P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 21-05-14, 07:40 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - May 24th, '14

Since 2002


































"There has come a point at which enough is enough. The companies are tired of being raided." – David Hickton






































May 24th, 2014




Pirated Movies Shown to Copyright Violators in Lorain County Prison
Patrick Cooley

The Lorain County Correctional Institution acknowledged Friday that pirated movies are being shown to prisoners there, even as inmates serve time for illegally downloading movies.

Richard Humphrey, 26, of North Ridgeville was sent to the Lorain County prison in February for a parole violation and remained there until May 6. According to a posts on the sites torrentfreak.com and scrolldog.com, while he was a prisoner guards showed inmates "Ride Along" and "The Wolf of Wall Street" before they were released on DVD.

He was on parole for a charge of unlawful sexual conduct with a minor, to which he pleaded guilty in 2010. A year earlier, he pleaded guilty to criminal copyright infringement in federal court for selling downloaded movies before their commercial release.
He said the girl contacted him via Myspace, and her page said she was 21 years old. He said she often drove to his house and bought beer, and he had no reason to believe she was underage until the police came to his house to question him.

A spokesperson for Lorain County Correctional Institution Warden Kimberly Clipper said prison officials are aware that pirated movies are being shown to prisoners and the issue is being investigated. But she said she couldn't comment further because the investigation is ongoing.

The Ohio Department of Rehabilitation and Correction said Friday that it is looking into pirated movies being screened at the Grafton prison, but a spokesperson said she couldn't comment on an ongoing investigation.

The spokesperson said movies must be reviewed and approved before being shown to prisoners, and the department is looking into whether prison staff brought unapproved movies into the facility.

In April, 2010, Humphrey was sentenced to 29 months in prison for selling pirated copies of movies through the subscription-based USAWAREZ.com.

According to a press release on the U.S. Department of Justice Website, Humphrey operated the site from December 2006 to October 2007.

"It was just a hobby," he told the Chronicle-Telegram of Elyria. "I didn't understand the severity."

The practice is so common, he said Monday, that some people probably watch pirated movies and don't even realize what they're doing is illegal.

Humphrey said he saw "Ride Along" and "The Wolf of Wall Street" three or four times while he was in an intake pod that every prisoner must go through at the beginning of their sentence.

"There were others, but those are the ones that stood out," he said.

In some cases, Humphrey said the movies appeared to have been illegally recorded by theater-goers.

"You could see people walking in front of the camera," he said.

He said the problem doesn't seem to be systemic, but some prison staff are aware they are showing pirated movies.

Humphrey said he brought the problem to the attention of prison officials. He posted a phone conversation with Clipper online in which the warden assured him the matter is being looked into.

Even with the assurance, Humphrey is doubtful prison officials will take the issue seriously.

In a video he posted on the video sharing site Vimeo earlier this month he accused prison officials of hypocrisy.

"How do you expect someone to be rehabilitated when there's authority figures that are running those institutions that are copyright infringing?" Humphrey said.
http://www.cleveland.com/metro/index...to_prison.html





What File Sharing Communities Can Teach Us
Juan Arellano, translated by Marianna Breytman

On Ártica Online, Jorge Gemetto blogs [es] about file sharing communities and what we can learn from them:

A common feature of many of these communities is that they are organized around cultural needs [es]. Preservation, access, dissemination, and distribution at reasonable prices are tasks that the market does not always carry out successfully. Moreover, civil society organizations and governments are limited in their ability to respond to these necessities by intellectual property restrictions.

He then quotes Bodó Balázs, a Hungarian researcher who investigated gated file sharing communities.

In his academic paper, “Set the Fox to Watch the Geese: Voluntary IP Regimes in Piratical File-Sharing Communities”, Balázs makes the distinction between open and closed networks of exchange. Among the former is The Pirate Bay. among the latter there is an unknown number of communities in the shadows that, nevertheless, collectively account for higher activity than open networks. The closed nature of these communities is in many cases a response to the legal persecution from which they suffer.

More on this in the post [es] on Ártica.
http://globalvoicesonline.org/2014/0...-can-teach-us/





Free App Lets the Next Snowden Send Big Files Securely and Anonymously
Andy Greenberg

When Glenn Greenwald discovered last year that some of the NSA documents he’d received from Edward Snowden had been corrupted, he needed to retrieve copies from fellow journalist Laura Poitras in Berlin. They decided the safest way to transfer the sizable cache was to use a USB drive carried by hand to Greenwald’s home in Brazil. As a result, Greenwald’s partner David Miranda was detained at Heathrow, searched, and questioned for nine hours.

That’s exactly the sort of ordeal Micah Lee, the staff technologist and resident crypto expert at Greenwald’s investigative news site The Intercept, hopes to render obsolete. On Tuesday he released Onionshare—simple, free software designed to let anyone send files securely and anonymously. After reading about Greenwald’s file transfer problem in Greenwald’s new book, Lee created the program as a way of sharing big data dumps via a direct channel encrypted and protected by the anonymity software Tor, making it far more difficult for eavesdroppers to determine who is sending what to whom.

“If you use a filesharing service like Dropbox or Mega or whatever, you basically have to trust them. The file could end up in the hands of law enforcement,” Lee says. “This lets you bypass all third parties, so that the file goes from one person to another over the Tor network completely anonymously.

“It’s basically 100 percent darknet.”

When Onionshare users want to send files, the program creates a password-protected, temporary website hosted on the Tor network—what’s known as a Tor Hidden Service—that runs on their computer. They provide the recipient with the URL and password for that site, preferably via a message encrypted with a tool like PGP or Off-The-Record encrypted instant messaging. The recipient visits that URL in a Tor Browser and downloads the file from that temporary, untraceable website, without needing to have a copy of Onionshare.

“As soon as the person has downloaded the file, you can just cancel the web server and the file is no longer accessible to anyone,” Lee says.

Lee hopes to have others examine Onionshare’s code to suss out flaws. For now it only runs as a bare-bones command-line tool on the Tor-based operating system Tails, which can be launched on Windows or Mac machines. He plans to add a version that runs directly on Windows and Mac computers soon.

Onionshare can be particularly useful when someone sending a file wants to remain anonymous even to the recipient, Lee says. If whistleblowers can securely send an Onionshare URL and password to a journalist, they potentially could use it to leak secrets anonymously without being exposed. That flips the model of how Tor enables leaks: Sites like WikiLeaks and news organizations using the anonymous leak software SecureDrop host their own Tor Hidden Services. Onionshare could put more power in whistleblowers’ hands, helping them send secrets to journalists who don’t have that sort of anonymous submission system in place.

But Lee also sees Onionshare being used for more common file-sharing situations where everyone involved knows each other but require utmost secrecy. It’s a safe bet that Greenwald and Miranda will be fans.

“The internet is amazing in that it doesn’t have borders,” Lee says. “If you need to send files that are very sensitive, better to use the internet to send them rather than to travel and get searched at the border.”

“Actually, everything on the internet is searched,” he corrects himself a moment later. “That’s why we need encryption.”
http://www.wired.com/2014/05/onionshare/





OnionShare
Micah F Lee

OnionShare lets you securely and anonymously share a file of any size with someone. It works by starting a web server, making it accessible as a Tor hidden service, and generating an unguessable URL access and download the file. It doesn't require setting up a server on the internet somewhere or using a third party filesharing service. You host the file on your own computer and use a Tor hidden service to make it temporarily accessible over the internet. The other user just needs to use Tor Browser to download the file from you.

Quick Start

At the moment OnionShare is a command line program. It works in normal desktop GNU/Linux distributions, Tails, and Mac OS X (Windows coming soon). To get started, either git clone the onionshare repository or download this zip file and extract it. Open a terminal and navigate to the onionshare directory.

OnionShare relies on Tor. You need to either have a system Tor installed (sudo apt-get install tor), or you can open Tor Browser so that OnionShare can use the Tor server provided there. Start Tor, and then run onionshare.py, passing in the file that you want to share, like this:

[user@dev onionshare]$ ./onionshare.py ~/Desktop/secrets.pdf
Connecting to Tor ControlPort to set up hidden service on port 26828

Give this URL to the person you're sending the file to:
http://v645bzpxmdtclpv3.onion/73b445...df40d0b1d00a69

Press Ctrl-C to stop server

* Running on http://127.0.0.1:26828/
127.0.0.1 - - [21/May/2014 21:52:42] "GET /73b44511983c08bf29df40d0b1d00a69 HTTP/1.1" 200 -
127.0.0.1 - - [21/May/2014 21:52:43] "GET /favicon.ico HTTP/1.1" 404 -
127.0.0.1 - - [21/May/2014 21:52:44] "GET /favicon.ico HTTP/1.1" 404 -
127.0.0.1 - - [21/May/2014 21:52:46] "GET /73b44511983c08bf29df40d0b1d00a69/download HTTP/1.1" 200 -

Securely send the URL to the person you are sending the file to (like by using Jabber and OTR). When they load the website in Tor Browser, they will be connecting directly to your computer to download the file. Once you confirm that they have downloaded the file you're sending (ask them if they have the file), press Ctrl-C to shut down the server.

Using OnionShare in Tails

You need to run OnionShare as root in Tails, so make sure you set an administrator password when you boot Tails. Follow the same instructions as above, except run onionshare-tails instead of onionshare.py, and run it with sudo like this:

amnesia@amnesia:~/Persistent/code/onionshare$ sudo ./onionshare-tails ~/Persistent/file_to_send.pgp
[sudo] password for amnesia:
Connecting to Tor ControlPort to set up hidden service on port 16089
Punching a hole in the firewall

In case you're wondering: OnionShare needs root in Tails in order to talk to the Tor ControlPort to create a new hidden service, and also so it can punch a hole in the rigid Tails firewall so that Tor can communicate with the local web server.
https://github.com/micahflee/onionshare





Kaleidescape Settles with DVD CCA

Kaleidescape, the high-profile maker of DVD servers, apparently has ended its legal battle with the DVD CCA, which sued the manufacturer in 2004 for making DVD servers that allegedly encourage customers to rip copyrighted movies illegally.
Julie Jacobson

Yesterday, the Superior Court of California, Santa Clara, noted a “voluntary dismissal” of the case. Kaleidescape CEO Cheena Srinivasan tells CE Pro that both parties have agreed not to comment at this time.

Court notices indicate that Kaleidescape requested a dismissal of the case on May 12 and that the next day a joint notice of settlement was filed. The court took three days to review the parties’ stipulations and determined on May 19th, “Case complete.”

The case ends a long and complicated test of the rights of both content creators and the studios who market that content … as well as the consumers who “own” copies of the content and the manufacturers who unlock it.

The studios are represented by the DVD CCA (Copy Control Association), which creates and governs the Content Scramble System (CSS) that protects DVDs. That group argues that the license that governs CSS – required of all manufacturers who make DVD players – expressly prohibits the manufacturers from allowing users to copy DVDs, even if they own those DVDs.

Kaleidescape has always maintained that the DVD CCA contracts express no such prohibitions. In any case, Kaleidescape servers make bit-for-bit copies so that the digital rights management (DRM) provisions of CSS are preserved.

Many analysts erroneously attribute Kaleidescape’s legal woes to the Digital Millennium Copyright Act (DMCA), which prohibits the manufacture and distribution of products that encourage copyright infringement.

But no lawsuit under the DMCA has been brought against Kaleidescape, which has a relatively small customer base of wealthy clients including the Hollywood elite.

Also erroneously, many assume that Kaleidescape and similar DVD-copying systems are legal under the “Fair Use” doctrine, but that is not the case in the U.S.

Even so, the UK famously made it legal in March to rip protected DVDs there for personal back-up.

The legal imbroglio with the DVD CCA has forced Kaleidescape to impose burdens on its customers and its engineers … while offshore companies like AnyDVD and the U.S. manufacturers that employ their legally untouchable software proceed with impunity.

We cannot say for sure if the Kaleidescape settlement with the DVD CCA has broader implications for DRM but we assume (hopefully) that the closure allows Kaleidescape to go forward with its business.
http://www.cepro.com/article/kaleide..._with_dvd_cca/





What Could Have Entered the Public Domain on January 1, 2014?

Under the law that existed until 1978 . . . Works from 1957

The books On the Road, Atlas Shrugged, and The Cat in the Hat, the films The Bridge on the River Kwai, Funny Face, and The Prince and the Showgirl, the play Endgame (“Fin de Partie”), and more. . .


Congress Shrugged

Current US law extends copyright for 70 years after the date of the author’s death, and corporate “works-for-hire” are copyrighted for 95 years after publication. But prior to the 1976 Copyright Act (which became effective in 1978), the maximum copyright term was 56 years – an initial term of 28 years, renewable for another 28 years. Under those laws, works published in 1957 would enter the public domain on January 1, 2014, where they would be “free as the air to common use.” Under current copyright law, we’ll have to wait until 2053.1 And no published works will enter our public domain until 2019. The laws in Canada and the EU are different – thousands of works are entering their public domains on January 1.

Curious George Gets a Term Extension

What books and plays would be entering the public domain if we had the pre-1978 copyright laws? You might recognize some of the titles below.

• Samuel Beckett, Endgame (“Fin de partie”, the original French version)
• Jack Kerouac, On the Road (completed 1951, published 1957)
• Ayn Rand, Atlas Shrugged
• Margret Rey and H.A. Rey, Curious George Gets a Medal
• Dr. Seuss (Theodor Geisel), How the Grinch Stole Christmas and The Cat in the Hat
• Eliot Ness and Oscar Fraley, The Untouchables
• Northrop Frye, Anatomy of Criticism: Four Essays
• Walter Lord, Day of Infamy
• Studs Terkel, Giants of Jazz
• Corbett H. Thigpen and Hervey M. Cleckley, The Three Faces of Eve
• Ian Fleming, From Russia, with Love
• Ann Weldy (as Ann Bannon), Odd Girl Out
• A.E. Van Vogt, Empire of the Atom

You would be free to translate these books into other languages, create Braille or audio versions for visually impaired readers (if you think that publishers wouldn’t object to this, you would be wrong), or adapt them for film. You could read them online or buy cheaper print editions, because others were free to republish them. (Empirical studies have shown that public domain books are less expensive, available in more editions and formats, and more likely to be in print – see here, here, and here.) Imagine a digital Library of Alexandria containing all of the world’s books from 1957 and earlier, where, thanks to technology, you can search, link, index, annotate, copy and paste. (Google Books has brought us closer to this reality, but for copyrighted books where there is no separate agreement with the copyright holder, it only shows three short snippets, not the whole book.) Instead of seeing these literary works enter the public domain in 2014, we will have to wait until 2053.

