Peer-To-Peer News - The Week In Review - October 28th, ’17 - P2P-Zone

JackSpratts · 27-10-17, 12:01 PM

Since 2002

"The way we're heading now, whoever is in office in 2020 will have to deal with our biggest ever national infrastructure debacle." – Laurie Patton

October 28th, 2017

Portugal Bans Use of DRM to Limit Access to Public Domain Works
Jeremy Malcolm

At EFF, we've become all too accustomed to bad news on copyright come out of Europe, so it's refreshing to hear that Portugal has recently passed a law on copyright that helps to strike a fairer balance between users and copyright holders on DRM. The law doesn't abolish legal protection for DRM altogether—unfortunately, that wouldn't be possible for Portugal to do unilaterally, because it would be inconsistent with European Union law and with the WIPO Copyright Treaty to which the EU is a signatory. However, Law No. 36/2017 of June 2, 2017, which entered into force on June 3, 2017, does grant some important new exceptions to the law's anti-circumvention provisions, which make it easier for users to exercise their rights to access content without being treated as criminals.

The amendments to Articles 217 and 221 of Portugal's Code of Copyright and Related Rights do three things. First, they provide that the anti-circumvention ban doesn't apply to circumvention of DRM in order to enjoy the normal exercise of copyright limitations and exceptions that are provided by Portuguese law. Although Portugal doesn't have a generalized fair use exception, the more specific copyright exceptions in Articles 75(2), 81, 152(4) and 189(1) of its law do include some key fair uses; including reproduction for private use, for news reporting, by libraries and archives, in teaching and education, in quotation, for persons with disabilities, and for digitizing orphan works. The circumvention of DRM in order to exercise these user rights is now legally protected.

Second and perhaps even more significantly, the law prohibits the application of DRM to certain categories of works in the first place. These are works in the public domain (including new editions of works already in the public domain), and to works published or financed by the government. This provision alone will be a boon for libraries, archives, and for those with disabilities, ensuring that they never again have to worry about being unable to access or preserve works that ought to be free for everyone to use. The application of DRM to such works will now be an offence under the law, and if DRM has been applied to such works nevertheless, it will be permitted for a user to circumvent it.

Third, the law also permits DRM to be circumvented where it was applied without the authorization of the copyright holder. From now on, if a licensee of a copyright work wishes to apply DRM to it when it is distributed in a new format or over a new streaming service, the onus will be on them to ask the copyright owner's permission first. If they don't do that, then it won't be an offence for its customers to bypass the DRM in order to obtain unimpeded access to the work, as its copyright owner may well have intended.

If there's a shortcoming to the law, it's that it doesn't include any new exceptions to the ban on creating or distributing (or as lawmakers ludicrously call it, "trafficking in") anti-circumvention devices. This means that although users are now authorized to bypass DRM in more cases than before, they're on their own when it comes to accomplishing this. The amendments ought to have established clear exceptions authorizing the development and distribution of circumvention tools that have lawful uses, rather than leaving users to gain access to such tools through legally murky channels.

Overall though, these amendments go to show just how much flexibility countries have to craft laws on DRM that strike a fairer balance between users and copyright holders—even if, like Portugal, those countries have international obligations that require them to have anti-circumvention laws. We applaud Portugal for recognizing the harmful effects that DRM has access to knowledge and information, and we hope that these amendments will provide a model for other countries wishing to make a similar stand for users' rights.
https://www.eff.org/deeplinks/2017/1...c-domain-works

The Upspin Manifesto: On the Ownership and Sharing of Data

Here follows the original "manifesto" from late 2014 proposing the idea for what became Upspin. The text has been lightly edited to remove a couple of references to Google-internal systems, with no loss of meaning.

I'd like to thank Eduardo Pinheiro, Eric Grosse, Dave Presotto and Andrew Gerrand for helping me turn this into a working system, in retrospect remarkably close to the original vision.
Rob Pike

Outside our laptops, most of us today have no shared file system at work. (There was a time when we did, but it's long gone.) The world took away our /home folders and moved us to databases, which are not file systems. Thus I can no longer (at least not without clumsy hackery) make my true home directory be where my files are any more. Instead, I am expected to work on some local machine using some web app talking to some database or other external repository to do my actual work. This is mobile phone user interfaces brought to engineering workstations, which has its advantages but also some deep flaws. Most important is the philosophy it represents.

You don't own your data any more. One argument is that companies own it, but from a strict user perspective, your "apps" own it. Each item you use in the modern mobile world is coupled to the program that manipulates it. Your Twitter, Facebook, or Google+ program is the only way to access the corresponding feed. Sometimes the boundary is softened within a company—photos in Google+ are available in other Google products—but that is the exception that proves the rule. You don't control your data, the programs do.

Yet there are many reasons to want to access data from multiple programs. That is, almost by definition, the Unix model. Unix's model is largely irrelevant today, but there are still legitimate ways to think about data that are made much too hard by today's way of working. It's not necessarily impossible to share data among programs (although it's often very difficult), but it's never natural. There are workarounds like plugin architectures and documented workflows but they just demonstrate that the fundamental idea—sharing data among programs—is not the way we work any more.

This is backwards. It's a reversal of the old way we used to work, with a file system that all programs could access equally. The very notion of "download" and "upload" is plain stupid. Data should simply be available to any program with authenticated access rights. And of course for any person with those rights. Sharing between programs and people can be, technologically at least, the same problem, and a solved one.

This document proposes a modern way to achieve the good properties of the old world: consistent access, understandable data flow, and easy sharing without workarounds. To do this, we go back to the old notion of a file system and make it uniform and global. The result should be a data space in which all people can use all their programs, sharing and collaborating at will in a consistent, intuitive way.

Not downloading, uploading, mailing, tarring, gzipping, plugging in and copying around. Just using. Conceptually: If I want to post a picture on Twitter, I just name the file that holds it. If I want to edit a picture on Twitter using Photoshop, I use the File>Open menu in Photoshop and name the file stored on Twitter, which is easy to discover or even know a priori. (There are security and access questions here, and we'll come back to those.)

Working in a file system.

I want my home directory to be where all my data is. Not just my local files, not just my source code, not just my photos, not just my mail. All my data. My "phone" should be able to access the same data as my laptop, which should be able to access the same data as the servers. (Ignore access control for the moment.) $HOME should be my home for everything: work, play, life; toy, phone, work, cluster.

This was how things worked in the old single-machine days but we lost sight of that when networking became universally available. There were network file systems and some research systems used them to provide basically this model, but the arrival of consumer devices, portable computing, and then smartphones eroded the model until every device is its own fiefdom and every program manages its own data through networking. We have a network connecting devices instead of a network composed of devices.

The knowledge of how to achieve the old way still exists, and networks are fast and ubiquitous enough to restore the model. From a human point of view, the data is all we care about: my pictures, my mail, my documents. Put those into a globally addressable file system and I can see all my data with equal facility from any device I control. And then, when I want to share with another person, I can name the file (or files or directory) that holds the information I want to share, grant access, and the other person can access it.

The essence here is that the data (if it's in a single file) has one name that is globally usable to anyone who knows the name and has the permission to evaluate it. Those names might be long and clumsy, but simple name space techniques can make the data work smoothly using local aliasing so that I live in "my" world, you live in your world (also called "my" world from your machines), and the longer, globally unique names only arise when we share, which can be done with a trivial, transparent, easy to use file-system interface.

Note that the goal here is not a new file system to use alongside the existing world. Its purpose is to be the only file system to use. Obviously there will be underlying storage systems, but from the user's point of view all access is through this system. I edit a source file, compile it, find a problem, point a friend at it; she accesses the same file, not a copy, to help me understand it. (If she wants a copy, there's always cp!).

This is not a simple thing to do, but I believe it is possible. Here is how I see it being assembled. This discussion will be idealized and skate over a lot of hard stuff. That's OK; this is a vision, not a design document.

Everyone has a name.

Each person is identified by a name. To make things simple here, let's just use an e-mail address. There may be a better idea, but this is sufficient for discussion. It is not a problem to have multiple names (addresses) in this model, since the sharing and access rights will treat the two names as distinct users with whatever sharing rights they choose to use.

Everyone has stable storage in the network.

Each person needs a way to make data accessible to the network, so the storage must live in the network. The easiest way to think of this is like the old network file systems, with per-user storage in the server farm. At a high level, it doesn't matter what that storage is or how it is structured, as long as it can be used to provide the storage layer for a file-system-like API.

Everyone's storage server has a name identified by the user's name.

The storage in the server farm is identified by the user's name.

Everyone has local storage, but it's just a cache.

It's too expensive to send all file access to the servers, so the local device, whatever it is—laptop, desktop, phone, watch—caches what it needs and goes to the server as needed. Cache protocols are an important part of the implementation; for the point of this discussion, let's just say they can be designed to work well. That is a critical piece and I have ideas, but put that point aside for now.

The server always knows what devices have cached copies of the files on local storage.

The cache always knows what the associated server is for each directory file in its cache and maintains consistency within reasonable time boundaries.

The cache implements the API of a full file system. The user lives in this file system for all the user's own files. As the user moves between devices, caching protocols keep things working.

Everyone's cache can talk to multiple servers.

A user may have multiple servers, perhaps from multiple providers. The same cache and therefore same file system API refers to them all equivalently. Similarly, if a user accesses a different user's files, the exact same protocol is used, and the result is cached in the same cache the same way. This is federation as architecture.

Every file has a globally unique name.

Every file is named by this triple: (host address, user name, file path). Access rights aside, any user can address any other user's file by evaluating the triple. The real access method will be nicer in practice, of course, but this is the gist.

Every file has a potentially unique ACL.

Although the user interface for access control needs to be very easy, the effect is that each file or directory has an access control list (ACL) that mediates all access to its contents. It will need to be very fine-grained with respect to each of users, files, and rights.

Every user has a local name space.

The cache/file-system layer contains functionality to bind things, typically directories, identified by such triples into locally nicer-to-use names. An obvious way to think about this is like an NFS mount point for /home, where the remote binding attaches to /home/XXX the component or components in the network that the local user wishes to identify by XXX. For example, Joe might establish /home/jane as a place to see all the (accessible to Joe) pieces of Jane's world. But it can be much finer-grained than that, to the level of pulling in a single file.

The NFS analogy only goes so far. First, the binding is a lazily-evaluated, multi-valued recipe, not a Unix-like mount. Also, the binding may itself be programmatic, so that there is an element of auto-discovery. Perhaps most important, one can ask any file in the cached local system what its triple is and get its unique name, so when a user wishes to share an item, the triple can be exposed and the remote user can use her locally-defined recipe to construct the renaming to make the item locally accessible. This is not as mysterious or as confusing in practice as it sounds; Plan 9 pretty much worked like this, although not as dynamically.

Everyone's data becomes addressable.

Twitter gives you (or anyone you permit) access to your Twitter data by implementing the API, just as the regular, more file-like servers do. The same story applies to any entity that has data it wants to make usable. At some scaling point, it becomes wrong not to play.

Everyone's data is secure.

It remains to be figured out how to do that, I admit, but with a simple, coherent data model that should be achievable.

Is this a product?

The protocols and some of the pieces, particularly what runs on local devices, should certainly be open source, as should a reference server implementation. Companies should be free to provide proprietary implementations to access their data, and should also be free to charge for hosting. A cloud provider could charge hosting fees for the service, perhaps with some free or very cheap tier that would satisfy the common user. There's money in this space.

What is this again?

What Google Drive should be. What Dropbox should be. What file systems can be. The way we unify our data access across companies, services, programs, and people. The way I want to live and work.

Never again should someone need to manually copy/upload/download/plugin/workflow/transfer data from one machine to another.
https://commandcenter.blogspot.com/2...rship-and.html

FBI Couldn't Access Nearly 7K Devices Because of Encryption
Michael Balsamo

The FBI hasn't been able to retrieve data from more than half of the mobile devices it tried to access in less than a year, FBI Director Christopher Wray said Sunday, turning up the heat on a debate between technology companies and law enforcement officials trying to recover encrypted communications.

In the first 11 months of the fiscal year, federal agents were unable to access the content of more than 6,900 mobile devices, Wray said in a speech at the International Association of Chiefs of Police conference in Philadelphia.

"To put it mildly, this is a huge, huge problem," Wray said. "It impacts investigations across the board — narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation."

The FBI and other law enforcement officials have long complained about being unable to unlock and recover evidence from cellphones and other devices seized from suspects even if they have a warrant, while technology companies have insisted they must protect customers' digital privacy.

The long-simmering debate was on display in 2016, when the Justice Department tried to force Apple to unlock an encrypted cellphone used by a gunman in a terrorist attack in San Bernardino, California. The department eventually relented after the FBI said it paid an unidentified vendor who provided a tool to unlock the phone and no longer needed Apple's assistance, avoiding a court showdown.

The Justice Department under President Donald Trump has suggested it will be aggressive in seeking access to encrypted information from technology companies. But in a recent speech, Deputy Attorney General Rod Rosenstein stopped short of saying exactly what action it might take.

"I get it, there's a balance that needs to be struck between encryption and the importance of giving us the tools we need to keep the public safe," Wray said.

In a wide-ranging speech to hundreds of police leaders from across the globe, Wray also touted the FBI's partnerships with local and federal law enforcement agencies to combat terrorism and violent crime.

"The threats that we face keep accumulating, they are complex, they are varied," Wray said, describing threats from foreign terror organizations and homegrown extremists.

Wray also decried a potential "blind spot" for intelligence gathering if Congress doesn't reauthorize an intelligence surveillance law set to expire at the end of the year. The Foreign Intelligence Surveillance Act allows the government to collect information about militants, people suspected of cybercrimes or proliferation of weapons of mass destruction, and other foreign targets outside the United States. Intelligence and law enforcement officials say the act is vital to national security.

A section of the act permits the government, under the oversight of the Foreign Intelligence Surveillance Court, to target non-Americans outside the United States.

"If it doesn't get renewed or reauthorized, essentially in the form that it already is, we're about to get another blind spot," Wray said.

___

Associated Press writer Sadie Gurman in Washington contributed to this report.
http://www.newstimes.com/business/te...f-12297546.php

Senators Push Bill Requiring Warrant for U.S. Data Under Spy Law
Dustin Volz

A bipartisan group of a dozen U.S. senators introduced on Tuesday legislation that would require the National Security Agency to obtain a warrant for queries of data on Americans under an internet surveillance program.
Senator Ron Wyden (D-OR) speaks with Reuters during an interview in Washington, U.S., May 19, 2017. REUTERS/Joshua Roberts

The effort, led by Democrat Ron Wyden and Republican Rand Paul, would reform other aspects of the warrantless program. The bill is likely to complicate congressional renewal of a portion of a spying law due to expire on Dec. 31.

U.S. intelligence officials value Section 702 of the Foreign Intelligence Surveillance Act as a vital tool for fighting national and cyber security threats and helping to protect American allies.

It allows U.S. intelligence agencies to eavesdrop on and store vast amounts of digital communications from foreign suspects living outside the United States.

The surveillance program, classified details of which were exposed in 2013 by former NSA contractor Edward Snowden, also incidentally scoops up communications of Americans, including if they communicate with a foreign target living overseas.

Those communications can then be subject to searches without a warrant, including by the Federal Bureau of Investigation. The USA Rights Act authored by Wyden and Paul would end that practice.

The measure was introduced with support from a wide berth of more than 40 civil society groups, including the American Civil Liberties Union and FreedomWorks. A companion bill was also introduced in the House of Representatives.

It would renew Section 702 for four years with additional transparency and oversight provisions, such as allowing individuals to more easily raise legal challenges against the law and expand the oversight jurisdiction of the Privacy and Civil Liberties Oversight Board, a government privacy watchdog.

Earlier this month, a bipartisan group in the House of Representatives introduced legislation to add privacy protections to Section 702, including partially restricting the FBI’s ability to access U.S. data when investigating a crime. Privacy groups criticized that plan as too narrow.

Separately, the Senate Intelligence Committee was expected to vote on Tuesday on a bill to reauthorize Section 702. A private vote was scheduled, which is often the practice on intelligence legislation. Privacy advocates complained that bill would not reform the process, and Wyden sent a letter on Monday urging committee leaders to allow a public vote.

Wyden said the bill “will have enormous impact on the security, liberty, and constitutional rights of the American people” and should be debated in the open.

Reporting by Dustin Volz; Editing by Leslie Adler and David Gregorio
https://www.reuters.com/article/us-u...-idUSKBN1CT2O5

Kaspersky Says it Obtained Suspected NSA Hacking Code from U.S. Computer
Joseph Menn

Moscow-based Kaspersky Lab on Wednesday acknowledged that its security software had taken source code for a secret American hacking tool from a personal computer in the United States.

The admission came in a statement from the embattled company that described preliminary results from an internal inquiry it launched into media reports that the Russian government used Kaspersky anti-virus software to collect National Security Agency technology.

While the explanation is considered plausible by some security experts, U.S. officials who have been campaigning against using Kaspersky software on sensitive computers are likely to seize on the admission that the company took secret code that was not endangering its customer to justify a ban.

Fears about Kaspersky’s ties to Russian intelligence, and the capacity of its anti-virus software to sniff out and remove files, prompted an escalating series of warnings and actions from U.S. authorities over the past year. They culminated in the Department of Homeland Security last month barring government agencies from using Kaspersky products.

In a statement, the company said it stumbled on the code a year earlier than the recent newspaper reports had it, in 2014. It said logs showed that the consumer version of Kaspersky’s popular product had been analyzing questionable software from a U.S. computer and found a zip file that was flagged as malicious.

While reviewing the file’s contents, an analyst discovered it contained the source code for a hacking tool later attributed to what Kaspersky calls the Equation Group. The analyst reported the matter to Chief Executive Eugene Kaspersky, who ordered that the company’s copy of the code be destroyed, the company said.

“Following a request from the CEO, the archive was deleted from all our systems,” the company said. It said no third parties saw the code, though the media reports had said the spy tool had ended up in Russian government hands.

The Wall Street Journal said on Oct. 5 that hackers working for the Russian government appeared to have targeted the NSA worker by using Kaspersky software to identify classified files. The New York Times reported on Oct. 10 that Israeli officials reported the operation to the United States after they hacked into Kaspersky’s network.

