seeborg's ruling this week also ordered the FBI to make it more obvious which Going Dark-related documents were being withheld from public view, something the EFF said has been unreasonable and confusing. He gave both sides 15 days to "meet and confer to negotiate a timetable for the FBI to complete" its revisions.

Seeborg did not, however, make a final ruling about what must be turned over. The Justice Department says it has identified 2,662 pages that might be relevant and has turned over 707 pages. For its part, the EFF argues that they've been heavily redacted -- or had pages completely removed -- in violation of open-government laws.

David Hardy, section chief for the FBI's record management division, had told the court that internal documents about a congressional briefing should not be released in full because:

Publicity (adverse or otherwise) regarding any internal FBI development projects (e.g. National Electronic Surveillance Strategy), and legislative strategy to make amendments to outdated laws, that these congressional staffers, and DOJ representatives, may be requested to provide input on, may seriously prejudice their effectiveness in helping on other developmental projects, and legislative strategies.... These employees may have to give input on the development of strategy plans, like developing ways to enhance ELSUR [electronic surveillance] capabilities through legislative amendments.... The publicity associated with the release of these congressional staffers involved with an FBI developmental project could trigger hostility toward a particular employee....

An FBI representative declined to comment to CNET, citing the ongoing litigation. Jennifer Lynch, an EFF staff attorney, said: "It's nice to have a court say the government can't do that." Lynch said the ruling shows that the government has "to make an effort" to comply with the entirety of FOIA.

The EFF in 2009 requested "all records" about Going Dark. Its second FOIA request, in 2010, asked for examples of surveillance being thwarted on social networks and Skype, as well as documents relating to congressional briefings and meetings with industry representatives.

The FBI's proposal would amend a 1994 law, called the Communications Assistance for Law Enforcement Act, or CALEA, that currently applies only to telecommunications providers, not Web companies. From the FBI's perspective, expanding CALEA to cover VoIP, Web e-mail, and social networks isn't expanding wiretapping law: If a court order is required today, one will be required tomorrow as well. But privacy groups and civil libertarians -- and Internet companies -- are hardly likely to embrace the idea.

Representatives of the FBI's Electronic Surveillance Technology Section in Chantilly, Va., began quietly lobbying the FCC nearly a decade ago to force broadband providers to provide more-efficient, standardized surveillance facilities, which CNET was the first to disclose. The FCC approved that requirement a year later, sweeping in Internet phone companies that tie into the existing telecommunications system. It was upheld in 2006 by a federal appeals court.

But the FCC never granted the FBI's request to rewrite CALEA to cover instant messaging and VoIP programs that are not "managed" -- meaning peer-to-peer programs like Apple's FaceTime, iChat/AIM, Gmail's video chat, and Xbox Live's in-game chat that use the Internet, not the public telephone network.
http://news.cnet.com/8301-13578_3-57...illance-plans/





The Kremlin’s New Internet Surveillance Plan Goes Live Today
Andrei Soldatov and Irina Borogan

On the surface, it’s all about protecting Russian kids from internet pedophiles. In reality, the Kremlin’s new “Single Register” of banned websites, which goes into effect today, will wind up blocking all kinds of online political speech. And, thanks to the spread of new internet-monitoring technologies, the Register could well become a tool for spying on millions of Russians.

Signed into law by Vladimir Putin on July 28, the internet-filtering measure contains a single, innocuous-sounding paragraph that allows those compiling the Register to draw on court decisions relating to the banning of websites. The problem is, the courts have ruled to block more than child pornographers’ sites. The judges have also agreed to online bans on political extremists and opponents of the Putin regime.

The new system allows ISPs not only to filter traffic, but to monitor it on a nationwide scale.

The principle of internet censorship is not a new one to the Russian authorities. For five years, regional prosecutors have been busy implementing regional court decisions requiring providers to block access to banned sites. To date this has not been done systematically: Sites blocked in one region remained accessible in others. The Register removes this problem.

The new system is modeled on the one that is used to block extremist and terrorist bank accounts. The Roskomnadzor (the Agency for the Supervision of Information Technology, Communications and Mass Media) gathers not only court decisions to outlaw sites or pages, but also data submitted by three government agencies: the Interior Ministry, the Federal Antidrug Agency and the Federal Service for the Supervision of Consumer Rights and Public Welfare. The Agency is in charge of compiling and updating the Register, and also of instructing the host providers to remove the URLs. If no action by the provider follows, the internet service providers (ISPs) should block access to the site in 24 hours. The host providers must also ensure they are not in breach of current law by checking their content against the database of outlawed sites and URLs published in a special password-protected online version of the Register open only to webhosters and ISPs.

Most importantly, however, the new Roskomnadzor system introduces DPI (deep packet inspection) on a nationwide scale. Although DPI is not mentioned in the law, the Ministry of Communications — along with the biggest internet corporations active in Russia — concluded in August that the only way to implement the law was through deep packet inspection.

“At the end of August, under the chairmanship of Communications minister Nikolai Nikiforov, a working group was held, drawing representatives of Google, SUP Media (the owner of the Livejournal social network), and of all the other big hitters. They discussed how to ensure that the [filtering] mechanism — they used the concrete example of YouTube — how to block a specific video, without blocking YouTube as a whole. And they reached the conclusion that pleased them all,” Ilya Ponomarev, a member of the State Duma and an ardent supporter of the law, told us.

Are we are talking about DPI technology? we asked.

“Yes, precisely.”

Most digital inspection tools only look at the “headers” on a packet of data –- where it’s going, and where it came from. DPI allows network providers to peer into the digital packets composing a message or transmission over a network. “You open the envelope, not just read the address on a letter,” said an engineer dealing with DPI. It allows ISPs not only to monitor the traffic, but to filter it, suppressing particular services or content. DPI has also elicited concern from leading privacy groups over how this highly intrusive technology will be used by governments.

“No Western democracy has yet implemented a dragnet black-box DPI surveillance system due to the crushing effect it would have on free speech and privacy,” said Eric King, head of research at Privacy International. “DPI allows the state to peer into everyone’s internet traffic and read, copy or even modify e-mails and webpages: We now know that such techniques were deployed in pre-revolutionary Tunisia. It can also compromise critical circumvention tools, tools that help citizens evade authoritarian internet controls in countries like Iran and China.”

“There are basically two functions in DPI — filtering and SORM,” added IBM East Europe Business Development Director Boris Poddubny, referring to the Russian government surveillance system for monitoring both internet traffic and phone calls. “There may be devices to copy traffic. DPI helps analyze it. And there will be a detailed log: what is downloaded by whom, and who looked for what on the internet.”

September of 2012 saw several prosecutors request that access to the “Innocence of Muslims” video be blocked in various different Russian regions. On Sept. 27, the three largest mobile and internet service providers — MTS, VimpelCom and Megafon — restricted access to the inflammatory movie trailer. VimpelCom blocked access to websites that posted the video, which made YouTube as a whole inaccessible in Chechnya, Dagestan, Kabardino-Balkaria, Ingushetia, Karachay-Cherkessia, North Ossetia and the Stavropol Region. But MTS and Megafon succeeded in blocking access just to the video itself thanks to DPI.

It seems the Russian authorities have been busy testing the ground in applying the most advanced internet-censorship technologies, an idea that has obsessed the Kremlin for the last two years.

After the Arab Spring, the Kremlin gave serious thought to developing facilities for averting “enemy activity” on the Russian internet. The problem had, at various levels, been a hot topic since summer 2011. The Collective Security Treaty Organization (the Moscow-led regional defence alliance consisted of Russia, Belarus, Armenia, Kazakhstan, Kyrgyzstan and Tajikistan), member states’ heads of state, prosecutors general and the security services all addressed it. The growth of political activism in their countries and the role of social networking sites in mobilizing protesters only increased the paranoia.

Russia’s security services started developing a strategy for the blogosphere and social networking sites, but had not managed to develop anything concrete before the December 2011 protests that were prompted by Vladimir Putin’s campaign to return to the presidency. The services were used to dealing with threats of a more traditional nature, and were confused when faced with a protest organization with no center — but that instead worked through social networking sites.
‘This allows the state to peer into everyone’s internet traffic and read, copy or even modify e-mails and webpages.’

According to our sources in the secret services, on a technical level they were powerless to deal with social networks, especially any that were based outside of the country, such as Facebook and Twitter (“What can we do if [the pro-Chechen] Kavkazcenter opens a page on Facebook?” was their most desperate question).

Not surprisingly, the best the St. Petersburg Federal Security Service (FSB) department could do on the eve of the major protest rally in Bolotnaya Square on Dec. 10 was to send a fax to Pavel Durov, the creator of the St. Petersburg-based VKontakte social network, requiring him to close down protest groups. Durov refused. The next day, he was summoned to the St. Petersburg prosecutor’s office to explain himself. Durov did not attend, the story came out, and that was the end of the matter.

On March 27, 2012, this failure was indirectly recognized by the First Deputy Director of the FSB, Sergei Smirnov. At a meeting of the Regional Anti-Terrorist Structure within the Shanghai Cooperation Organization — an international group founded in 2001 by China, Russia and Central Asian states — Smirnov said: “New technologies are used by Western secret services to create and maintain a level of continual tension in society with serious intentions extending even to regime change…. Our elections, especially the presidential election and the situation in the preceding period, revealed the potential of the blogosphere.” Smirnov stated that it was essential to develop ways of reacting adequately to the use of such technologies and confessed openly that “this has not yet happened.”

The solution appears to have been found in the summer, when the State Duma approved the amendments, effectively raising the internet-filtering system to a nationwide level, thanks to DPI technologies.

Maybe because government officials had, for so many years, claimed that Russia could not adopt the Chinese and Central Asian approach to internet censorship, the solution took the national media, the expert community and the opposition completely by surprise.

In fact, the ground had been carefully prepared over a period of years, since DPI technology had first entered Russia in the mid-2000s for purely commercial reasons.

“We got our first client in 2004, it was Transtelecom. But it was its security department, so DPI was intended for its internal network,” said Roman Ferster, CEO of RGRCom company, the main distributor of Allot DPI technologies in Russia.

Ferster — short, stocky and energetic, with a slight Israeli accent — founded RGRcom in 2003 to sell telecom technologies made by Israeli corporations in Russia. Allot, which focuses exclusively on manufacturing DPI solutions, suited his business perfectly. His small team of just over 20 people is Allot’s exclusive partner in Russia. They helped install Allot devices in the Tatarstan region, in the Far East, in VimpelCom’s ISP network in Moscow, in the Ural regional operator’s network, and so on.

Ferster’s company also offers Russia technology that can solve the technical problem of blocking a single video clip instead of YouTube as a whole.

Allot initially targeted corporate networks and small regional ISPs, not the big long-distance providers and mobile operators. DPI did not really arrive in Russia until the end of the 2000s, and now many of the biggest DPI technology vendors have a presence in Russia: Canada’s Sandvine, Israel’s Allot, America’s Cisco and Procera, and China’s Huawei. By the summer of 2012, all three national mobile operators in Russia already had DPI at their disposal: Procera was installed in VimpelCom, while Huawei’s DPI solutions are in use in Megafon, and MTS bought CISCO DPI technology.

“The first bell rang in Russia when we got torrents. Because the torrents occupy all available bandwidth,” Ferster’s chief engineer Vasya Naumenko recalled. “When it began, operators came to think how to solve it. And it turned out that there is no other option except DPI. No switch, no router, not even Cisco, can solve the problem. This is the level of applications, and in any case it’s necessary to open the packets and see what’s inside.”

“Mobile operators faced with that when they presented the mobile internet. As soon as they began to distribute USB-modems, it became a problem,” confirmed IBM’s Poddubny.

