P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 18-10-17, 06:37 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - October 21st, ’17

Since 2002


































"Even a VPN won’t help you if you don’t have an internet connection in the first place." – Edward McAllister






































October 21st, 2017




Netflix, Amazon, Movie Studios Sue Over TickBox Streaming Device

TickBox TV says it's a "100% legal" directory of everything ever made.
Joe Mullin

Movie studios, Netflix, and Amazon have banded together to file a first-of-its-kind copyright lawsuit against a streaming media player called TickBox TV.

The complaint, filed Friday, says the TickBox devices are nothing more than "tool[s] for mass infringement," which operate by grabbing pirated video streams from the Internet. The lawsuit was filed by Amazon and Netflix Studios, along with six big movie studios that make up the Motion Picture Association of America: Universal, Columbia, Disney, Paramount, 20th Century Fox, and Warner Bros.

"What TickBox actually sells is nothing less than illegal access to Plaintiffs' copyrighted content," write the plaintiffs' lawyers. "TickBox TV uses software to link TickBox's customers to infringing content on the Internet. When those customers use TickBox TV as Defendant intends and instructs, they have nearly instantaneous access to multiple sources that stream Plaintiffs' Copyrighted Works without authorization."

The device's marketing materials let users know the box is meant to replace paid-for content, with "a wink and a nod," by predicting that prospective customers who currently pay for Amazon Video, Netflix, or Hulu will find that "you no longer need those subscriptions."

The lawsuit shows that Amazon and Netflix, two Internet companies that are relatively new to the entertainment business, are more than willing to join together with movie studios to go after businesses that grab their content.

TickBox is powered by Android 6.0, along with Kodi, an open source media player software. The box doesn't host any content but rather searches the Internet for streams that it can make available to users.

User searches for copyrighted content on a TickBox will lead to unauthorized pirate streams. The MPAA makes that point in the complaint, which describes how it was easy to find a stream of the movie War for the Planet of the Apes in September 2017. The movie wasn't authorized for in-home viewing of any kind at that time.

A TickBox TV customer could simply select the "In Theaters" category and be presented with a variety of movies that aren't authorized for in-home viewing of any kind. As the complaint explains, the user is then presented with a variety of current 2017 releases, including Fox's War for the Planet of the Apes, the third listed title. On September 11, 2017, 44 pirated streams of the movie were available to TickBox users, even though Fox had not authorized the movie for in-home viewing of any kind.

“Every movie and TV series”

If TickBox actually were to step up and defend this lawsuit, it would be an interesting battle in the copyright wars. In a way, it's just the newest iteration in a long line of technology products that can be used for infringing or non-infringing purposes. One can get a sense of TickBox's defense by reading even the first few lines of text on its website, which loudly proclaim the product's legality.

"Tickbox TV is legal," the site's front-page Q&A reads. "Tickbox TV is only a directory or library of content which is hosted by third parties on the internet... it does not download anything. Tickbox TV does not condone parties who pirate or download copyrighted media and this box is not to be used for such purposes. Tickbox TV is 100% legal. It is legal to stream content. It is illegal to download copy written material." (Emphasis in original.)

Further down, the Q&A asks: "What TV shows and movies can I see for free?" The answer:

You can see almost every movie and TV series ever made. You can even access movies and shows that are still on Demand and episodes of TV that were just aired. You will never pay to watch any of them.

Since the beginning of the Internet era, using a "see no evil, hear no evil" defense to copyright infringement allegations has rarely worked out in court. Copyright holders have successfully argued that even content-neutral services, like Grokster and search engines like TorrentSpy, were "inducing" copyright infringement based on things like their marketing materials. Link sites and cyberlockers have also tried versions of the same defense, basically arguing that they're just searching out whatever's out there online hosted by someone else. It hasn't worked.

The few facts laid out in the complaint and on Tickbox's website don't look promising for the company's defense. Tickbox software advertises, and apparently curates, an "In Theaters" category that includes mostly (likely all) content that's not authorized for free Internet streaming. It specifically suggests customers can drop subscriptions to pay services like Netflix, which doesn't authorize any of its content to be streamed by non-customers.

Tickbox's instructional video page even shows someone, presumably an owner or founder, searching for and accessing an HD stream of a movie, Gold with Matthew McConaughey. The video narrator even points out that the film is still in theaters at the time the video is made. Another instructional video walks a user through how to access an episode of Modern Family—a TV show owned by ABC, a division of Disney, one of the plaintiffs in the case.

Murky ownership

It's unlikely that the Tickbox case will test the boundaries of secondary liability in copyright law, though—or that the company will be able to mount any kind of serious defense to the MPAA's legal onslaught. The company is run out of a small office in an Atlanta suburb, and its ownership is unclear. Some of the company's instructional setup videos look like they were shot in a few minutes on someone's cell phone.

I put in a call to Tickbox's support line, which is the company's only public phone number, and reached a call center in Costa Rica. I explained that I was a reporter working on a story about Tickbox. I asked for contact information for the main office or for anyone at the company authorized to speak to a journalist.

"We don't have that number," the customer service worker told me after putting me on hold for a few minutes. "I wouldn't be able to provide you with anyone."

Tickbox TV support also didn't respond to an e-mail seeking comment.

Georgia corporate filings show that Tickbox's initial paperwork was filed by Jeffrey Goldstein, but a 2017 amendment states that Carrla Goldstein "is the 100% owner and manager and organizer of TICKBOXTV LLC."

Another Georgia company in the video-streaming business, Sidetick TV, resides at the same address. Sidetick seems to have been a Roku channel at one point and had a poorly rated Google App. Today, the company's Facebook page promotes Tickbox. Sidetick's corporate papers name Jon Goldstein and Jeff Goldstein as officials.

None of the people listed on corporate paperwork for Sidetick or Tickbox could be reached for comment.
https://arstechnica.com/tech-policy/...tv-for-piracy/





Verizon Loses 18,000 Pay TV Subs, Signals Delay for Live TV Streaming Service
Georg Szalai

The telecom giant, which earlier in the year closed its acquisition of Yahoo, provides updates on a planned online TV service and possible content deals.

Telecom giant Verizon on Thursday reported that its FiOS video service lost 18,000 net pay TV subscribers in the third quarter, compared with the addition of 36,000 subscribers in the year-ago period and a 15,000 subscriber drop in the second quarter.

The company said the drop in the latest quarter was "reflecting the ongoing shift from traditional linear video to over-the-top offerings." Verizon, led by chairman and CEO Lowell McAdam, ended the third quarter with a total of 4.6 million subscribers to its FiOS video service, which competes with cable and satellite TV companies.

Verizon earlier this year closed its acquisition of Yahoo to form, together with AOL, its new Oath unit. Oath expects to realize more than $1 billion in operating expense synergies through 2020, the company has said.

Verizon, after previously acquiring AOL and Millennial Media and last year launching millennials-focused mobile video service Go90, has said millennials remain a core focus for the company. It also previously acquired a stake in AwesomenessTV and partnered with Hearst to jointly acquire male-focused media company Complex.

Verizon CFO Matt Ellis was, on Thursday's earnings conference call, asked about recent McAdam comments about a planned big content partnership after T-Mobile unveiled one with Netflix. "Now we’re putting together some content deals that we like that will not only play across the Oath assets but play across mobile and play across FiOS as well," McAdam had said. "We are continuing to work that particular transaction," which has progressed more slowly than thought, Ellis said Thursday.

Asked about a planned over-the-top (OTT) TV service from Verizon, Ellis said that the company continues to feel that "there’s an opportunity for us to play,” but signaling a delay, he emphasized that the company “doesn’t want to launch a me-too product."

He didn't provide any guidance on when the OTT service would launch, saying that was still "TBD" (to be determined), or what content it could offer beyond saying it was likely to be built "around live programming."

When questioned about the planned combination of Sprint and T-Mobile U.S., Ellis said he wouldn't comment "on other people’s business," but reiterated that Verizon feels that “we have the right set of assets to compete."

Verizon also reported Thursday that it added 66,000 net new FiOS broadband connections in the third quarter to end it with 5.8 million.

Verizon reported quarterly earnings of 89 cents per share, in line with the year-ago result, or 98 cents per share on an adjusted basis on revenue of $31.7 billion, up 2.5 percent.
http://www.hollywoodreporter.com/new...uarter-1050305





Denuvo’s DRM Now Being Cracked Within Hours of Release

Best-in-class service can't even provide a full day of protection these days.
Kyle Orland

When we last checked in on the state of Denuvo copy protection in PC games, the latest version of the best-in-class DRM provider had provided about a month's worth of usable piracy prevention for survival-horror title 2Dark. Fast forward to the current holiday season, and major Denuvo releases are being publicly cracked within a day of their launch. We're certainly a long way away from the days when major cracking groups were publicly musing that Denuvo-style DRM might soon become unbeatable.

This week's release of South Park: The Fractured but Whole is the latest to see its protections broken less than 24 hours after its release, but it's not alone. Middle Earth: Shadow of War was broken within a day last week, and last month saw cracks for Total War: Warhammer 2 and FIFA 18 the very same day as their public release. Then there's The Evil Within 2, which reportedly used Denuvo in prerelease review copies but then launched without that protection last week, effectively ceding the game to immediate potential piracy.

Those nearly instant Denuvo cracks follow summer releases like Sonic Mania, Tekken 7, and Prey, all of which saw DRM protection cracked within four to nine days of release. But even that small difference in the "uncracked" protection window can be important for game publishers, who usually see a large proportion of their legitimate sales in those first few days of availability. The presence of an easy-to-find cracked version in that launch window (or lack thereof) could have a significant effect on the initial sales momentum for a big release.

That's pretty much the argument Denuvo itself made after Resident Evil 7 was cracked in less than a week back in January. "Given the fact that every unprotected title is cracked on the day of release—as well as every update of games—our solution made a difference for this title," Denuvo Marketing Director Thomas Goebl told Eurogamer in the wake of that crack.

"Our goal is to keep each title safe from piracy during the crucial initial sales window when most of the sales are made," Denuvo VP of Sales Robert Hernandez added in a statement to Ars.

If Denuvo can no longer provide even a single full day of protection from cracks, though, that protection is going to look a lot less valuable to publishers. But that doesn't mean Denuvo will stay effectively useless forever. The company has updated its DRM protection methods with a number of "variants" since its rollout in 2014, and chatter in the cracking community indicates a revamped "version 5" will launch any day now. That might give publishers a little more breathing room where their games can exist uncracked and force the crackers back to the drawing board for another round of the never-ending DRM battle.
https://arstechnica.com/gaming/2017/...rs-of-release/





Many Patent-Holders Stop Looking to East Texas Following Supreme Court Ruling

Can Delaware handle the incoming caseload?
Joe Mullin

New lawsuits are down—way down—in the mostly rural district that was once the national hotspot for patent disputes.

For several years, the Eastern District of Texas hosted more patent lawsuits than any other judicial district in the country. Last year, East Texas saw more patent lawsuits filed than the next four judicial districts combined. But in May, the Supreme Court sharply limited where patent owners can choose to file their lawsuits, in a case called TC Heartland. That's leading to a sharp change in the geography of patent litigation.

Statistics published today by the IP litigation research company Lex Machina show the dramatic effect the decision has had on the legal landscape. Lex Machina compared patent filings in the 90 days before the TC Heartland decision came down on May 22 to the 90-day period directly after the decision. The company found that the two top districts, Eastern Texas and the District of Delaware, changed places.

In the 90 days before TC Heartland, 377 patent lawsuits were filed in the Eastern District of Texas. After TC Heartland, just 129 cases were filed in a similar period. That represents a more than 60-percent drop-off in new filings.

Much of that litigation seems to have moved to Delaware, where many national firms are incorporated due to favorable tax laws. Delaware's single judicial district had 153 patent lawsuits in the period before TC Heartland, but that shot up to 263 lawsuits in the period after the decision.

TC Heartland allows a company to be sued for patent infringement where it "resides," which is typically the state in which the company is incorporated—hence, all the lawsuits in Delaware, which was already a fairly popular venue. Alternatively, a company can be sued in a district in which it has a "regular and established place of business."

The trend seems likely to continue, given a recent case called In re: Cray Inc., in which an appeals court clarified how TC Heartland must be applied. In that case, a federal judge ruled that a case against supercomputer manufacturer Cray could be kept in East Texas because the company employed a single work-from-home employee in the district. The top patent appeals court sharply disagreed, though, and overturned that decision, forcing the Cray case out of East Texas.

"The patterns we're seeing are changing dramatically, and the double-digit dominance of East Texas is gone," said Brian Howard, Lex Machina's data scientist, in an interview with Ars.

East Texas was initially an attractive venue because it offered fast times to trial. However, that later became eclipsed by other factors, which were particularly attractive to the types of plaintiffs called "non-practicing entities" or, pejoratively, "patent trolls." Judges there rarely granted summary judgment to defendants. Even after the Supreme Court's Alice decision banned "do it on a computer"-type patents, East Texas was reluctant to throw out patents under Alice.

While the moving out of Texas trend will continue, there are a few important things to watch. First, will Delaware become overwhelmed? The district has been short on judges for years, and a gridlocked Congress is unlikely to agree on replacements quickly.

"If they can't grind through the cases, I don't know to what extent that would be perceived as a good venue," Howard said. "Some other district could position itself to offer at least the appearance of more speed."

