P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 09-03-16, 07:24 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - March 12th, '16

Since 2002


































"No, turning on your phone is not consenting to being tracked by police." – Alex Emmons






































March 12th, 2016




P2P File Sharing App Reach Raises $500K from Rebright Partners, Others

The app lets users discover music, apps and free games from their friends' network.
Binu Paul

Reach, a cross platform mobile application which gives users access to files across mobile devices, has raised $500,000 (around Rs 3.3 crore) led by Japanese VC firm Rebright Partners.

Early stage investment firm Sol Primero, Sudhir Anandarao (entrepreneur in residence at Bessemer Venture Partners), Ankur Warikoo (CEO of Nearbuy), Ankur Singla (CEO of Helpchat), and a few other angel investors including Durgesh Kaushik, Pritesh Gupta and Anunay Gupta have participated in this round.

Currently in version 1.0, the app lets users discover music, apps and free games from their friends' network. Users can send friend a request and get permission to access their friends’ mobile collection to listen to their music for free, install the apps they use and play the free games. The app has an in-build music player on which a user can play his friend’s free music.

“We envision Reach to be the ‘go to’ app for the millennia in India for discovering content from their friends and communicating with them seamlessly,” said Takeshi Ebihara, founder and general partner at Rebright Partners.

The startup, run by Reach App Pte Ltd, plans to introduce links as another file type wherein saved links can be accessed by others from their phones. It also plans to add provisions to share images, pictures and videos using the app in the future, with the user controlling what is visible to others and what is not.

Reach was founded by Akshay Pruthi, Abhay Pruthi, Ashish Kumar and Ayush Verma. It launched the beta version in March 2015.

“Reach has been developed to create a social graph between friends via sharing and discovery of content being consumed by their peers every day,” said Ashish Kumar, co-founder of Reach.

The app claims to have over 50,000 users with more than 16 million files on its network and over 2 million file events.
http://www.vccircle.com/news/technol...artners-others





How These Students Hooked a Japanese VC with a Sexy App to Share Files Between Phones
Malavika Velayanikal

You know all about chance encounters. You cross paths with a stranger; you get talking; and that stranger upturns your life – for good or for bad. Well, in the case of Akshay Pruthi, a 22-year-old engineering student who had a cool hack to discover music with friends, it’s been all good.

Akshay’s first brush with a “real” CEO – Ankur Warikoo, co-founder of Nearbuy (formerly Groupon India) – changed the course of his life and also his startup’s. In just about half-an-hour, Ankur convinced Akshay to overhaul his two-and-a-half-year-old network for amateur musicians Lost Beat. He had

Ankur, also an active angel investor, pointed out how monetization was a chronic pain for all music apps. He picked out a music-sharing feature within Lost Beat and asked Akshay to build a full-fledged prototype of it. “That was an interesting 30 minutes,” Akshay tells me, chuckling.

“The half an hour I spent talking to him was probably the most productive meeting I had ever had till then. The kind of work life I wanted to lead was clearer to me than it had ever been before, and I told Ankur I would be back in his office in two months with something interesting.”

Akshay already had his brother Abhay, who was working with fintech startup Instamojo, in his corner. The brother had build Lost Beat together. Now, they roped in Akshay’s college mates Ayush Verma and Ashish Kumar. Together, they built a nifty peer-to-peer app called Reach within two months.

When Akshay came knocking again with the prototype, Ankur was pleased enough with it to get on board. He also introduced the “hungry lean team” to his friend, frequent co-investor, and namesake: Ankur Singla, CEO of Helpchat.

Then came Akshay’s next stroke of good fortune. He happened to be at co-working hub 91 Springboard where Japanese VC Takeshi Ebihara, founder of Rebright Partners, was talking to entrepreneurs. Akshay seized the chance. And before long, Rebright led a seed round of funding in Reach, along with the two Ankurs.

A bunch of other investors – Sol Primero, lead investors of Zostel; Durgesh Kaushik, former marketing manager with Facebook and chief marketing officer of Edureka; Pritesh Gupta, founder of Zipgo and former vice president of Ola and TinyOwl; Anunay Gupta, partner – analytics at Brillio, and Sudhir Anandarao, the Indian face of Bessemer Venture Partners – also took part in the round. Together, the investors pumped in around US$500,000 in two tranches.

All this happened a year ago, when Reach was still in beta. The startup came out of the shadows a couple of weeks back, revealing its backers as well as its product 1.0.

What caught the eye of investors

“Share content without actually sharing – that’s the idea of Reach,” says Akshay. “Go again,” I say, shaking my head. “How do you share without sharing?”

Akshay laughs before taking me back to college when friends shared not just homework, clothes, and food but also what’s in each other’s phones, laptops, and hard disks. We tell friends to WhatsApp photos we clicked on a trip together. We borrow each other’s hard disks to copy movies. We ask each other about latest apps. We pester cousins to send songs over Bluetooth. “What if you can do all that without taking the physical trouble of asking each time you need any of those? If we trust our friends so much, why not access media files directly from their phones? That was the thought behind Reach,” Akshay says.

So it’s a peer-to-peer file sharing app for mobile devices.

Here’s how Reach works. You download the Reach App, send your friend a request and get her permission to access videos, songs, and whatever else you both want to share. So without the hassle of asking, downloading, and uploading each time, you can just peek into your friend’s phone, listen to her music for free, discover the cool fashion apps she’s been using, and play the games she’s gushing about.

The app has an in-built music player. So you don’t have to switch between music players.

“We ensure privacy by letting you choose the files you want to share,” adds Akshay. “Your personal files are hidden by default. You can set the controls to choose what’s visible to whom. We don’t upload your files on our servers. The file gets transferred directly across mobile.”

It was his friend Ayush who brought the concept of peer-to-peer to the table. “Ayush was hooked to torrent, which is powered by a P2P engine. How better could it get for a torrent freak to get to work on the same technology? He built Reach’s entire P2P engine on his own,” Akshay says.

Ashish, their fourth co-founder, was the one who gave the app its face eventually. “He was an Android whiz and already had a job offer from Zomato when we [Akshay, Abhay, and Ayush] approached him. He decided to take a chance with us and fuck his 7-digit salary package to join us,” Akshay recalls.

There is no dearth of file sharing apps in the market, with different avatars coming up ever since the fall of Napster. Take one of the currently popular ones Send Anywhere, for instance. It gives you a six-digit code which will then let you share any file type without login or signup. You give your friend that code, and she can use it to download the file you sent. This too uses a P2P protocol, and doesn’t save the file on its servers.

P2P file sharing on mobile devices is a relatively new phenomenon. But with smartphones getting more hardware muscle and connectivity features, P2P tech can be implemented on them too. There’s WeTransfer, which lets you upload up to 10GB at a time and send a link to download the files via email, Infiniti, which lets you send files to multiple recipients, and BitTorrent Shoot which lets you share photos and videos.

What makes Reach stand out is its adaptation of P2P tech to mobile that lets you discover what you want from your friend’s phone. You don’t have to be near your friends to transfer files. You can remotely access their mobile phones and pick anything from what you see. There is no network restriction as the app works on any internet connection. You can transfer multiple files at the same time and also reach those offline.

“Eventually, we are going to add link-sharing as well. Something like Pocket,” Akshay says. His brother Abhay adds: “We are going to change the way people exchange content with their mobile devices. With an increase in mobile penetration, what excites me is the user’s mobile lifestyle – the apps they like, the content they consume, or the activities they do – what we call a mobile user fingerprint.”

There are over 16 million files in the Reach network currently. And users have been spending 8 minutes on an average per session, the team says. They moved into an office in Gurgaon, near Delhi, after Akshay, Ayush, and Ashish graduated last year.

Rebright sees an opportunity for Reach to grow as a homegrown communication platform in India, like how Line did in Japan, WeChat in China, and Kakao in South Korea. Reach and its early backers are aiming big.
https://www.techinasia.com/mobile-fi...ring-app-reach





Studios, Exhibitors Consider Revolutionary Plan for Day-and-Date Movies at Home

Tech moguls Sean Parker, Prem Akkaraju pitch industry on premium service offering $50 rentals of new releases
Brent Lang

Five years ago, major studios attempts to offer first-run movies in the home months early set off a fierce standoff with theater owners.

Now, a startup backed by Sean Parker of Facebook and Napster fame is trying to encourage Hollywood studios and exhibitors to wade back into those controversial waters. Called the Screening Room, the company offers secure anti-piracy technology that will offer new releases in the home on the same day they hit theaters, sources tell Variety.

Individuals briefed on the plan said Screening Room would charge about $150 for access to the set-top box that transmits the movies and charge $50 per view. Consumers have a 48-hour window to view the film.

To get exhibitors on board, the company proposes cutting them in on a significant percentage of the revenue, as much as $20 of the fee. As an added incentive to theater owners, Screening Room is also offering customers who pay the $50 two free tickets to see the movie at a cinema of their choice. That way, exhibitors would get the added benefit of profiting from concession sales to those moviegoers.

Participating distributors would also get a cut of the $50-per-view proceeds, also believed to be 20%, before Screening Room took its own fee of 10%.

Representatives from the Screening Room have been pounding the pavement in recent months, meeting with all of the major studios and feeling out exhibitors, more than a half dozen industry insiders confirmed to Variety. Parker, who is the major investor in Screening Room, has tapped former Sony Pictures worldwide marketing and distribution chief Jeff Blake in an advisory capacity. He has been working on the project and has deep ties to both the exhibition and studio communities.

At the presentations, Screening Room officials have told studio executives that they are close to finalizing a deal with AMC, which is poised to be the world’s largest exhibitor if its acquisition of Carmike Cinemas is approved by regulators.

There is serious interest from several of the major studios, including Universal, Fox and Sony, people familiar with the matter say. Those studios are continuing to study the business plan and deal terms and remain engaged in discussions with Screening Room. However, many cautioned that the talks are still in the initial stages. For its part, Disney does not appear to be interested in the plan.

One potential deterrent for distributors is that Screening Room is looking to be the exclusive content partner. This may give pause to studios like Universal that make movies available through parent company Comcast, or Sony, which has family ties to PlayStation.

On the other hand, the company’s anti-piracy technology could be appealing to studios who struggle with global content theft. Major films can be widely available illegally online in file-sharing sites within hours of their release.

However, some exhibitors worry that they would essentially be midwifing their demise by agreeing to shrink the windows — which continues to be a hot-button issue for theater owners. Regal, for example, has steadfastly refused to screen any films whose backers do not agree to a standard exclusive theatrical run of roughly 90 days. Box office hit record levels last year, crossing $11 billion for the first time in history. But attendance has been essentially flat in recent years.

Although a few studios, such as Paramount and Universal, have tried to cook up alternative distribution strategies in recent years, most distributors have been wary of upsetting exhibitors. Last fall, Paramount teamed with a few chains, such as AMC and Cineplex, on a plan that allowed them to release the pictures on home entertainment platforms 17 days after the number of theaters showing the films dipped below 300.

There have also been efforts to create technology that allows consumers to watch major studio films in the home. Prima Cinema, for instance, boasts a box that allows customers to screen new releases, but is priced at a much steeper $35,000.

In addition to Parker, Prem Akkaraju serves as CEO of the company and its co-founder. He was previously a partner at the electronic music company SFX Entertainment and was a partner at InterMedia Partners. In addition, he worked at JP Morgan Entertainment Partners and Sanctuary Music Group.

Representatives for Screening Room declined comment, as did AMC and the major studios.
https://variety.com/2016/film/news/s...ve-1201725168/





What’s in the (Cable) Box? Possibly the Future of Television
Tali Arbel

It’s hard to get excited about a cable box. It’s basically a boring oblong you put on a shelf near your TV and never think of again unless your cable service goes out.

But it’s at the center of a battle pitting technology companies and the government against the TV industry. The Federal Communications Commission wants to let you buy your own cable box in hopes of saving you money and getting you new features. The cable industry worries about losing the power to frame how you get your video — and with it, billions of dollars in revenue. Some in Hollywood also worry about losing advertising dollars.

Here’s what you need to know about this dispute:

___

WHAT’S A SET-TOP BOX?

Early on, cable boxes were little more than descramblers intended to block channels you hadn’t paid for. Although they still serve that purpose, they’ve evolved into mini-entertainment centers that can record and play back programs, handle video on demand and even tempt you with non-TV distractions. Comcast, for example, recently added video games.

Most TV subscribers today lease boxes from their TV service provider. A study released last year by Sens. Edward Markey and Richard Blumenthal, Democrats on a Senate subcommittee that oversees technology and communications, found that the average household spends about $231 a year on box rental fees. Although some boxes can integrate Netflix, most people need a separate device to watch online video.

___

WHAT DOES THE GOVERNMENT WANT TO DO?

The FCC wants to give you more options for buying boxes and using different TV-watching software, much the way you can currently buy your own phone or modem.

The tech companies and regulators arrayed behind this effort claim you’ll see lower prices, more choices and technological advances as a result.

The new rules would force TV suppliers — companies like Comcast, DirecTV and Verizon Fios — to make available video and channel information to outside companies like Google, Apple and TiVo. They’d have to provide this data in a format set by an “open standards body,” which the FCC says could include consumer-technology makers, cable companies, content companies, apps developers and consumer-interest groups.

___

HAVE THERE BEEN EFFORTS TO “UNLOCK THE BOX” BEFORE?

Yes, but they didn’t work.

About 12 years ago, cable operators rolled out CableCards — high-tech cards you could stick in TVs or boxes sold by others, like TiVo, to negate the need for a cable box.

But cable companies initially had to install them for customers and had no incentive to make sure they were easy to get and activate, says John Bergmayer, an attorney at the public-interest group Public Knowledge, which supports the government’s cable-box initiative.

A cable-industry vision from 2008, dubbed tru2way, also failed. The cable industry designed software for TVs that let them deliver cable without a box. But the technology didn’t appeal to consumer-electronics companies and fizzled out, Bergmayer says.

___

BENEFITS FOR VIEWERS

With a device like an Apple TV, you could, theoretically, get all your video in one place: live cable channels, Netflix, HBO’s app, YouTube. And the device would keep working even if you switched, say, from cable to satellite TV.

You could also see better search capabilities. New gadgets might let you do a single search for both TV channels and online services, which could help you find niche online video that cable companies don’t carry. TiVo already offers such a feature, but you still need a CableCard or a box from a cable company that has partnered with TiVo.

Change is coming no matter what the FCC does, says Alan Wolk, an analyst with the Diffusion Group, a TV and media research firm.

Cable companies already have apps that let you watch TV on phones and tablets, and newer Internet-only offerings deliver channels through a streaming-TV gadget rather than a set-top box.

___

WHY ARE CABLE AND ENTERTAINMENT COMPANIES RESISTING?

Besides losing fees from renting boxes, the cable industry doesn’t want some intermediary in charge of video its customers get. For example, a box designed by Apple might make it just as easy to get video from Netflix, such that customers might question the need to pay for channels or cable’s video-on-demand offerings. Cable companies now pay — and charge you — billions of dollars a year to carry these channels and programs.

Cable companies also worry that they wouldn’t be able to help customers with technological issues and that new ads could interfere with the viewing experience. FCC Chairman Tom Wheeler has said that the rules would prohibit extra advertising, but he didn’t offer details.