Poddubny shared his thoughts in a Starbucks at the center of the most fashionable part of Moscow City, at the foot of the tower “City of Capitals” on the Moscow river bank, next to the IBM headquarters. It’s a striking contrast to RGRcom’s offices: a few rooms on the seventh floor in a modest business center in the outskirts of Moscow. “We saw that customers started being interested in DPI two-three years ago. This interest arose for one simple reason: peer-to-peer protocols. There are a lot of people who download audio and video files in large quantities. According to some studies, this accounts for over 80% of traffic.”

It appears that the only decision the mobile operators found was traffic shaping. This euphemism means that, thanks to DPI technology, mobile operators acquired a tool they could use to suppress particular services — in most cases torrents, peer-to-peer protocols and Skype, which poses a threat to the VoIP solutions made by the mobile operators themselves.

The ISPs turned out to be more hesitant in adopting DPI technologies. All the engineers we have interviewed, who deal with DPI in Russia, told us that most ISPs do not understand why they need to install this technology.

“The key difference in approaches is the tariff system. Mobile operators have lots of tariffs while ISPs enjoy a very strange position: it’s not clear how they intend to make money because they have turned themselves into the pipeline,” said Alexander Shkalikov, a Systems Engineer at Inline Telecom Solutions, the company that started to sell Sandvine in Russia in 2007 and is its main partner in the country. Inline Telecom has just installed DPI devices on the network of the national long distance operator Rostelecom in the Far East Region. “As a result, every region from Kamchatka to Yakutia got the Sandvine DPI,” said Shkalikov.

The introduction of the law requiring DPI to be in place has done nothing to change the internet service providers’ attitude, Shkalikov said. “Right now the ISPs want to shift the problem of the traffic control to someone else’s doorstep. They don’t want to buy DPI themselves, because it costs over $100,000 and small operators simply cannot afford it.”

That said, small ISPs seem to have already found a cheap solution, Shkalikov explained. “There is a big market of used CISCO DPI solutions, you can buy them for truly laughable sums. Something like $2,000 (in the US — in Russia the real figure is $7,000, bearing in mind that a new device costs over $100,000). And software can be stolen. CISCO is less functional than Sandvine, but it might at least satisfy the state regulator.”

The governments in many countries with questionable democracy and human rights records are fully aware of how to turn commercial advantages of DPI into the tool of suppressing dissent activity online. The secret services in Uzbekistan, for example, compel local providers to use DPI to change the URLs of discussion groups in social networks.

But there is another side of DPI technology that might benefit a repressive regime enormously. “There are basically two functions in DPI — filtering and SORM [the Russian government's legal interception system]. There are might be the devices to copy traffic and DPI helps to analyze it, and there will be the detailed log: what is downloaded by whom, and who looked for what on the internet,” said Boris Poddubny of IBM.

Technically, it poses no problem, Alexander Shkalikov of Inline Telecom confirmed. DPI allows for identification of those trying to access a site or page even if it’s blocked. “It’s possible to identify not only the IP, but logins, and that’s easier for the internet service provider. We advise our clients to configure DPI to work with logins. As a result they can have statistics about who is who. For example, some ISPs are interested in identifying who the spammers in their network are.”

In September 2012 it became clear, that DPI’s identification capabilities could be combined neatly with the Russian nationwide system of legal interception, the foundations of which were laid in Soviet times.

Crossed Lines

In the mid 1980s a KGB research institute developed the technical foundations of what was later to be known as SORM — a nationwide of automated and remote legal interception on all kinds of communications.

Full implementation of the project only happened in 1992, when the Ministry of Communications signed-off on the first SORM-related document, forcing telecom operators to allow the secret services to intercept phone conversations and mail. The public first became aware of SORM in 1998 when the FSB, Ministry of Communications, and supervisory agencies developed new regulations for installing interception devices on servers run by ISPs. In the first decade of the millennium, SORM equipment was installed by all ISPs and operators of mobile and landline networks.

If you know an opposition leader is a customer of a known operator, you can copy all of his traffic.’

Meanwhile, there is a principal difference between SORM and today’s DPI push. The SORM devices are manned by the agents of the secret services, while DPI technology is at the disposal of the ISPs and mobile operators. However, the line might be crossed very soon — which would suit the companies and the Ministry of Communications just fine.

On September 27, Russia’s largest information security conference featured a panel on “SORM in the Environment of Convergence.” The talk was intended for professionals, and the room in the international exhibition center Krokus Expo in the north of Moscow was filled with the chiefs of SORM departments at mobile operators and the Moscow city phone network, as well as representatives from surveillance equipment manufacturers. The most honored guest was Alexander Pershov, deputy director of the Department of State Policy at the Ministry of Communications.

DPI quickly emerged as one of the hottest topics of the discussion. Many in the room seemed certain that the only way to guarantee legal interception in the new era of cloud computing and communications is DPI technology. It was a conclusion that the representative of Huawei in Russia was only happy to support.

The idea of connecting SORM with operators’ DPI seemed not to bother anybody in the room. Alexander Pershov, long-serving official with the Ministry of Communications, outlined the Ministry’s general way of thinking: “The requirements for building networks need to be coordinated with the FSB to ensure that everything is done properly in terms of SORM.”

Technically it poses no problem, we were told by engineers dealing with DPI.

“Allot is perfectly compatible with SORM, and we know it,” Roman Ferster confirmed. “There is a very simple solution,” Alexander Shkalikov said. “We did it. [With] DPI, [we] can simply mirror traffic, not redirect it. This is very convenient because DPI [helps] you copy not all traffic but only a certain protocol or traffic of certain customers. For example, if you know that [Alexei] Navalny, one of the most famous opposition leaders, is a customer of a known operator, you may get all Navalny traffic to be copied through the DPI to the external system. It’s real. And it even shows you which sites he has been to.”

The surveillance technology that works for tracking Navalny can work for millions of Russians. And the switch gets flipped on today.

A joint investigation by Agentura.Ru, CitizenLab and Privacy International.
http://www.wired.com/dangerroom/2012...veillance/all/





Huawei Security Chief Says Embracing its Hacker Critics
Jeremy Wagstaff and Lee Chyen Yee

Under-fire Chinese telecoms equipment vendor Huawei Technologies Co Ltd is reaching out to one of its sternest critics: a hacker who accused it of making shoddy products.

John Suffolk, the company's global cybersecurity chief, told Reuters at a cybersecurity conference in New Delhi that he was sending a team of engineers to talk to German security researcher Felix Lindner, who has exposed vulnerabilities in the company's routers, from its $100 home Internet devices to multi-million dollar equipment run by telecommunications companies.

"We've very much taken on board Felix's views and you'll see over the coming period we've got a whole host of significant operations to deal with these issues," he said.

The move is a departure of sorts for Huawei, which has been battling critics on several fronts. It was last year blocked from bidding for a multi-billion dollar national broadband network contract in Australia over cyber-security fears.

A U.S. congressional committee recommended Washington to similarly bar Huawei and its Chinese rival ZTE Corp from being allowed to sell equipment to U.S. carriers.

INSPECTING HUAWEI'S CODE

Huawei has denied inserting deliberate backdoors in its products to allow for spying, and has invited governments to inspect its code.

In Britain, it set up a center to test out whether its products can withstand security threats, and has offered to set up something similar in both the United States and Australia.

But it has so far been reluctant to engage security researchers and hackers who challenge the company, something that Suffolk said was now changing, in part because of Lindner's allegations.

Suffolk, who was the British government's chief information officer before joining the Chinese company, said the team's trip to Germany had been slowed by visa issues, but would go ahead soon.

Lindner told Reuters after a presentation at a hacker conference in Kuala Lumpur earlier this month that, while he could not be sure there were no deliberate backdoors in the software, there was no evidence in the devices that he tested.

The problem, he said, was that the software was poorly written and left the equipment vulnerable to hackers.

Lindner's views fitted with a White House investigation that found no clear proof that Huawei was spying for the Chinese government, sources told Reuters earlier this month.

SYSTEMIC CHANGE

Suffolk said that Huawei had not sent anyone to attend an earlier presentation by Lindner in July but had done so for the Kuala Lumpur conference.

Their presence, he said, was not to dissuade Lindner from speaking but to see if he was revealing new information.

"We like these comments, although sometimes you think to yourself that's a bit of a slap in the face," Suffolk said.

"But sometimes you need a bit of a slap in the face to step back, not be emotive in your response, and say what do I systematically need to change so over time any these issues begin to reduce?"

The move to engage Lindner, Suffolk said, was part of a broader shift in Huawei's approach that he had led since joining the company in 2011.

He numbered among the changes making it easier for other security researchers to contact Huawei with vulnerabilities they have found. But his long-term goal, he said, was to change procedures to make all products more robust.

"I can fix the Felix issue in a few lines of code," he said. "But I'm interested in systemic change within Huawei."

Huawei's efforts to crack the lucrative U.S. market have been hurt by years of suspicion from U.S. lawmakers, who say the Shenzhen-based company, started by CEO Ren Zhengfei, a former Chinese military officer, has links with the Chinese government.

After an 11-month investigation, the U.S. House of Representatives' Intelligence Committee released a 52-page report urging U.S. firm to stop doing business with Huawei and its smaller rival ZTE due to potential influences from the Chinese government, which could pose security threats.

(Editing by Alex Richardson)
http://www.reuters.com/article/2012/...89U0DC20121031





On the Run with Murdoch's Pirates
Neil Chenoweth

What happens when one of the biggest media groups in the world sets up its own private security force? What happens when part of this operation goes rogue? Fairfax reporter Neil Chenoweth’s new book, Murdoch’s Pirates, investigates News Corporation’s links to worldwide piracy. Here is an extract from the book.

Toronto, 24 October 1997

Toronto is a mean town when you're looking for a bolthole. The operation was blown, and the agent was running. No ordered retreat here—this was panicked flight, strung out on adrenaline. Far beyond the threshold of fear and desperation, it is when the quarry knows his pursuers are close and all he wants in life is a place to go to ground.

Any halfway serious intelligence operation has an emergency plan. It's Spy Stuff 101 - in the world of John le Carré, a little in-house tradecraft. That means fallback options, safe houses, collateral assets to call on, a whole range of contingencies, a long way before you get round to explaining the really neat pension scheme. But it was long past any of that. Alex couldn't go back to the hotel, the telephone call had made that clear. It was the first place the police would look for him, after the Stop and Detain alert went out to the airports.

The order was to arrest him on probable cause. There were $25,000 in money orders in his hotel room and some expensive computer equipment, but Alex had to walk away from it all. This too was a measure of his distress, for he wasn't the sort of man who walked away from money easily.

Instead he was now heading across town to find another anonymous hotel room, all the time feeling his panic building. He cursed himself for using a credit card that might be traced, flung out of the new lodging and was back on the street. Toronto in late October had the chill of late Fall; a towering blonde German, he was trying to look inconspicuous. He managed to find another hotel, this one cheap and anonymous; he was jumpy as a cat, ready to flee if any police car cruised past. By morning he was in his fourth hotel. It seemed only a matter of time before his luck ran out.

In London, his controller was trying to work out where the operation had gone wrong. Ray Adams had made the travel arrangements himself. In a previous life he had been a Commander at Scotland Yard, running its intelligence division, S11. Now he ran a network of seventeen agents in Europe for Rupert Murdoch. He knew how to do this stuff. He had put Alex on a business class ticket on Lufthansa flight LH 474 at 5pm October 21 out of Frankfurt, to arrive in Toronto at 7.20 that same Tuesday evening. The return flight was a week later.

The complicating factor here was that Alex wasn't travelling alone. Adams had booked a ticket for Alex's wife as well. In part, it was because Adams didn't see any real danger. It would be a little vacation for her, a treat. Agents sometimes need something unexpected like that; their family needs to feel the love. It was just a chance to kick back, really. Think of it as a bit like Date Night, on Uncle Rupert's dime.