Now that In re: Cray has established a new status quo, another thing to watch is what lengths companies might go to in order to avoid disfavored districts. Apple, for instance, maintains just a single retail store in the state of Delaware. In August, a judge held that was enough to force the California company to face a patent lawsuit in that state.

"If I were Apple, I'd be taking a serious look at how much that store brings in," Howard said.

Apple also has stores in Frisco and Plano, two cities north of Dallas that are within the boundaries of the Eastern District of Texas.

Lex Machina also released general statistics about litigation trends in 2017's third quarter. The company found 995 cases were filed nationwide, which reflects a steady slowdown that has happened since litigation peaked in 2013. A spike in late 2015 was caused by a rush of companies seeking to file lawsuits before Congress ended Form 18, requiring plaintiffs to disclose more information before they filed suit.

While the decline of NPE litigation is discernible, especially in the past year, Howard described it as "lumpy," since just a few companies can cause a big upswing in litigation.

"There are a lot of high-volume plaintiffs," Howard said. "If one of them files 60 cases in a day, that's a spike all its own."
https://arstechnica.com/tech-policy/...an-60-percent/





Setting the Record Straight on FM Radio in iPhones
Sam Matheny

In recent months, the Southeast U.S., Puerto Rico and the U.S. Virgin Islands have been pummeled by Hurricanes Harvey, Irma, and Maria. The wildfires in California have been equally devastating. These storms and fires have wreaked havoc on communications networks and challenged public safety officials’ ability to get lifeline information to affected residents.

At a time when many Americans have come to rely on their smartphones, massive cellular outages were suffered from Texas to Florida on an even greater scale than in Superstorm Sandy five years ago, and California has also suffered major outages in key locations. In Puerto Rico and the Virgin Islands, it may take weeks and even months to fully restore cellular service because of the damage to the electric grid. This has been a painful reminder of the need for a redundant and pervasive communications infrastructure, especially in times of disaster and emergency.

Radio, television, cellular, satellite, and other communications networks all have a role to play in a crisis. In the wake of these storms, a passionate discussion about activating FM radio in smartphones – and, specifically, Apple’s iPhone – has emerged. This discussion was started by those most impacted by Irma when the South Florida Sun-Sentinel editorialized on the issue and Senator Bill Nelson of Florida called for activating FM chips in smartphones. FCC Chairman Ajit Pai also issued a public statement calling for Apple to activate FM chips to promote public safety and FCC Commissioner Jessica Rosenworcel also weighed in with her support.

There has been a good bit of technical back and forth since these calls to “light up the chip,” and this is my effort to try and set the record straight.

Here is the BLUF – Bottom Line Up Front

Apple has built and offered a wonderful FM app in their iPod Nano for many years. They know how to make FM work, and work well, in their mobile devices. Apple even wrote its own Nano app that allows the user to pause live radio and buffer up to 15 minutes of content.

However, Apple has specifically chosen not to offer this functionality in their iPhone. Indeed, Apple has disabled FM chips despite the capability being available on the communications module within the iPhone. This means other app developers cannot offer FM apps either.

Apple CEO Tim Cook hails from Mobile, Alabama and attended Auburn University. Mobile has been impacted by at least 10 different hurricanes since 1969 and that was prior to Nate, which brought a nearly six-foot storm surge and flooding, so I have to believe Mr. Cook has a personal appreciation for the damage these storms can inflict. We invite him and Apple to reconsider activating FM radio in iPhones, and we stand ready to work together to enable this important service.

Here are the details

FM capability is in the iPhone

Tear-down reports from multiple research firms indicate the iPhone has long used a communications module that supports three key wireless networks: WiFi, Bluetooth, and FM radio. NAB has been commissioning tear-down reports from ABI Research on the top-selling smartphones since 2012. In the last report we received, the iPhone was the only such smartphone that did not have FM activated on at least one major U.S. carrier.

Apple deliberately disables FM

Apple has chosen to only use the WiFi and Bluetooth aspects of the communications module. They have admitted as much for all phones through the iPhone 6 series, at which point they claim FM capability was removed from the 7 series and 8 series. Yet, tear-down reports indicate the iPhone 8 contains the same 4357 chip family, which manufacturer Broadcom clearly states includes an integrated FM radio core. You can check out these independent tear-down reports:

TechInsights iPhone 8 tear-down report
iFixIt iPhone 8 tear-down
EE Times iPhone 8 tear-down
Barron’s iPhone 8 tear-down
Gigazine iPhone 8 tear-down

Apple purposefully does not connect the antenna

While the communications module has FM capability, it must also have access to an antenna to receive this signal. This is commonly done via the wire for your headphones. Again, Apple enables the antenna for the Nano, so it has the experience and expertise to make FM radio capability work. And from a competitive standpoint, other manufacturers of best-selling smartphones such as Samsung, LG, and HTC have enabled FM radio reception in the U.S. and around the world.

This is a global issue

FM radio is a global standard in much the same way as WiFi and Bluetooth are. That is one of the reasons why chip manufacturers combine all three capabilities into a single module. It can and should be activated everywhere. Apple creates global product SKUs for their products, so it fits very well with their production model. Other smartphone manufacturers are doing this as well.

This is not NAB vs Apple

Various media outlets, politicians, and regulators raised the issue in the wake of the recent hurricanes. We are certainly an interested party and we believe Apple and their customers would benefit from “lighting up the chips” in future iPhones. NAB is not alone – national and international bodies, governments, and institutions share our belief in the importance of activated FM radio chips in smartphones:

International Telecommunications Union
Mexico’s Federal Telecommunications Institute
Former FEMA Administrator Craig Fugate
CSRIC V Report

Apple’s ‘know-how’

Apple is a very successful company, and as evidenced by its Nano product, it knows how to do FM radio well. Activating the FM capabilities in their phones would be simple for them to accomplish if they wanted to, and I believe it would be supported by consumers.

Here is why it matters

• People turn to radio in times of crises. In the days following Hurricane Harvey, NextRadio, the popular FM radio application on Android smartphones, saw a 160% increase in listening.
• During Irma, NextRadio usage was even higher. In the Fort Myers area alone, listenership was up 1,127% from the average day.
• In Puerto Rico, there continues to be widespread cellular service following the storm, leaving many residents without access to vital information.
• The Japanese communications ministry reports that radio was the number one source for news the day of the Japanese earthquake and tsunami.
• FM radio consumes approximately five-times less battery than streaming, so it is very battery friendly, which is especially important in times of long power outages and poor communication.
• FM radio in smartphones is free and available to everyone, regardless of their data plan.
• FEMA has designated radio stations that operate especially hardened transmission facilities as the primary source of initial emergency information so they can be the lifeline service that everyone can depend on.
• During the California wildfires, there have been reports about widespread problems with the wireless emergency alert (WEA) system for mobile devices, which has left many residents without critical information about fast-approaching danger.

Bottom line

NAB welcomes the opportunity to collaborate with Apple, even though Apple doesn’t need our help from an engineering perspective. Apple’s iPhone is a phenomenal device and does so many things well. We hope they recognize that activating the FM capability would make it even better for all of their customers around the world.
https://blog.nab.org/2017/10/18/sett...io-in-iphones/





The New MacBook Keyboard is Ruining My Life

It’s so bad
Casey Johnston

I was in the Grand Central Station Apple Store for a third time in a year, watching a progress bar slowly creep across my computer's black screen as my Genius multi-tasked helping another customer with her iPad. My computer was getting its third diagnostic test in 45 minutes. The problem was not that its logic board was failing, that its battery was dying, or that its camera didn't respond. There were no mysteriously faulty innerworkings. It was the spacebar. It was broken. And not even physically broken — it still moved and acted normally. But every time I pressed it once, it spaced twice.

“Maybe it's a piece of dust,” the Genius had offered. The previous times I'd been to the Apple Store for the same computer with the same problem — a misbehaving keyboard — Geniuses had said to me these exact same nonchalant words, and I had been stunned into silence, the first time because it seemed so improbable to blame such a core problem on such a small thing, and the second time because I couldn't believe the first time I was hearing this line that it was not a fluke. But this time, the third time, I was ready. “Hold on,” I said. “If a single piece of dust lays the whole computer out, don't you think that's kind of a problem?”

In every other computer I've owned before I bought the latest MacBook Pro last fall, fixing this would have begun by removing the key and peering around in its well to see if it was simply dirty. Not this keyboard. In fact, all of Apple's keyboards are now composed of a single, irreparable piece of technology. There is no fixing it; there is only replacing half the computer.

The Genius shrugged empathetically. He cast around and pointed to a nearby pre-2015 MacBook Pro with relatively thicker keys. "I have one of those," he said apologetically. Though Apple employees receive significant yearly discounts on computers, and this was the first significant redesign of the MacBook Pro’s body in eight years, he had chosen not to buy one of the new ones, even a year later.

Apple is one of very few technology companies that has tried to improve, so to speak, upon the notebook or laptop keyboard. Consumer computer keyboards in the 80s, like the IBM Model M, were very chunky and mechanical, with thick plastic keys and buckling spring mechanisms. In laptops, companies started to use "scissor switches," crossed pieces of plastic that hold the switch up, because they took up less space than mechanisms like rubber domes (when you pop a key off and there's a tiny plastic nipple sticking up, that’s a rubber dome). Scissor switches, with their more closed design, are supposed to help prevent dirt and debris from getting under the keys and, by extension, into the rest of the computer; they also take up less space, which is nice for a computer meant to be carried around. The tradeoff for enhanced hygiene and the slimmer profile is that scissor-switch keys are more difficult to separate from their base than rubber-domed ones, but it's not impossible.

Butterfly switches, which are now used on Apple laptop keyboards, are scissor switches taken to the extreme. They still prop up the keys with two intersecting pieces of plastic, but their profile is so low that the key barely “travels” at all (that is, the difference between a key doing nothing and a key being pressed is maybe a millimeter or two, as opposed to a few millimeters for a scissor switch one and the better part of an inch for a mechanical one). True to the name, butterfly switches are also extremely delicate, held in place by four tiny threads of brittle plastic, each no more than an insect leg in size and durability.

The primary motivator behind the rise of the butterfly switch seems to be that Apple keeps trying to make all its products thinner, to a degree beyond reason at this point (MacBook Pros now weigh as little as three pounds). But it also stands to reason Apple's logic went something like this: scissor switch = lower profile = less dirt under the keys; therefore butterfly switch = even lower profile = even less dirt under the keys, and a better keyboard for everyone, theoretically, except for people who like the feeling of a key moving under their fingers or, as it’s also called, typing.

Unfortunately for Apple, this turned out to be many people. The first generation of the butterfly keyboards arrived on the 12-inch MacBooks released in 2015; they were criticized for the virtually non-existent key travel and typing that felt like slapping your fingers on a vinyl counter (Wired: “There’s something wonderful about hitting a key and having something happen. That feeling gets lost here”). The MacBook Pros released in 2016 are said to have second-generation butterfly switches, which are raised ever so slightly more than the first generation giving them approximately one micrometer more travel.

Perhaps it’s true that less dirt gets under butterfly switched-keys. But therein lies the problem — when dirt does get in, it cannot get out. A piece of dust is capable of rendering a butterfly switch nonfunctional. The key won't click, and it won’t register whatever command it’s supposed to be typing. It’s effectively dead until someone can either shake loose the debris trapped under it or blow at the upside-down keyboard Nintendo-cartridge style. Meanwhile, Apple quietly put up a page with instructions expressly to try and help people with dead butterfly switch keys.

The problem with dead keys is that, unless you can stop what you're doing mid-paper or report or email or game and have a physical tiff with your computer, the temptation to just slam a little harder on those delicate keys to get the N or B or period you need until you reach a stopping place is high. But there is no logical at-home remedy for the consumer; when one key on a butterfly switched-keyboard becomes nonfunctional, unless you can dislodge whatever dust or crumb is messing it up without being able to physically access it, the keyboard is effectively broken. If you remove the key to try and clean under it, you stand a high chance of breaking it permanently, but if you leave it there and continue to have to pound the key to type one measly letter, you also might break it permanently. A single piece of dust can literally fuck you over.

It’s unclear how big of a problem butterfly switch keyboards are. Apple forums are overflowing with reports of Geniuses who have told customers that Apple is “collecting data” on the issue. One corporate issuer of the MacBook Pros in question reported to me that its business has encountered a significant number of keyboard issues, but “less than 5% for sure.” Another Genius explained to me that he had seen an overwhelming number of the computers with keyboard issues, the spacebar in particular — while some keys can be very delicately removed, the spacebar breaks every single time anyone, including a professional, tries to remove it. This is a big problem, since, according to the Genius I spoke to, it’s the key most susceptible to acting up from the aforementioned piece of dust. “I would say it’s THE issue on this computer,” he told me. (Apple declined to comment.)

If a computer with actually broken, dead, or malfunctioning keys is brought into the Apple Store, Geniuses run no fewer than three diagnostic tests that each take about 15 minutes. One involves the Genius pressing every single key on the keyboard to see if the switch is responsive, a test I am told was added in response to the sheer number of keyboards coming back broken. The process takes an hour.

If Apple decides to replace the keyboard, it sends out the computer to replace the entire top case; there is no such thing as replacing an individual key or just the keyboard. On a Macbook Pro, the top case retails for $700, but the computers haven’t been around long enough for anyone to be out of warranty yet. In regular MacBooks, which were first available in the spring of 2015, Apple has quoted as much $330 to replace a top case out of warranty. The path from “a piece of dust” to “$700 repair” is terrifyingly short.

