P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 09-10-13, 01:39 PM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - October 12th, '13

Since 2002


































"There are still plenty of opportunities to earn a living making music fans love." – Timothy B. Lee






































October 12th, 2013




Why Internet Pirates Are Saving The Entertainment Industry From Itself
Harrison Jacobs

Major entertainment organizations in the U.S. have spent more than a decade trying to convince the American public that file-sharing and illegal downloading are killing their industries.

The R.I.A.A., the M.P.A.A., and others have waged legal battle after legal battle against major internet companies and their own customers. Instead of trying to find digital business models that work, the media organizations are trying to find new ways to stop file-sharers from accessing content.

They miss the point: file-sharers are their best customers, often times, precisely because they have more access to content.

OfCom, the U.K.’s version of the Federal Communications Commission, did a study last year on the entertainment-consuming habits of internet users in the U.K. and found something surprising. The large segment of the population who reported consuming entertainment via both legal and illegal means consistently spent far more than people who only consumed via legal means.

In some cases, these “hybrid pirates” spent three times as much as the law abiding citizen. Now, admittedly, the pirates who only downloaded content illegally spent far less, but they constitute only 4% of the population.

From Ofcom's study: http://static1.businessinsider.com/i...com-pirate.png

http://stakeholders.ofcom.org.uk/bin...ight/Intro.pdf

The reason that these hybrids spend far more than their legal counterparts is simple: they’re more engaged. They watch more movies, listen to more music, and watch more television. These are your fanboys, your TV junkies, and your super fans.

The R.I.A.A. even conceded this point when a Columbia University study found similarly. Yet their response, via Joshua Friedlander, Vice President of Research and Strategic Analysis at RIAA, was confusing at best:

In reality, the comparison is unfair – what it’s comparing is people who are interested in music with people who might not be interested at all. Of course people interested in music buy more.

Wait what?

The question that Friedlander really needs to be asking is: if file-sharing became impossible, would the illegal file-shares convert to sales? Sure, some of them would convert, but it seems unlikely that most would.

People have a limited supply of disposable income. We imagine that if highly-engaged customers could not get the content for free, they would simply consume less music.

A 2013 report by the European Commission’s Joint Research Centre on online music consumption in France, Germany, Italy, Spain and the UK, which looked at clicks and visits to legal and illegal services, found that the majority of music consumed illegally would not have been consumed if it was not freely available.

The study even found that access to streaming services had “a stimulating effect … on the sales of digital music.”

The other side of this story is that, when it comes to music, record sales may have gone down, but the music industry is making money in other areas. See this chart from the London School of Economics and Political Science's policy brief on file-sharing, released last month:

http://static4.businessinsider.com/i...y%20trends.jpg

The dip in record sales over the last ten years has been mirrored by a rise in concert revenue. Perhaps this is because highly-engaged music fans are paying for less recorded music and using that extra disposal income to see more acts in concert.

If the R.I.A.A. wants a model for how to do business in the digital age, it should take a look at superstar DJ Derek Vincent Smith, who goes by the name Pretty Lights. Smith has been DJing since 2006 and released four albums and a myriad of mixtapes. He also gave every single one away for free (and still does) on his website. In fact the accessibility of his music played a huge part in his popularity.

“It’s created a very loyal and respectful connection between myself and my fanbase…” Smith said during an interview with KAMP radio in 2012.

By providing music for free, Smith has employed a “pay-what-you-think-I’m-worth” strategy to fans and the music industry. He tours relentlessly, sells merchandise, and maintains a direct e-mailing list with his fans. He also sells physical copies of his music on his website but adds extra content to appeal to his diehard fans.

His newest album, A Color Map of the Sun, which he also provided for free, ended up making it to #2 on Billboard’s dance/electronic music charts (behind only Daft Punk’s massive Random Access Memories album).

Comedian Louis C.K. has led the charge among entertainers looking to forge a similar model. C.K. came up through traditional means of distribution but, in 2011, he decided to try a new model—Internet distribution.

C.K. has long had an easy, aw-shucks decorum with his fans. When he decided to release his new comedy special on his website, he wrote a lengthy memo detailing how he was using his own money to fund the special and asking people not to steal it.

He provided the special at a low entry cost ($5), without digital-rights management software embedded (unlike the majority of content you purchase legally online) so it could be shared, and let his fans make the choice.

Eleven days after its release, C.K. reported on Late Night with Jimmy Kimmel that the special had grossed $1.1 million. Popular comedians such as Aziz Ansari and Jim Gaffigan have followed suit with their most recent specials.

C.K’s letter to fans after the release just shows how C.K. “gets it” while the big media companies simply don’t:

…[Traditional media companies would have charged you about $20 for the video. They would have given you an encrypted and regionally restricted video of limited value, and they would have owned your private information for their own use. They would have withheld international availability indefinitely. This way, you only paid $5, you can use the video any way you want, and you can watch it in Dublin, whatever the city is in Belgium, or Dubai. I got paid nice, and I still own the video (as do you). You never have to join anything, and you never have to hear from us again.

In the OfCom study from 2012, the researchers found that the most common reasons pirates downloaded or streamed content illegally was because it was free (54%), convenient (48%), quick (44%), and because they could try before they buy (26%). Those responses are telling.

The distribution methods that the R.I.A.A., the M.P.A.A. and others have deemed legitimate are not as easy, convenient, or portable as the illegal ones. A large number of these pirates use illegal methods because the legal methods are just not as good.

Here’s the interesting part of that study, a quarter of the people said they file-shared because they wanted to try before they bought. That’s what Derek Vincent Smith picked up on with Pretty Lights. If he could prove that his music was worth paying for, by letting people listen to it, eventually they would. He knew it was only a matter of time. He was right.

The media companies are going to have to accept that people are going to support content in a myriad of ways—live concerts, ad-supported or subscription streaming services, one-off digital downloads. Once they stop suing customers and websites and accept that file-sharing often convinces their customers to consume more, they'll figure out what customers are actually looking for.

Entertainers are starting to figure it out. Media companies better figure it out soon too or they really will become extinct.

Read more: http://www.businessinsider.com/file-...#ixzz2hVntiK7L





Whatever Happened to "Due Process" ?
Mark Jeftovic

This morning I received the following email:

Classification: NOT PROTECTIVELY MARKED

Dear Sir or Madam,

Re: Website domain name suspension request #2

On the 24th September 2013, EasyDNS Technologies was emailed a domain suspension request for the following domain(s) that to date we have not received a reply nor seen action taken:

[redacted].com [IP redacted]

The domain(s) continues to be accessible by members of the public and is still making illicit financial gains for the criminals operating it. It would be appreciated if you would respond either positively or negatively to this request confirming if you will assist Police in preventing this ongoing crime.

Kind regards,


The request came from The City of London (UK) Police Intellectual Property Crime Unit, and it had me thinking about this issue all morning, whether I should write anything about it, etc. It's a strongly worded email "The domain(s) continues to be accessible by members of the public and is still making illicit financial gains for the criminals operating it." Ok, what exactly makes the website operators criminals (the website in question is a bittorrent search engine, I don't even think they're hosting the torrent files locally).

It wasn't until I got to the office that I realized that there was a PDF attached to the email request, in it were further details/instructions:

• It referenced the section 5.5.2.1.3 of the ICANN RAA which states "accreditation as a Registrar can be terminated if the Registrar is found to have ‘permitted illegal activity in the registration or use of domain names’." (Although I cannot find this text in the current RAA)

• It requests that we freeze the whois record and permit no further changes to it.

• It directs us to redirect the DNS for the domain to 83.138.166.114

• It "reserves the right" to refer the matter to ICANN After I read the attached order I realized I had to post because this opens all kinds of thorny philosophical issues which we've been talking about for years. The lack of any semblance of due process when it comes to domain name takedowns.

Who decides what is illegal? What makes somebody a criminal? Given that the subtext of the request contains a threat to refer the matter to ICANN if we don't play along, this is a non-trivial question. Correct me if I'm wrong, but I always thought it was something that gets decided in a court of law, as opposed to "some guy on the internet" sending emails. While that's plenty reason enough for some registrars to take down domain names, it doesn't fly here.

We have an obligation to our customers and we are bound by our Registrar Accreditation Agreements not to make arbitrary changes to our customers settings without a valid FOA (Form of Authorization). To supersede that we need a legal basis. To get a legal basis something has to happen in court.

The request also suggests we look at the whois contact information for the domain (which looks perfectly valid) and go ahead and suspend the domain based on invalid whois data. Again, there's a process for that, you have to go through the ICANN Whois Inaccuracy Complaint process and most of the time that doesn't result in a takedown anyway.

What gets me about all of this is that the largest, most egregious perpetrators of online criminal activity right now are our own governments, spying on their own citizens, illegally wiretapping our own private communications and nobody cares, nobody will answer for it, it's just an out-of-scope conversation that is expected to blend into the overall background malaise of our ever increasing serfdom.

If I can't make various governments and law enforcement agencies get warrants or court orders before they crack my private communications then I can at least require a court order before I takedown my own customer.

Before anybody tells me "this is just some bittorrent domain, just take it down", remember what we said back in 2010: First They Came For the File Sharing Domains.

About a week after that was posted Senator Lieberman and friends went batshit crazy trying to take down wikileaks. Why? Egregious truth telling. Again, this is the entire point of due process it's there to keep us collectively away from the top end of the slippery slope.

Unfortunately, we're most of the way down that slope and into the mud of blatant mass online surveillance – the next phase will be concerted repression of inconvenient truth-tellers and facts. - See more at: http://blog.easydns.org/2013/10/08/w....DpjTO5qP.dpuf
http://blog.easydns.org/2013/10/08/w...o-due-process/





The NSA is Trying to Crack Tor. The State Department is Helping Pay for it.
Andrea Peterson

A deluge of information about the NSA's work to undermine the anonymity of Tor users hit the Internet on Friday thanks to documents from former NSA contractor Edward Snowden. The revelations highlight the government's internal struggle over how to react to anonymity online. While the NSA is working around the clock to undermine Tor's anonymity, other branches of the federal government are helping fund that same service.

Tor is a service that lets people surf the Internet anonymously. My colleague Tim explains the basics here, but using names like MOTHMONSTER, EGOTISTICALGOAT and, most recently, EGOTISTICALGIRAFFE, the NSA has been reportedly waging an ever-evolving stealth campaign against the service for years. The campaign included searching for zero-day vulnerabilities, weaknesses the developers haven't discovered or patched yet, in new versions of the Firefox browser when old defensive cracks were fixed. But the 2007 documents released Friday suggest that the agency's efforts only allow them to unmask individual users. Mass surveillance isn't possible.