Kaspersky did not say whether the computer belonged to an NSA worker who improperly took home secret files, which is what U.S. officials say happened. Kaspersky denied the Journal’s report that its programs searched for keywords including “top secret.”

The company said it found no evidence that it had been hacked by Russian spies or anyone except the Israelis, though it suggested others could have obtained the tools by hacking into the American’s computer through a back door it later spotted there.

The new 2014 date of the incident is intriguing, because Kaspersky only announced its discovery of an espionage campaign by the Equation Group in February 2015. At that time, Reuters cited former NSA employees who said that Equation Group was an NSA project.

Kaspersky’s Equation Group report was one of its most celebrated findings, since it indicated that the group could infect firmware on most computers. That gave the NSA almost undetectable presence.

Kaspersky later responded via email to a question by Reuters to confirm that the company had first discovered the so-called Equation Group programs in the spring of 2014.

It also did not say how often it takes uninfected, non-executable files, which normally would pose no threat, from users’ computers.

Former employees told Reuters in July that the company used that technique to help identify suspected hackers. A Kaspersky spokeswoman at the time did not explicitly deny the claim but complained generally about “false allegations.”

After that, the stories emerged suggesting that Kaspersky was a witting or unwitting partner in espionage against the United States.

Kaspersky’s consumer anti-virus software has won high marks from reviewers.

It said Monday that it would submit the source code of its software and future updates for inspection by independent parties.

Reporting by Joseph Menn in San Francisco; Editing by Jim Finkle and Eric Auchard
https://uk.reuters.com/article/us-us...-idUKKBN1CU0TN

NSA Contractor Leaked US Hacking Tools by Mistake, Kaspersky Says

User downloaded malware while pirating Microsoft Office before running virus scan on machine containing confidential software, says Russian firm’s founder
Alex Hern

An incredible sequence of security mistakes led to a US National Security Agency contractor leaking his own confidential hacking tools to Russian cybersecurity firm Kaspersky Lab, the Moscow-based company has alleged.

The claim comes as part of an internal investigation into allegations that the company helped Russian spies discover and steal the NSA files, by locating and flagging the contractor.

Kaspersky Lab does not dispute that it discovered hacking tools on the computer of a user of one of its consumer antivirus products. But the timeline it lays out is one of multiple serious security errors on the part of the user, believed to be an NSA contractor.

According to Kaspersky’s report, the contractor was using the company’s home antivirus software when it detected a piece of malware attributed to the “Equation Group” (the security firm’s internal codename for what is believed to be the NSA’s hacking team) on 11 September 2014.

Some time after that, the contractor apparently disabled the Kaspersky antivirus software, the company says, but is unable to pinpoint the exact date as that information is not logged. On 4 October 2014, it appears that the contractor turned the antivirus software back on – because he had downloaded and installed some malware while trying to pirate Microsoft Office.

“The user appears to have downloaded and installed pirated software on his machines, as indicated by an illegal Microsoft Office activation key generator,” Kaspersky says. “The malware dropped from the trojanised keygen was a full blown backdoor, which may have allowed third parties access to the user’s machine.”

When the user turned his antivirus software back on, and “scanned the computer multiple times”, it correctly detected and blocked the malware. But it also detected some NSA hacking tools, again flagging them as malware. This time, because the hacking tools were “new variants”, the antivirus made use of a second security feature that the contractor had enabled, uploading the file to Kaspersky Lab for analysis.

Speaking to the Guardian, Eugene Kaspersky, the company’s founder and chief executive, said that from there, the issue was elevated directly to him. “The analyst who received the archive reported it to me and the decision was made to delete the archive from all the company’s systems. Nothing was shared with anyone and no further detections from this user have been received.”

Kaspersky Lab’s narrative matches with the initial allegations in a number of ways, but leaves some puzzling discrepancies. For one, the initial report by the Wall Street Journal alleged the events occurred in 2015; Kaspersky describes a the series of events as happening in late 2014.

But the bigger unknown is whether and how Kaspersky’s acknowledged discovery and acquisition of NSA hacking tools resulted in Russian intelligence agencies discovering the NSA contractor, and targeting him for further, apparently successful, attacks.

Mr Kaspersky vehemently denies the allegation. “No credible evidence has been presented to substantiate the claim of the company’s involvement in the alleged incident,” he said.

In an earlier statement, Mr Kaspersky had implied that a successful hack of Kaspersky Lab’s systems by Russian spies might have resulted in the breach; now, he has gone back on that theory too. “If there is any indication that the company’s systems may have been exploited, we respectfully request relevant parties to responsibly provide the company with verifiable information,” he said.

Kaspersky Lab has acknowledged being hacked by a nation state once before: in 2015, it discovered that dozens of machines in its networks had been infected by the Duqu 2.0 spyware, which is believed to be linked to Israel.

“We are confident that we have identified and removed all the infections that happened during that incident,” Eugene Kaspersky now says. “Furthermore, Kaspersky Lab publicly reported the attack, and the company offered its assistance to affected or interested organisations to help mitigate this threat.”

On Monday, Kaspersky Lab announced a new initiative to try and win back some of the trust lost as a result of the allegations. The “global transparency initiative” sees it opening up the source code to its software to a panel of independent experts, as well as submitting to a full audit of its internal security practices.

“Trust is essential in cybersecurity,” said Mr Kaspersky, “which depends on collaboration between vendors, researchers, clients.” That trust is also crucial because of the nature of antivirus programs, which must be given total access to the user’s computer, and the ability to check back with a central server to update definitions, to do their job effectively.

That efficacy is what Kaspersky hopes to renew focus on. “I always choose the best. With cybersecurity any trade-offs in favour of origin, price or any other feature may lead to unpredictable and sad consequences.

“As a result of a single successful cyber-attack a person may lose all data, a critical infrastructure may stop working and even lead to human casualties. In my opinion cybersecurity tolerates no compromises.”
https://www.theguardian.com/technolo...crosoft-office

Researchers Warn of New Botnet that Could Take Down the Internet

The Reaper botnet is far more dangerous than Mirai, which took down Twitter, Netflix, and Reddit
William Gayde

Security group Check Point Research claims to have discovered a rapidly growing and evolving botnet which they believe could eventually take down the internet. This botnet consists of millions of internet connected devices, better known as the Internet of Things. They have compared its strength to the now infamous Mirai botnet, but believe it will dwarf Mirai in its speed and growth.

This latest threat has been called the Reaper botnet and makes other attacks look childish. Mirai worked by infecting unsecured devices with default passwords to add them to the botnet. The Reaper works by actively hacking and infiltrating millions of devices around the globe. Wired described it as "the difference between checking for open doors and actively picking locks."

The Reaper malware contains some of the Mirai source code, but has greatly expanded its risk and potential. Rather than guessing common passwords, Reaper uses known vulnerabilities to inject its code into the victim. This allows it to grow at a much faster rate.

The malware has already been discovered on 60% of networks monitored by Checkpoint. Vulnerable hardware includes devices from GoAhead, D-Link, TP-Link, Netgear, AVTech, MikroTik, Linksys, Synology, and some portions of Linux. Many of these device manufacturers have released patches for the vulnerabilities, but most users don't apply them.

There are millions of devices already running the Lua-based software that will allow the botnet owners to load their attack modules. There have been no reported uses of the botnet, but the code shows it's in standby waiting for a signal to start the volley of DDoS attacks.

Mirai had a bandwidth exceeding 1Tbps and was able to bring down sites like GitHub, Twitter, Reddit, Netflix, and Airbnb. Reaper is far more sophisticated and has the potential to launch attacks on a scale never seen before experts warn.
https://www.techspot.com/news/71514-...-internet.html

Bad Rabbit: Ten Things You Need to Know about the Latest Ransomware Outbreak

It's the third major outbreak of the year - here's what we know so far.
Danny Palmer

A new ransomware campaign has hit a number of high profile targets in Russia and Eastern Europe.

Dubbed Bad Rabbit, the ransomware first started infecting systems on Tuesday 24 October, and the way in which organisations appear to have been hit simultaneously immediately drew comparisons to this year's WannaCry and Petya epidemics.

Following the initial outbreak, there was some confusion about what exactly Bad Rabbit is. Now the initial panic has died down, however, it's possible to dig down into what exactly is going on.

1. The cyber-attack has hit organisations across Russia and Eastern Europe

Organisations across Russian and Ukraine -- as well as a small number in Germany, and Turkey -- have fallen victim to the ransomware. Researchers at Avast say they've also detected the malware in Poland and South Korea.

Russian cybersecurity company Group-IB confirmed at least three media organisations in the country have been hit by file-encrypting malware, while at the same time Russian news agency Interfax said its systems have been affected by a "hacker attack" -- and were seemingly knocked offline by the incident.

Other organisations in the region including Odessa International Airport and the Kiev Metro also made statements about falling victim to a cyber-attack, while CERT-UA, the Computer Emergency Response Team of Ukraine, also posted that the "possible start of a new wave of cyberattacks to Ukraine's information resources" had occurred, as reports of Bad Rabbit infections started to come in.

At the time of writing, it's thought there are almost 200 infected targets and indicating that this isn't an attack like WannaCry or Petya was -- but it's still causing problems for infected organisations.

"The total prevalence of known samples is quite low compared to the other "common" strains," said Jakub Kroustek, malware analyst at Avast.

2. It's definitely ransomware

Those unfortunate enough to fall victim to the attack quickly realised what had happened because the ransomware isn't subtle -- it presents victims with a ransom note telling them their files are "no longer accessible" and "no one will be able to recover them without our decryption service".

Victims are directed to a Tor payment page and are presented with a countdown timer. Pay within the first 40 hours or so, they're told, and the payment for decrypting files is 0.05 bitcoin -- around $285. Those who don't pay the ransom before the timer reaches zero are told the fee will go up and they'll have to pay more.

The encryption uses DiskCryptor, which is open source legitimate and software used for full drive encryption. Keys are generated using CryptGenRandom and then protected by a hardcoded RSA 2048 public key.

3. It's based on Petya/Not Petya

If the ransom note looks familiar, that's because it's almost identical to the one victims of June's Petya outbreak saw. The similarities aren't just cosmetic either -- Bad Rabbit shares behind-the-scenes elements with Petya too.

Analysis by researchers at Crowdstrike has found that Bad Rabbit and NotPetya's DLL (dynamic link library) share 67 percent of the same code, indicating the two ransomware variants are closely related, potentially even the work of the same threat actor.

4. It spreads via a fake Flash update on compromised websites

The main way Bad Rabbit spreads is drive-by downloads on hacked websites. No exploits are used, rather visitors to compromised websites -- some of which have been compromised since June -- are told that they need to install a Flash update. Of course, this is no Flash update, but a dropper for the malicious install.

Infected websites -- mostly based in Russia, Bulgaria, and Turkey -- are compromised by having JavaScript injected in their HTML body or in one of their .js files.

5. It can spread laterally across networks...

Much like Petya, Bad Rabbit comes with a potent trick up its sleeve in that it contains an SMB component which allows it to move laterally across an infected network and propagate without user interaction, say researchers at Cisco Talos.

What aids Bad Rabbit's ability to spread is a list of simple username and password combinations which it can exploit to brute-force its way across networks. The weak passwords list consists of a number of the usual suspects for weak passwords such as simple number combinations and 'password'.

6. ... but it doesn't use EternalBlue

When Bad Rabbit first appeared, some suggested that like WannaCry, it exploited the EternalBlue exploit to spread. However, this now doesn't appear to be the case.

"We currently have no evidence that the EternalBlue exploit is being utilized to spread the infection," Martin Lee, Technical Lead for Security Research at Talos told ZDNet.

7. It may not be indiscriminate

At the same point following the WannaCry outbreak, hundreds of thousands of systems around the world had fallen victim to ransomware. However, Bad Rabbit doesn't appear to indiscriminately infecting targets, rather researchers have suggested that it only infects selected targets.

"Our observations suggest that this been a targeted attack against corporate networks," said Kaspersky Lab researchers.

Meanwhile, researchers at ESET say instructions in the script injected into infected websites "can determine if the visitor is of interest and then add content to the page" if the target is deemed suitable for infection.

However, at this stage, there's no obvious reason why media organisations and infrastructure in Russia and Ukraine has been specifically targeted in this attack.

8. It isn't clear who is behind it

At this time, it's still unknown who is distributing the ransomware or why, but the similarity to Petya has led some researchers to suggest that Bad Rabbit is by the same attack group -- although that doesn't help identify the attacker or the motive either, because the perpetrator of June's epidemic has never been identified.

What marks this attack out is how it has primarily infected Russia - Eastern Europe cybercriminal organisations tend to avoid attacking the 'motherland', indicating this unlikely to be a Russian group.

9. It contains Game of Thrones references

Whoever it behind Bad Rabbit, they appear to be a fan of Game of Thrones: the code contains references to Viserion, Drogon, and Rhaegal, the dragons which feature in television series and the novels it is based on. The authors of the code are therefore not doing much to change the stereotypical image of hackers being geeks and nerds.

10. You can protect yourself against becoming infected by it

At this stage, it's unknown if it's possible to decrypt files locked by Bad Rabbit without giving in and paying the ransom - although researchers say that those who fall victim shouldn't pay the fee, as it will only encourage the growth of ransomware.

A number of security vendors say their products protect against Bad Rabbit. But for those who want to be sure they don't potentially fall victim to the attack, Kaspersky Lab says users can block the execution of file 'c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.' in order to prevent infection.
http://www.zdnet.com/article/bad-rab...ware-outbreak/

How Lobbyists Convinced Lawmakers to Kill a Broadband Privacy Bill

Leaked documents reveal scare tactics that helped ISPs avoid privacy rules.
Jon Brodkin

When a California state legislator proposed new broadband privacy rules that would mirror the federal rules previously killed by Congress, broadband industry lobbyists got to work.

The lobbyists were successful in convincing the state legislature to let the bill die without passage last month, leaving Internet users without stronger rules protecting the privacy of their Web browsing histories.

This week, the Electronic Frontier Foundation (EFF) released documents that lobbyists distributed to lawmakers before the vote. The EFF described one as "an anonymous and fact-free document the industry put directly into the hands of state senators to stall the bill" and the other as "a second document that attempted to play off fears emerging from the recent Charlottesville attack by white supremacists." You can read them here and here.

The California bill, introduced by Assembly-member Ed Chau (D-Monterey Park), was modeled on now-defunct Federal Communications Commission rules and would have required Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing and application usage histories.

Rules would disrupt fight against terror, lobbyists claim

Internet usage histories are valuable to ISPs that want to serve up personalized advertisements. But that's not the argument made in the documents distributed to legislators. Instead, among other things, the documents claimed the rules would present a homeland security threat.

"The bill would bar ISPs from sharing potentially identifiable information with law enforcement in many circumstances," one of the documents claimed. "For example, a threat to conduct a terror attack could not be shared (unless it was to protect the ISP, its users, or other ISPs from fraudulent, abusive, or unlawful use of the ISP's service. AND the bill instructs that all such exceptions are to be construed narrowly."

The second document got more specific, saying that "ISPs who inadvertently learned of a right-wing extremist or other violent threat to the public at large could not share that information with law enforcement without customer approval. Even IP address of the bad actor could not be shared."

Those claims simply aren't true, EFF Legislative Counsel Ernesto Falcon wrote:

There is absolutely nothing true about this statement. AB 375 [the privacy bill] specifically said that an ISP can disclose information without customer approval for any "fraudulent, abusive, or unlawful use of the service." More importantly, it also included what is often referred to as a "catchall provision" by allowing ISPs to disclose information "as otherwise required or authorized by law."

That catchall provision makes a big difference, because existing laws that would not have been disrupted by the privacy bill would have let ISPs continue providing information to police in emergencies, he wrote.

Websites and ISPs joined in opposition

While the documents released this week are anonymous, they expand on claims made previously in a letter signed by AT&T, Comcast, Charter, Frontier, Sprint, Verizon, and some broadband lobby groups. That letter was also signed by advertiser groups such as the Association of National Advertisers and the Data & Marketing Association, as well as the Internet Association, which represents Internet companies such as Facebook and Google.

Chau's bill would not have imposed requirements on websites, but the Internet Association was apparently worried that the restrictions would eventually spread beyond ISPs. We asked Chau today if he knows who was spreading the documents to legislators and will provide an update if we get one.

Through their membership in the Internet Association, "Google and Facebook locked arms with AT&T, Verizon, and Comcast to oppose this critical legislation," Falcon wrote. "What is worse, they didn’t just oppose the bill, but lent their support to a host of misleading scare tactics."

“The great, fake pop-up scare”

One of the two lobbyist documents released this week responded directly to the EFF's arguments, comparing what the EFF called a "myth" to the "facts" as determined by lobbyists trying to kill the privacy bill.

For example, the EFF had called it a myth that the bill would inundate Internet users with pop-ups asking for permission to have their data used. Consumers would only have to consent to information sharing once, "not every time they use the Internet," the EFF argued.

But according to lobbyists, "new requests for consent would be required for any use not specifically included in the initial request for consent. This would likely annoy consumers."

Falcon called this "the great, fake pop-up scare." While the bill would have required getting customers' permission before monetizing customers' Internet usage history, "it did not mandate that people have to constantly receive pop-ups to obtain that consent," Falcon wrote. "In fact, once you said no, they couldn’t keep asking you over and over again without violating this law and likely laws that regulate fraud and deceptive acts by businesses."

If you agreed to information sharing and the ISP changed the terms of that agreement, "they would have to ask your permission again," he noted. But that ensures that ISPs can't "sneak through new invasions of privacy" without telling customers first, he wrote.

The EFF expects further battles to enact privacy laws in 2018 and said it "plan[s] to make sure that every legislator who was bamboozled by companies like Google, Facebook, Comcast, and AT&T is given the facts."
https://arstechnica.com/tech-policy/...old-lawmakers/

Michigan Lawmaker Flees Twitter After Reports Highlight She Helped AT&T Push Anti-Competition Broadband Law
Karl Bode

Last week we noted how Freshman Michigan Representative Michele Hoitenga has been pushing a broadband competition-killing bill she clearly neither wrote nor understands. The industry-backed bill, HB 5099 (pdf), would ban Michigan towns and cities from using taxpayer funds to build or operate community broadband networks, and would hamstring these communities' abilities to strike public/private partnerships. The bill is just the latest example of broadband industry protectionist laws ISPs ghost write, then shovel unobstructed through the corrupt state legislative process.