Apple has been moving in the direction of computers that can’t be repaired without major surgery for some time — a little over a year ago, one of the little rubber feet fell off my previous computer. I went into the Apple Store expecting a Genius to just stick on a replacement foot. It took two appointments and hours for a series of incredulous Geniuses to learn alongside me that Apple's only solution for this problem was to replace the entire bottom case.

Maybe butterfly switches were simply a stroke of Apple-Store-repair-business-generation genius. But it's hard to believe Apple, the business with the largest cash pile in America, either has a need to be that shrewd, or believes its customers are still so in thrall to its image that they would overlook the fact that one of the most basic functionalities of a laptop continually hangs by a single, delicate little butterfly ankle.

My computer came back from its repair in Memphis with a new top case, including a new keyboard, which has slightly different markings on its control and option keys. All of the keys work, for now. But as I write this a shaft of sunlight is falling across the right side of the keyboard from the window behind it, catching on a half-dozen or so pieces of dust.
https://theoutline.com/post/2402/the...uining-my-life





Michigan Introduces New, Awful Bill to Ban Community Broadband
Karl Bode

Michigan is the latest state to try and pass a law, written by ISP lobbyists, that tries to prevent communities from building their own broadband networks. Towns and cities for years have been forced to consider building their own broadband networks, thanks to a lack of competition in the broadband sector. This lack of competition usually results in regional duopolies doing the bare minimum to improve service in these markets, forcing towns and cities to get creative if they actually want to receive faster speeds at more reasonable prices.

If large ISPs really wanted to stop this from happening, the could improve service and lower rates. But more often than not, it's much easier to just pay state lawmakers to introduce awful, protectionist bills banning towns and cities from building their own networks, or in many instances even partnering with private companies like Google to improve local connectivity.

Michigan Freshman Representative Michele Hoitenga is the latest to rubber stamp the whims of broadband duopolies, and has introduced HB 5099, a new bill that would make it difficult if not impossible for Michigan towns and cities to build or improve local broadband networks, even in instances where local ISPs refuse to. The bill proclaims that local communities cannot use federal, state, or even their own voter-approved funds to invest in even the slowest Internet infrastructure.

And while it doesn't ban public/private partnerships outright, it does its best to discourage them, notes the folks at Institute for Local Self-Reliance, which has been fighting such ISP-written protectionist drivel for years.

"(An) exception allows local communities to engage in public-private partnerships, but the bill’s ambiguous language is likely to discourage local communities from pursuing such partnerships," the group notes. "Rather than put themselves at risk of running afoul of the law, prudent community leaders would probably choose to avoid pursuing any publicly owned infrastructure initiatives."

The bill is expected to hamper existing municipal broadband projects in the state in places like Sebewaing, Holland and Lyndon Township. In Lyndon Township, locals frustrated with sub-standard broadband recently voted overwhelmingly to approve funding and construction of a fiber network that will obliterate the slow, expensive service currently only partially available in the region. These bills help large ISPs disregard the will of the public, something that often annoys Republicans and Democrats alike (most municipal broadband networks are built in Conservative areas).

Again, the large ISPs backing this latest bill (AT&T, CenturyLink and Charter) could stop towns from pursuing this kind of effort by actually offering better products and more reasonable prices. But given how corrupt most state legislatures are, it's far easier to write a bill, hand it to a rubber stamp politician alongside campaign contributions, then continue disregarding the backlash to existing pricey and substandard broadband services.
https://www.dslreports.com/shownews/...oadband-140544





Black Lawmakers Hold a Particular Grievance With Facebook: Racial Exploitation
Yamiche Alcindor

For more than an hour, Sheryl Sandberg, Facebook’s high-profile chief operating officer, sheepishly pledged to “do better” — over and over — as stern-faced members of the Congressional Black Caucus grilled her on Thursday about Russian ads aimed at exploiting racial divisions during last year’s election.

For black lawmakers, it was a chance to vent — at the outrage they felt toward Russian intelligence and its efforts to foment racial unrest in the country; at the frustration they felt toward three separate congressional investigations into Russian interference that have plodded on and yielded little; and at Facebook itself, which has been long on promises and short on action.

“She was checking the boxes. She said all the right things,” Representative Donald M. Payne Jr., Democrat of New Jersey, said of Ms. Sandberg. But he was not satisfied. “I had an uncle who hated when you said ‘gonna’: ‘I’m gonna do this, and I’m gonna do that.’ He used to say, ‘Don’t be a gonna.’ And that’s what I said to her, ‘Don’t be a gonna.’”

Facebook’s chief executive, Mark Zuckerberg, after initially denying that Russians had exploited the company’s system, has reversed course and admitted that groups backed by President Vladimir V. Putin of Russia paid Facebook to influence voters last year with ads designed to inflame and exploit racial, political and economic rifts in the United States. Russian-backed Facebook pages promoted anti-immigrant rallies, targeted the Black Lives Matter movement and focused attentions on critical election swing states like Wisconsin and Michigan.

While Facebook has yet to release any of the ads, it has hired three crisis communications firms, bought digital and newspaper ads and sent Ms. Sandberg to Washington last week to charm Congress and the public.

But the grievance of black lawmakers is a particular one: As black activists tried last year to focus attention on police brutality, unfair treatment before the law, inequality and white supremacy, social media giants like Facebook were being commandeered by Russian intelligence agents to turn white voters against them.

For Representative Barbara Lee, Democrat of California, the moment recalled the 1970s, when another government, this one in Washington, not Moscow, targeted black activists. She served as a community worker for the Black Panther Party as the F.B.I. used false information to go after its members.

“That actually got people killed and destroyed organizations,” Ms. Lee said. “Now look at Facebook allowing ads by the Russian government to create this kind of environment. That’s a problem. I don’t know if they’re even aware of the history and how dangerous allowing the promotion of division and racial animosity and racial hatred can be.”

And nearly a year after the election, black lawmakers say, little is being done to reverse the damage. Russia studied and exploited the “fault lines of racial tension,” said Representative Yvette D. Clarke, Democrat of New York, and multiple investigations into Russia’s actions and the Trump’s campaign possible involvement have thus far offered no safeguards to stop Moscow’s efforts.

“Things are moving far too slow because we should be putting protective measures in place,” Ms. Clarke said. “We need to step up to the challenge.”

During the meeting, Ms. Sandberg frequently said she agreed as more than a dozen members of the Congressional Black Caucus demanded action from the company. Several people in the meeting said Ms. Sandberg frequently said, “We will do better” and “You will get answers.”

But her answers fueled the anger of some black lawmakers who said for years that they have been pushing Facebook to add a black person to its all-white board of directors and to diversify its staff. Several members have also written letters to Facebook and other companies demanding answers related to the presidential election.

On Thursday, the company’s chief diversity officer, Maxine Williams, said in the meeting that Facebook had recently hired a record number of minority employees, and Ms. Sandberg promised that the company planned to add a black person to its board.

The issue of Russia exploiting already charged race relations in the United States hits especially home for many members of the Congressional Black Caucus, including Representative Emanuel Cleaver II, Democrat of Missouri, who explained to Ms. Sandberg on Thursday that a man had attempted to bomb his office in 2014 in Kansas City based on false information and conspiracy theories. Mr. Cleaver, a cousin of Eldridge Cleaver, an early leader of the Black Panthers, said after the meeting that he was constantly on guard because many detractors falsely believe that his family member killed police officers.

“People get all worked up on the internet and do crazy things, and some of us are the recipients of their insanity,” Mr. Cleaver said. “It feels like the whole country is changing, and we’re having a national nervous breakdown.”

For others, the anger is more with Moscow than Silicon Valley. Already, they say, the United States has to deal with the remnants of slavery, institutional racism in schools and the criminal justice system, and now a foreign adversary is stirring a boiling pot.

Shortly after the meeting with Ms. Sandberg, Representative Cedric L. Richmond, Democrat of Louisiana and the chairman of the Congressional Black Caucus, said he was concerned that the F.B.I. may have bought into Russia’s exploitation of African-Americans with its new class of threats called “Black Identity Extremists.” Mr. Richmond said that he feared that the F.B.I. may now go after black people who protest unfair policing practices and discriminatory policies based on false information peddled on social media.

“This is a very fragile moment in time for African-Americans across this country,” Mr. Richmond said. “What we needed Facebook to understand is that they play a role in the perception of African-Americans.”

Representative Robin Kelly, a Democrat of Illinois, said she often hears from constituents who want to know why the investigations have taken so long. Ms. Kelly is also the ranking Democrat on the House Oversight Committee’s Subcommittee on Information Technology and sits on the Foreign Affairs Committee’s Subcommittee on Europe, Eurasia and Emerging Threats. Neither panel has had a hearing on Russia’s role in the 2016 presidential election, she said.

“I don’t know the intelligence process, and I’m sure they want to be thorough and all of that,” she said. But, she added, “people are anxious.”

At least some members of the caucus have started thinking about what ways Congress may have to step in and shield Americans from Russia’s influence.

Representative Bonnie Watson Coleman, Democrat of New Jersey, said lawmakers may need to come up with new ways to combat false information and fight back against Russia. That might mean Facebook would face new regulations.

“Our concerns will not get ignored,” Ms. Watson Coleman said. “It’s either you clean up your act, or government will have to act in that space.”
https://www.nytimes.com/2017/10/14/u...-division.html





Russia Reportedly Used Pokémon Go in an Effort to Inflame Racial Tensions

Pokémon, no
Casey Newton

Russia’s far-ranging campaign to promote dissension in the United States reportedly included an effort to weaponize Pokémon Go. CNN reported today that in July 2016, a Tumblr page linked to Russia’s now-notorious Internet Research Agency promoted a contest encouraging people sympathetic to the Black Lives Matter movement to play the game near famous sites of police brutality. Players were told to change their characters’ names to the victims of those incidents — an apparent effort to inflame racial tensions.

The Tumblr page was linked to Do Not Shoot Us, a multi-platform campaign designed to mimic aspects of Black Lives Matter. (As CNN notes, the name plays on “hands up, don’t shoot,” one of the movement’s slogans.) Do Not Shoot Us included a website, donotshoot.us, along with related pages on Facebook, Instagram, Twitter, and YouTube. The Facebook page was one of 470 pages that were removed after the company determined that it was linked to Russian groups attempting to interfere in US politics.

According to CNN, the group’s Tumblr page included a post showing a Pokémon named “Eric Garner,” who died after being put in a chokehold by a officer of the New York Police Department. The post promoted a contest, which promised Amazon gift cards to the winners, according to the report. CNN could not find evidence that anyone actually participated in the contest, it said, or that the page had distributed the gift cards.

The Facebook, Instagram, and Twitter accounts of the group have been suspended, CNN said. Its YouTube and Tumblr pages, though, remain active — though the Tumblr page has shifted to posts about Palestine.
https://www.theverge.com/2017/10/12/...k-lives-matter





Wary of Hackers, States Move to Upgrade Voting Systems
Michael Wines

State election officials, worried about the integrity of their voting systems, are pressing to make them more secure ahead of next year’s midterm elections.

Reacting in large part to Russian efforts to hack the presidential election last year, a growing number of states are upgrading electoral databases and voting machines, and even adding cybersecurity experts to their election teams. The efforts — from both Democrats and Republicans — amount to the largest overhaul of the nation’s voting infrastructure since the contested presidential election in 2000 spelled an end to punch-card ballots and voting machines with mechanical levers.

One aim is to prepare for the 2018 and 2020 elections by upgrading and securing electoral databases and voting machines that were cutting-edge before Facebook and Twitter even existed. Another is to spot and defuse attempts to depress turnout and sway election results by targeting voters with false news reports and social media posts.

West Virginia’s elections team has added a cybersecurity expert from the state National Guard with a top-secret federal security clearance. Colorado and Rhode Island will now verify election results via an advanced statistical procedure called a risk-limiting audit.

Delaware is moving its voter-registration list off the state’s aging mainframe computer and preparing to replace a 21-year-old electronic voting system that does not leave a paper record of votes to be audited.

Last month, a panel of state, federal and private election experts completed a sweeping revision of guidelines for manufacturers of new voting equipment, the first major overhaul in a dozen years. While the guidelines are voluntary, they are endorsed by all but three states, so manufacturers effectively must meet the new standards to sell their equipment in most of the nation.

Of course, threats to democracy and fair voting — such as gerrymandered election districts and disinformation campaigns on Facebook and other social media platforms — go well beyond election technology. And so far state and federal funds have often failed to match the scale and urgency of the problem. But in a time of widespread skepticism about the security of American elections, ensuring people that their votes have been counted accurately has become a pressing demand.

“What’s happening is a psy-ops operation,” said Mac Warner, the West Virginia secretary of state. “That’s what the Russians are running against us now, trying to erode confidence in our democratic process. We need to assure our citizens that we’re aware of these attacks, that we have assistance to counter them, and that when they do occur, don’t panic — there are resources to turn to.”

In an era of bitter political divisions and elections-rules disputes, the effort to make the vote more secure is notably bipartisan and relatively rancor-free. Republicans like Mr. Warner are largely aligned with Democrats on the need to act before the next presidential election in 2020, and there is some support in both parties in Congress for helping to finance changes.

Experts have warned for years that state and local election equipment and security practices were dangerously out of date, but state and local election agencies short of cash have often lagged in updating their systems. The 2016 election, however, laid bare the seriousness of the threat.