That the agency was looking for ways to break Tor encryption isn't particularly surprising. While Tor is used by activists and journalists, it also allowed users to visit a seedy underbelly of the Internet where online drug markets like the recently shuttered Silk Road and child pornography sites are hosted. Director of National Intelligence James Clapper issued a statement responding to the Tor reports, saying "the Intelligence Community’s interest in online anonymity services and other online communication and networking tools is based on the undeniable fact that these are the tools our adversaries use to communicate and coordinate attacks against the United States and our allies."

But their interest in cracking privacy tools is in direct conflict with efforts in other parts of the U.S. government — especially the State Department, which supports the aforementioned activist and journalist Tor users. In 2013, the State Department and USAID awarded $25 million to groups working on Internet freedom issues, like "supporting counter-censorship and secure communications technology, digital safety training and policy and research programs for people facing Internet repression."

During the Arab Spring, that meant training people to use tools like Tor to escape censorship and retaliation. In 2012, Time magazine reported that American-backed instructors were teaching bloggers covering the Syrian civil war how to use Tor and other counter-surveillance measures.

The State Department is helping fund Tor. In fact, government funding through the Naval Research Laboratory helped privacy advocates develop Tor more than a decade ago, and federal sources pick up around 60 percent of the development tab today.

During a talk at a Washington, D.C., church last month, former NSA and CIA chief Michael Hayden said the issue of anonymity was about our government's approach to the Internet.

"Is our vision of the World Wide Web the global digital commons — at this point you should see butterflies flying here and soft background meadow-like music — or a global free fire zone?" he asked. And Hayden, who helped build the intelligence agency's response to the digital age, was pretty clear about how he viewed it, saying "the problem I have with the Internet is that it’s anonymous."
http://www.washingtonpost.com/blogs/...ng-pay-for-it/





Attacking Tor: How the NSA Targets Users' Online Anonymity

Secret servers and a privileged position on the internet's backbone used to identify users and attack target computers
Bruce Schneier

Tor is a well-designed and robust anonymity tool, and successfully attacking it is difficult. Photograph: Magdalena Rehova/Alamy

The online anonymity network Tor is a high-priority target for the National Security Agency. The work of attacking Tor is done by the NSA's application vulnerabilities branch, which is part of the systems intelligence directorate, or SID. The majority of NSA employees work in SID, which is tasked with collecting data from communications systems around the world.

According to a top-secret NSA presentation provided by the whistleblower Edward Snowden, one successful technique the NSA has developed involves exploiting the Tor browser bundle, a collection of programs designed to make it easy for people to install and use the software. The trick identified Tor users on the internet and then executes an attack against their Firefox web browser.

The NSA refers to these capabilities as CNE, or computer network exploitation.

The first step of this process is finding Tor users. To accomplish this, the NSA relies on its vast capability to monitor large parts of the internet. This is done via the agency's partnership with US telecoms firms under programs codenamed Stormbrew, Fairview, Oakstar and Blarney.

The NSA creates "fingerprints" that detect http requests from the Tor network to particular servers. These fingerprints are loaded into NSA database systems like XKeyscore, a bespoke collection and analysis tool which NSA boasts allows its analysts to see "almost everything" a target does on the internet.

Using powerful data analysis tools with codenames such as Turbulence, Turmoil and Tumult, the NSA automatically sifts through the enormous amount of internet traffic that it sees, looking for Tor connections.

Last month, Brazilian TV news show Fantastico showed screenshots of an NSA tool that had the ability to identify Tor users by monitoring internet traffic.

The very feature that makes Tor a powerful anonymity service, and the fact that all Tor users look alike on the internet, makes it easy to differentiate Tor users from other web users. On the other hand, the anonymity provided by Tor makes it impossible for the NSA to know who the user is, or whether or not the user is in the US.

After identifying an individual Tor user on the internet, the NSA uses its network of secret internet servers to redirect those users to another set of secret internet servers, with the codename FoxAcid, to infect the user's computer. FoxAcid is an NSA system designed to act as a matchmaker between potential targets and attacks developed by the NSA, giving the agency opportunity to launch prepared attacks against their systems.

Once the computer is successfully attacked, it secretly calls back to a FoxAcid server, which then performs additional attacks on the target computer to ensure that it remains compromised long-term, and continues to provide eavesdropping information back to the NSA.

Exploiting the Tor browser bundle

Tor is a well-designed and robust anonymity tool, and successfully attacking it is difficult. The NSA attacks we found individually target Tor users by exploiting vulnerabilities in their Firefox browsers, and not the Tor application directly.

This, too, is difficult. Tor users often turn off vulnerable services like scripts and Flash when using Tor, making it difficult to target those services. Even so, the NSA uses a series of native Firefox vulnerabilities to attack users of the Tor browser bundle.

According to the training presentation provided by Snowden, EgotisticalGiraffe exploits a type confusion vulnerability in E4X, which is an XML extension for Javascript. This vulnerability exists in Firefox 11.0 – 16.0.2, as well as Firefox 10.0 ESR – the Firefox version used until recently in the Tor browser bundle. According to another document, the vulnerability exploited by EgotisticalGiraffe was inadvertently fixed when Mozilla removed the E4X library with the vulnerability, and when Tor added that Firefox version into the Tor browser bundle, but NSA were confident that they would be able to find a replacement Firefox exploit that worked against version 17.0 ESR.

The Quantum system

To trick targets into visiting a FoxAcid server, the NSA relies on its secret partnerships with US telecoms companies. As part of the Turmoil system, the NSA places secret servers, codenamed Quantum, at key places on the internet backbone. This placement ensures that they can react faster than other websites can. By exploiting that speed difference, these servers can impersonate a visited website to the target before the legitimate website can respond, thereby tricking the target's browser to visit a Foxacid server.

In the academic literature, these are called "man-in-the-middle" attacks, and have been known to the commercial and academic security communities. More specifically, they are examples of "man-on-the-side" attacks.

They are hard for any organization other than the NSA to reliably execute, because they require the attacker to have a privileged position on the internet backbone, and exploit a "race condition" between the NSA server and the legitimate website. This top-secret NSA diagram, made public last month, shows a Quantum server impersonating Google in this type of attack.

The NSA uses these fast Quantum servers to execute a packet injection attack, which surreptitiously redirects the target to the FoxAcid server. An article in the German magazine Spiegel, based on additional top secret Snowden documents, mentions an NSA developed attack technology with the name of QuantumInsert that performs redirection attacks. Another top-secret Tor presentation provided by Snowden mentions QuantumCookie to force cookies onto target browsers, and another Quantum program to "degrade/deny/disrupt Tor access".

This same technique is used by the Chinese government to block its citizens from reading censored internet content, and has been hypothesized as a probable NSA attack technique.

The FoxAcid system

According to various top-secret documents provided by Snowden, FoxAcid is the NSA codename for what the NSA calls an "exploit orchestrator," an internet-enabled system capable of attacking target computers in a variety of different ways. It is a Windows 2003 computer configured with custom software and a series of Perl scripts. These servers are run by the NSA's tailored access operations, or TAO, group. TAO is another subgroup of the systems intelligence directorate.

The servers are on the public internet. They have normal-looking domain names, and can be visited by any browser from anywhere; ownership of those domains cannot be traced back to the NSA.

However, if a browser tries to visit a FoxAcid server with a special URL, called a FoxAcid tag, the server attempts to infect that browser, and then the computer, in an effort to take control of it. The NSA can trick browsers into using that URL using a variety of methods, including the race-condition attack mentioned above and frame injection attacks.

FoxAcid tags are designed to look innocuous, so that anyone who sees them would not be suspicious. An example of one such tag [LINK REMOVED] is given in another top-secret training presentation provided by Snowden.

There is no currently registered domain name by that name; it is just an example for internal NSA training purposes.

The training material states that merely trying to visit the homepage of a real FoxAcid server will not result in any attack, and that a specialized URL is required. This URL would be created by TAO for a specific NSA operation, and unique to that operation and target. This allows the FoxAcid server to know exactly who the target is when his computer contacts it.

According to Snowden, FoxAcid is a general CNE system, used for many types of attacks other than the Tor attacks described here. It is designed to be modular, with flexibility that allows TAO to swap and replace exploits if they are discovered, and only run certain exploits against certain types of targets.

The most valuable exploits are saved for the most important targets. Low-value exploits are run against technically sophisticated targets where the chance of detection is high. TAO maintains a library of exploits, each based on a different vulnerability in a system. Different exploits are authorized against different targets, depending on the value of the target, the target's technical sophistication, the value of the exploit, and other considerations.

In the case of Tor users, FoxAcid might use EgotisticalGiraffe against their Firefox browsers.

FoxAcid servers also have sophisticated capabilities to avoid detection and to ensure successful infection of its targets. One of the top-secret documents provided by Snowden demonstrates how FoxAcid can circumvent commercial products that prevent malicious software from making changes to a system that survive a reboot process.

According to a top-secret operational management procedures manual provided by Snowden, once a target is successfully exploited it is infected with one of several payloads. Two basic payloads mentioned in the manual, are designed to collect configuration and location information from the target computer so an analyst can determine how to further infect the computer.

These decisions are made in part by the technical sophistication of the target and the security software installed on the target computer; called Personal Security Products or PSP, in the manual.

FoxAcid payloads are updated regularly by TAO. For example, the manual refers to version 8.2.1.1 of one of them.

FoxAcid servers also have sophisticated capabilities to avoid detection and to ensure successful infection of its targets. The operations manual states that a FoxAcid payload with the codename DireScallop can circumvent commercial products that prevent malicious software from making changes to a system that survive a reboot process.

The NSA also uses phishing attacks to induce users to click on FoxAcid tags.

TAO additionally uses FoxAcid to exploit callbacks – which is the general term for a computer infected by some automatic means – calling back to the NSA for more instructions and possibly to upload data from the target computer.

According to a top-secret operational management procedures manual, FoxAcid servers configured to receive callbacks are codenamed FrugalShot. After a callback, the FoxAcid server may run more exploits to ensure that the target computer remains compromised long term, as well as install "implants" designed to exfiltrate data.