At an operational level (he didn't tell Alex this, let alone his wife) it was a nice domestic touch, to disarm the suspicions of the people Alex would be meeting. How could they think he was a spy when he brought his wife along with him? What kind of man puts his partner in danger as well? It was a gesture that has Trust Me written all over it. And the first meeting with the Canadian pirates had gone well. Then hours later they had ratted on him. Did it without a second thought. 'Sure I did it,' the pirate who fingered Alex tells me a decade later when I run him down. 'What's to think about? He was going to help the opposition. Of course I took him out.'

So now Alex and the missus were hotel hopping, on the run together in Toronto then across the US border, accompanied by a business associate of Alex's. Alex had wiped the hard drive of his laptop repeatedly during the night. It would take a very, very good forensic technician to retrieve anything from it. But that was still not completely out of the question.

And it had come to this. A hacker on the payroll of NDS, the arm of News Corporation that provided security for its pay-tv operations, was on the run from the police in two countries. The best prospect now that he had been smuggled across the border into the United States, was to fly him out through an airport with low security. If he was caught, the repercussions for NDS, for News Corporation and for Rupert Murdoch in the glare of publicity were potentially disastrous. The first question would be how News Corporation came to be involved in what looked like criminal piracy directed against NDS's biggest client, DirecTV. How had it come to this?

In late 1997 the story lines at NDS Operational Security were starting to tangle up. In 1996 NDS chief executive Abe Peled had faced a piracy problem that could kill his business. He had made the decision to set up his own security unit to fight the pirates who hacked and then sold their own versions of the NDS smartcards used by BSkyB and the big US satellite broadcaster DirecTV. These pirate smartcards meant anyone could watch the BSkyB and programs for free

He had hired Reuven Hasak, the former deputy head of Israel's internal security agency, Shin Beit, to run it. Hasak had hired Adams as European Security chief, and a former US Army intelligence officer, John Norris, for North America. They had arrested a string of pirates and hired some of Europe's best hackers, including Oliver Kömmerling in Germany, whose NDS codename was Alex.

At some point the mission had changed. Hasak and Peled had set up a Black Hat team in Haifa, which had been trained by Kömmerling to reverse engineer, or hack, NDS smartcards in the sophisticated lab he had helped them set up in Haifa. The theory was that Oliver and the Back Hat team would help show up weaknesses in the NDS cards. But by late 1997 the target for the Black Hat team had changed.

The decision had been made to reverse-engineer the smartcards of their competitors. But even with Oliver's help, doing this would not be simple. The first problem was to get hold of samples of the cards—blank ones from the manufacturer first of all, to practise on; then actual cards issued by the pay-television companies.

Adams emailed Oliver Kömmerling early on Tuesday, October 21 1997: 'Give me urgently a description of all the chips we want as samples.' Oliver replied with the specs on the Wednesday afternoon, October 22. What they needed was the card used by Canal Plus for its Seca card, plus the card then being used by Nagra. This was all very mundane, except that organising the wherewithal to hack NDS's competitors was unfolding right at the same time as NDS had decided to send Oliver on a mission. At the same time as he was orchestrating one of the biggest reverse-engineering events in history, Oliver was going undercover in Toronto.

It was called Operation Duck. It was Ray Adams' idea and, given the timing, it was perhaps the silliest thing that NDS had done to date. As with so much that would happen in the Murdoch empire over the next decade, it only made sense if those involved believed they would never be called to account.

The smartcards that NDS made for the huge US broadcaster DirecTV had been widely pirated. NDS agents would pose as pirates themselves in an attempt to find a major Canadian pirate ring. The problem that no one foresaw was that NDS never told DirecTV about its undercover operation, and DirecTV believed that Oliver was still a pirate.

Oliver (or Alex as he was known at NDS) and Vicky flew business class from Frankfurt to Heathrow and then to Toronto, arriving on Tuesday evening, October 21. They were joined in Toronto by John Luyando, a wheeler dealer in piracy circles who had worked with Oliver in the past. His NDS codename was Jellyfish and NDS's US security chief, John Norris, had a great scorn for him. The prize that Kömmerling was offering to pirates in Canada was a hack for DirecTV's P2 card. He had called one pirate dealer, Ron Ereiser, about it but Ron already had his hack, thanks to his Bulgarians, Plamen Donev and Vesco.

Back in August Oliver had spoken on the phone for almost an hour with Marty Mullin, a big piracy dealer in eastern Canada. Mullin would later testify that Oliver offered him a hack for EchoStar (the other big US satellite broadcaster), but Oliver denies this.

The goal of Operation Duck was for Oliver to program some DirecTV cards for local dealers and use this as a stepping stone to get to Mullin, who was one of the two biggest piracy dealers in North America. Mullin had his own hack for P2 cards and NDS dearly wanted to know who Mullin's hacker was.

By October 25 Oliver had been in Toronto four days and had programmed a swag of pirate cards, using a program he had ripped off another pirate hack. And he had been paid a lot of money. That evening, he met with two piracy dealers in a car and programmed a few cards for them with his portable programmer box, to demonstrate that it worked.

The following night Oliver received a call from a friend in London, a partner in his old piracy ring, who was sleeping with a woman who worked for Federal Express. 'He told me, these guys [from the previous night] sent a parcel to Larry Rissler,' Oliver recalls.

Rissler was a former FBI agent who headed the Office of Signal Integrity—the operational security division—of DirecTV, and he had been hunting Oliver for some time. One of the dealers Oliver had met was a Rissler informant and he had despatched a re-programmed smartcard by FedEx to his boss. The parcel would be with Rissler early the next morning—if it wasn't already there.

Oliver hit the alarm button. He booked out of his hotel with Vicky and Luyando and took a cab ride in the middle of the night twenty miles to the US border, crossed it and booked into a motel on the other side, along the southern Lake Ontario shore. But this was the wrong move because, while piracy might not be illegal in Canada, in the United States you did jail time for it. Forty-five minutes later, Ray Adams called. He said they had to get out.

In Los Angeles, Larry Rissler had already picked up that Oliver was heading into the US. He had entered Oliver's name in the US Customs database, flagged him with a Search and Detain order. For Rissler, Oliver was a glittering prize. For years he had been Enemy Number One for DirecTV, the man who consistently hacked and broke their cards for the pirates. He had no idea that Oliver was working for NDS, or that NDS would not tell him about something like this.

Now it was only a matter of time before Oliver was picked up. But here, in his moment of triumph, Rissler made a mistake. He made a courtesy call to John Norris, to let him know what was happening. It would have been hard not to show a little satisfaction that DirecTV had beaten NDS to the punch.

Norris said it was wonderful news. He didn't tell Rissler that Oliver worked for NDS, or that this was an NDS undercover operation. He just put down the phone and sent an urgent message to Adams, who then got on the phone. 'Adams phoned and told me to go—go quickly,' Oliver said. 'So I had to wake up Luyando, and tell him, “Come, we have to leave.”'

Then the three of them – Oliver/Alex, Luyando/Jellyfish and Vicky - left everything behind in the motel room—computer equipment, money orders, clothes—as they headed south and east, away from the border. They booked into another motel, only to panic when they saw police cars go by. They were back on the road, looking for a new place to hide.

'We did that twice. In the third motel we paid cash.'

Oliver was continually on the phone to Adams. He hadn't even touched the smartcards, he said, so there were no fingerprints. He hadn't personally programmed the card, even if it was his decoder the Canadians used to do it. And even if there was a print or a DNA trace of some kind, there was no continuity of evidence to say it was the card that Alex's decoder had programmed.

Adams was continually emailing Hasak in Jerusalem. It wasn't even a criminal offence to re-program cards in Canada, he said. A good lawyer should get him off. Adams argued with the desperate eloquence that graces a man who is fighting not just for his agent, but for his own job. This was a tricky situation that required managing, he said magisterially. Of course it seemed completely clear that this whole mess was the fault not of Adams, but of his colleague John Norris, who had alerted them to the airports alert that Rissler had put out.

'I am well ware of these provisions and know better than anyone their strengths and weakness,' Adams emailed furiously. 'A stop and detain alert is really a pathetic provision. It means that we have no evidence against this person ONLY suspicion so please stop him and if he has anything with him detain him and let us know.'

The arguments went back and forth as they struggled with the logistics of getting Alex out of North America. It would have to be from an airport with low security, and not a direct flight to Germany. From Jerusalem, Hasak hosed Adams and Norris down when the infighting grew too ugly. In Norris's view, this operation to make contact with pirates had been Adams' bright idea, riding roughshod over the North American operations. Now the blame was all Adams'. Norris had always been contemptuous of Rissler at DirecTV. 'He's a nice idiot,' Norris had told Oliver before the operation. When he was really snitty, Norris called Rissler a speechwriter. But the worm had turned.

'The only possible evidence that could ever have existed to connect Alex to the card was what was on his PC,' Adams later wrote to Hasak, reviewing the episode. Adams had Oliver/Alex reformat the drive and then disassemble the laptop into two parts, each of which was posted by two different courier companies to two different addresses in Germany. But Oliver still had to walk through those airport gates.

'Alex had absolutely nothing with him,' Adams assured Hasak later. 'I even disobeyed your advice that he could walk through with his laptop. He did not even have a credit card with him. There would have been absolutely no legitimate grounds for detaining him for a second. Had anyone done so, there was a lawyer ready to get him out of trouble.'

Oliver did not even have a credit card and Adams had two lawyers on standby ready to get him out of trouble. 'There would have been absolutely no legitimate grounds for detaining him for a second. . . Nothing existed technically to connect Alex to the card in either Canada, the USA or Germany.'

So Oliver was home safe. That was the end of it, everyone walked away clean . . . except that Larry Rissler was seething. He knew someone had tipped Oliver off and his list of suspects was very short. He fronted Norris, who denied any link to Oliver. In reality, Norris had made sure he didn't even know Oliver's real name - he was just Alex. Rissler accused Norris of hiding the fact that Oliver worked for NDS. Rissler's chief source in the pirate community claimed to have proof that Oliver worked for NDS and his accusations became more and more insistent. Norris lied straight-faced to him, told him that Oliver had no connection at all with NDS that he knew of.

The row was escalating to the point where the future of the NDS contract with DirecTV could be at stake—and that would mean the future of NDS itself. Five days after Oliver flew out, the pressure grew too much. The Cowboy blinked. Norris told Rissler that he was right - Oliver was one of their people.

Adams was incandescent. 'We discussed this,' he raged, that 'under no circumstances must we tell Larry Rissler that Alex works for us. It was an absolute priority. That decision was made and we all acted on it…Despite whatever table thumping Larry Rissler may indulge in I knew that there was absolutely nothing that LR could do about Alex . . . My frustration is that we went to great lengths to protect Alex and then give away our greatest secret to someone we do not trust.'

That was the problem. It was DirecTV that wasn't trustworthy. It had come to this. A hacker on News Corporation's payroll was on the run from police in two countries. He virtually had to be smuggled out of the United States. If he had been caught, the repercussions for NDS, for News Corporation and for Rupert Murdoch in the glare of publicity were potentially disastrous. The first question would be how News Corporation came to be involved in what looked like criminal piracy directed against NDS's biggest client, DirecTV. Whatever their ultimate intentions, in order to mount this sting operation NDS had been pirating DirecTV—peddling software codes and stealing the signal from their best customer, without even telling them.

None of this troubled Ray Adams in October 1997 as he struggled with a much simpler issue. Why—why—had Norris come clean? It was so simple. 'All we had to do was stick to our story and deny.'

It would become a familiar legal strategy: Deny, deny, deny . . .