Some TV executives worry that instead of buying regular commercials on their channels, advertisers might migrate to targeted-ad opportunities if, say, Google builds a box. The TV executives also have raised concerns that tech companies could use data on your viewing habits in ways cable companies aren’t allowed to.

Most subscribers today take a full-fledged bundle of hundreds of channels that can cost $70 or more a month. An analysis by bond-ratings agency Moody’s says new set-top boxes, if successful with consumers, could pressure cable companies to deliver smaller, cheaper packages.

More choice might be good for you — but maybe not for companies dependent on your monthly bills.
http://www.seattletimes.com/business...of-television/





Microsoft Seeks Comcast Subpoena to Nab Activation Pirates

IP address behind thousands of bootleg Windows, Office, Server installations.
Darren Pauli

Microsoft has asked a US court to issue a subpoena to Comcast, in a bid to obtain subscriber-to-IP address information on users alleged to have pirated en mass copies of Windows and Office platforms.

The subpoena filed with a Washington US District Court seeks to identify users behind IP address 173.11.224.197 alleged to have activated thousands of copies of Microsoft wares.

A filing obtained by TorrentFreak shows Redmond is persuing users alleged to have contacted Microsoft servers some two thousand times between 2012 and 2015.

Microsoft says pirates will often install activated pirate copies of Windows software on computers and sell those at a cut-rate in what is known as hard-disk loading.

Redmond does not claim that the John Doe defendants are doing so.

"During the software activation process, defendants contacted Microsoft activation servers in Washington over two thousand times from 2012 to 2015, and transmitted detailed information to those servers in order to activate the software," Microsoft says in the documents.

"Defendants’ contact with Microsoft’s activation servers was voluntary, intentional and comprised a routine part of defendants’ installation of software.

"Defendants activated and attempted to activate at least several thousand copies of Microsoft software, much of which was pirated and unlicensed."

Microsoft says pirates activated copies of Windows 8, 7, Office 2010, and Windows Server 2008 and 2010 using stolen and repeatedly activated codes obtained through the Redmond's 'supply chain'.

The intelligence is gleaned from activation information voluntarily shared with Microsoft.

"[Forensics] allows Microsoft to analyse billions of activations of Microsoft software and identify activation patterns and characteristics that make it more likely than not that the IP address associated with the activations is an address through which pirated software is being activated," Redmond says.

It would be a significant gaffe on behalf of the alleged pirates if the IP address data pointed to their real identities.

Some of the most popular activation cracks rely on bypassing and blocking Microsoft software activation locally.
http://www.theregister.co.uk/2016/03...ation_pirates/





Desperation Shows As Critics Argue That Nominated Librarian Of Congress Is 'Pro Obscenity'
Mike Masnick

Last week, we wrote about the exciting decision by President Obama to nominate Dr. Carla Hayden to be the next Librarian of Congress. As we noted at the time, she seemed immensely qualified for the position, having successfully run and modernized the Enoch Pratt Free Library in Baltimore. She also clearly recognized the importance of open access and access to culture. Given the job, there's really no honest reason that people can find to criticize the choice. She seems almost perfectly qualified for the position.

But, of course, there are some critics, and boy, are they reaching deep in the depths of inanity to attack this choice. A key issue, of course, is that the Copyright Office is part of the Library of Congress, so Hayden would run the Copyright Office as well. In our original post, we already noted the rather snide statement put out by the RIAA, which basically says "Hayden's fine for the library, but she better keep her filthy hands off of the Copyright Office":

“We are gratified that President Obama has chosen a qualified and capable nominee to be the next Librarian of Congress. We look forward to working with Dr. Hayden.

“It is worth noting that the Library of Congress and the U.S. Copyright Office have been mutually respectful of each other’s areas of expertise. We would hope that the new Librarian would continue to demonstrate that respect for the Copyright Office’s expertise in copyright policy and recommendations to Congress.”

This is bullshit, of course. Basically, the Copyright Office has been ignored by the Librarian of Congress, because the last Librarian basically ignored his job, focusing on hobnobbing with rich people in fancy locations, asking them for money. The MPAA's statement wasn't quite as bad, but did laughably claim that they hope she'll honor "the role of copyright as a driver of knowledge and creativity" which is not a particularly accurate statement:

“We congratulate Dr. Carla Hayden on her nomination. The Librarian of Congress plays a pivotal role for the copyright industries and the nation as a whole as the custodian of our intellectual and cultural heritage. We look forward to learning more during the confirmation process about Dr. Hayden’s vision for leading the Library and honoring the role of copyright as a driver of knowledge and creativity, as well as an engine of our nation’s economic growth and positive trade balance.”

The sketchy lobbying group, the Copyright Alliance did something similar to the RIAA, saying "keep your hands off the Copyright Office."

“We in the Copyright Community hope that Dr. Hayden will demonstrate a deep respect for the value of copyright; appreciate and support the value of authorship to our culture and the laws that protect that authorship; cultivate a direct relationship with the Register of the Copyright Office, Maria Pallante, and continue the deference that the Librarian of Congress has historically demonstrated to the Register of Copyrights.”

But from there, the complaints really stretch the bounds of reality. First up, there's old friend of the blog, perpetually angrily confused musician David Lowery, who breathlessly announced his horror at the fact that the "former director of [a] P2P Piracy Alliance" had endorsed Hayden. Of course, what Lowery leaves out entirely, is the fact that the individual in question, Adam Eisgrau, works for the American Library Association, the exceptionally well respected organization that represents library interests, and of which Dr. Hayden was once President. So it should hardly be a surprise that the ALA supports Hayden's nomination.

But, in Lowery's telling, this is all really about piracy, because well over a decade ago, Eisgrau happened to run the group P2P United, which represented a bunch of P2P applications in lobbying Congress to teach them about the technology and the fact that it had plenty of non-infringing uses. The group once helped raise money to pay off the $2,000 fine that the RIAA forced upon a 12-year-old honor student who downloaded some music. And, as Eisgrau noted at the time, contrary to Lowery's claim that his group was about supporting piracy, the group had always spoken out against piracy, but warned about the harm of throwing out the baby (P2P technology) with the bathwater of infringement by some users.

But, really, Lowery's statement is not the craziest one we've seen. That award goes to a press release I received yesterday from a group called The National Center on Sexual Exploitation (NCOSE) trumpeting that "Obama nominee to Library of Congress led a pro-obscenity group!" Oh really? Of course, it turns out that the "pro-obscenity group" is also the famous and well respected... American Library Association. NCOSE insists they're "pro-obscenity" and "pro-porn" because the ALA has long fought against mandatory internet filters in libraries.

President Obama has announced his intention to nominate Dr. Carla Hayden, former president of the American Library Association, to the post of Librarian of Congress. The National Center on Sexual Exploitation (NCOSE) believes that the pro-pornography agenda of the ALA raises concerns about Dr. Hayden’s nomination.

"The American Library Association (ALA) has been on a campaign to prevent the use of pornography-blocking Internet filtering systems on public library computers since the 1990s," said Patrick Trueman, president and CEO of the National Center on Sexual Exploitation. "The ALA even filed suit in 2001 against the Children’s Internet Protection Act (CIPA), written by U.S. Sen. John McCain (R-AZ). The act was designed to protect children from pornography by requiring the use of Internet filters on computers at public libraries receiving federal funds. The U.S. Supreme Court upheld this statute as constitutional. Yet, the ALA during Dr. Hayden’s tenure as president opposed this common sense measure and distorted the Supreme Court’s decision regarding it, as it continues to do to this day."


That, of course, is a massive misstatement of history. The ALA opposed mandatory filters not because it's "pro-obscenity" but because those filters don't work (both in that they block a lot more than porn, including important educational resources, and in that lots of porn still gets through) and because libraries believe in the importance of freedom to access information. That doesn't mean that it's okay for children to surf porn, but that there are better ways to deal with that than mandatory filters on all computers (even ones exclusively used by adults).

To understand the actual positions of the ALA regarding CIPA, why not read the group's actual statements, such as the explanation of why mandatory filters may not be the best solution by former ALA President Nancy Kranich:

Librarians are dedicated and committed to providing an enriching and safe online experience for children and adults alike. We care deeply about children and all of our library users. We have taken numerous steps to help communities develop policies and programs that ensure that their library users have a positive online experience. Based on our extensive experience working with children and their parents everyday throughout the country, we know what works. More than 95 percent of public libraries have Internet-access policies that were created with community input. These policies set forth the community’s rights and responsibilities for conducting productive, safe Internet use. The vast majority of library patrons use the Internet responsibly, as outlined by their communities’ policies....

... Just as every parent is a little different, every local community has its own set of priorities based on its geography, demographics and size - to name just a few of the factors.

This presents a major problem with the Children’s Internet Protection Act. This legislation imposes a one-size-fits-all mechanical solution on libraries that are as diverse as our families and takes away local and parental control, ceding it to unaccountable filtering companies. Blocking technologies come between librarians and their mission - to connect people with a broad range of information to meet their needs.


And another statement by former ALA President John Berry:

The filtering mandate imposed by Congress is unworkable in the context of a public institution because it restricts access to constitutionally protected speech on the users served by libraries. No filtering or blocking technology exists that blocks access only to speech that is obscene, child pornography or harmful to minors. And no filtering technology protects children from all objectionable materials. many of you will have seen the March issue of Consumer Reports evaluating several filtering software products; the best of the products failed to block one objectionable site in five.

We’re concerned that filters give parents a false sense of security that their children are protected when they are not. Not all problems brought on by transformative technological innovation, like the Internet, have technological solutions, at least in the short term. We believe that education is more effective than filters—kids need to make good decisions about what they read and view, no matter where they are. To be sure, this is a collaborative effort between parents, teachers, librarians and many others.

The Children’s Internet Protection Act is a misnomer. The legislation does not strictly limit access for minors, but for adults and all Internet users in a library.


If this is the best that people can come up with, hopefully it means that Hayden's nomination will sail through. But, boy, people are reaching deep to argue that the American Library Association is either "pro-piracy" or "pro-pornography" by misrepresenting events from over a decade ago, and magically tying them to Dr. Hayden.
https://www.techdirt.com/articles/20...bscenity.shtml





Reels of Classic Films Tend to Melt Into Goo; Philanthropist Won’t Let that Happen
Kenneth Turan

If you care even a little about the art and history of American motion pictures, about being able to see classic films now and forever, you owe a debt of gratitude to David W. Packard.

Packard, the son of Hewlett-Packard co-founder David Packard, has never seen a Steven Spielberg movie and takes pleasure in reading Homer in the original Greek. But he cares deeply about film history, and his Packard Humanities Institute has become one of the leading philanthropic organizations funding film preservation.

Now a landmark moment in that cause is nearing completion on 65 acres in the hills of Santa Clarita, Calif.: a $180 million facility that houses vintage movies in the UCLA Film & Television Archive, including “The Maltese Falcon,” the Flash Gordon serials, Laurel & Hardy’s “Way Out West,” Cecil B. DeMille's personal collection and producer Hal Wallis’ own print of “Casablanca.”

“UCLA was looking for a modest little place to move to, and I got involved and turned it into something monumental,” Packard, 75, said during an extended tour of the facility. “It’s a labor of love and a labor of craziness. I could have just built an adequate facility, but it didn’t cost that much more for it to be something wonderful.”

The campus is designed primarily for storage, research and work related to film preservation, although there may be occasional semi-public events in one of the three screening rooms.

The facility is known as the PHI Stoa, for the Packard Humanities Institute and because the exterior resembles a type of classical Greek building known as a stoa, an outdoor colonnade structure supported by an impressive row of marble columns.

The interior is patterned after the 15th century Convent of Saint Marco in Florence, with offices resembling the cells of a monastery.

Packard, who rarely grants interviews, acknowledges that the design fits his style.

“I’m more like a monk; I like to do my work,” he said. “I don’t want to be a person who goes around boasting about doing things. What’s the point of that?”

For moviegoers who want the classic films they love to be seen on the big screen by their children in the best condition possible, the stakes are enormous. It may seem films are forever, but history tells us this is not the case.

Nitrate-based negatives, Hollywood’s choice until about 1951, are notoriously unstable and over time often deteriorated to chemical goo, taking their one-of-a-kind images with them.

Before efforts like Packard’s, so many films were routinely lost or destroyed that it’s estimated that approximately half the films made before 1951, not to mention that more than eight of 10 features made between 1912 and 1930, no longer exist, according to film historians.

Talk to anyone in the film preservation world and you hear echoes of the words of James H. Billing-ton, the recently retired librarian of Congress, who says: “If you want an analogy to David in American history, Andrew Carnegie would be the best.”

Packard’s institute financed a similar facility dedicated to film preservation outside of Washington, D.C., in Culpeper, Va. Built inside a disused Federal Reserve bunker that once held billions of dollars of shrink-wrapped currency, it includes nearly 90 miles of shelving, plus storage for highly flammable nitrate materials. It was donated to the Library of Congress in 2008.

“Frankly, I can think of no one and no institution which has done more for the cause of film preservation, specifically the preservation of classic American films,” than David Packard, said Jan-Christopher Horak, director of the UCLA Film & Television Archive.

“There are a lot of wealthy people in the film industry, but no one has stepped up to the plate the way David has. The amount of funding he has provided is staggering.”

About 90 percent of the films at PHI Stoa belong to the UCLA collection. They are stored in 120 nitrate vaults, built at a cost of $48 million.

Looking like cells in a 1930s big house movie, these structures are a chilly 38 degrees inside, with contents protected by an elaborate complex of anti-fire technologies, including exhaust ducts and a system called VESDA for “Very Early Smoke Detection Apparatus.”

“They’re the most modern nitrate vaults in existence,” Packard said. “This is not just buying five more years; they’re supposed to last centuries.”

During the tour, Packard’s infectious enthusiasm for film preservation and attention to detail were always on display. He noticed doors that didn’t function properly, pointed out cans of nitrate film that were not placed to take full advantage of heat-resistant shelving and clambered up a ladder to show off the building’s well-maintained interstitial space.

Packard, who was intimately involved in the planning and building, takes pleasure in detailing exactly where in Italy the stone floor tiles, the marble columns, the handmade iron ceiling lanterns came from. He is so happy, in fact, with the work of the more than a dozen Italian subcontractors that he is planning to invite them and their families to the Stoa for a big, celebratory party this summer.

Enough of a film fan to have bought at auction the prop passport that Warner Bros. created for “Casablanca’s” Victor Laszlo, Packard emphasizes that “I don’t consider myself a funder, I’m a colleague who has resources to contribute. When there is something I’m interested in, I jump in with all five feet.”

If that sounds like an exaggeration, consider the specifics: When everything film-related that Packard and his foundation have contributed is added up, the total is close to half a billion dollars and includes the restoration of hundreds of films.

And because Packard believes passionately in the traditional theatrical experience, in screening as well as saving films, he has spearheaded the impeccable restoration of two vintage movie palaces: the California in San Jose and the Stanford in Palo Alto. The Stanford has been showing double bills that Packard (whose favorite actors include Ronald Colman, Audrey Hepburn and Cary Grant) has personally programmed since the late 1980s.

“It broke up my friendship with Steve Jobs,” he said, “when I told him movies were not meant to be seen on 2 1/2-inch screens.”