Endgame – “The end is in the beginning and yet you go on. . .”

The Incredible Shrinking Public DomainThink about the movies and television shows from 1957 that would have become available this year. Fans could share clips with friends or incorporate them into fantastic homages. (There are certainly some good candidates.) Local theaters could show the full features. Libraries and archivists would be free to digitize and preserve them. Here are a few of the works that we won’t see in the public domain for another 39 years.

• The Incredible Shrinking Man (Based on Richard Matheson’s 1956 book The Shrinking Man)
• The Bridge on the River Kwai (Best Picture, Best Director (David Lean), Best Actor (Alec Guinness); also starring William Holden, Jack Hawkins and Sessue Hayakawa)
• A Farewell to Arms (Rock Hudson and Jennifer Jones)
• Gunfight at the O.K. Corral (Burt Lancaster and Kirk Douglas)
• 3:10 to Yuma (1957 original starring Glenn Ford and Van Heflin)
• Island in the Sun (James Mason, Joan Fontaine, Dorothy Dandridge, and introducing Harry Belafonte)
• Witness for the Prosecution (Tyrone Power, Marlene Dietrich, Charles Laughton, Elsa Lanchester)
• 12 Angry Men (Henry Fonda, Lee J. Cobb, Jack Klugman, Ed Begley, and more)
• Sweet Smell of Success (Burt Lancaster and Tony Curtis)
• Jailhouse Rock (Elvis Presley)
• The Prince and the Showgirl (Laurence Olivier and Marilyn Monroe)
• Funny Face (Audrey Hepburn and Fred Astaire . . . and Paris as only Hollywood can imagine it)
• An Affair to Remember (Cary Grant and Deborah Kerr . . . and the Empire State Building)
• Nights of Cabiria (written and directed by Federico Fellini and starring Giulietta Masina)
• The Seventh Seal (written and directed by Ingmar Bergman and starring Max von Sydow and Bengt Ekerot)
• What’s Opera, Doc? (Bugs Bunny and Elmer Fudd do Wagner)
• The first episodes of Leave It to Beaver and Perry Mason
• Elvis Presley’s third and final appearance on The Ed Sullivan Show on January 6, 1957 (CBS refused to show his gyrating hips)

These works are famous, so we’re not likely to lose them entirely – the true tragedy is that of forgotten films that are literally disintegrating while preservationists wait for their copyright terms to expire.2

“That’ll Be the Day”. . . in 2053

What 1957 music could you have used without fear of a lawsuit? If you wanted to find guitar tabs or sheet music and freely record your own version of some of the influential music of the 1950s, January 1, 2014, might have been a booming day for you under earlier copyright laws – “That’ll Be the Day” and “Peggy Sue” (Buddy Holly, Jerry Allison, and Norman Petty), “Great Balls of Fire” (Otis Blackwell and Jack Hammer), and “Wake Up, Little Susie” (Felice and Boudleaux Bryant) would all be available. You could score a short film with Dmitri Shostakovich’s Symphony No. 11 in G minor (Opus 103; subtitled The Year 1905). Or you could stage your own performances of some of Elvis Presley’s hits: “All Shook Up” (Otis Blackwell and Elvis Presley) and “Jailhouse Rock” (Jerry Leiber and Mike Stoller). Today, these musical works remain copyrighted until 2053.3

Northrop Frye quote – Poetry can only be made out of other poems\; novels out of other novels....All this was much clearer before the assimilation of literature to private enterprise concealed so many of the facts of criticism.The musical “West Side Story” (music by Leonard Bernstein, lyrics by Stephen Sondheim, and book by Arthur Laurents) made its Broadway debut in 1957. Would “West Side Story” have been legal if Shakespeare’s Romeo and Juliet was under copyright at the time? Probably not. And, of course, if copyright existed in Shakespeare's time, as Judge Richard Posner observed, “Romeo and Juliet itself would have infringed Arthur Brooke’s The Tragicall Historye of Romeo and Juliet . . . which in turn would have infringed several earlier Romeo and Juliets, all of which probably would have infringed Ovid’s story of Pyramus and Thisbe.” Artists build upon the past. Creativity depends upon a healthy public domain.

For lovers of fine art, 1957 also featured a wealth of material, including Dali’s “Celestial Ride” and “Music: the Red Orchestra,” Ed Hopper’s “Western Motel,” and Picasso’s “Las Meninas” set of paintings. This remarkable series of works consists of reinterpretations – remixes, if you will – of Diego Velázquez’s famous painting “Las Meninas”(usually translated as “The Maids of Honor”). Velázquez’s painting became this, and this, and this, and this, and this, and this, and this, and even this. (See some of the 58 works in Picasso’s “Las Meninas” here.) Picasso did not have to track down Velázquez’s heirs and negotiate licensing fees in order to create this oeuvre. He was free to “copy Las Meninas, entirely in good faith” in a way “that would be a detestable Meninas for a traditional painter, but would be my Meninas.”4 One masterpiece inspired another. This is what the public domain allows.

Science from 1957 – copyrighted research, still behind paywalls

1957 was a noteworthy year for science: the USSR launched Sputnik 1 and Sputnik 2, IBM released the first FORTRAN compiler, and the UK’s Medical Research Council published an early report linking smoking and lung cancer. There were groundbreaking publications in the fields of superconductivity and astrophysics such as “Theory of Superconductivity” by John Bardeen, L.N. Cooper, and J.R. Schrieffer and “Synthesis of the Elements in Stars (‘B˛FH’)” by Geofrey Burbidge, Margaret Burbidge, William Fowler, and Fred Hoyle.

On The Road, Next Exit...2053Both of the articles above are copyrighted, but thankfully their publishers have made them available in full online, so that you can read them, even though it may still be illegal to copy and distribute them. Many articles from 1957 remain behind paywalls, including those in major scientific journals such as Science, Nature, and JAMA. Are you interested in a historical perspective on, for example, “Soviet and U.S. Professional and Technical Manpower” or the “Breeding Behavior of Cichlids”? You can’t read those articles unless you pay or subscribe (the first costs US$20 for one day of access; you can purchase the second for US$32).

It’s remarkable to find scientific research from 1957 hidden behind publisher paywalls. True, some older articles – especially those with enduring impact – have been made available on third party websites, though it is often unclear whether this is being done with the consent (or temporary forbearance) of the copyright holder, or simply being provided by enthusiasts who cannot imagine that access to these works is still legally restricted. But this is not a stable solution for providing reliable access to science. Third party postings can be difficult to find or taken down, links can get broken, and would-be posters may be deterred by the risk of a lawsuit. Under the pre-1978 copyright term, all of this history would be free to scholars, students, and enthusiasts. Now, to get these articles from the publisher, you need a credit card or institutional subscription. And the institutional access that many top scientists enjoy is itself not a stable solution – even institutions such as Harvard have considered canceling their subscriptions because they can no longer afford the escalating prices of major journal subscriptions.

Not all scientific publishers work under this kind of copyright scheme. “Open Access” scientific publications, like those of the Public Library of Science, are under Creative Commons licenses, meaning that they can be copied freely from the day they are published.

Works from 1985!

Most of the works highlighted here are famous – that is why we included them. And if that fame meant that the work was still being exploited commercially 28 years after its publication, the rights holders would probably renew the copyright. (This is true for many of the works featured on this page, though even the shorter copyright term exceeds the commercial lifespan of a surprising percentage of successful works.) But we know from empirical studies that 85% of authors did not renew their copyrights (for books, the number is even higher – 93% did not renew), since most works exhaust their commercial value very quickly.

That means that all of these examples from 1957 are only the tip of the iceberg. If the pre-1978 laws were still in effect, we could have seen 85% of the works published in 1985 enter the public domain on January 1, 2014. Imagine what that would mean to our archives, our libraries, our schools and our culture. Such works could be digitized, preserved, and made available for education, for research, for future creators. Instead, they will remain under copyright for decades to come, perhaps even into the next century.

Perhaps the most troubling aspect of the current copyright term is that in most cases, the cultural harm is not offset by any benefit to an author or rights holder. Unlike the famous works highlighted here, the vast majority of works from 1957 do not retain commercial value,5 but they are presumably off limits to users who do not want to risk a copyright lawsuit. This means that no one is benefiting from continued copyright, while the works remain both commercially unavailable and culturally off limits. The public loses the possibility of meaningful access for no good reason.

You can read more about the current costs associated with orphan works – works that are still presumably under copyright, but with no identifiable or locatable copyright holder – here and here. Importantly, the US Copyright Office has renewed its efforts to find solutions to the orphan works problem.
http://web.law.duke.edu/cspd/publicd.../2014/pre-1976





The End of the Print New York Times

The acknowledgement in the paper’s “Innovation Report” that too much time and energy is focused on its front page portends a seismic shift in both the Times’s cultural and business approach to news.
Peter Lauria

Of the many startling claims and findings contained in the New York Times’ Innovation Report perhaps the most stunning is the one broken out above a photo of an empty conference room desk on page 85. It reads, in part, “The newsroom is unanimous: We are focusing too much time and energy on Page One.”

Coming from the Times, the claim is nothing short of remarkable. While newspaper front pages long ago stopped driving the day’s news agenda, A1 of the Times always stood as the exception. As the quote on page 85 goes on to say, “Page One sets the daily rhythms, consumes our focus, and provides the newsroom’s defining metric for success.”

The report’s view of Page One’s waning significance is even more striking when juxtaposed against this quote Dean Baquet, the paper’s new editor, gave to one of his own reporters in an interview: “The trick of running the New York Times is that you have to keep in mind that it is a very powerful print newspaper with a very appreciative audience. You have to protect that while you go out there and get more readers through other means.”

Culturally, the Times’ institutional identity is so tied to Page One that its daily meetings and even a documentary about the paper go by that name. For reporters, being on Page One has long been not just a point of pride, but also a potential career-defining stake in the media ground. Readers remember the bylines under the stories that appear there.

“Most reporters know exactly how frequently they’ve appeared on Page One in the previous year — indeed, annual performance reviews often lead off with that figure,” the report notes.

Juxtaposing the report’s view of print generally and Page One in particular with that of Baquet’s underscores the inherent problems plaguing legacy print news organizations navigating the transition to digital. Baquet clearly loves print, not simply as the anchor to the Times’s business, but also as a preferred method for media consumption. He is one of those legacy editors that thinks improvements to A1 and the overall print product would make it more attractive to young people and restore it to growth.

But it is hard to ignore the creeping ascendance of the future finally beginning to overtake the past in the report’s tone. For the Times to acknowledge that the most coveted piece of journalism real estate for the last 150 years has lost its cultural relevance may end up marking for future media observers the real tipping point, and the beginning of the end of the print edition itself. The report’s overwhelming tone of alarm with regards to digital initiatives being hamstrung by print legacies portends a seismic shift for the Times in both its cultural and business approach to news. There is now, at last, a keen realization that the company can no longer protect its core print business at the expense of digital growth. “It is clear that we are not moving with enough urgency,” the authors write on page 76 of the report. “There are factors that, understandably, slow this tricky transition. More than three quarters of our advertising and subscription revenues still comes from the newspaper … But the huge majority of our readers are digital, and this represents our single biggest opportunity for growth.”

The acknowledgement that the company’s business model is still decidedly slanted toward print is made almost begrudgingly. The authors sound frustrated by the fact that digital consumption of news far exceeds its economics. Everyone knows print dollars are replaced by digital dimes and mobile pennies. And while the report’s authors concede print is still the company’s dominant revenue generator and value proposition, they also seem clearly to be saying that at a certain point in the not-too-distant future it will reach a point of diminishing returns. There is a recognition that the costs of maintaining printing presses, delivery trucks, ink, and everything else that goes into producing a daily paper will surpass the revenue the company generates from it, making the deployment of that money into digital initiatives a better investment.

It resonates on a deeper level than coincidence that the report’s aim of accelerating the institution’s digital transition was authored in part by a fifth-generation Sulzberger clearly eager to pump the gas on his own newsroom ascent. Typically, internal reports such as this are exercises in futility, commissioned for cosmetic appearance and quickly dismissed and wiped away before any of their findings stick. This one, though, comes off as just the opposite, giving the distinct impression that it will provide the digital DNA Sulzberger will attempt to imprint on the organization when he is ready to assume the position Baquet is keeping warm for him.

Reading the report I was reminded of Michael Hirschorn’s controversial Jan, 1, 2009, piece in The Atlantic. Running under the headline “End Times” and coming at the height of the Times’s financial struggles, when it came precariously close to defaulting on its debt obligations and being plunged headlong into bankruptcy, the article asked more seriously than theoretically, “What if the New York Times goes out of business — like, this May?”

That, of course, didn’t happen. But maybe Hirschorn asked the wrong question. Maybe instead of asking if the entire Times company was going away, he should have limited its scope to just the print edition. Back then that, too, would have been dismissed as anathema. Back then there was still a belief that print would be around for generations to come and the company would milk the cash it threw off for as long as it could.

Now, however, the overwhelming sense one gets from the report is that no one inside the company’s Eighth Avenue headquarters believes that anymore — at least, not the people with the last name Sulzberger. Who is ultimately chosen as Baquet’s managing editor will be a telling indication of the company’s long-term view of the printed paper. A digital native would signal in no uncertain terms that the report is being taken seriously as a roadmap for the Times of the 21st century. By contrast, an old school print person would be demoralizing. At least that’s the message inherent in the admission that internally the importance of Page One of the print edition is being overemphasized.

“Our internal fixation on it can be unhealthy, disproportionate, and ultimately counterproductive,” the report cites a Washington reporter who frequently appears on Page One saying. “Just think about how many points in our day are still oriented around A1 — from the 10 a.m. meeting to the summaries that reporters file in the early afternoon to the editing time that goes into those summaries to the moment the verdict is rendered at 4:30 … That doesn’t sound to me like a newsroom that’s thinking enough about the web.”