ISPs want to have their cake and to eat it too; they don't want to upgrade or deploy broadband into rural or lower income areas, but they don't want others to either. Why? Because these communities might highlight how there's creative, collaborative alternatives to the duopoly status quo we all despise. And they certainly don't want added outside pressure disrupting the good thing (read: duopoly regulatory capture resulting in no competition and higher rates) they've enjoyed for the better part of a generation.

While companies like AT&T could deter towns and cities from looking for creative alternatives by offering better, cheaper service, it's much less expensive to throw money at lawmakers who, with the help of groups like ALEC, craft and pass laws protecting their regional mono/duopolies. All while pretending that their only real motivation is to protect the taxpayer, of course.

And while this process has played out in dozens of states repeatedly over the last fifteen years (more than twenty states have let ISPs write similar state laws), Hoitenga's lack of experience provided a closer look at the often-grotesque process. As we noted last week, Hoitenga doesn't appear to even remotely understand how the broadband industry works, from her belief that Michigan residents had 37 different ISPs to choose from, to her argument that letting giant ISPs dictate what locals can do in their own communities somehow...helps the little guy.

As the press began to politely highlight how Hoitenga should probably actually understand the industry she's legislating and the bill she's supporting, the lawmaker refused to comment -- and instead chose to flee Twitter:

The Michigan lawmaker who is trying to ban municipal broadband doesn't seem to enjoy Twitter so much anymore https://t.co/M3CqqXQFps pic.twitter.com/Jr7s1odfhk

— Jorb S. Pumpkins (@jbrodkin) October 21, 2017

For added protection, she blocked my account specifically from following her whatsoever:

That should certainly fix the problem, right? While it's unclear which giant ISP wrote the bill Hoitenga couldn't bother to understand, AT&T has been particularly active on this front over the last decade and is the most likely culprit. And based on a quick look at campaign financing and lobbying disclosures, Hoitenga's fealty to the status quo appears to have come relatively cheap for the multi-billion dollar media, television and telecom conglomerate:

Campaign finance records reviewed by IBT show that two of her largest campaign contributors are AT&T Michigan and the Telecommunications Association of Michigan (TAM): AT&T gave her campaign $1,500 while TAM provided her with $3,500 — large amounts for a first term state representative. The Michigan Cable Telecommunications Association — a separate entity from TAM — gave Hoitenga’s campaign $1,000.

According to state lobbying records reviewed by IBT, Hoitenga met and dined with TAM lobbyists during the first half of the year. Michigan’s lobbying disclosures are filed every six months, so it is currently unknown if TAM lobbyists has met with Hoitenga since June. The $142.82 spent to take Hoitenga out for a meal appears to be the only food and beverage expense TAM has disclosed in conjunction with its lobbying since 2001 , as far back as online lobbying records go.

Again, why bother to offer better and cheaper broadband service when you can quite literally buy protectionist state law for a few thousand dollars and some duck a l'orange?

Update: While Hoitenga has since restored public access to her Twitter account, I remain blocked. She has subsequently tried to claim on Facebook that the accounts she blocked were issuing threats against her and her family. For the record I asked Hoitenga one, entirely civil question.
https://www.techdirt.com/articles/20...band-law.shtml

Big Telecom Spent $200,000 to Try to Prevent a Colorado Town From Even Talking About a City-Run Internet

Fort Collins, Colorado is set to vote on a ballot measure that would open the door for municipal broadband, and Big Telecom is fighting mad.
Kaleigh Rogers

Politics is an expensive game, but when an oligopoly is at stake, there's no price tag too high for Big Telecom. In Fort Collins, Colorado—a town of about 150,000 north of Denver—Big Telecom has contributed more than $200,000 to a campaign opposing a ballot measure to simply consider a city-run broadband network. It's the latest example of how far Big Telecom is willing to go to prevent communities from building their own internet and competing with the status quo.

"It's been wild," said Glen Akins, a Fort Collins advocate for municipal broadband. "We're overwhelmed by the amount of money the opposition is spending."

When the residents of Fort Collins vote on November 7 they'll have a couple of ballot measures to consider, including one on city-run internet. If that measure is approved, Fort Collins will be able to change the city charter to allow it to run a municipal broadband utility. This doesn't mean it will happen for sure, and the city still hasn't finalized what that utility would look like, but it opens the door to further discussions.

It's part of a process that is necessary because Colorado is one of 23 states that have laws restricting the development of municipally owned broadband (all of which have been lobbied for by telecom companies). Colorado's law can be bypassed with a ballot measure, and in recent years this action has become particularly popular. Last year, 26 communities in Colorado voted on municipal broadband measures—all of them passed, meaning those municipalities can now explore building their own networks. In total, more than 100 communities in Colorado have voted in favor of measures to bypass the state's restriction. Fort Collins passed this hurdle in 2015, and the new vote would take the next step of amending the town charter.

But there are surprisingly strong forces at play lobbying against the Fort Collins measure, and funding a campaign that includes TV and radio ads, Google search ads, and flyers.

The biggest contributor to the anti-municipal broadband measure is the Colorado Cable Telecommunications Association, a trade group representing the traditional telecom providers in the state.

"We are involved in the chamber of commerce and in the Colorado Cable Telecommunications Association," Leslie Oliver, Comcast's director of external communications for its west division, told me over the phone.

The CCTA forked over $125,000 to Priorities First Fort Collins, the anti-municipal broadband campaign, according to filings published Wednesday. But there's also been a $85,000 contribution from Citizens for a Sustainable Economy, a local nonprofit run by the city's Chamber of Commerce, which include local provider CenturyLink as a member.

"There are two explanations: one is that all of the cable companies in the state feel very strongly about drawing a line in the sand now, after 100 communities have already made this decision," Christopher Mitchell, Community Broadband Networks initiative director at the Institute for Local Self-Reliance, said over the phone. "Or Comcast is the one pushing it, and we've seen that in countless states before."

Oliver told me Comcast had not made any public statements about the ballot measure. Motherboard reached out to Centurylink but did not receive an immediate response.

The "no" campaign's main argument is that the city shouldn't waste money on projects like a municipal broadband network where there are other, more important, issues at hand. But the ads don't seem to acknowledge that if Fort Collins did decide to go forward with city-run internet—at an estimated cost of $150 million—it would be funded through utility bonds, which wouldn't be available to use on other issues, like road repairs.

"The broadband budget is going to be funded 100 percent through subscriber fees," Atkins noted. "If you don't build the network, it doesn't magically create $150 million to spend on something else."

And, again, the ballot measure is just to open the door to possibility; Why put so much effort and money into a campaign against starting a conversation?

But Big Telecom has a history of opposing municipal broadband initiatives. It has gone to extreme lengths, from suing the FCC to throwing around money in local elections, including in nearby Longmont, Colorado. In 2011, a remarkably similar anti-muninet campaign, also supported by the CCTA, spent more than $300,000 to oppose a ballot measure in Longmont. But Longmont residents voted in favor of the measure, and the town's municipal broadband network lit up in 2014.

Akins is eagerly awaiting November, when the city will find out if voters followed in Longmont's footsteps. He told me his totally unofficial guesstimate: the measure will pass, but just barely.
https://motherboard.vice.com/en_us/a...y-run-internet

How Australia's A$49bn Internet Network Came to be Ridiculed
Trevor Marshallsea

In 1872, rugged, frontier Australia was lauded for overcoming the tyranny of distance to connect itself to the world via the "bush telegraph", a two-year project stringing 3,200km (2,000 miles) of wire through the outback that became part of the nation's folklore.

By contrast today, while striving to be seen as an "innovation nation", Australia stands condemned, even ridiculed, for its latest drive for connectivity: a modern, fast internet network.

Three letters - NBN - have come to strike dread into the minds of consumers, with the National Broadband Network symbolising for many a template in how not to do things.

Given Australia's large size and sparse population density of three people per square kilometre, the NBN is the country's largest ever infrastructure project.

The total budget sits at A$49bn (£29bn; $38bn). Of that budget, around 35% must be spent connecting the final 10% of users, including wiring to remote areas, erecting many of the required 2,600 wireless towers and, most expensively, putting two satellites in the sky.

This week, Prime Minister Malcolm Turnbull called the NBN a mistake and a "calamitous train wreck" by a previous Labor government. Former Prime Minister Kevin Rudd hit back by saying the project's issues "lie all on your head" - meaning the current conservative government.

The escalating blame game, the NBN's slow roll-out, and a switch to inferior technology midstream have combined with other factors to leave Australians frequently asking the question: Why is our internet so slow?

@NBN_Australia Finally got NBN setup. Extremely disappointed. Paid for plan at 100mbps download. Told my max line speed is only 39mbps......
— Lucas Atkins (@UberLucas) October 23, 2017

Report

End of Twitter post by @UberLucas

I live in one the most densely populated neighbourhoods in Australia, and @NBN_Australia isn't available in my 50-unit building. It's a joke
— Doom Knightmare ��️�� (@domknight) October 23, 2017

Report

End of Twitter post by @domknight

Actually, I think the NBN has been a great suc

[LOADING...]

[....]

[.......]

[.............]

cess
— Kara Schlegl (@karaschlegl) October 23, 2017

Report

End of Twitter post by @karaschlegl

In 2013, Australia ranked 30th for average internet speeds. The NBN was meant to improve that, but the most recent standings ranked Australia 50th.

The State of the Internet survey by US internet firm Akamai put Australia - with an average of 11.1 Mbps (megabits per second) - behind countries including Kenya, Hungary and Russia. And while it promotes itself as part of go-ahead Asia, Australia sits only eighth in the region, behind neighbours such as Thailand (21st overall) and New Zealand (27th).

Some comparisons are misleading. Only 1.75% of Kenyan homes have fixed-line internet, compared with 90% in Australia. For many, particularly inner-city Australians on the best NBN technology, fixed-line speeds are adequate, particularly if you pay more.

But there's no escaping Australia has been overtaken by many countries on the internet table.

What's worse is that with many of those connected to the NBN reporting no improvement over old ADSL connections, of the homes equipped to take the new service, only 40% have chosen to do so. In business, and international competitiveness, the fears are perhaps more serious.

NBN by the numbers

A$49bn The current estimated cost of building the network

2007 The year the project was announced

2020 When the rollout is expected to be completed

A$91,196 The cost of connecting one remote property

159% The rise in complaints since last financial year

"Going lower in ranking is alarming, and just not acceptable," says University of Sydney academic Dr Tooran Alizadeh, who has researched the NBN extensively and, like others, worries Australia's best minds will be lost to countries with better technology.
"Australia wants to be in the first 10 or so economies in the world. Obviously if you want to do that your internet access cannot be ranked 50th."

The history

In 2007, Mr Rudd announced 98% of Australian homes would be on the NBN by 2020. It was a breathtakingly ambitious idea. It was also, according to critics, backed by inadequate research into logistics and costs, initially put at A$15bn.

The natural starting point was Australia's oldest telecom company, Telstra. Elsewhere, countries like New Zealand simply used the infrastructure already laid by their major telecom company to install fast internet cabling. But Telstra, halfway privatised at the time, clashed with regulators over how it might onsell broadband access to its competitors, and so pulled out of the running to build the network.

Eventually, the government announced it would simply start a whole new semi-autonomous company from scratch. Called the NBN, it would set up the infrastructure to connect Australians with state-of-the-art fibre optic cables to their homes, selling bandwidth wholesale to retailers.

Progress was slow, sporadic, and expensive.

With Australia's preference for underground wiring, often concrete driveways would have to be dug up and relaid. Costs thus blew out for connecting houses from an envisaged average of A$4,400 to, in some cases, more than A$20,000, an NBN spokesman says.

Complaints soon arose over why some regions were connected before others, with schools and hospitals, for example, getting very unequal standards of internet quality. Accusations of government pork-barrelling, however, were wide of the mark.

"The government just wanted progress, so it became a matter of which places were easiest and quickest to connect," one source with intimate knowledge of the subject told the BBC. "Often this came down to issues like basic geology - where was the rock easiest to drill through?"

After the conservative government attained power in 2013, the NBN struck more upheaval, with copper wire ordered for the final stretches of connection, surrounding neighbourhood broadband nodes.

This presents a slower connection to the twice-as-expensive fibre optics. It also means residents, say 400 metres from the node, will have slower internet than a neighbour a few doors away. Critics also charge it's a false saving, since copper wire needs replacing far earlier than fibre optics.

Complaints and competition

Then came the NBN's high pricing to retailers, who buy limited supply to pass on to consumers, which leaves so many Australians staring in frustration while buffering or, worse still, service drop-outs occurring each peak hour.

"NBN has worked hard to bring the cost of bandwidth down but we cannot fill the pipes ourselves - it is up to the retailers to make sure that they are buying enough capacity to deliver a good quality of service," an NBN spokesman told the BBC.

Yet another complication is the number of retailers - 180 - making it hard for the NBN to police quality control for end users.

"We've had huge problems getting our house connected to the footpath node," says Matt Grant, a factory manager in suburban St Clair, just 39km from central Sydney. "But when I complained to the retailer, they told me to talk to the NBN. When I talked to the NBN, they sent me back to the retailer."

He was eventually connected, but said "it's no better than we had with ADSL, especially in peak times".

Last week, Australia's Telecommunications Industry Ombudsman revealed there had been a 159% increase in NBN-related complaints in the last financial year.

NBN chief executive Bill Morrow told the Australian Broadcasting Corp this week that it "turns [his] stomach" that some customers were being left behind, but he placed blame on retailers, and said the government would ultimately decide when to replace copper connections. He also noted increasing competition from mobile broadband technology.

"Look, it is a competitive environment, but I just want to repeat we are doing everything we can to ensure the NBN delivers a great service," he said.

The network says it's still on target to have 98% of homes connected by 2020, but Australia's internet malaise will still take some solving.

There's hope of improvement, but not until base prices can come down as the NBN gradually recoups its massive expenditure. And despite the political finger-pointing, Mr Turnbull's government insists the network will be "fit for purpose".

"Australia needs a 21st Century broadband network and this is not being delivered," said Laurie Patton, executive director of consumer advocacy group Internet Australia.

"The way we're heading now, whoever is in office in 2020 will have to deal with our biggest ever national infrastructure debacle."
http://www.bbc.com/news/world-australia-41577003

T-Mobile Gains More Ground as Sprint Merger Nears

The carrier boasts another strong quarter, but everyone's just wondering when its deal with Sprint will go down.
Roger Cheng

Outspoken T-Mobile CEO John Legere is playing it low-key this time.

On Monday, the "Un-carrier" posted third-quarter results -- usually a chance for Legere to jump on a conference call to crow about the company's performance or to bash its competitors. But aside from a seven-minute video Q&A segment and a quote in a press release, Legere is remaining mum.

That's because T-Mobile is that close to a deal to merge with Sprint, and Legere & Co. would probably like to avoid questions they wouldn't be able to answer.

"With all the rumors and speculation out there, we decided that we wanted to make sure you all saw and focused the Q3 results, and not just on the rumors and speculation that seem fill the news every day," Legere said in the video blog.

T-Mobile and Sprint, and their respective parents, German carrier Deutsche Telekom and Japanese carrier SoftBank, all still expect to announce a deal, according to a person familiar with the talks. Bloomberg reported on Thursday that the merger would be delayed for a few weeks.

So for now, T-Mobile is focusing on its quarterly results, which saw the nation's third-largest carrier add 595,000 postpaid phone subscribers, or customers who pay at the end of the month and typically boast higher bills and credit scores. It added a total of 817,000 postpaid customers when factoring in other connected devices like tablets and wearables.

The results mark the seventh quarter in which T-Mobile has led the rest of the industry in postpaid growth, a product of aggressive marketing and a continued rollout of perks. The company has continued to turn heads with freebies like its T-Mobile Tuesday giveaway program, free international data and its all-in, tax-free pricing. Its latest deal gives Netflix away to family customers on its unlimited data plan.

The moves have benefited consumers even if they aren't with T-Mobile. Verizon has reintroduced an unlimited data plan, and AT&T bundles HBO with its unlimited data offering. Sprint offers a year of service for free.

That competitive spirit has had an impact on T-Mobile's results, which marked a decline from a year ago. T-Mobile blamed rival promotions, a split in the release of the iPhones (the iPhone X is due to hit markets next month) and the impact from a series of hurricanes that struck the US.

The big question is whether things change with a T-Mobile-Sprint merger. Critics warn that the industry may get less competitive, resulting in fewer perks and discounts for consumers. Integrating two national carriers may also prove to be a distraction for the combined company. Sprint itself is the product of a disastrous merger between the original Sprint and Nextel.

T-Mobile has the benefit of a strong track record of execution.

In total, T-Mobile added a net 1.3 million new customers in the period, the 18th straight quarter in which it exceeded the 1 million mark. It also raised its 2017 forecast range for new subscriber growth to 3.3 million to 3.6 million, up from 3 million to 3.6 million.

The company posted a third-quarter profit of $550 million, or 63 cents a share. Revenue rose 8 percent to $10 billion.

Analysts, on average, had forecast earnings of 46 cents a share and revenue of $10.01 billion, according to Yahoo Finance.

T-Mobile shares rose 1.9 percent to $61.60 in premarket trading.
https://www.cnet.com/news/t-mobile-g...-merger-nears/

AT&T Loses Record 385,000 Traditional Pay-TV Subscribers in Q3, Posts Gains for DirecTV Now
Todd Spangler

AT&T’s DirecTV and U-verse TV businesses were hammered in the third quarter of 2017, while the telco’s over-the-top DirecTV Now service delivered its biggest quarterly increase since launching less than a year ago.

The company reported a record quarterly loss of 385,000 traditional pay-TV subs, which AT&T blamed on increased competition from other pay-TV operators and over-the-top services, as well as implementing stricter credit standards and “hurricane disruptions.” That was partially offset by 296,000 net adds for the DirecTV Now service.