Federal officials have said they are confident that November’s election results were not tampered with. But federal intelligence and security officials were so shaken by Russian attempts to compromise the vote that the Department of Homeland Security designated election systems a critical national infrastructure, like banking and the electrical grid, that merit special protection.

The scope of the threat was underscored on Tuesday when a new report concluded not only that widely used voting systems can be breached by hackers — sometimes with almost trivial ease — but that they contain components manufactured in nations like China with a clear interest in undermining American democracy.

“It’s really important not to overstate the risk. There are lots of things that can be done to make sure machines are as secure as possible,” Lawrence Norden, the deputy director of the Democracy Project at the Brennan Center for Justice of the New York University School of Law. “But when you’re dealing with a nation-state, you have to assume that at some point they’re going to be successful in their efforts to breach things. The question then becomes resiliency and the ability to show people that you can fix things even if there is a breach.”

State officials, who zealously guard their control of elections, have greeted federal efforts to address voting security with wariness. But that, too, has changed. State election directors who were blindsided and angered by the Homeland Security department’s critical infrastructure designation will meet with department officials in Atlanta this month to discuss how they can share information about threats. The department also is working to give state election officials security clearances so they can view classified assessments of dangers to the election system.

The new guidelines for manufacturers of voting equipment — reduced to five pages from more than 200 — include for the first time principles as basic as a requirement that voting devices produce written records that can be verified, and that software or hardware errors cannot lead to undetectable changes in tallies. They are expected to spur the development of a new generation of cheaper and more secure equipment, said Matthew Masterson, the chairman of the federal Election Assistance Commission.

He said the shared guidelines would allow for the deployment of election software on products like tablets and iPads, which could be ready as soon as the 2020 election, rather than force 50 states to put together their own systems. “It’s going to drive innovation, hopefully save money for election officials, and allow us to test and certify equipment more efficiently,’’ Mr. Masterson said.

Foreign governments that regularly crack the computers of military contractors and federal agencies will not be daunted by the cyberdefenses of voter databases and electronic pollbooks. A determined adversary could compromise voting equipment at many points along the supply chain, from the factory assembler to the election software programmer to the technician who makes a repair or installs a software upgrade. And in an industry dominated by a handful of companies, malicious tinkering could have a broad impact.

“In computer security, you’re talking much more about the capabilities of local jurisdictions,” said Joseph Lorenzo Hall, the chief technology officer at the Center for Democracy and Technology in Washington. “And they vary dramatically, from L.A., which has a small army of folks, to many jurisdictions that don’t even have a full-time person for their election work. To the extent they have an ability to defend against these attacks, it’s quite limited.”

Mr. Hall said election officials need to be even more vigilant, and impose a “zero-trust networking” policy on their agencies. “Don’t assume that because something is locked in a case that it’s safe,” he said. “Assume they’re already in your system, and set up things that will catch them — honey pots, fake data stores. If anyone hits them, then you know someone’s poking around.”

For all the expressions of resolve, money remains the biggest obstacle to a complete overhaul of the system. Many jurisdictions rely on equipment bought after the 2002 Help America Vote Act, Congress’s response to the problems exposed by the 2000 presidential election, allotted nearly $4 billion for new machines and other reforms. Many of those machines are at or past the end of their service lives; Georgia conducted November’s elections on voting machines running Windows 2000, and parts of Pennsylvania relied on Windows XP.

Most states still use paper ballots that are counted by hand or by machines. But four other states besides Delaware — Louisiana, Georgia, New Jersey and South Carolina — use paperless systems that leave no audit trail, as do large swaths of Pennsylvania and some other states. Virginia scrapped thousands of paperless voting machines in 2015 after discovering that even an amateur hacker could easily and secretly change vote tallies.

A number of states and jurisdictions are replacing old equipment, and Los Angeles County — with 5.3 million registered voters, the nation’s largest election district — has designed an election system from scratch, and is asking manufacturers to bid on supplying it.

Bipartisan legislation in both the House and Senate would provide a modest amount of federal money for new machines. But prospects for passage are uncertain, and many states are unable or unwilling to fill the breach.

The South Carolina Election Commission estimates that it could cost $40 million to replace the state’s antiquated voting equipment with machines that used auditable paper ballots. So far the State Legislature has come up with $1 million, said Chris Whitmire, a spokesman for the commission.

“We’re using the same equipment we’ve used since 2004,” he said. “If $40 million dropped into our hands today, we’d have a paper ballot trail, too.”

But even states that cannot afford more secure machines are taking steps to harden their election systems and bolster public confidence in the vote. South Carolina has accepted an offer of free “cyberhygiene” scans of its system by Homeland Security experts. Colorado is upgrading its voting equipment, but it has also begun to receive Homeland Security screenings, added national guard security experts to its election team and tacked a basic security measure onto its voter-registration database: two-step authentication for anyone seeking to log into the system.

State election officials are now in regular contact with federal security and intelligence agencies about threats to the vote, said Trevor Timmons, the chief information officer for Wayne W. Williams, the Colorado secretary of state.

“I’ve spent more time talking to three-letter agencies in the last year than I have in my entire career,” he said.
https://www.nytimes.com/2017/10/14/u...g-states-.html





Millions of High-Security Crypto Keys Crippled by Newly Discovered Flaw

Factorization weakness lets attackers impersonate key holders and decrypt their data.
Dan Goodin

A crippling flaw in a widely used code library has fatally undermined the security of millions of encryption keys used in some of the highest-stakes settings, including national identity cards, software- and application-signing, and trusted platform modules protecting government and corporate computers.

The weakness allows attackers to calculate the private portion of any vulnerable key using nothing more than the corresponding public portion. Hackers can then use the private key to impersonate key owners, decrypt sensitive data, sneak malicious code into digitally signed software, and bypass protections that prevent accessing or tampering with stolen PCs. The five-year-old flaw is also troubling because it's located in code that complies with two internationally recognized security certification standards that are binding on many governments, contractors, and companies around the world. The code library was developed by German chipmaker Infineon and has been generating weak keys since 2012 at the latest.

The flaw is the one Estonia's government obliquely referred to last month when it warned that 750,000 digital IDs issued since 2014 were vulnerable to attack. Estonian officials said they were closing the ID card public key database to prevent abuse. On Monday, officials posted this update. Last week, Microsoft, Google, and Infineon all warned how the weakness can impair the protections built into TPM products that ironically enough are designed to give an additional measure of security to high-targeted individuals and organizations.

Completely broken

"In public key cryptography, a fundamental property is that public keys really are public—you can give them to anyone without any impact in security," Graham Steel, CEO of encryption consultancy Cryptosense, told Ars. "In this work, that property is completely broken." He continued:

It means that if you have a document digitally signed with someone's private key, you can't prove it was really them who signed it. Or if you sent sensitive data encrypted under someone's public key, you can't be sure that only they can read it. You could now go to court and deny that it was you that signed something—there would be no way to prove it, because theoretically, anyone could have worked out your private key.

Both Steel and Petr Svenda, one of the researchers who discovered the faulty library, also warned the flaw has, or at least had, the potential to create problems for elections in countries where vulnerable cards are used. While actual voter fraud would be difficult to carry out, particularly on a scale needed to sway elections, "just the possibility (although impractical) is troubling as it is support for various fake news or conspiracy theories," Svenda, who is a professor at Masaryk University in the Czech Republic, told Ars. Invoking the prolific leakers of classified National Security Agency material, Steel added: "Imagine a Shadowbrokers-like organization posts just a couple of private keys on the Internet and claims to have used the technique to break many more."

The flaw is the subject of a research paper titled The Return of Coppersmith's Attack: Practical Factorization of Widely Used RSA Moduli, which will be presented on November 2 at the ACM Conference on Computer and Communications Security. The vulnerability was discovered by Slovak and Czech researchers from Masaryk University in the Czech Republic, Enigma Bridge in Cambridge, UK, and Ca' Foscari University in Italy. To give people time to change keys, the paper describing the factorization method isn't being published until it's presented at the conference.

The flaw resides in the Infineon-developed RSA Library version v1.02.013, specifically within an algorithm it implements for RSA primes generation. The library allows people to generate keys with smartcards rather than with general-purpose computers, which are easier to infect with malware and hence aren't suitable for high-security uses. The library runs on hardware Infineon sells to a wide range of manufacturers using Infineon smartcard chips and TPMs. The manufacturers, in turn, sell the wares to other device makers or end users. The flaw affects only RSA encryption keys, and then only when they were generated on a smartcard or other embedded device that uses the Infineon library.

To boost performance, the Infineon library constructs the keys' underlying prime numbers in a way that makes them prone to a process known as factorization, which exposes the secret numbers underpinning their security. When generated properly, an RSA key with 2048 bits should require several quadrillion years—or hundreds of thousands of times the age of the universe—to be factorized with a general-purpose computer. Factorizing a 2048-bit RSA key generated with the faulty Infineon library, by contrast, takes a maximum of 100 years, and on average only half that. Keys with 1024 bits take a maximum of only three months.

The factorization can be dramatically accelerated by spreading the load onto multiple computers. While costs and times vary for each vulnerable key, the worst case for a 2048-bit one would require no more than 17 days and $40,300 using a 1,000-instance machine on Amazon Web Service and $76 and 45 minutes to factorize an affected 1024-bit key. On average, it would require half the cost and time to factorize the affected keys. All that's required is passing the public key through an extension of what's known as Coppersmith's Attack.

While all keys generated with the library are much weaker than they should be, it's not currently practical to factorize all of them. For example, 3072-bit and 4096-bit keys aren't practically factorable. But oddly enough, the theoretically stronger, longer 4096-bit key is much weaker than the 3072-bit key and may fall within the reach of a practical (although costly) factorization if the researchers' method improves.

To spare time and cost, attackers can first test a public key to see if it's vulnerable to the attack. The test is inexpensive, requires less than 1 millisecond, and its creators believe it produces practically zero false positives and zero false negatives. The fingerprinting allows attackers to expend effort only on keys that are practically factorizable. The researchers have already used the method successfully to identify weak keys, and they have provided a tool here to test if a given key was generated using the faulty library. A blog post with more details is here.

In search of vulnerable keys

The researchers examined keys used in electronic identity cards issued by four countries and quickly found two—Estonia and Slovakia—were issuing documents with fingerprinted keys, both of which were 2048 bits in length, making them practically factorizable. Estonia has disclosed the flaw in what it said were 750,000 of the cards issued since 2014. Ars checked the key used in an e-residency card Ars Senior Business Editor Cyrus Farivar obtained in 2015, and it came back as factorizable.

While it has closed its public key database, Estonian government officials have also announced plans to rotate all keys to a format that's not vulnerable, starting in November. The status of Slovakia's system isn't immediately clear. With two of the four countries checked testing positive for fingerprinted keys, a more exhaustive search is likely to identify many more nations issuing cards with factorizable keys.

Next, the researchers examined a sampling of 41 different laptop models that used trusted platform modules. They found vulnerable TPMs from Infineon in 10 of them. The vulnerability is especially acute for TPM version 1.2, because the keys it uses to control Microsoft's BitLocker hard-disk encryption are factorizable. That means anyone who steals or finds an affected computer could bypass the encryption protecting the hard drive and boot sequence. TPM version 2.0 doesn't use factorizable keys for BitLocker, although RSA keys generated for other purposes remain affected. Infineon has issued a firmware update that patches the library vulnerability, and downstream affected TPM manufacturers are in the process of releasing one as well.

The researchers also scanned the Internet for fingerprinted keys and quickly found hits in a variety of surprising places. They found 447 fingerprinted keys—237 of them factorizable—used to sign GitHub submissions, some for very popular software packages. GitHub has since been notified of the fingerprinted keys and is in the process of getting users to change them.

The researchers also found 2,892 PGP keys used for encrypted e-mail, 956 of which were factorizable. The researchers speculated that the majority of the PGP keys were generated using the Yubikey 4, which allows owners to use the faulty library to create on-chip RSA keys. Other functions of the USB device, including U2F authentication, remain unaffected.

The researchers went on to find 15 factorizable keys used for TLS. Strangely, almost all of them contain the string "SCADA" in the common name field. All 15 fingerprinted keys have a characteristic involving their prime numbers that is outside the range of what's produced by the faulty Infineon library, raising the possibility there was a modification of it that hasn't yet been documented.

This is the second time in four years that a major crypto flaw has been found hitting a crypto scheme that has passed rigorous certification tests. In 2013, a different set of researchers unearthed flaws in Taiwan's secure digital ID system that would allow attackers to impersonate some citizens. Both the flawed Infineon library and the Taiwanese digital ID system passed the FIPS 140-2 Level 2 and the Common Criteria standards. Both certifications are managed by the National Institute of Standards and Technology. Both certifications are often mandatory for certain uses inside government agencies, contractors, and others.

The researchers who uncovered the Infineon library flaw questioned whether the secrecy required by some of the certification process played a role. They wrote:

Our work highlights the dangers of keeping the design secret and the implementation closed-source, even if both are thoroughly analyzed and certified by experts. The lack of public information causes a delay in the discovery of flaws (and hinders the process of checking for them), thereby increasing the number of already deployed and affected devices at the time of detection.

All told, the researchers estimate that Infineon's faulty library may have generated tens of millions of RSA keys in the five or so years it has been commercially available. A good many of them are practically factorizable, but even those that are not are considerably more vulnerable to factorization than federal standards and common-sense security guidelines dictate. RSA keys generated with OpenSSL, PGP-compliant programs, or similar computer programs aren't affected. People who have relied on smartcards or embedded devices for cryptographic functions should test their RSA keys using the researchers' fingerprinting tool. In the event the keys test positive, people should revoke them as soon as possible and generate new ones. Keys using Elliptic Curve Cryptography and other non-RSA methods aren't affected.