Reading the report generally, and quotes like that specifically, it’s hard not to wonder how much longer the Times’ print edition has left.
http://www.buzzfeed.com/peterlauria/...new-york-times





Net Neutrality: Your Cheat Sheet To The FCC's Proposal

What you need to know about the FCC's not-exactly-clear approach to keeping the Internet open.
Dan Rowinski

In net neutrality, as in so many other walks of life, what people do is much more important than what they say.

Consider, for instance, FCC chairman Tom Wheeler, who repeatedly insists that the commission's proposed rules for preserving "net neutrality" don't inherently allows for Internet “fast lanes." Such fast lanes—known in FCC parlance as paid prioritization—would allow Internet services providers like Comcast or Verizon charge companies more for faster Internet connections directly to consumers.

See also: White Spaces And Dark Fiber: Internet Giants Angle For Control Of The Internet's Pipes
“There is nothing in this proposal that authorizes fast lanes. In the blocking section of the proposal we ask the question, should there be a ban in paid prioritization as an action of blocking?" Wheeler said. “In the non-discrimination section of the proposal we ask if there should be a ban on paid prioritization.”

Yet the FCC proposal doesn’t actually rule out paid prioritization, either, which means it could be allowable under certain circumstances. In reality, the FCC is simply asking for comments as to whether it should ban paid prioritization entirely; the option for Internet fast lanes is still very much on the table, despite Wheeler’s apparent denial.

That's far from the only head-scratcher hidden away in the thicket of jargon and political rhetoric around the FCC's net-neutrality proposal. Here's a shorthand guide to the major issues at stake as the FCC ponders how—and how hard—to preserve an open Internet. (You can also see the full text of the FCC's proposed rules at the end of this post.)

The Paid Prioritization Puzzle

Imagine that you are Netflix. You deliver television and movies straight into the homes of consumers via the Internet. You want the biggest and fastest pipes you can get, because your business depends on providing responsive, high-quality video on demand.
Cable companies want to be able to charge companies like Netflix higher fees for these faster, more reliable connections directly to consumers. If they get their way, wealthy companies like Netflix or Google could afford to pay for better Internet services; smaller companies and individuals may not be so lucky. Hence the term “fast lanes” for paid, privileged Internet channels.

The FCC’s proposal asks specifically for comments as to whether it should ban such "paid prioritization" outright. But as it currently stands, the proposal doesn't go that far. In fact, it would technically make it possible—and desirable, at least if you're a broadband provider—to implement the fast lanes.

“Let's be clear. Any proposal to allow fast lanes for the few is emphatically not net neutrality," said former FCC commissioner Michael Copps in a statement through Common Cause, a policy reform group. "The clear common-sense prerequisite for an Open Internet is Title II reclassification, guaranteeing the agency's authority to protect consumers and ensure free speech online.”

What's Title II? See below.

The Rebuttable Presumption

The FCC’s fact sheet about the open Internet proposal contains a curious statement. With respect to rules that would prevent practices that threaten an open Internet, the sheet states that the draft “includes a rebuttable presumption that exclusive contracts that prioritize service to broadband affiliates are unlawful.”

This is a loaded statement, so let’s break it down. Priority service for broadband affiliates means that the cable companies could give their own properties faster service while throttling or providing slower service to competitors. For instance, Comcast owns NBC Universal. The cable company could provide perfect delivery of NBC content to consumers while slowing down service for competitors, like CNN or ReadWrite.

The FCC proposal does suggest that this priority service—which directly ties to the notion of paid prioritization—is a bad thing, and making it unlawful sounds like pretty strong medicine. But that pesky term “rebuttable presumption” is a giant loophole. The FCC itself describes a rebuttable presumption as “a presumption that is taken to be true unless someone comes forward to contest it and proves otherwise.”

That means priority service is bad unless you can prove to me that it is good. And you know that broadband providers will be lining up their lawyers to prove that it is good. If they succeed, then poof! The paid prioritization genie is out of the bottle. As Gigaom’s broadband reporter Stacy Higginbottom writes, “Yes, that is a house the FCC is building on sand.”

Title II And Section 706

One important thing to bear in mind in this fight is that much of the discussion actually has little to do with consumers or broadband providers. But it has everything to do with what the FCC can and cannot do to regulate the Internet by law.

You’re going to hear a lot about Title II. This is a reference to Title II of the Communications Act of 1934, the first major U.S. law to regulate telephones and transmission media. Title II is known as the “common carrier” provision of law. If a company falls under the designation of Title II, it is considered a public utility subject to FCC rules that guarantee public access to service.

This entire battle over net neutrality stems from two actions by the FCC in the last 10 years. The first was in 2004 when then FCC chairman Michael Powell outlined four basic Internet freedoms that became the framework of net neutrality. The second was the FCC's 2010 Open Internet Order, which created the first net official neutrality regulation in the U.S.

Broadband providers weren’t all that pleased with the 2010 Open Internet Order. Verizon sued, claiming that the FCC lacked authority to regulate broadband providers, because they were (and are) classified as information services—not public utilities (or, technically, as "common carriers"). Verizon won its fight in January this year; ever since, the FCC has been struggling to figure out if it has any power at all in this arena.

So when you hear about Title II, what net neutrality advocates want is to classify broadband as a public utility which would then give the FCC power to enforce net neutrality as it sees fit. But the FCC knows that if it tries to go down the Title II route, the broadband providers are going to sue yet again. (In all honesty, of course, they're likely to sue no matter what.)

Still, the prospect seems to alarm the commission. The FCC's preference to date has been to apply net neutrality rules under Section 706 of the Telecommunications Act of 1996 because it upsets fewer applecarts. But it's also legally ambiguous. The federal appeals court gave Verizon its victory recommended that the FCC use its Title II authority if it wants to pursue net-neutrality regulation.

The FCC’s notice for rulemaking specifically asks for comment on which avenue is preferable to creating policy to regulate an open Internet, with initial comments due by July 15. Here's where you can leave a comment for the FCC.

The No Blocking Rule

The “No Blocking Rule” is a provision with the proposal that “proposes ensuring that all who use the Internet can enjoy robust, fast and dynamic Internet access.” That means broadband providers couldn't deny fast Internet service to consumers, businesses or organizations on any basis and would be forbidden to purposefully provide slower service.

The No Blocking Rule is the flip side of paid prioritization. Broadband providers could feasibly slow down an Internet service (like Netflix) to make it basically unusable. No Blocking would create rules for the minimum viable service that broadband companies provide so that Internet services are guaranteed to work.

Expanded Transparency

An ombudsman is a watchdog that oversees an organization or an industry to make sure that all participants are acting fairly. The FCC wants to create an ombudsman position to take formal and informal complaints against Internet service providers and to act as arbiter for conflict resolution.

The FCC also wants broadband providers to self-police by providing regular reports about network congestion, data speeds and possibly even paid prioritization practices.

Wireless Net Neutrality

The FCC essentially wants to bring back the full force of the 2010 Open Internet Order that the courts struck down. But the 2010 order had a glaring loophole itself: It set different rules for wireline broadband (like DSL) and wireless Internet, which would include 4G LTE.

Wireless broadband was effectively exempted from net neutrality in the 2010 order, which allowed carriers like Verizon, AT&T, Sprint and T-Mobile to block or slow down services as they saw fit. We saw this happen in practice when Verizon blocked the Google Wallet payments app from smartphones on their networks in favor of their own payments solution, called Isis. (This example would also fall under the category of giving priority service to broadband provider affiliates, something the FCC is considering banning.)

The FCC doesn't plan to make that mistake again; this time around, it wants to subject wireless service to the same net-neutrality rules as fixed, wired networks. The FCC is discussing how it can achieve this, either through employing Title III of the Communications Act of 1934 (which governs wireless transmission like radio or television) or through existing measures like Section 706 or Title II.
http://readwrite.com/2014/05/16/net-...-open-internet





AT&T to Buy DirecTV for $48.5 Billion in Move to Expand Clout
Michael J. De La Merced and David Gelles

AT&T agreed on Sunday to buy the satellite television operator DirecTV for $48.5 billion, trying to tilt the balance of power with media companies as the market for broadband Internet and video shifts.

With the acquisition, AT&T becomes the latest telecommunications giant seeking to establish an even greater reach.

Comcast agreed in February to buy Time Warner Cable for $45 billion, a bid to become the country’s dominant provider of cable TV and high-speed Internet access. And Sprint, which is controlled by the Japanese telecom company SoftBank, has made no secret of its desire to merge with T-Mobile USA, creating a serious rival to Verizon and AT&T.

“The media chessboard is moving more this year than it has in the past decade,” said Richard Greenfield, a media analyst with the brokerage firm BTIG. “You’re seeing major shifts. Everyone is jockeying for position.”

The newest round of consolidation may weigh heavily on the minds of government regulators, who have expressed growing concern that the nation’s television and Internet services are increasingly controlled by just a few corporate behemoths.

For consumers, the acquisition may change little, at least at first, since AT&T and DirecTV share little overlap. AT&T said on Sunday that it planned to bundle its new acquisition’s services with existing offerings like broadband Internet and cellphone service.

To some analysts, AT&T’s latest acquisition seems questionable. The pay television business is considered a mature market whose subscriber growth has slowed sharply in recent years.

Still, the company has been trying to compensate for slowing growth in its own core businesses, including by moving into home security offerings and mobile data for cars.

Randall L. Stephenson, AT&T’s chief executive, said in an interview on Sunday that he had discussed the possibility of buying DirecTV with his counterpart at the satellite TV provider, Mike White, for some time.

By acquiring the country’s biggest satellite television operator, AT&T would gain more clout in negotiating with media companies as it increasingly focuses on video offerings. Through the deal, AT&T would become the country’s second-biggest pay TV provider, behind only Comcast. AT&T has about 5.7 million TV customers through its U-verse service, while the satellite TV operator has about 20.3 million customers in the United States.

The acquisition would also bring to AT&T DirecTV’s existing content at a time when AT&T has made video services a priority. DirecTV’s offerings include the National Football League’s “Sunday Ticket,” and it owns minority stakes in the Game Show Network and MLB Network.

It would also help get AT&T into new markets like video and data services inside airplanes.

“If you think about what we’re trying to accomplish, we’re trying to get way down the road to get content across multiple devices,” Mr. Stephenson said. “The more we peeled the onion back, frankly the better we felt about this.”

DirecTV would also bolster AT&T’s financial resources as it continues to invest in wireless-broadband capabilities, an effort that is expected to include bidding at least $9 billion for wireless network spectrum in a forthcoming government auction. The satellite TV company generated about $2.6 billion in free cash flow last year. Buying DirecTV would also expand AT&T’s presence in Latin America, where the satellite company already has more than 18 million customers and expects to grow substantially as more households subscribe to pay TV services.

Under the agreement’s terms, AT&T would pay $95 a share in stock and cash — roughly 10 percent higher than DirecTV’s closing stock price on Friday and about 30 percent higher than where its shares were trading before word of a potential transaction began to emerge.

Including the assumption of DirecTV’s debt, the deal is worth about $67.1 billion. Existing DirecTV shareholders would own 15 to 16 percent of the combined company after closing, which is expected in a year’s time.

The deal is the biggest in years for AT&T, which has long looked to acquisitions for growth. It is the largest transaction the company has announced since its aborted $39 billion offer for T-Mobile three years ago, a takeover fiercely opposed by antitrust regulators because it would have cut down on the number of wireless phone service providers.

This time, some analysts believe the company will face less heat from the federal government. By their reckoning, regulators are likely to look favorably upon a deal that creates a bulwark against a strengthened Comcast.

“They want wireless to compete with wires,” Mr. Greenfield, the media analyst, said. “The only way to complete that is to allow these deals to occur.”

AT&T has also learned from the botched deal. It will not have to pay DirecTV a breakup fee if the deal does not go through. It had to pay T-Mobile $6 billion.

Mr. Stephenson, the AT&T chief, argued that the deal should be approved since it would not meaningfully reduce competition in the pay TV industry.

“We became very comfortable that this is a deal that should pass regulatory muster,” he said. Referring to Comcast’s bid for Time Warner Cable, he added, “Our deal is a very different deal.”

At the same time, by moving forward with its DirecTV deal now, AT&T will probably complicate regulatory approvals for the cable television merger, according to several investment bankers.

But it is unclear whether investors and others will show enthusiasm for the DirecTV takeover, questioning the strategic fit.

“When I first heard the news, I was scratching my head,” said Jim Nail, an analyst with Forrester Research. “Satellite is kind of a doomed technology. I don’t see it being a long-term proposition.”

AT&T intends to pay for the deal with cash on hand, debt and the sale of some assets. To help ease regulatory concerns in Latin America, the company plans to sell its roughly 8 percent stake in América Móvil, the telecommunications giant controlled by the billionaire Carlos Slim Helú.

The pace of consolidation, meanwhile, may prompt Sprint and SoftBank to proceed with a bid for T-Mobile, a deal that has already faced vocal opposition from several officials at the Federal Communications Commission. In that view, a merger would shrink an already consolidated industry to an unacceptable three major players.

But Sprint and SoftBank have argued that such a deal would create more competition in the fast-growing wireless space, creating a more formidable opponent to Verizon and AT&T.

AT&T’s move also raises questions for the country’s other major satellite television provider, Dish Network. That company’s chief executive, Charles W. Ergen, has made noises about striking acquisitions to become a true broadband service provider, while also hinting that he may be willing to sell.

But AT&T was concerned that buying Dish would invite more regulatory scrutiny because of both its broadband ambitions and its existing trove of wireless spectrum, according to a person briefed on the matter.

Brian X. Chen contributed reporting.
http://dealbook.nytimes.com/2014/05/...-48-5-billion/





Proposed Telecom and Cable Mega-Deals Would Merge the Country’s Most Frustrated Customers
Cecilia Kang

The blockbuster telecom and cable mergers of late would also unite some of the most frustrated customers in the nation.

AT&T bid for DirecTV on Sunday. That followed Comcast’s effort to swallow Time Warner Cable. Spurred by these mega-deals, rumors are spreading of other corporate deals among Internet service providers and cable firms. But virtually all of the companies involved in these marriages rank at the bottom in a new customer satisfaction survey, behind even healthcare providers and airlines.