A second-generation philanthropist whose family funded the Monterey Bay Aquarium without putting their name on it, Packard and his wife also founded the multibillion-dollar David and Lucile Packard Foundation.

“Something I inherited from my father is that once you decide to do something, just do it,” Packard said. “While you’re building something, you worry about how much money you’re spending on it, but when it’s finished, you only worry about whether you did a good job.

“What’s the point of cutting a corner? I’m lucky that I don’t have to, and if you can do it right, why not? Honestly, it doesn’t cost that much more to do it nicely, and people appreciate the opportunity to work in an environment where everyone wants to do things right.”

For moviegoers who want the classic films they love to be seen on the big screen by their children in the best condition possible, the stakes are enormous. It may seem films are forever, but history tells us this is not the case.
http://www.latimes.com/entertainment...06-column.html





These Technologies Will Blow the Lid Off Data Storage

Hard disk drive and SSD makers are about to wow the storage market again
Lucas Mearian Follow

Hard disk drive (HDD) and solid-state drive (SSD) makers are about to wow the storage market again.

This year, Intel and Micron will introduce 3D XPoint memory, also known as Optane, which will increase performance and durability 1,000-fold over today's NAND flash.

Don't count NAND flash out. While the Optane chip and other resistive memory technologies coming down the pike may result in storage-class memory that could replace costly DRAM for many applications, it won't be cheap for a long while. That leaves the door open for continued NAND flash advances.

Enter 3D NAND flash, which Samsung, Intel/Micron, Toshiba and others believe will continue to grow capacity and tamp down prices. Eventually, 3D NAND will even convince consumers that SSDs can be as affordable as HDDs.

"Very soon flash will be cheaper than rotating media," said Siva Sivaram, executive vice president of memory at SanDisk.

Meanwhile, Seagate has demonstrated its heat-assisted magnetic recording (HAMR) for HDDs, which will enable data densities of more than 10 trillion (10Tbits) per square inch. That's 10 times higher than the areal density in today's highest density HDDs. Seagate expects to work with equipment makers in 2017 to demonstrate HAMR products for data center applications, and in 2018 the company expects to begin shipping HAMR drives to broader markets.

These recent technology advances are just the latest chapter in the long story of ever-growing storage needs forcing innovations to meet the new demand.
Storage is always up against a wall

When HDD companies faced capacity limits in the early 2000s, Toshiba and Seagate flipped data bits from lying flat on a platter to standing up side-by-side. The change from longitudinal to perpendicular magnetic recording increased HDD capacity by as much as 10 times.

When the HDD industry again faced capacity limits in 2013, Seagate overlapped data tracks like roof shingles, increasing capacity by 25%; then in 2014, HGST introduced helium filled drives, boosting capacity by 50%.

In the non-volatile memory industry, the same kind of advances have occurred to blow past capacity limits. Single-level cell (SLC) NAND flash became mult-level (MLC) NAND, where instead of one bit per transistor, two and three bits were stored. When MLC NAND faced its limits with the sub-10 nanometer (nm) lithography process, Samsung introduced 3D NAND flash, a move quickly followed by Intel/Micron and Toshiba, which stacked

From the first iteration, 3D NAND flash technology offered from two to 10 times higher reliability and twice the write performance of planar NAND.

Most importantly, however, 3D NAND removed the lithography barrier planar (single-level NAND flash) faced as manufacturers shrunk transistors below 15 nanometers in size. The smaller lithography process led to data errors as bits (electrons) leaked between thin-walled cells.

"The big deal is you're not building these [3D NAND] skyscrapers one floor at a time. We know how to go from 24 layers to 36 layers to 48 layers to 64 layers and so on," said Sivaram. "There are no physics limitations to this. What we now have in 3D NAND is a predictable scaling for three and four generations -- something we never had before."

Currently, Samsung, SanDisk and its partner Toshiba and Intel and its partner Micron have been able to create 48-layer 3D NAND, which can store 256Gbits (32GB) in a single chip. While Samsung is the only company mass producing the 48-layer chips, all of the others are planning product launches soon.

Even as 2D NAND approaches scaling limits due to lithography size and error rates, layer stacking to produce 3D NAND obviates those concerns. The graphic above shows one method of achieving 3D NAND. Horizontally stacked word lines around a central memory hole provide the stacked NAND bits. This configuration relaxes the requirements on lithography. The circular hole minimizes neighboring bit disturb and overall density is substantially increased.

SanDisk, Sivaram said, is already planning for 3D NAND chips with more than 100 layers.

"We don't see a natural limit to how high we can go. If I went around and asked how high can we go, [NAND manufacturers] won't tell me we can take it to 96 or 126 layers, and there's a physical limit there," Sivaram said. "This has been our dream for a long time."

While factories to build 3D NAND are vastly more expensive than plants that produce planar NAND or HDDs -- a single plant can cost $10 billion -- Sivaram argued that over time they'll scale down in cost as adoption ramps up.

Pricing is key

While enterprises and consumers alike love capacity -- more is better -- price most often determines adoption.

Intel and its development partner Micron are working on what may be a game changer in the non-volatile flash industry: the Optane chip -- known internally at Intel as 3D XPoint.

While Intel has released little information about what Optane will be, most industry experts believe it is a form of resistive RAM.

A two-layer depiction of Intel's and Micron's 3D XPoint (also known as Optane) chip resistive RAM architecture. It removes the need for bit-storing transistors and instead uses a latticework of wires that use electrical resistance to signify a 1 or a 0.

Resistive RAM (ReRAM) is able to perform read and write operations using 50 to 100 times less power than NOR flash, which makes it perfect for mobile devices -- even wearables.

ReRAM is based on the "memory resistor" concept, also called memristor. The term memristor was coined by University of California-Berkeley scientist Leon Chua in the early 1970s.

Until memristor, researchers knew of only three basic circuit elements -- the resistor, the capacitor and the inductor. Memristor, which consumed far less energy and offered far greater performance than previous technologies, was the fourth.

Currently, the only company shipping ReRAM products is Adesto Technologies. It recently introduced a new conductive bridging RAM (CBRAM) memory chip for battery-operated or energy-harvesting electronics used in the Internet of Things (IoT) market.

In contrast, Intel plans to ship its Optane drives for enthusiast PC users this year. Jointly developed with Micron, the new Optane drives are expected to be 10 times denser than DRAM, and on paper are 1,000 times faster and more durable than NAND flash-based SSDs.

With one thousand times the endurance of NAND, Optane drives will offer one million erase-write cycles, meaning the new memory would last pretty much forever.

"It's not as fast as DRAM, so it's not going to replace it in the most latency-valued applications, but it's much higher density and much lower latency than NAND," Russ Meyer, Micron's director of process integration, said in an earlier interview with Computerworld. "If you compare how much faster SSDs are to hard drives and how much faster 3D XPoint is to conventional NAND, it's kind of the same order of improvement," Meyer said.

Intel has demonstrated Optane drives operating at about seven times the speed of its current SSDs.

This year, Intel also plans on releasing Optane drives for servers based on its new Skylake processor.

Along with Optane SSDs, the ReRAM technology is expected to come as DIMMs that plug into memory slots.

Alan Chen, a senior research manager at DRAMeXchange, a division of TrendForce, said that even if Intel's Xpoint ReRAM technology enters the consumer PC marketplace this year, its use will be limited to the highest-end products due to cost.

"Optane's impact on the SSD market will be determined by its pricing. Currently, Optane products are still more expensive than the mainstream NAND flash-based counterparts. Hence, they will initially affect just the high-end SSD market," Chen said.

Last year, Hewlett-Packard and SanDisk also announced an agreement to jointly develop "Storage Class Memory" (SCM) ReRAM that could replace DRAM and would be 1,000 times faster than NAND flash.

New Mexico-based Knowm is a start-up company that is also working on producing memristor technology.

Knowm's memristors are designed to mimic human brains, in which a synapse connects two neurons. Those neurons get stronger the more often a signal is passed between them. Similarly, the learning and retention of information on Knowm memristor circuits are determined by data flow characteristics and the current.

Chen revealed that Samsung is also working on a product similar to Intel's Optane that will incorporate DRAM and NAND flash manufacturing. Samsung, however, declined comment.

A 20TB hard drive by 2020

As SSD prices continue to drop following the adoption of denser flash memory technology like 3D NAND, HDD makers are planning their own technology upgrades. Case in point: HAMR, which uses a laser on the hard drive read/write head to set smaller bits more securely in place on a drive's spinning platter.

Both Western Digital and Seagate are working on HAMR HDDs.

"HAMR is our next technology that will keep our march along areal density curve going," said Mark Re, Seagate's chief technology officer. "We seem to go through these transitions every 10 years or so."

As disk drive densities increase, the potential for data errors also increases due to a phenomenon known as superparamagnetism effect. That's where the magnetic pull between bits close together on a platter's surface can randomly flip, resulting in their value changing from one to zero or vice versa. Random bit flips result in data errors.

HAMR uses a special aperture on the HDD's read/write head called a near-field transducer that concentrates a large quantity of photons onto the spinning disk in as small a size as possible.

HAMR technology, created by Seagate, uses a laser to briefly heat a hard drive's disk surface during magnetic head recording. The heat shrinks a platter's data bits and tightens the concentric circles, known as tracks, to increase density. HAMR also uses nanotube-based lubrication to allow the read/write head of a disk to get closer to the surface in order to be better able to read and write data.

HAMR technology will eventually allow Seagate to achieve a linear bit density of around 10 trillion (10Tbits) per square inch -- 10 times higher than today's best HDD areal density of about 1Tbit per square inch, according to Re.

Seagate has already demonstrated HAMR HDDs with 1.4Tbits per square inch -- still 40% higher than today's best HDDs.

"We don't see others out there ahead of us. We have a pretty long history with HAMR. We've been working on it for about 10 years," Re said. "We're a bit more aggressive on when we'll ship it."

Seagate plans to begin shipping HAMR HDDs next year.

Using HAMR, the theoretical density for hard drives skyrockets, yielding a 3.5-in. server or desktop drive with up to 60TB of storage, and a single-platter 2.5-in. laptop drive with up to 20TB of capacity.

The marketing campaign Seagate has used is "20TB by 2020," but Seagate CTO Mark Re told Computerworld that's just a target.

Even beyond HAMR, the HDD industry has plans for greater drive density. Bit patterned media (BPM) recording would use nanolithography to down predefined bits of data on a drive platter, as opposed to current HDD technology where each bit is stored in 20 to 30 magnetic grains.

BPM could increase HDD density up to 200Tbits per square inch.

"Considering the latest 4TB external drive is 5 platters, that's pretty insane," said Nathan Papadopulos, Seagate's corporate communications manager.

"It's clearly still a ways out," Re added. "We're looking at this technology for middle of the next decade."
http://www.computerworld.com/article...a-storage.html





Google Docs Now Exports to EPUB – Complete with Word Indexes
Martin Anderson

Google Docs users are now able to export their documents in EPUB format, complete with the facility to convert Word indexes into clickable chapter indices.

The announcement was made yesterday by the Google Apps team, and although the feature’s introduction has been ushered in quietly, it’s a fairly significant step in achieving cross-device compatibility for a wide range of new and legacy documents.

Since the EPUB format is generally associated with longer works such as novels or academic treatises, one of the most essential features for EPUB producers is a reliable hyperlinked chapter index – the kind of initial indices that can be created (though not without some research into the method) by Microsoft Word, which draws the links and creates the menu based on the formatting styles applied to section headings.

Curious as to how a properly-indexed work of reasonable length would survive conversion from Word (.doc) format to Google’s EPUB export, I uploaded a 46-page work-related indexed 2015 Word document via Google Doc’s ‘upload file’ feature. Once uploaded the .doc is viewable in GDocs but not editable or exportable until you press a button to convert it to a Google Doc file.

At this stage, even in ‘viewing’ rather than ‘edit’ mode, the hyperlinks in the initial Word index do not actually work (i.e. clicking on Chapter 5 does not take you there), even though Google Docs is capable of updating the table.

However, exporting the imported/converted document to EPUB preserves the chapter indices beautifully, which – when viewed with an EPUB-capable reader such as SumatraPDF – allows for a most convenient clickable sidebar index.

The EPUB format is a free and open XML-based publication standard, ratified by the International Digital Publishing Forum; its complete freedom from the kind of proprietary, semi-open format standards which can hamper Adobe PDF as a document format has led to it becoming the widest-used format across a range of reading and general devices – including Android’s Google Books and iBooks on Apple’s iOS platform.

Editing the EPUB format

Since EPUB is little more than tightly-wired XML-based HTML output, it is potentially highly editable with free software such as open source multi-format reader Calibre. Additionally any edits made will not cause the horrendous text reflow problems which have plagued the PDF format since its inception as press-ready output in the early 1990s. Other desktop-based products capable of editing the EPUB format include Sigil, the online eBook editor Papyrus and the less WYSIWYG-oriented Brackets. At a professional level there are InDesign plug-ins of varying complexity and cost that can edit and/or output EPUB (as well as native support in later versions), but the full potential of making the format as friendly as pure text or popular proprietary or OS formats has not begun to be realised – particularly in the mobile space.

Because of this, the general perception of the EPUB-formatted e-book is that of a ‘baked and finished’ product, to be consumed rather than amended.

Nonetheless it is notable that a product as popular as Google Docs can now effectively translate legacy indexed Word-style documents into EPUB.
https://thestack.com/world/2016/03/0...s-epub-format/





Opera Becomes First Big Browser Maker with Built-In Ad-Blocker
Eric Auchard

Norwegian company Opera is introducing a new version of its desktop computer browser that promises to load web pages faster by incorporating ad-blocking, a move that makes reining in advertising a basic feature instead of an afterthought.

Faster loading, increased privacy and security and a desire for fewer distractions are behind the growing demand for ad-blockers.

However, their popularity is cutting into the growth of online marketing for site publishers and corporate brands, who rely on reaching web and mobile users to pay for their content rather than restricting access to paid subscribers.

Opera has a history of introducing innovations that later become common in major browsers such as tabbed browsing and pop-up blocking, which helped users control an earlier generation of in-your-face ads and malware disguised as advertising.

"Ad-blocking technology is an opportunity and a wake-up call to the advertising industry to pay attention to what consumers are actually saying," an Opera spokeswoman said.

Opera said it can cut page-loading times by as much as 90 percent by eliminating the complex dance that occurs behind the scenes in a user's browser as various third-party ad networks deliver promotional messages to users.

The Norwegian company, which has agreed to a takeover by a group of Chinese firms led by Beijing Kunlun Tech in a cash deal valued at $1.23 billion, introduced its first computer web browser in 1995.

With the rise of the smartphone, it shifted to focus on the mobile browser and advertising market, where it now derives most of its revenue and counts 281 million users.

Opera said on Thursday it was introducing a version of its browser aimed at software developers and early adopters, but will eventually offer the feature for both computers and phones.

The Oslo-based firm ranks a distant fifth behind more mainstream desktop computers browsers from Microsoft, Google, Firefox and Apple. The company counts 60 million active monthly desktop users worldwide.

Opera sees no contradiction in the fact that it relies on advertising for a big chunk of its own revenue but is introducing ad-blocking control features in its products. Demand for ad-blocking should abate when messages became less disruptive and more relevant, an Opera spokeswoman said.