It's going to take a while for people to identify all vulnerable keys. They should start by replacing those that are known to be practically factorizable, but eventually all RSA keys generated by the flawed library should go. Cryptographers and engineers within NIST and other standards organizations should also use the failure to learn how to improve their high-security certifications processes.
https://arstechnica.com/information-...-estonian-ids/





Severe Flaw in WPA2 Protocol Leaves Wi-Fi Traffic Open to Eavesdropping

KRACK attack allows other nasties, including connection hijacking and malicious injection.
Dan Goodin

An air of unease set into the security circles on Sunday as they prepared for the disclosure of high-severity vulnerabilities in the Wi-Fi Protected Access II protocol that make it possible for attackers to eavesdrop Wi-Fi traffic passing between computers and access points.

The proof-of-concept exploit is called KRACK, short for Key Reinstallation Attacks. The research has been a closely guarded secret for weeks ahead of a coordinated disclosure that's scheduled for 8am Monday, East Coast time. An advisory the US CERT recently distributed to about 100 organizations described the research this way:

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.

According to a researcher who has been briefed on the vulnerability, it works by exploiting a four-way handshake that's used to establish a key for encrypting traffic. During the third step, the key can be resent multiple times. When it's resent in certain ways, a cryptographic nonce can be reused in a way that completely undermines the encryption.

A Github page belonging to one of the researchers and a separate placeholder website for the vulnerability used the following tags:

WPA2
KRACK
key reinstallation
security protocols
network security, attacks
nonce reuse
handshake
packet number
initialization vector

Researchers briefed on the vulnerabilities said they are indexed as: CVE-2017-13077, CVE-2017-13078, CVE-2017-13079, CVE-2017-13080, CVE-2017-13081, CVE-2017-13082, CVE-2017-13084, CVE-2017-13086, CVE-2017-13087, CVE-2017-13088. One researcher told Ars that Aruba and Ubiquiti, which sell wireless access points to large corporations and government organizations, already have updates available to patch or mitigate the vulnerabilities.

The vulnerabilities are scheduled to be formally presented in a talk titled Key Reinstallation Attacks: Forcing Nonce Reuse in WPA2 scheduled for November 1 at the ACM Conference on Computer and Communications Security in Dallas. It's believed that Monday's disclosure will be made through the site krackattacks.com. The researchers presenting the talk are Mathy Vanhoef and Frank Piessens of KU Leuven. The researchers presented this related research in August at the Black Hat Security Conference in Las Vegas.

The vast majority of existing access points aren't likely to be patched quickly, and some may not be patched at all. If initial reports are accurate that encryption bypass exploits are easy and reliable in the WPA2 protocol, it's likely attackers will be able to eavesdrop on nearby Wi-Fi traffic as it passes between computers and access points. It might also mean it's possible to forge Dynamic Host Configuration Protocol settings, opening the door to hacks involving users' domain name service.

It wasn't possible to confirm the details reported in the CERT advisory or to assess the severity at the time this post was going live. If eavesdropping or hijacking scenarios turn out to be easy to pull off, people should avoid using Wi-Fi whenever possible until a patch or mitigation is in place. When Wi-Fi is the only connection option, people should use HTTPS, STARTTLS, Secure Shell, and other reliable protocols to encrypt Web and e-mail traffic as it passes between computers and access points. As a fall-back users should consider using a virtual private network as an added safety measure, but users are reminded to choose their VPN providers carefully, since many services can't be trusted to make users more secure. This post will be updated as more information becomes available.
https://arstechnica.com/information-...eavesdropping/





Microsoft has Already Fixed the Wi-Fi Attack Vulnerability
Tom Warren

Technology companies are starting to respond to a new Wi-Fi exploit affecting all modern Wi-Fi networks using WPA or WPA 2 encryption. The security vulnerabilities allow attackers to read Wi-Fi traffic between devices and wireless access points, and in some cases even modify it to inject malware into websites. Security researchers claim devices running macOS, Windows, iOS, Android, and Linux will be affected by the vulnerabilities.

Microsoft says it has already fixed the problem for customers running supported versions of Windows. “We have released a security update to address this issue,” says a Microsoft spokesperson in a statement to The Verge. “Customers who apply the update, or have automatic updates enabled, will be protected. We continue to encourage customers to turn on automatic updates to help ensure they are protected.” Microsoft says the Windows updates released on October 10th protect customers, and the company “withheld disclosure until other vendors could develop and release updates.”

"Android will be patched within weeks"

While it looks like Android and Linux devices are affected by the worst part of the vulnerabilities, allowing attackers to manipulate websites, Google has promised a fix for affected devices “in the coming weeks.” Google’s own Pixel devices will be the first to receive fixes with security patch level of November 6, 2017, but most other handsets are still well behind even the latest updates. Security researchers claim 41 percent of Android devices are vulnerable to an “exceptionally devastating” variant of the Wi-Fi attack that involves manipulating traffic, and it will take time to patch older devices.

The Verge has reached out to a variety of Android phone makers to clarify when security patches will reach handsets, and we’ll update you accordingly. At the time of writing, Apple has not yet clarified whether the latest versions of macOS and iOS are vulnerable.

The Wi-Fi Alliance, a network of companies responsible for Wi-Fi, has responded to the disclosure of the vulnerabilities. “This issue can be resolved through straightforward software updates, and the Wi-Fi industry, including major platform providers, has already started deploying patches to Wi-Fi users,” says a Wi-Fi Alliance spokesperson. “Users can expect all their Wi-Fi devices, whether patched or unpatched, to continue working well together.”
https://www.theverge.com/2017/10/16/...curity-patches





Microsoft Responded Quietly after Detecting Secret Database Hack in 2013
Joseph Menn

Microsoft Corp’s secret internal database for tracking bugs in its own software was broken into by a highly sophisticated hacking group more than four years ago, according to five former employees, in only the second known breach of such a corporate database.

The company did not disclose the extent of the attack to the public or its customers after its discovery in 2013, but the five former employees described it to Reuters in separate interviews. Microsoft declined to discuss the incident.

The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system. Spies for governments around the globe and other hackers covet such information because it shows them how to create tools for electronic break-ins.

The Microsoft flaws were fixed likely within months of the hack, according to the former employees. Yet speaking out for the first time, these former employees as well as U.S. officials informed of the breach by Reuters said it alarmed them because the hackers could have used the data at the time to mount attacks elsewhere, spreading their reach into government and corporate networks.

“Bad guys with inside access to that information would literally have a ‘skeleton key’ for hundreds of millions of computers around the world,” said Eric Rosenbach, who was U.S. deputy assistant secretary of defense for cyber at the time.

Companies of all stripes now are ramping up efforts to find and fix bugs in their software amid a wave of damaging hacking attacks. Many firms, including Microsoft, pay security researchers and hackers “bounties” for information about flaws – increasing the flow of bug data and rendering efforts to secure the material more urgent than ever.

In an email responding to questions from Reuters, Microsoft said: “Our security teams actively monitor cyber threats to help us prioritize and take appropriate action to keep customers protected.”

Sometime after learning of the attack, Microsoft went back and looked at breaches of other organizations around then, the five ex-employees said. It found no evidence that the stolen information had been used in those breaches.

Two current employees said the company stands by that assessment. Three of the former employees assert the study had too little data to be conclusive.

Microsoft tightened up security after the breach, the former employees said, walling the database off from the corporate network and requiring two authentications for access.

The dangers posed by information on such software vulnerabilities became a matter of broad public debate this year, after a National Security Agency stockpile of hacking tools was stolen, published and then used in the destructive “WannaCry” attacks against U.K. hospitals and other facilities.

After WannaCry, Microsoft President Brad Smith compared the NSA’s loss to the “the U.S. military having some of its Tomahawk missiles stolen,” and cited “the damage to civilians that comes from hoarding these vulnerabilities.”

Only one breach of a big database from a software company has been disclosed. In 2015, the nonprofit Mozilla Foundation - which develops the Firefox web browser - said an attacker had gotten access to a database that included 10 severe and unpatched flaws. One of those flaws was then leveraged in an attack on Firefox users, Mozilla disclosed at the time.

In contrast to Microsoft’s approach, Mozilla provided extensive details of the breach and urged its customers to take action.

Mozilla Chief Business and Legal Officer Denelle Dixon said the foundation told the public about what it knew in 2015 “not only inform and help protect our users, but also to help ourselves and other companies learn, and finally because openness and transparency are core to our mission.”

The Microsoft matter should remind companies to treat accurate bug reports as the “keys to the kingdom,” said Mark Weatherford, who was deputy undersecretary for cybersecurity at the U.S. Department of Homeland Security when Microsoft learned of the breach.

Like the Pentagon’s Rosenbach, Weatherford said he had not known of the Microsoft attack. Weatherford noted that most companies have strict security procedures around intellectual property and other sensitive corporate information.

“Your bug repository should be equally important,” he said.

ALARM SPREADS AFTER INTERNAL PROBE

Microsoft discovered the database breach in early 2013 after a highly skilled hacking group broke into computers at a number of major tech companies, including Apple Inc, Facebook Inc and Twitter Inc.

The group, variously called Morpho, Butterfly and Wild Neutron by security researchers elsewhere, exploited a flaw in the Java programming language to penetrate employees’ Apple Macintosh computers and then move to company networks.

The group remains active as one of the most proficient and mysterious hacking groups known to be in operation, according to security researchers. Experts can’t agree about whether it is backed by a national government, let alone which one.

More than a week after stories about the breaches first appeared in 2013, Microsoft published a brief statement that portrayed its own break-in as limited and made no reference to the bug database.

“As reported by Facebook and Apple, Microsoft can confirm that we also recently experienced a similar security intrusion,” the company said on Feb. 22, 2013.

“We found a small number of computers, including some in our Mac business unit, that were infected by malicious software using techniques similar to those documented by other organizations. We have no evidence of customer data being affected, and our investigation is ongoing.”

Inside the company, alarm spread as officials realized the database for tracking patches had been compromised, according to the five former security employees. They said the database was poorly protected, with access possible via little more than a password.

Concerns that hackers were using stolen bugs to conduct new attacks prompted Microsoft to compare the timing of those breaches with when the flaws had entered the database and when they were patched, according to the five former employees.

These people said the study concluded that even though the bugs in the database were used in ensuing hacking attacks, the perpetrators could have gotten the information elsewhere.

That finding helped justify Microsoft’s decision not to disclose the breach, the former employees said, and in many cases patches already had been released to its customers.

Three of the five former employees Reuters spoke with said the study could not rule out stolen bugs having been used in follow-on attacks.

“They absolutely discovered that bugs had been taken,” said one. “Whether or not those bugs were in use, I don’t think they did a very thorough job of discovering.”

That’s partly because Microsoft relied on automated reports from software crashes to tell when attacks started showing up. The problem with this approach, some security experts say, is that most sophisticated attacks do not cause crashes, and the most targeted machines - such as those with sensitive government information - are the least likely to allow automated reporting.

Editing by Jonathan Weber and Edward Tobin
https://uk.reuters.com/article/us-mi...-idUKKBN1CM0D0





Canada's 'Super Secret Spy Agency' is Releasing a Malware-Fighting Tool to the Public

'This is something new for CSE,' says the agency, which is trying to shed its old reputation
Matthew Braga

Matthew Braga is the senior technology reporter for CBC News. He was previously the Canadian editor of Motherboard, Vice Media's science and technology website, and a business and technology reporter for the Financial Post. Email: matthew.braga@cbc.ca

Canada's electronic spy agency says it is taking the "unprecedented step" of releasing one of its own cyber defence tools to the public, in a bid to help companies and organizations better defend their computers and networks against malicious threats.

The Communications Security Establishment (CSE) rarely goes into detail about its activities — both offensive and defensive — and much of what is known about the agency's activities have come from leaked documents obtained by U.S. National Security Agency whistleblower Edward Snowden and published in recent years.

But as of late, CSE has acknowledged it needs to do a better job of explaining to Canadians exactly what it does. Today, it is pulling back the curtain on an open-source malware analysis tool called Assemblyline that CSE says is used to protect the Canadian government's sprawling infrastructure each day.

"It's a tool that helps our analysts know what to look at, because it's overwhelming for the number of people we have to be able to protect things," Scott Jones, who heads the agency's IT security efforts, said in an interview with CBC News.

'Super secret spy' reputation

On the one hand, open sourcing Assemblyline's code is a savvy act of public relations, and Jones readily admits the agency is trying to shed its "super secret spy agency" reputation in the interest of greater transparency.

But on the other, the agency is acknowledging that, given the widening range of digital threats affecting Canadians and Canadian businesses, it believes it has a more public role to play in cyber defence than it has in the past.

"This is something new for CSE," he says. It's a fact not lost on longtime agency observers.

"They're pushing the envelope in a way they haven't quite before," said Bill Robinson, an independent researcher who has studied CSE's activities for more than two decades, and recently joined the University of Toronto's Citizen Lab as a fellow. "It's a big a change, a sea change for them in that way."

The step may be unprecedented for CSE, but not for its partners in the Five Eyes — an intelligence-sharing alliance involving Australia, Canada, New Zealand, the United Kingdom and the United States.