By 2008, the NSA was getting so much FoxAcid callback data that they needed to build a special system to manage it all.
http://www.theguardian.com/world/201...line-anonymity





Skype Under Investigation in Luxembourg Over Link to NSA

Ten years ago, the calling service had a reputation as a tool for evading surveillance but now it is under scrutiny for covertly passing data to government agencies
Ryan Gallagher

Skype is being investigated by Luxembourg's data protection commissioner over concerns about its secret involvement with the US National Security Agency (NSA) spy programme Prism, the Guardian has learned.

The Microsoft-owned internet chat company could potentially face criminal and administrative sanctions, including a ban on passing users' communications covertly to the US signals intelliigence agency.

Skype itself is headquartered in the European country, and could also be fined if an investigation concludes that the data sharing is found in violation of the country's data-protection laws.

The Guardian understands that Luxembourg's data-protection commissioner initiated a probe into Skype's privacy policies following revelations in June about its ties to the NSA.

The country's data-protection chief, Gerard Lommel, declined to comment for this story, citing an ongoing investigation. Microsoft also declined to comment on the issue.

Luxembourg has attracted several large corporations, including Amazon and Netflix, due to its tax structure.

Its constitution enshrines the right to privacy and states that secrecy of correspondence is inviolable unless the law provides otherwise. Surveillance of communications in Luxembourg can only occur with judicial approval or by authorisation of a tribunal selected by the prime minister.

However, it is unclear whether Skype's transfer of communications to the NSA have been sanctioned by Luxembourg through a secret legal assistance or data transfer agreement that would not be known to the data protection commissioner at the start of their inquiry.

Microsoft's acquisition of Skype tripled some types of data flow to NSA, according to top-secret documents seen by the Guardian. In July last year, nine months after Microsoft the internet phone company, the NSA boasted that a new capability had tripled the amount of Skype video calls being collected through Prism.

Microsoft bought Skype for $8.5bn (£5.6bn) in 2011.

The US software giant was the first technology group to be brought within the NSA initative known as Prism, a scheme involving some of the internet's biggest consumer companies passing data on targeted users to the US under secret court orders.

Having once been considered a secure chat tool beyond the reach of government eavesdropping, Skype is now facing a backlash in the wake of the Prism revelations.

"The only people who lose are users," says Eric King, head of research at human rights group Privacy International. "Skype promoted itself as a fantastic tool for secure communications around the world, but quickly caved to government pressure and can no longer be trusted to protect user privacy."
Skype's legacy of encryption and security

Founded in Scandinavia in 2003, Skype was designed to connect callers through an encrypted peer-to-peer internet connection, meaning audio conversations between Skype users are not routed over a centralised network like conventional phone calls. Video and chat connections are also encrypted.

Attracting millions of users worldwide – 12.9 million people had registered to use the service by 2004, and by 2011 that figure had reached more than 600 million – Skype's reputation for privacy and security led to it being adopted by journalists and activists as a tool to evade government surveillance. But some criminals, too, turned to the tool to dodge law enforcement agencies – frustrating police, who had previously been able to eavesdrop on suspects' conversations by 'wiretapping' phone lines.

A turning point came in 2005, when US company eBay purchased Skype for $2.6bn (£1.6bn). The same year, Skype formed a joint venture with Hong Kong-based internet company Tom Online to launch a Chinese version of Skype, which was tweaked to be compliant with dragnet surveillance.
Skype China customised for monitoring

A former Skype engineer, who declined to be named because of the sensitive nature of the issue, told the Guardian that the company worked to build in a "listening element" to help Chinese authorities monitor users' communications for keywords, triggering a warning to alert the government when certain phrases get typed into its chat interface.

In response to questions about suspected monitoring of Skype chats in China, Skype has previously stated that its software is made available in the country "through a joint venture with Tom Online. As majority partner in the joint venture, Tom has established procedures to meet its obligations under local laws."

While publicly insisting it was unable to help law enforcement agencies eavesdrop on calls, Skype set up a secretive internal initiative called "Project Chess" to explore how it could make calls available to authorities, according to a New York Times report published in June.

A year later, Skype was purchased from eBay by an investor group including US private equity firms Silver Lake and Andreessen Horowitz. During this period, work began on integrating Skype into the NSA's Prism program, documents leaked by NSA whistleblower Edward Snowden have revealed.
The first 'eavesdropped' Skype call

In February 2011, according to the NSA files, Skype was served with a directive to comply with NSA surveillance signed by the US attorney general. Within days, the spy agency reported that it had successfully eavesdropped on a Skype call. And when Microsoft acquired Skype in May 2011, the relationship with the NSA appears to have intensified.

Caspar Bowden, who served as Microsoft's chief privacy adviser between 2002 and 2011 and left shortly before the completion of its Skype takeover, says he was not surprised to learn the company had complied with the NSA's surveillance of the chat tool.

While working for Microsoft, Bowden says he was not privy to details of secret data-collection programs – but fully briefed the company on the dangers of US spy law the Foreign Intelligence Surveillance Act (FISA) for the privacy of its international cloud customers. He was met with a "wall of silence," he says.

A letter obtained by the Guardian, sent by Skype's corporate vice president Mark Gillett to Privacy International in September 2012, suggested that group video calls and instant messages could be obtained by law enforcement because they are routed through its central servers and "may be temporarily stored."

But Gillett also said in the letter that audio and one-to-one video calls made using Skype's "full client" on computers were encrypted and did not pass through central servers – implying that the company could not help authorities intercept them.

Separately, in July 2012, Skype contributed to UK parliamentary committee hearings on the government's proposed expansion of surveillance powers under the controversial communications data bill. Skype representative Stephen Collins claimed in testimony to the committee that "there are no keys held by Skype to decrypt communications."

Microsoft calls for more government transparency

Skype told the Guardian that it would not answer technical questions about how it turns over calls to the authorities or comment on the extent of its compliance with US surveillance. The company insisted the information it provided the UK parliament was accurate, though would not explain apparent discrepancies between its public statements and access to Skype calls claimed by the NSA.

In a statement, Skype said it believed that the world needed "a more open and public discussion" about the balance between privacy and security but accused the US government of stifling the conversation.

"Microsoft believes the US constitution guarantees our freedom to share more information with the public, yet the government is stopping us," a spokesperson for Skype said, referring to an ongoing legal case in which Microsoft is seeking permission to disclose more information about the number of surveillance requests it receives.

However, the law that underpins the Prism program – FISA – allows the NSA to target not only suspected terrorists and spies, but also "foreign-based political organisations," which could encompass an array of advocacy groups and potentially news organisations, too.
'Journalists should avoid Skype'

Grégoire Pouget, an information security expert at Reporters Without Borders, believes that journalists should not underestimate the risks posed by NSA Skype surveillance.

"It is what many of us feared, and now we know for sure," Pouget says. "If you are a journalist working on issues that could interest the US government or some of their allies, you should not use Skype."

Although the NSA has access to at least some Skype calls, it remains unclear whether police and security agencies outside the US enjoy a similar level of access.

Hacking Team, an Italian company, sells surveillance software to law enforcement and intelligence agencies in 30 countries that allows authorities to covertly infiltrate computers with spyware that records communications before they are encrypted. The Milan-based firm explicitly markets the Trojan tool as a means to get access to Skype conversations – and says authorities still frequently complain about a lack of ability to eavesdrop on Skype calls.

"When you talk to law enforcement about what their concerns are, they'll right away mention Skype," says Eric Rabe, Hacking Team's spokesman.

Rabe declines to name customers, citing confidentiality agreements, but says Hacking Team's business has been "growing very nicely" in recent years. The company's public accounts show that its revenue more than doubled from $5.3m in 2010 to a projected $11.8m in 2012.
The new wave of encrypted services

At the opposite end of the spectrum, new companies are now emerging in response to fears about surveillance of Skype, promising users access to encrypted chat tools that do not have secret 'backdoors' for NSA surveillance.

Washington DC-based Silent Circle is one such company, going to extraordinary lengths to shield customers against spying. With founders including Phil Zimmermann, who devised the Pretty Good Privacy (PGP) email encryption product, and a former Navy Seal, Silent Circle offers a series of encrypted phone apps and a Skype-style internet chat platform.

It is registered as an offshore company and uses computer servers outside the US in a bid to evade government coercion. It recently closed its own encrypted email service because it could not guarantee security, and said it would focus instead on chat and telephony.

The FBI has already held meetings with Silent Circle, according to CEO Mike Janke, accusing it of being a "ghost provider" that could cause harm to the US because it stores virtually no information about its users' communications.

But Janke, a 45-year-old former Navy Seal sniper, says his company will not cede to government pressure to secretly comply with surveillance. "I feel that we can use Skype as a template," Janke says, "for what we don't want to do."
http://www.theguardian.com/technolog...-microsoft-nsa





Selling Secrets of Phone Users to Advertisers
Claire Cain Miller and Somini Sengupta

Once, only hairdressers and bartenders knew people’s secrets.

Now, smartphones know everything — where people go, what they search for, what they buy, what they do for fun and when they go to bed. That is why advertisers, and tech companies like Google and Facebook, are finding new, sophisticated ways to track people on their phones and reach them with individualized, hypertargeted ads. And they are doing it without cookies, those tiny bits of code that follow users around the Internet, because cookies don’t work on mobile devices.

Privacy advocates fear that consumers do not realize just how much of their private information is on their phones and how much is made vulnerable simply by downloading and using apps, searching the mobile Web or even just going about daily life with a phone in your pocket. And this new focus on tracking users through their devices and online habits comes against the backdrop of a spirited public debate on privacy and government surveillance.

On Wednesday, the National Security Agency confirmed it had collected data from cellphone towers in 2010 and 2011 to locate Americans’ cellphones, though it said it never used the information.

“People don’t understand tracking, whether it’s on the browser or mobile device, and don’t have any visibility into the practices going on,” said Jennifer King, who studies privacy at the University of California, Berkeley and has advised the Federal Trade Commission on mobile tracking. “Even as a tech professional, it’s often hard to disentangle what’s happening.”

Drawbridge is one of several start-ups that have figured out how to follow people without cookies, and to determine that a cellphone, work computer, home computer and tablet belong to the same person, even if the devices are in no way connected. Before, logging onto a new device presented advertisers with a clean slate.

“We’re observing your behaviors and connecting your profile to mobile devices,” said Eric Rosenblum, chief operating officer at Drawbridge. But don’t call it tracking. “Tracking is a dirty word,” he said.