Because it is building the features directly into its browser, page delivery times are 40 percent faster than existing ad-blocker plug-ins, or browser extensions, it said. Top plug-in providers include AdBlock, AdMuncher and Ghostery that run on top of existing browsers.

A study published by PageFair and Adobe estimated online ad revenue lost to blockers in 2015 would amount to $21.8 billion and those losses could almost double to $41.4 billion in 2016. Ad-placement firm Carat forecasts global digital and mobile advertising will near $150 billion this year.

(Editing by Georgina Prodhan and Keith Weir)
http://uk.reuters.com/article/us-adv...-idUKKCN0WC0SS





F.C.C. Fine-Tunes Plan to Subsidize Internet Access
Cecilia Kang

People who do not have regular access to the Internet can fall behind in school, at work and in other everyday tasks. The Federal Communications Commission is close to what it hopes will be a solution to address that gap: $9.25 a month.

The agency on Tuesday will circulate a final proposal to F.C.C. members to approve a broadband subsidy of $9.25 a month for low-income households, in the government’s boldest effort to date to narrow a technological divide that has emerged between those who have web access and those who do not. While more than 95 percent of households with incomes over $150,000 have high-speed Internet at home, just 48 percent of those making less than $25,000 can afford the service, the F.C.C.’s chairman, Tom Wheeler, has said.

The new plan is part of an overhaul of a $2 billion phone subsidy program called Lifeline and will go to vote on March 31. It is expected to be approved by the F.C.C.’s commissioners, who have a Democratic majority.

“When we talk about digital equity, we need to remember that we’re talking a key part of the answer to many of our nation’s greatest challenges — issues like income inequality, job creation, economic growth, U.S. competitiveness,” Mr. Wheeler said last month in a speech on the plan.

The proposal is the latest incarnation of the Lifeline program, which was created in 1985 to bring landline phone services to low-income families. In 2008, the F.C.C. added mobile phone service to the subsidy. But the program has been dogged by controversy, with critics pointing to a history of abuse of Lifeline.

Investigations have revealed many participants were double billing for landline phone and wireless services when they were allotted only one subsidy per home. In a 2015 report, the United States Government Accountability Office questioned the effectiveness of the plan. In 2012, the F.C.C. reformed Lifeline after complaints and created a database to track subsidies.

Apart from suggesting the $9.25 monthly broadband subsidy, Mr. Wheeler’s Lifeline proposal also tries to clamp down on potential abuse and fraud by appointing a third party to vet individuals for eligibility and to ensure companies are following rules. In the past, Lifeline participants were vetted by mobile carrier companies including Verizon and T-Mobile USA. The F.C.C. will also make data on the program publicly available, including subscriber counts from providers.

Any broadband subsidy could substantially reduce monthly Internet fees that average $52.50 in urban areas, but are often purchased as part of more expensive bundles that include television and phone service.

Michael O’Rielly, a Republican commissioner of the F.C.C., said the new proposal put Lifeline at risk of exceeding the agency’s budget estimates and called for a spending cap.

“Such irresponsible action will balloon a program plagued by waste, fraud and abuse, and result in higher phone bills for every American — including those already struggling in the current economy,” Mr. O’Rielly wrote in a blog post last week. “In sum, it’s a recipe for disaster, and I can’t and won’t be part of it.”

Public interest advocates have pushed for faster Internet speeds and unlimited data in the broadband subsidy proposal, arguing that homework and other tasks increasingly require downloading big files and streaming videos that gobble up the monthly allotments. The F.C.C. said the proposed speeds and data limits were in line with consumer averages.

Democratic commissioners at the F.C.C. have argued that there is an urgent need to update the Lifeline fund for broadband as homework, job searches, and health and other services increasingly move online. Seven in 10 teachers, for instance, require students to go online for homework, according to Commissioner Jessica Rosenworcel, a Democrat. Mr. Wheeler and Mignon Clyburn, a Democratic commissioner, spearheaded the reform.

Senior officials at the F.C.C. who drafted the new Lifeline proposal say the agency hopes the subsidy will also encourage Internet service providers like Comcast, AT&T and Time Warner Cable to go into low-income areas where they may not normally make a profit.
http://www.nytimes.com/2016/03/08/te...et-access.html





Congress Keeps Holding Repeated, Pointless Hearings Just to Punish the FCC for Standing Up to ISPs On Net Neutrality
Karl Bode

In the year since the FCC passed net neutrality rules, ISP allies in Congress have run the agency through an endless gauntlet of show-pony hearings. While most of these hearings profess to be focused on agency transparency and accountability, they're really geared toward one single purpose: to publicly shame the agency for standing up to deep-pocketed telecom campaign contributors. Given the fact the only real way to overturn the rules is for ISPs to prevail in court or via Presidential election, this showmanship has been little more than a stunning display of wasted taxpayer dollars and stunted intellectual discourse.

Undaunted, the Senate held yet another "FCC accountability" (read: pointless tongue-lashing) hearing last week, during which Senators pummeled FCC boss Tom Wheeler with many of the same, repeatedly-debunked claims net neutrality opponents have been making since the rules were approved. Among them was the claim that the rules somehow hampered broadband investment, despite the fact that objective data (including quarterly ISP earnings reports) repeatedly shows that simply isn't the case.

For somebody that's had his time repeatedly wasted simply for upsetting the telecom status quo, Wheeler remains impressively cool under fire. For example, when fellow FCC Commissioner (and former Verizon regulatory lawyer) Ajit Pai took to the hearing to again trot out the industry-backed think tank claim that broadband investment had suffered under net neutrality, Wheeler casually highlighted that repetition does not magically forge reality:

"With all due respect to my colleague, what he has just portrayed as facts are not,” Wheeler responded. He said that investment in broadband increased, along with a 13% jump in fiber investment, as well as Internet usage and increased revenue per subscriber.

But Pai insisted that is not the case. “The FCC’s policies have failed. The administration’s policies on broadband has failed,” he said.

“We are not seeing a decline in broadband infrastructure investment. You can say it and say it and say it, but that does not make it a fact,” Wheeler responded.

Pai said he would offer up sworn declarations from Internet providers showing how the new rules had caused them to slow their investment. But Wheeler, too, offered to submit corporate statements on Internet investment, which would face Securities and Exchange Commission penalties if they were misleading.

When the rules were approved you might recall that net neutrality opponents also tried to claim that the White House "improperly influenced" the creation of the rules, since the White House vocally supported the Title II approach in November of 2014, and Wheeler voiced his support for Title II in February of 2015. This, net neutrality opponents argued, was clear evidence of an unholy cabal.

Net neutrality opponents can't point out what law was broken (because none was) and FCC history is filled with examples of the White House publicly voicing its policy preference ahead of an FCC announcement (George W. Bush urging Michael Powell to deregulate media ownership, or Bill Clinton writing a public letter urging Chairman Reed Hundt to ban hard liquor ads on TV). Still, neutrality opponents dragged this tired dog out of the cupboard at the hearing as well, accompanied by a thirty page report (pdf) designed to pretend the discredited claim has gravitas. Wheeler again remained relatively unfazed:

"Here, I would like to be really clear: There were no secret instructions from the White House. I did not, as CEO of an independent agency, feel obligated to follow the president’s recommendation.”

There's two things that net neutrality opponents in DC simply refuse to acknowledge. One, the net neutrality rules were crafted after unprecedented, genuine public outcry. Two, while it's framed as a partisan fight to try and sow partisan division, net neutrality actually has broad, bipartisan support. And while accountability for laughing at the will of the people and wasting everybody's time may not be forthcoming, the reality remains that these hearings are simply a taxpayer-funded display of just how high some politicians are willing to jump for their telecom-industry campaign contributions. The political and media pretense that they're anything else is laughable.
https://www.techdirt.com/blog/netneu...utrality.shtml





It's Your Data: Empowering Consumers to Protect Online Privacy
Tom Wheeler

It's the age of anywhere, anytime Internet connectivity -- do you know where your information is?

Whenever we go online, we share information about ourselves. This information can be used to recommend a TV show based on what we've watched before. It can help target advertisements for products that we're interested in. And it can also paint a portrait of our family life, our health, our finances, and other sensitive personal details.

We all know that the social media we join and the websites we visit collect our personal information, and use it for advertising purposes. Seldom, however, do we stop to realize that our Internet Service Provider (ISP) is also collecting information about us. What's more, we can choose not to visit a website or sign up for a social network, or choose to drop one and switch to another. Broadband service is different. Once you subscribe to an Internet service provider -- for your home or for your smartphone -- you have little flexibility to change your mind or avoid that network.

Think about it. Your ISP handles all of your network traffic. That means it has a broad view of all of your unencrypted online activity -- when you are online, the websites you visit, and the apps you use. If you have a mobile device, your provider can track your physical location throughout the day in real time. Even when data is encrypted, your broadband provider can piece together significant amounts of information about you -- including private information such as a chronic medical condition or financial problems -- based on your online activity.

The information collected by the phone company about your telephone usage has long been protected information. Regulations of the Federal Communications Commission (FCC) limit your phone company's ability to repurpose and resell what it learns about your phone activity.

The same should be true for information collected by your ISP.

Today, I'm proposing to my colleagues that we empower consumers to ensure they have control over how their information is used by their Internet Service Provider. Every broadband consumer should have the right to know what information is being collected and how it is used. Every broadband consumer should have the right to choose how their information bits should be used and shared. And every consumer should be confident that their information is being securely protected.

This is not to say network providers shouldn't be able to use information they collect -- only that since it is your information, you should decide whether they can do so. This isn't about prohibition; it's about permission.

Under my proposal, ISPs would be able to use information about where you want to go on the Internet in order to deliver the broadband service you signed up for, just as phone companies can use the phone numbers you dial to connect you to your calls. They would also be able to use customer information for other purposes that are consistent with customer expectations; for example to market higher speed connections and to bill for their services. ISPs would be able to use and share customer information with their affiliates to market other communications-related services unless you "opt out" and ask them not to. All other uses and sharing of your personal data would require your affirmative "opt-in" consent. We recognize that ISPs must necessarily collect and use information you create to provide service. However, consumers deserve to have safeguards in place to ensure that information necessary to run the network is used only for that purpose unless the owner of that information -- the consumer -- agrees otherwise.

One of the most important things to remember about this proposal is that it is narrowly focused on the personal information collected by network providers. The privacy practices of the websites that you choose to visit are not covered by this proposal. Indeed, there are other federal and state agencies, namely the Federal Trade Commission -- that do a great job dealing with such companies and their privacy practices. The Federal Communications Commission is the nation's telecommunications agency. We're sticking to our knitting -- decades of expertise concerning communications networks. Also, this proposal does not wade into government surveillance, encryption or other law enforcement issues. This is about ISPs and only ISPs.

On March 31, my fellow Commissioners will vote to seek comment on this proposal. If approved, all Americans will have the opportunity to weigh in and have their voices heard. We want to listen and we want to learn from you before we adopt final, enforceable rules of the road.

Simply by using the Internet, you have no choice but to share large amounts of personal information with your broadband provider. You have a right to know what information is being collected about you and how that information is being used. That's why establishing baseline privacy standards for ISPs is a common sense idea whose time has come. The bottom line is that it's your data. How it's used and shared should be your choice.
http://www.huffingtonpost.com/tom-wh...b_9428484.html





No, Turning On Your Phone Is Not Consenting to Being Tracked by Police
Alex Emmons

The Maryland Court of Special Appeals on Wednesday upheld a historic decision by a state trial court that the warrantless use of cell-site simulators, or Stingrays, violates the Fourth Amendment.

The trial court had suppressed evidence obtained by the warrantless use of a Stingray — the first time any court in the nation had done so.

Last April, a Baltimore police detective testified that the department has used Stingrays 4,300 times since 2007, usually without notifying judges or defendants.

The ruling has the potential to set a strong precedent about warrantless location tracking. “Police should now be on notice,” said Nate Wessler, a staff attorney with the ACLU’s Speech, Privacy, and Technology Project. “Accurately explain your surveillance activities to a judge and get a warrant, or risk your evidence being thrown out.”

Stingrays mimic cellphone towers, tricking nearby phones into connecting and revealing users’ locations. Stingrays sweep up data on every phone nearby — collecting information on dozens or potentially hundreds of people.

The case centers around the 2014 arrest of Kerron Andrews, a suspect in a shooting that injured three people. In order to locate him, police filed a “pen register” application, which is not a warrant, and does not require them to establish probable cause. A judge granted the application, which said that police would obtain the information from Andrews’ wireless service provider.

Instead, police used a high-tech Stingray called the “Hailstorm.” They located Andrews and found the murder weapon. However, they repeatedly failed to notify the judge about the change in tactics. Finally, during a hearing last June, the police department was forced to testify about the Hailstorm, leading the judge to accuse it of intentionally withholding information from the defense.

After the trial court threw out the Stingray evidence, the Maryland attorney general alarmed civil liberties groups by arguing that anyone who keeps their phone turned “on” is consenting to being tracked by police. The full ruling, which has not yet been issued, will presumably reject that argument.

During the oral argument before the appeals court in February, one of the judges called the police’s pen register application a “completely false document,” and “completely disingenuous.”

The Department of Justice issued guidelines in September requiring federal officers to apply for a warrant before using a Stingray. Those guidelines only applied to the seven agencies known to use them, not to state and local police. In 2014, the state of Maryland passed a law requiring a warrant for police to track an individual’s current or real-time location. The law only affects cases going forward, so it did not influence Andrew’s case.

Stingrays are also piquing the interest of lawmakers on Capitol Hill. Lawmakers held a hearing Tuesday on a bill that would require all police departments to get a warrant before using Stingrays. “Just because it’s easier in 2016 for law enforcement to track our location and learn intimate details about our lives, it doesn’t mean those details are somehow less worthy of Constitutional protection,” said House Oversight Committee Chairman Jason Chaffetz. “Get a warrant.”

In December, The Intercept published a secret catalogue of U.S. government surveillance equipment, including Stingrays. The advertisements for some items boast that they can spy on 10,000 people.
https://theintercept.com/2016/03/04/...ked-by-police/





One of the FBI’s Major Claims in the iPhone Case is Fraudulent
Daniel Kahn Gillmor

In the FBI’s court order requesting Apple's assistance in unlocking the work iPhone 5c used by the San Bernardino shooter, the bureau's first and most urgent demand is that Apple disable the iPhone's “auto-erase” security feature. This feature (which is not enabled by default on most iPhones) protects user data on a device from would-be snoops by wiping the phone after 10 failed passcode attempts. This protects you and me from thieves trying to guess our passcodes and access our data for identify theft, for example.

But the truth is that even if this feature is enabled on the device in question, the FBI doesn't need to worry about it, because they can already bypass it by backing up part of the phone (called the “Effaceable Storage”) before attempting to guess the passcode. I'll go into the technical details (which the FBI surely already knows) below.

How the FBI describes the “auto-erase” feature

Let's look at how the FBI describes the situation. The court order's first and most urgently phrased request is to ask Apple to “bypass or disable the auto-erase function whether or not it has been enabled.”