Overall, AT&T saw a net loss of 89,000 video subscribers in the period. At Sept. 30, 2017, AT&T had 25.08 million video subscribers in the U.S., including 787,000 for DirecTV Now. That’s down from 25.92 million a year earlier.

For the fourth quarter, AT&T expects to report a net addition of traditional TV subscribers, CFO John Stephens told investors on the company’s earnings call Tuesday — after a net loss of 969,000 in the first nine months of 2017. Stephens called out AT&T’s bundling strategy with DirecTV, saying wireless-and-TV bundle subscribers have grown 20% since the close of the DirecTV deal, with 6.5 million video customers currently also taking a wireless service. “We only have about a quarter of the video base in these bundles, so we see considerable opportunity in our future,” he said.

AT&T has launched a beta trial for its next-generation TV software platform — expected to launch widely in early 2018 — which will include features like cloud DVR, according to Stephens. He didn’t provide additional details. Variety reported Tuesday that DirecTV is gearing up to introduce an Android TV-based set-top box, described as the “new AT&T/DirecTV Wireless 4K OTT Client,” that will deliver programming via the internet rather than satellite.

Stephens also touted the growth of DirecTV Now, noting it has live local TV channels in more than 75 markets, and said customer acquisition costs for the OTT service are just a fraction of legacy pay-TV services. “We are confident in the direction we are heading,” he said.

Half of DirecTV Now’s customers have come from traditional pay-TV rivals, with 10% from DirecTV or U-verse and the rest representing “cord-nevers,” who have not previously had pay television, Stephens said on the call.

Earlier this month, AT&T warned investors that it was projecting its traditional pay-TV services would shed 390,000 customers in the quarter, with a gain of about 300,000 DirecTV Now OTT subscribers.

Meanwhile, AT&T’s proposed $85 billion takeover of Time Warner remains pending. The companies on Monday said they extended the termination date of the deal “for a short period of time” as they await approval by the U.S. Department of Justice. AT&T says it remains poised to close the Time Warner acquisition by the end of 2017.

“We look forward to closing our acquisition of Time Warner and bringing together premium content with world-class distribution to deliver a better entertainment experience for consumers and more effective targeted advertising,” AT&T chairman and CEO Randall Stephenson said in announcing earnings.

Overall, AT&T reported Q3 revenue of $39.67 billion and earnings per share of 74 cents. Wall Street had expected EPS of 74 cents on revenue of $40.12 billion.

AT&T’s Q3 revenue in the consumer wireless segment was $7.7 billion, down 6.3% year over year. That was due to fewer phone sales and upgrades, as well as a $419 million decline in postpaid service revenue due to AT&T shifting customers to its business segment. It reported 3 million total wireless net adds, including 2.3 million in the U.S.

Revenue in the telco’s entertainment group, which includes DirecTV, broadband and wireline voice, was $12.65 billion, down 0.6%, largely driven by a 19% year-over-year drop in revenue from legacy voice and data services. Video entertainment revenue for Q3 was $9.2 billion, up 1.9%.
http://variety.com/2017/biz/news/att...ss-1202598165/

Charter Sees Revenues Increase, Profits Drop in Third Quarter
Paul Schott

Charter Communications’ revenues rose and profits fell in the past three months as it presses on with the integration of the two companies it acquired last year, according to its third-quarter earnings released Thursday.

Revenues hit $10.46 billion, a 4 percent increase from the total in the same period last year. A $48 million profit represented a nearly 75 percent plunge from the bottom line in the third quarter of 2016. The Stamford-based company attributed the drop to fiscal changes including higher depreciation and amortization, greater interest expenses and fewer gains on financial instruments.

In an earnings call Thursday, Charter officials said they remained bullish about the company’s direction since closing in May 2016 on a $55 billion acquisition of Time Warner Cable and a $10 billion purchase of Bright House Networks. Those deals made Charter the No. 2 cable carrier in the country after Philadelphia-based Comcast.

“We’re creating one company with a unified and centralized operating approach, which puts Charter on a path to grow faster over a multi-year period,” Tom Rutledge, Charter’s CEO and chairman, said on the call. “The integration is going well and remains on schedule.”

Charter now serves about a total of nearly 27 million residences and small and medium-sized businesses. Its customer base in the past quarter grew by around 200,000.

The company’s number of internet and voice customers increased, respectively, by 249,000 and 27,000. But the number of video accounts dropped by 104,000.

“We still think we can grow the video business going forward and expect to grow the video business going forward,” Rutledge said. “It’s true there are many pressures on the video bundle, the biggest pressure being price.”

Hurricanes Harvey and Irma slightly tamped down the company’s earnings in the past quarter, Charter officials said.

Among new initiatives, the company plans to launch its wireless service in 2018, Rutledge said.

Reflecting its growth, the company announced earlier this month that it planned to relocate its Stamford headquarters from its current downtown base at 400 Atlantic St., to what would be a new 500,000-square-foot building at 406 Washington Blvd. Charter plan to makes the move in 2019.

While it continues to expand, the company has weathered recent controversy. It resolved last week a contractual dispute with Viacom, which distributes to Charter about two-dozen channels including Comedy Central, MTV, BET and VH1.

Charter still faces a strike of about 1,800 technicians in New York and New Jersey who are unhappy with the new contract terms that the company has offered.

The company’s shares closed Thursday at about $316, down about 8 percent from their closing total Wednesday.
http://www.newstimes.com/business/ar...n-12309113.php

Wall Street Still Annoyed That Competition Forced Wireless Carriers To Bring Back Unlimited Data Plans
Karl Bode

T-Mobile's loopy idea to try and treat wireless subscribers better (well, if you exclude their attacks on the EFF and net neutrality) has been a great thing for American consumers and wireless sector competition. Thanks to more consumer-friendly policies, T-Mobile has been adding more subscribers per quarter than any other major carrier for several years running. This added competitive pressure recently resulted in both AT&T and Verizon being forced to bring back the unlimited data plans the companies had been insisting for years consumers didn't actually want.

The problem, if you're a wireless carrier or investor, is that AT&T and Verizon are making slightly less money now that they're unable to sock consumers with restrictive caps and overage fees. In fact, wireless sector revenues dipped slightly in the first quarter for the first time in seventeen years, as T-Mobile competition forced carriers to engage in a little more than theatrical non-price competition. Keep in mind these companies are still making some fairly-incredible profits, and their expansion into areas like smart cities and the IOT give them ample opportunity for new revenue streams.

But unlimited data plans returned at the start of the year, and Wall Street firms still can't quite let go of the fact that these industry giants might just have to make a little less money. Cowen and Company Equity Research analyst Colby Synesael simply isn't very happy about this whole competition thing:

"The first quarter of unlimited for all four carriers left much to be desired. Both AT&T and Verizon incurred postpaid losses for the first time on record, a trend that could continue. Verizon specifically had its worst quarter in recent memory with a lackluster performance on nearly all sub metrics. Even T-Mobile’s guidance included a ‘less great’ postpaid net add increase of just +250,000. Combined with continued pricing pressure, AT&T and Verizon are pivoting to new avenues of growth such as Mexico, content, media, IoT and 5G, all of which can’t come soon enough."

Mike McCormack of Jefferies shares similar worries about how the elimination of often-arbitrary usage caps and overage fees means precious wireless industry giants now have to more seriously compete:

"The resurgence of unlimited plans is likely to delay more meaningful ARPU stabilization for multiple quarters due to the loss of overages and plan rightsizing. Impacts to ARPU on an incremental basis (i.e. for new subscribers) will depend on the number of accompanying lines activated. Our analysis suggests a willingness to use price with the hopes that multiline subscribers will churn less frequently. The move to unlimited also diminishes the ability to monetize growing data usage, removing an important lever of growth."

Poor darlings, having to actually compete on price and listen to consumers!

But worry not. Wall Street and these wireless companies have an ingenious solution to the sudden influx of T-Mobile competition: reduce competition through additional sector mergers and acquisitions. Wall Street analysts have been relentlessly fanning the flames of a Sprint acquisition of T-Mobile, which would eliminate one of four major competitors in the space. Sprint owner Softbank has been buttering up the Trump administration for much of the year in the hopes he'll approve a deal that was blocked by regulators in 2014 because it would have reduced competition.

Sprint CEO Marcelo Claure spent this week insisting such a union would create "enormous" synergies, and the fusion of the two companies would let the merged company battle more effectively with the likes of AT&T and Verizon Wireless. Granted if you've spent five minutes with a history textbook (especially one governing the telecom sector), you'll find that these megamergers almost always kill jobs, reduce overall competition, and reduce incentive for consumer service and network improvements. Meaning that if this merger is approved, bringing back unpopular usage caps and overage fees will be a top priority.
https://www.techdirt.com/articles/20...ta-plans.shtml

Verizon-Tied Group Says Killing Net Neutrality Aids Puerto Rico
Karl Bode

A minority organization with funding ties to Verizon this week falsely claimed that killing net neutrality protections would somehow help Puerto Rico recover from Hurricane Maria. Puerto Rico remains in dire straights after the storm, with many still struggling to obtain clean drinking water, and most telecom services not expected to be meaningful restored until sometime next year. As such, the fight over net neutrality is likely the last thing on many Puerto Ricans' minds as they struggled to rebuild after the devastating hurricane.

The Intercept notes that the National Puerto Rican Chamber of Commerce apparently thought it would be a good idea to use the Hurricane to push repeal of the popular consumer protections.

“My organization’s interests -- especially those of small businesses and entrepreneurs in Puerto Rico who now need to be afforded every advantage and opportunity to grow more than ever before -- and our members’ mutual experience have made it clear that the best thing for America’s fragile economy will be for the FCC to continue its plan to repeal the unnecessary regulations,” Justin Vélez-Hagan, executive director and founder of the chamber, wrote in an opinion piece over at the Hill.

Gutting popular consumer protections, Velez-Hagan wrote, would provide “incentive for businesses to invest in Puerto Rico (and others impacted by natural disasters) instead of relying solely on relief packages.”

So one, as we've long noted, industry claims that net neutrality hampered investment are indisputably false, something easily proven by SEC filings, earnings reports, and public executive statements. The idea that killing net neutrality aids Puerto Rico in this moment of crisis is not only absurd, but insulting.

Two, we've noted how one of the greasier lobbying tactics in telecom involves paying minority or diversity groups to parrot policies that actually undermine their constituents. Like when the cable industry paid Jesse Jackson to write an article insisting that efforts to improve cable box competition was akin to racism. Or the time AT&T paid the The Hispanic Institute to insist AT&T's attempted acquisition of T-Mobile -- which would have raised rates for everybody -- was a real boon to minority interests.

These efforts are distasteful but effective, and because there doesn't appear to be any public repercussion for using them, they persist. In this instance, Vélez-Hagan wasn't willing to comment when asked by the Intercept whether Verizon funding helped inform his highly dubious claim that killing consumer protections magically help speed up disaster recovery.
https://www.dslreports.com/shownews/...to-Rico-140591

Verizon Will Stop Throttling Video on Unlimited Plans if You Pay an Extra $10 Per Month

For an added fee, your smartphone won’t be limited to 720p video when using mobile data
Chris Welch

Two months ago, Verizon implemented a change to all of its unlimited data plans that placed limits on the quality at which users could stream video. The company split its unlimited plan into two tiers, with the cheaper option restricting video streaming to 480p resolution; a higher-priced $85 “Beyond Unlimited” plan tops out at 720p video on smartphones (and 1080p on tablets). The new restrictions immediately applied to all plans and Verizon customers had no way of opting out if they wanted to watch 1080p video on their phone or even higher resolutions on capable devices using mobile data. But now Verizon will give subscribers a way to completely remove the video quality handcuffs — for an extra $10 every month.

If you’re willing to pay that $10 charge, you can stream video at the maximum quality supported by any device you’ve got connected to Verizon, whether it’s 1080p, 1440p, or even 4K. But keep in mind that the extra fee is applied per line for anyone on a family plan who wants to lift the limits. Even on a single-line plan, it adds up. Tacking $10 onto Verizon’s Beyond Unlimited ratchets up the monthly price to $95.

The $10 add-on will be available beginning November 3rd.

It’s particularly hard to swallow this extra charge when none of these video streaming constraints existed in the first place on Verizon only three months ago when there was only one unlimited plan, but here we are. You’re paying more money to get back to full quality video.

None of this is a concern when you’re connected to Wi-Fi. And Verizon would tell you that very few customers have been complaining since the 720p ceiling was put in place for smartphones. But this trend of US carriers quietly muddying and restricting mobile video is really starting to feel equal parts annoying and scammy.

How much does it cost to watch full-quality video on T-Mobile?

T-Mobile customers must have the T-Mobile One Plus plan to watch HD video, which starts at $80 / month for a single-line plan. For a full 4-line family plan, it would be $50 per line. The regular T-Mobile One plan is limited to 480p or “DVD quality.”

What about AT&T?

AT&T’s Unlimited Plus plan, which is the one you need for HD video streaming, costs $90 for one line or $50 / line for 4 lines.

And Sprint?

Sprint’s Unlimited Freedom allows video quality streaming up to 1080p on mobile data and starts at $60 per month for a single line. If you want to watch at a higher quality than 1080p, it’s an extra $10 per month.

*Most of these prices include discounts for setting up auto-pay and paperless billing.
https://www.theverge.com/2017/10/25/...eo-quality-fee

O'Reilly Scandal Creates More Headaches for Fox Bid in UK
Danica Kirka

Bill O'Reilly's sexual harassment scandal is causing more headaches for 21st Century Fox's 11.3 billion pound ($14.8 billion) bid to take full control of U.K. cable network Sky Plc.

Revelations that U.S.-based Fox News renewed O'Reilly's contract after he settled a sexual harassment lawsuit for $32 million came just a month after Britain's culture secretary asked competition regulators to review the takeover. Karen Bradley said one of the reasons for her decision was that Fox News' handling of a broader sexual harassment scandal raised concerns about corporate governance at Rupert Murdoch's 21st Century Fox.

Soon after the New York Times broke the story about O'Reilly's contract renewal, a senior member of the British opposition Labour Party said he planned to ask the regulator to reject the takeover.

"More revelations about the corporate culture at 21st Century Fox," Deputy Leader Tom Watson tweeted. "It shouldn't be allowed to take over Sky."

Murdoch's media group wants to buy the 61 percent of Sky it doesn't already own. The takeover values Sky, which broadcasts Premier League soccer, at 18.5 billion pounds.

Bradley in September asked the Competition and Markets Authority to evaluate the takeover in light of Fox's commitment to broadcasting standards and the deal's impact on media plurality in the U.K.

That decision initiated what may be a six-month investigation into Murdoch's drive to consolidate his media empire, bringing renewed attention to the mogul's holdings. With Murdoch already owning the Sun and The Times newspapers, there are concerns that he and his company will wield too much power in Britain.

But the regulator will also look at a variety of other issues to determine whether the merged entity would have a "genuine commitment to broadcasting standards objectives." Among these are allegations that 21st Century Fox's board failed to recognize that sexual harassment was a problem until a Fox News anchor took the issue to court, according to a Sept. 12 letter to the company from the Department for Digital, Culture, Media and Sport, which Bradley heads.

The O'Reilly revelations are giving fresh oxygen to opponents of the takeover. The campaigning group Avaaz said it was amending its submission to the CMA to cast "further doubt" on the takeover.

"While U.K. authorities were assessing their Sky bid, the Murdochs turned a blind eye to yet another O'Reilly sex scandal, then awarded him a multimillion dollar pay rise," said Alex Wilks, Avaaz's campaign director. "This behavior shoots a hole in their claim to have cleaned up their act. We're urging the competition watchdog to obtain full details of Fox's secret settlements and what the Murdochs knew."

The issue has been fraught in Britain. An earlier Murdoch attempt to buy the remaining shares of Sky was scuttled by the 2011 phone-hacking scandal, in which journalists working for Murdoch newspapers were accused of gaining illegal access to the voicemail messages of celebrities, members of the royal family and crime victims.

Murdoch's News Corp. withdrew its bid for Sky in 2012, amid fallout from the scandal. News Corp. in 2013 split itself into two companies, with 21st Century Fox focusing on broadcast and cable television, as well as film and TV studios.

Murdoch shut down the 168-year-old News of the World tabloid at the height of the controversy. The anger over phone-hacking has abated, giving the media empire another shot at consolidating its holdings.

The O'Reilly revelations are unlikely to shock regulators, particularly if 21st Century Fox was careful in disclosing past allegations to authorities as part of the bid.

U.S. settlements are generally much larger than those in Britain in regard to sexual harassment cases, so that alone would not change the situation, said Alice Enders of Enders Analysis, a media expert.

"We're not at a point that we're looking at something that is going to be the smoking gun," she said, adding that the O'Reilly revelations and the eye-watering sum will simply "reinforce existing impressions on questions of corporate governance issues."

But analysts say it is important to point out that all of these reports serve to inform Culture Secretary Karen Bradley, who ultimately will decide whether to approve the deal. Any new information that raises questions about governance and company culture is relevant and must be considered or the government leaves itself open to further legal action.

"Political pressures may be more important," said Damian Tambini, an expert in media communications regulation and policy at the London School of Economics. "In the current political climate, Ms Bradley will be very keen not to be seen as part of a move to excuse a company where there is an alleged culture of sexual harassment, or sweep it under the carpet."

21st Century Fox was not immediately available for comment.
https://apnews.com/deba7c08fff74c2d8...-Fox-bid-in-UK

Journalism’s Broken Business Model Won’t Be Solved by Billionaires
William D. Cohan

Ever since Donald Graham, the heir to the Washington Post, decided to sell the family’s newspaper for two hundred and fifty million dollars, in 2013, to Jeff Bezos, the founder of Amazon and one of the world’s richest men, the preferred solution for a financially struggling publication has been to find a deep-pocketed billionaire, with other sources of income, to buy it and run it more or less as a philanthropic endeavor.

That seemed to be what the Wenners—Jann, the father, and Gus, the son—had in mind, too, when they put Rolling Stone, the iconic magazine founded by the elder Wenner, fifty years ago, up for sale recently. He told the Times that he hoped to find a buyer who understood the magazine’s mission and who had “lots of money.”