Drawbridge, founded by a former Google data scientist, says it has matched 1.5 billion devices this way, allowing it to deliver mobile ads based on Web sites the person has visited on a computer. If you research a Hawaiian vacation on your work desktop, you could see a Hawaii ad that night on your personal cellphone.

For advertisers, intimate knowledge of users has long been the promise of mobile phones. But only now are numerous mobile advertising services that most people have never heard of — like Drawbridge, Flurry, Velti and SessionM — exploiting that knowledge, largely based on monitoring the apps we use and the places we go. This makes it ever harder for mobile users to escape the gaze of private companies, whether insurance firms or shoemakers.

Ultimately, the tech giants, whose principal business is selling advertising, stand to gain. Advertisers using the new mobile tracking methods include Ford Motor, American Express, Fidelity, Expedia, Quiznos and Groupon.

“In the old days of ad targeting, we give them a list of sites and we’d say, ‘Women 25 to 45,’ “ said David Katz, the former general manager of mobile at Groupon and now at Fanatics, the sports merchandise online retailer. “In the new age, we basically say, ‘Go get us users.’ “

In those old days — just last year — digital advertisers relied mostly on cookies. But cookies do not attach to apps, which is why they do not work well on mobile phones and tablets. Cookies generally do work on mobile browsers, but do not follow people from a phone browser to a computer browser. The iPhone’s mobile Safari browser blocks third-party cookies altogether.

Even on PCs, cookies have lost much of their usefulness to advertisers, largely because of cookie blockers.

Responding to this problem, the Interactive Advertising Bureau started a group to explore the future of the cookie and alternatives, calling current online advertising “a lose-lose-lose situation for advertisers, consumers, publishers and platforms.” Most recently, Google began considering creating an anonymous identifier tied to its Chrome browser that could help target ads based on user Web browsing history.

For many advertisers, cookies are becoming irrelevant anyway because they want to reach people on their mobile devices.

Yet advertising on phones has its limits.

For example, advertisers have so far had no way to know whether an ad seen on a phone resulted in a visit to a Web site on a computer. They also have been unable to connect user profiles across devices or even on the same device, as users jump from the mobile Web to apps.

Without sophisticated tracking, “running mobile advertising is like throwing money out the window. It’s worse than buying TV advertisements,” said Ravi Kamran, founder and chief executive of Trademob, a mobile app marketing and tracking service.

This is why a service that connects multiple devices with one user is so compelling to marketers.

Drawbridge, which was founded by Kamakshi Sivaramakrishnan, formerly at AdMob, the Google mobile ad network, has partnerships with various online publishers and ad exchanges. These send partners a notification every time a user visits a Web site or mobile app, which is considered an opportunity to show an ad. Drawbridge watches the notifications for behavioral patterns and uses statistical modeling to determine the probability that several devices have the same owner and to assign that person an anonymous identifier.

So if someone regularly checks a news app on a phone in bed each morning, browses the same news site from a laptop in the kitchen, visits from that laptop at an office an hour later and returns that night on a tablet in the same home, Drawbridge concludes that those devices belong to the same person. And if that person shopped for airplane tickets at work, Drawbridge could show that person an airline ad on the tablet that evening.

Ms. Sivaramakrishnan said its pinpointing was so accurate that it could show spouses different, personalized ads on a tablet they share. Before, she said, “ad targeting was about devices, not users, but it’s more important to understand who the user is.”

Similarly, if you use apps for Google Chrome, Facebook or Amazon on your cellphone, those companies can track what you search for, buy or post across your devices when you are logged in.

Other companies, like Flurry, get to know people by the apps they use.

Flurry embeds its software in 350,000 apps on 1.2 billion devices to help app developers track things like usage. Its tracking software appears on the phone automatically when people download those apps. Flurry recently introduced a real-time ad marketplace to send advertisers an anonymized profile of users the moment they open an app.

Profiles are as detailed as wealthy bookworms who own small businesses or new mothers who travel for business and like to garden. The company has even more specific data about users that it does not yet use because of privacy concerns, said Rahul Bafna, senior director of Flurry.

Wireless carriers know even more about us from our home ZIP codes, like how much time we spend on mobile apps and which sites we visit on mobile browsers. Verizon announced in December that its customers could authorize it to share that information with advertisers in exchange for coupons. AT&T announced this summer that it would start selling aggregated customer data to marketers, while offering a way to opt out.

Neither state nor federal law prohibits the collection or sharing of data by third parties. In California, app developers are required to post a privacy policy and to clearly state what personal information they collect and how they share it. Still, that leaves much mystery for ordinary mobile users.
http://www.nytimes.com/2013/10/06/te...vertisers.html





Both Hero and Villain, and Irresistible
David Carr

Before there was a documentary about WikiLeaks — before there was a major motion picture about its founder — Julian Assange was a star.

With his mysterious hacker back story and shock of silver hair, Mr. Assange burst into public consciousness in 2010 with WikiLeaks’ release of the Apache helicopter attack video and, in the process of revealing millions of secrets, unlocked a rarefied kind of fame.

An unfolding tale of a swashbuckling avatar against powerful forces was a movie trailer waiting to happen. The mythmaking was under way long before the spring release of “We Steal Secrets,” the documentary directed by Alex Gibney, and well in advance of the buildup to “The Fifth Estate,” the Bill Condon movie due Oct. 18, starring Benedict Cumberbatch as Mr. Assange.

The WikiLeaks-Assange story has snaked through countless twists and turns that played out on multiple platforms all over the world, scanning as a movie that has unfurled in real time. In that sense, the first film about WikiLeaks is the one that happened right in front of our eyes, one that left governments scrambling, media organizations gasping and regular people guessing about his next move.

Given its high profile and cinematic elements, the WikiLeaks tale was catnip to the movie industry. At one time, there were five films about Mr. Assange in development, with the documentary and the new drama eventually winning the race and going into production. The movies, each directed by an Academy Award winner, have sparked enormous discussion and remarkable pushback from WikiLeaks and its supporters.

It is a measure of our times, and perhaps Mr. Assange’s appetite for renown, that a technology designed to enable anonymity for whistle-blowers became an engine of celebrity. He is, even absent the attentions of Hollywood, one of the more recognizable faces on earth.

It helps that he inhabits the role of provocateur so well. Mr. Assange is Australian by birth, but his accent is transnational, reinforcing the impression that he is a new kind of human, a product of the Internet who lives on the digital grid and in our collective consciousness. But he wears white and black hats with equal ease. His critics say he has behaved carelessly, some say recklessly, a view of Mr. Assange that gained traction after he was sought for questioning about accusations of sexual assault in Sweden.

Handsome, dashing, conflicted and pursued, Mr. Assange is a kind of freelance spy who engages in black ops against powerful multinational interests. How different really is that from every Bourne movie you’ve ever seen? Sure, the damage he inflicts is with a flick of the mouse rather than a fusillade of gunfire, but his credentials as international man of intrigue are unassailable. And the fact that the peripatetic globe-trotter is now walled in by the Ecuadorean Embassy in London is a remarkably paradoxical third act.

“Even while he is attacking our movie, you can’t help but feel how vulnerable he is in this moment,” Mr. Condon said, adding that Mr. Assange was “stuck in a self-imposed cell, and there is something deeply tragic about that.”

Mr. Gibney said that Mr. Assange expresses, and for some people fulfills, a durable human impulse.

“People desperately need and want a hero, and here you have someone who can set up a computer and instantly be inside the neural pathways of the entire Web,” Mr. Gibney said. “It’s pretty hard to resist the story of a guy roaming the world armed with nothing more than his laptop.”

In both “The Fifth Estate” and “We Steal Secrets,” technology is a persistent character. In the same way that “The Insider” (1999) seemed to make reporters out to be action figures with weaponized cellphones — remember Al Pacino as Lowell Bergman whipping out a clunky cellphone as if it were an AK-47? — “The Fifth Estate” is rife with scenes of Mr. Assange rushing into a room and snapping open his computer with a flourish. Laptops never looked so sexy or powerful, and the WikiLeaks story often seems like a sequel to “Revenge of the Nerds” writ large.

By trying to stop the government’s digital bots from taking over our lives, Mr. Assange would seem to be fighting on behalf of all mankind. He is Tom Cruise in “Minority Report,” Harrison Ford in “Blade Runner” and Matt Damon in “Elysium.” But Mr. Assange also echoes a less modern cinematic type, the lone wolves of paranoid ‘70s cinema. As a man on the run, he brings to mind the C.I.A. analyst Robert Redford played in “3 Days of the Condor” or the reeling Dustin Hoffman being chased through “Marathon Man.” You can go even further back and find an analogue in Frank Sinatra in “The Manchurian Candidate.”

Then again, Mr. Assange is fond of saying he will crush an opponent “like a bug.” Through that prism, he is closer to a Bond villain — stateless, vaguely Euro-ish, with stunt hair and a remarkably cool demeanor.

But to understand the appeal of a character like Mr. Assange in the current cultural context, the small screen might be a better place to look. He is an outlaw who lives by his own code, as was Tony Soprano, but his closest counterpart is probably Carrie Mathison, the C.I.A. operative on “Homeland,” skilled and omniscient but with a messianic zeal that tends to create a great deal of collateral damage.

As a character, Mr. Assange contains traits of past screen figures who’ve worked outside the norm, like Matt Damon as Jason Bourne in “The Bourne Supremacy.”

On the big screen, the two movies cast Mr. Assange as a tragic and self-seeking figure, a leader of a cause that conflated his personal interests and the movement’s. Perhaps no one could shoulder the scrutiny that Mr. Assange has lived through, but he does not play the game of making nice with the media.

As I have written before, I once had lunch with Mr. Assange in the English countryside, and while he was enormously gracious, fun even, in showing me and my family around the farm where he was under house arrest, he was also reflexively provocative, somewhat hilariously insulting me and the place I work for.

In Mr. Assange’s paranoid worldview, large, multinational financial interests have had a secret handshake with governments, principally that of the United States, and have together prosecuted a war on privacy, freedom and economic fairness. The reason that paranoia is so appealing? He turned out to be mostly right.

Every time you open up a news site, the government seems to get its hands farther and farther up your skirt. In that sense, we are not just the audience in these movies; we are part of a target-rich environment, and so we root Mr. Assange on in spite of his shortcomings.