A few days after the court order was issued, but before Apple had formally responded, the government filed a strongly worded motion to compel, which contained this description of the feature:

The FBI has been unable to make attempts to determine the passcode to access the SUBJECT DEVICE because Apple has written, or “coded,” its operating systems with a user-enabled “auto-erase function” that would, if enabled, result in the permanent destruction of the required encryption key material after 10 failed attempts at the [sic] entering the correct passcode (meaning that, after 10 failed attempts, the information on the device becomes permanently inaccessible)…

In sum, the government seeks the ability to make multiple attempts at determining the passcode without risk that the data subject to search under the warrant would be rendered permanently inaccessible after 10 wrong attempts.


To add urgency to their attempt to compel Apple to abuse their software signing keys, the FBI is painting a picture of “permanently inaccessible” data. But if its agents are doing their job, that's just not the case.

How the “auto-erase” feature actually works

Here's where the technical details come in. The iPhone protects its user's data with a complex hierarchy of cryptographic keys. Some data is protected by multiple keys. Imagine a pile of letters and photos placed inside a locked box, with the box itself placed inside a locked filing cabinet. You'd have to have keys to the filing cabinet and the box to read any of the letters or see any of the photos. If either of these keys is destroyed, the letters and photos are lost forever.

When iOS decides to wipe out user data because the passcode guess limit has been reached (or for any other reason), it doesn’t actually erase all the data from its underlying storage; that would actually take several minutes. Instead, it just destroys one of the keys that protects the data, rendering that data permanently unreadable. The key that is erased in this case is called the “file system key”—and (unlike the hardwired “UID” key that we discussed in our previous blog post) it is not burned into the phone’s processor, but instead merely stored in what Apple calls “Effaceable Storage,” which is just a term for part of the flash memory of the phone designed to be easily erasable. Apple's iOS Security Guide explains:

Since it’s stored on the device, this key is not used to maintain the confidentiality of data; instead, it’s designed to be quickly erased on demand (by the user, with the “Erase all content and settings” option, or by a user or administrator issuing a remote wipe command…. Erasing the key in this manner renders all files cryptographically inaccessible.

The file system key is like the key to the filing cabinet in our example: a small thing that is easy to destroy, which disables access to the rest of the information.

Why the FBI can easily work around “auto-erase”

So the file system key (which the FBI claims it is scared will be destroyed by the phone’s auto-erase security protection) is stored in the Effaceable Storage on the iPhone in the “NAND” flash memory. All the FBI needs to do to avoid any irreversible auto erase is simple to copy that flash memory (which includes the Effaceable Storage) before it tries 10 passcode attempts. It can then re-try indefinitely, because it can restore the NAND flash memory from its backup copy.

Here's a picture of the front and back of main circuit board inside the iPhone 5c.

The large chip on the front marked A6 is the processor -- a custom chip designed by Apple specifically for its devices. It contains the CPU, BootROM, RAM, crypto engines, Apple's public signing key (used to verify software updates), and the UID key (see our previous blog post).

The largest chip on the back (outlined in red above) is the NAND flash, where all the data is stored, including both the encrypted filesystem and the Effaceable Storage.

The FBI can simply remove this chip from the circuit board (“desolder” it), connect it to a device capable of reading and writing NAND flash, and copy all of its data. It can then replace the chip, and start testing passcodes. If it turns out that the auto-erase feature is on, and the Effaceable Storage gets erased, they can remove the chip, copy the original information back in, and replace it. If they plan to do this many times, they can attach a “test socket” to the circuit board that makes it easy and fast to do this kind of chip swapping.

If the FBI doesn't have the equipment or expertise to do this, they can hire any one of dozens of data recovery firms that specialize in information extraction from digital devices.

NAND flash storage is an extremely common component. It's found in USB thumb drives, mobile phones, portable music players, low-end laptops—pretty much every portable device. Desoldering a chip from the circuitboard is straightforward enough that there are many clips on YouTube showing the practice, and reading and writing a bare NAND chip requires a minor investment in hardware and training that the FBI has probably already made.

What's really going on here?

If this generally useful security feature is actually no threat to the FBI, why is it painting it in such a scary light that some commentators have even called it a “doomsday mechanism”? The FBI wants us to think that this case is about a single phone, used by a terrorist. But it's a power grab: law enforcement has dozens of other cases where they would love to be able to compel software and hardware providers to build, provide, and vouch for deliberately weakened code. The FBI wants to weaken the ecosystem we all depend on for maintenance of our all-too-vulnerable devices. If they win, future software updates will present users with a troubling dilemma. When we're asked to install a software update, we won’t know whether it was compelled by a government agency (foreign or domestic), or whether it truly represents the best engineering our chosen platform has to offer.

In short, they're asking the public to grant them significant new powers that could put all of our communications infrastructure at risk, and to trust them to not misuse these powers. But they're deliberately misleading the public (and the judiciary) to try to gain these powers. This is not how a trustworthy agency operates. We should not be fooled.
https://www.aclu.org/blog/free-futur...ase-fraudulent





Snowden: FBI's Claim it Can't Unlock the San Bernardino iPhone is 'Bullshit'

NSA whistleblower rubbishes claims that only Apple can unlock killer’s iPhone 5C, indicating FBI has the means itself
Samuel Gibbs

Edward Snowden, the whistleblower whose NSA revelations sparked a debate on mass surveillance, has waded into the arguments over the FBI’s attempt to force Apple to help it unlock the iPhone 5C of one of the San Bernardino shooters.

Is the FBI v Apple PR war even about encryption?

The FBI says that only Apple can deactivate certain passcode protections on the iPhone, which will allow law enforcement to guess the passcode by using brute-force.

Talking via video link from Moscow to the Common Cause Blueprint for a Great Democracy conference, Snowden said: “The FBI says Apple has the ‘exclusive technical means’ to unlock the phone. Respectfully, that’s bullshit.”

Snowden then went on to tweet his support for an American Civil Liberties Union report saying that the FBI’s claims in the case are fraudulent.

— Edward Snowden (@Snowden)
March 8, 2016

The global technological consensus is against the FBI. Why? Here's one example: https://t.co/t2JHOLK8iU #FBIvsApple https://t.co/mH1ZXOOQ1E

Meanwhile, Microsoft founder Bill Gates said in a discussion on Reddit: “I think there needs to be a discussion about when the government should be able to gather information. What if we had never had wiretapping? Also the government needs to talk openly about safeguards.”

Gates refused to be drawn on one side or the other of the debate, despite seemingly supporting the FBI and then backtracking. Microsoft later filed an amicus brief backing Apple against the FBI.

Apple co-founder Steve Wozniak also spoke out against the FBI on the Conan O’Brien show on Monday, saying: “I side with Apple on this one. [The FBI] picked the lamest case you ever could.”

Wozniak added: “Verizon turned over all the phone records and SMS messages. So they want to take this other phone that the two didn’t destroy, which was a work phone. It’s so lame and worthless to expect there’s something on it and to get Apple to expose it.”

Apple’s clash with the FBI comes to a head in California this month when the two will meet in federal court to debate whether the smartphone manufacturer should be required to weaken security settings on the iPhone of the shooter.

The government’s case was dealt a potential setback when Magistrate Judge James Orenstein ruled against the government on 29 February in a different phone-unlocking case, which the government is currently appealing.
http://www.theguardian.com/technolog...shit-nsa-apple





Fmr. NSA, CIA Chief Hayden Sides with Apple Over Feds
Julia Limitone

When you look at Apple’s (AAPL) encryption battle with the FBI from a security standpoint, Former NSA and CIA director General Michael Hayden is siding with Apple.

“You can argue this on constitutional grounds. Does the government have the right to do this? Frankly, I think the government does have a right to do it. You can do balancing privacy and security… dead men don’t have a right to privacy. I don’t use those lenses. My lens is the security lens, and frankly, it’s a close but clear call that Apple’s right on just raw security grounds,” he said.

With concerns over cybersecurity becoming the biggest threat to the U.S., Hayden says the government should make a tradeoff.

“I think Apple is technologically correct when they say doing what the FBI wants them to do in this case will make their technology, their encryption, overall weaker than it would otherwise be. So I get why the FBI wants to get into the phones… but this may be a case where we’ve got to give up some things in law enforcement and even counter terrorism in order to preserve this aspect, our cybersecurity.”
http://www.foxbusiness.com/features/...over-feds.html





Competing Interests on Encryption Divide Top Obama Officials
Michael D. Shear and David E. Sanger

The intensifying legal battle over encryption between Apple and the Justice Department has all but obscured another more subtle division, the one inside the Obama administration itself.

Driven by competing and sometimes clashing interests about privacy, national security and the economy, some of the president’s most senior aides are staking out a variety of positions on the issue.

The White House denies there is disagreement over the effort to force Apple to break into the phone used by one of the terrorists in the San Bernardino, Calif., shootings, but the differences on how to deal with the broader questions raised by encryption have become increasingly apparent.

The Federal Bureau of Investigation wants the ability to break into smartphones and computers for investigations. The Pentagon and intelligence officials worry that the same techniques could be used by foreign powers or hackers to drain data from phones used by the United States government, and that countries like China will demand the same access provided to American law enforcement officials.

The conflicting positions were on display last week. On Tuesday, James B. Comey Jr., the director of the F.B.I., testified in Congress about the need for some kind of government action — he avoided the word “legislation” because the White House has specifically said it is not seeking that now — that would guarantee access to law enforcement, no matter how encryption technology evolves.

Less than a day later, Defense Secretary Ashton B. Carter, talking to technologists at an annual computer security conference in San Francisco, struck a very different tone. “Data security, including encryption, is absolutely essential” to the Pentagon, he said. “None of our stuff works unless it’s connected.” He also warned against a legislative solution.

A law “written in an atmosphere of anger or grief,” he said, is “not likely to be the right answer.” Later he drove home the point, saying “it would be better to work this out rather than have a law written.” And throughout his talk, Mr. Carter made it clear that he is more interested in securing data than prying into it.

Administration officials insist the comments do not reflect serious internal disagreements about policy. They say, for example, that the Justice Department and F.B.I. also support strong encryption — with limits — while the heads of the intelligence agencies, responsible for securing government communications, understand the stresses on those investigating serious crimes.

In a statement, the White House said on Friday that “our policy on encryption is clear.” But the policy it described delineated the differing positions rather than resolving them.

“The United States government firmly supports the development and robust adoption of strong encryption, which is a key tool to secure commerce and trade, safeguard private information, promote free expression and association,” it said. “At the same time, encryption poses a grave challenge for our national security and law enforcement professionals.”

But officials from the National Security Agency, the Department of Homeland Security and the Pentagon describe meetings in the White House Situation Room that go over the same territory, and in the end cannot find a middle ground.

The arguments were touched off two and a half years ago, with the revelations by Edward J. Snowden, the N.S.A. contractor, that the agency had gone to some lengths to undercut encryption.

There was evidence — none confirmed, or discussed by the Obama administration — that the N.S.A. had gained access to the unencrypted communications of servers around the world owned by Google and others to tap into foreign communications. There were suggestions that it had also tampered with the products of a foreign manufacturer of SIM cards, which go into every mobile telephone, to make it easier to intercept calls and emails.

The issues were taken up by a presidential commission that included legal scholars and intelligence experts, like Michael J. Morell, the former deputy director of the C.I.A., and Richard A. Clarke, a former senior national security official in the Clinton and Bush administrations who now works in cybersecurity. Their conclusion was unambiguous in opposing the building of so-called back doors for encrypted devices.

The commission told President Obama that the United States government should “not in any way subvert, undermine, weaken or make vulnerable generally available commercial software,” and it urged more companies to adapt such systems.

Last month, Admiral Michael S. Rogers, commander of the United States Cyber Command — the Pentagon’s digital arm, which both protects the Defense Department’s networks and conducts offensive action — as well as director of the N.S.A., echoed that view in remarks to the Atlantic Council.

The view of Admiral Rogers, many experts say, may be affected by the fact that his agency has the best code-cracking capabilities in the world, and he does not need to make public what systems he is already inside. Because he cracks the codes of foreign adversaries (and more than a few allies), he does not need a warrant, as Mr. Comey does. And his agency’s less publicized job is securing the government’s most vital secrets.

With more and more government communications relying on mobile devices, including a so-called hardened version of the iPhone and the iPad, the N.S.A. is also not interested in advertising to the world ways in which those devices can be defeated.

So far Mr. Obama has fully backed legal efforts by the F.B.I. to force Apple to help authorities unlock the iPhone of the San Bernardino terrorist, who was killed in the attack. But he has rarely spoken about the broader questions, and when asked recently, a senior administration official said the White House still does not favor legislation to solve the issue.

The encryption issue seems particularly acute at the State Department and the Commerce Department, both of which have their own sets of concerns.

One of Hillary Clinton’s favorite pilot programs as secretary of state, accelerated during the 2011 Arab Spring crisis, was to equip dissidents and activists around the world with the “Internet in a suitcase,” devices to help communicate and evade censorship.

But the system relies on encrypted conversations, to keep them away from Chinese state security or Egypt’s brutal internal police. Any effort to force Apple to break that encryption, several American officials said — insisting on anonymity because the administration is still debating these issues — would be replicated from Beijing to Cairo.

Commerce Department officials have made the point that if Congress ultimately mandates that all encrypted products must be accessible to investigators, it will be a boon to foreign producers of encryption hardware and software. And there are a lot of them.

Bruce Schneier, a cybersecurity expert, published a study recently that said there were “at least 865 hardware or software products incorporating encryption from 55 different countries.” After the United States, Germany tops the list with 112. Most products, Mr. Schneier said recently, “are as good as what you would find in the United States.”

But so far users are not flocking to them in mass numbers for a simple reason: For novices, they can be hard to use.

Apple’s design is of particular concern to the F.B.I. because the encryption is automatic; users do not have to do a thing to make it work. As a recent Harvard study about the problem of “going dark” — when law enforcement can no longer get access to evidence because of technological advances — pointed out, the more times users have to manipulate the programs, the greater the opportunity for error.

Which is exactly what the F.B.I. is hoping for.
http://www.nytimes.com/2016/03/06/us...officials.html





Senators Close to Finishing Encryption Penalties Legislation
Dustin Volz and Mark Hosenball

Technology companies could face civil penalties for refusing to comply with court orders to help investigators access encrypted data under draft legislation nearing completion in the U.S. Senate, sources familiar with continuing discussions told Reuters on Wednesday.

The long-awaited legislation from Senators Richard Burr and Dianne Feinstein, the top Republican and Democrat on the Senate Intelligence Committee, may be introduced as soon as next week, one of the sources said.

It would expose companies like Apple Inc, which is fighting a magistrate judge's order to unlock an iPhone connected to the mass-shooting in San Bernardino, California, to contempt of court proceedings and related penalties, the source said.

Senators are expected to circulate the draft bill among interested parties next week and hope to introduce it soon after, though a timetable is not final, the source said.

The Senators' proposal would not seek criminal penalties, as some media reports have stated, the sources said.

The controversial proposal faces an uphill climb in a gridlocked Congress during an election year and would likely be opposed by Silicon Valley.

Tech companies have largely supported Apple in its legal fight against the Justice Department, which is seeking access to a phone used by Rizwan Farook, one of two shooters in the San Bernardino attack last December in which 14 were killed and 22 wounded.

It is particularly unlikely the proposal will gain traction in the U.S. House of Representatives, which staked out positions strongly supporting digital privacy in the wake of revelations about government-sanctioned surveillance of communications by former National Security Agency contractor Edward Snowden.