But the story of Alice Rogoff and the Alaska Dispatch News is a cautionary tale that shows the limits of what a wealthy owner is willing, or able, to do for a struggling newspaper in the digital era. Rogoff is the wife of David Rubenstein, the billionaire co-founder of the Carlyle Group, the publicly traded, Washington-based private-equity behemoth. Rubenstein, with a net worth estimated by Forbes at nearly three billion dollars, is no stranger to lost causes. He provided $7.5 million to rebuild parts of the Washington Monument, after the 2012 earthquake, as part of his ongoing and iconoclastic “patriotic philanthropy” effort. He provided $18.5 million to restore the Lincoln Memorial. He provided twenty million dollars in cash to restore two buildings on the property at Monticello, the home of Thomas Jefferson, as well as to restore two floors of Jefferson’s home itself. He owns original copies of the Magna Carta, the Declaration of Independence, and the Constitution. He has a copy of the Emancipation Proclamation and the Thirteenth Amendment, which abolished slavery. He is the chairman of the board of Duke University (my alma mater, too) and the chairman of the board of the Kennedy Center. He is a co-chair of the board of trustees of the Brookings Institution and the chairman of the Council on Foreign Relations. He has an interview show on Bloomberg TV. He has agreed to take the Giving Pledge and donate half his wealth to charity.

By all accounts, though, the Alaska Dispatch News was Rogoff’s baby. She reportedly fell in love with Alaska after a trip there in 2001, according to the Los Angeles Times. She explored the Arctic, hunted moose, and flew her own plane. A graduate of Connecticut College and Harvard Business School, Rogoff spent ten years as the chief financial officer of U.S. News & World Report and was also an assistant to Graham, when he was the publisher of the Washington Post. She bought the Alaska Dispatch News in March, 2014, from the McClatchy Company, for thirty-four million dollars, when it was known as the Anchorage Daily News. She promptly changed its name and bought a new printing press to leave little doubt that she was committed to continue to print the paper. “I don’t see an end to print,” she told the Los Angeles Times last year, explaining why she bought the paper and the new press. “If I could see it, I’d be preparing for it. We’re not.” She said that she hoped to continue publishing the paper, which had a paid circulation of about forty-two thousand, for “decades to come.” After buying the paper, she sold certain assets for some fifteen million dollars and used the proceeds of that sale to reduce the purchase price. She put in six million dollars of her own money and borrowed another thirteen million dollars from Northrim Bank.

But Rogoff’s dream of running a local newspaper in her beloved Alaska—she often lived there apart from her husband—slammed into the economic realities of the newspaper business. In August, the Alaska Dispatch News filed for bankruptcy protection. Rogoff had been trying to sell it for months, without success. According to the bankruptcy filing, the paper was losing an average of a hundred and twenty-five thousand dollars per week and owed its venders some $2.5 million. She still owes Northrim Bank around $10.2 million, the security for which is the regular payments that she receives as part of a “marital settlement agreement” with her husband, as well as her Wells Fargo investment accounts and the remaining assets of the paper. (The couple are not divorced, though they have mostly lived apart—on opposite coasts—for many years.)

In announcing the bankruptcy filing to readers, on August 12th, Rogoff struck a poignant and bittersweet note. “I think by now that most of you know owning this news organization has been a labor of love for me,” she wrote. “The body of work done in our time has been as good as we could hope for. We’ve worked hard to help illuminate the issues of our day and provide a platform for points of view from across Alaska. Yet like newspapers everywhere, the struggle to make ends meet financially eventually caught up with us. I simply ran out of my ability to subsidize this great news product. Financial realities can’t be wished away.”

Last month, a bankruptcy judge in Alaska approved the sale of the newspaper to a new group of buyers, led by the Binkley family of Fairbanks, for a million dollars—the amount of the loan that the family had made to the paper a month earlier to keep it going. Very little, if anything, of that million dollars will go the paper’s existing creditors. “Obviously, this is not the outcome I would prefer,” Rogoff wrote in a court filing, “but the reason I agreed to these terms is that my primary desire is to see that the newspaper continue in operation.” For their part, the Binkleys made their fortune over five generations by taking tourists and freight up the Yukon River. They are determined to keep the paper going. “Newspapers across the country are in distress and operating independently in remote Alaska adds to the challenge,” Ryan Binkley wrote to the paper’s readers. “We will be working with the talented and dedicated team here at the company, building a winning organization. The ADN can’t be allowed to go away. It’s too important to the city of Anchorage and to the State of Alaska.”

In the three years that Rogoff owned the paper, its value declined ninety-seven per cent. Sure, she had deep pockets, but not deep enough, it turned out. (Certainly, had she had full access to her husband’s multibillion-dollar fortune, or had he been interested in this particular lost cause, she likely could have kept running the paper, which lost $6.6 million in 2016, a million dollars more than it lost the year before, according to the financial statements filed in bankruptcy court.) She will likely end up losing the six million dollars that she invested, plus whatever portion of the $10.2 million that she still owes the bank, as part of the more than seventeen million dollars she told the bankruptcy court that she invested in the newspaper and the new printing press, which, according to the bankruptcy filing, remains unused and sitting idly in an old building in Anchorage. As for Rogoff herself, the Los Angeles Times reported that she left the bankruptcy hearing last month virtually unnoticed “and disappeared down the street without further comment.” Her Alaska attorney, Cabot Christianson, told the paper that she would continue to live in Alaska. (He declined my request to be interviewed about how it went wrong for Rogoff. She stopped tweeting last November.) “It is extremely painful,” she told the bankruptcy judge about the paper’s dénouement.

Of course, Rogoff’s debacle is emblematic of a much bigger financial crisis in American journalism. Even with the arrival of a handful of rich backers—Bezos, at the Post; the Sandler family, at ProPublica; and Laurene Powell Jobs, at The Atlantic—the broader industry has failed to find a viable digital-news model as traditional forms of revenue—advertising and subscriptions—continue to evaporate like rain in the Sahara. (Even Condé Nast, the owner of The New Yorker, is not immune to the macroeconomic forces affecting the industry.) In an era when the Presidency demands more and better reporting than ever (and there has been much fabulous reporting), newsroom staffs continue to shrink. According to the annual survey conducted by the American Society of News Editors, thirty-two thousand nine hundred full-time journalists were employed in newsrooms across the country in 2015, down from fifty-seven thousand in 2007. (The organization has since modified the survey.)

It’s difficult to see where all this is going. ProPublica just announced a program to pay for investigative reporters in local newsrooms across the country. That’s a positive step for journalism and our democracy. But the Alice Rogoff saga is a reminder that sometimes deep pockets are not enough to save a local newspaper. Creating indispensible journalism—whether at the local or national level—is not without cost. It does not want to be free. If people aren’t willing to pay for it, like they pay for the Internet or cell-phone service, then it will surely disappear, sometimes right before your eyes.
https://www.newyorker.com/news/news-...y-billionaires

The FCC Just Ended a Decades-Old Rule Designed to Keep TV and Radio Under Local Control
Brian Fung

Federal regulators have voted to eliminate a longstanding rule covering radio and television stations, in a move that could ultimately reshape the nation's media landscape.

The regulation, which was first adopted almost 80 years ago, requires broadcasters to have a physical studio in or near the areas where they have a license to transmit TV or radio signals. Known as the "main studio rule," the regulation ensured that residents of a community could have a say in their local broadcast station's operations.

Tuesday's vote by the Federal Communications Commission lifts that requirement. With the rise of social media, the agency said, consumers now have other ways to get in touch with their local broadcasters.

"Additionally, technology allows broadcast stations to produce local news even without a nearby studio," FCC Chairman Ajit Pai said.

But that same technological capability could prompt large media titans to take over small, local TV and radio stations, turning them into megaphones blasting content developed for a national audience rather than a local one, according to critics.

"At a time when broadcast conglomerates like Sinclair are gobbling up more stations," the consumer advocacy group Free Press said in a regulatory filing on the matter in July, "the Commission’s proposal would allow these conglomerates to move even more resources away from struggling communities and further centralize broadcasting facilities and staff in wealthier metropolitan areas."

Sinclair, a right-wing broadcaster, is trying to buy up Tribune Media in a $3.9 billion deal. The consolidation of the media industry has become a political flashpoint amid wider concerns about fake news and the polarization of news consumption. Even some conservatives have opposed the merger, on the grounds that it could limit the number of voices on the airwaves.

"Anyone who understands how these big media companies operate can see the danger," Christopher Ruddy, the chief executive of Newsmax, a conservative media company that asked the FCC to reject the Sinclair deal, wrote in a recent Washington Post op-ed. "By owning local stations, the New York-based media networks could dictate local news coverage. With the planned elimination of the local studio rule, they will have a green light to do so."

Supporters of the FCC decision to eliminate the main studio rule, including the National Association of Broadcasters, argue that it imposes unreasonable costs on station owners and that the savings from no longer operating a physical studio could be funneled into creating more local TV and radio programming.

"[The] record shows that costs associated with main studio rule have stopped broadcasters from launching new stations in small towns," tweeted Matthew Berry, Pai's chief of staff.
https://www.washingtonpost.com/news/...local-control/

Chevy Bolt: Meet the First Practical, Mass-Market Electric Vehicle
Dan Neil

Well, That was easy.

Twenty years and a million tears after General Motors’ GM, +0.57% senior scientists built a fleet of nimble, lovable all-electric cars (the EV1) and then crushed them -- an episode told in Chris Paine’s film “Who Killed the Electric Car?” -- GM has delivered the world’s first affordable, long-range EV, the Chevrolet Bolt, with an EPA-estimated range of 238 miles and an MSRP of $37,495, before the $7,500 federal tax credit.

GM reached this mark a few months sooner than industry pioneer Tesla TSLA, -1.91% , which is only now ramping up production of its Model 3 compact sedan to satisfy some 450,000 preorders. The Bolt -- a compact four-door, five-seat hatchback, assembled at the Orion plant near Detroit -- offers about the same range and acceleration as reported for Model 3 with the standard battery (50 kWh) and a bit more cargo flexibility, owing to the hatch design.

The situation is ironic, since building a mass-market EV has been Tesla boss Elon Musk’s goal all along, whereas GM management had to be dragged to it, kicking and screaming. But there is value in being first. Wait-times for new orders of the Model 3 stretch from 12 to 18 months. While no raving beauty -- rather like a glass boot -- the Bolt is certainly good enough to peel some off the Tesla waiting list. If nothing else they can lease the Chevy until their Model 3 arrives.

Obviously, these machines have very different pedigrees -- Tesla the disrupter, GM the disrupted -- and hold out contrasting owner narratives. The Bolt doesn’t reinvent GM’s wheel entirely. My butt could tell those seats blindfolded. Also, in our $43,905 Premier test car, the driver’s door’s inner seam wasn’t quite plumb. They do that to make me crazy.

But the Bolt is a hell of a car, the quickest soulless appliance you could ask for, an absolute hoot in the sack. It dominates the BMW i3 and the Nissan Leaf, with more room, more power and more range. That’s amazing when you think about it: Nissan sank an entire year’s worth of R&D, $6 billion, tooling up for the Leaf. If the Bolt team had been given $6 billion they could have made it fly.

What made the difference? At the risk of being reductive, the falling cost of automotive-grade lithium batteries. And while the Bolt’s liquid-cooled battery pack certainly boasts some respectable numbers, volts- and amps-wise, mostly it’s just big: 60 kWh sandwiched between the floorboards. The Bolt is all about the battery.

While they were flirting with innovation, the designers worked to keep the human interface familiar. Unlike Tesla products, the Bolt waits for the driver to press the start button before the instrument panels bloom (the Tesla unlocks as you approach and lights up when you touch it). The Bolt’s gear selector is conventional in position and operation (you have to remember to press the P for park button). It’s not nearly as fun as the BMW i3 gear selector, like turning the right bolt in Frankenstein’s neck.

At a stop, if you release the Bolt’s brake the car will start creeping forward, as if it had an engine and automatic transmission. As owners become more familiar with regenerative braking -- one-pedal operation, whereby the car slows when you lift the e-throttle -- they can slip the gear selector into L mode. One-pedal operation is more intuitive and safer than conventional foot controls and is one of the benefits of EVs.

But after my first week with the Bolt, I would say the Bolt’s primary innovation is emotional. It’s the Prozac of range anxiety.

Your humble correspondent is learning as I go. I had a Level 2 charger installed at my house this year; the Bolt is the first test car to get home-charging treatment. At 240 volts/32 amps, the Bolt can acquire 25 miles of range per hour of charging, amounting to a full charge overnight. At a fast-charge station (480 volts) those figures are 90 miles of range in 30 minutes, but that requires the optional fast-charge hardware ($750).

Not being the fretful sort, I didn’t think I suffered from range anxiety, the fear of being stranded on the road with a flat battery. Even in EVs with less than 100 miles range, the charging duties seemed manageable. But, in retrospect, those ever-dwindling states of charge were never far from my mind, always in the corner of my eye. I never registered this gloom until it was lifted.

The Bolt’s +200-mile range puts it beyond the nagging agues of range anxiety. I drove more than 170 miles in a day last week, mostly highway miles between 70 and 80 mph, with no apprehension. Just as important, the Bolt’s long legs means the average owner can skip several days between charges. If I owned a Bolt, I’d plug in about as often as I take the family van to the gas station now. And the bathrooms at home are cleaner.

The Bolt’s mighty electron reserves change the experience fundamentally. It’s amazing how much fun EVs are when you’re not worried sick about running out of juice.

What follows only sounds controversial but it’s not: For a general audience, electric vehicles will offer a better driving experience than cars with internal-combustion engines. It’s in the nature of the mechanism, which dispenses with the trembling gas-fired whirligig under the hood, the transmission, gas tank and tailpipes, in favor of a murmuring electric motor(s), a single gearset, soft-singing voltage controllers and low-slung batteries.

For example, auto makers spend millions of development dollars keeping engine noise, vibration and harshness away from the cabin, lately including exotica like active noise cancellation, dynamic engine mounts and damping flywheels in the transmission. The Bolt doesn’t have any of that and at 70 mph it was so quiet in the cabin I could hear my wristwatch ticking, and my hearing ain’t all that good.

It’s also quiet on the outside. I’m afraid I surprised a squirrel.

Efficiency? The energy content of a gallon of gas is about 33 kWh, which means that the Bolt travels 238 miles on the equivalent of less than two gallons of gas (128/110/119 mpg-e, city/highway/combined.)

Did somebody say acceleration? The Bolt is as good as its name. From a standstill, and hampered by its low-rolling-resistance tires, the Bolt hits 60 mph in less than 6.5 seconds, officially. But once it’s rolling, say, between 20 and 60 mph, the Bolt is outrageously, throw-your-head-back quick, stealthy and spontaneous. With 266 lb-ft of torque on hair-trigger alert, this little family car squirts past slower cars like a Subaru WRX STI, except nobody thinks it’s an air raid. The Bolt should come with a traffic attorney on retainer.

As with other such EVs, the battery pack (960 pounds) imbues the Bolt with a low center of gravity, which is all the more palpable from the elevated perch of the driver seat. The low C-of-G does nice things for the Bolt’s standard-issue small-car suspension (struts in front and torsion-bar rear), like lead in a keel. With its low CofG and minimal body roll, the Bolt gives and gives in corners until the tires chirp their surrender.

That, right . . . there . . . is gasoline’s Achilles’ heel: the comparative user experience. In the end, it will not matter how much the Big Oil spends propagandizing against electric cars or if gasoline goes back to 30 cents a gallon. Gainsayers need only run down to a Chevrolet dealership and drive, back to back, dollar for dollar, one of the company’s anodyne family haulers and the Bolt. Which one is quieter, more refined, quicker around town (much!), with better ride and handling? Which one feels like the future and the past?
http://www.marketwatch.com/story/che...cle-2017-10-22

Solar Windows Could Meet 'Nearly All' of America's Electricity Demand

Up to seven billion square metres of glass surface in the United States could be used to generate electricity
Niamh McIntyre

Solar cell technology could soon tap into the massive energy potential of windows and other transparent objects, new research has shown.

Scientists have been working on transparent solar panels which could be used as windows in cars or homes at the same time as generating electricity.

“Highly transparent solar cells represent the wave of the future for new solar applications”, said Richard Lunt, Professor of Chemical Engineering and Materials Science at Michigan State University.

"We analysed their potential and show that by harvesting only invisible light, these devices can provide a similar electricity-generation potential as rooftop solar while providing additional functionality to enhance the efficiency of buildings, automobiles and mobile electronics.”

The material is designed to capture just ultraviolet and near-infrared light.

Commercial versions of the high tech new solar panels should be on the market in “the next few years”, Professor Lunt told Newsweek.

An estimated five billion to seven billion square metres of glass surface in the United States could be used to meet 40 per cent of the country’s energy demand, according to the authors of the report - rising to nearly 100 per cent, if energy storage capacity is improved.

In 2016, solar accounted for 1.4 per cent of US electrical generation, up from just 0.1 per cent in 2010

Meanwhile, the cost to install traditional solar panels in the US has fallen by more than 70 per cent since 2010.

In the UK, solar’s overall share of the market is higher, accounting for 3.4 per cent of all electricity generated in 2016.
https://www.independent.co.uk/news/w...-a8018071.html

How Silicon Valley Divided Society and Made Everyone Raging Mad
Jamie Bartlett

Of all the fantasies about how the internet would improve our lives, the notion that connectivity automatically brings people together is the most alluring. Mark Zuckerberg’s oft-repeated promise to create a “global community” on Facebook is merely the most recent example. For decades, the utopians of Silicon Valley have firmly believed that digital connectivity will bridge all misunderstanding and difference.

It increasingly feels like it is doing the precise opposite, fueling a tribal form of identity politics based on narrow markers of gender, race, religion or so on. This isn’t the fault of the net of course—identity politics far predates digital communication—but it has introduced a new urgency and force. Just as Netflix and YouTube replaced mass audience television with ever more personalized choice, so total connection offers up an infinite array of possible identities. Online, anyone can find any type of community they wish (or invent their own)—think alt-right, pro-ana, TERF, antifa—and with it thousands of likeminded people with whom they can mobilize. Anyone who is pissed off can now automatically find other people that are similarly pissed off. A network can bring people together, but it also produces homophily—birds of a feather flocking together.