Consumers were happier with how their hospitals and local utilities treated them than the cable repair guy. The IRS ranked lower overall but even then, people preferred filing taxes online to waiting on hold with an Internet service customer representative, according to a poll released Tuesday by the American Customer Satisfaction Index.

The rankings reinforce the industries’ reputations for poor service, which has been a punchline of comedians and fuel for outrage expressed on social media. Who could forget then-septuagenarian Mona “The Hammer” Shaw, who in 2007 went to a Comcast customer service office in Manassas and bashed a computer keyboard with a hammer to demand attention?

But given how much control those companies will exert over how consumers experience the Internet, telecommunications and entertainment, advocates say federal regulators should exercise their authority over the merger process to improve prices and relieve customers of long waits for repairs.

“This is an industry that has a notoriously bad track record with consumers, and these low customer satisfaction scores should give regulators ample reason to be skeptical of a merger,” said Delara Derakhshani, policy counsel for Consumers Union, a nonprofit advocacy group. Her group, which publishes Consumer Reports, found similarly low rankings for cable and telecom providers in its own annual survey.

Within their industries, Comcast and Time Warner Cable consistently ranked last or next to last for phone, Internet service and cable television, according to the ACSI poll. The two firms have proposed a $45 billion merger.

AT&T is willing to pay $49 billion to bundle its wireless, phone, and high-speed Internet with DirecTV’s satellite television business. Both companies rank far below gas stations, the postal service, and hotels.

The poor results in satisfaction surveys are compounded by lawmakers' concerns about ever rising prices for consumers, especially for high-speed Internet, which some say has become equivalent to a utility.

According to a report by the Federal Communications Commission, cable television prices rose 5.1 percent in 2012, three times the rate of inflation.

“We’re witnessing a major transformation of the telecom industry—and it’s going in exactly the wrong direction,” Sen. Al Franken (D-Minn.) said in a statement. “We’re moving toward an industry with fewer competitors—where corporations are getting bigger and bigger and gaining more and more control over the distribution of information. This hurts innovation, and it’s bad for consumers, who have been getting squeezed by higher bills.”

Comcast has publicly acknowledged its problems with service complaints but says it’s working harder to improve. The company said it has invested new technology and training for call service representatives and is offering consumers a shorter window for an agent to show up at their home, rather than having them wait all day.

The cable giant has also created tablet and smartphone apps for consumers to troubleshoot problems directly from home, which has reduced call volume by 21 million in three years. The company gets about 320 million calls every year.

“It bothers us that we have so much trouble delivering high-quality service to customers on a regular basis,” Comcast Executive Vice President David Cohen said in a Senate hearing on the proposed merger last month. “We’re deeply disappointed with where we are. But that will spur us to be even better.”

AT&T and DirecTV did not immediately respond to requests for comment.

The efforts to improve customers service didn’t help Jim Caskey, who said he endured eight cancelled appointments by Comcast’s repair crew in February. The trouble began with a wrong customer service number on his most recent bill, which led him up a thicket of transfers, promises to speak to manager, and long waits on the phone, the Rockville resident said.

Days into his ordeal, a customer service representative said someone had already fixed his downed cable line even though no work had been done. He finally decided to drop Comcast’s service for Verizon. But in many areas around the country, options are limited and consumers cannot switch.

“I’m against the merger with Time-Warner, and anything that can be done to improve cable competition and service in Montgomery County and hold them truly accountable to customers and the community would be appreciated,” Caskey said. “I cannot fathom their arrogant and indifferent approach to customer service.”

So far, customer service has been a side issue at the FCC, which has broad authority to approve or turn down merger requests based on whether they “on balance. . . serves the public interest, convenience and necessity.”

But experts say it is rare for customer service to be the focus of a merger review. This time, given the poor record of the companies, some advocates are urging the FCC to take the consumer experience more seriously.

“Customer service performance is fair game in a merger review,” said Matt Wood, a policy director for Free Press. The FCC in particular has a “broad standard, with more of a comprehensive and forward-looking mandate to protect consumers and competition alike.”
http://www.washingtonpost.com/blogs/...ted-customers/





Americans Hate Their Cable TV and Internet Providers More Than Any Other Industry
Zachary M. Seward

Customer satisfaction with subscription television and internet service deteriorated even further this year, according to a large survey of Americans.

The two industries scored lowest among those tracked by the American Customer Satisfaction Index. Satisfaction with pay TV fell 4.4%; internet service declined 3.1%.

Comcast and Time Warner Cable, which are seeking to merge, are the worst-performing providers of both television and internet service. Cable companies generally scored lower than fiber-optic and satellite operators like AT&T and DirecTV, which are also seeking to merge and were at the top of the list for television service.

The survey is based on interviews with about 70,000 Americans. Scores are indexed against general satisfaction with other consumer industries.
http://qz.com/211382/americans-hate-...ther-industry/





Why the U.K. Might Kill the EU's Net Neutrality Law
Ned Donovan

While the debate over net neutrality continues to rage in the United States, the British government is planning to block European Union legislation on the matter.

It’s a surprising turn of events. Just last month, the European Parliament voted to place the principles of net neutrality into law. However, before it becomes law throughout Europe, each member country must also pass the legislation. On Thursday, the British government indicated it may veto it instead.

At issue is a new provision that critics argue would restrict the British government’s “ability to block illegal material.” The amendment made it so that only a court order would allow for the banning of content, and not a legislative provision, as originally proposed, according to RT.

“We do not support any proposals that mean we cannot enforce our laws, including blocking child abuse images,” a government spokesperson told BuzzFeed.

In 2010, when the current government came into office, Ed Vaizey, the minister for culture, communications and creative industries, stated he would support “two speed internet,” which sparked intense debate about net neutrality. Remarking after the European legislation passed recently, Vaizey waded into the debate again, claiming the British government “will not agree to any proposals that restrict the ability of parents to protect their children from inappropriate content on line.”

Vaizey went on to state he was “confident that this was not the intention of the European Parliament.” The British is government is reportedly working with other EU member states and others to develop a workable solution for a free and more secure Internet.
http://www.dailydot.com/politics/net...ty-uk-eu-veto/





Anti-Censorship Group Wants to Remind U.K. Citizens that their Internet is Censored
Gavia Baker-Whitelaw

The U.K.’s new Internet filters have been in place for several months now, and most people seem to have forgotten about them. Which is kind of the point: Those filters are meant to work silently in the background, supposedly protecting people from accessing “inappropriate” content by mistake.

The filters block a wide variety of content, from hardcore porn to extremist political sites, and were heavily criticized by many people including the Open Rights Group (ORG), which campaigns against online censorship.

Using Indiegogo to raise funds, the ORG now plans to launch a public media campaign to educate people about the impact these filters may have on their lives.

Internet users can opt out of the filters, but the ORG is concerned that people simply don’t understand what the filters do, or why they might be doing more harm than good.

For one thing, the filters were originally marketed as “porn blockers,” using rhetoric that characterized them as a way to protect young children from stumbling across Internet porn. It’s difficult for any politician to argue against something that is described as protecting children from Internet porn, but the truth is that the filters actually block a multitude of other topics as well.

Also, those “porn blockers” have already proven to be ineffective, blocking plenty of harmless sites and failing to tell the difference between sex education forums and porn. In one case, a domestic abuse helpline was blocked as inappropriate material, while many actual porn sites are still accessible through the filters.

One of the main problems facing the ORG’s campaign against censorship is that the content filters are now old news. They have already become a normal part of setting up a new Internet connection, and many people opt in to using them without considering the consequences.

Having raised over Ł13,000 ($21,800) on Indiegogo, the ORG plans to launch an informative campaign about online censorship in the U.K., beginning a “funny and pointed video” about why the Internet filters are a bad idea.
http://www.dailydot.com/news/open-ri...ilm-indiegogo/





In Letter to Obama, Cisco CEO Complains About NSA Allegations
Arik Hesseldahl

Warning of an erosion of confidence in the products of the U.S. technology industry, John Chambers, the CEO of networking giant Cisco Systems, has asked President Obama to intervene to curtail the surveillance activities of the National Security Agency.

In a letter dated May 15 (obtained by Re/code and reprinted in full below), Chambers asked Obama to create “new standards of conduct” regarding how the NSA carries out its spying operations around the world. The letter was first reported by The Financial Times.

The letter follows new revelations, including photos, published in a book based on documents leaked by former NSA contractor Edward Snowden alleging that the NSA intercepted equipment from Cisco and other manufacturers and loaded them with surveillance software. The photos, which have not been independently verified, appear to show NSA technicians working with Cisco equipment. Cisco is not said to have cooperated in the NSA’s efforts.

Addressing the allegations of NSA interference with the delivery of his company’s products, Chambers wrote: “We ship our products globally from inside as well as outside the United States, and if these allegations are true, these actions will undermine confidence in our industry and in the ability of technology companies to deliver products globally.”

“We simply cannot operate this way; our customers trust us to be able to deliver to their doorsteps products that meet the highest standards of integrity and security,” Chambers wrote. “We understand the real and significant threats that exist in this world, but we must also respect the industry’s relationship of trust with our customers.”

Failure to restore and repair that trust, Chambers said, could threaten the evolution of the Internet itself and lead to its fragmentation.

The letter follows a May 13 blog post by Cisco General Counsel Mark Chandler saying the NSA had “overreached.” Chandler said that Cisco does not cooperate with any government, including the U.S. government, to “weaken our products.”

Concern about the aggressive tactics of the NSA have hit Cisco’s results, especially in emerging markets like Russia, Brazil and China. When the company reported quarterly earnings last week, it said that orders from emerging countries fell seven percent, and that Brazil, Russia, India, China and Mexico combined for a 13 percent drop. Individually, orders in Brazil fell 27 percent and in Russia, 28 percent.
http://recode.net/2014/05/18/in-lett...a-allegations/





NSA Data-Gathering May Run into California Roadblock
Sharon Bernstein

The federal government would need a warrant from a judge if it wants the cooperation of California officials in searching residents' cellphone and computer records, under a bill making its way through the state legislature.

The bill, which passed the state Senate with just one opposing vote on Monday, was introduced in the wake of information leaked by former National Security Agency contractor Edward Snowden showing massive internal surveillance of U.S. citizens by the NSA.

"The Fourth Amendment to the U.S. Constitution is very clear. It says the government shall not engage in unreasonable search and seizure," said the bill's author, Democratic State Senator Ted Lieu, of Torrance. "The National Security Agency's massive and indiscriminate collecting of phone data on all Americans, including more than 38 million Californians, is a threat to our liberty and freedom."

The California bill is the farthest along of several such measures that have been introduced in eight states, according to Lieu's spokesman Jeff Gozzo, including Alaska, Arizona and Oklahoma.

It comes as Congress wrestles with a similar bill at the national level.

A federal judge ruled last year that the National Security Agency's practice of gathering so-called meta-data on U.S. residents was likely unconstitutional, but the ruling is being appealed by the Obama administration.

The California bill would not allow law enforcement and other officials in the most populous U.S. state to assist federal agencies looking for records of phone calls, Internet use or other electronic activity by residents unless a warrant has been issued by a judge.

It was opposed by the California District Attorneys Association, which said the bill was too vague.

(Editing by Lisa Shumaker)
http://www.reuters.com/article/2014/...A4J02I20140520





Chinese Military Unit Charged with Cyber-Espionage Against U.S. Firms
Ellen Nakashima and William Wan

The Justice Department has indicted five members of the Chinese military on charges of hacking into computers and stealing valuable trade secrets from leading steel, nuclear plant and solar power firms, marking the first time that the United States has leveled such criminal charges against a foreign country.

The landmark case paves the way for more indictments and demonstrates that the United States is serious about holding foreign governments accountable for crimes committed in cyberspace, officials said at a news conference Monday.

The Obama administration “will not tolerate actions by any nation that seeks to illegally sabotage American companies and undermine the integrity of fair competition in the operation of the free market,” Attorney General Eric H. Holder Jr. said.

The decision to confront China grew out of a White House strategy formulated two years ago to impose increasing costs on Beijing if it didn’t respond to requests to stop its widespread hacking for commercial advantage. The indictment is intended to address what President Obama and senior intelligence officials have called one of the top threats to national and economic security, with an estimated annual cost to the U.S. economy that ranges from the tens of billions of dollars to more than $100 billion.

The criminal charges provoked a response from Beijing, which said Monday that it was suspending high-level cyber talks with the United States that began in June.

China has summoned the U.S. ambassador over the hacking charges. According to an online notice posted Tuesday by state-run Xinhua on Weibo, Assistant Foreign Minister Zheng Zeguang summoned Abassador Max Baucus to complain that U.S. authorities published their indictment ignoring the strong protests by Chinese authorities.

“Given the lack of sincerity by the United States for cooperation to solve cyber security problems through dialogue, China has decided to suspend the activities of the Sino-U.S. Cyber Working Group,” Foreign Ministry Spokesman Qin Gang said in a statement.

The charges are “purely ungrounded and absurd,” Qin said. He added that the United States had “fabricated facts” in the indictment, which he said “seriously violates basic norms of international relations and damages Sino-U.S. cooperation and mutual trust.”

The leaks from former National Security Agency contractor Edward Snowden already had complicated the talks. Beijing has pointed to disclosures by Snowden of vast NSA surveillance activities — including spying on Chinese companies — to assert that the United States is the greater aggressor in the area.

State Department spokeswoman Jen Psaki said, “We regret China’s decisions.” But she added that she does not think the development will affect strategic and economic dialogue meetings with China, scheduled for early July.

The indictment, which was filed May 1, charges five officials in the People’s Liberation Army (PLA) — hackers with handles such as UglyGorilla and KandyGoo — with computer fraud, conspiracy to commit computer fraud, damaging a computer, aggravated identity theft and economic espionage.

China has no extradition treaty with the United States and none of the suspects is likely to see aa U.S. courtroom. Nonetheless, Holder said he hopes Beijing will “respect our criminal justice system and let justice take its course.”

The indictment is the result of years of work, officials said, in which investigators followed a complex trail of computer bits to one building in one Chinese city.

That nondescript 12-story building under military guard in the Pudong New Area of Shanghai is home to Unit 61398 — part of the PLA and identified by researchers as one of the most prolific hacking crews targeting Western companies’ trade secrets and intellectual property.