Last year, amid stiff private sector opposition, the White House backed away from pushing for legislation to require U.S. technology firms to provide investigators with mechanisms to overcome encryption protections.

But the issue found renewed life after the shootings in San Bernardino and Paris. An August email from Robert Litt, the top U.S. intelligence community lawyer, obtained by the Washington Post, noted that momentum on the issue "could turn in the event of a terrorist attack or criminal event where strong encryption can be shown to have hindered law enforcement."

Separately, Democratic Senator Mark Warner and Republican Representative Michael McCaul last week introduced legislation to create a national commission to further explore solutions to the so-called “going dark” problem, where strong encryption has made it more difficult for law enforcement to access communications belonging to criminal suspects.

(Reporting by Mark Hosenball and Dustin Volz; Editing by Bill Rigby)
http://www.reuters.com/article/us-ap...-idUSKCN0WB2QC





Apple and U.S. Bitterly Turn Up Volume in iPhone Privacy Fight
Eric Lichtblau and Katie Benner

The Obama administration argued on Thursday that “no single corporation” — even one as successful as Apple — should be allowed to flout the rule of law by refusing to help the F.B.I. unlock the iPhone used by one of the San Bernardino, Calif., attackers.

The administration’s sharp tone in a new court filing drew an angry and emotional rebuke from lawyers for Apple, who accused the government of “a cheap shot” and were particularly upset about what they said was an unfair and inaccurate suggestion that the company has a special relationship with China to protect its corporate interests there.

“The tone of the brief reads like an indictment,” Bruce Sewell, Apple’s general counsel, told reporters. “In 30 years of practice, I don’t think I’ve ever seen a legal brief that was more intended to smear the other side with false accusations and innuendo.”

The unusually intense sparring between the two sides signaled an escalation in tension over a case that had already drawn attention worldwide because of the high legal and corporate stakes. The fight has been brewing since mid-February, when Magistrate Judge Sheri Pym of the Federal District Court for the Central District of California ordered Apple to create and deploy an alternative operating system that would help law enforcement agents break into the iPhone in the San Bernardino case.

Apple publicly opposed the order, igniting a standoff with the F.B.I. and the Justice Department. The fight has fueled a debate over privacy and civil liberties versus security, becoming a flash point in the growing tension between technology companies and the government over who can have access to private customer data and under what circumstances.

In its filing on Thursday in United States District Court in Los Angeles, the Justice Department said that Apple should be compelled to help the F.B.I. break into the iPhone and that the company should not be allowed to hide behind what prosecutors said were diversionary tactics in the court of public opinion.

Apple and its supporters “try to alarm” the court by invoking bigger debates over privacy and national security, the Justice Department said. “Apple desperately wants — desperately needs — this case not to be ‘about one isolated iPhone.’ ”

The government’s filing was a point-by-point rebuttal of a motion that Apple filed two weeks ago opposing the federal court order requiring it to break into the iPhone used by Syed Rizwan Farook, one of the San Bernardino attackers. Apple had argued that the court order violated the company’s First and Fifth Amendment rights, and said the government’s request oversteps a law called the All Writs Act.

In the filing on Thursday, prosecutors argued that they have sought a “modest” step in the case and that the courts, the executive branch and Congress — not Apple — share the power to decide how best to balance public safety and privacy.

“The rule of law does not repose that power in a single corporation, no matter how successful it has been in selling its products,” prosecutors wrote.

The Justice Department also offered a robust defense of the All Writs Act, which dates to 1789. The statute, used to gather evidence in thousands of cases, is an “integral part of our justice system,” prosecutors wrote.

Apple has tried to characterize that statute “as an obscure law dredged up by the government to achieve unprecedented power,” the Justice Department said. “That premise is false.”

At the same time, prosecutors played down the significance of a ruling that went against them last week in a separate but similar case in a Brooklyn courtroom. In that case, a magistrate rejected attempts by the Justice Department to force Apple to help unlock an iPhone in a routine drug case, saying that the government was using the All Writs Act so broadly that it might be unconstitutional.

The Justice Department noted in a footnote Thursday that it was appealing the Brooklyn ruling and that the order carried no weight as precedent in the California case.

In another footnote, the Justice Department’s tone also turned more ominous, suggesting that it might seek access to Apple’s source code and private electronic signatures if the company does not cooperate. That would go beyond what the government has previously requested, which is the company’s help in weakening the iPhone’s defenses rather than any direct access to the technology.

In a rebuttal to the government’s filing, Mr. Sewell of Apple said in a conference call that a number of the government’s charges in its latest brief were unfounded.

Mr. Sewell said it was the first time ever that Apple had seen the government assert that it made modifications to specifically block law enforcement officials’ access to its devices. More disturbingly, he said, federal prosecutors used unidentified sources to raise the specter that Apple has a different relationship with China than with other countries.

He said such accusations showed that the Justice Department “is so desperate at this point that it has thrown all decorum to the winds.”

Mr. Sewell likened the Justice Department’s comments on China to Apple arguing that the F.B.I. cannot be trusted because there are rumors that the bureau was behind the assassination of John F. Kennedy and citing “conspiracytheory.com” as its source.

“Everyone should beware,” Mr. Sewell said, “because it seems that disagreeing with the Department of Justice means you must be evil and un-American.”

On the actual merits of the dispute, Apple’s lawyers reiterated that the government’s interpretation of the All Writs Act was simply wrong and that the authority the government seeks “is breathtaking,” essentially arguing that courts can order any private citizens or companies to do what the authorities want so long as there is jurisdiction.

Apple will have another chance to rebut the Justice Department’s case before a hearing scheduled for March 22 before Magistrate Judge Pym. No matter how she rules, the closely watched case is almost certain to be appealed to the district court, the Ninth Circuit Court of Appeals, and perhaps even the Supreme Court.

Eric Lichtblau reported from Washington and Katie Benner from San Francisco.
http://www.nytimes.com/2016/03/11/te...epartment.html





Government Can't Let Smartphones Be `Black Boxes,' Obama Says
Justin Sink

President Barack Obama said Friday that smartphones -- like the iPhone the FBI is trying to force Apple Inc. to help it hack -- can’t be allowed to be "black boxes," inaccessible to the government. The technology industry, he said, should work with the government instead of leaving the issue to Congress.

"You cannot take an absolutist view on this," Obama said at the South by Southwest festival in Austin, Texas. "If your argument is strong encryption no matter what, and we can and should create black boxes, that I think does not strike the kind of balance we have lived with for 200, 300 years, and it’s fetishizing our phones above every other value."

Obama’s appearance on Friday at the event known as SXSW, the first by a sitting president, comes as the FBI tries to force Apple Inc. to help investigators access an iPhone used by one of the assailants in December’s deadly San Bernardino, California, terror attack. Apple has appealed a magistrate court order that it assist the government, saying to do so would undermine its encryption technology.

Rapid technological advancements "offer us enormous opportunities, but also are very disruptive and unsettling," Obama said at the festival, where he hoped to persuade tech workers to enter public service. "They empower individuals to do things that they could have never dreamed of before, but they also empower folks who are very dangerous to spread dangerous messages."

Siding with Apple are technology companies including Amazon Inc., Microsoft Corp., Facebook Inc. and Google’s parent Alphabet Inc. On Thursday, the government filed a memorandum in the case arguing that Apple would need to assign as few as six workers for as little as two weeks to hack into Syed Farook’s phone.

“This burden, which is not unreasonable, is the direct result of Apple’s deliberate marketing decision to engineer its products so that the government cannot search them, even with a warrant,” government attorneys said in the filing.
‘Sloppy and Rushed’

Obama was interviewed at the festival by the CEO and editor in chief of the Texas Tribune, Evan Smith, who told him that "it looks to the tech community, or to some in the tech community, that government is the enemy" in its dealings with Apple. South by Southwest, now 30 years old, has grown from an event to highlight local musicians and artists into one of the nation’s largest and most popular technology conferences and film-and-music festivals.

The White House has backed the FBI in its fight with Apple, but has said Obama believes it it is vital to balance privacy protections against the needs of law enforcement. Obama has not weighed in on legislation being drafted by Senate Intelligence Committee Chairman Richard Burr, a North Carolina Republican, and the senior Democrat on the panel, Dianne Feinstein of California, which would require companies to comply with court orders asking for assistance accessing encrypted data.

He indicated on Friday that he believes leaving the matter to lawmakers may not be ideal. The result would be "sloppy and rushed and it will go through Congress in ways that have not been thought through," he said.

Apple and other tech firms have said that building backdoors into their encrypted products could put them at a disadvantage to foreign competitors. They have also warned that China or other countries could demand similar cooperation with government investigations.

Without commenting on the Apple case, Obama dismissed those arguments, saying that for centuries law enforcement agencies have been able to search private property for evidence of crimes using a warrant.

"The question we now have to ask is, if technologically it is possible to make an impenetrable device or system, where the encryption is so strong there’s no key, there’s no door at all, then how do we apprehend the child pornographer? How do we solve or disrupt a terrorist plot?" Obama said. "If in fact you can’t crack that at all, government can’t get in, then everybody’s walking around with a Swiss bank account in their pocket."

Compromise is possible, he said, and the technology industry must help design it.

"I suspect the answer is going to come down to, how do we create a system that, encryption is as strong as possible, the key is secure as possible, and it is accessible by the smallest number of people possible for the subset of issues that we agree is important," he said.
Recruiting Coders

It isn’t the first time his policies have caused the White House a headache at the Austin festival. In 2014, former NSA contractor Edward Snowden gave a virtual keynote speech from Russia on privacy rights. WikiLeaks editor-in-chief Julian Assange also spoke remotely to the conference that year.

Snowden’s leaks have complicated the encryption issue, Obama said, by "elevating people’s suspicions" of government surveillance.

Still, White House officials believe that engagement with the technology sector is critical, especially if the administration is to recruit talented programmers to help modernize the federal government.

“Cooperation that exists between the government and the tech sector continues beyond the issue of encryption,” Jason Goldman, the White House’s chief digital officer, said on a conference call with reporters before Obama’s appearance.

In recent years, Obama has hired officials from companies including Microsoft, Alphabet, and Twitter Inc. to help repair the broken HealthCare.gov enrollment system and the byzantine Veterans Affairs claims processing system, among other assignments. The administration hopes the president’s appearance at SXSW can help replenish the ranks of hundreds of technology specialists who put their Silicon Valley careers on hold for public service.

Obama called HealthCare.gov "an example of the big and the bloated and frustrating" in government. When the website failed in October 2013, he said, it "was a little embarrassing for me because I was the cool early adopter president. My entire campaign had been premised on having really cool technology and social media and all that."

After fixing HealthCare.gov with the assistance of private-sector technology experts, "what we realized was we could potentially build a SWAT team, a world class tech office inside of the government, that was helping across agencies," Obama said. That became the U.S. Digital Service.
http://www.bloomberg.com/politics/vi...ate-math-class





UK Surveillance Powers Bill Could Force Startups to Bake in Backdoors
Natasha Lomas

While the Apple vs FBI court battle has drawn all eyes to the question of what should be considered ‘reasonable assistance’ for companies to provide law enforcement agencies, over in the UK the government is attempting to enshrine in law surveillance capabilities that would enable state agencies to compel even very small startups to bake insecurities into their systems in order to be able to hack users on demand.

And the kicker is there would be no chance for companies compelled to do this to go public with the request — as Apple has done in the FBI instance — or even for them to be upfront with their users that they are being forced to compromise their privacy. The proposed legislation would require non-disclosure of any such state-enforced actions that companies are compelled to take.

“Any person to whom a technical capability notice is given, or any person employed or engaged for the purposes of that person’s business, is under a duty not to disclose the existence and contents of that notice to any person,” a Code of Practice on the proposed investigatory power notes.

The draft legislation is currently before parliament so is not yet law. However it is the government’s intention to drive the Investigatory Powers bill through parliament and onto the statute books by the end of this year, when other data retention powers are due to be sunsetted — leaving only a very short time frame for parliamentarians to scrutinize what is a highly complex and technical piece of legislation that extends to more than 250 pages, with a substantial clutch of attendant documents — including multiple highly detailed Codes of Practice for the various powers set out in the bill.

In a draft Code of Practice on Equipment Interference (EQ), published earlier this month at the same time as the full bill, a section dryly entitled Maintenance of a technical capability notes that communication service providers (CSPs) may be required to “provide a technical capability to give effect to interception, equipment interference, bulk acquisition warrants or communications data acquisition authorisations”.

To be clear, CSPs means any Internet or phone company. So technology startups fall squarely into this bucket.

“The purpose of maintaining a technical capability is to ensure that, when a warrant is served, companies can give effect to it securely and quickly,” the EQ Code of Practice adds. “Small companies (with under 10,000 users) will not be obligated to provide a permanent technical capability, although they may be obligated to give effect to a warrant.”

So, in plain English, the provision provides for sweeping state powers to co-opt all but the tiniest of startups and technology platforms as surveillance entities — and does so with a power to compel them to pre-bake weaknesses into their systems on-demand.

Surely, then, the very definition of a ‘backdoor’, despite earlier government claims the legislation is not asking for backdoors (or demanding encryption keys). Of course state agencies would not need to ask for encryption keys if the law requires companies to have already perforated their security systems in order to afford the same agencies access to customer data on demand and in secret.

“Hacking powers have been broadened,” says Eric King, deputy director of humans rights group Privacy International, discussing the version of the bill now before parliament. “ICRs [Internet Connection Records — aka web browsing records on all users that ISPs would be forced to retain for a year] have been broadened.

“Issues around how they can force companies to hack have been explicitly confirmed now. But only now — robbing previous committees from being able to consider them and robbing companies and NGOs from being able to respond in a timely manner to those sorts of concerns.”

An earlier version of the bill was looked at by three government committees, all of which expressed substantial concerns — including the Security and Intelligence Committee slamming the draft bill for lacking clarity and for failing to enshrine privacy protections or provide adequately targeted surveillance measures.

King says the overwhelmingly majority of the changes the government has made to the draft legislation in response to the committee reports are “cosmetic”.

“In some circumstances, when undertaking a clarification, they’ve actually expanded the authority in the bill — so this seems to have been an exercise in ‘keep vague’, at an early stage, have a whole host of academics, NGOs, companies raise concerns about that lack of clarity, but keep it vague so that only at the very last minute — i.e. now — will they actually clarify those 200-odd issues. But they clarify each and every one of them in a way that confirms the worst fears of the lack of clarity expressed earlier,” he tells TechCrunch.

On EQ (aka state-compelled hacking of devices/systems), King says the sheer scale of the proposals are staggering — noting that the bill now affords domestic law enforcement, as well as security agencies, access to hugely intrusive capabilities to hack into systems.

“They built in systems that would force companies who have more than 10,000 users — which for a startup ten years ago used to be a hard thing, now you can quite quickly collect 10,000 users no problem — so it’s a very low threshold. They can serve a permanent notice to require you to bake into your product a technical capability that would allow you to then hack any one of your customers,” he says.

“And when law enforcement then later come along and say we want you to hack this customer, they’ve already forced the company to build the system to do that. So this essentially gets around the problem that’s being faced in the US with Apple and the FBI, where Apple built the security in and now the FBI are saying we want you to undo that.