Homophily is often the basis for a community, but what transforms it into a forceful identity based movement is some sense of shared struggle or common enemy. This is where the tsunami of information online has inadvertently turbo-charged the rise of identity politics. Because the internet is a bottomless well of available grievance.

If you are a transgender person, you can cite and share the awful crime statistics.

If you are a person of color in the U.K., a recent government survey revealed still enormous differences in life chances.

If you are white working class, data finds that your group has the lowest likelihood of getting to university and the lowest sense of personal agency.

If you are a Muslim, you’re more likely to wind up in prison.

If you are middle class, academic studies prove the last 30 years of globalization has led to an unprecedented decline in your wages.

If you are a woman, you’re still earning less than men for the equivalent work.

And on and on and on. Spend a little time on social media: you won’t go five minutes without seeing a report about how badly group x or group y is being treated.

I don’t mean to denigrate these issues, since all the reports I cite above are accurate and reflect genuine problems. And obviously some grievances are objectively more serious than others. The point is that every individual now has readily available a truckload of reasons to feel legitimately aggrieved, outraged, oppressed, or threatened—even if their own life is going just fine. For some people, being generally decent and siding with underdogs, this produces a powerful sense of belonging and solidarity with a group they might never have thought about until they kept reading how oppressed they were.

If you put a magnifying glass to a group of people, give them a label, collect data, and spread it about—even for very noble reasons—it inevitably creates an us and them feeling. Imagine for a moment someone collected some data about people from Kent, an area in southeast England, which is where I’m from. Doubtless it would reveal some problem or injustice, and it would be all over social media. Throw in a handful of viral anecdotes of Londoners treating Kent people with disdain. YouGov would then poll the region about whether they felt Kentish or British and some newspaper would publish the results with an exciting headline like “32 percent of Kentish People Feel DISLOYAL to Britain.” Before too long there would be a Facebook group called the Kentish Independence Movement; and another called Kent Patriots Against the Fascist K.I.M. Both would be full of angry zealots who’d never even thought about Kent before.

Essentially, the internet has opened up new ways of forming, finding or joining tribes that we never even knew we belonged to.

This alone is not necessarily a problem, and in some cases is both understandable and a route to redress an existing issue. (People who moan endlessly about identity politics sometimes forget this). But it is destructive when it tilts too tribal, when reason and argument give way to blind loyalty, when a single identity overwhelms all others, turning opponents into enemies and making arguments about who people are rather than the point they’re trying to make. It becomes dangerous when it’s reduced to a binary us versus them.

This is the internet’s final gift to identity politics. Silicon Valley’s utopians genuinely but mistakenly believe that more information and connection makes us more analytical and informed. But when faced with quinzigabytes of data, the human tendency is to simplify things. Information overload forces us to rely on simple algorithms to make sense of the overwhelming noise. This is why, just like the advertising industry that increasingly drives it, the internet is fundamentally an emotional medium that plays to our base instinct to reduce problems and take sides, whether like or don’t like, my guy/not my guy, or simply good versus evil.

It is no longer enough to disagree with someone, they must also be evil or stupid. And for all the newfound fear of social media creating echo-chambers or filter-bubbles of likeminded people, I think it often does the precise opposite. It’s incredibly easy to find opposing views on social media. I’ve never seen so many knaves and fools as pollute my timelines. Social media allows you to find the worst examples of other tribes (which are of course shared by your own one). It’s not a place to have your own views corroborated, but rather where your worst suspicions about the other lot can be quickly and easily confirmed. Nothing holds a tribe together like a dangerous enemy.

That is the essence of identity politics gone bad: a universe of unbridgeable opinion between opposing tribes, whose differences are always highlighted, exaggerated, retweeted and shared. In the end, this leads us to ever more distinct and fragmented identities, all of us armed with solid data, righteous anger, a gutful of anger and a digital network of likeminded people. This is not total connectivity; it is total division.
http://www.newsweek.com/how-silicon-...ing-mad-689811

Amazon Rivals Turn to Legal Fine Print to Stem Whole Foods Strategy
Jeffrey Dastin

Whole Foods Market met a new foe this summer during talks to lease a top retail space in a San Francisco mall: the Target next door.

As City Centre mall’s largest tenant, Target Corp (TGT.N) had a say over changes to the property. According to people familiar with the lease discussions, Target balked at sharing the mall with Whole Foods because it feared competition from the grocery chain’s new owner, Amazon.com Inc (AMZN.O).

Early attempts to persuade Target failed, and Whole Foods may now have to concede certain Amazon initiatives - such as lockers where customers can pick up goods ordered online - if it wants the location, the people said. Talks are ongoing.

A Reuters examination of real estate agreements and interviews with 20 retail landlords, lawyers and brokers show that the strings attached to operating in malls like City Centre present an emerging and little-scrutinized challenge to Amazon’s quest to re-shape Whole Foods.

Across the United States, large retailers including Target, Bed Bath & Beyond Inc (BBBY.O) and Best Buy Co Inc (BBY.N) have legal rights in many lease agreements that allow them to limit what Amazon can do with nearby Whole Foods stores, and where it can open new ones.

Documents reviewed by Reuters show bans on Amazon lockers and delivery operations near a Target store in Illinois and also in Florida, where a new Whole Foods is set to open. Lockers for retrieving online orders are a way for Amazon to spur sales through the grocery chain.

In Manhattan and other locations, the leases of Whole Foods’ big box neighbours bar it from selling a range of goods that Amazon has in its massive online inventory, from electronics to toys and linens.

Even Whole Foods stores that do not share space with major rivals can face constraints imposed by local governments. A city council resolution in White Plains, New York, restricted the hours when Whole Foods can use a loading dock prior to the grocer locating in the mall.

Amazon declined to answer questions about how these restrictions across the country impact its plans.

In a statement, Target said it is “focused on what’s best for the company and delivering on the reasons our guests love Target. Our more than 1,800 stores across the country are a strategic asset and a vital part of Target’s future.”

The company did not discuss details of the restrictions reported by Reuters, but said, “It’s inaccurate to characterize lease agreements as our corporate strategy.”

Reuters could not determine the full extent of limits on Whole Foods stores because lease deals vary from mall to mall, and many are not public. While restricting how neighbours operate is a standard practice in retail, Amazon is new to feeling the heat.

Some mall owners and real estate brokers say Whole Foods will still find landlords who are eager to have the high-profile tenant driving traffic in their malls, and see rivals trying to keep Whole Foods out as short-sighted.

But with nearly all of Whole Foods’ 473 stores subject to lease agreements and plans to add up to 85 stores, according to regulatory filings, Amazon has launched into brick-and-mortar with more constraints and entrenched enemies than in the online world it dominates.

“Many people assume this big, 800-pound gorilla is going to come and beat up all of these retailers,” said Terrison Quinn, a senior vice president at brokerage SRS Real Estate Partners. “I just don’t think that’s going to be the case.”

DOZENS OF RESTRICTIONS

Amazon wasted no time in making changes when the $13.7 billion Whole Foods deal closed in August. The world’s largest online retailer cut grocery prices, started selling its Echo home speaker in stores and disclosed plans to add lockers to some locations and Whole Foods items to Prime Now, its two-hour delivery program.

Analysts expect such moves will boost online orders and revenue for Amazon. But big box rivals have a number of ways to fight back.

Retailers routinely negotiate guarantees that their landlords will not alter malls in a way that hurts sales, whether leasing to a strip club or starting construction projects without approval, real estate lawyers said.

These leases, which often last 10 to 20 years with options to renew, may even name competitors barred from opening a store.

A 16-page memo in July detailing the lease restrictions governing Miami’s Pinecrest Place mall, obtained by Reuters, offers a glimpse of the legal protections retailers are securing.

Target required an affiliate of national landlord Regency Centers Corp (REG.N) to bar “Any lockers, lock-boxes or other type of storage system that is used to receive or store merchandise from a catalog or online retailer.”

The document then specifies more than a dozen other restrictions for the mall, from leasing space to a pet shop or toy store to operating “a fulfilment centre in connection with receiving, storing or distributing merchandise from a catalogue or online retailer.”
Slideshow (3 Images)

Regency announced in April that Whole Foods will open in the centre, meaning the store cannot have Amazon lockers or fulfil orders for Prime Now.

A May memo of lease for a Target in Evanston, Illinois, obtained by Reuters, contains similar prohibitions against lockers and online fulfilment.

In another case, Target raised similar concerns about Amazon for a prospective Whole Foods location at the Stonestown Galleria in San Francisco, people familiar with the matter said.

A Reuters analysis showed that 7 percent of existing Whole Foods' U.S. stores are within a quarter mile, or roughly five-minute walk, of a Target. For a graphic, click tmsnrt.rs/2yAt3nu

OPPOSITION ABOUNDS

Target is not alone in placing limits on Amazon.

Lidl, a German grocery chain expanding in the United States, said in a deal this year it would “prohibit the operation of pickup facilities” by rivals such as “Wal-Mart and Amazon... that sell grocery items” near a planned store on Long Island in New York, according to a person familiar with the matter. The language is becoming common, the person said.

Will Harwood, a spokesman for Lidl, said, “We adhere to industry norms and standard real estate practices when securing sites.”

A Bed Bath & Beyond store in lower Manhattan bars its next-door tenant - Whole Foods - from selling linens, bathroom items, housewares and frames, its memo of lease said. The company declined to comment.

And a Best Buy store just north of Miami has the exclusive right in its shopping centre to sell electronics. A lease carve-out, which states other tenants can sell gadgets on less than 250 square feet of floor space, allowed for the mall’s Whole Foods to display the Echo speaker, according to a memo seen by Reuters and a reporter who visited the location.

“It is pretty standard for anchor tenants of a shopping centre to reserve the right in their leases to prohibit improvements to a centre - including the addition of new tenants - without approval and consent,” said Jeff Shelman, spokesman for Best Buy.

Gabe Kadosh, vice president at real estate firm Colliers International (CIGI.O), said Amazon and Whole Foods “want to have freedom to do whatever they want. The challenge is in brick and mortar, and in multi-tenant shopping centres, you can’t just do that.”

Reporting by Jeffrey Dastin in San Francisco; Additional reporting by Melissa Fares and Ashlyn Still in New York, Richa Naidu in Minneapolis and Zachary Fagenson in Aventura, Florida; Editing by Jonathan Weber and Edward Tobin
https://uk.reuters.com/article/uk-br...-idUKKBN1CT1NF

Microsoft to Drop Lawsuit after U.S. Government Revises Data Request Rules

Microsoft Corp said it will drop a lawsuit against the U.S. government after the Department of Justice (DOJ) changed data request rules on alerting internet users about agencies accessing their information.

The new policy limits the use of secrecy orders and calls for such orders to be issued for defined periods, Microsoft Chief Legal Officer Brad Smith said in a blog post on Monday.

"As a result of the issuance of this policy, we are taking steps to dismiss our lawsuit," Smith said. bit.ly/2gE3kDp

The company expects the changes to end the practice of indefinite secrecy orders.

Microsoft filed the lawsuit in April 2016 arguing that the U.S. government was violating the constitution by preventing the company from informing its customers about government requests for their emails and other documents. reut.rs/2zLIjv0

The suit argued that the government’s actions were in violation of the Fourth Amendment, which establishes the right for people and businesses to know if the government searches or seizes their property, and the company’s First Amendment right to free speech.

The changes will ensure that secrecy order requests are “carefully and specifically tailored to the facts in the case,” Smith said.

“This is an important step for both privacy and free expression. It is an unequivocal win for our customers, and we’re pleased the DOJ (Department of Justice) has taken these steps to protect the constitutional rights of all Americans,” the statement said.

While Microsoft has agreed to drop its lawsuit, Smith said the company is renewing its call to Congress for the amendment of the Electronic Communications Privacy Act which was adopted in 1986.

The DOJ did not respond to request for comment outside regular business hours.

Last week, the U.S. Supreme Court agreed to hear the Trump administration’s appeal of a lower court’s ruling preventing federal prosecutors from obtaining emails stored in Microsoft computer servers in Dublin, Ireland in a drug trafficking investigation.

Government lawyers argued the lower court ruling threatened national security and public safety.

Reporting by Kanishka Singh in Bengaluru; Editing by Gopakumar Warrier
https://uk.reuters.com/article/uk-gl...-idUKKBN1CT02R

DOJ Subpoenas Twitter About Popehat, Dissent Doe And Others Over A Smiley Emoji Tweet
Mike Masnick

So, here's a fun one. Back in May, the Justice Department -- apparently lacking anything better to do with its time -- sent a subpoena to Twitter, demanding a whole bunch of information on a five Twitter users, including a few names that regular Techdirt readers may be familiar with:

If you can't see that, it's a subpoena asking for information on the following five Twitter users: @dawg8u ("Mike Honcho"), @abtnatural ("Virgil"), @Popehat (Ken White), @associatesmind (Keith Lee) and @PogoWasRight (Dissent Doe). I'm pretty sure we've talked about three of those five in previous Techdirt posts. Either way, they're folks who are quite active in legal/privacy issues on Twitter.

And what info does the DOJ want on them? Well, basically everything:

1. Names (including subscriber names, user names, and screen names);
2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses);
3. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol ("IP") addresses) associated with those sessions;
4. Length of service (including start date) and types of service utilized;
5. Telephone or instrument numbers (including MAC addresses, Electronic Serial Numbers ("ESN"), Mobile Electronic Identity Numbers ("MEIN"), Mobile Equipment Identifier ("MEID"), Mobile Identification Numbers ("MIN"), Subscriber Identity Modules ("SIM"), Mobile Subscriber Integrated Services Digital Network Numbers ("MSISDND"), International Mobile Subscriber Identifier ("IMSI"), or International Mobile Equipment Identities ("IMEI"));
6. Other subscriber numbers or identities, or associated accounts (including the registration Internet Protocol ("IP") address);
7. Means and source of payment for such service (including any credit card or bank account number) and billing records.

That's a fair bit of information. Why the hell would the DOJ want all that? Would you believe it appears to be over a single tweet from someone to each of those five individuals that consists entirely of a smiley face? I wish I was kidding. Here's the tweet and then I'll get into the somewhat convoluted back story. The tweet is up as I write this, but here's a screenshot in case it disappears:

And, just to make it clear, here are all the users "in the conversation" on that tweet (since Twitter now buries at least some of that information):

You'll note that all of the names are the same names as listed in the subpoena above (as a point of clarification, the four users listed below were already in the conversation, so their metadata gets swept along, and then the tweeter, Justin Shafer, is also adding in @PogoWasRight to the conversation).

So, who is Justin Shafer, and what the hell is all of this about? Buckle up, because it'll take a bit of background to get around to this tweet (and, yes, it will still feel very, very, stupid that this subpoena was ever issued). First up: Justin Shafer is a security researcher, who has some history spotting bad encryption. Go back to 2013 and he had spotted a weak not really "encryption" standard put out by Faircom. Once it was called out as weak, vulnerable and not really encryption, Faircom rebranded it from the "Faircom Standard Encryption" to "Data Camouflage" since the reporting by Shafer showed that it wasn't really encryption at all -- but just a weak attempt at obfuscation.

Fast forward to late 2013, when a dentist named Rob Meaglia alerted some of his patients that a computer was stolen from his offices with "medical records and dental insurance information." But, Dr. Meaglia told his patients that the records system they were using, Dentrix, made by a company called Henry Schein, Inc., had all of that data encrypted. Except it appeared that Dentrix was actually using Faircom's "Data Camouflage" and not actual encryption. And, as that link notes, Henry Schein, Inc. had been informed of this problem months earlier, around the time Faircom admitted it wasn't actual encryption.

In May of 2016, the FTC announced a settlement with Henry Schein, Inc. over the claim that it "falsely advertised the level of encryption it provided to protect patient data." Kudos to Justin Shafer.

But, literally days later, the FBI was raiding Justin Shafer's home and taking all of his computers. This was not specifically about the Harry Schein case, but since Shafer had continued to investigate poor data security practices involving dentists, he'd come across an FTP server operated by another dental software company, Patterson Dental, which makes "Eaglesoft," a dental practice management software product. Shafer had discovered an openly available anonymous FTP server with patient data. Shafer did the right thing as a security researcher, and alerted Patterson. However, rather than thanking Shafer for discovering the server they had left with patient data exposed, Patterson Dental argued that Shafer had violated the CFAA in accessing the open anonymous FTP server. Hence the FBI raid.

Not surprisingly, Shafer was none too pleased with the FBI's decision to raid his home and take all of his electronics. In particular, it appears he was especially annoyed with FBI Special Agent Nathan Hopp (who he initially believed was actually Nathan "Hawk.")

Fast forward to March of this year, to an entirely different story: the FBI arresting John Rivello for "assaulting" journalist Kurt Eichenwald with a tweet. If you follow Techdirt related stuff, you probably remember that whole story. Lots of people, including us, posted the criminal complaint that was put together by one Nathan Hopp, a special agent at the FBI.

It appears that the Rivello arrest and subsequent news coverage suddenly alerted Shafer to the fact that "Nathan Hawk" was actually "Nathan Hopp" and Shafer began a bit of an open source "investigation" on Twitter. I wouldn't necessarily call the following tweets "smart," but Shafer, finally aware of the FBI agent who lead the raid on his house, started trying to find any public info on Hopp -- and his family. Now, searching out his family isn't great. But it does appear that he was just looking up publicly available information:

At this point, the FBI decided to start protecting its own. Seeing as the guy whose home the FBI had ridiculously raided a year earlier was now tweeting some info about one of its special agents, the FBI started putting together a new criminal complaint arguing that all of the tweets above amounted to "Cyber Stalking" under 18 USC 2216A. This seems like a huge stretch, because that law requires "intent to kill, injure, harass, intimidate, or place under surveillance...."