Mr. Assange has made it clear that he hates both films, which comes as no surprise from a man who sees agendas and lies everywhere he looks. Mr. Gibney’s film may be a work of journalism, but its rise-and-fall narrative did not sit well with its subject.

WikiLeaks put out an annotation of a partial script that takes issue with practically everything in the film, beginning with the title, which is described as “irresponsible libel.” The memo adds, “Not even critics in the film say that WikiLeaks steals secrets.” Mr. Gibney is accused of selective editing, underappreciating the historic nature of the organization’s work and rendering Chelsea Manning (previously known as Pfc. Bradley Manning) as a caricature, among many, many other complaints.

Mr. Gibney, who has gone after many of the same targets that WikiLeaks has taken on, found himself dealing with incoming from its allies in the press and elsewhere. Chris Hedges, a former reporter for The New York Times who now blogs at TruthDig.com, accused him of making a work of “agitprop for the security and surveillance state,” intended to marginalize WikiLeaks and Mr. Assange. Mr. Gibney said he followed the facts and told the story they revealed, nothing more.

“The degree of vitriol has been amazing,” Mr. Gibney said. “He is a remarkable figure, narcissistic in the extreme and, as they say, beautiful from afar, but far from beautiful.”

Predictably, a work of drama purporting to depict real events has already picked up a great deal of withering reaction from Mr. Assange and his supporters.

In a quotation sent by a WikiLeaks staff member — Mr. Assange is, as behooves a star of his magnitude, surrounded by layers and difficult to access — he suggested that “The Fifth Estate,” apart from being wrong about himself and WikiLeaks, is doomed commercially.

“Most people love our work and its ongoing David versus Goliath struggle,” he said. “These people form the backbone of the WikiLeaks cinema market. But rather than cater to this market, DreamWorks decided to cater to other interests. The result is a reactionary snoozefest that only the U.S. government could love. As a result the film has no audience and no promotion community. It will flop at the box office and deservedly so.”

In an e-mail, Kristinn Hrafnsson, a WikiLeaks spokesman, said, “I don’t recognize the Julian in these films, nor the fundamental essence of what we are doing.”

In a phone call, Mr. Condon made it clear he was proud of his film. A narrative feature requires license to pack vast amounts of history into a commercially viable length, and Mr. Condon said the film is true to its subject, including its depiction of his alleged hypocrisy around organizational information and WikiLeaks.

“For a public figure, he is one of the most thin-skinned subjects I have ever seen,” Mr. Condon said. “He believes and advocates for transparency, except where he is concerned. He doesn’t realize it, but he has become the consummate tragic hero who sowed the seeds of his own demise.”

The chronic, multifront war is a fact of life at the off-screen version of WikiLeaks. Even people at odds with Mr. Assange don’t deny him his place in history.

“Julian was able to pull together the biggest news organizations on earth and get them to cooperate around a single leak, holding the story for three weeks,” said James Ball, a former WikiLeaks associate who now works at The Guardian. “That is an amazing feat.”

That Mr. Assange ended up in a dispute with Mr. Ball, his media partners and just about everyone else around him adds to the myth. What is he against? Whatever comes his way.

“Most people avoid confrontation, but Julian escalates every single time,” Mr. Ball said. “He has the guts, the arrogance and the insanity to take everyone on. I think part of the reason that there is so much interest in WikiLeaks is that people respond to that.”

Many of the great public debates show up in the movie house, so it should not be surprising to see a simulacrum of Mr. Assange on the big screen. And it’s even less surprising that the nature of what is on the screen is the beginning of yet another debate. History, in this instance, refuses to sit still. The first draft is a Web document, subject to endless annotation.
http://www.nytimes.com/2013/10/06/mo...ma-moment.html





Delivering the News, All of It, in 2 Minutes
Michael Cieply

The mission: re-create the history of the news media in two minutes or less.

Delivery time: one year.

Some advice: You’ll need every minute.

Prologue, a digital design company in the Venice district here, was handed a script last year — a little more than one page in length — for the titles sequence of “The Fifth Estate,” the director Bill Condon’s film about Julian Assange and WikiLeaks.

In Mr. Condon’s view, Mr. Assange’s insistence on unfiltered delivery of documents from anonymous whistle-blowers was a giant step in the ever-evolving business of news delivery, and the director wanted his film’s opening titles to say as much.

Mr. Condon takes titles seriously — so much so that he put the opening sequence of “The Fifth Estate” in motion even before he started shooting the film in Belgium last year. The idea was to tell the entire history of news — from Paleolithic cave paintings 17,000 years ago to today — in under two minutes.

For the job he turned to Prologue, the company that worked on both parts of his “Twilight Saga: Breaking Dawn.” The company was founded by Kyle Cooper, who made his mark with those creepy, inside-the-mind-of-a-serial-killer titles for David Fincher’s “Seven.”

In August, as some of the two dozen researchers and designers who contributed to “The Fifth Estate” titles were putting final touches on the sequence — about four dozen scenes that fly by — Lisa Bolan, a creative director at Prologue, slowed things down a bit to explain some of the more intriguing passages:

OPENING SECONDS The montage begins with cave paintings from Lascaux in France. But the image marks a distant point in a communications business that Ms. Bolan and her colleagues assume had already been evolving for millenniums through verbal reports. In a bow toward oral precedents, Prologue hired an actor to portray a shaman delivering news. Together, the two scenes take no more than three seconds.

EGYPT An Egyptian scribe tells his story in hieroglyphics. A Roman hand carves the name of Caesar in stone. Another hand inks the delicate characters of the Kaiyuan Za Bao, Chinese court bulletins that were distributed on silk in the eighth century. Ms. Bolan at this point was fretting over misplaced details that might spoil the illusion of a seamless transition through time. Spotting a faintly visible matrix that had been drawn to guide the Chinese calligrapher, she orders some quick digital cleanup. “We’re always watching for anachronisms,” she sa

GUTENBERG BIBLE The Gutenberg moment involved a trip to the International Printing Museum in Carson, Calif., for shots of a model of a 15th-century press in operation. Those hands daubing the type with ink-balls on screen belong to Mark Barbour, the museum’s founding curator and executive director. Later in the sequence, yet another hand nails Martin Luther’s 95 Theses to a door, but the theses posed a problem: To create an authentic, high-resolution image, a Prodigy associate wrote a program that extracted the characters from an existing photograph, then rebuilt them.

THE QUEBEC GAZETTE Prologue dropped into the newspaper era on May 19, 1766, with a shot of the bilingual front page of the Quebec Gazette for that day. “Fifth Estate” takes place around the world, so the choice is perhaps as good as any. Other newspapers follow. Before long, newsprint is everywhere. Stacks of papers. Racks of papers. Ms. Bolan noted the visual appeal of those grim tidings. “It’s a beautiful aesthetic,” she said.

TUBE RADIO The montage pauses briefly on an old, desktop tube radio. There is more here than meets the eye, Ms. Bolan said. The lone radio, nested on a simple stand, foreshadows the WikiLeaks digital platform, which Mr. Condon has envisioned as a kind of virtual zone in which information lives on its own. His image of the platform begins with this radio and a voice in an empty room.

NEAR THE ONE-MINUTE MARK The shamans and their oral tradition are not dead. Amid the typewriters, we hear the clicking of telegraphy, then the crackle of radio. Technologies overlap, but they all converge on a photograph of Franklin D. Roosevelt, behind a forest of microphones delivering his “date in infamy” Pearl Harbor address. The photo was digitally rendered in 3-D, to capture the presence and depth of live radio, then presented in the movie’s conventional, 2-D format.

COMMODORE A sequence featuring the early desktop Commodore computer gives way to a scrapheap of televisions and radios, a purely digital rendering by the effects artists at Prologue.

CELLPHONE CAMERAS Mr. Condon “wanted to be sure we focused on the technology,” Ms. Bolan said. When the montage turns to the inauguration of President Obama, cellphone cameras capture the moment as the new first couple share a dance.

NEWSWEEK The next scene uses time-lapse photography, but just barely. Familiar papers and magazines disappear from a newsstand, down to the last print issue of Newsweek in a second or two. A finger touches it, as on an iPad, and the screen explodes in a growing mosaic of Internet news sites — all the old print titles are back, with new ones, a few hundred in all.

ONE MINUTE, 54 SECONDS LATER The montage brings the viewer to July 2010, when the film begins. Pulses of light — data, Ms. Bolan explained — circle the globe, in some new digital order that appears not to have sorted itself just yet. Prologue steps back, and Mr. Condon takes charge.
http://www.nytimes.com/2013/10/06/mo...th-estate.html





China Employs Two Million Microblog Monitors State Media Say
BBC

Sina Weibo, launched in 2010, has more than 500 million registered users with 100 million messages posted daily

More than two million people in China are employed by the government to monitor web activity, state media say, providing a rare glimpse into how the state tries to control the internet.

The Beijing News says the monitors, described as internet opinion analysts, are on state and commercial payrolls.

China's hundreds of millions of web users increasingly use microblogs to criticise the state or vent anger.

Recent research suggested Chinese censors actively target social media.

The report by the Beijing News said that these monitors were not required to delete postings.

They are "strictly to gather and analyse public opinions on microblog sites and compile reports for decision-makers", it said. It also added details about how some of these monitors work.

Tang Xiaotao has been working as a monitor for less than six months, the report says, without revealing where he works.

"He sits in front of a PC every day, and opening up an application, he types in key words which are specified by clients.

"He then monitors negative opinions related to the clients, and gathers (them) and compile reports and send them to the clients," it says.

The reports says the software used in the office is even more advanced and supported by thousands of servers. It also monitors websites outside China.

China rarely reveals any details concerning the scale and sophistication of its internet police force.

It is believed that the two million internet monitors are part of a huge army which the government relies on to control the internet.

The government is also to organise training classes for them for the first time from 14 to 18 October, the paper says.

But it is not clear whether the training will be for existing monitors or for new recruits.

The training will have eight modules, and teach participants how to analyse and judge online postings and deal with crisis situations, it says.

The most popular microblogging site Sina Weibo, launched in 2010, now has more than 500 million registered users with 100 million messages posted daily.

Topics cover a wide range - from personal hobbies, health to celebrity gossip and food safety but they talso include politically sensitive issues like official corruption.