The 56-page indictment describes the hacking of five companies and a trade union. All but one are located in the Western District of Pennsylvania, where the charges were brought.

The companies — which include U.S. Steel, the country’s largest steelmaker, and Alcoa, the largest aluminum manufacturer — agreed to come forward, bucking what for years had been a reluctance by many firms to acknowledge that they had been hacked for fear of shareholder lawsuits and damage to reputation.

“There has come a point at which enough is enough,” said David Hickton, U.S. attorney for the Western District of Pennsylvania. “The companies are tired of being raided.”

The other companies are Westinghouse Electric, which builds nuclear power plants; Allegheny Technologies, a metals manufacturer; and SolarWorld, which makes solar products in Hillsboro, Ore. Also hit was the United Steelworkers union, which opposes Chinese trade practices.

The indictment alleges that the hackers stole trade secrets that would have been particularly beneficial to Chinese companies.
PLA member Wen Xinyu — also known as “WinXYHappy” — hacked SolarWorld’s computers and stole thousands of files containing cost and pricing information, prosecutors allege. Hackers took detailed production information that could help a competitor shorten its research and development timeline.

The American company rapidly lost market share to Chinese competitors that were accused of systematically pricing exports well below production costs.

After a complaint from SolarWorld, the Commerce Department and the U.S. International Trade Commission found that China had “dumped” solar products in the U.S. market.

In another case, defendant Wang Dong — or UglyGorilla — gained access to a U.S. Steel computer, which allowed him to steal descriptions for more than 1,700 other company computers and worm his way into vulnerable machines, according to the indictment. He gained access after fellow PLA hacker Sun Kailiang, also known as Jack Sun, sent spear-phishing e-mails to employees, including one purporting to be from the firm’s chief executive. The e-mails contained malware that, when clicked on, surreptitiously loaded onto employees’ computers and allowed back-door access.

John Carlin, the assistant attorney general for national security, said the Chinese have long challenged U.S. officials to provide hard evidence of their data theft that could stand up in court. “Well today, we are,” he said. “For the first time, we are exposing the faces and names behind the keyboards in Shanghai used to steal from American businesses.”

Although the indictment does not name the state-owned enterprises that may have benefited from the espionage, according to open-source literature, they are State Nuclear Power Technology, the Baosteel Group and the Aluminum Corporation of China, which is commonly known as Chinalco.

James Lewis, a cyber policy expert with the Center for Strategic and International Studies, said China’s withdrawal from the talks was “childish” and a mistake. “If you want to get the United States to do something different, you don’t say, ‘I’m not going to talk to you,’ ” he said.

Lewis said he thinks that China will find ways to retaliate but that it cannot go too far. “Their economy is weaker than ours now,” he said. “Now is not the time for the Chinese to go full-bore in retaliation.”

Dmitri Alperovitch, co-founder of the CrowdStrike cybersecurity firm, said the indictments will send a signal to U.S. companies that have thought that the government could not do anything to hold state-sponsored hackers accountable. “Now they can look at these indictments and say, ‘Hey, if I want these people to be punished, the U.S. government is willing to step up and do it,’ ” he said. “That’s a very important message.”

Wan reported from Beijing. William Branigin and Karen DeYoung in Washington contributed to this report.
http://www.washingtonpost.com/world/...82d_story.html





China Confronts U.S. Envoy Over Cyber-Spying Accusations
Sui-Lee Wee

China summoned the U.S. ambassador the United States accused five Chinese military officers of hacking into American companies to steal trade secrets, warning Washington it could take further action, the foreign ministry said on Tuesday.

The U.S. Ambassador to China, Max Baucus, met with Zheng Zeguang, assistant foreign minister, on Monday shortly after the United States charged the five Chinese, accusing them of hacking into American nuclear, metal and solar companies to steal trade secrets.

Zheng "protested" the actions by the United States, saying the indictment had seriously harmed relations between both countries, the foreign ministry said in a statement on its website.

Zheng told Baucus that depending on the development of the situation, China "will take further action on the so-called charges by the United States".

It was the first criminal hacking charge that the United States has filed against specific foreign officials, and follows a steady increase in public criticism and private confrontation, including at a summit last year between U.S. President Barack Obama and Chinese President Xi Jinping.

The indictment is likely to further roil relations between China and the United States. Besides cyber-hacking, Washington and Beijing have grappled over a range of issues, including human rights, trade disputes and China's growing military assertiveness over seas contested with its neighbors.

"The Chinese government and military and its associated personnel have never conducted or participated in the theft of trade secrets over the Internet," the foreign ministry quoted Zheng as telling Baucus.

Zheng told Baucus that the U.S. attitude to Internet security was "overbearing and hypocritical" and urged the United States to give China a clear explanation on reports that Washington has long spied on the Chinese government, businesses, universities and individuals.

The U.S. Embassy to China spokesman, Nolan Barkhouse, confirmed the meeting but declined to provide more details.

China's Ambassador to the United States, Cui Tiankai, also "made solemn representations" to the State Department on Monday.

"The accusations that the United States have made against these Chinese officials are purely fictitious and extremely absurd," Cui was quoted as saying by the state-run China News Service said.

China's defense ministry summoned the American military attaché on Tuesday to protest what they said were actions "that seriously violated norms governing international relations and for seriously slandering the image of the Chinese army".

"DOUBLE STANDARDS"

The angry reaction from Beijing is likely to be the first major test for Baucus, who arrived in Beijing in March, as he seeks to balance U.S. interests with the desire for more economic cooperation with China.

China is the United States' biggest foreign creditor. As of February, China held $1.27 trillion in U.S. Treasury bonds, according to Treasury Department data.

"If the case is not withdrawn, I expect the Chinese government to retaliate," said Jin Canrong, associate dean of the School of International Studies at Renmin University in Beijing.

The majority of China's Internet users are now furious because they think the United States has "double standards" on spying, Jin said, adding that negative domestic public opinion would have a detrimental effect on Sino-U.S. relations.

The leaks by National Security Administration contractor Edward Snowden have given China grounds for accusing the United States of infiltrating Chinese companies and government offices.

The foreign ministry said it would suspend the activities of a Sino-U.S. working group on cyber issues. The defense ministry issued a similarly pointed statement on Tuesday, saying the accusations contained "ulterior motives".

"Suspending the operations of a bilateral group on cyber affairs is a reasonable start, but more countermeasures should be prepared in case Washington obstinately sticks to the wrong track," state news agency Xinhua said in a commentary.

When asked about how China could retaliate against the United States, Foreign Ministry spokesman Hong Lei said at a daily news briefing that "it is the United States that should take actions, correct its mistake and withdraw the decision".

Skeptics said U.S. authorities would not be able to arrest those indicted because Beijing would not hand them over. Still, the move would prevent the individuals from traveling to the United States or other countries that have an extradition agreement with the United States.

U.S. Federal prosecutors said the suspects targeted companies including Alcoa Inc, Allegheny Technologies Inc, United States Steel Corp, Toshiba Corp unit Westinghouse Electric Co, the U.S. subsidiaries of SolarWorld AG, and a steel workers' union.

According to the indictment, all five defendants worked with Unit 61398 of the People's Liberation Army ", which had been "hired" by Chinese state-owned companies to provide information technology services" including assembling a database of corporate intelligence. The Chinese companies were not named.

(Additional reporting by Li Hui and Megha Rajagopalan; Editing by Simon Cameron-Moore)
http://www.reuters.com/article/2014/...A4J03D20140520





Data Pirates of the Caribbean: The NSA Is Recording Every Cell Phone Call in the Bahamas
Ryan Devereaux, Glenn Greenwald and Laura Poitras

The National Security Agency is secretly intercepting, recording, and archiving the audio of virtually every cell phone conversation on the island nation of the Bahamas.

According to documents provided by NSA whistleblower Edward Snowden, the surveillance is part of a top-secret system – code-named SOMALGET – that was implemented without the knowledge or consent of the Bahamian government. Instead, the agency appears to have used access legally obtained in cooperation with the U.S. Drug Enforcement Administration to open a backdoor to the country’s cellular telephone network, enabling it to covertly record and store the “full-take audio” of every mobile call made to, from and within the Bahamas – and to replay those calls for up to a month.

SOMALGET is part of a broader NSA program called MYSTIC, which The Intercept has learned is being used to secretly monitor the telecommunications systems of the Bahamas and several other countries, including Mexico, the Philippines, and Kenya. But while MYSTIC scrapes mobile networks for so-called “metadata” – information that reveals the time, source, and destination of calls – SOMALGET is a cutting-edge tool that enables the NSA to vacuum up and store the actual content of every conversation in an entire country.

All told, the NSA is using MYSTIC to gather personal data on mobile calls placed in countries with a combined population of more than 250 million people. And according to classified documents, the agency is seeking funding to export the sweeping surveillance capability elsewhere.

The program raises profound questions about the nature and extent of American surveillance abroad. The U.S. intelligence community routinely justifies its massive spying efforts by citing the threats to national security posed by global terrorism and unpredictable rival nations like Russia and Iran. But the NSA documents indicate that SOMALGET has been deployed in the Bahamas to locate “international narcotics traffickers and special-interest alien smugglers” – traditional law-enforcement concerns, but a far cry from derailing terror plots or intercepting weapons of mass destruction.

“The Bahamas is a stable democracy that shares democratic principles, personal freedoms, and rule of law with the United States,” the State Department concluded in a crime and safety report published last year. “There is little to no threat facing Americans from domestic (Bahamian) terrorism, war, or civil unrest.”

By targeting the Bahamas’ entire mobile network, the NSA is intentionally collecting and retaining intelligence on millions of people who have not been accused of any crime or terrorist activity. Nearly five million Americans visit the country each year, and many prominent U.S. citizens keep homes there, including Sen. Tom Harkin (D-Iowa), Bill Gates, and Oprah Winfrey.

In addition, the program is a serious – and perhaps illegal – abuse of the access to international phone networks that other countries willingly grant the United States for legitimate law-enforcement surveillance. If the NSA is using the Drug Enforcement Administration’s relationship to the Bahamas as a cover for secretly recording the entire country’s mobile phone calls, it could imperil the longstanding tradition of international law enforcement cooperation that the United States enjoys with its allies.

“It’s surprising, the short-sightedness of the government,” says Michael German, a fellow at New York University’s Brennan Center for Justice who spent 16 years as an FBI agent conducting undercover investigations. “That they couldn’t see how exploiting a lawful mechanism to such a degree that you might lose that justifiable access – that’s where the intelligence community is acting in a way that harms its long-term interests, and clearly the long-term national security interests of the United States.”

The NSA refused to comment on the program, but said in a statement that “the implication that NSA’s foreign intelligence collection is arbitrary and unconstrained is false.” The agency also insisted that it follows procedures to “protect the privacy of U.S. persons” whose communications are “incidentally collected.”

Informed about the NSA’s spying, neither the Bahamian prime minister’s office nor the country’s national security minister had any comment. The embassies of Mexico, Kenya, and the Philippines did not respond to phone messages and emails.

In March, The Washington Post revealed that the NSA had developed the capability to record and store an entire nation’s phone traffic for 30 days. The Post reported that the capacity was a feature of MYSTIC, which it described as a “voice interception program” that is fully operational in one country and proposed for activation in six others. (The Post also referred to NSA documents suggesting that MYSTIC was pulling metadata in some of those countries.) Citing government requests, the paper declined to name any of those countries.

The Intercept has confirmed that as of 2013, the NSA was actively using MYSTIC to gather cell-phone metadata in five countries, and was intercepting voice data in two of them. Documents show that the NSA has been generating intelligence reports from MYSTIC surveillance in the Bahamas, Mexico, Kenya, the Philippines, and one other country, which The Intercept is not naming in response to specific, credible concerns that doing so could lead to increased violence. The more expansive full-take recording capability has been deployed in both the Bahamas and the unnamed country.

MYSTIC was established in 2009 by the NSA’s Special Source Operations division, which works with corporate partners to conduct surveillance. Documents in the Snowden archive describe it as a “program for embedded collection systems overtly installed on target networks, predominantly for the collection and processing of wireless/mobile communications networks.”

If an entire nation’s cell-phone calls were a menu of TV shows, MYSTIC would be a cable programming guide showing which channels offer which shows, and when. SOMALGET would be the DVR that automatically records every show on every channel and stores them for a month. MYSTIC provides the access; SOMALGET provides the massive amounts of storage needed to archive all those calls so that analysts can listen to them at will after the fact. According to one NSA document, SOMALGET is “deployed against entire networks” in the Bahamas and the second country, and processes “over 100 million call events per day.”

SOMALGET’s capabilities are further detailed in a May 2012 memo written by an official in the NSA’s International Crime and Narcotics division. The memo hails the “great success” the NSA’s drugs and crime unit has enjoyed through its use of the program, and boasts about how “beneficial” the collection and recording of every phone call in a given nation can be to intelligence analysts.

Rather than simply making “tentative analytic conclusions derived from metadata,” the memo notes, analysts can follow up on hunches by going back in time and listening to phone calls recorded during the previous month. Such “retrospective retrieval” means that analysts can figure out what targets were saying even when the calls occurred before the targets were identified. “[W]e buffer certain calls that MAY be of foreign intelligence value for a sufficient period to permit a well-informed decision on whether to retrieve and return specific audio content,” the NSA official reported.

“There is little reason,” the official added, that SOMALGET could not be expanded to more countries, as long as the agency provided adequate engineering, coordination and hardware. There is no indication in the documents that the NSA followed up on the official’s enthusiasm.

The documents don’t spell out how the NSA has been able to tap the phone calls of an entire country. But one memo indicates that SOMALGET data is covertly acquired under the auspices of “lawful intercepts” made through Drug Enforcement Administration “accesses”– legal wiretaps of foreign phone networks that the DEA requests as part of international law enforcement cooperation.

When U.S. drug agents need to tap a phone of a suspected drug kingpin in another country, they call up their counterparts and ask them set up an intercept. To facilitate those taps, many nations – including the Bahamas – have hired contractors who install and maintain so-called lawful intercept equipment on their telecommunications. With SOMALGET, it appears that the NSA has used the access those contractors developed to secretly mine the country’s entire phone system for “signals intelligence” –recording every mobile call in the country. “Host countries,” the document notes, “are not aware of NSA’s SIGINT collection.”