“Here Britain’s taking a different approach — they’re saying, right from this point onwards we’re going to start ordering companies to build in this capability to hack your systems so that we never have to have this problem. But unlike in the US where Apple are able to openly discuss this, in all of the circumstances in the UK these companies would be gagged from talking about it. They’d be prohibited from going to the press, from informing their users, from having an open court hearing where the press could report.”

“It is the worst form of a backdoor,” adds King. “It is a secret power to force companies to build all manner of backdoors to all sorts of systems to intrude directly onto a product or service that you are using or have bought. And it would tie the companies into being complicit into actively attacking their users.

“So rather than a backdoor that’s provided that then governments exclusively use, this is roping in the companies and deputizing them and even paying for their staff — there’s powers in the Code to remunerate businesses who have to hire new staff or build new technologies to ensure that they can hack their customers.”

King also asserts that older and much criticized encryption/decryption powers in extant UK legislation (the Regulation of Investigatory Powers Act 2000) have not been adjusted, changed or integrated into the new bill — despite government claims the IP bill would seek to gather all investigatory powers into one place to provide for a clear and transparent framework for the operation of state investigatory capabilities.

“The powers will continue to stand alone outside of this bill and all of the issues dealing with encryption that we’re talking about are new powers, new capabilities, new ways to force companies to undermine, weaken, backdoor their architecture, their systems — including the removal of encryption systems,” he adds.

“It’s a semantic game that’s being played here, about what constitutes weakening, what constitutes backdooring, that the government is still playing hard and fast on in the hope that, essentially, a big lie sticks.”

TechCrunch has contacted the UK Home Office asking for clarification on the Investigatory Powers bill’s position vis-a-vis state-mandated backdoors. The department had not responded at the time of publication. We will update this story with any response.
http://techcrunch.com/2016/03/10/uk-...-in-backdoors/





Skype Co-Founder Launches End-To-End Encrypted 'Wire' App
Lucian Armasu

A group of former Skype, Apple and Microsoft employees, backed by Skype’s co-founder Janus Friis, created a Skype alternative called “Wire” back in 2014, which wasn’t end-to-end encrypted at the time. The team announced that the latest version of the app brings open source end-to-end encryption from everything to chats to video calls, as well as multi-device end-to-end encryption.

State-Of-The-Art-Encryption

When Wire launched at the end of 2014, its main promised advantage over Skype and other messengers was the “crystal clear voice.” However, this doesn’t seem to have been enough for the app to pick up steam, which is why it has received a major encryption upgrade by adopting the open source Axolotl protocol.

The protocol was first created and adopted by the team behind the fully open source Signal app. It was quickly considered the state-of-the-art in encryption protocols for messengers, because it offered strong end-to-end encryption, the ability to send end-to-end encrypted messages to offline users, and end-to-end encrypted group chats.

Since then, the protocol has been adopted by Whatsapp (although the company never officially announced it, and it doesn’t allow users to verify each other cryptographically), Silent Phone, and ChatSecure (a popular privacy-focused app for iOS and Android).

For voice and video calls, Wire uses the same DTLS and SRTP encryption standards found in the peer-to-peer WebRTC protocol. The protocol has its weaknesses, but it’s still a step up from the centralized video-call services implemented by Skype or Hangouts, which could more easily intercepted.

Protected By Strong Privacy Laws

Wire is headquartered in Switzerland and Germany, two of the most privacy-friendly countries in the world. The app benefits from the strong privacy laws of both nations, as well as the European Union’s Data Protection regulation.

As the the governments of U.S., UK, and even France become increasingly more aggressive towards encryption, more and more companies that actually care about their users’ privacy seem to be moving to either Germany or Switzerland, where the chance to be strong-armed into backdooring their services is much lower. If that were to happen, at least the companies would have those countries’ privacy-friendly Constitutions on their side, and could have a high chance of winning such battles in Court.

Comparison With Other Apps

All of Wire’s encryption is open source, but its user interface is closed source, which means vulnerabilities could still be introduced potentially without the user being able to find out about them. At some level you still have to trust the team behind it to not do nefarious things, but this can be more easily achieved when the company takes so many privacy-friendly measures, including being headquartered in privacy-friendly countries. This is more than most other messaging companies are willing to do.

Although it’s not fully open source the way Signal is, it’s a little more complete because it offers video calls, making it more of a true Skype alternative. This makes it the best overall private messenger for the masses at present.

For those who are really worried about their privacy or worried that they are targets of various governments, Signal would still be a better choice. However, it seems the more time passes, the more we see “mainstream” chat applications get closer to the ideal in security and privacy, which can only be good news for everyone.
http://www.tomshardware.com/news/wir...ion,31389.html





WhatsApp Encryption Said to Stymie Wiretap Order
Matt Apuzzo

While the Justice Department wages a public fight with Apple over access to a locked iPhone, government officials are privately debating how to resolve a prolonged standoff with another technology company, WhatsApp, over access to its popular instant messaging application, officials and others involved in the case said.

No decision has been made, but a court fight with WhatsApp, the world’s largest mobile messaging service, would open a new front in the Obama administration’s dispute with Silicon Valley over encryption, security and privacy.

WhatsApp, which is owned by Facebook, allows customers to send messages and make phone calls over the Internet. In the last year, the company has been adding encryption to those conversations, making it impossible for the Justice Department to read or eavesdrop, even with a judge’s wiretap order.

As recently as this past week, officials said, the Justice Department was discussing how to proceed in a continuing criminal investigation in which a federal judge had approved a wiretap, but investigators were stymied by WhatsApp’s encryption.

The Justice Department and WhatsApp declined to comment. The government officials and others who discussed the dispute did so on condition of anonymity because the wiretap order and all the information associated with it were under seal. The nature of the case was not clear, except that officials said it was not a terrorism investigation. The location of the investigation was also unclear.

To understand the battle lines, consider this imperfect analogy from the predigital world: If the Apple dispute is akin to whether the F.B.I. can unlock your front door and search your house, the issue with WhatsApp is whether it can listen to your phone calls. In the era of encryption, neither question has a clear answer.

Some investigators view the WhatsApp issue as even more significant than the one over locked phones because it goes to the heart of the future of wiretapping. They say the Justice Department should ask a judge to force WhatsApp to help the government get information that has been encrypted. Others are reluctant to escalate the dispute, particularly with senators saying they will soon introduce legislation to help the government get data in a format it can read.

Whether the WhatsApp dispute ends in a court fight that sets precedents, many law enforcement officials and security experts say that such a case may be inevitable because the nation’s wiretapping laws were last updated a generation ago, when people communicated by landline telephones that were easy to tap.

“The F.B.I. and the Justice Department are just choosing the exact circumstance to pick the fight that looks the best for them,” said Peter Eckersley, the chief computer scientist at the Electronic Frontier Foundation, a nonprofit group that focuses on digital rights. “They’re waiting for the case that makes the demand look reasonable.”

A senior law enforcement official disputed the notion that the government was angling for the perfect case and that a court fight was inevitable.

This is not the first time that the government’s wiretaps have been thwarted by encryption. And WhatsApp is not the only company to clash with the government over the issue. But with a billion users and a particularly strong international customer base, it is by far the largest.

Last year, a dispute with Apple over encrypted iMessages in an investigation of guns and drugs, for instance, nearly led to a court showdown in Maryland. In that case, as in others, the company helped the government where it was able to, and the Justice Department backed down.

Jan Koum, WhatsApp’s founder, who was born in Ukraine, has talked about his family members’ fears that the government was eavesdropping on their phone calls. In the company’s early years, WhatsApp had the ability to read messages as they passed through its servers. That meant it could comply with government wiretap orders.

But in late 2014, the company said that it would begin adding sophisticated encoding, known as end-to-end encryption, to its systems. Only the intended recipients would be able to read the messages.

“WhatsApp cannot provide information we do not have,” the company said this month when Brazilian police arrested a Facebook executive after the company failed to turn over information about a customer who was the subject of a drug trafficking investigation.

The iPhone case, which revolves around whether Apple can be forced to help the F.B.I. unlock a phone used by one of the killers in last year’s San Bernardino, Calif., massacre, has received worldwide attention for the precedent it might set. But to many in law enforcement, disputes like the one with WhatsApp are of far greater concern.

For more than a half-century, the Justice Department has relied on wiretaps as a fundamental crime-fighting tool. To some in law enforcement, if companies like WhatsApp, Signal and Telegram can design unbreakable encryption, then the future of wiretapping is in doubt.

“You’re getting useless data,” said Joseph DeMarco, a former federal prosecutor who now represents law enforcement agencies that filed briefs supporting the Justice Department in its fight with Apple. “The only way to make this not gibberish is if the company helps.”

“As we know from intercepted prisoner wiretaps,” he added, “criminals think that advanced encryption is great.”

Businesses, customers and the United States government also rely on strong encryption to help protect information from hackers, identity thieves and foreign cyberattacks. That is why, in 2013, a White House report said the government should “not in any way subvert, undermine, weaken, or make vulnerable generally available commercial encryption.”

In a twist, the government helped develop the technology behind WhatsApp’s encryption. To promote civil rights in countries with repressive governments, the Open Technology Fund, which promotes open societies by supporting technology that allows people to communicate without the fear of surveillance, provided $2.2 million to help develop Open Whisper Systems, the encryption backbone behind WhatsApp.

Because of such support for encryption, Obama administration officials disagree over how far they should push companies to accommodate the requests of law enforcement. Senior leaders at the Justice Department and the F.B.I. have held out hope that Congress will settle the matter by updating the wiretap laws to address new technology. But the White House has declined to push for such legislation. Josh Earnest, the White House spokesman, said on Friday that he was skeptical “of Congress’s ability to handle such a complicated policy area.”

James B. Comey, the F.B.I. director, told Congress this month that strong encryption was “vital” and acknowledged that “there are undoubtedly international implications” for the United States to try to break encryption, especially for wiretaps, as in the WhatsApp case. But he has called for technology companies and the government to find a middle ground that allows for strong encryption but accommodates law enforcement efforts. President Obama echoed those remarks on Friday, saying technology executives who were “absolutist” on the issue were wrong.

Those who support digital privacy fear that if the Justice Department succeeds in forcing Apple to help break into the iPhone in the San Bernardino case, the government’s next move will be to force companies like WhatsApp to rewrite their software to remove encryption from the accounts of certain customers. “That would be like going to nuclear war with Silicon Valley,” said Chris Soghoian, a technology analyst with the American Civil Liberties Union.

That view is one reason government officials have been hesitant to rush to court in the WhatsApp case and others like it. The legal and policy implications are great. While no immediate resolution is in sight, more and more companies offer encryption. And technology analysts say that WhatsApp’s yearlong effort to add encryption to all one billion of its customer accounts is nearly complete.

Eric Lichtblau contributed reporting from Washington and Katie Benner from San Francisco.
http://www.nytimes.com/2016/03/13/us...tap-order.html





A Judge Just Admitted The Existence Of The NSA’s PRISM Program
Kevin Collier

A U.S. judge has just admitted the existence of the NSA’s infamous PRISM program by name, apparently the first time any federal judge has done so.

PRISM has been an open secret since June 2013, when documents leaked by former NSA contractor Edward Snowden were first made public. An ominous NSA PowerPoint training slide claimed that PRISM allowed “collection [of user data] directly from the servers” of major American tech companies like Yahoo, Google and Apple, though those tech companies immediately and fiercely protested that no, to their knowledge, they didn’t give the NSA such access. It’s since been generally accepted that the NSA wasn’t physically accessing those companies’ servers with PRISM, but instead creating a streamlined legal process to compel those companies, via orders processed in the secret Foreign Intelligence Surveillance Court, to turn over users’ data.

Since the program’s disclosure, most government reports and redacted FISA court orders have referred to PRISM by the legal authority the NSA claims authorizes it, Section 702 of the Foreign Intelligence Surveillance Act. But that’s confusing, because 702 also authorizes what’s called Upstream collection, which gives the NSA access to raw Internet data—not the same thing as PRISM, which is more specifically targeted.

Federal District Court Judge John Gleeson, who brought up PRISM in a ruling dated February 18 and released Tuesday, is likely the first federal judge to do so, according to observers. In his ruling, he described the program this way:

In PRISM collection, the government identifies the user accounts it wants to monitor and sends a ‘selector’—a specific communications facility, such as a target’s email address or telephone number—to the relevant communications service provider. A government directive then compels the communications service provider to give it communications sent to or from that selector. This type of surveillance, which intercepts ‘to/from’ communications, can result in the interception of communications with U.S. persons if the target happens to communicate with such a person.”

The case in question is against Agron Hasbajrami, an Albanian citizen and resident of Brooklyn. Hasbajrami was arrested September 6, 2011, and quickly pled guilty to trying to travel to Pakistan to join a militant jihadi group, as well as to wiring it money. But it was after he was arrested that the government told him how he was caught: The NSA had used PRISM to investigate a different target, and only read his emails when they were swept up as part of that investigation.

“We’ve been arguing in all of these cases that it’s important for the court to look at the specifics of the program at issue,” Andrew Crocker, a lawyer with the Electronic Frontier Foundation, which has advised Hasbajrami and others charged with evidence obtained through NSA programs, told Vocativ. Though Gleeson’s ruling was likely the first instance of the distinction being discussed openly, he did still find against Hasbajrami, saying that he didn’t possess a “reasonable” expectation of privacy.

The case isn’t over yet, however. Hasbajrami has already filed his notice of appeal.
http://www.vocativ.com/news/295204/nsa-prism/





Surprise! NSA Data Will Soon Routinely be Used for Domestic Policing that Has Nothing to Do with Terrorism
Radley Balko

A while back, we noted a report showing that the “sneak-and-peek” provision of the Patriot Act that was alleged to be used only in national security and terrorism investigations has overwhelmingly been used in narcotics cases. Now the New York Times reports that National Security Agency data will be shared with other intelligence agencies like the FBI without first applying any screens for privacy. The ACLU of Massachusetts blog Privacy SOS explains why this is important:

What does this rule change mean for you? In short, domestic law enforcement officials now have access to huge troves of American communications, obtained without warrants, that they can use to put people in cages. FBI agents don’t need to have any “national security” related reason to plug your name, email address, phone number, or other “selector” into the NSA’s gargantuan data trove. They can simply poke around in your private information in the course of totally routine investigations. And if they find something that suggests, say, involvement in illegal drug activity, they can send that information to local or state police. That means information the NSA collects for purposes of so-called “national security” will be used by police to lock up ordinary Americans for routine crimes. And we don’t have to guess who’s going to suffer this unconstitutional indignity the most brutally. It’ll be Black, Brown, poor, immigrant, Muslim, and dissident Americans: the same people who are always targeted by law enforcement for extra “special” attention.

This basically formalizes what was already happening under the radar. We’ve known for a couple of years now that the Drug Enforcement Administration and the IRS were getting information from the NSA. Because that information was obtained without a warrant, the agencies were instructed to engage in “parallel construction” when explaining to courts and defense attorneys how the information had been obtained. If you think parallel construction just sounds like a bureaucratically sterilized way of saying big stinking lie, well, you wouldn’t be alone. And it certainly isn’t the only time that that national security apparatus has let law enforcement agencies benefit from policies that are supposed to be reserved for terrorism investigations in order to get around the Fourth Amendment, then instructed those law enforcement agencies to misdirect, fudge and outright lie about how they obtained incriminating information — see the Stingray debacle. This isn’t just a few rogue agents. The lying has been a matter of policy. We’re now learning that the feds had these agreements with police agencies all over the country, affecting thousands of cases.