Either way, about the time all of this was happening, Ken "Popehat" White had started another Twitter thread about the Rivello arrest, leading Virgil and Keith Lee to respond about the criminal complaint, eventually leading Mike Honcho to note "Nathan Hopp is the least busy FBI agent of all time." It is to that tweet that Shafer replies with his smiley emoji and adds or cc's, Dissent Doe to the conversation:

And that takes us to 10 days later, when a new criminal complaint against Shafer is issued*, arguing that those tweets were criminal Cyber Stalking. And because part of that included his smiley emoji in response to the Popehat thread/Honcho tweet, the DOJ felt it necessary to issue a subpoena demanding basically all info on those 5 Twitter users (including Popehat, a former Assistant US Attorney whose info is pretty easy to find on Google). Perhaps the FBI somehow thinks that Shafer was really behind those other accounts or something -- but anyone with even the slightest level of competence should realize that's unlikely -- and that's got nothing to do with anything here anyway.

* As an aside, look closely at that criminal complaint against Shafer. I have no idea why but it appears that the FBI/DOJ is so clueless that rather than submitting the final complaint, they actually submitted the copy showing the "comments" on the Word doc they were using to prepare the complaint -- which shows two comments that both suggest the FBI is well aware that this complaint is weak sauce and probably doesn't meet the standard under the law... but this story is crazy enough without spending too much time on that.

Twitter is apparently fighting back against this subpoena. And even though it was issued back in May, a few days ago, the company alerted the individuals that the DOJ was demanding info on. Dissent Doe has already stated publicly a plan to move to quash the subpoena as well, and I wouldn't be surprised to see the others named take similar steps.

But, really, take a step back and everything about this situation is crazy. Going after Shafer the first time was crazy. Going after him again for supposed "Cyber Stalking" over a few harmless tweets was clearly just the FBI trying to protect its own from being embarrassed online. Then, to subpoena a ton of info on 5 totally unrelated Twitter users... just because Shafer tweeted a smiley face emoticon at them? What the fuck is the DOJ up to? Doesn't Assistant US Attorney Douglas Gardner, who signed the subpoena, have better things to do with his time, like going after actual criminals, rather than harassing people for tweeting?
https://www.techdirt.com/articles/20...ji-tweet.shtml

The New York Times is Now Available as a Tor Onion Service
Runa Sandvik

Today we are announcing an experiment in secure communication, and launching an alternative way for people to access our site: we are making the nytimes.com website available as a Tor Onion Service.

The New York Times reports on stories all over the world, and our reporting is read by people around the world. Some readers choose to use Tor to access our journalism because they’re technically blocked from accessing our website; or because they worry about local network monitoring; or because they care about online privacy; or simply because that is the method that they prefer.

The Times is dedicated to delivering quality, independent journalism, and our engineering team is committed to making sure that readers can access our journalism securely. This is why we are exploring ways to improve the experience of readers who use Tor to access our website.

One way we can help is to set up nytimes.com as an Onion Service — making our website accessible via a special, secure and hard-to-block VPN-like “tunnel” through the Tor network. The address for our Onion Service is:

https://www.nytimes3xbfgragh.onion/

This onion address is accessible only through the Tor network, using special software such as the Tor Browser. Such tools assure our readers that our website can be reached without monitors or blocks, and they provide additional guarantees that readers are connected securely to our website.

Technology

Onion Services exist for other organizations — most notably Facebook and ProPublica, each of which have created custom tooling to support their implementations. Our Onion Service is built using the open-source Enterprise Onion Toolkit (EOTK), which automates much of the configuration and management effort.

The New York Times’ Onion Service is both experimental and under development. This means that certain features, such as logins and comments, are disabled until the next phase of our implementation. We will be fine-tuning site performance, so there may be occasional outages while we make improvements to the service. Our goal is to match the features currently available on the main New York Times website.

Over time, we plan to share the lessons that we have learned — and will learn — about scaling and running an Onion Service. We welcome constructive feedback and bug reports via email to onion@nytimes.com.

Finally, we would like to extend our thanks to Alec Muffett for his assistance in configuring the Enterprise Onion Toolkit for our site.
https://open.nytimes.com/https-open-...e-e0d0b67b7482

This Store with Nothing for Sale Wants to Help You Take Control of Your Online Privacy
Gianluca Mezzofiore

There's a lot of high-brow, abstract talk about privacy and personal data.

But when it comes to our personal experience with it, all we usually get is a long, boring, overlooked list of conditions that nobody reads before signing up to Facebook or other social media giants. Do we truly understand what part of our digital footprint is owned by these companies?

That's why the Glass Room, which just opened in central London, is important.

At first sight, it's just another all-white, sleek, shiny, minimalist pop-up tech store, with massive windows overlooking central London and interactive handsets methodically placed in tactical positions. It bears more than a fleeting resemblance to a famous retail store, which shall remain nameless.

Except that once you get inside and start checking out the "products", you're left amused at best, desperately baffled at worst.

Mozilla and Technical Tech, the organisers of The Glass Room, call it "a tech store with a twist", and its declared purpose is to make the intangible — the theoretical, philosophical world of privacy, data and digital life — tangible in a playful, cheeky manner, so you can make better, informed decisions about your data and the way they interact with big tech companies.

"The world of privacy and security is actually very difficult to help individuals understand in a tangible way," Jascha Kaykas-Wolff, Chief Marketing Officer at Mozilla, said.

"What happens when they go online and choose to interact with different kinds of businesses? Glass Room is a series of artists' interventions to help you physically feel, touch, and see the way that your data works for different companies."

Most of the items exhibited are interactive, from Where The F**k was I?, a book listing the artist's locations from June 2010 to April 2011 as recorded by his Apple's iPhone, to "Smell Dating", a new way to make connections that matches single people based on their olfactory compatibility.

Some of the "products" have a dark shroud of creepiness. "Data Production Labour", from artist and activist Manuel Beltran, investigates how the data we produce is a form of productive labour.

You simply place your phone on the mat and scroll Facebook, while a sensor records your hand movements and an emotion-recognition software tracks your facial expressions to see your response to what you see. The result is checked against the minimum wage in London.

Facial recognition also features in "Megapixel", which is a clever, intuitive way into the dominant debate on AI and privacy. The visitor simply walks up to the front of it and the system starts scanning your face and attempts to match it against a publicly accessible database of photos.

"The database that Megapixel uses to train for its facial recognition is available through common licensing, off of Flickr. So what you and I may not know is when you choose to upload your information into a place that we like because it offers a good service, that data is made available to other other businesses that can choose to do whatever they want," Kaykas-Wolff said.

A part of The Glass Room is dedicated to the big tech companies — Google, with a piece showing Alphabet's massive network of acquisitions; Facebook, with a model showing Mark Zuckerberg's house; Microsoft, with a remote-control fertility chip developed by the Bill and Melinda Gates Foundation.

At the end of your visit, a group of white-clad volunteers called "Ingenious" introduce you to a cheeky tool: the Data Detox Kit, a programme in eight prescribed steps — one for each day — to take back control of your data online and have a healthier relationship with the businesses running your life.

"What we don't understand as a mass of people around the world is how we can individually take control of our data," Kaykas-Wolff said. "With Glass Room, they'll understand their relationship into contributing to a healthier internet choosing to do something as simple as let's say shutting off location services on your phone."
http://mashable.com/2017/10/25/glass...a-privacy-art/

US Voting Server in Election Security Probe is Mysteriously Wiped

Nothing to see here, comrade. Move along, move along
Kieren McCarthy

Analysis A computer at the center of a lawsuit digging into woeful cyber-security practices during the US presidential election has been wiped.

The server in question is based in Georgia – a state that narrowly backed Donald Trump, giving him 16 electoral votes – and stored the results from the state's voting systems. The deletion of its data makes analysis of whether the computer was compromised impossible to ascertain.

There is good reason to believe that the computer may have been tampered with: it is 15 years old, and could have be harboring all sorts of exploitable software and hardware vulnerabilities. No hard copies of the votes are kept, making the electronic copy the only official record.

It is feared the machine may have been hacked by Russian agents, who have taken a keen interest in the 2016 White House race, or potentially any miscreant on the planet.

While investigating the Kennesaw State University's Center for Election Systems, which oversees Georgia's voting system, last year, security researcher Logan Lamb found its system was misconfigured, exposing the state's entire voter registration records, multiple PDFs with instructions and passwords for election workers, and the software systems used to tally votes cast.

"You could just go to the root of where they were hosting all the files and just download everything without logging in," he said. He also noted the files had been indexed by Google, making them readily available to anyone looking in the right place.

Despite Lamb letting the election center knows of his findings, the security holes were left unpatched for seven months. He later went public after the US security services announced there had been a determined effort by the Russian government to sway the presidential elections, including looking at compromising electronic voting machines.

Let's have a look

In an effort to force the state to scrap the system, a number of Georgia voters bandied together and sued. They asked for an independent security review of the server, expecting to find flaws that would lend weight to their argument for investment in a more modern and secure system.

But emails released this week following a Freedom of Information Act request reveal that technicians at the election center deleted the server's data on July 7 – just days after the lawsuit was filed.

The memos reveal multiple references to the data wipe, including a message sent just last week from an assistant state attorney general to the plaintiffs in the case. That same email also notes that backups of the server data were also deleted more than a month after the initial wipe – just as the lawsuit moved to a federal court.

It is unclear who ordered the destruction of the data, and why, but they have raised yet more suspicions of collusion between the Trump campaign team, the Republican Party, and the Russian government.

So far, everyone is claiming ignorance of the event. A spokesperson for Georgia’s secretary of state, Brian Kemp, who is in overall charge, denied having anything to do with the decision. And the election center's director, Michael Barnes, is refusing to comment.

Since the server was not under a court protection order, the destruction of its data is not illegal but it is extremely suspicious.

As for the information itself, there is one more avenue to recover it: the FBI took a copy of the server's filesystem contents when it opened an investigation into the system back in March. So far the Feds have refused to say whether they still have that copy.
https://www.theregister.co.uk/2017/1...georgia_wiped/

Until next week,

- js.

Current Week In Review

Recent WiRs -

October 21st, October 14th, October 7th, September 30th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.