“Lawful intercept systems engineer communications vulnerabilities into networks, forcing the carriers to weaken,” says Christopher Soghoian, the principal technologist for the American Civil Liberties Union. “Host governments really should be thinking twice before they accept one of these Trojan horses.”

The DEA has long been in a unique position to help the NSA gain backdoor access to foreign phone networks. “DEA has close relationships with foreign government counterparts and vetted foreign partners,” the manager of the NSA’s drug-war efforts reported in a 2004 memo. Indeed, with more than 80 international offices, the DEA is one of the most widely deployed U.S. agencies around the globe.

But what many foreign governments fail to realize is that U.S. drug agents don’t confine themselves to simply fighting narcotics traffickers. “DEA is actually one of the biggest spy operations there is,” says Finn Selander, a former DEA special agent who works with the drug-reform advocacy group Law Enforcement Against Prohibition. “Our mandate is not just drugs. We collect intelligence.”

What’s more, Selander adds, the NSA has aided the DEA for years on surveillance operations. “On our reports, there’s drug information and then there’s non-drug information,” he says. “So countries let us in because they don’t view us, really, as a spy organization.”

Selander’s first-hand experience is echoed in the 2004 memo by the manager of the NSA’s drug-war efforts, which was titled “DEA: The Other Warfighter.” The DEA and the NSA “enjoy a vibrant two-way information-sharing relationship,” the memo observes, and cooperate so closely on counternarcotics and counterterrorism that there is a risk of “blurring the lines between the two missions.”

Still, the ability to record and replay the phone calls of an entire country appears to be a relatively new weapon in the NSA’s arsenal. None of the half-dozen former U.S. law enforcement officials interviewed by The Intercept said they had ever heard of a surveillance operation quite like the NSA’s Bahamas collection.

“I’m completely unfamiliar with the program,” says Joel Margolis, a former DEA official who is now executive vice president of government affairs for Subsentio, a Colorado-based company that installs lawful intercepts for telecommunications providers. “I used to work in DEA’s office of chief counsel, and I was their lead specialist on lawful surveillance matters. I wasn’t aware of anything like this.”

For nearly two decades, telecom providers in the United States have been legally obligated under the 1994 Communications Assistance for Law Enforcement Act to build their networks with wiretapping capabilities, providing law enforcement agencies with access to more efficient, centrally managed surveillance.

Since CALEA’s passage, many countries have adopted similar measures, making it easier to gather telecommunications intelligence for international investigations. A 2001 working group for the United Nations Office on Drugs and Crime went so far as to urge countries to consider permitting foreign law enforcement agencies to initiate international wiretaps directly from within their own territories.

The process for setting up lawful intercepts in foreign countries is largely the same as in the United States. “Law enforcement issues a warrant or other authorization, a carrier or a carrier’s agent responds to the warrant by provisioning the intercept, and the information is sent in sort of a one-way path to the law enforcement agency,” says Marcus Thomas, a former FBI assistant director who now serves as chief technology officer for Subsentio.

When U.S. drug agents wiretap a country’s phone networks, they must comply with the host country’s laws and work alongside their law enforcement counterparts. “The way DEA works with our allies – it could be Bahamas or Jamaica or anywhere – the host country has to invite us,” says Margolis. “We come in and provide the support, but they do the intercept themselves.”

The Bahamas’ Listening Devices Act requires all wiretaps to be authorized in writing either by the minister of national security or the police commissioner in consultation with the attorney general. The individuals to be targeted must be named. Under the nation’s Data Protection Act, personal data may only be “collected by means which are both lawful and fair in the circumstances of the case.” The office of the Bahamian data protection commissioner, which administers the act, said in a statement that it “was not aware of the matter you raise.”

Countries like the Bahamas don’t install lawful intercepts on their own. With the adoption of international standards, a thriving market has emerged for private firms that are contracted by foreign governments to install and maintain lawful intercept equipment. Currently valued at more than $128 million, the global market for private interception services is expected to skyrocket to more than $970 million within the next four years, according to a 2013 report from the research firm Markets and Markets.

“Most telecom hardware vendors will have some solutions for legal interception,” says a former mobile telecommunications engineer who asked not to be named because he is currently working for the British government. “That’s pretty much because legal interception is a requirement if you’re going to operate a mobile phone network.”

The proliferation of private contractors has apparently provided the NSA with direct access to foreign phone networks. According to the documents, MYSTIC draws its data from “collection systems” that were overtly installed on the telecommunications systems of targeted countries, apparently by corporate “partners” cooperating with the NSA.

One NSA document spells out that “the overt purpose” given for accessing foreign telecommunications systems is “for legitimate commercial service for the Telco’s themselves.” But the same document adds: “Our covert mission is the provision of SIGINT,” or signals intelligence.

The classified 2013 intelligence budget also describes MYSTIC as using “partner-enabled” access to both cellular and landline phone networks. The goal of the access, the budget says, is to “provide comprehensive metadata access and content against targeted communications” in the Caribbean, Mexico, Kenya, the Philippines, and the unnamed country. The budget adds that in the Bahamas, Mexico, and the Philippines, MYSTIC requires “contracted services” for its “operational sustainment.”

The NSA documents don’t specify who is providing access in the Bahamas. But they do describe SOMALGET as an “umbrella term” for systems provided by a private firm, which is described elsewhere in the documents as a “MYSTIC access provider.” (The documents don’t name the firm, but rather refer to a cover name that The Intercept has agreed not to publish in response to a specific, credible concern that doing so could lead to violence.) Communications experts consulted by The Intercept say the descriptions in the documents suggest a company able to install lawful intercept equipment on phone networks.

Though it is not the “access provider,” the behemoth NSA contractor General Dynamics is directly involved in both MYSTIC and SOMALGET. According to documents, the firm has an eight-year, $51 million contract to process “all MYSTIC data and data for other NSA accesses” at a facility in Annapolis Junction, Maryland, down the road from NSA’s headquarters. NSA logs of SOMALGET collection activity – communications between analysts about issues such as outages and performance problems – contain references to a technician at a “SOMALGET processing facility” who bears the same name as a LinkedIn user listing General Dynamics as his employer. Reached for comment, a General Dynamics spokesperson referred questions to the NSA.

According to the NSA documents, MYSTIC targets calls and other data transmitted on Global System for Mobile Communications networks – the primary framework used for cell phone calls worldwide. In the Philippines, MYSTIC collects “GSM, Short Message Service (SMS) and Call Detail Records” via access provided by a “DSD asset in a Philippine provider site.” (The DSD refers to the Defence Signals Directorate, an arm of Australian intelligence. The Australian consulate in New York declined to comment.) The operation in Kenya is “sponsored” by the CIA, according to the documents, and collects “GSM metadata with the potential for content at a later date.” The Mexican operation is likewise sponsored by the CIA. The documents don’t say how or under what pretenses the agency is gathering call data in those countries.

In the Bahamas, the documents say, the NSA intercepts GSM data that is transmitted over what is known as the “A link”–or “A interface”–a core component of many mobile networks. The A link transfers data between two crucial parts of GSM networks – the base station subsystem, where phones in the field communicate with cell towers, and the network subsystem, which routes calls and text messages to the appropriate destination. “It’s where all of the telephone traffic goes,” says the former engineer.

Punching into this portion of a county’s mobile network would give the NSA access to a virtually non-stop stream of communications. It would also require powerful technology.

“I seriously don’t think that would be your run-of-the-mill legal interception equipment,” says the former engineer, who worked with hardware and software that typically maxed out at 1,000 intercepts. The NSA, by contrast, is recording and storing tens of millions of calls – “mass surveillance,” he observes, that goes far beyond the standard practices for lawful interception recognized around the world.

The Bahamas Telecommunications Company did not respond to repeated phone calls and emails.

If the U.S. government wanted to make a case for surveillance in the Bahamas, it could point to the country’s status as a leading haven for tax cheats, corporate shell games, and a wide array of black-market traffickers. The State Department considers the Bahamas both a “major drug-transit country” and a “major money laundering country” (a designation it shares with more than 60 other nations, including the U.S.). According to the International Monetary Fund, as of 2011 the Bahamas was home to 271 banks and trust companies with active licenses. At the time, the Bahamian banks held $595 billion in U.S. assets.

But the NSA documents don’t reflect a concerted focus on the money launderers and powerful financial institutions – including numerous Western banks – that underpin the black market for narcotics in the Bahamas. Instead, an internal NSA presentation from 2013 recounts with pride how analysts used SOMALGET to locate an individual who “arranged Mexico-to-United States marijuana shipments” through the U.S. Postal Service.

The presentation doesn’t say whether the NSA shared the information with the DEA. But the drug agency’s Special Operations Divison has come under fire for improperly using classified information obtained by the NSA to launch criminal investigations – and then creating false narratives to mislead courts about how the investigations began. The tactic – known as parallel construction – was first reported by Reuters last year, and is now under investigation by the Justice Department’s inspector general.

So: Beyond a desire to bust island pot dealers, why would the NSA choose to apply a powerful collection tool such as SOMALGET against the Bahamas, which poses virtually no threat to the United States?

The answer may lie in a document that characterizes the Bahamas operation as a “test bed for system deployments, capabilities, and improvements” to SOMALGET. The country’s small population – fewer than 400,000 residents – provides a manageable sample to try out the surveillance system’s features. Since SOMALGET is also operational in one other country, the Bahamas may be used as a sort of guinea pig to beta-test improvements and alterations without impacting the system’s operations elsewhere.

“From an engineering point of view it makes perfect sense,” says the former engineer. “Absolutely.”

Beyond the Bahamas, the other countries being targeted by MYSTIC are more in line with the NSA’s more commonly touted priorities. In Kenya, the U.S. works closely with local security forces in combating the militant fundamentalist group Al-Shabab, based in neighboring Somalia. In the Philippines, the U.S. continues to support a bloody shadow war against Islamist extremists launched by the Bush administration in 2002. Last month, President Barack Obama visited Manila to sign a military pact guaranteeing that U.S. operations in Southeast Asia will continue and expand for at least another decade.

Mexico, another country targeted by MYSTIC, has received billions of dollars in police, military, and intelligence aid from the U.S. government over the past seven years to fight the war on drugs, a conflict that has left more than 70,000 Mexicans dead by some estimates. Attorney General Eric Holder has described Mexican drug cartels as a U.S. “national security threat,” and in 2009, then-CIA director Michael Hayden said the violence and chaos in Mexico would soon be the second greatest security threat facing the U.S. behind Al Qaeda.

The legality of the NSA’s sweeping surveillance in the Bahamas is unclear, given the permissive laws under which the U.S intelligence community operates. Earlier this year, President Obama issued a policy directive imposing “new limits” on the U.S. intelligence community’s use of “signals intelligence collected in bulk.” In addition to threats against military or allied personnel, the directive lists five broad conditions under which the agency would be permitted to trawl for data in unrestricted dragnets: threats posed by foreign powers, terrorism, weapons of mass destruction, cybersecurity, and “transnational criminal threats, including illicit finance and sanctions evasion.”

SOMALGET operates under Executive Order 12333, a Reagan-era rule establishing wide latitude for the NSA and other intelligence agencies to spy on other countries, as long as the attorney general is convinced the efforts are aimed at gathering foreign intelligence. In 2000, the NSA assured Congress that all electronic surveillance performed under 12333 “must be conducted in a manner that minimizes the acquisition, retention, and dissemination of information about unconsenting U.S. persons.” In reality, many legal experts point out, the lack of judicial oversight or criminal penalties for violating the order render the guidelines meaningless.

“I think it would be open, whether it was legal or not,” says German, the former FBI agent. “Because we don’t have all the facts about how they’re doing it. For a long time, the NSA has been interpreting their authority in the broadest possible way, even beyond what an objective observer would say was reasonable.”

“An American citizen has Fourth Amendment rights wherever they are,” adds Kurt Opsahl, an attorney with the Electronic Frontier Foundation. “Nevertheless, there have certainly been a number of things published over the last year which suggest that there are broad, sweeping programs that the NSA and other government agencies are doing abroad that sweep up the communications of Americans.”

Legal or not, the NSA’s covert surveillance of an entire nation suggests that it will take more than the president’s tepid “limits” to rein in the ambitions of the intelligence community. “It’s almost like they have this mentality – if we can, we will,” says German. “There’s no analysis of the long-term risks of doing it, no analysis of whether it’s actually worth the effort, no analysis of whether we couldn’t take those resources and actually put them on real threats and do more good.”

It’s not surprising, German adds, that the government’s covert program in the Bahamas didn’t remain covert. “The undermining of international law and international cooperation is such a long-term negative result of these programs that they had to know would eventually be exposed, whether through a leak, whether through a spy, whether through an accident,” he says. “Nothing stays secret forever. It really shows the arrogance of these agencies – they were just going to do what they were going to do, and they weren’t really going to consider any other important aspects of how our long-term security needs to be addressed.”
https://firstlook.org/theintercept/a...-call-bahamas/





Germany Will Ban Tech Companies That Play Ball With NSA

No federal contracts will go to companies that turn over data to the NSA or other agencies. There may, however, be one crucial exemption
Frederik Obermaier and Benedikt Strunz

It didn't take an Edward Snowden to figure out that American espionage service providers had access to confidential information about German citizens. It's been known for years that the Computer Sciences Corporation (CSC) works for American secret services.

It's also known that a former CSC subsidiary was involved in the abduction of German citizen Khaled el-Masri, who was turned over to the CIA and subjected to abuse and degradation before the agency finally admitted his arrest and torture were a mistake.

Nevertheless, German CSC subsidiaries have in past years received more than 100 contracts from state and federal governments in Germany, as Süddeutsche Zeitung and public broadcaster NDR reported last fall. The operative rule at the time was that only companies that were found guilty of crimes could be excluded from public contracts. So far, no CSC employee has been prosecuted for the abduction of el-Masri. Per se, working for the U.S. intel agencies is not punishable. So Germany's federal government tied its own hands over the issue.