On the one hand, I guess it’s better that this new data-sharing policy is acknowledged in the open instead of carried out surreptitiously. On the other hand, there’s something even more ominous about the fact that they no longer feel as though they need to hide it.

It’s all another sobering reminder that any powers we grant to the federal government for the purpose of national security will inevitably be used just about everywhere else. And extraordinary powers we grant government in wartime rarely go away once the war is over. And, of course, the nifty thing for government agencies about a “war on terrorism” is that it’s a war that will never formally end.
https://www.washingtonpost.com/news/...ith-terrorism/





Apple: DOJ 'Desperate,' Brief Reads Like Indictment
Jacob Pramuk

The Justice Department on Thursday filed its latest response to Apple in the fight over iPhone encryption, calling the tech giant's rhetoric in the San Bernardino, California, case "false" and "corrosive" of institutions that safeguard rights.

The debate surrounds whether Apple should comply with a court order to help authorities unlock an iPhone used by one of the shooters in last year's San Bernardino attack, which left 14 people dead.

"Here, Apple deliberately raised technological barriers that now stand between a lawful warrant and an iPhone containing evidence related to the terrorist mass murder of 14 Americans. Apple alone can remove those barriers so that the FBI can search the phone, and it can do so without undue burden," the DOJ wrote in the filing.

Apple is due to face the FBI in court later this month. The company, which has said it would have to create software to allow investigators to crack the phone, has argued that doing so could create a dangerous precedent. In a call with reporters Thursday, Apple senior vice president and general counsel Bruce Sewell said the DOJ has become "so desperate" that it has "thrown all decorum to the wind.

"The tone of the brief reads like an indictment," he said.

Sewell called the brief an "unsupported, unsubstantiated effort to vilify Apple." In the call, attorneys for Apple said they plan to file a reply brief, which is due March 15. The attorneys reiterated Apple's position that the disagreement should not be settled in the court system.

Authorities claim they only seek to unlock the device in question. The DOJ reiterated that point Thursday, calling the court order "modest" and arguing it "invades no one's privacy."

"It applies to a single iPhone, and it allows Apple to decide the least burdensome means of complying," the filing said.

Attorneys for Apple questioned Thursday where the limits of the power will stop. Some critics of the court order believe it could lead to a so-called back door through Apple's encryption system. The DOJ contended the case would not give it that power.

Apple, by keeping close control over its software and devices, "maintains a continued connection to its phones," the DOJ's filing said.

"Apple is not some distant, disconnected third party unexpectedly and arbitrarily dragooned into helping solve a problem for which it bears no responsibility," the DOJ wrote.

Many prominent technology companies have backed Apple in the case. Amazon.com, Alphabet's Google, Facebook and Microsoft, among others, recently filed a joint brief in support of Apple.

President Barack Obama will not discuss the dispute on Friday during his keynote address at the South by Southwest music and technology conference, Reuters reported, citing a White House official.
http://www.cnbc.com/2016/03/10/justi...i-dispute.html





Pentagon Report Justifies Deployment of Military Spy Drones Over the U.S.
Gregg Zoroya

The Pentagon has deployed drones to spy over U.S. territory for non-military missions over the past decade, but the flights have been rare and lawful, according to a new report.

The report by a Pentagon inspector general, made public under a Freedom of Information Act request, said spy drones on non-military missions have occurred fewer than 20 times between 2006 and 2015 and always in compliance with existing law.

The report, which did not provide details on any of the domestic spying missions, said the Pentagon takes the issue of military drones used on American soil "very seriously."

The Pentagon has publicly posted at least a partial list of the drone missions that have flown in non-military airspace over the United States and explains the use of the aircraft. The site lists nine missions flown between 2011 and 2016, largely to assist with search and rescue, floods, fires or National Guard exercises.

A senior policy analyst for the ACLU, Jay Stanley, said it is good news no legal violations were found, yet the technology is so advanced that it's possible laws may require revision.

"Sometimes, new technology changes so rapidly that existing law no longer fits what people think is appropriate," Stanley said. "It's important to remember that the American people do find this to be a very, very sensitive topic."

Other federal agencies own and operate drones. The use of unmanned aerial surveillance (UAS) drones over the USA surfaced in 2013 when then-FBI director Robert Mueller testified before Congress that the bureau employed spy drones to aid investigations but in a "very, very minimal way, very seldom."

The inspector general analysis was completed March 20, 2015, but not released publicly until last Friday.

It said that with advancements in drone technology along with widespread military use overseas, the Pentagon established interim guidance in 2006 governing when and whether the unmanned aircraft could be used domestically. The interim policy allowed spy drones to be used for homeland defense purposes in the U.S. and to assist civil authorities.

But the policy said that any use of military drones for civil authorities had to be approved by the Secretary of Defense or someone delegated by the secretary. The report found that defense secretaries have never delegated that responsibility.

The report quoted a military law review article that said "the appetite to use them (spy drones) in the domestic environment to collect airborne imagery continues to grow, as does Congressional and media interest in their deployment."

Military units that operate drones told the inspector general they would like more opportunities to fly them on domestic missions if for no other reason than to give pilots more experience to improve their skills, the report said. "Multiple units told us that as forces using the UAS capabilities continue to draw down overseas, opportunities for UAS realistic training and use have decreased," the report said.

A request for all cases between 2006 and 2015 in which civil authorities asked the military for use of spy drones produced a list of "less than twenty events," the report said. The list included requests granted and denied.

The list was not made public in the report. But a few examples were cited, including one case in which an unnamed mayor asked the Marine Corps to use a drone to find potholes in the mayor's city. The Marines denied the request because obtaining the defense secretary's "approval to conduct a UAS mission of this type did not make operational sense."

Shortly before the inspector general report was completed a year ago, the Pentagon issued a new policy governing the use of spy drones. It requires the defense secretary to approve all domestic spy drone operations. It says that unless permitted by law and approved by the secretary, drones "may not conduct surveillance on U.S. persons." It also bans the use of armed drones over the United States for anything other than training and testing.
http://www.usatoday.com/story/news/n...r-us/81474702/





Laser System Set to Revolutionise Future Aircraft, Satellite Data Links
Alice MacGregor

A revolutionary new laser system, dubbed HYPERION, promises to improve the transmission of data from aircraft, unmanned aerial vehicles (UAVs) and low orbiting satellites to ground stations.

The optical system, developed by a team of Innovate UK researchers, has been designed to send critical information more securely, rapidly and efficiently than traditional radio frequency (RF) methods.

The eye-safe system is able to aim lasers, with a wavelength of 1,550 nanometres, up from the ground towards an aircraft, which is fitted with a special reflector which captures the beam. It then modifies the beam with the latest data to be transmitted and sends it back to the ground for decoding and analysis.

A suggested application of HYPERION is to allow UAVs involved in disaster monitoring, surveying, search and rescue, and other humanitarian projects to quickly offload detailed image data back to the ground for analysis. The system could also be applied in future airline systems to transmit vast amounts of technical and performance data collected by on-board sensors to ground stations on approach to the runway. This process could help speed up necessary maintenance and significantly cut turnaround times.

“This […] research is leading to exciting developments in aerospace and communications. It will potentially make aircraft and unmanned vehicles better connected and more resilient to outside interference,” said Professor Philip Nelson, chief executive at UK research and training agency EPSRC.

Nelson refers to traditional RF communications, which can be vulnerable to interception and jamming as they rely on an extremely crowded part of the electromagnetic spectrum. As this space continues to grow, with ever increasing volumes of data needing to be transmitted, alternatives must be developed.

A concept HYPERION design has now been successfully tested in-flight at a range of 1km, but the research team is working to extend this distance in future models. It is hoped that the system could become commercially available over the next three to five years.

The news of the HYPERION system follows Facebook’s announcement of its plans to deliver internet connectivity via drones through air-to-ground laser links, enabled by lightweight gimbals which hang beneath the aircraft.
https://thestack.com/world/2016/03/0...te-data-links/





Critical Bug in Libotr Could Open Users of ChatSecure, Adium, Pidgin to Compromise
Zeljka Zorz

A vulnerability in “libotr,” the C code implementation of the Off-the-Record (OTR) protocol that is used in many secure instant messengers such as ChatSecure, Pidgin, Adium and Kopete, could be exploited by attackers to crash an app using libotr or execute remote code on the user’s machine.

“An attacker could execute his own code inside the instant messaging application. He could hack the victims computer using this or alternatively just steal the encryption keys and the chat logs from the messenger,” Markus Vervier, managing director of German app sec testing firm X41 D-SEC and discoverer of the vulnerability told Help Net Security.

The memory corruption vulnerability (CVE-2016-2851) can be triggered remotely by sending a specially crafted large message. The attacker does not have to be in the victim’s contact list in order to perform the attack, and no special user interaction or authorization is necessary to trigger the flaw in default configurations.

The bug is present in libotr versions 4.1.0 and below. Its developers – the OTR Development Team – have already plugged in the newly issued libotr v4.1.1.

ChatSecure has released an update of its app with the fix, and so has Adium with v1.5.10.2 of the app.

The good news is that there is no indication that the bug is being currently exploited in the wild. But, with details about the flaw and a PoC released in the company’s security advisory, it’s only be a matter of time until others come up with a working exploit.

“Interestingly enough, the bug was noticed last year by known security researchers Dan Kaminsky, Thomas H. Ptacek and others but was mistakenly disregarded,” Vervier told us.
https://www.helpnetsecurity.com/2016...in-compromise/





Click Bait: Tor Users Can be Tracked by Mouse Movements

The way you move your mouse is unique, like fingerprints, and can be used by dark forces to track you on supposedly anonymous and secure networks like Tor, according to a Barcelona researcher.

Jose Carlos Norte discovered the snooping method in recent weeks.

“I have been able to fingerprint Tor browser users in controlled environments and I think it could be interesting to share all the findings for further discussion and to improve Tor browser,” he said on his website.

Using Javascript, a hacker could identify a user based on the movements in their mouse as Tor uses the programming language by default.

Networks such as Tor are vital resources for those wishing to use the internet securely like whistleblowers, journalists, and political dissidents.

Tor previously countered fingerprinting methods like analyzing local time, operating systems, and fonts through updates.

Norte was able to show the unique data a user creates through their mouse.

“It is easy to fingerprint users using Tor browser to track their activity online and correlate their visits to different pages,” he said.

Mouse wheel information contains scrolling speed, distance, and hardware used.

Mouse speed fingerprinting reveals how a cursor moves across the page, which is controlled by the operating system and hardware.

While the method has some limitations, like the variation of mouse movements based on different devices, there is scope to build an even more advanced method of tracking users through mouse movement.

A recent study showed users’ moods can be detected based on mouse clicks. A frustrated or annoyed mouse user will take larger and slower mouse movements. The scientists were able to detect negative emotions with 82 percent accuracy.

The solution to mouse fingerprinting is to deactivate Javascript altogether, although Tor is likely to address the issue, based on recent bug reports.
https://www.rt.com/viral/335112-tor-...s-fingerprint/





Apple Users Targeted in First Known Mac Ransomware Campaign
Jim Finkle

Apple Inc (AAPL.O) customers were targeted by hackers over the weekend in the first campaign against Macintosh computers using a pernicious type of software known as ransomware, researchers with Palo Alto Networks Inc (PANW.N) told Reuters on Sunday.

Ransomware, one of the fastest-growing types of cyber threats, encrypts data on infected machines, then typically asks users to pay ransoms in hard-to-trace digital currencies to get an electronic key so they can retrieve their data.

Security experts estimate that ransoms total hundreds of millions of dollars a year from such cyber criminals, who typically target users of Microsoft Corp's (MSFT.O) Windows operating system.

Palo Alto Threat Intelligence Director Ryan Olson said the "KeRanger" malware, which appeared on Friday, was the first functioning ransomware attacking Apple's Mac computers.

"This is the first one in the wild that is definitely functional, encrypts your files and seeks a ransom," Olson said in a telephone interview.

An Apple representative said the company had taken steps over the weekend to prevent attacks by revoking a digital certificate from a legitimate Apple developer that enabled the rogue software to install on Macs. The representative said he could not immediately provide other details.

The malware is programmed to encrypt files on an infected personal computer three days after the original infection, according to Olson.

That means that if Apple's steps prove ineffective in neutralizing malware that has already infected Macs, the earliest victims will have their files encrypted on Monday, three days after the malicious program first appeared on the Tranmission website, he said.

The Transmission site offers the open source software that was infected with the ransomware.

Palo Alto said it planned to release a blog advising Mac users on ways to check to see if they were infected with the virus and steps they can take to protect against it harming their data, Olson said.

Transmission is one of the most popular Mac applications used to download software, videos, music and other data through the BitTorrent peer-to-peer information sharing network, according to Olson.

Representatives with Transmission could not be reached immediately for comment.

The project's website, www.transmissionbt.com, on Sunday carried a warning saying that version 2.90 of its Mac software had been infected with malware.

It advised users to immediately upgrade to version 2.91 of the software, which was available on its website, or delete the malicious one.

It also provided technical information on how users could check to see if they were affected.

(Editing by Jeffrey Benkoe)
http://uk.reuters.com/article/uk-app...-idUKKCN0W80VV





I Stayed in a Hotel with Android Lightswitches and it Was Just as Bad as You'd Imagine
Matthew Garrett

I'm in London for Kubecon right now, and the hotel I'm staying at has decided that light switches are unfashionable and replaced them with a series of Android tablets.

A tablet displaying the text UK_bathroom isn't responding. Do you want to close it?

One was embedded in the wall, but the two next to the bed had convenient looking ethernet cables plugged into the wall. So.

I managed to borrow a couple of USB ethernet adapters, set up a transparent bridge (brctl addbr br0; brctl addif br0 enp0s20f0u1; brctl addif br0 enp0s20f0u2; ifconfig br0 up) and then stuck my laptop between the tablet and the wall. tcpdump -i br0 showed traffic, and wireshark revealed that it was Modbus over TCP. Modbus is a pretty trivial protocol, and notably has no authentication whatsoever. tcpdump showed that traffic was being sent to 172.16.207.14, and pymodbus let me start controlling my lights, turning the TV on and off and even making my curtains open and close. What fun!

And then I noticed something. My room number is 714. The IP address I was communicating with was 172.16.207.14. They wouldn't, would they?

I mean yes obviously they would.

It's basically as bad as it could be - once I'd figured out the gateway, I could access the control systems on every floor and query other rooms to figure out whether the lights were on or not, which strongly implies that I could control them as well. Jesus Molina talked about doing this kind of thing a couple of years ago, so it's not some kind of one-off - instead, hotels are happily deploying systems with no meaningful security, and the outcome of sending a constant stream of "Set room lights to full" and "Open curtain" commands at 3AM seems fairly predictable.

We're doomed.

http://mjg59.dreamwidth.org/40505.html

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

March 5th, February 27th, February 20th, February 13th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 08:39 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)