Both the NSA and the U.K.'s Government Communications Headquarters (GCHQ) have maintained active projects on the code sharing repository GitHub in recent years.

'A gift' for companies

Assemblyline is described by CSE as akin to a conveyor belt: files go in, and a handful of small helper applications automatically comb through each one in search of malicious clues. On the way out, every file is given a score, which lets analysts sort old, familiar threats from the new and novel attacks that typically require a closer, more manual approach to analysis.

"There's only so many ways you can hide malware within a Word document," said John O'Brien, who leads the development of the tool, which first started in 2010. "So by looking for the hallmark of that type of an attack, that can give us an indication that there's something in here that's just off."

Cybersecurity researcher Olivier Bilodeau says although there is overlap between Assemblyline and existing tools, CSE's contribution is that it has cobbled together many of the tools that malware researchers already use into one platform, like a Swiss Army Knife for malware analysis that anyone can modify and improve. And it has demonstrated that Assemblyline can scale to handle networks as large as the government's.

Bilodeau — who leads cybersecurity research at the Montreal security company GoSecure, and has developed a malware research toolbox of his own — says those attributes could make it easier for large organizations such as banks to do more of the kind of specialized work that his company does.

"They usually spend a lot of time fighting the malware, but not a lot of time investing in malware fighting infrastructure," he said. "So this is definitely a gift for them."

Spying on spies

The possibility that CSE's own tool could be used to detect spy software of its own design, or that of its partners, is not lost upon the agency.

"Whatever it detects, whether it be cybercrime or [nation] states, or anybody else that are doing things — well that's a good thing, because it's made the community smarter in terms of defence," said Jones.

Nor does he believe that releasing Assemblyline to the public will make it easier for adversaries to harm the government, or understand how CSE hunts for threats — quite the opposite, in fact.

"We believe that the benefits far outweigh any risks and that we can still use this to be ahead of the threat that's out there."
http://www.cbc.ca/news/technology/cs...urce-1.4361728





US Voices Frustration with 'Warrant-Proof' Encryption
BBC

The US deputy attorney general says the use of "warrant-proof encryption" in popular apps and operating systems, is hampering law enforcement.

Several apps encrypt communications end-to-end, which stop messages being legible if intercepted by criminals or law enforcement.

In a speech, Rod Rosenstein said law enforcers were increasingly thwarted by such encryption.

He met Home Secretary Amber Rudd on Thursday to discuss the issue.

He will also meet the head of the UK's GCHQ intelligence agency.

"Increasingly, the tools we use to collect evidence run up against encryption tools which are designed to defeat them," said Mr Rosenstein, speaking at the Global Cyber Security Summit in London.

He said the United States was "co-ordinating with our foreign partners as to what the challenges are".

With end-to-end encryption, messages are scrambled when they leave the sender's device and are decrypted only on the receiver's device.

It means service providers such as WhatsApp cannot hand over a legible copy of a suspect's messages to law enforcement, because they do not have one.

Mr Rosenstein said technology companies often "resisted co-operating with governments".

Ms Rudd has also described encryption tools used by messaging apps as a "problem".

In August, she met representatives from Google, Facebook, Twitter, Microsoft and others at a counter-terrorism forum in San Francisco.

She called on companies to work "more closely" with the government but said she did not want to "weaken encryption".
http://www.bbc.com/news/technology-41611853





Justices to Decide on Forcing Technology Firms to Provide Data Held Abroad
Adam Liptak

The Supreme Court on Monday agreed to decide whether federal prosecutors can force technology companies to turn over data stored outside the United States.

Disputes between leading technology companies and the Justice Department have become increasingly common, and the new case will give the Supreme Court an opportunity to weigh in on the clash between the demands of law enforcement and the companies’ desire to shield the information they collect to protect their customers’ privacy.

The case, United States v. Microsoft, No. 17-2, arose from a federal drug investigation. Prosecutors sought the emails of a suspect that were stored in a Microsoft data center in Dublin. They said they were entitled to the emails because Microsoft is based in the United States.

A federal magistrate judge in New York in 2013 granted the government’s request to issue a warrant for the data under a 1986 federal law, the Stored Communications Act. Microsoft challenged the warrant in 2014, arguing that prosecutors could not force it to hand over its customer’s emails stored abroad.

A three-judge panel of the United States Court of Appeals for the Second Circuit, in Manhattan, ruled that the warrant in the case could not be used to obtain evidence beyond the nation’s borders because the 1986 law did not apply extraterritorially. In a concurring opinion, Judge Gerard E. Lynch said the question was a close one, and he urged Congress to revise the 1986 law, which he said was badly outdated.

The government asked the full Second Circuit to rehear the case, but the court deadlocked by a 4-to-4 vote. In dissent, Judge José A. Cabranes wrote that the panel’s decision had restricted an investigative tool used thousands of times a year while failing to “serve any serious, legitimate, or substantial privacy interest.”

In urging the Supreme Court to hear the case, the Justice Department said nothing should turn on Microsoft’s business decision to store data abroad that it “can access domestically with the click of a computer mouse.” The panel’s ruling, the department’s brief said, “is causing immediate, grave, and ongoing harm to public safety, national security, and the enforcement of our laws.”

“Hundreds if not thousands of investigations of crimes — ranging from terrorism, to child pornography, to fraud — are being or will be hampered by the government’s inability to obtain electronic evidence,” the brief said.

In response, Microsoft told the justices that it is up to Congress to revise the 1986 law and noted that both houses have recently held hearings to consider overhauls.

A ruling upholding the warrant, the company warned, would embolden foreign countries to seek the emails of Americans stored in the United States.

Microsoft added that the Justice Department’s position posed a threat to technology companies by requiring them to choose between complying with a warrant and disobeying foreign laws.

“These conflicts can place U.S. companies in the untenable position of being forced to violate foreign privacy laws to comply with U.S. warrants,” the company’s brief said. “And the growing privacy concerns of customers around the world mean that granting U.S. law-enforcement agencies that broad authority would hamstring U.S. companies’ ability to compete in the multibillion-dollar cloud computing industry.”

The case is part of the broader clash between the technology industry and the federal government in the digital age. Apple, for instance, battled the F.B.I. over helping investigators break into a locked iPhone that had been used by a gunman in a mass shooting.
https://www.nytimes.com/2017/10/16/b...logy-data.html





Trump’s Threats Against the Press May be Toothless. But they’re Far from Harmless.
Margaret Sullivan

As a presidential candidate, Donald Trump vowed to change the libel laws to make it easier to win big lawsuits against news organizations. It never happened.

After the election, he pressured the FBI director to consider sending reporters to jail for publishing classified information. That was another non-starter.

And just last week, he suggested that a TV network have its broadcast license revoked because he objected to a news report. That isn’t evenpossible under FCC rules; the agency licenses individual stations, not networks.

Trump keeps ranting about the dishonest news media. And reporters and editors keep doing their jobs, undaunted.

So there’s no problem and First Amendment champions should just calm down, right?

Stop overreacting to Trump’s tweet-threats, counseled Jack Shafer of Politico last week, suggesting that, while not ignoring them, “we discount their value in the political marketplace down to the junk level.”

As many have noted, Trump is actually more accessible than his predecessor — often answering reporters’ questions in informal settings, calling them on the phone and giving plenty of interviews (though mostly to his friends at Fox News).

What’s more, his Twitter feed means that we have a real-time understanding of the president’s thinking, such as it is. (Peter Baker of the New York Times, speaking last week at George Washington University, said that, “in this way, at least, it’s the most transparent presidency we have had in our lifetime,” and added, half-joking, that Trump’s tweets are “like the Nixon tapes, if they were played every night on the CBS News.”)

Still, it would be a mistake to see Trump’s anti-media threats as harmless. They’re anything but.

Consider a Turkish court’s conviction last week of Wall Street Journal reporter Ayla Albayrak. It sentenced her to more than two years in prison, determining that she had engaged in terrorist propaganda by writing a news story.

“This was an unfounded criminal charge and wildly inappropriate conviction that wrongly singled out a balanced Wall Street Journal report,” charged Journal Editor in Chief Gerard Baker. The article’s purpose was “to provide objective and independent reporting on events in Turkey, and it succeeded.”

The State Department issued a strong rebuke to Turkey: Freedom of expression, including for speech and the media, strengthens democracy and needs to be protected, it said.

Notably, it said, that includes “even speech which some find controversial or uncomfortable.”

Meanwhile, the executive-branch boss was lashing out at American news organizations for reporting that he found uncomfortable — or, as he prefers to put it, “fake.”

“It is frankly disgusting the way the press is able to write whatever they want to write. And people should look into it,” Trump stormed. Brandishing a copy of the U.S. Constitution, Jake Tapper of CNN retorted that he’d done the investigation and found the answers. (The president later backed off a bit, saying he didn’t really want to limit the media; he just wants journalists to be what he considers honest.)

Trump’s constant press attacks carry a worldwide price — they hurt America’s ability to stand for democratic freedoms around the world.

“When the president consistently speaks that way, there’s a loss of U.S. influence and credibility on matters of press freedom,” Joel Simon, executive director of the Committee to Protect Journalists, told me.

As Simon sees it, the American government needs to be able to exert influence — and maintain the moral high ground — in all kinds of cases involving the news media.

American officials lean on a strong democratic reputation when they raise concerns about the treatment of the U.S. media around the globe, he said, “whether it’s the Chinese government’s withholding visas, or the Turkish authorities expelling Wall Street Journal reporter Dion Nissenbaum last December, or the ban on CNN en Espanol imposed in Venezuela.”

Turkey, nominally a democracy, has a disturbing record of human rights offenses — including throwing many journalists in jail.
But Trump keeps lavishing praise on President Recep Tayyip Erdogan, calling him a great friend and (as with Vladi#mir Putin) awarding high marks for strong leadership. (Behind the scenes, Turkey and the United States have been in a bitter disagreement about the arrest of an employee of the American consulate in Istanbul.)

It may be tempting to shrug off Trump’s threats as nothing but venting — or to see them as a big slab of red meat to feed his base.

And it may also be tempting to say his fighting words don’t matter much because the worst threats haven’t come to fruition.

But even if Trump can’t really get a network’s broadcast license revoked or libel laws changed, he can still can — and does — undermine American values, both here and abroad, when he attacks the press.

And no amount of transparency-by-tweet or backslapping access for reporters can make up for that.
https://www.washingtonpost.com/lifes...ffb_story.html





FCC Chief Is ‘Complicit’ in Trump’s NBC Threat, Ex-Chairman Says
David McLaughlin

• Wheeler blasts Chairman Pai’s silence on president’s tweet
• Commissioners must back free speech, Democratic member says

U.S. Federal Communications Commission Chairman Ajit Pai is “complicit” in Donald Trump’s threat to revoke broadcast licenses of news stations by not speaking out against the president, the former chairman of the agency said.

Tom Wheeler, who led the FCC during President Barack Obama’s second term, said Sunday that Pai’s silence in defending the First Amendment against the president is “shocking.”

“He is making himself complicit in the coercion that the president was engaging in when he was trying to send a message to broadcasters saying, ‘We’re watching, and we control your right to be alive,”’ Wheeler said Sunday on CNN’s “Reliable Sources.”

Trump on Oct. 11 mused about whether FCC licenses should be taken from NBC after the network published a story saying he’d called for a tenfold increase in the U.S. nuclear arsenal in a meeting with military and security officials.

The president later told his 40.6 million Twitter followers that, “Network news has become so partisan, distorted and fake that licenses must be challenged and, if appropriate, revoked. Not fair to public!”

The FCC doesn’t license networks. It issues licenses to owners of television stations, which must be periodically renewed. NBCUniversal, the parent company of the network, is owned by Comcast Corp., which owns 10 NBC stations, including in New York and Los Angeles. The television network also broadcasts through more than 200 stations owned by independent businesses.

A spokesman for the FCC didn’t respond to an email seeking comment. Pai, a Republican FCC member since 2012 who was elevated to chairman by Trump in January, said last month in Washington that freedom of speech “should unite Americans across the ideological spectrum.”

Read more: FCC Chief, ‘Defender of 1st Amendment,’ Silent on Trump-NBC

Jessica Rosenworcel, a Democratic FCC commissioner, said on CNN Sunday that the FCC must support the First Amendment and can’t dictate what content should be on the airwaves.

“History won’t be kind to silence,” she said. “It’s important for all the commissioners to make clear that they support the First Amendment, and that agency will not revoke a broadcast license simply because the president is dissatisfied with the licensee’s coverage.”
https://www.bloomberg.com/news/artic...-chairman-says





Here’s How U.S. Lawmakers Want to Regulate Political Ads on Facebook, Google and Twitter

An early look at the Honest Ads Act by Sens. Mark Warner, Amy Klobuchar and John McCain
Tony Romm

A trio of top Senate lawmakers is commencing a new push today to regulate the political ads that appear on Facebook, Google and Twitter, as Congress seeks to thwart the Russian government from spreading disinformation ahead of another U.S. election.

The new bill is called the Honest Ads Act, and it’s the brainchild of Democratic Sens. Mark Warner and Amy Klobuchar. In recent days, they’ve also enlisted critical Republican support from Sen. John McCain. Their measure, in short, would require tech giants for the first time to make copies of political ads — and information about the audience those ads targeted — available for public inspection.

The proposal arrives as congressional lawmakers continue to probe the extent to which Russian-aligned agents sought to co-opt Facebook, Google and Twitter before and after the 2016 presidential race.