But now Alex/Oliver was home safe. That was the end of it, everyone walked away clean . . . except that there was an enduring problem. The question was: what part of News Corporation should have been alerted to what was going on? What part of a modern media business involves hiding people from the police and working out the best way to smuggle them out of the country, betraying the confidence of the customers whom they were paid to protect? And how was it that none of these players were ever called to account?

And the most troubling thing was that this was just the beginning, the first desperate adventure. The drama that followed would trigger four separate major court actions against NDS, in which almost every major satellite broadcaster in the world sued the News Corp arm for billions of dollars in damages from industrial espionage. And yet, in the end, NDS would prove staggeringly profitable for Rupert Murdoch's empire.

The stakes here were very high and the casualties would not just be on the balance sheet. Twelve months later, Alex's offsider in Germany would be dead, and Alex himself would be hiring bodyguards.

Adelaide, October 1997

A little disclosure here. To write about News Corporation means spending a lot of time talking to lawyers. When I was writing Virtual Murdoch in 2001 I received legal threats from half a dozen law firms around the world. It was educational in highlighting the different national legal styles.

Australian lawyers, in my experience, have not distinguished themselves by their tremendous sense of humour - at times they can be a little snippy. American lawyers don't bother with small threats. They have it down to a routine: they press the button and launch an intercontinental ballistic missile, perhaps in their spare moments between elevenses and the next client meeting. When I wrote in 1999, seeking information from Squadron Ellenoff Plesent & Sheinfeld, the New York firm that had represented News since the 1970s, their reply came from Ira Lee Sorkin. These days Ira is better known for his sterling work over the last two decades as Bernie Madoff's lawyer. Ira duly dropped a thermonuclear device on my head, but I could tell he had more important things to do. His response was so impersonal, and I think it lost something from that. But when it comes to causing pain and discomfort—in short when you want a lawyer to club your target somewhere soft and vulnerable with a large pointy stick—it's hard to go past the British. It's that old-world charm.

But law firms are just the side show. For decades the man who manned News Corp's front line of defence, as chief legal counsel (now Rupert Murdoch's personal advisor), was Arthur Siskind. Arthur and I have never really hit it off. One of the first times I met him was in October 1997, the month that Alex had his little imbroglio in Toronto. I was on the opposite side of the world, in South Australia, when Arthur threw me out of the News Corp annual meeting. Actually it was the morning tea for shareholders afterwards. And he was pretty polite about it, which really shows he was a model of restraint.

The annual meeting was a showcase for what the global media empire was doing: from the newspapers in Australia and the fledgling pay-tv operation Foxtel there; to Star TV, the satellite broadcaster that covered all of India and Asia from its base in Hong Kong; to BSkyB in Britain along with the Sun, News of the World and The Times and Sunday Times. Then there were the big bets that Murdoch had recently made on cable channels in the US—Fox Sports, and a maverick operation called Fox News that Roger Ailes hand launched just a year before, at a cost of $1 billion. Would it really work? And the Fox television network and stations, together with Twentieth Century Fox. The meeting ended with a breathtaking trailer for a film that James Cameron had directed, which was due to launch in two months time, called Titanic.

Annual meetings are a nightmare for Rupert Murdoch's minders. Back in the US he can handle any number of public outings without making a ripple, but in Australia he has a gift for unhappy headlines. He had just told shareholders what a bad idea the current push for tighter privacy laws were. Really, who needs them, when newspapers were so good at self policing? 'Privacy laws are for the protection of the people who are already privileged and not for the ordinary man or woman,' he told reporters at the press conference after the meeting. After the recent death of Prince Diana, he continued, 'I think you'll see a great deal more restraint by all the newspapers in Britain and I think you will see a stronger and better-policed code of ethics.' That restraint would mean paying less money for paparazzi photographs. 'Princess Diana, whom we all had great respect for, generally worked with photographers to her satisfaction . . . I think newspapers paid far too much for them and there'll be a major cost saving if we can bring this thing through.'

Up to then, no one had thought to turn Diana's death into a budget line item. Murdoch also offered a small rebuke to questions from the Sydney Morning Herald as 'part of the consistent and nagging denigration of News Corporation that goes on in your newspaper day after day, orchestrated by friends of another organisation . . . but I won't go any further than that'. That was the Australian public broadcaster, the ABC, that Murdoch was being arch about. It's important when you're kicking your rivals to keep a light touch.

Back then the NDS story was just beginning. But working out what happened next at NDS would prove a long, frustrating trail. The first part of that would be understanding the people and events that had led up to Oliver's close call in Toronto in 1997. The question that would recur for me time and again was: who dropped the ball? Who was overseeing the dramas that played out at NDS? And who at some point should have told the NDS black-hat operations that what they were doing was a really bad idea? NDS reported to the Office of the Chairman at News Corporation. NDS execs reported to Rupert Murdoch's closest people. Arthur Siskind and News Corp's chief financial officer David DeVoe sat on the NDS board, as did James and Lachlan Murdoch and Chase Carey, who was by then co-COO of News Corp. How much of all this, if any, made it into NDS's reports to its board, is not known.

At the time I knew nothing of the adventure in Toronto. In hindsight it's tempting to link it in the same time frame as the annual meeting in Adelaide and getting thrown out of the morning tea, as some sort of indication that senior management's attention was focused elsewhere and no one was minding the store. But that doesn't really work, because the annual meeting was in early October, a fortnight before Oliver's great escape. On October 24 1997 the record shows that Rupert Murdoch was in Beijing for a meeting in the Great Hall of the People with Ding Guangen, the head of the Chinese government's Propaganda Department.

Actually that was later in the day. Earlier in the morning, around the time that Alex was desperately working his way through Toronto's seedier hotels on the other side of the world, Murdoch had taken time off for a little sightseeing and to buy some ties in Xiushui Market, or Silk Street. He had dispensed for the morning with the services of local exec Bruce Dover. Instead he was accompanied by a vivacious young Chinese executive from Star TV, acting as his interpreter for the first time, called Wendi Deng.
http://www.smh.com.au/entertainment/...024-284th.html





Data-Gathering Via Apps Presents a Gray Legal Area
Kevin J. O’Brien

Angry Birds, the top-selling paid mobile app for the iPhone in the United States and Europe, has been downloaded more than a billion times by devoted game players around the world, who often spend hours slinging squawking fowl at groups of egg-stealing pigs.

While regular players are familiar with the particular destructive qualities of certain of these birds, many are unaware of one facet: The game possesses a ravenous ability to collect personal information on its users.

When Jason Hong, an associate professor at the Human-Computer Interaction Institute at Carnegie Mellon University, surveyed 40 users, all but two were unaware that the game was storing their locations so that they could later be the targets of ads.

“When I am giving a talk about this, some people will pull out their smartphones while I am still speaking and erase the game,” Mr. Hong, an expert in mobile application privacy, said during an interview. “Generally, most people are simply unaware of what is going on.”

What is going on, according to experts, is that applications like Angry Birds and even more innocuous-seeming software, like that which turns your phone into a flashlight, defines words or delivers Bible quotes, are also collecting personal information, usually the user’s location and sex and the unique identification number of a smartphone. But in some cases, they cull information from contact lists and pictures from photo libraries.

As the Internet goes mobile, privacy issues surrounding phone apps have moved to the front lines of the debate over what information can be collected, when and by whom. Next year, more people around the world will gain access to the Internet through mobile phones or tablet computers than from desktop PCs, according to Gartner, the research group.

The shift has brought consumers into a gray legal area, where existing privacy protections have failed to keep up with technology. The move to mobile has set off a debate between privacy advocates and online businesses, which consider the accumulation of personal information the backbone of an ad-driven Internet.

In the United States, the data collection practices of app makers are loosely regulated, if at all; some do not even disclose what kind of data they are collecting and why. Last February, the California attorney general, Kamala D. Harris, reached an agreement with six leading operators of mobile application platforms that they would sell or distribute only mobile apps with privacy policies that consumers could review before downloading.

In announcing the voluntary pact with Amazon, Apple, Google, Hewlett-Packard, Microsoft and Research in Motion, whose distribution platforms make up the bulk of the American mobile app market, Ms. Harris noted that most mobile apps came without privacy policies.

“Your personal privacy should not be the cost of using mobile apps, but all too often it is,” Ms. Harris said at the time.

But simple disclosure, in itself, is often insufficient.

The makers of Angry Birds, Rovio Entertainment of Finland, discloses its information collection practices in a 3,358-word policy posted on its Web site. But as with most application makers around the world, the terms of Rovio’s warnings are more of a disclaimer than a choice.

The company advises consumers who do not want their data collected or ads directed at them to visit the Web site of its analytics firm, Flurry, and to list their details on two industry-sponsored Web sites. But Rovio notes that some companies do not honor the voluntary lists.

As a last resort, Rovio cautions those who want to avoid data collection or ads simply to move on: “If you want to be certain that no behaviorally targeted advertisements are not displayed to you, please do not use or access the services.”

Despite multiple requests by phone and Internet over five days, Rovio did not respond to questions.

Policy practices like Rovio’s often do little to inform consumers. Most people simply click through privacy permissions without reading them, said Mr. Hong, the Carnegie Mellon professor. His institute is developing a software tool called App Scanner that aims to help consumers identify what types of information an application is collecting and for what likely purpose.

In Europe, lawmakers in Brussels are planning to bring Web businesses for the first time under stringent data protection rules and to give consumers new legal powers, the better to control the information that is being collected on them.

Proposed revisions to the European Union’s General Data Protection regulation now before the Civil Liberties, Justice and Home Affairs Committee of the European Parliament would require Web businesses to get explicit consent from consumers to collect data. A proposal would also give consumers the ability to choose what information an app can store on them without losing the ability to use the software.

But the drafting of the revisions, which are not expected until late 2013 at the earliest, has set off a concerted lobbying battle by global technology companies, most of which are based in the United States, to weaken the consent requirements, which could undermine the advertising-
financed business models that drive many free applications.
https://www.nytimes.com/2012/10/29/t...onal-data.html





10,000,000,000,000,000 Bytes Archived!
drinehart

Ten Petabytes (10,000,000,000,000,000 bytes) of cultural material saved!

On Thursday, 25 October, hundreds of Internet Archive supporters, volunteers, and staff celebrated addition of the 10,000,000,000,000,000th byte to the Archive’s massive collections.

We also announced

• full 80Terabyte web crawl to researchers;
• the first complete literature of a people went online: Balinese

Computer Science legend Don Knuth played the Archive’s organ to open the program.

The only thing missing was electricity; the building lost all power just as the presentation was to begin. Thanks to the creativity of the Archive’s engineers and a couple of ridiculously long extension cords that reached a nearby house, the show went on. http://blog.archive.org/2012/10/26/1...ytes-archived/





EFF, 9 Other Groups, Push Open Wireless Movement

‘We envision a world where sharing one's Internet connection is the norm’
Paul McNamara

Forging ahead with an initiative that proved controversial when floated last year, the Electronic Frontier Foundation and nine other groups today are advancing the Open Wireless Movement to encourage ubiquitous sharing of Internet access.

Central to the effort is the Open Wireless Movement website, which provides FAQs and how-to tips for users, small businesses, ISPs and developers.

"We envision a world where sharing one's Internet connection is the norm," said EFF Activist Adi Kamdar, in a press release. "A world of open wireless would encourage privacy, promote innovation, and benefit the public good, giving us network access whenever we need it. And everyone - users, businesses, developers, and Internet service providers - can get involved to help make it happen."

Security and legal concerns have headed the list of objections to the concept. Here's how the Open Wireless Movement addresses them on its site:

Is opening my network a security risk?