But according to research conducted by NDR and Süddeutsche Zeitung, Germany's black-red "grand coalition" government has now tightened the rules for awarding sensitive public IT contracts. In cases of doubt, suspicious companies will now be excluded from such contracts. And companies now have to sign documents to the effect that no contracts or laws oblige them — nor can they be coerced — to pass on confidential data to foreign secret services or security authorities.

The new rule would seem to be aimed primarily at American companies. These companies, as numerous Snowden documents reveal, regularly pass on information to the U.S. spy agencies. At the NSA, a separate Special Sources Operations department deals with cooperation with "strategic partners," as agents call such companies. The companies say they are merely following the laws of the respective country, and so far this explanation has been accepted.

But since April, any company that cannot guarantee that foreign services or authorities will not obtain any of their data is being excluded from federal contracts in Germany. A spokesperson for the Ministry of the Interior said that the aim of the new rule is to prevent "the flow of data worth protecting to foreign security authorities."

Will there be a loophole?

But whether CSC also will be excluded from sensitive federal contracts is open to question. In January the German federal government let it be known that it saw "no reason [to change] our contract-awarding procedures" as far as German CSC subsidiaries were concerned. And yet CSC is part of the American shadow army of private firms that deliver low-cost and untransparent projects for the military and secret services.

The company was part of a consortium that was awarded the contract for the Trailblazer Project, which was supposed to develop a gigantic data vacuum to suck up information — very similar to the NSA's current spy programs. "Data are the next battlefield," reads one company prospectus. And CSC is apparently delivering the requisite arms for the battle.

It was CSC subsidiaries that, among other projects, tested the German Federal Criminal Police Office's "state Trojan" and supported the Ministry of Justice when it introduced electronic files at the Federal Supreme Court. CSC was also awarded contracts pertaining to the German government network through which coded communications from the ministries and various authorities flow. And CSC advised the Ministry of the Interior on the introduction of electronic passports, and is involved in the De-Mail project, which aims to securitize email traffic.
http://www.newsforage.com/2014/05/ge...nies-that.html





Marc Andreessen: Tech Companies are Still Fuming Over the NSA
Cecilia Kang

Almost a year after he released a flurry of documents showing the National Security Agency was collecting data on everyone from foreign leaders to U.S. citizens, Edward Snowden is still the predominant Washington story in the minds of tech executives who believe the controversy has caused damage to their businesses.

That's according to the venture capitalist Marc Andreessen, who said in a wide-ranging interview Monday that Silicon Valley's repeated meetings with the Obama administration were mostly for show and have produced "not even a little" progress on privacy and surveillance issues.

Chief executives from leading companies including Netflix, Google and Facebook met with senior White House officials in December, and again in March. While the Obama administration said at the time that the meetings helped clear the air on intelligence reforms, Andreessen argued Monday that the White House has not done enough to mitigate the NSA's impact on tech companies' reputations, particularly overseas.

"The level of trust in U.S. companies has been seriously damaged, especially but not exclusively outside the U.S.," said Andreessen. "Every time a new shoe drops — and there are 10,000 of them — it serves a blow to the U.S."

Some estimates suggest the news about the NSA's surveillance practices may have cost tech companies tens of billions of dollars in lost revenue.

In January, Obama announced a series of proposed changes to the NSA's surveillance practices. They included requiring the spy agency to seek permission from the secret Foreign Intelligence Surveillance Court every time it wants to investigate U.S. phone records. They also put limits on what the NSA is allowed to do with the results.

But it was Congress, not the White House, that voted recently to allow companies to talk more openly about the data requests they receive from the government, and to end the practice of bulk phone records collection altogether. Meanwhile, a major privacy study that the Obama administration announced in January, along with the other NSA reforms that came out earlier this month, only seemed to gloss over the controversy that led to to study's creation. Consumer advocates were quick to criticize the report's focus on commercial data gathering at the expense of government surveillance.

"Although the report may have been silent on government use of big data for intelligence gathering, we won’t be," the Electronic Frontier Foundation vowed in a blog post.

The White House may be hoping tech companies will eventually forget about the whole thing, according to Andreessen, who said "the view from Silicon Valley is that the White House hung the NSA out to dry."

A White House spokeswoman did not immediately reply to a request for comment.
http://www.washingtonpost.com/blogs/...-over-the-nsa/





NSA Reform Bill Passes the House—With a Gaping Loophole
Andy Greenberg

The U.S. House of Representatives has passed a bill that would end the NSA’s mass collection of Americans’ phone records. Unfortunately, it may not end the NSA’s mass collection of Americans’ phone records.

The House voted 303 to 121 Thursday in favor of the USA Freedom Act, broad legislation aimed at reforming the NSA’s surveillance powers exposed by Edward Snowden. The central provision of the bill, which now moves on to debate in the Senate, is intended to limit what the intelligence community calls “bulk” collection–the indiscriminate vacuuming of citizen’s phone and internet records. But privacy advocates and civil libertarians say last-minute changes to the legislation supported by the White House added ambiguous language that could essentially give the NSA a broad loophole through which it can continue its massive domestic data collection.

In the House’s final version of the bill, the NSA would be stripped of the power to collect all Americans’ phone records for metadata analysis, a practice revealed in the first Guardian story about Snowden’s leaks published last year. It instead would be required to limit its collection to specific terms. The problem is that those terms may not be nearly specific enough, and could still include massive lists of target phone numbers or entire ranges of IP addresses.

“The core problem is that this only ends ‘bulk’ collection in the sense the intelligence community uses that term,” says Julian Sanchez, a researcher at the Cato Institute. “As long as there’s some kind of target, they don’t call that bulk collection, even if you’re still collecting millions of records…If they say give us the record of everyone who visited these thousand websites, that’s not bulk collection, because they have a list of targets.”

“To any normal person,” he adds, “that’s still pretty bulky.”

Specifically, the House changed the definition of a search term from “a term used to uniquely describe a person, entity, or account” to “a discrete term, such as a term specifically identifying a person, entity, account, address, or device.” That shift, particularly the removal of the word “unique” and addition of “such as,” might be enough to enable nearly the same sort of mass surveillance the NSA now conducts, according to a statement from the New America Foundation’s Open Technology Institute.

“Taken together,” the Institute wrote, “the changes to this definition may still allow for massive collection of millions of Americans’ private information based on very broad selection terms such as a zip code, an area code, the physical address of a particular email provider or financial institution, or the IP address of a web hosting service that hosts thousands of web sites.”

Of course, how those “specific terms” are defined in practice will be decided by the Foreign Intelligence Surveillance Court, which must approve NSA requests for data collection under the 214 and 215 provisions of the Foreign Intelligence Surveillance Act. But after a year of revelations that have showed how the NSA uses word games to expand its legal powers, Kevin Bankston of the the Open Technology Institute says the court can’t be fully trusted to interpret the law strictly. “The danger is that it’s ambiguous, and if the FISA court and the NSA has showed us anything, it’s that any ambiguity in these laws is dangerous,” Bankston says.

In fact, the watered-down version of the Freedom Act passed by the House also weakens early provisions that would have provided more resistance against the NSA in its FISA arguments, Sanchez says. The earlier version of the bill would have established a “public advocate” to argue against the NSA in FISA proceedings; the current bill has only a weaker “amicus” option, something closer to an outside adviser to the court.

The bulk surveillance element of the bill is but one point its critics are disappointed to see pass the House. The Open Technology Institute, the Electronic Frontier Foundation, and the anti-surveillance group Access Now all published statements enumerating the bill’s flaws. Other problems they cite include the removal of provisions giving companies more freedom to report the intelligence community’s demands for users’ data, and a provision that still allows the NSA to collect information “about” a target; Rather than limiting data collection to communications sent to or from that target, the measure that would allow mass data collection that sweeps in any communications that are reference the target but may not involve that person.

Despite all those problems, some policy-watchers still see the passage of the Freedom Act in the House as a step towards real reform. They’re also holding out hope that the bill could be amended–and its teeth reinserted–in the Senate. “While far from perfect, this bill is an unambiguous statement of congressional intent to rein in the out-of-control NSA,” reads a statement from Laura Murphy, the American Civil Liberties Union’s Washington legislative director. “While we share the concerns of many–including members of both parties who rightly believe the bill does not go far enough–without it we would be left with no reform at all, or worse, a House Intelligence Committee bill that would have cemented bulk collection of Americans’ communications into law. We will fight to secure additional improvements in the Senate.”
http://www.wired.com/2014/05/usa-freedom-act-2/





Online Ads are a Cesspool of Malware, Senate Study Finds
Kevin Collier

A Senate subcommittee report has called on the Federal Trade Commission (FCC) to crack down on the murky world of online advertising.

The Senate subcommittee on Homeland Security & Governmental Affairs released a report Thursday called "Online Advertising and Hidden Hazards to Consumer Security and Data Privacy." It cited several recent high-profile attacks on potentially millions of Google and Yahoo visitors, and found that many data-mining attacks go unnoticed by their targets.

Noting the "complexity of current online advertising practices impedes industry accountability for malware attacks," the report's authors found that advertisers often go between multiple intermediaries before finding their way into a user's browser—and pointed to the FTC to step up.

"In the absence of effective self-regulation, the FTC should consider issuing comprehensive regulations to prohibit deceptive and unfair online advertising practices that facilitate or fail to take reasonable steps to prevent malware," the report said.

The authors added: "Current FTC safeguards are insufficient to comprehensively protect consumers from online advertising abuses," pointing out that FTC has yet to file any criminal charges for malware transmitted through ads.

In its own testimony before the subcommittee, the FTC defended itself by saying it had settled 53 data security cases out of court, including Fandango, Credit Karma, and its recent agreement with Snapchat.
http://www.dailydot.com/news/ftc-mal...-google-yahoo/





Computers Can Impact on Children's Ability to Learn, Says Union
BBC

A teaching union in Northern Ireland is calling for urgent action over the impact of modern technology on children's ability to learn at school.

The Association of Teacher and Lecturers (ATL) is concerned at how long children spend on computers and digital gadgets outside school.

It said some pupils were unable to concentrate or socialise properly.

The impact of digital technology is the focus of the union's annual regional conference in Belfast on Thursday.

Mark Langhammer of the ATL said: "We're hearing reports of very young children who are arriving into school quite unable to concentrate or to socialise properly because they're spending so much time on digital games or social media.

"We'd like the Department of Education to issue guidance to all parents on the maximum amount of time which young children should spend on these devices, and on how kids can use digital technology safely and sensibly."

Screen time

He said the ATL will be requesting an early meeting with the education minister to urge action.

"We readily appreciate that digital technology can have huge benefits for children," he said.

"But there seems to be a real lack of awareness about its potential dangers, and we think the Department of Education needs to take action to make parents much more aware of the issues."

Emma Quinn, who teaches primary four and five, said the impact of hours spent on screens was evident in school.

"There's a complete lack of motivation among many of my pupils - these gadgets are really destroying their ability to learn," she said.

"They're so used to the instant buzz which you can get with these games and gadgets that they find it really hard to focus on anything which isn't exciting."

She said at least half of her class of seven to nine-year-olds use games intended for older teenagers and adults.

"We're finding that, for many children, when they begin school, it's the first time they've been told what they can't do - as opposed to simply being left to do what they like," she said.

"Their response is to really act up and to be aggressive - because they're not used to any controls, and because these games have given them the idea that violence is the answer to every problem."
http://www.bbc.com/news/uk-northern-ireland-27513174





Everything Is Broken
Quinn Norton

Once upon a time, a friend of mine accidentally took over thousands of computers. He had found a vulnerability in a piece of software and started playing with it. In the process, he figured out how to get total administration access over a network. He put it in a script, and ran it to see what would happened, then went to bed for about four hours. Next morning on the way to work he checked on it, and discovered he was now lord and master of about 50,000 computers. After nearly vomiting in fear he killed the whole thing and deleted all the files associated with it. In the end he said he threw the hard drive into a bonfire. I can’t tell you who he is because he doesn’t want to go to Federal prison, which is what could have happened if he’d told anyone that could do anything about the bug he’d found. Did that bug get fixed? Probably eventually, but not by my friend. This story isn’t extraordinary at all. Spend much time in the hacker and security scene, you’ll hear stories like this and worse.

It’s hard to explain to regular people how much technology barely works, how much the infrastructure of our lives is held together by the IT equivalent of baling wire.

Computers, and computing, are broken.

Build it badly, and they will come.
For a bunch of us, especially those who had followed security and the warrantless wiretapping cases, the revelations weren’t big surprises. We didn’t know the specifics, but people who keep an eye on software knew computer technology was sick and broken. We’ve known for years that those who want to take advantage of that fact tend to circle like buzzards. The NSA wasn’t, and isn’t, the great predator of the internet, it’s just the biggest scavenger around. It isn’t doing so well because they are all powerful math wizards of doom.

The NSA is doing so well because software is bullshit.
Eight months before Snowden’s first revelation I tweeted this:

Everything's got 0days, everyone's tracked, all the data leaks, all the things are vulnerable. It's all fucking pwned.

It was my exasperated acknowledgement that looking for good software to count on has been a losing battle. Written by people with either no time or no money, most software gets shipped the moment it works well enough to let someone go home and see their family. What we get is mostly terrible.

Software is so bad because it’s so complex, and because it’s trying to talk to other programs on the same computer, or over connections to other computers. Even your computer is kind of more than one computer, boxes within boxes, and each one of those computers is full of little programs trying to coordinate their actions and talk to each other. Computers have gotten incredibly complex, while people have remained the same gray mud with pretensions of Godhood.

Your average piece-of-shit Windows desktop is so complex that no one person on Earth really knows what all of it is doing, or how.

Now imagine billions of little unknowable boxes within boxes constantly trying to talk and coordinate tasks at around the same time, sharing bits of data and passing commands around from the smallest little program to something huge, like a browser — that’s the internet. All of that has to happen nearly simultaneously and smoothly, or you throw a hissy fit because the shopping cart forgot about your movie tickets.

We often point out that the phone you mostly play casual games on and keep dropping in the toilet at bars is more powerful than all the computing we used to go to space for decades.

NASA had a huge staff of geniuses to understand and care for their software. Your phone has you.
Plus a system of automatic updates you keep putting off because you’re in the middle of Candy Crush Saga every time it asks.