Each one of those major online platforms already has found some evidence of the Kremlin’s meddling — and in many cases, government-backed trolls sought to sow social unrest through divisive, misleading advertisements that touched on racial and religions issues.

To that end, the new Senate bill — obtained by Recode before its official introduction on Thursday — seeks to impose new regulations on any website, web application, search engine, social network or ad network that has 50 million or more unique U.S. visitors in a majority of months in a given year.

For campaigns that seek to spend more than $500 on total political ads, tech and ad platforms would have to make new data about the ads available for public viewing. That includes copies of ads, as well as information about the organizations that purchased it, the audiences the ads might have targeted and how much they cost.

The new online ad disclosure rules would cover everything from promoted tweets and sponsored content to search and display advertising. And it includes ads on behalf of a candidate as well as those focused on legislative issues of national importance, according to a copy of the bill.

To Warner, at least, the language encompasses some of the roughly 3,000 ads purchased by Russian agents on Facebook ahead of Election Day. Many of those ads sought to stoke tensions around issues like Black Lives Matter or gun control, even if they didn’t mention a specific candidate. And a “majority” of them would “fall into the category where they would be retained for an individual to view the content,” Warner said.

Many of the proposed rules mirror some of the disclosure requirements that already apply to broadcasters, who must make copies of political ads run on their airwaves available for public viewing. In that vein, federal lawmakers also seek to ensure that political ads on Facebook, Google and Twitter must have clear and conspicuous disclaimers saying who purchased them. Tiny font isn’t enough, at least in the eyes of Warner and his allies.

Lastly, tech giants would have to employ “reasonable efforts” to ensure that foreign governments and their agents — from Russia or elsewhere — are not purchasing political ads on their platforms.

“Russia will keep trying to divide our country,” Klobuchar said at a press conference at the Capitol on Thursday. “They’ve tried it once, and they’ll do it again. That’s why we’ve introduced this bill.”

Within the tech industry, the Honest Ads Act is likely to provoke a mixed response, as companies look to harden their platforms against misinformation while avoiding any new, onerous regulations. Facebook, for one, has has promised to hire roughly 1,000 new employees to review political ads before they appear on the site.

“We are reviewing the legislation and look forward to further engagement with the sponsors,” said the Internet Association, a Washington, D.C.-based lobbying group for Facebook, Google, Twitter and other Web giants. “This is an important issue that deserves attention and the internet industry is working with legislators in both the House and Senate interested in political advertising legislation.”

Others in the tech industry, however, warmly welcomed the effort.

It’s about time. No excuse for platforms to be exempt from the intent and purpose of existing laws on disclosure of political ad spending. https://t.co/UamQvvgA3a
— Pierre Omidyar (@pierre) October 19, 2017

On Capitol Hill, meanwhile, the bill might struggle to advance. Not all federal lawmakers share Warner’s interest in Russia’s activities on social media, while Republicans generally have dismissed federal probes into Kremlin interference during the 2016 presidential election.

The addition of McCain as a co-sponsor, however, at least serves as an important first step in bringing more GOP backers on board. House lawmakers on Thursday introduced their own version of the bill, too.

Still, the early legislative efforts set the stage for perhaps an awkward confrontation when Facebook, Google and Twitter dispatch their executives to testify at two hearings before the House and Senate Intelligence Committees on November 1. Warner is the top Democrat on the Senate’s panel.

Facebook plans to send Colin Stretch to the twin hearings, the company confirmed on Thursday. From Twitter, it’ll be acting General Counsel Sean Edgett making the trip to Washington, D.C., a spokeswoman said. And Google much later acknowledged that its general counsel, Kent Walker, would appear before House and Senate lawmakers.

“I think that they got the message,” Warner said of the tech industry, “but I think the real proof in the pudding will be, come to the hearing on November 1. These companies are going to have to testify before members of the United States Senate and answer these questions.”
https://www.recode.net/2017/10/19/16...-political-ads





As U.S. Confronts Internet’s Disruptions, China Feels Vindicated
Steven Lee Myers and Sui-Lee Wee

In the United States, some of the world’s most powerful technology companies face rising pressure to do more to fight false information and stop foreign infiltration.

China, however, has watchdogs like Zhao Jinxu.

From his small town on the windswept grasslands of the Inner Mongolia region of China, Mr. Zhao, 27, scours the internet for fake news, pornography and calls to violence. He is one of a battalion of online “supervisors” whom Weibo, one of China’s biggest social media platforms, announced last month it would hire to help enforce China’s stringent limits on online content.

For years, the United States and others saw this sort of heavy-handed censorship as a sign of political vulnerability and a barrier to China’s economic development. But as countries in the West discuss potential internet restrictions and wring their hands over fake news, hacking and foreign meddling, some in China see a powerful affirmation of the country’s vision for the internet.

“This kind of thing would not happen here,” Mr. Zhao said of the controversy over Russia’s influence in the American presidential election last year.

Besides Communist Party loyalists, few would argue that China’s internet control serves as a model for democratic societies. China squelches online dissent and imprisons many of those who practice it. It blocks foreign news and information, including the website of The New York Times, and promotes homegrown technology companies while banning global services like Facebook and Twitter.

At the same time, China anticipated many of the questions now flummoxing governments from the United States to Germany to Indonesia. Where the Russians have turned the internet into a political weapon, China has used it as a shield.

In fact, when it comes to technology, China has prospered. It has a booming technology culture. Its internet companies rival Facebook and Amazon in heft. To other countries, China may offer an enticing top-down model that suggests that technology can thrive even under the government’s thumb.

“It doesn’t matter how efficient the internet is,” said Zhu Wei, deputy director of the Communications Law Research Center at the China University of Political Science and Law, which advises the government on internet laws. “It won’t work without security.”

China is not resting on its laurels.

In the weeks leading up to the major party congress that opens in Beijing on Wednesday, the country’s internet regulator, the Cyberspace Administration of China, has issued a raft of new regulations.

One, which took effect last week, holds the creators of online forums or group chats responsible for their users’ comments.

Another bans anonymous users, a blow at the bots and deceptive accounts — like those on Facebook and Twitter — that distributed false stories aimed at American voters.

“If our party cannot traverse the hurdle presented by the internet, it cannot traverse the hurdle of remaining in power,” a department of the cyberspace administration wrote in a top party journal last month.

The article was in keeping with President Xi Jinping’s early recognition of the power of the internet. Mr. Xi created and empowered the cyberspace administration, which has subsumed many of the overlapping agencies that once governed content in cyberspace.

The administration is now seen as an institution as important as the defense ministry. Since last year, it has been led by Xu Lin, 54, a party technocrat and former propaganda official, who, like other influential officials who previously worked beside Mr. Xi in Shanghai, has soared through the ranks.

Samm Sacks, a senior fellow with the Center for Strategic and International Studies, said the cyberspace administration was a core part of Mr. Xi’s vow to make China a cyber superpower, on par with the United States.

“There’s a recognition that technology has advanced more quickly than the government’s ability to control it,” Ms. Sacks said. Russia’s interference with Facebook, to cite only one example, was “justification for exactly what they are doing here.”

China’s homegrown internet companies are key to its top-down approach. Tech firms are expected to keep content on file for 60 days and report to the police any forbidden content. The government is acquiring small equity stakes in some tech companies in exchange for board seats, giving it a direct role in the governance of new internet titans.

The tech firms also face tight penalties if they fail to keep users in line. In September, the cybersecurity administration imposed fines on social media platforms owned wholly or in part by three of China’s biggest internet companies — Tencent Holdings, the Alibaba Group and Baidu — for failing to stop the circulation of fabricated rumors, violence and pornography. (Companies can be fined up to $76,000 per offense, and have their business licenses canceled, if they cannot prevent the transmission of banned content.)

Human rights observers worry that the crackdown may have a chilling effect on political speech that is already tightly curbed. Last month, for example, the police raided the home of a university professor, Liu Pengfei, who had hosted a current-affairs forum on Tencent’s WeChat software, one of the world’s most popular messaging apps.

In exchange for accepting tight controls, China internet companies have been allowed to grow while their foreign rivals were shut out of the country. They can now claim their own technology successes. Tencent’s WeChat has transformed social life in China: People use it to chat, pay bills, transfer money, book cabs and hook up romantically.

China is now embarking on an ambitious project to dominate fields like artificial intelligence, and some say China could be at an advantage. It has more than 700 million internet users, and it doesn’t have a robust legal framework to deal with data privacy intrusions. That makes it easier for companies to harness user data — which is core to developing A.I. technology.

Still, China’s advantage could be double-edged. Chinese internet companies have struggled to expand abroad, which experts say stems in part from their dependence on their government.

“To a large extent, the competitive advantage is the political relationship they have with the government there and that’s not something you can carry across borders,” said Lokman Tsui, an assistant professor at the Chinese University of Hong Kong.

Moreover, not all of the new restrictions have been welcomed here. Some of the companies — and internet users — balked at tightened enforcement of rules requiring users of social media platforms to provide their real identities to the companies (although they may still use online pseudonyms). Weibo’s announcement that it was seeking 1,000 recruits to become supervisors to report illegal content online — the definitions of which can be expansive — was met by derision on its own site.

“Online and offline, Big Brother is watching,” wrote one user, who used the handle mingxinjianxing.

But when it comes to the controversy over Russia’s intervention, there has been little discussion here. Among the few who are discussing it on Weibo, some expressed shock that the United States does not censor information shared on social media platforms.
Mr. Zhao, the young volunteer on Weibo, is typical of those here who believe government control is justified.

In a restaurant called Europa, Mr. Zhao — who declined to disclose details of where and how he works — described China’s system not as “Big Brother” so much as a younger brother, which he is, protecting children, like those of his sister, from harmful material.

“Even though the internet is virtual, it is still part of society,” he added. “So in any space I feel no one should create pornographic, illegal or violent posts.”

In his new capacity, he scours Weibo in search of the lurid and illicit. Some posts, he explained, are thinly veiled solicitations for pornography or prostitution, including one message he reported to the police the other day for using what he said was a euphemism for selling sex.

When he reports abuse, it is the police who follow up. He excitedly displayed his smartphone to show the latest of his more than 3,000 followers on Weibo: the division of the Beijing police that monitors the internet.

“Normally, if you don’t do bad things, you don’t get followed by the police,” he said. “I think this — for someone who has been online for so many years — is really special.”

_____

Steven Lee Myers reported from Hulunbuir and Beijing, and Sui-Lee Wee from Beijing. Olivia Mitchell Ryan, Cao Li and Zhang Tiantian contributed research from Beijing.
https://www.nytimes.com/2017/10/16/w...r-control.html





LTE Series 3 Apple Watch Cut Off from Networks in China, Government Concerns Likely to Blame
Mike Wuerthele

Purchasers of the Series 3 Apple Watch with LTE in China at present have no wireless network connectivity options, with the lone carrier possibly forced by the government to cease service.

A report on Thursday from the Wall Street Journal notes that LTE connectivity was cut off on Sept. 28 after brief availability from China Unicom. While not yet confirmed, unnamed industry analysts cited by the report claim that the suspension is probably from governmental concerns about not being able to track and confirm users of the device.

Apple issued a brief statement confirming the situation, and referring customers to China Unicom. Neither China Unicom, nor Chinese regulators have made any statement on the matter.

The issue may stem from the eSIM in the Apple Watch. Devices like the iPhone have state-owned telecom company-issued SIM cards — and the eSIM is embedded in the device by Apple.

"The eSIM (system) isn't mature enough yet in China," one analyst said. "The government still needs to figure out how they can control the eSIM."

The LTE version of the Apple Watch had only a trial certificate to operate on the Chinese LTE network. An analyst who asked not to be identified expects that Ministry of Industry and Information Technology may take months to figure out how the government will deal with the eSIM, and issue a formal certificate for operation.

In 2015, Apple and Samsung were working with some of the largest carriers in the world on eSIM technology — including China Unicom. The technology is related to, but not identical to the Apple SIM technology in the iPad used by companies like GigSky, to allow users to easily buy temporary, contract-free data plans while traveling internationally.
http://appleinsider.com/articles/17/...ikely-to-blame





African Rulers' Weapon Against Web-Based Dissent - the Off Switch
Edward McAllister

Rapidly expanding access to the internet across Africa is helping grassroots opposition movements take on once-invulnerable regimes. Many entrenched rulers have a simple response: pulling the plug.

While countries in the Middle East and China employ firewalls and block virtual private networks to control web access, leaders in Africa increasingly prefer the blunter instrument of outright outages.

Critics say that infringes not just the rights of individuals but also undermines the burgeoning economies of some of the world’s poorest countries.

Since the start of 2016, governments in 13 African nations have intentionally shut down the internet on 21 occasions, mainly during elections and protests, according to a database run by online rights group Access Now. That compares to seven shutdowns in the previous two years.

Earlier this month, tech entrepreneur Sama Tanya saw Cameroonian police fire teargas into a residential building during protests by the country’s English-speaking minority.

As choking women and children poured onto the street, he considered documenting the crackdown to share on social media, only to realise the internet connection had been cut.

“I couldn’t even reach my family to tell them. I was worried, but I couldn’t share a thing,” he said by telephone from the city of Buea, the epicentre of the demonstrations.

Rights group Internet Without Borders says cutting access is a violation of international law and defies a July 2016 U.N. resolution affirming that “the same rights that people have offline must also be protected online.”

Internet freedom declined worldwide for the sixth straight year in 2016, according to an annual report from Freedom House.