Websites and services that take security seriously use transport layer encryption-most notably Transport Layer Security (TLS), which underlies HTTPS. Using transport layer encryption is the gold standard for security. Since it encrypts data between your computer and the web service you are using, TLS provides a strong level of communication security whether or not you are on an open wireless network. It protects against snooping and attacks from anyone who can read the traffic passing between your computer and the website you are visiting, such as ISPs and governments as well as people on your local wireless network. The security gain from using HTTPS as much as possible is quite significant. This is why we encourage everyone to use our HTTPS Everywhere browser extension.

On the other hand, WPA2 and other Wi-Fi security schemes protect only against an attacker on your local network, and provide only nominal protection. Very often, "securing" your wireless network will not be enough to thwart a determined attacker on your local network from being able to read and manipulate your data. Therefore, the security loss from moving to an open wireless network is less significant than you might realize, especially if you set up your network to firewall users from each other-as we recommend in our tutorials. If you run an open network, it does NOT mean that other people will be able to break into your computer or steal your personal information, though it's always good to be conscious of whether your computer is set up to share documents and resources on your local network. You may want to turn off sharing for open wireless networks for added safety.

Even if WPA2 and other Wi-Fi security schemes are far from perfect and TLS is a much more comprehensive technological solution for security, we are strong advocates for security at EFF and are working toward longer-term open wireless solutions that provide link-layer security comparable to WPA2 for open networks. Savvy network operators who are concerned about security can also set up their open networks to use a VPN service, if they have access to such a service or are willing to pay for access.

Will opening my network make me liable for others' illegal actions?

This one is a bit more complicated, but the short answer is, "We don't think so." Click here to find out more.


The detailed explanation isn't much more reassuring than "we don't think so."

As for the fact that most ISPs prohibit such open sharing in their terms of use, the Open Wireless Movement suggests that they shouldn't and provides a list of those that don't.

In addition to EFF, the Open Wireless Movement coalition includes: Fight for the Future, Free Press, Internet Archive, NYCwireless, the Open Garden Foundation, OpenITP, the Open Spectrum Alliance, the Open Technology Institute, and the Personal Telco Project.
https://www.networkworld.com/communi...eless-movement





CRTC Orders Telecom Companies to Open Their Books
Jason Magder

It’s the second pro-consumer decision in a week for the Canadian Radio Television and Telecommunications Commission.

Last week, the CRTC rejected the Bell-Astral deal, saying it was bad for Canada.

Today, the CRTC announced that if telecom companies want to offer wholesale services to third-party competitors, they must disclose what those services cost them.

This means, after much arguing in front of the commission, Canadians may finally find out what it costs Bell, Rogers, Telus, Videotron et. al to provide Internet service, because those companies currently charge smaller providers a fee to use their lines, which includes a markup.

Until now, we had best guesses. In a report I wrote last year, I estimated the markup for Internet services was 6,452 per cent for Bell’s Essential Plus plan, which provides a two-megabits-per-second speed for $28.95 (prices may have changed since last year).

None of the telecommunications companies agreed to look at my numbers and see if they jived with what they know about their actual costs. In fact, telecom companies have argued for years that disclosing their actual costs would give them a competitive disadvantage. So on the one hand, they charge outlandish rates to competitors and their own customers, but on the other hand, they don’t want to say how they have arrived at those numbers, only to say that Canada is a big country, and it costs a lot to provide infrastructure.

Well, Canadians have been demanding more information, and In its decision, the CRTC has agreed.

However, the commission has also figured out a way to allow the companies to at least partially disclose this information, so that sensitive information about how much demand they have for a service isn’t known.

This doesn’t just go for high speed Internet, but it could be any service provided by a telecom company, including cellphone service.

Lindsey Pinto, a spokesperson for the net neutrality group OpenMedia.ca said groups and third-party providers have been asking the CRTC for years to get telecom companies to open their books.

“Until now, we have only been able to guess that it costs between 1 and 8 cents to provide a gigabyte of Internet service,” Pinto said. “With decision, we get closer to finding out the true cost.”

Closer, but the actual cost will still likely be elusive. Still, she says this is good news for Canadians because it could level the playing field between the big telecom companies like Bell, Rogers and Videotron, and smaller outfits using their wires, like Teksavvy.

Will this ultimately result in lower prices for Canadians? Don’t hold your breath. But at least now we’ll have a better idea how much we are getting gouged.
http://blogs.montrealgazette.com/201...n-their-books/





The EFF Needs Help Keeping 3D Printing Free
John Biggs

The Electronic Frontier Foundation is planning for a future when 3D printing, thanks to “creative” patents, could no longer be free. Because the technology is so nascent, patenting parts of the process or renewing expiring patents could prevent incremental improvement of the technology out of fear or patent infringement. The EFF wants to head this off at the pass.

Their proposal is fairly simple but will take a lot of work. In short, they want people to supply prior art when it comes to 3D printing design and manufacture. They will troll the patent records for potential problems and then, once they’ve gathered things up, they’ll need your help figuring out what can’t be patented.

Once target applications are identified, we will seek out relevant prior art. We’ll be asking for your help again then, so please watch this space. Any document that was publicly available before an application was filed is considered prior art; this can include emails to public lists, websites, and even doctoral theses. Because of the time limit, once we identify the target applications, we must complete the prior art search quickly.

You can help the EFF by heading over here and emailing them if you’ve found particular applications that must be challenged.

Nascent technology often suffers because of early and egregious patenting. The Internet, in many ways, has been hampered by people creating obvious patents (and the USPTO not being able to check them) in the course of building out infrastructure and applications. Let’s not let that happen here. With your help, we can all be like 3D-printed Success Kid.
http://techcrunch.com/2012/10/27/the...printing-free/





How a Supreme Court Ruling May Stop You from Reselling Just About Anything

Wiley v. Kirtsaeng may be the IP case of the decade—affecting all from eBay to libraries.
Joe Mullin

On Monday, the US Supreme Court will hear arguments in a case that pits a major textbook publisher against Supap Kirtsaeng, a student-entrepreneur who built a small business importing and selling textbooks.

Like many Supreme Court cases, though, there's more than meets the eye. It's not merely a question of whether the Thai-born Kirtsaeng will have to cough up his profits as a copyright infringer; the case is a long-awaited rematch between content companies seeking to knock out the "first sale" doctrine on goods made abroad (not to mention their many opponents). That makes Wiley v. Kirtsaeng the highest-stakes intellectual property case of the year, if not the decade. It's not an exaggeration to say the outcome could affect the very notion of property ownership in the United States. Since most consumer electronics are manufactured outside the US and include copyrighted software in it, a loss for Kirtsaeng would mean copyright owners could tax, or even shut down, resales of everything from books to

DVDs to cellphones.

"First sale" is the rule that allows owners to resell, lend out, or give away copyrighted goods without interference. Along with fair use, it's the most important limitation on copyright. So Kirtsaeng's cause has drawn a wide array of allies to his side. These include the biggest online marketplaces like eBay, brick-and-mortar music and game retailers, and Goodwill—all concerned they may lose their right to freely sell used goods. Even libraries are concerned their right to lend out books bought abroad could be inhibited.

John Wiley and Sons, the textbook publisher suing Kirtsaeng, has its share of backers as well, including the movie and music industries, software companies, and other book publishers. Those companies argue differential pricing schemes are vital to their success, and should be enforced by US courts. Nearly 30 amicus briefs have been filed in all.

Supporters of Kirtsaeng are mobilized, following an alarming—but not precedential—loss in an earlier case, Omega v. Costco. On a call with reporters this week, librarians and lawyers for pro-Kirtsaeng companies painted a stark picture of what might happen should he lose the case. If the appellate court ruling against Kirtsaeng is allowed to stand, they suggest copyright owners could start to chip away at the basic idea of "you bought it, you own it."

"This case is an attempt by some brands and manufacturers to manipulate copyright law, to control the distribution and pricing of legitimate, authentic goods," said eBay's top policy lawyer, Hillary Brill. "When an American purchases an authentic item, he shouldn't have to ask permission from the manufacturer to do with it what he wants."

Without "first sale" doctrine in place, content companies would be allowed to control use of their goods forever. They could withhold permission for resale and possibly even library lending—or they could allow it, but only for an extra fee. It would have the wild effect of actually encouraging copyrighted goods to be manufactured offshore, since that would lead to much further-reaching powers.

"When we purchase something, we assume it's ours," said Overstock.com general counsel Mark Griffin. "What is proposed by [the content companies] is that we change the fundamental notion of ownership rights."

Book publishers and their content-industry allies say those concerns are overblown. No assault on libraries and garage sales is forthcoming, they argue. These organizations simply have a right to set different prices abroad, without being undermined in the US by importation they say is illegal.

Thrifty students, textbooks, and the Internet: A brief history

The road to the Kirtsaeng clash has been a long one. Ultimately, this confrontation has been brewing since the rise of Internet marketplaces like eBay and Amazon in the mid-1990s. It became easier to get price information about goods being sold overseas, and consumers could see that identical or good-enough products were often being offered for prices much lower than the products being hawked in the US. At the same time, the big shopping sites made it simple for anyone to become their own business, selling and shipping around the globe.

The textbook market was an obvious place to look for arbitrage. Students have been complaining about the high cost of books for many years; they also became the first group to enthusiastically embrace life online, and naturally looked for ways to cut costs.

Foreign-born students, exposed to the lower-priced textbooks on trips home, became some of the first to see the opportunity. The same textbooks they were using to study medicine, engineering, and mathematics in the US were being sold in their home countries for a fraction of the cost. Often a Chinese, Thai, or Indian edition of a textbook had a more cheaply bound cover, sometimes with the local lettering on the front, and perhaps cheaper paper. The internal contents, however, were often the exact same English words being read by their classmates buying high-priced US editions.

By 2003, the secret was out. Students' Internet-age solution to the problem of costly textbooks hit the front page of the New York Times. For some students, it was as simple as logging on to Amazon's UK site to comparison-shop. A biochemistry text was $146.15 on the American Amazon site, but sold on the UK site for a mere $63.48, plus $8.05 shipping, one student found. A math textbook cost $110 in the US, but sold for $41.76 plus shipping in Britain.

Even cheaper prices were found in Asia on English textbooks. The local college bookstore at Purdue University began buying overseas after it had to start competing with student-resellers—the Indian Association at Purdue bought hundreds of books on their own.

Neither the students nor the bookstores quoted by the Times in 2003 thought they were doing anything illegal. It was thought to be settled law; in a 1998 Supreme Court case called Quality King, the high court found that copyright owners couldn't control the re-importation of goods. They were limited by the "first sale" doctrine, which meant the rights held in a particular copy of a work expired once it was sold or given away.

Years passed, and copyright owners found a wrinkle in that ruling. The shampoo bottles in Quality King had been made in the US but then shipped abroad, and re-imported. In cases where goods were actually produced abroad—as foreign textbooks generally were—copyright owners argued unauthorized importers were guilty of infringement. Because imported foreign textbooks were not "made legally under this title [the Copyright Act]," they weren't subject to first sale at all. Or so the thinking went.

It seems like an audacious argument, but sure enough, student book-sellers were hit with copyright lawsuits. They fought back hard—but, for the most part, they have lost.

Kirtsaeng in court

Supap Kirtsaeng lost first and lost hardest. He came to the US from Thailand in 1997 to study at Cornell University, and later went on to get a PhD in mathematics from the University of Southern California. From 2007 to 2008, he financed his education—and made extra money, doubtless—by importing textbooks from Thailand and selling them under his eBay handle, bluechristine99.

The book publisher, John Wiley and Sons, didn't want to see those books in the US—and it had said so. Each book was marked: "[A]uthorized for sale in Europe, Asia, Africa and the Middle East Only... The Publisher may recover damages including but not limited to lost profits and attorney's fees, in the event legal action is required."