Postings deemed to be politically incorrect are routinely deleted.
http://www.bbc.co.uk/news/world-asia-china-24396957





Europe Aims to Regulate the Cloud
Danny Hakim

The words “cloud computing” never appeared in a 119-page digital privacy regulation introduced in Europe last year.

They do now.

Even before revelations this summer by Edward J. Snowden on the extent of spying by the National Security Agency on electronic communications, the European Parliament busied itself attaching amendments to its data privacy regulation. Several would change the rules of cloud computing, the technology that enables the sharing of software and files among computers on the Internet.

And since the news broke of widespread monitoring by the United States spy agency, cloud computing has become one of the regulatory flash points in Brussels as a debate ensued over how to protect data from snooping American eyes.

Cloud technology has become a routine part of digital life, whether it is used for Web-based services to send e-mail or store photographs or to warehouse troves of business or government records. It has enabled the convenient sharing of data among mobile devices and enhanced the ability of people to collaborate and share documents. It has also cut the cost of doing business.

But transmitting data among mobile phones, tablet computers and clouds, even while encrypted, makes it more accessible to snooping.

The European Union wants to regulate the cloud even if that makes its use more complicated. One proposed amendment would require “all transfers of data” from a cloud in the European Union to a cloud maintained in the United States or elsewhere to “be accompanied with a notification to the data subject of such transfer and its legal effects.”

Another amendment takes it further, barring such transfers unless several conditions are met. Not only must consent be provided by the subject of the data, but the person must be “informed in clear, unambiguous and warning language through a separate and prominently visible reference” to “the possibility of the personal data being subject to intelligence gathering or surveillance by third-country authorities.”

Lawmakers are also proposing to revive an amendment that American diplomats largely succeeded in getting dropped from the original data privacy regulation that would impose guidelines for handling court orders from countries outside the European Union. The amendment requires the operator of data servers to inform both a local “supervisory authority” as well as the subject of the request, which could run afoul of American law.

And there are other potential conflicts between European and American laws. The European Commission is considering imposing sanctions on companies that turn over records to American law enforcement authorities if the move violates European privacy regulations.

While policy-making on cloud computing is proceeding on more than one track in Brussels, the tracks all appear to be heading in the same general direction: a more robust regulatory regime delineating how data is handled and released. Policy makers hope to have a new regulation in place before the European elections next May.

The stances from politicians across the European Union are similar.

“We need to realize that European citizens will not embrace the cloud if they are worried for their privacy or for the security of their data,” said Neelie Kroes, the European Commission vice president in charge of telecommunications and information policy, in a statement.

Viviane Reding, the European Commission’s justice minister, said in her own statement that she wanted to see “the development of European clouds” certified to strict new European standards.

She said that European governments could promote such a move “by making sure that data processed by them are only stored in clouds to which E.U. data protection laws and European jurisdiction applies.”

“For the private sector, such European clouds could become also attractive as they could advertise, ‘These are European clouds, so your personal data is safe,’ ” she said.

Some have gone further. Thierry Breton, a former French finance minister and the chief executive of a French information technology company called Atos, has proposed what he called a “Schengen for data,” referring to the law that allows citizens within the euro zone to cross borders without a passport.

But creating a virtual free trade zone for data — if such a thing is possible — raises questions about what happens outside that zone. A spokesman for Mr. Breton, who is on a panel advising the commission’s strategy on cloud computing, said that his statement was “not about protectionism” but about ensuring “customers will receive the proper level of guarantees in terms of data protection and access across Europe.”

It is not entirely clear what creating European clouds would really entail, or how one would draw digital borders. Large American providers of cloud services, like Amazon, have data centers throughout Europe. And even European companies with American subsidiaries are vulnerable to American law enforcement requests, a point of contention between the governments.

American technology companies, as well as the American government, have voiced unease publicly and privately.

In a recent speech, Cameron F. Kerry, the general counsel of the United States Commerce Department, said: “It would be a sad outcome of the surveillance disclosures if they led to an approach to Internet policy-making and governance in which countries became a series of walled gardens with governments holding the keys to locked gates.”

“But that is where we will end up if all data has to stay on servers located in the nation in which a citizen lives or where a device is,” he said. In his view, the regulation might restrict the flow of information among citizens, as is the case in China with barriers that are called the Great Firewall. “The digital world does not need another Great Firewall — in Europe or anywhere else.”

Anna-Verena Naether, policy manager for DigitalEurope, a trade group of international technology companies, including American and European giants like Apple, Microsoft and SAP, said, “We have to make sure it doesn’t lead to a Fortress Europe approach.”

Mark Taylor, a partner at the London office of Hogan Lovells, a law firm that represents a number of businesses that use cloud services, as well as companies that provide it, said, “There’s a risk of going too far and effectively putting a significant element of this in reverse, and in the current economic situation my feeling is you have to be jolly careful about anything that’s going to have a broader economic impact.”

In addition to the debate over the digital privacy legislation, the European Commission created the European Cloud Partnership last year as part of a broader strategy to promote cloud computing. A mix of public officials and industry executives serve on its steering board.

One of them, Reinhard Posch, an Austrian government official, said Europe should move toward “fostering a functioning single market for cloud computing.”

But that does not necessarily mean putting walls around where data can be stored, he said. “We have to get a little deeper than just to talk about where the bits are stored,” he said. “The bits may be stored anywhere; it’s more the question of how are they secured.”

Sophia in ‘t Veld, a Dutch member of the European Parliament who sponsored one of the cloud computing amendments, said, “This extreme market dominance of a few American players is very unhealthy, but I am against putting a fence around Europe and excluding anybody. But it has to be very clear what the rules are that we play by and there has to be more competition from Europe.”
http://www.nytimes.com/2013/10/07/bu...the-cloud.html





EU Court Holds News Website Liable for Readers' Comments

The European Court of Human Rights approves fine for news site
Jennifer Baker

Seven top European Union judges ruled Thursday that a leading Internet news website is legally responsible for offensive views posted by readers in the site's comments section.

The European Court of Human Rights found that Estonian courts were within their rights to fine Delfi, one of the country's largest news websites, for comments made anonymously about a news article, according to a judgment.

In January 2006, Delfi published an article about a ferry company's decision to change its routes and thus delay the opening of alternative and cheaper ice roads to certain islands.

Many readers then wrote highly offensive or threatening posts about the ferry operator and its owner. The owner successfully sued Delfi in April 2006 and was awarded €320 (US$433).

Delfi argued that it was not responsible for the comments and that the fine violated E.U. freedom of expression laws. However the judges agreed that Article 10 of E.U. law allowed freedom of expression to be interfered with by national courts in order to protect a person's reputation, as long as the interference was proportionate to the circumstances.

The E.U. court decided that it was proportionate because, given the nature of the article, Delfi should have expected offensive posts and exercised an extra degree of caution.

In addition, the website did not appear to take any proactive steps to remove the defamatory and offensive comments, relying instead on automated word-filtering of certain vulgar terms or notification by users.

The article's webpage did state that the authors of comments would be liable for their content, and that threatening or insulting comments were not allowed. However, since readers were allowed to make comments without registering their names, the identity of the authors would have been extremely difficult to establish. Making Delfi legally responsible for the comments was therefore practical, said the court. It was also reasonable, because the news portal received commercial benefit from comments being made.

This ruling can only be appealed within the next three months.
http://www.computerworld.com.au/arti...ders_comments/





The US is Losing Control of the Internet
Duncan Geere

All of the major internet organisations have pledged, at a summit in Uruguay, to free themselves of the influence of the US government.

The directors of ICANN, the Internet Engineering Task Force, the Internet Architecture Board, the World Wide Web Consortium, the Internet Society and all five of the regional Internet address registries have vowed to break their associations with the US government.

In a statement, the group called for "accelerating the globalization of ICANN and IANA functions, towards an environment in which all stakeholders, including all governments, participate on an equal footing".

That's a distinct change from the current situation, where the US department of commerce has oversight of ICANN.

In another part of the statement, the group "expressed strong concern over the undermining of the trust and confidence of Internet users globally due to recent revelations of pervasive monitoring and surveillance".

Meanwhile, it was announced that the next Internet Governance Summit would be held in Brazil, whose president has been extremely critical of the US over web surveillance.

In a statement announcing the location of the summit, Brazilian president Dilma Rousseff said: "The United States and its allies must urgently end their spying activities once and for all."
http://www.wired.co.uk/news/archive/...ternet-control





NSA Surveillance Panel Shut Down
Josh Gerstein and Mike Allen

A panel President Barack Obama set up in August to assess the government’s use of surveillance technologies hit some turbulence related to the government shutdown last week and found itself effectively frozen on Friday after its staff was furloughed, according to a person briefed on the panel’s operations.

The five-member Review Group on Intelligence and Communications Technologies was set to meet last Tuesday with the top leaders of Congress’s intelligence committees, the source said. However, Review Group member Michael Morell—who stepped down in August as director of the Central Intelligence Agency—declined to take part, arguing that the panel shouldn’t be pressing on while much of the intelligence community’s workforce was staying home.

“I simply thought that it was inappropriate for our group to continue working while the vast majority of the men and women of the intelligence community are being forced to remain off the job,” Morell said Saturday in response to a query from POLITICO. “While the work we’re doing is important, it is no more important than - and quite frankly a lot less important - than a lot of the work being left undone by the government shutdown, both in the intelligence community and outside the intelligence community.”

“How could this be more important than kids starting cancer trials at NIH?” Morell asked.

Senate Intelligence Committee Chairwoman Dianne Feinstein (D-Calif.) took to the Senate floor on Tuesday to decry the fact that 72 percent of civilians who work at intelligence agencies had been furloughed as a result of the government shutdown. The furloughs were the subject of extensive discussion at a Senate Judiciary Committee hearing the following day, where several Republican members floated proposals to provide stopgap funding for intelligence agencies even as other agencies remained shuttered. Democrats generally argued that funding for the entire government should be restored immediately.

The Review Group’s meeting with Congressional leaders on Tuesday went forward without Morell. Feinstein and the ranking Republican on the Senate Intelligence Committee, Sen. Saxby Chambliss of Georgia, attended the session, according to a Senate aide. House Intelligence Committee Chair Mike Rogers (R-Mich.) also took part, a House aide confirmed.

Morell said part of his decision to bow out last week was driven by the desire not to distract members of Congress and their staff from what he believes should be their No. 1 priority. “I just firmly felt Congress should be focused on one thing and one thing only, which is ending the shutdown,” he said.