“Africa is becoming a new testing ground for authoritarian practices online,” said Francois Patuel, West Africa researcher at Amnesty International.

“We have seen disruptions in Togo and in other countries but also arrests for what people are saying online. Often what people say online can be used against them in court.”

“PROTECT THE POPULATION”

Internet cuts in Africa date back to the 2011 Arab Spring when rulers in Egypt, Tunisia and Libya sought to control the spread of information.

Today, the intent is the same, but the methods have evolved.

Governments slow internet speed by reducing bandwidth, or “throttling”, and target and shut down certain URLs like Facebook, Twitter and WhatsApp, a process known as filtering.

Although free apps like VPN Monster and Turbo VPN can circumvent filtering using VPNs which mask the location of a computer or phone, even a VPN won’t help you if you don’t have an internet connection in the first place.

When Gabon shut down internet access for several days last year as violent street protests erupted against President Ali Bongo’s contested re-election, it likely only required flipping a virtual switch at state-run Gabon Telecom.

Gabon Communications Minister Bilie-By-Nze acknowledged in a Reuters interview that internet access had been disrupted, but declined to comment further.

During elections in Gambia in December, the government ordered the shutdown of the internet’s “landing point”, the central point from which service is supplied to the whole country, according to two people with knowledge of the decision.

In Togo, authorities appeared to have organised a mobile data shutdown during opposition protests against President Faure Gnassingbe last month, according to people who were there who said fixed internet lines remained available.

“Certain people post images to amplify the situation or publish photos of horror,” Togo’s Security Minister Colonel Damehame Yark told reporters earlier this month. “The government decided to cut the internet because we have to protect the population.”

Democratic Republic of Congo asked telecommunications companies to block social media networks in December. Providers declined to comment at the time on whether they would comply, but one industry executive said all companies had signed an agreement to respect national security injunctions.

“When a sovereign government gives licenses to telecoms companies, those companies have little choice but to comply with the government’s demands,” said Doug Madory, director of internet analysis at Oracle Dyn, which monitors international internet traffic flows.

Orange and Airtel, which provide service in countries where there have been shutdowns, did not respond to requests for comment for this story. MTN, the continent’s top mobile phone operator, provided a link to a company statement outlining its dedication to internet freedom but declined to comment further.

BAD FOR BUSINESS

Outages may be aimed at political opponents or social disruptors but businesses crucial to Africa’s economic growth can get also caught up in the crackdown.

Sub-Saharan Africa’s internet shutdowns have cost the region up to $237 million in economic losses since 2015, according to a recent report by the UK government-funded Collaboration on International ICT Policy for East and Southern Africa.

Shutdowns are “adversely affecting the livelihoods of citizens, undermining the profitability of business enterprises, and reducing the GDP and competitiveness of countries that implement them,” the report said.

Etta Ayuk’s small tech start-up Skylabase, which provides software to banks, lost three major clients and $20,000 worth of business when the internet was shut down from January to April in Anglophone Cameroon, forcing him to fire nearly half his employees.

During the outage, Ayuk and his remaining staff crammed onto buses every morning for the 70-km (44-mile) drive to Francophone Cameroon’s commercial capital, Douala, to use the internet there. Gridlock often made it a three-hour trip each way.

Cameroon’s government declined repeated requests for comment.

Ayuk is considering rebasing to Gambia, which has not had a government shutdown since Adama Barrow became president in January 2017. Barrow is encouraging internet start-ups.

“I am a child of Cameroon, I don’t want to leave,” he said. “But the political situation is not supporting us.”

Additional reporting by Josiane Kouagheu in Douala, John Zodzi in Lome and Gerauds Wilfried Obangome in Libreville; Editing by Joe Bavier and Sonya Hepinstall
https://uk.reuters.com/article/uk-af...-idUKKBN1CL27Q





Smartphones Are Killing Americans, But Nobody’s Counting

Amid a historic spike in U.S. traffic fatalities, federal data on the danger of distracted driving are getting worse.
Kyle Stock, Lance Lambert, and David Ingold

Jennifer Smith doesn’t like the term “accident.” It implies too much chance and too little culpability.

A “crash” killed her mother in 2008, she insists, when her car was broadsided by another vehicle while on her way to pick up cat food. The other driver, a 20-year-old college student, ran a red light while talking on his mobile phone, a distraction that he immediately admitted and cited as the catalyst of the fatal event.

“He was remorseful,” Smith, now 43, said. “He never changed his story.”

Yet in federal records, the death isn’t attributed to distraction or mobile-phone use. It’s just another line item on the grim annual toll taken by the National Highway Transportation Safety Administration [NHTSA]—one of 37,262 that year. Three months later, Smith quit her job as a realtor and formed Stopdistractions.org, a nonprofit lobbying and support group. Her intent was to make the tragic loss of her mother an anomaly.

To that end, she has been wildly unsuccessful. Nine years later, the problem of death-by-distraction has gotten much worse.

Over the past two years, after decades of declining deaths on the road, U.S. traffic fatalities surged by 14.4 percent. In 2016 alone, more than 100 people died every day in or near vehicles in America, the first time the country has passed that grim toll in a decade. Regulators, meanwhile, still have no good idea why crash-related deaths are spiking: People are driving longer distances but not tremendously so; total miles were up just 2.2 percent last year. Collectively, we seemed to be speeding and drinking a little more, but not much more than usual. Together, experts say these upticks don’t explain the surge in road deaths.

There are however three big clues, and they don’t rest along the highway. One, as you may have guessed, is the substantial increase in smartphone use by U.S. drivers as they drive. From 2014 to 2016, the share of Americans who owned an iPhone, Android phone, or something comparable rose from 75 percent to 81 percent.

The second is the changing way in which Americans use their phones while they drive. These days, we’re pretty much done talking. Texting, Twitter, Facebook, and Instagram are the order of the day—all activities that require far more attention than simply holding a gadget to your ear or responding to a disembodied voice. By 2015, almost 70 percent of Americans were using their phones to share photos and follow news events via social media. In just two additional years, that figure has jumped to 80 percent.

Finally, the increase in fatalities has been largely among bicyclists, motorcyclists, and pedestrians—all of whom are easier to miss from the driver’s seat than, say, a 4,000-pound SUV—especially if you’re glancing up from your phone rather than concentrating on the road. Last year, 5,987 pedestrians were killed by cars in the U.S., almost 1,100 more than in 2014—that’s a 22 percent increase in just two years.

Safety regulators and law enforcement officials certainly understand the danger of taking—or making—a phone call while operating a piece of heavy machinery. They still, however, have no idea just how dangerous it is, because the data just isn’t easily obtained. And as mobile phone traffic continues to shift away from simple voice calls and texts to encrypted social networks, officials increasingly have less of a clue than ever before.

Out of NHTSA’s full 2015 dataset, only 448 deaths were linked to mobile phones—that’s just 1.4 percent of all traffic fatalities. By that measure, drunk driving is 23 times more deadly than using a phone while driving, though studies have shown that both activities behind the wheel constitute (on average) a similar level of impairment. NHTSA has yet to fully crunch its 2016 data, but the agency said deaths tied to distraction actually declined last year.

There are many reasons to believe mobile phones are far deadlier than NHTSA spreadsheets suggest. Some of the biggest indicators are within the data itself. In more than half of 2015 fatal crashes, motorists were simply going straight down the road—no crossing traffic, rainstorms, or blowouts. Meanwhile, drivers involved in accidents increasingly mowed down things smaller than a Honda Accord, such as pedestrians or cyclists, many of whom occupy the side of the road or the sidewalk next to it. Fatalities increased inordinately among motorcyclists (up 6.2 percent in 2016) and pedestrians (up 9 percent).

“Honestly, I think the real number of fatalities tied to cell phones is at least three times the federal figure,” Jennifer Smith said. “We’re all addicted and the scale of this is unheard of.”

In a recent study, the nonprofit National Safety Council found only about half of fatal crashes tied to known mobile phone use were coded as such in NHTSA databases. In other words, according to the NSC, NHTSA’s figures for distraction-related death are too low.

Perhaps more telling are the findings of Zendrive Inc., a San Francisco startup that analyzes smartphone data to help insurers of commercial fleets assess safety risks. In a study of 3 million people, it found drivers using their mobile phone during 88 percent of trips. The true number is probably even higher because Zendrive didn’t capture instances when phones were mounted in a fixed position—so-called hands free technology, which is also considered dangerous.

“It’s definitely frightening,” said Jonathan Matus, Zendrive’s co-founder and chief executive officer. “Pretty much everybody is using their phone while driving.”

There are, by now, myriad technological nannies that freeze smartphone activity. Most notably, a recent version of Apple’s iOS operating system can be configured to keep a phone asleep when its owner is driving and to send an automated text response to incoming messages. However, the “Do Not Disturb” function can be overridden by the person trying to get in touch. More critically, safety advocates note that such systems require an opt-in from the same users who have difficulty ignoring their phones in the first place.

In NHTSA’s defense, its tally of mobile phone-related deaths is only as good as the data it gets from individual states, each of which has its own methods for diagnosing and detailing the cause of a crash. Each state in turn relies on its various municipalities to compile crash metrics—and they often do things differently, too.

The data from each state is compiled from accident reports filed by local police, most of which don’t prompt officers to consider mobile phone distraction as an underlying cause. Only 11 states use reporting forms that contain a field for police to tick-off mobile-phone distraction, while 27 have a space to note distraction in general as a potential cause of the accident.

The fine print seems to make a difference. Tennessee, for example, has one of the most thorough accident report forms in the country, a document that asks police to evaluate both distractions in general and mobile phones in particular. Of the 448 accidents involving a phone in 2015 as reported by NHTSA, 84 occurred in Tennessee. That means, a state with 2 percent of the country’s population accounted for 19 percent of its phone-related driving deaths. As in polling, it really depends on how you ask the question.

“Crash investigators are told to catch up with this technology phenomenon”

Massachusetts State Police Sergeant Christopher Sanchez, a national expert on distracted driving, said many police departments still focus on drinking or drug use when investigating a crash. Also, figuring out whether a mobile phone was in use at the time of a crash is usually is getting trickier every day—proving that it precipitated the event can be even harder to do.

Prosecutors have a similar bias. Currently, it’s illegal for drivers to use a handheld phone at all in 15 states, and texting while driving is specifically barred in 47 states. But getting mobile phone records after a crash typically involves a court order and, and even then, the records may not show much activity beyond a call or text. If police provide solid evidence of speeding, drinking, drugs or some other violation, lawyers won’t bother pursuing distraction as a cause.

“Crash investigators are told to catch up with this technology phenomenon—and it’s hard,” Sanchez said. “Every year new apps are developed that make it even more difficult.” Officers in Arizona and Montana, meanwhile, don’t have to bother, since they allow mobile phone use while you drive. And in Missouri, police only have to monitor drivers under age 21 who pick up their phone while driving.

Like Smith, Emily Stein, 36, lost a parent to the streets. Ever since her father was killed by a distracted driver in 2011, she sometimes finds herself doing unscientific surveys. She’ll sit in front of her home in the suburbs west of Boston and watch how many passing drivers glance down at their phones.

“I tell my local police department: ‘If you come here, sit on my stoop and hand out tickets. You’d generate a lot of revenue,’” she said.

Since forming the Safe Roads Alliance five years ago, Stein talks to the police regularly. “A lot of them say it surpasses drunk driving at this point,” she said. Meanwhile, grieving families and safety advocates such as her are still struggling to pass legislation mandating hands-free-only use of phones while driving—Iowa and Texas just got around to banning texting behind the wheel.

“The argument is always that it’s big government,” said Jonathan Adkins, executive director of the Governors Highway Safety Association. “The other issue is that … it’s hard to ban something that we all do, and we know that we want to do.”

“We all know what’s going on, but we don’t have a breathalyzer for a phone”

Safety advocates such as Smith say lawmakers, investigators and prosecutors won’t prioritize the danger of mobile phones in vehicles until they are seen as a sizable problem—as big as drinking, say. Yet, it won’t be measured as such until it’s a priority for lawmakers, investigators and prosecutors.

“That’s the catch-22 here,” Smith said. “We all know what’s going on, but we don’t have a breathalyzer for a phone.”

Perhaps the lawmakers who vote against curbing phone use in cars should watch the heart-wrenching 36-minute documentary filmmaker Werner Herzog made on the subject. Laudably, the piece, From One Second to the Next, was bankrolled by the country’s major cellular companies. “It’s not just an accident,” Herzog said of the fatalities. “It’s a new form of culture coming at us, and it’s coming with great vehemence.”

Adkins has watched smartphone culture overtake much of his work in 10 years at the helm of the GHSA, growing increasingly frustrated with the mounting death toll and what he calls clear underreporting of mobile phone fatalities. But he doesn’t think the numbers will come down until a backlash takes hold, one where it’s viewed as shameful to drive while using a phone. Herzog’s documentary, it appears, has had little effect in its four years on YouTube.com. At this point, Adkins is simply holding out for gains in autonomous driving technology.

“I use the cocktail party example,” he explained. “If you’re at a cocktail party and say, ‘I was so hammered the other day, and I got behind the wheel,’ people will be outraged. But if you say the same thing about using a cell phone, it won’t be a big deal. It is still acceptable, and that’s the problem.”
https://www.bloomberg.com/news/artic...ody-s-counting

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

October 14th, October 7th, September 30th, September 23rd

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
__________________
Thanks For Sharing
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 08:46 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)