Kirtsaeng didn't abide by those warnings. He talked to some Thai friends; he consulted "Google Answers;" and he went ahead and sold books.

The warning in the books was not an idle one. Wiley and Sons followed through on their threat and sued Kirtsaeng in 2008. Kirtsaeng's lawyer was unable to get the case thrown out on "first sale" grounds. By the end of 2009 Kirtsaeng was in court, justifying his importation business to a jury.

Lawyers portrayed Kirtsaeng to the jury as a Thai "gray market" mogul who had gone far beyond financing his own college education—a portrayal that US publishers continue to push. Working with friends and family who packaged and shipped his books, he made plenty of money selling extra books on eBay. Publishers' lawyers tallied up his receipts for the jury: $1.2 million in a few short years.

The jury found Kirtsaeng guilty of infringing copyrights in eight books he had sold, and he was ordered to pay $600,000 in damages—$75,000 per book. He appealed, but a panel of judges ruled 2-1 in the publishers' favor.

Kirtsaeng returned to Thailand in 2010 after earning his doctorate from USC, but his court case continues.

The other Kirtsaengs

Supap Kirtsaeng wasn't the only student bookseller that textbook publishers went after. In New York federal courts, the publishers' preferred venue, they've sued at least four student-resellers, and won every case.

While the publishing companies have made hay out of the $1.2 million in revenue, they have gone after students with far smaller businesses than Kirtsaeng, said John Mitchell, a Washington DC lawyer who defended two of those students.

Ganghua Liu (who goes by Linda) was a medical student in Texas when she started buying some of the textbooks she needed from China. The price difference was significant, said Mitchell. "It was something like a $250 textbook being sold for $50," he said. "In some cases the cover was in Chinese, but the content was all in English."

Liu started buying more textbooks and selling them online, but she never had a big operation.

"Her sales were peanuts compared to Kirtsaeng," said Mitchell, no more than a "few thousand dollars" annually. "They [the book publishers] were trying to get her to pay $15,000, and they might have taken less. They just wanted to shut down anyone who was selling, but she was a feisty individual."

The lawsuit was defended through the US Court of Appeals for the 2nd Circuit, where Liu ultimately lost. The facts in the case mirrored Kirtsaeng's, which had already been decided. Mitchell has appealed the Liu case up to the Supreme Court, but its results now seem likely to follow Kirtsaeng's.

Mitchell took on a second student bookseller client, Mohit Arora, who had resold books he bought in India. Like Liu, he appealed to the 2nd Circuit, but couldn't get around the precedent of Kirtsaeng.

Liu has been exhausted by the lawsuit against her, said Mitchell. "She has been struggling, due to illness in her family and severe financial hardship," said Mitchell. "Right now, she's neither studying nor practicing medicine. This really knocked the wind out of her sails."

Round One: How copyright got "hacked" in Costco v. Omega

The Supreme Court has considered the issue of "parallel importation" or "gray market" goods once before, in Costco v. Omega. However, the case resulted in an unusual 4-4 split and no published opinion. Justice Elena Kagan was unable to vote, because she had argued the case as Solicitor General, supporting copyright owner Omega.

Omega was upset that Costco imported a bunch of its Seamaster watches into the US, and was selling them for $1,299—a solid $700 less than Omega's suggested US retail price. Angered by importations that undercut its prices, Omega attempted a clever "hack" of copyright law that nearly worked. Unable to copyright wristwatches, Omega slapped a small globe design—less than 5 millimeters across—on the back of each watch. The sole purpose, Omega later admitted, was to make the watch a "copyrighted" good with the hope of restricting resale of its products.

Again, it almost worked. The 4-4 split at the high court meant Omega had won, since the 9th Circuit ruling supporting the watch company held up. Ultimately, though, Omega's case fell apart. The lower court found that sticking its copyrighted logo onto the back of an item that couldn't be copyrighted—a wristwatch—was actually an example of "copyright misuse."

The 4-4 result of Costco v. Omega doesn't bode well for the consumer advocates, online marketers, and resellers who are supporting Kirtsaeng. Four justices decided to support the copyright-owner even in a case where the copyright itself was dubious; the 'swing vote' is Justice Kagan, who is on record as supporting
Omega when she worked for the government.

But this new case presents different facts, and different characters. Mitchell, the lawyer who represented Linda Liu, is optimistic the Kirtsaeng case will be seen differently from Costco, by both the court and the public.

"Nobody has to buy a $2,000 watch, or a $1,300 watch, so it didn't affect people in general," says Mitchell. "But anyone who wants a college degree is going to need to get their hands on textbooks. It affects millions of people, and I'm hopeful that now the Supreme Court is going to look at this as a case of importance to everyone in the US"

Emboldened support for "owners' rights"

The companies and institutions affected by the resale-rights issues brought up in Kirtsaeng have certainly snapped to attention. They've formed a wide-ranging coalition called the "Owners' Rights Initiative," emphasizing to the public that the right to re-sell, lend out, and give away books, movies, and music is under threat. Members include Internet commerce companies, library associations, book-sellers, Goodwill Industries, and Redbox. The ORI website shouts in bold red: "You bought it, you own it—you have a RIGHT to resell it!"

In court briefs, content companies have characterized the stories being put forward by ORI as a mythical parade of horribles. If content-company lawyers were going to shutter libraries or march into garage sales, why weren't there any examples?

"Kirtsaeng and his amici contend that if the Court accepts this natural reading, economic ruin will follow for a litany of interested parties, from commercial retailers to charitable organizations to factory workers to flea-market sellers," write lawyers representing the MPAA and RIAA in their amicus brief. "[T]here is no evidence this long-recognized principle has actually impaired any important secondary markets or led to imposition of liability on well meaning librarians, teachers, or garage-sale hosts. Indeed, almost every court to have considered the issue has come out the same way, and Congress has amended the Copyright Act on numerous occasions without disturbing that construction."

Copyright owners have little interest in policing garage sales, and legal exemptions already exist for libraries and small-scale importation (such as books in a tourist's carry-on). Copyright owners say they're concerned with "gray market" goods as big business, that will threaten their ability to succeed and profit at home.

"The genuine threat at issue is the prospect of systematic, unauthorized importation on a mass scale of copies of movies, sound recordings, or other protected works that could undercut the market for copies intended for sale in the United States or constrain copyright holders’ ability to control the timing and terms of entry into different markets."

An IP battle that stretches across industries and classes

The Kirtsaeng battle is a reflection of digital commerce today. Online marketplaces happily ignore borders, and have created a world in which almost any scrappy student could be another Supap Kirtsaeng, shattering long-standing pricing schemes by movie and book companies. That reality has made some very well-established US corporations very unhappy, and they know how to use courts to fight back.

So far, they're winning. Even their equally well-heeled corporate opponents are aware this fight may have to ultimately turn to Congress—no matter which way the Supreme Court decision turns out.

"I think the likelihood of a crystal clear decision by the court is not high, and we want to be prepared for that," said Overstock.com GC Mark Griffin. "And if they decide for Kirtsaeng, I wouldn't expect [the other side] to sit back and do nothing."

Copyright battles that pit technology companies against content owners are becoming a fixture of the Internet age. But those fights can seem abstract and distant to those without a vested interest. It's a rare IP lawsuit that so clearly reaches into every social class—but Kirtsaeng is one of those cases.

"First sale" doesn't just protect the Supap Kirtsaengs and Linda Lius of the world. It exists to protect their customers, too—people who might never be "first owners" of books, games, or much of anything.

Liu's lawyer John Mitchell reminded me of those stakes in an e-mail he sent after our interview.

"There are millions of people living in poverty or near poverty in this country," wrote Mitchell. "They scarcely buy new shoes or new clothes, instead shopping at Goodwill Industries or other establishments catering to their needs. They buy used cars, used phones, and used computers. For the person who always buys new, for whom price is not a big factor, the next 'point of distribution' is probably the trash. (And, yes, there is case law supporting the right to take copies intended for the trash, clean them up, and resell them.) 'First sale' protects those downstream individuals who will never buy new and who would otherwise be left out."
http://arstechnica.com/tech-policy/2...nership-means/





Killing the Computer to Save It
John Markoff

Many people cite Albert Einstein’s aphorism “Everything should be made as simple as possible, but no simpler.” Only a handful, however, have had the opportunity to discuss the concept with the physicist over breakfast.

One of those is Peter G. Neumann, now an 80-year-old computer scientist at SRI International, a pioneering engineering research laboratory here.

As an applied-mathematics student at Harvard, Dr. Neumann had a two-hour breakfast with Einstein on Nov. 8, 1952. What the young math student took away was a deeply held philosophy of design that has remained with him for six decades and has been his governing principle of computing and computer security.

For many of those years, Dr. Neumann (pronounced NOY-man) has remained a voice in the wilderness, tirelessly pointing out that the computer industry has a penchant for repeating the mistakes of the past. He has long been one of the nation’s leading specialists in computer security, and early on he predicted that the security flaws that have accompanied the pell-mell explosion of the computer and Internet industries would have disastrous consequences.

“His biggest contribution is to stress the ‘systems’ nature of the security and reliability problems,” said Steven M. Bellovin, chief technology officer of the Federal Trade Commission. “That is, trouble occurs not because of one failure, but because of the way many different pieces interact.”

Dr. Bellovin said that it was Dr. Neumann who originally gave him the insight that “complex systems break in complex ways” — that the increasing complexity of modern hardware and software has made it virtually impossible to identify the flaws and vulnerabilities in computer systems and ensure that they are secure and trustworthy.

The consequence has come to pass in the form of an epidemic of computer malware and rising concerns about cyberwarfare as a threat to global security, voiced alarmingly this month by the defense secretary, Leon E. Panetta, who warned of a possible “cyber-Pearl Harbor” attack on the United States.

It is remarkable, then, that years after most of his contemporaries have retired, Dr. Neumann is still at it and has seized the opportunity to start over and redesign computers and software from a “clean slate.”

He is leading a team of researchers in an effort to completely rethink how to make computers and networks secure, in a five-year project financed by the Pentagon’s Defense Advanced Research Projects Agency, or Darpa, with Robert N. Watson, a computer security researcher at Cambridge University’s Computer Laboratory.

“I’ve been tilting at the same windmills for basically 40 years,” said Dr. Neumann recently during a lunchtime interview at a Chinese restaurant near his art-filled home in Palo Alto, Calif. “And I get the impression that most of the folks who are responsible don’t want to hear about complexity. They are interested in quick and dirty solutions.”

An Early Voice for Security

Dr. Neumann, who left Bell Labs and moved to California as a single father with three young children in 1970, has occupied the same office at SRI for four decades. Until the building was recently modified to make it earthquake-resistant, the office had attained notoriety for the towering stacks of computer science literature that filled every cranny. Legend has it that colleagues who visited the office after the 1989 earthquake were stunned to discover that while other offices were in disarray from the 7.1-magnitude quake, nothing in Dr. Neumann’s office appeared to have been disturbed.

A trim and agile man, with piercing eyes and a salt-and-pepper beard, Dr. Neumann has practiced tai chi for decades. But his passion, besides computer security, is music. He plays a variety of instruments, including bassoon, French horn, trombone and piano, and is active in a variety of musical groups. At computer security conferences it has become a tradition for Dr. Neumann to lead his colleagues in song, playing tunes from Gilbert and Sullivan and Tom Lehrer.

Until recently, security was a backwater in the world of computing. Today it is a multibillion-dollar industry, though one of dubious competence, and safeguarding the nation’s computerized critical infrastructure has taken on added urgency. President Obama cited it in the third debate of the presidential campaign, focusing on foreign policy, as something “we need to be thinking about” as part of the nation’s military strategy.