The Office of Director of National Intelligence James Clapper, which is facilitating the review group’s work, initially determined that the board and its staff could keep going through the shutdown, the person briefed on the situation said. However, on Friday, the DNI’s office reversed course and said the panel’s staff had to be furloughed, the source said.

Panel members—who are unpaid—can in theory continue to discuss the issues they’re exploring, but the funds to pay for travel to Washington are now frozen.

The review group was operating under a deadline to provide an initial report to Obama within 60 days of beginning its work and to present a final report by Dec. 15. It’s unclear whether those deadlines will need to be adjusted because of the funding hiatus.

A White House spokeswoman referred questions to Clapper’s office, which did not respond to messages seeking comment.

Another outside panel exploring similar issues, the Privacy and Civil Liberties Oversight Board, also saw its work interrupted last week because of the shutdown.

The PCLOB initially said it planned to use “carry-over funding” to press forward with a major public hearing Friday on proposals for changes to some of the surveillance programs revealed by National Security Agency leaker Edward Snowden. However, on Wednesday, the board said it was postponing the session because “a significant number of witnesses” were unable to appear “due to the federal government lapse in appropriations.” The PCLOB did say it planned to “remain in operation” using funding that could be carried over into the new fiscal year.

Clapper said Wednesday that about 70 percent of the intelligence community’s civilian workforce was under furlough, but he said the number would probably decrease over time. The Pentagon announced Saturday that it would begin recalling some civilian employees as soon as Monday under a law designed to limit the impact of the shutdown on the military, the Pay Our Military Act.

The legislation is not expected to reduce furloughs outside the Defense Department, but a spokesman said Sunday that the NSA—which is considered part of DoD—should be able to end some of its furloughs soon as a result of the measure.

“Intelligence is an approved function to recall DoD civilians under the Pay Our Military Act, and we would expect the NSA would be able to recall many of theirs,” said Navy Commander Bill Urban. “The NSA will analyze the guidance and make specific determinations in the coming days.”
http://www.politico.com/story/2013/1...#ixzz2h2esrN9F





The Single Best Overview of What the Surveillance State Does With Our Private Data

Even though the people being spied on are often totally innocent, the government stores their information for a very long time.
Conor Friedersdorf

The U.S. surveillance debate is constantly distorted by the fact that national-security officials hide, obscure, and distort so much of what they do. Occasionally a journalist is able to expand the store of publicly available information, most recently thanks to Edward Snowden's indispensable NSA leaks. But even public information about government surveillance and data retention is difficult to convey to a mass audience. It involves multiple federal agencies with overlapping roles. The relevant laws and rules are complicated, jargon is ubiquitous, and surveillance advocates often don't play fair: They use words in ways that bear little relation to their generally accepted meaning, make technically accurate statements that are highly misleading, and even outright lie, as Director of National Intelligence James Clapper did before Congress.

Their distortions continue in part because no matter how many times President Obama, NSA Director Keith Alexander, Clapper and others egregiously mislead the public in their statements about surveillance, news organizations treat them as honest men and report on subsequent statements as if they're presumptively true. For all these reasons, journalists who take the time to understand the truth and the way government officials are distorting it find that their work has just begun. They need to find comprehensible ways to explain complicated distortions, even as more hard to understand information becomes public each week. Absent this asymmetry, surveillance-state critics would be in a much stronger position.

Enter a new report published by Brennan Center for Justice at New York University Law School. "What the Government Does With Americans' Data" is the best single attempt I've seen to explain all of the ways that surveillance professionals are collecting, storing, and disseminating private data on U.S. citizens. The report's text and helpful flow-chart illustrations run to roughly 50 pages. Unless you're already one of America's foremost experts on these subjects, it is virtually impossible to read this synthesis without coming away better informed.

The text gives detailed answers to questions like, "What does the NSA do with all the emails and phone calls of American citizens that it collects?" Then the information is summed up in graphics like this one:

The rules in place are often just as worrisome as the cases of national-security officials breaking them. "Policymakers remain under significant pressure to prevent the next 9/11, and the primary lesson many have taken from that tragedy is that too much information was kept siloed," the report notes. "Often lost in that lesson is that the dots the government failed to connect before 9/11 were generally not items of innocuous information, but connections to known al Qaeda or other foreign terrorist suspects." Nevertheless, the federal government is now awash in innocuous private details about the lives millions of innocents.

Often they can be legally retained for years or even decades—and shared with different federal bureaucracies in ways that make them virtually impossible to ever erase.

And it isn't just the NSA. The FBI, the National Counterterrorism Information Center, and other agencies besides come in for criticism due to their alarming behavior. As Peter Moskowitz aptly put it, the report "synthesizes much of what Americans have been learning about piecemeal for the last few months," and anyone looking to understand the facts more clearly ought to go give it a look. If there is ever a time when a majority of Americans understand its contents, this country will no longer accept the surveillance policies shaped by the Patriot Act, extralegal information hoovering, and what is effectively a massive coverup. As facts are better explained, the whole effort will only seem more imprudent.
http://www.theatlantic.com/politics/...e-data/280411/





John McAfee Lives to Fight Another Day
Matt Buchanan

It’s been nearly a year since most people have thought about John McAfee, the permanently bleary-eyed antivirus pioneer who may now be more famous for his exploits in the jungles of Central America than for the software that bears his name. That’s what happens when your life becomes an odyssey of drugs, guns, young women, corruption, the promise of a miracle antibiotic, a secret laboratory, a government raid, a murder, a manhunt, and a healthy dose of paranoia. After being deported from Guatemala, where he sought asylum after fleeing authorities in Belize, he arrived back in the United States last December.

For the next several months, McAfee kept what would pass for a low profile in his world, relocating to Portland, Oregon, before slowly beginning to reëmerge, starting with a USA Today interview this past May, in which he stated that he is “just tired of technology.” In June, he released an intensely self-deprecating four-and-a-half-minute video, “How to Uninstall McAfee Antivirus,” which took the image of McAfee as a drug-addled, gun-toting, oversexed “eccentric millionaire” to its absolute extreme; it was a promotional video for his Web site, whoismcafee.com, which has been relaunched as a one-stop shop for all things McAfee, from press mentions to a cheeky F.A.Q. (Sample question and answer: “Do you do Bath Salts?” “Do my words, my constructs or my trains of thought in any way indicate a drug addled mind?”)

On Sunday, at the C2SV conference in San Jose, McAfee announced his latest company, Future Tense, along with its first product, called D-Central, a screenless, pocket-sized encrypted networking box that will cost less than a hundred dollars. In his profile of McAfee for Wired, Joshua Davis notes that “his success was due in part to his ability to spread his own paranoia, the fear that there was always somebody about to attack.” McAfee, of course, always had a solution. In the eighties, it was computer viruses; a few years ago, it was antibiotics; today, it’s the N.S.A. and government surveillance. Future Tense’s Web site—which feels like a promo for a New Age medical treatment, with a bizarre soundtrack and pulsing purple clouds—warns that “information privacy and freedom are at risk” before promising “a new and revolutionary technology” from “the mind of John McAfee.”

That technology, D-Central, is something that McAfee has been “working on for five years, very slowly,” he said, in a phone interview the other day. But “what accelerated this was Snowden.” He explained, calmly, in the voice of practiced salesman, “I’ve known for years that we’re all being watched, but now everybody knows.” D-Central, McAfee says, will occlude government surveillance by creating a series of local, decentralized, and encrypted wireless networks on which users can safely and anonymously trade files and messages.

The details are intentionally hazy, but the over-all project, as McAfee explains it, is somewhat complex because of its decentralized nature. Each box is sort of like a wireless router, except that it doesn’t connect to the Internet directly. It broadcasts a local wireless network that laptops, smartphones, and tablets can connect to through an app; the network, which McAfee claims has a quarter-mile range in rural areas, or three blocks in a city, relies on a “different transmission technology” than Wi-Fi, and doesn’t use the traditional Internet Protocol to communicate. Each box has a public mode and private mode. Anybody in the area can join a public network and communicate with any other users—in fact, much of the point is that the dynamics of each network change constantly as people move in and out, making them hard to track, particularly since the public mode uses “no I.D.s whatsoever,” McAfee says. Anonymity is provided in part by being one of many in a faceless crowd. Once somebody is connected, he can use the D-Central app to broadcast files or messages to everybody else in the public network. “Each of these local networks can connect through relays to other local networks,” McAfee explains. If enough of them were chained together, they could potentially blanket an entire city with a large, interconnected public network.

(It’s worth noting that McAfee is not the first to conceive of a project oriented around local, de-centralized networks. One, an open-source project called Occupy.here, had its roots in Occupy Wall Street. This past spring, its creator, Dan Phiffer—who is now a developer at The New Yorker—“began stashing Wi-Fi routers wherever I could find an electrical plug near a freely accessible space,” resulting in a series of isolated points where people in close proximity can connect wirelessly. And in Red Hook, Brooklyn, J. R. Baldwin created a mesh network to provide connectivity to the neighborhood in the aftermath of Hurricane Sandy, to name a couple of examples in New York City.)

While no D-Central box connects directly to the Internet, within each city “we will have hubs that connect through the Internet,” McAfee says. The relay system—from network to network to the hub—would allow, for instance, the transmission of a file or a message from a network in one city to one in another, through the Internet. To do that, though, a user would have to toggle over to a private mode, in which each person would have a unique identifier generated by the software on his or her device, allowing a file from someone in Los Angeles, for example, to find its way to a specific person in Denver. While the file, which will be encrypted, could be tracked as it moves across the public Internet from one city hub to the other, McAfee says it would be impossible to track who ultimately gets the file—only that it moved from L.A. to Denver. Because Future Tense doesn’t keep any records, McAfee says “we don’t know where in Denver.” He adds, “We don’t want to know.” Users could then move files from the private mode into the public sphere, if they chose.

“The app will have a whole lot of different functions,” McAfee said. He then described a series of potential real-life scenarios involving the app. In one, as you walk by a restaurant that has a D-Central device broadcasting, the app on your phone can then tell you, for instance, they “don’t have gravy on their French fries,” so you know to keep walking past. In another, people in traffic receive alerts on their device, via a relay system, that an accident lies just up ahead. In sum, as McAfee has described it, D-Central is a separate, parallel quasi-Internet where anybody can share anything or communicate, peer-to-peer—with little fear of being surveilled. “I think college kids will line up and fall all over themselves to get it,” as will security businesses, he says.