Because of all this, security is terrible. Besides being riddled with annoying bugs and impossible dialogs, programs often have a special kind of hackable flaw called 0days by the security scene. No one can protect themselves from 0days. It’s their defining feature — 0 is the number of days you’ve had to deal with this form of attack. There are meh, not-so-terrible 0days, there are very bad 0days, and there are catastrophic 0days that hand the keys to the house to whomever strolls by. I promise that right now you are reading this on a device with all three types of 0days. “But, Quinn,” I can hear you say, “If no one knows about them how do you know I have them?” Because even okay software has to work with terrible software. The number of people whose job it is to make software secure can practically fit in a large bar, and I’ve watched them drink. It’s not comforting. It isn’t a matter of if you get owned, only a matter of when.

This is a thing that actually happened several years ago. To get rid of a complaining message from another piece of software, a Debian developer just commented out a line of code without realizing that it left their encryption open to easy attack (https://www.xkcd.com/424/)

Look at it this way — every time you get a security update (seems almost daily on my Linux box), whatever is getting updated has been broken, lying there vulnerable, for who-knows-how-long. Sometimes days, sometimes years. Nobody really advertises that part of updates. People say “You should apply this, it’s a critical patch!” and leave off the “…because the developers fucked up so badly your children’s identities are probably being sold to the Estonian Mafia by smack addicted script kiddies right now.”

The really bad bugs (and who knows which ones those are when they click the “Restart Later” button?) can get swept up by hackers, governments, and other horrors of the net that are scanning for versions of software they know they can exploit. Any computer that shows up in a scan saying “Hey! Me! I’m vulnerable!” can become part of a botnet, along with thousands, or hundreds of thousands of other computers. Often zombied computers get owned again and become part of yet another botnet. Some botnets patch computers to throw out the other botnets so they don’t have to share you with other hackers. How can you tell if this is happening? You can’t! Have fun wondering if you’re getting your online life rented out by the hour!

Next time you think your grandma is uncool, give her credit for her time helping dangerous Russian criminals extort money from offshore casinos with DDoS attacks.

Recently an anonymous hacker wrote a script that took over embedded Linux devices. These owned computers scanned the whole rest of the internet and created a survey. The little hacked boxes reported their data back (a full 10 TBs) and quietly deactivated the hack. It was a sweet and useful example of someone who hacked the planet to shit. If that malware had actually been malicious, we would have been so fucked.

This is because all computers are reliably this bad: the ones in hospitals and governments and banks, the ones in your phone, the ones that control light switches and smart meters and air traffic control systems. Industrial computers that maintain infrastructure and manufacturing are even worse. I don’t know all the details, but those who do are the most alcoholic and nihilistic people in computer security. Another friend of mine accidentally shut down a factory with a malformed ping at the beginning of a pen test. For those of you who don’t know, a ping is just about the smallest request you can send to another computer on the network. It took them a day to turn everything back on.

Computer experts like to pretend they use a whole different, more awesome class of software that they understand, that is made of shiny mathematical perfection and whose interfaces happen to have been shat out of the business end of choleric donkey. This is a lie. The main form of security this offers is through obscurity — so few people can use this software that there’s no point in building tools to attack it. Unless, like the NSA, you want to take over sysadmins.

A well written encrypted chat, what could go wrong?
Let’s take an example computer experts like to stare down their noses at normal people for not using: OTR. OTR, or Off The Record messaging, sneaks a layer of encryption inside normal plain text instant messaging. It’s like you got on AIM or Jabber or whatever and talked in code, except the computer is making the code for you. OTR is clever and solid, it’s been examined carefully, and we’re fairly sure it hasn’t got any of those nasty 0days.

Except, OTR isn’t a program you use, as such.
There is a standard for OTR software, and a library, but it doesn’t do anything on its own. It gets implemented in software for normal human shlubs to use by other by normal human shlubs. By now, you know this ends in tears.

The main thing that uses OTR is another piece of software that uses a library called libpurple. If you want to see infosec snobs look as distressed as the donkeys that shit out their interfaces, bring up libpurple. Libpurple was written in a programming language called C.

C is good for two things: being beautiful and creating catastrophic 0days in memory management.

Heartbleed, the bug that affected the world over, leaking password and encryption keys and who knows what? Classic gorgeous C.

Libpurple was written by people who wanted their open source chat client to talk to every kind of instant messaging system in the world, and didn’t give a shit about security or encryption. Security people who have examined the code have said there are so many possible ways to exploit libpurple there is probably no point in patching it. It needs to be thrown out and rewritten from scratch. Let me be clear, these aren’t bugs that let someone read your encrypted messages, they are bugs that let someone take over your whole computer, see everything you type or read and probably watch you pick your nose on your webcam.

This lovely tool, OTR, sits on top of libpurple on most systems that use it. Let me make something clear, because even some geeks don’t get this: it doesn’t matter how good your encryption is if your attacker can just read your data off the screen with you, and I promise they can. They may or may not know how to yet, but they can. There are a hundred libpurples on your computer: little pieces of software written on a budget with unrealistic deadlines by people who didn’t know or didn’t care about keeping the rest of your system secure.

Any one of these little bugs will do when it comes to taking over everything else on your computer. So we update and update, and maybe that throws any intruders out, and maybe it doesn’t. No one knows!

When we tell you to apply updates we are not telling you to mend your ship. We are telling you to keep bailing before the water gets to your neck.
To step back a bit from this scene of horror and mayhem, let me say that things are better than they used to be. We have tools that we didn’t in the 1990s, like sandboxing, that keep the idiotically written programs where they can’t do as much harm. (Sandboxing keeps a program in an artificially small part of the computer, cutting it off from all the other little programs, or cleaning up anything it tries to do before anything else sees it.)

Certain whole classes of terrible bugs have been sent the way of smallpox. Security is taken more seriously than ever before, and there’s a network of people responding to malware around the clock. But they can’t really keep up. The ecosystem of these problems is so much bigger than it was even ten years ago that it’s hard to feel like we’re making progress.

People, as well, are broken.

“I trust you…” was my least favorite thing to hear from my sources in Anonymous. Inevitably it was followed by some piece of information they shouldn’t have been telling me. It is the most natural and human thing to share with something personal with people that we are connecting to. But in exasperation I kept trying to remind Anons they were connecting to a computer, relaying though countless servers, switches, routers, cables, wireless links, and finally to my highly targeted computer, before they were connecting to another human being. All of this was happening in the time it takes one person to draw in a deep, committal breath. It’s obvious to say, but bears repeating: humans were not built to think this way.

Everyone fails to use software correctly. Absolutely everyone, ever, fucks up. OTR doesn’t encrypt until after the first message, a fact that leading security professionals and hackers subject to 20-country manhunts consistently forget. Managing all the encryption and decryption keys you need to keep your data safe across multiple devices, sites, and accounts is theoretically possible, in the same way performing an appendectomy on yourself is theoretically possible. This one guy did it once in Antarctica, why can’t you?

Every malware expert I know has lost track of what some file is, clicked on it to see, and then realized they’d executed some malware they were supposed to be examining. I know this because I did it once with a PDF I knew had something bad in it. My friends laughed at me, then all quietly confessed they’d done the same thing. If some of the best malware reversers around can’t keep track of their malicious files, what hope do your parents have against that e-card that is allegedly from you?

Executable mail attachments (which includes things like Word, Excel, and PDFs) you get just about everyday could be from anyone — people can write anything they want in that From: field of emails, and any of those attachments could take over you computer as handily as an 0day. This is probably how your grandmother ended up working for Russian criminals, and why your competitors anticipate all your product plans. But if you refuse to open attachments you aren’t going to be able to keep an office job in the modern world. There’s your choice: constantly risk clicking on dangerous malware, or live under an overpass, leaving notes on the lawn of your former house telling your children you love them and miss them.

Security and privacy experts harangue the public about metadata and networked sharing, but keeping track of these things is about as natural as doing blood panels on yourself every morning, and about as easy. The risks on a societal level from giving up our privacy are terrible. Yet the consequences of not doing so on an individual basis are immediately crippling. The whole thing is a shitty battle of attrition between what we all want for ourselves and our families and the ways we need community to survive as humans — a Mexican stand off monetized by corporations and monitored by governments.

I live in this stuff, and I’m no better. Once when I had to step through a process to verify myself to a secretive source. I had to take a series of pictures showing my location and the date. I uploaded them, and was allowed to proceed with my interview. It turns out none of my verification had come through, because I’d failed to let the upload complete before nervously shutting down my computer. “Why did you let me through?” I asked the source. “Because only you would have been that stupid,” my source told me.

Touché.

But if I can’t do this, as a relatively well trained adult who pays attention to these issues all the damn time, what chance do people with real jobs and real lives have?

In the end, it’s culture that’s broken.
A few years ago, I went to several well respected people who work in privacy and security software and asked them a question.

First, I had to explain something:

“Most of the world does not have install privileges on the computer they are using.”
That is, most people using a computer in the world don’t own the computer they are using. Whether it’s in a cafe, or school, or work, for a huge portion of the world, installing a desktop application isn’t a straightforward option. Every week or two, I was being contacted by people desperate for better security and privacy options, and I would try to help them. I’d start, “Download th…” and then we’d stop. The next thing people would tell me they couldn’t install software on their computers. Usually this was because an IT department somewhere was limiting their rights as a part of managing a network. These people needed tools that worked with what they had access to, mostly a browser.

So the question I put to hackers, cryptographers, security experts, programmers, and so on was this: What’s the best option for people who can’t download new software to their machines? The answer was unanimous: nothing. They have no options. They are better off talking in plaintext I was told, “so they don’t have a false sense of security.” Since they don’t have access to better software, I was told, they shouldn’t do anything that might upset the people watching them. But, I explained, these are the activists, organizers, and journalists around the world dealing with governments and corporations and criminals that do real harm, the people in real danger. Then they should buy themselves computers, I was told.

That was it, that was the answer: be rich enough to buy your own computer, or literally drop dead. I told people that wasn’t good enough, got vilified in a few inconsequential Twitter fights, and moved on.

Not long after, I realized where the disconnect was. I went back to the same experts and explained: in the wild, in really dangerous situations — even when people are being hunted by men with guns — when encryption and security fails, no one stops talking. They just hope they don’t get caught.

The same human impulse that has kept lotteries alive for thousands of years keeps people fighting the man against the long odds. “Maybe I’ll get away with it, might as well try!”

As for self-censoring their conversations in the face of hostile infrastructure, non-technical activists are just as good at it as Anons are, or people told to worry about metadata, or social media sharing, or that first message before OTR encryption kicks in. They blow.

This conversation was a wake-up call for some security people who hadn’t realized that people who become activists and journalists routinely do risky things. Some of them joined my side of the time-wasting inconsequential Twitter fights, realizing that something, even something imperfect, might be better than nothing. But many in the security scene are still waiting for a perfect world into which to deploy their perfect code.

Then there’s the Intelligence Community, who call themselves the IC. We might like it if they stopped spying on everyone all the time, while they would like us to stop whining about it.

After spending some time with them, I am pretty sure I understand why they don’t care about the complaining. The IC are some of the most surveilled humans in history. They know everything they do is gone over with a fine-toothed comb — by their peers, their bosses, their lawyers, other agencies, the president, and sometimes Congress. They live watched, and they don’t complain about it.

In all the calls for increased oversight, the basics of human nature gets neglected. You’re not going to teach the spooks this is wrong by doing it to them more.

There will always be loopholes and as long as loopholes exist or can be constructed or construed, surveillance will be as prevalent as it possibly can be. Humans are mostly egocentric creatures. Spooks, being humans, are never going to know why living without privacy is bad as long as they are doing it.

Yet that’s the lesser problem. The cultural catastrophe is what they’re doing to make their job of spying on everyone easier. The most disturbing parts of the revelations are the 0day market, exploit hoarding, and weakening of standards. The question is who gets to be part of the “we” that are being kept allegedly safe by all this exploiting and listening and decrypting and profiling. When they attacked Natanz with Stuxnet and left all the other nuclear facilities vulnerable, we were quietly put on notice that the “we” in question began and ended with the IC itself. That’s the greatest danger.

When the IC or the DOD or the Executive branch are the only true Americans, and the rest of us are subordinate Americans, or worse the non-people that aren’t associated with America, then we can only become lesser people as time goes on.
As our desires conflict with the IC, we become less and less worthy of rights and considerations in the eyes of the IC. When the NSA hoards exploits and interferes with cryptographic protection for our infrastructure, it means using exploits against people who aren’t part of the NSA just don’t count as much. Securing us comes after securing themselves.

In theory, the reason we’re so nice to soldiers, that we have customs around honoring and thanking them, is that they’re supposed to be sacrificing themselves for the good of the people. In the case of the NSA, this has been reversed. Our wellbeing is sacrificed to make their job of monitoring the world easier. When this is part of the culture of power, it is well on its way to being capable of any abuse.

But the biggest of all the cultural problems still lies with the one group I haven’t taken to task yet — the normal people living their lives under all this insanity.

The problem with the normals and tech is the same as the problem with the normals and politics, or society in general. People believe they are powerless and alone, but the only thing that keeps people powerless and alone is that same belief. People, working together, are immensely and terrifyingly powerful.

There is certainly a limit to what an organized movement of people who share a mutual dream can do, but we haven’t found it yet.
Facebook and Google seem very powerful, but they live about a week from total ruin all the time. They know the cost of leaving social networks individually is high, but en masse, becomes next to nothing. Windows could be replaced with something better written. The US government would fall to a general revolt in a matter of days. It wouldn’t take a total defection or a general revolt to change everything, because corporations and governments would rather bend to demands than die. These entities do everything they can get away with — but we’ve forgotten that we’re the ones that are letting them get away with things.

Computers don’t serve the needs of both privacy and coordination not because it’s somehow mathematically impossible. There are plenty of schemes that could federate or safely encrypt our data, plenty of ways we could regain privacy and make our computers work better by default. It isn’t happening now because we haven’t demanded that it should, not because no one is clever enough to make that happen.

So yes, the geeks and the executives and the agents and the military have fucked the world. But in the end, it’s the job of the people, working together, to unfuck it.
https://medium.com/message/81e5f33a24e1

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

May 17th, May 10th, May 3rd, April 26th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is online now   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 05:21 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)