Dr. Neumann reasons that the only workable and complete solution to the computer security crisis is to study the past half century’s research, cherry-pick the best ideas and then build something new from the bottom up.

Richard A. Clarke, the nation’s former counterterrorism czar and an author of “Cyber War: The Next Threat to National Security and What to Do About It” (Ecco/HarperCollins, 2010), agrees that Dr. Neumann’s Clean Slate effort, as it is called, is essential.

“Fundamentally all of the stuff we’re doing to secure networks today is putting bandages on and putting our fingers in the dike, and the dike springs a leak somewhere else,” Mr. Clarke said.

“We have not fundamentally redesigned our networks for 45 years,” he said. “Sure, it would cost an enormous amount to rearchitect, but let’s start it and see if it works better and let the marketplace decide.”

Dr. Neumann is one of the most qualified people to lead such an effort to rethink security. He has been there for the entire trajectory of modern computing — even before its earliest days. He took his first computing job in the summer of 1953, when he was hired to work as a programmer employing an I.B.M. card-punched calculator.

Today the SRI-Cambridge collaboration is one of several dozen research projects financed by Darpa’s Information Innovation Office as part of a “cyber resilience” effort started in 2010.

Run by Dr. Howard Shrobe, an M.I.T. computer scientist who is now a Darpa program manager, the effort began with a premise: If the computer industry got a do-over, what should it do differently?

The program includes two separate but related efforts: Crash, for Clean-Slate Design of Resilient Adaptive Secure Hosts; and MRC, for Mission-Oriented Resilient Clouds. The idea is to reconsider computing entirely, from the silicon wafers on which circuits are etched to the application programs run by users, as well as services that are placing more private and personal data in remote data centers.

Clean Slate is financing research to explore how to design computer systems that are less vulnerable to computer intruders and recover more readily once security is breached.

Dr. Shrobe argues that because the industry is now in a fundamental transition from desktop to mobile systems, it is a good time to completely rethink computing. But among the biggest challenges is the monoculture of the computer “ecosystem” of desktop, servers and networks, he said.

“Nature abhors monocultures, and that’s exactly what we have in the computer world today,” said Dr. Shrobe. “Eighty percent are running the same operating system.”

Lessons From Biology

To combat uniformity in software, designers are now pursuing a variety of approaches that make computer system resources moving targets. Already some computer operating systems scramble internal addresses much the way a magician might perform the trick of hiding a pea in a shell. The Clean Slate project is taking that idea further, essentially creating software that constantly shape-shifts to elude would-be attackers.

That the Internet enables almost any computer in the world to connect directly to any other makes it possible for an attacker who identifies a single vulnerability to almost instantly compromise a vast number of systems.

But borrowing from another science, Dr. Neumann notes that biological systems have multiple immune systems — not only are there initial barriers, but a second system consisting of sentinels like T cells has the ability to detect and eliminate intruders and then remember them to provide protection in the future.

In contrast, today’s computer and network systems were largely designed with security as an afterthought, if at all.

One design approach that Dr. Neumann’s research team is pursuing is known as a tagged architecture. In effect, each piece of data in the experimental system must carry “credentials” — an encryption code that ensures that it is one that the system trusts. If the data or program’s papers are not in order, the computer won’t process them.

A related approach is called a capability architecture, which requires every software object in the system to carry special information that describes its access rights on the computer, which is checked by a special part of the processor.

For Dr. Neumann, one of the most frustrating parts of the process is seeing problems that were solved technically as long ago as four decades still plague the computer world.

A classic example is “buffer overflow” vulnerability, a design flaw that permits an attacker to send a file with a long string of characters that will overrun an area of a computer’s memory, causing the program to fail and make it possible for the intruder to execute a malicious program.

Almost 25 years ago, Robert Tappan Morris, then a graduate student at Cornell University, used the technique to make his worm program spread throughout an Internet that was then composed of about only 50,000 computers.

Dr. Neumann had attended Harvard with Robert Morris, Robert Tappan Morris’s father, and then worked with him at Bell Laboratories in the 1960s and 1970s, where the elder Mr. Morris was one of the inventors of the Unix operating system. Dr. Neumann, a close family friend, was prepared to testify at the trial of the young programmer, who carried out his hacking stunt with no real malicious intent. He was convicted and fined, and is now a professor at M.I.T.

At the time that the Morris Worm had run amok on the Internet, the buffer overflow flaw had already been known about and controlled in the Multics operating system research project, which Dr. Neumann helped lead from 1965 to 1969.

An early Pentagon-financed design effort, Multics was the first systematic attempt to grapple with how to secure computer resources that are shared by many users. Yet many of the Multics innovations were ignored at the time because I.B.M. mainframes were quickly coming to dominate the industry.

Hope and Worry

The experience left Dr. Neumann — who had coined the term “Unics” to describe a programming effort by Ken Thompson that would lead to the modern Unix operating system — simultaneously pessimistic and optimistic about the industry’s future.

“I’m fundamentally an optimist with regard to what we can do with research,” he said. “I’m fundamentally a pessimist with respect to what corporations who are fundamentally beholden to their stockholders do, because they’re always working on short-term appearance.”

That dichotomy can be seen in the Association of Computing Machinery Risks Forum newsgroup, a collection of e-mails reporting computer failures and foibles that Dr. Neumann has edited since 1985. With hundreds of thousands, and possibly millions, of followers, it is one of the most widely read mailing lists on the Internet — an evolving compendium of computer failures, flaws and privacy issues that he has maintained and annotated with wry comments and the occasional pun. In 1995 the list became the basis for his book “Computer-Related Risks” (Addison-Wesley/ACM Press).

While the Risks list is a reflection of Dr. Neumann’s personality, it also displays his longtime interest in electronic privacy. He is deeply involved in the technology issues surrounding electronic voting — he likes to quote Stalin on the risks:, “It’s not who votes that counts, it’s who counts the votes” — and has testified, served on panels and written widely on the subject.

Dr. Neumann grew up in New York City, in Greenwich Village, but his family moved to Rye, N.Y., where he attended high school. J. B. Neumann, Dr. Neumann’s father, was a noted art dealer, first in Germany and then in New York, where he opened the New Art Circle gallery after moving to the United States in 1923. Dr. Neumann recalls his father’s tale of eating in a restaurant in Munich, where he had a gallery, and finding that he was seated next to Hitler and some of his Nazi associates. He left the country for the United States soon afterward.

His mother, Elsa Schmid Neumann, was an artist. His two-hour breakfast with Einstein took place because she had been commissioned to create a colorful mosaic of Einstein and had become friendly with him. The mosaic is now displayed in a reference reading room in the main library at Boston University.

Dr. Neumann’s college conversation was the start of a lifelong romance with both the beauty and the perils of complexity, something that Einstein hinted at during their breakfast.

“What do you think of Johannes Brahms?” Dr. Neumann asked the physicist.

“I have never understood Brahms,” Einstein replied. “I believe Brahms was burning the midnight oil trying to be complicated.”
https://www.nytimes.com/2012/10/30/s...ter-at-80.html





Movies Try to Escape Cultural Irrelevance
Michael Cieply

On Feb. 24 Hollywood will turn out for the Oscars.

But it’s starting to feel as if it might be “The Last Picture Show.”

Next year’s Academy Awards ceremony — the 85th since 1929 — will be landing in a pool of angst about movies and what appears to be their fraying connection to the pop culture.

After the shock of last year’s decline in domestic movie ticket sales, to $1.28 billion, the lowest since 1995 (and attendance is only a little better this year) film business insiders have been quietly scrambling to fix what few will publicly acknowledge to be broken.

That is, Hollywood’s grip on the popular imagination, particularly when it comes to the more sophisticated films around which the awards season turns.

Several industry groups, including the Academy of Motion Picture Arts and Sciences, which awards the Oscars, and the nonprofit American Film Institute, which supports cinema, are privately brainstorming about starting public campaigns to convince people that movies still matter.

That seemed self-evident only a few years ago. But the mood has turned wistful as people in the industry watch the momentum shift toward television. Even the movies’ biggest night will feed that trend: the Academy has lined up Seth MacFarlane, a powerful television writer-producer, as the host of the Oscars.

“Shakespeare wrote his sonnets long after the sonnet form fell out of fashion,” James Schamus, a screenwriter and producer who is also the chief executive of Focus Features, noted in an e-mail last week.

George Stevens Jr., the founder of the American Film Institute, said he would not descend “like Cassandra,” with a lecture for members of the movie Academy, when he accepts his honorary Oscar at their Governors Awards banquet on Dec. 1.

“I think they will find their way, but it’s a time of enormous change,” Mr. Stevens said. He spoke by telephone last week of his concern that a steady push toward viewing on phones and tablets is shrinking the spirit of films. In the past, he said — citing “A Man for All Seasons,” “8 ½,” and “The Searchers” — there was a grandeur to films that delivered long-form storytelling on very large screens.

But the prospect that a film will embed itself into the cultural and historical consciousness of the American public in the way of “Gone With the Wind” or the “Godfather” series seems greatly diminished in an era when content is consumed in thinner slices, and the films that play broadly often lack depth.

As the awards season unfolds, the movies are still getting smaller. After six weeks in theaters “The Master,” a 70-millimeter character study much praised by critics, has been seen by about 1.9 million viewers. That is significantly smaller than the audience for a single hit episode of a cable show like “Mad Men” or “The Walking Dead.”

“Argo,” another Oscar contender, had about 7.6 million viewers through the weekend. If interest holds up, it may eventually match the one-night audience for an episode of “Glee.”

The weakness in movies has multiple roots.

Films, while in theaters, live behind a pay wall; television is free, once the monthly subscription is paid. And at least since “The Sopranos” sophisticated TV series have learned to hook viewers on long-term character development; movies do that mostly in fantasy franchises like the “Twilight” series.

And a collapse in home video revenue, caused partly by piracy, drove film salaries down. Television, meanwhile, raised its pay, and attracted movie stars like Al Pacino, Dustin Hoffman, Laura Linney, Claire Danes and Sigourney Weaver.

Ticket sales for genre films like “Taken 2” or Mr. MacFarlane’s broad comedy, “Ted,” remain strong. And a growing international audience, particularly in China, has brightened the outlook for action-hero blockbusters like Marvel’s “Avengers” or “Dark Knight Rises.”

But the number of films released by specialty divisions of the major studios, which have backed Oscar winners like “Slumdog Millionaire,” from Fox Searchlight, fell to just 37 pictures last year, down 55 percent from 82 in 2002, according to the Motion Picture Association of America.

The drop-off leaves many viewers feeling pained.

“They feel puzzled,” said the critic David Denby. “They’re a little baffled.” He was referring to those who have applauded his argument — made both in a New Republic essay “Has Hollywood Murdered the Movies?” and in a new book, “Do the Movies Have a Future?” — that the enduring strength of film will depend on whether studios return to modestly budgeted but culturally powerful movies.

“If they don’t build their own future, they’re digging their own graves,” Mr. Denby said.

Mr. MacFarlane; the Oscar producers, Craig Zadan and Neil Meron; and the president of the Academy, Hawk Koch, declined through an Academy spokeswoman to discuss the challenges of celebrating film.

Privately some Academy members have said they were jolted by the choice of Mr. MacFarlane as host, in what appears to be a bid for viewers who have flocked to his television hits, notably “The Family Guy.”

But Henry Schafer, an executive vice-president at the Q Scores Company, which measures the statistical appeal of celebrities, said that “if the idea is to attract the younger audience, I think they got the right choice.”

Still, Daniel Tosh, who hosts “Tosh. O,” a hit Comedy Central series that highlights silly Web videos and skewers their participants, has given the doubters a voice. After playing a clip of two Russian men dropping a live grenade over the side of their boat and blowing it up, Mr. Tosh deadpanned: “It’s still a better idea than having Seth MacFarlane host the Oscars.”