But there are serious, unanswered questions about D-Central’s security. For one, McAfee won’t discuss its “private” encryption scheme in detail, because, he claims, “it’s very hard to keep an uncrackable encryption if you share it with the government.” What McAfee volunteered was that it uses “a very radical technique” that he “came up with during my first programming job at General Electric in the late nineteen-sixties” and that it is “extraordinarily fast.” For emphasis, he added, “I’m not a neophyte in this area.” However, security experts generally recommend open-source software and encryption schemes, precisely because security flaws cannot be hidden, ultimately making them more secure.

Another question is what kind of data the government will be able to glean about the service’s users and what they share. Though at one point during the interview McAfee stated that no records are kept, he also said that “barring a court order no one is going to find anything out about you,” implying that there is some user data vulnerable to government seizure. And while it’s fair for McAfee to say that “I’m not trying to circumvent the law here,” in that he is willing to comply with court orders or government requests, it’s worth noting that the Obama Administration has repeatedly emphasized the legality of the N.S.A. surveillance programs D-Central is ostensibly designed to circumvent.

We’ll know more in six months, when McAfee promises “to demonstrate physically to the world the viability of this system.” A team of seven is building the device, including Jim Zoromski, a longtime McAfee lieutenant who held a similar position in QuorumEx, the company McAfee started to produce a miracle antibiotic in the jungles of Belize. Despite the capital-intensive challenges of both developing the device and mass-producing enough of them to keep manufacturing costs low—and claims that he was broke in December—McAfee says that D-Central is “definitely self-funded” and that he “will not under any circumstances consider traditional venture funding.” He is, however, open to crowd-funding, which he thinks “might be fun.”
http://www.newyorker.com/online/blog...ternative.html





What Do We Get for That DRM?

The W3C sells out users without seeming to get anything in return
Simon St. Laurent

I had a hard time finding anything to like in Tim Berners-Lee’s meager excuse for the W3C’s new focus on digital rights management (DRM). However, the piece that keeps me shaking my head and wondering is a question he asks but doesn’t answer:

If we, the programmers who design and build Web systems, are going to consider something which could be very onerous in many ways, what can we ask in return?

Yes. What should we ask in return? And what should we expect to get? The W3C appears to have surrendered (or given?) its imprimatur to this work without asking for, well, anything in return. “Considerations to be discussed later” is rarely a powerful diplomatic pose.

Berners-Lee, best known as the creator of the World Wide Web, seems well aware of the tarnish he’s applying to his creation. He acknowledges that:

“none of us as users like certain forms of content protection such as DRM at all. Or the constraints it places on users and developers. Or the over-severe legislation it triggers in countries like the USA.”

After acknowledging that, however, he goes on to define an open web as a marketplace, something that is “universal in that it can contain anything”, rather than being universal in that its content can be read by anyone. It seems painfully clear in his discussion of user priorities that the users who matter most in this universal marketplace are the ones who “like to watch big-budget movies at home”. The rest of us – including those who worry about “the danger that programmers will be jailed” are extremely welcome to “weigh into the discussion thoughtfully and with consideration”.

The saddest part of that discussion, however, is the question. What are we users – and what is the W3C – getting from building the risk of programmers being jailed into the core infrastructure of the Web? I have no doubt that browser vendors eager to cut deals will incorporate DRM into their offerings. Does that make it a good idea for the W3C to offer its name, its facilities, its intellectual property agreements, and its umbrella from antitrust prosecution to such a project? Why not leave the companies to pursue their own directions, and take on the risk of legal action themselves?

I’m left, however, with Berners-Lee’s failure to answer his own question, and his strange expectation that users can “ask” for something in return and hope to see it. I have too many memories of decade-old conversations with Microsoft employees after they had, for a time, won the Browser Wars. It was clear that the users I cared about, whether developers or individuals who just couldn’t make things work, were not the users they cared about. Our roles was just to create an ecosystem in which Microsoft could make a lot of money. (Microsoft is far from alone in that view – I only single them out for that past history.)

Berners-Lee suggests a mild possible response, the Restricted Media Community Group. It’s a place to gather input, but it’s a Community Group, and the W3C has no obligation to listen to it unless perhaps they need to save face. Robin Berjon pointed to the Web Copyright Community Group yesterday, but it too basically opens by acknowledging the W3C’s surrender and ends with a vague hope that pressure elsewhere might be useful.

Most of my technical work still revolves around the W3C, so I’m at kind of a crossroads. This is far from the first time I’ve doubted the intrinsic goodness of the W3C. It’s been a very long time since I’ve taken the W3C imprimatur as a sign that something was bound to be great. While HTML5 and CSS3 certainly reinvigorated public interest in the W3C, this is yet more reason to pick and choose the useful bits carefully.

On the bright side, I’m privileged to work at a place that understands the fruitlessness and damage inflicted by DRM schemes. I keep hoping that more people will take that example as a sign that businesses can thrive without treating customers as thieves.
http://programming.oreilly.com/2013/...-that-drm.html





Another Court Has Upheld Aereo’s Service to Stream Broadcast TV. Here’s Why That Matters.
Timothy B. Lee

A startup that lets users record and play back broadcast television over the Internet scored another legal victory on Tuesday as a Massachusetts court ruled that a broadcaster was unlikely to prove that the service violated its copyright. The ruling is the latest sign of the far-reaching implications of a 2008 court decision that has become the legal cornerstone of the modern cloud-based media services.

In recent years, users have trusted more and more of their data to online services. Rather than storing data on a device in the user's home, "cloud-based" applications like Gmail and Dropbox store users' information on a remote server and provide access to it over the Internet. This approach allows data to be backed up automatically and accessed from any device.

When technology companies have built cloud-based online services focused on music or video content, copyright holders have objected. They argue that the law requires online service providers to get a license from each copyright holder whose content they host.

One of the first such services was a "music locker" service called My.MP3.com that launched in 2000. It allowed users who owned a physical CD to stream a copy of that same CD from MP3.com's servers. The service was forced out of business by a recording industry lawsuit, and few dared to follow in the firm's footsteps.

That changed in 2008. The cable company Cablevision developed a new type of digital video recorder that stored recorded TV shows in a Cablevision server room instead of on a set-top box. TV content producers sued, arguing that the service violated their copyrights. Copyright law might allow individuals to record programs for personal use, the companies argued, but Cablevision can't help them do it unless they have permission from broadcasters.

When the case reached the U.S. Court of Appeals for the Second Circuit, the broadcasters lost. The recordings might be stored in Cablevision's data centers, the court ruled, but for purposes of copyright law, the copies had been made by customers, not by Cablevision. Since Cablevision wasn't making any copies, it didn't need to get broadcasters' permission.

That ruling has proved to have far-reaching implications. Within three years Google and Amazon had announced cloud music services that provided functionality like MP3.com had offered a decade earlier. The firms were tight-lipped about their legal justification. But legal experts at the time believed that the Cablevision ruling would feature prominently in their legal defense of their products should they be sued. So far, they haven't been.

The Cablevision precedent was also extended earlier this year after the Fox network sued the satellite TV company Dish over its Hopper DVR. The Hopper offerS a number of features, including automatic commercial-skipping, that antagonized broadcasters. But the Ninth Circuit Court of Appeals followed the Second Circuit's lead, ruling that as far as copyright law was concerned, it was consumers, not Dish, who were recording TV shows.

Aereo may be the most audacious attempt to capitalize on the Cablevision decision. The subscription-based service lets users stream broadcast television programming over the Web, and Aereo doesn't pay broadcasters a dime for the privilege. A key factor in Cablevision's victory was that the company made a separate copy of content for each customer. To ensure it stayed within the bounds of the Cablevision precedent, Aereo built a vast array of tiny antennas so that each user could receive video from a distinct physical antenna.

When Aereo launched in New York, broadcasters sued for copyright infringement. The case was heard in the Second Circuit, the same appeals court that had decided the Cablevision case a few years earlier. The court sided with Aereo, holding that the Aereo service was essentially just a TV tuner with a really, really long cable. The court found that the user, not Aereo, was responsible for copies that were created.

Broadcasters sued again when Aereo expanded to Boston. Boston is in the First Circuit, so the courts there are not obligated to follow the Second Circuit's precedents. But this week, Massachusetts federal judge Nathaniel Gorton sided with Aereo, citing the Second Circuit's Cablevision ruling.

"Holding a media company liable just because it provides technology that enables users to make copies of programming would be the rough equivalent of holding the owner of a copy machine liable because people use the machine to illegally reproduce copyrighted materials," Gorton writes.

But Aereo's victory is not yet assured. Last year a California trial court ruled that FilmOn, an Aereo competitor that uses a similar "tiny antennas" scheme, wasn't protected by the Cablevision precedent. The same firm lost in a Washington D.C. trial court last month. If appeals courts uphold those rulings, it could create a conflict among appellate jurisdictions, a situation that often triggers review by the Supreme Court.

That could have implications well beyond the viability of Aereo's ludicrous "tiny antennas" business model. A growing number of technology companies are building cloud-based businesses based on the Cablevision holding. If the Supreme Court reviews the lower courts' work in this area, it will need to tread carefully to avoid creating uncertainty for other firms that have sprung up to build cloud media services based on the Cablevision ruling.
http://www.washingtonpost.com/blogs/...-that-matters/





Think Piracy is Killing the Music Industry? This Chart Suggests Otherwise.
Timothy B. Lee

For more than a decade, the recording industry has been complaining that online copyright infringement is devastating the music industry. And it's true that the revenues of conventional record labels has plunged in recent years.

But if you look at the bigger picture, things don't look so grim:

http://www.washingtonpost.com/blogs/...3/10/music.png

That's a chart from a recent study by researchers at the London School of Economics. The orange line is the one that everyone talks about: sales of recorded music are falling off a cliff. But fortunately, that's not the only way musicians can make money. Concert revenues — the green line — have soared in the last 15 years. Other sources of revenue have also grown robustly.

To be sure, the industry hasn't enjoyed the strong growth it saw in previous decades. Revenues are down slightly since the peak about a decade ago. But there are still plenty of opportunities to earn a living making music fans love.
http://www.washingtonpost.com/blogs/...sts-otherwise/
















Until next week,

- js.



















Current Week In Review





Recent WiRs -

October 5h, September 28th, September 21st, September 14

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 12:19 PM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)