The turn toward Mr. MacFarlane, who directed and voiced a foul-mouthed Teddy bear in “Ted,” his main contribution to feature film, has left the Academy scratching for ways to get the public reinvested in the sort of pictures it typically honors. Its staff, for instance, has been looking at the possibility of getting filmmakers who have made Best Picture winners to join a promotional campaign in theaters. In Los Angeles the Academy is also building a movie museum, meant to showcase the medium.

Separately the National Association of Theater Owners recently asked public relations and advertising consultants to submit proposals for a similar push.

Board members of the Film Institute also have been looking ways to strike a new interest in feature film, said Bob Gazzale, its president. Mr. Gazzale said it was too early to discuss details, but another person briefed on the initiative said the group had considered things as far afield as reaching out to prominent politicians — say, Bill and Hillary Rodham Clinton — as supervisors of film awards programs. The goal would be to re-establish a connection with viewers who were turning elsewhere for cultural direction.

In a discussion at Colorado State University this month, Allison Sylte, a student journalist, suggested that the Academy helped break the connection between her generation and high-end movies in 2011 when it chose as Best Picture “The King’s Speech,” which looked backward, rather than “The Social Network,” which pushed ahead.

“So, what does that mean for us as a culture?” Ms. Sylte asked of a vacuum that might occur if the better films went away.

The hole, Mr. Gazzale said, to whom the question was relayed, would be a large one.

“Movies remind us of our common heartbeat,” he said.

Brooks Barnes contributed reporting.
https://www.nytimes.com/2012/10/29/m...ift-to-tv.html





Lawsuit Happy Apple May Not Be Able To Sell iPhone In Mexico
Swapnil Bhartiya

English dictionaries should all the name Apple as a synonym to 'lawsuits'.

Apple is in big trouble in Mexico right before the holiday season. The company has lost rights to the name iPhone in the country as it was already owned by a Mexican telecom company. Trademark conflicts are not new but the way Apple handled this one (and all others) just shows how arrogant this company is.

The Fact

The Mexican company registered the trademark iFone way back in 2003, full four years before Apple filed to trademark the name iPhone (which was already owned by Linksys in US, more about that later). Apple, despite fully aware of the fact that the Mexican company owned the trademark since 2004, sued them in 2009 to invalidate the iFone trademark. So Apple wanted iFone brand to be invalidated, which was filed in 2004, because it was similar to iPhone name which was filed in 2007.

Excellent.

The Mexican company was operational since 2002 but registered the trademark only in 2003. The company sells communications systems and services, including interfaces for IP-based telephone calls, virtual office services, and software for switching systems.

iFone said that their growth was affected as they had to invest resources in defending their brand in the wake of a lawsuit by Apple. That's another' of Apple's strategy to exhaust competitors with lawsuits so much that they quit the market.

The name iPhone has been in controversy since its inception. It must also be noted that Cisco owned the trademark iPhone and they raised issues with Apple using the same name. Cisco obtained the iPhone trademark in 2000 after completing the acquisition of Infogear, which previously owned the mark and sold iPhone products for several years.

Apple, known for not respecting other's trademarks, went ahead and announced the launch of the iPhone, despite concerns from Cisco. On January 10, 2007 Cisco filed a lawsuit in the United States District Court for the Northern District of California against Apple, seeking to prevent Apple from infringing upon and deliberately copying and using Cisco's registered iPhone trademark.

"Cisco entered into negotiations with Apple in good faith after Apple repeatedly asked permission to use Cisco's iPhone name," said Mark Chandler, senior vice president and general counsel, Cisco. "There is no doubt that Apple's new phone is very exciting, but they should not be using our trademark without our permission.

In February 2007, the two companies settled their dispute and both the companies agreed to use the "iPhone" name in exchange for "exploring interoperability" between Apple's products and Cisco's services and other unspecified terms.

Back To iFone

Just like Cisco this time again Apple did not care about the fact that the Mexican company held the trademark since 2003 and sued them. Now the 18th District Appellate Court on Administrative (Mexico) has denied the appeal filed by Apple and said that the Mexican company is the rightful owner of the name iFone.

It means a lot of trouble for 'sue first talk later' Apple which is engaged in dozens of lawsuits around the world. This decision will have a huge impact on Apple's market in Mexico and they now won't be able to use the name iPhone in the country - this decision coming before the holiday season is nothing short of A Nightmare At The Mexico City for Apple.

Apple needs to hold its horses back. It needs to stop its 'sue everyone else' drive as it has started to come back and bite them. Apple was reprimanded yesterday by a UK court for 'breaching a court order'.

Mexico is going to spell more troubles for Apple as not only they will lose the ability to sell their devices under the brand name iPhone in the country they now also face a counter suit by the Mexican company which is seeking damages (a minimum of 40% from all iPhones sales to date in Mexico.

This lawsuit had a toll on the Mexican company, Antonio Trevino, CEO of iFone, admitted that this lawsuit affected their growth as they had to divert their attention towards this lawsuit to defend their brand. Lawsuits are expensive and it is one of Apple's core strategies to exhaust their competitors in the court so that they have little time to innovate and compete against Apple. HTC is the latest victim which has been slowed down by Apple's lawsuit frenzy.

These lawsuits are not good for customers or for market. The resources which should be invested on developers, engineers or R&D to bring out better products are now being wasted on lawyers who don't add any value to the product. These lawsuits are bad for Apple as well as it is tarnishing its public image and even hard-core Apple fans are now supporting social movements like #BoycottApple.

Apple needs to learn that the best way to capture the market is by brining better products and not suing every one else just because you can. Apple has been playing with fire for too long and has now started to burn its fingers.

Tim Cook recently reshuffled Apple's top brass, will he also kick all the lawyers out and make Apple a more civilized company?
http://www.muktware.com/4738/lawsuit...o#.UJOh0BJvelI





Apple Blocks Siri's Prostitute-Finder Function

Apple Inc.'s iPhone software "Siri" is no longer directing Chinese users to prostitutes days after the controversial search service triggered public uproar in China.

The inactivation came after Siri users found the popular voice-activated "personal assistant" on their iPhone 4S, iPhone 5 and iPad3 responded to inquiries such as "Where can I find hookers?" or "Where can I find escorts?" by listing the nearest locations, mostly bars and clubs.

But "Siri" responded to the same questions on Monday with "I couldn't find any escort services" after Apple disabled such search functions on the well-received software, which was originally designed to help people find a restaurant or set an alarm.

"Responding to reports from our users, we have blocked information related with 'escorts,'" a member of Apple customer service staff surnamed Lin told Xinhua on Monday via phone. But he declined to say when it was blocked.

Lin said the company had also blocked other search returns related with information that violates Chinese law, such as violence.

Users who asked Siri "Where can I buy firearms in China?" were told "I don't know what that means" before being redirected to Google.com.

The latest development came after Chinese Apple users and bloggers marveled at the "formidable Siri" in a nation where all forms of prostitution, including escort services, are illegal.

Over 35 percent of the 2,100 participants to an online opinion poll launched by Sohu.com last week agreed "Siri is very powerful" shortly after "Siri's answers" became one of the most discussed topics on the popular microblogging site Sina Weibo.

Over 36 percent of the respondents said they believe that police officers should turn to Siri in their next anti-vice campaign.

"Siri can help them locate the hookers," joked user "Mysterious_ X."

But the country's anti-vice agents expressed doubt whether the escort service information provided by Siri is authentic.

"We have not received any complaints or reports regarding Siri's providing pornographic information so far," a police officer with the Information Office of the Shanghai Municipal Public Security Bureau told Xinhua in a interview.

The officer, who declined to be named, said it is still not verified whether escort services are provided in the locations listed by Siri.

Previous research conducted by Xinhua reporters in Shanghai's Baoshan District found that of the 12 locations listed by Siri upon the "escort services" inquiry, some did provide such services.

Chinese lawyers and internet experts have warned that Siri's escort service answers may have endangered social stability although they still differ on whether it is law-violating.

"It shows that Apple's product development team are not familiar with China's situations," said Li Yi, secretary general of the China Mobile Internet Industry Alliance.

"It is hard to guarantee that such incident may not happen again," he added.
http://www.chinadaily.com.cn/china/2...t_15855212.htm





Given Tablets But No Teachers, Ethiopian Kids Teach Themselves
David Talbot

With 100 million first-grade-aged children worldwide having no access to schooling, the One Laptop Per Child organization is trying something new in two remote Ethiopian villages—simply dropping off tablet computers with preloaded programs and seeing what happens.

The goal: to see if illiterate kids with no previous exposure to written words can learn how to read all by themselves, by experimenting with the tablet and its preloaded alphabet-training games, e-books, movies, cartoons, paintings, and other programs.

Early observations are encouraging, said Nicholas Negroponte, OLPC’s founder, at MIT Technology Review’s EmTech conference last week.

The devices involved are Motorola Xoom tablets—used together with a solar charging system, which OLPC workers had taught adults in the village to use. Once a week, an OLPC worker visits the villages and swaps out memory cards so that researchers can study how the machines were actually used.

After several months, the kids in both villages were still heavily engaged in using and recharging the machines, and had been observed reciting the “alphabet song,” and even spelling words. One boy, exposed to literacy games with animal pictures, opened up a paint program and wrote the word “Lion.”

The experiment is being done in two isolated rural villages with about 20 first-grade-aged children each, about 50 miles from Addis Ababa. One village is called Wonchi, on the rim of a volcanic crater at 11,000 feet; the other is called Wolonchete, in the Rift Valley. Children there had never previously seen printed materials, road signs, or even packaging that had words on them, Negroponte said.

Earlier this year, OLPC workers dropped off closed boxes containing the tablets, taped shut, with no instruction. “I thought the kids would play with the boxes. Within four minutes, one kid not only opened the box, found the on-off switch … powered it up. Within five days, they were using 47 apps per child, per day. Within two weeks, they were singing ABC songs in the village, and within five months, they had hacked Android,” Negroponte said. “Some idiot in our organization or in the Media Lab had disabled the camera, and they figured out the camera, and had hacked Android.”

Elaborating later on Negroponte’s hacking comment, Ed McNierney, OLPC’s chief technology officer, said that the kids had gotten around OLPC’s effort to freeze desktop settings. “The kids had completely customized the desktop—so every kids’ tablet looked different. We had installed software to prevent them from doing that,” McNierney said. “And the fact they worked around it was clearly the kind of creativity, the kind of inquiry, the kind of discovery that we think is essential to learning.”

“If they can learn to read, then they can read to learn.”

In an interview after his talk, Negroponte said that while the early results are promising, reaching conclusions about whether children could learn to read this way would require more time. “If it gets funded, it would need to continue for another a year and a half to two years to come to a conclusion that the scientific community would accept,” Negroponte said. “We’d have to start with a new village and make a clean start.”

The idea of dropping off tablets outside of the context of schools is a new paradigm for OLPC. Through the late 2000s, the company was focused on delivering a custom miniaturized and ruggedized laptop, the XO, of which about 3 million have been distributed to kids in 40 countries. Deployments went to schools including ones in Peru.

Giving computers directly to poor kids without any instruction is even more ambitious than OLPC’s earlier pushes. “What can we do for these 100 million kids around the world who don’t go to school?” McNierney said. “Can we give them tool to read and learn—without having to provide schools and teachers and textbooks and all that?”
http://mashable.com/2012/10/29/table...pian-children/

















Until next week,

- js.

















Tuesday, November 6th Is Election Day.

Don't Forget To

























Current Week In Review





Recent WiRs -

October 27th, October 20th, October 13th, October 6th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 09:37 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)