"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public." - Hugo Black

27-10-17, 12:01 PM	#1
JackSpratts Join Date: May 2001 Location: New England Posts: 10,016	Peer-To-Peer News - The Week In Review - October 28th, ’17 Since 2002 "The way we're heading now, whoever is in office in 2020 will have to deal with our biggest ever national infrastructure debacle." – Laurie Patton October 28th, 2017 Portugal Bans Use of DRM to Limit Access to Public Domain Works Jeremy Malcolm At EFF, we've become all too accustomed to bad news on copyright come out of Europe, so it's refreshing to hear that Portugal has recently passed a law on copyright that helps to strike a fairer balance between users and copyright holders on DRM. The law doesn't abolish legal protection for DRM altogether—unfortunately, that wouldn't be possible for Portugal to do unilaterally, because it would be inconsistent with European Union law and with the WIPO Copyright Treaty to which the EU is a signatory. However, Law No. 36/2017 of June 2, 2017, which entered into force on June 3, 2017, does grant some important new exceptions to the law's anti-circumvention provisions, which make it easier for users to exercise their rights to access content without being treated as criminals. The amendments to Articles 217 and 221 of Portugal's Code of Copyright and Related Rights do three things. First, they provide that the anti-circumvention ban doesn't apply to circumvention of DRM in order to enjoy the normal exercise of copyright limitations and exceptions that are provided by Portuguese law. Although Portugal doesn't have a generalized fair use exception, the more specific copyright exceptions in Articles 75(2), 81, 152(4) and 189(1) of its law do include some key fair uses; including reproduction for private use, for news reporting, by libraries and archives, in teaching and education, in quotation, for persons with disabilities, and for digitizing orphan works. The circumvention of DRM in order to exercise these user rights is now legally protected. Second and perhaps even more significantly, the law prohibits the application of DRM to certain categories of works in the first place. These are works in the public domain (including new editions of works already in the public domain), and to works published or financed by the government. This provision alone will be a boon for libraries, archives, and for those with disabilities, ensuring that they never again have to worry about being unable to access or preserve works that ought to be free for everyone to use. The application of DRM to such works will now be an offence under the law, and if DRM has been applied to such works nevertheless, it will be permitted for a user to circumvent it. Third, the law also permits DRM to be circumvented where it was applied without the authorization of the copyright holder. From now on, if a licensee of a copyright work wishes to apply DRM to it when it is distributed in a new format or over a new streaming service, the onus will be on them to ask the copyright owner's permission first. If they don't do that, then it won't be an offence for its customers to bypass the DRM in order to obtain unimpeded access to the work, as its copyright owner may well have intended. If there's a shortcoming to the law, it's that it doesn't include any new exceptions to the ban on creating or distributing (or as lawmakers ludicrously call it, "trafficking in") anti-circumvention devices. This means that although users are now authorized to bypass DRM in more cases than before, they're on their own when it comes to accomplishing this. The amendments ought to have established clear exceptions authorizing the development and distribution of circumvention tools that have lawful uses, rather than leaving users to gain access to such tools through legally murky channels. Overall though, these amendments go to show just how much flexibility countries have to craft laws on DRM that strike a fairer balance between users and copyright holders—even if, like Portugal, those countries have international obligations that require them to have anti-circumvention laws. We applaud Portugal for recognizing the harmful effects that DRM has access to knowledge and information, and we hope that these amendments will provide a model for other countries wishing to make a similar stand for users' rights. https://www.eff.org/deeplinks/2017/1...c-domain-works The Upspin Manifesto: On the Ownership and Sharing of Data Here follows the original "manifesto" from late 2014 proposing the idea for what became Upspin. The text has been lightly edited to remove a couple of references to Google-internal systems, with no loss of meaning. I'd like to thank Eduardo Pinheiro, Eric Grosse, Dave Presotto and Andrew Gerrand for helping me turn this into a working system, in retrospect remarkably close to the original vision. Rob Pike Outside our laptops, most of us today have no shared file system at work. (There was a time when we did, but it's long gone.) The world took away our /home folders and moved us to databases, which are not file systems. Thus I can no longer (at least not without clumsy hackery) make my true home directory be where my files are any more. Instead, I am expected to work on some local machine using some web app talking to some database or other external repository to do my actual work. This is mobile phone user interfaces brought to engineering workstations, which has its advantages but also some deep flaws. Most important is the philosophy it represents. You don't own your data any more. One argument is that companies own it, but from a strict user perspective, your "apps" own it. Each item you use in the modern mobile world is coupled to the program that manipulates it. Your Twitter, Facebook, or Google+ program is the only way to access the corresponding feed. Sometimes the boundary is softened within a company—photos in Google+ are available in other Google products—but that is the exception that proves the rule. You don't control your data, the programs do. Yet there are many reasons to want to access data from multiple programs. That is, almost by definition, the Unix model. Unix's model is largely irrelevant today, but there are still legitimate ways to think about data that are made much too hard by today's way of working. It's not necessarily impossible to share data among programs (although it's often very difficult), but it's never natural. There are workarounds like plugin architectures and documented workflows but they just demonstrate that the fundamental idea—sharing data among programs—is not the way we work any more. This is backwards. It's a reversal of the old way we used to work, with a file system that all programs could access equally. The very notion of "download" and "upload" is plain stupid. Data should simply be available to any program with authenticated access rights. And of course for any person with those rights. Sharing between programs and people can be, technologically at least, the same problem, and a solved one. This document proposes a modern way to achieve the good properties of the old world: consistent access, understandable data flow, and easy sharing without workarounds. To do this, we go back to the old notion of a file system and make it uniform and global. The result should be a data space in which all people can use all their programs, sharing and collaborating at will in a consistent, intuitive way. Not downloading, uploading, mailing, tarring, gzipping, plugging in and copying around. Just using. Conceptually: If I want to post a picture on Twitter, I just name the file that holds it. If I want to edit a picture on Twitter using Photoshop, I use the File>Open menu in Photoshop and name the file stored on Twitter, which is easy to discover or even know a priori. (There are security and access questions here, and we'll come back to those.) Working in a file system. I want my home directory to be where all my data is. Not just my local files, not just my source code, not just my photos, not just my mail. All my data. My "phone" should be able to access the same data as my laptop, which should be able to access the same data as the servers. (Ignore access control for the moment.) $HOME should be my home for everything: work, play, life; toy, phone, work, cluster. This was how things worked in the old single-machine days but we lost sight of that when networking became universally available. There were network file systems and some research systems used them to provide basically this model, but the arrival of consumer devices, portable computing, and then smartphones eroded the model until every device is its own fiefdom and every program manages its own data through networking. We have a network connecting devices instead of a network composed of devices. The knowledge of how to achieve the old way still exists, and networks are fast and ubiquitous enough to restore the model. From a human point of view, the data is all we care about: my pictures, my mail, my documents. Put those into a globally addressable file system and I can see all my data with equal facility from any device I control. And then, when I want to share with another person, I can name the file (or files or directory) that holds the information I want to share, grant access, and the other person can access it. The essence here is that the data (if it's in a single file) has one name that is globally usable to anyone who knows the name and has the permission to evaluate it. Those names might be long and clumsy, but simple name space techniques can make the data work smoothly using local aliasing so that I live in "my" world, you live in your world (also called "my" world from your machines), and the longer, globally unique names only arise when we share, which can be done with a trivial, transparent, easy to use file-system interface. Note that the goal here is not a new file system to use alongside the existing world. Its purpose is to be the only file system to use. Obviously there will be underlying storage systems, but from the user's point of view all access is through this system. I edit a source file, compile it, find a problem, point a friend at it; she accesses the same file, not a copy, to help me understand it. (If she wants a copy, there's always cp!). This is not a simple thing to do, but I believe it is possible. Here is how I see it being assembled. This discussion will be idealized and skate over a lot of hard stuff. That's OK; this is a vision, not a design document. Everyone has a name. Each person is identified by a name. To make things simple here, let's just use an e-mail address. There may be a better idea, but this is sufficient for discussion. It is not a problem to have multiple names (addresses) in this model, since the sharing and access rights will treat the two names as distinct users with whatever sharing rights they choose to use. Everyone has stable storage in the network. Each person needs a way to make data accessible to the network, so the storage must live in the network. The easiest way to think of this is like the old network file systems, with per-user storage in the server farm. At a high level, it doesn't matter what that storage is or how it is structured, as long as it can be used to provide the storage layer for a file-system-like API. Everyone's storage server has a name identified by the user's name. The storage in the server farm is identified by the user's name. Everyone has local storage, but it's just a cache. It's too expensive to send all file access to the servers, so the local device, whatever it is—laptop, desktop, phone, watch—caches what it needs and goes to the server as needed. Cache protocols are an important part of the implementation; for the point of this discussion, let's just say they can be designed to work well. That is a critical piece and I have ideas, but put that point aside for now. The server always knows what devices have cached copies of the files on local storage. The cache always knows what the associated server is for each directory file in its cache and maintains consistency within reasonable time boundaries. The cache implements the API of a full file system. The user lives in this file system for all the user's own files. As the user moves between devices, caching protocols keep things working. Everyone's cache can talk to multiple servers. A user may have multiple servers, perhaps from multiple providers. The same cache and therefore same file system API refers to them all equivalently. Similarly, if a user accesses a different user's files, the exact same protocol is used, and the result is cached in the same cache the same way. This is federation as architecture. Every file has a globally unique name. Every file is named by this triple: (host address, user name, file path). Access rights aside, any user can address any other user's file by evaluating the triple. The real access method will be nicer in practice, of course, but this is the gist. Every file has a potentially unique ACL. Although the user interface for access control needs to be very easy, the effect is that each file or directory has an access control list (ACL) that mediates all access to its contents. It will need to be very fine-grained with respect to each of users, files, and rights. Every user has a local name space. The cache/file-system layer contains functionality to bind things, typically directories, identified by such triples into locally nicer-to-use names. An obvious way to think about this is like an NFS mount point for /home, where the remote binding attaches to /home/XXX the component or components in the network that the local user wishes to identify by XXX. For example, Joe might establish /home/jane as a place to see all the (accessible to Joe) pieces of Jane's world. But it can be much finer-grained than that, to the level of pulling in a single file. The NFS analogy only goes so far. First, the binding is a lazily-evaluated, multi-valued recipe, not a Unix-like mount. Also, the binding may itself be programmatic, so that there is an element of auto-discovery. Perhaps most important, one can ask any file in the cached local system what its triple is and get its unique name, so when a user wishes to share an item, the triple can be exposed and the remote user can use her locally-defined recipe to construct the renaming to make the item locally accessible. This is not as mysterious or as confusing in practice as it sounds; Plan 9 pretty much worked like this, although not as dynamically. Everyone's data becomes addressable. Twitter gives you (or anyone you permit) access to your Twitter data by implementing the API, just as the regular, more file-like servers do. The same story applies to any entity that has data it wants to make usable. At some scaling point, it becomes wrong not to play. Everyone's data is secure. It remains to be figured out how to do that, I admit, but with a simple, coherent data model that should be achievable. Is this a product? The protocols and some of the pieces, particularly what runs on local devices, should certainly be open source, as should a reference server implementation. Companies should be free to provide proprietary implementations to access their data, and should also be free to charge for hosting. A cloud provider could charge hosting fees for the service, perhaps with some free or very cheap tier that would satisfy the common user. There's money in this space. What is this again? What Google Drive should be. What Dropbox should be. What file systems can be. The way we unify our data access across companies, services, programs, and people. The way I want to live and work. Never again should someone need to manually copy/upload/download/plugin/workflow/transfer data from one machine to another. https://commandcenter.blogspot.com/2...rship-and.html FBI Couldn't Access Nearly 7K Devices Because of Encryption Michael Balsamo The FBI hasn't been able to retrieve data from more than half of the mobile devices it tried to access in less than a year, FBI Director Christopher Wray said Sunday, turning up the heat on a debate between technology companies and law enforcement officials trying to recover encrypted communications. In the first 11 months of the fiscal year, federal agents were unable to access the content of more than 6,900 mobile devices, Wray said in a speech at the International Association of Chiefs of Police conference in Philadelphia. "To put it mildly, this is a huge, huge problem," Wray said. "It impacts investigations across the board — narcotics, human trafficking, counterterrorism, counterintelligence, gangs, organized crime, child exploitation." The FBI and other law enforcement officials have long complained about being unable to unlock and recover evidence from cellphones and other devices seized from suspects even if they have a warrant, while technology companies have insisted they must protect customers' digital privacy. The long-simmering debate was on display in 2016, when the Justice Department tried to force Apple to unlock an encrypted cellphone used by a gunman in a terrorist attack in San Bernardino, California. The department eventually relented after the FBI said it paid an unidentified vendor who provided a tool to unlock the phone and no longer needed Apple's assistance, avoiding a court showdown. The Justice Department under President Donald Trump has suggested it will be aggressive in seeking access to encrypted information from technology companies. But in a recent speech, Deputy Attorney General Rod Rosenstein stopped short of saying exactly what action it might take. "I get it, there's a balance that needs to be struck between encryption and the importance of giving us the tools we need to keep the public safe," Wray said. In a wide-ranging speech to hundreds of police leaders from across the globe, Wray also touted the FBI's partnerships with local and federal law enforcement agencies to combat terrorism and violent crime. "The threats that we face keep accumulating, they are complex, they are varied," Wray said, describing threats from foreign terror organizations and homegrown extremists. Wray also decried a potential "blind spot" for intelligence gathering if Congress doesn't reauthorize an intelligence surveillance law set to expire at the end of the year. The Foreign Intelligence Surveillance Act allows the government to collect information about militants, people suspected of cybercrimes or proliferation of weapons of mass destruction, and other foreign targets outside the United States. Intelligence and law enforcement officials say the act is vital to national security. A section of the act permits the government, under the oversight of the Foreign Intelligence Surveillance Court, to target non-Americans outside the United States. "If it doesn't get renewed or reauthorized, essentially in the form that it already is, we're about to get another blind spot," Wray said. ___ Associated Press writer Sadie Gurman in Washington contributed to this report. http://www.newstimes.com/business/te...f-12297546.php Senators Push Bill Requiring Warrant for U.S. Data Under Spy Law Dustin Volz A bipartisan group of a dozen U.S. senators introduced on Tuesday legislation that would require the National Security Agency to obtain a warrant for queries of data on Americans under an internet surveillance program. Senator Ron Wyden (D-OR) speaks with Reuters during an interview in Washington, U.S., May 19, 2017. REUTERS/Joshua Roberts The effort, led by Democrat Ron Wyden and Republican Rand Paul, would reform other aspects of the warrantless program. The bill is likely to complicate congressional renewal of a portion of a spying law due to expire on Dec. 31. U.S. intelligence officials value Section 702 of the Foreign Intelligence Surveillance Act as a vital tool for fighting national and cyber security threats and helping to protect American allies. It allows U.S. intelligence agencies to eavesdrop on and store vast amounts of digital communications from foreign suspects living outside the United States. The surveillance program, classified details of which were exposed in 2013 by former NSA contractor Edward Snowden, also incidentally scoops up communications of Americans, including if they communicate with a foreign target living overseas. Those communications can then be subject to searches without a warrant, including by the Federal Bureau of Investigation. The USA Rights Act authored by Wyden and Paul would end that practice. The measure was introduced with support from a wide berth of more than 40 civil society groups, including the American Civil Liberties Union and FreedomWorks. A companion bill was also introduced in the House of Representatives. It would renew Section 702 for four years with additional transparency and oversight provisions, such as allowing individuals to more easily raise legal challenges against the law and expand the oversight jurisdiction of the Privacy and Civil Liberties Oversight Board, a government privacy watchdog. Earlier this month, a bipartisan group in the House of Representatives introduced legislation to add privacy protections to Section 702, including partially restricting the FBI’s ability to access U.S. data when investigating a crime. Privacy groups criticized that plan as too narrow. Separately, the Senate Intelligence Committee was expected to vote on Tuesday on a bill to reauthorize Section 702. A private vote was scheduled, which is often the practice on intelligence legislation. Privacy advocates complained that bill would not reform the process, and Wyden sent a letter on Monday urging committee leaders to allow a public vote. Wyden said the bill “will have enormous impact on the security, liberty, and constitutional rights of the American people” and should be debated in the open. Reporting by Dustin Volz; Editing by Leslie Adler and David Gregorio https://www.reuters.com/article/us-u...-idUSKBN1CT2O5 Kaspersky Says it Obtained Suspected NSA Hacking Code from U.S. Computer Joseph Menn Moscow-based Kaspersky Lab on Wednesday acknowledged that its security software had taken source code for a secret American hacking tool from a personal computer in the United States. The admission came in a statement from the embattled company that described preliminary results from an internal inquiry it launched into media reports that the Russian government used Kaspersky anti-virus software to collect National Security Agency technology. While the explanation is considered plausible by some security experts, U.S. officials who have been campaigning against using Kaspersky software on sensitive computers are likely to seize on the admission that the company took secret code that was not endangering its customer to justify a ban. Fears about Kaspersky’s ties to Russian intelligence, and the capacity of its anti-virus software to sniff out and remove files, prompted an escalating series of warnings and actions from U.S. authorities over the past year. They culminated in the Department of Homeland Security last month barring government agencies from using Kaspersky products. In a statement, the company said it stumbled on the code a year earlier than the recent newspaper reports had it, in 2014. It said logs showed that the consumer version of Kaspersky’s popular product had been analyzing questionable software from a U.S. computer and found a zip file that was flagged as malicious. While reviewing the file’s contents, an analyst discovered it contained the source code for a hacking tool later attributed to what Kaspersky calls the Equation Group. The analyst reported the matter to Chief Executive Eugene Kaspersky, who ordered that the company’s copy of the code be destroyed, the company said. “Following a request from the CEO, the archive was deleted from all our systems,” the company said. It said no third parties saw the code, though the media reports had said the spy tool had ended up in Russian government hands. The Wall Street Journal said on Oct. 5 that hackers working for the Russian government appeared to have targeted the NSA worker by using Kaspersky software to identify classified files. The New York Times reported on Oct. 10 that Israeli officials reported the operation to the United States after they hacked into Kaspersky’s network. Kaspersky did not say whether the computer belonged to an NSA worker who improperly took home secret files, which is what U.S. officials say happened. Kaspersky denied the Journal’s report that its programs searched for keywords including “top secret.” The company said it found no evidence that it had been hacked by Russian spies or anyone except the Israelis, though it suggested others could have obtained the tools by hacking into the American’s computer through a back door it later spotted there. The new 2014 date of the incident is intriguing, because Kaspersky only announced its discovery of an espionage campaign by the Equation Group in February 2015. At that time, Reuters cited former NSA employees who said that Equation Group was an NSA project. Kaspersky’s Equation Group report was one of its most celebrated findings, since it indicated that the group could infect firmware on most computers. That gave the NSA almost undetectable presence. Kaspersky later responded via email to a question by Reuters to confirm that the company had first discovered the so-called Equation Group programs in the spring of 2014. It also did not say how often it takes uninfected, non-executable files, which normally would pose no threat, from users’ computers. Former employees told Reuters in July that the company used that technique to help identify suspected hackers. A Kaspersky spokeswoman at the time did not explicitly deny the claim but complained generally about “false allegations.” After that, the stories emerged suggesting that Kaspersky was a witting or unwitting partner in espionage against the United States. Kaspersky’s consumer anti-virus software has won high marks from reviewers. It said Monday that it would submit the source code of its software and future updates for inspection by independent parties. Reporting by Joseph Menn in San Francisco; Editing by Jim Finkle and Eric Auchard https://uk.reuters.com/article/us-us...-idUKKBN1CU0TN NSA Contractor Leaked US Hacking Tools by Mistake, Kaspersky Says User downloaded malware while pirating Microsoft Office before running virus scan on machine containing confidential software, says Russian firm’s founder Alex Hern An incredible sequence of security mistakes led to a US National Security Agency contractor leaking his own confidential hacking tools to Russian cybersecurity firm Kaspersky Lab, the Moscow-based company has alleged. The claim comes as part of an internal investigation into allegations that the company helped Russian spies discover and steal the NSA files, by locating and flagging the contractor. Kaspersky Lab does not dispute that it discovered hacking tools on the computer of a user of one of its consumer antivirus products. But the timeline it lays out is one of multiple serious security errors on the part of the user, believed to be an NSA contractor. According to Kaspersky’s report, the contractor was using the company’s home antivirus software when it detected a piece of malware attributed to the “Equation Group” (the security firm’s internal codename for what is believed to be the NSA’s hacking team) on 11 September 2014. Some time after that, the contractor apparently disabled the Kaspersky antivirus software, the company says, but is unable to pinpoint the exact date as that information is not logged. On 4 October 2014, it appears that the contractor turned the antivirus software back on – because he had downloaded and installed some malware while trying to pirate Microsoft Office. “The user appears to have downloaded and installed pirated software on his machines, as indicated by an illegal Microsoft Office activation key generator,” Kaspersky says. “The malware dropped from the trojanised keygen was a full blown backdoor, which may have allowed third parties access to the user’s machine.” When the user turned his antivirus software back on, and “scanned the computer multiple times”, it correctly detected and blocked the malware. But it also detected some NSA hacking tools, again flagging them as malware. This time, because the hacking tools were “new variants”, the antivirus made use of a second security feature that the contractor had enabled, uploading the file to Kaspersky Lab for analysis. Speaking to the Guardian, Eugene Kaspersky, the company’s founder and chief executive, said that from there, the issue was elevated directly to him. “The analyst who received the archive reported it to me and the decision was made to delete the archive from all the company’s systems. Nothing was shared with anyone and no further detections from this user have been received.” Kaspersky Lab’s narrative matches with the initial allegations in a number of ways, but leaves some puzzling discrepancies. For one, the initial report by the Wall Street Journal alleged the events occurred in 2015; Kaspersky describes a the series of events as happening in late 2014. But the bigger unknown is whether and how Kaspersky’s acknowledged discovery and acquisition of NSA hacking tools resulted in Russian intelligence agencies discovering the NSA contractor, and targeting him for further, apparently successful, attacks. Mr Kaspersky vehemently denies the allegation. “No credible evidence has been presented to substantiate the claim of the company’s involvement in the alleged incident,” he said. In an earlier statement, Mr Kaspersky had implied that a successful hack of Kaspersky Lab’s systems by Russian spies might have resulted in the breach; now, he has gone back on that theory too. “If there is any indication that the company’s systems may have been exploited, we respectfully request relevant parties to responsibly provide the company with verifiable information,” he said. Kaspersky Lab has acknowledged being hacked by a nation state once before: in 2015, it discovered that dozens of machines in its networks had been infected by the Duqu 2.0 spyware, which is believed to be linked to Israel. “We are confident that we have identified and removed all the infections that happened during that incident,” Eugene Kaspersky now says. “Furthermore, Kaspersky Lab publicly reported the attack, and the company offered its assistance to affected or interested organisations to help mitigate this threat.” On Monday, Kaspersky Lab announced a new initiative to try and win back some of the trust lost as a result of the allegations. The “global transparency initiative” sees it opening up the source code to its software to a panel of independent experts, as well as submitting to a full audit of its internal security practices. “Trust is essential in cybersecurity,” said Mr Kaspersky, “which depends on collaboration between vendors, researchers, clients.” That trust is also crucial because of the nature of antivirus programs, which must be given total access to the user’s computer, and the ability to check back with a central server to update definitions, to do their job effectively. That efficacy is what Kaspersky hopes to renew focus on. “I always choose the best. With cybersecurity any trade-offs in favour of origin, price or any other feature may lead to unpredictable and sad consequences. “As a result of a single successful cyber-attack a person may lose all data, a critical infrastructure may stop working and even lead to human casualties. In my opinion cybersecurity tolerates no compromises.” https://www.theguardian.com/technolo...crosoft-office Researchers Warn of New Botnet that Could Take Down the Internet The Reaper botnet is far more dangerous than Mirai, which took down Twitter, Netflix, and Reddit William Gayde Security group Check Point Research claims to have discovered a rapidly growing and evolving botnet which they believe could eventually take down the internet. This botnet consists of millions of internet connected devices, better known as the Internet of Things. They have compared its strength to the now infamous Mirai botnet, but believe it will dwarf Mirai in its speed and growth. This latest threat has been called the Reaper botnet and makes other attacks look childish. Mirai worked by infecting unsecured devices with default passwords to add them to the botnet. The Reaper works by actively hacking and infiltrating millions of devices around the globe. Wired described it as "the difference between checking for open doors and actively picking locks." The Reaper malware contains some of the Mirai source code, but has greatly expanded its risk and potential. Rather than guessing common passwords, Reaper uses known vulnerabilities to inject its code into the victim. This allows it to grow at a much faster rate. The malware has already been discovered on 60% of networks monitored by Checkpoint. Vulnerable hardware includes devices from GoAhead, D-Link, TP-Link, Netgear, AVTech, MikroTik, Linksys, Synology, and some portions of Linux. Many of these device manufacturers have released patches for the vulnerabilities, but most users don't apply them. There are millions of devices already running the Lua-based software that will allow the botnet owners to load their attack modules. There have been no reported uses of the botnet, but the code shows it's in standby waiting for a signal to start the volley of DDoS attacks. Mirai had a bandwidth exceeding 1Tbps and was able to bring down sites like GitHub, Twitter, Reddit, Netflix, and Airbnb. Reaper is far more sophisticated and has the potential to launch attacks on a scale never seen before experts warn. https://www.techspot.com/news/71514-...-internet.html Bad Rabbit: Ten Things You Need to Know about the Latest Ransomware Outbreak It's the third major outbreak of the year - here's what we know so far. Danny Palmer A new ransomware campaign has hit a number of high profile targets in Russia and Eastern Europe. Dubbed Bad Rabbit, the ransomware first started infecting systems on Tuesday 24 October, and the way in which organisations appear to have been hit simultaneously immediately drew comparisons to this year's WannaCry and Petya epidemics. Following the initial outbreak, there was some confusion about what exactly Bad Rabbit is. Now the initial panic has died down, however, it's possible to dig down into what exactly is going on. 1. The cyber-attack has hit organisations across Russia and Eastern Europe Organisations across Russian and Ukraine -- as well as a small number in Germany, and Turkey -- have fallen victim to the ransomware. Researchers at Avast say they've also detected the malware in Poland and South Korea. Russian cybersecurity company Group-IB confirmed at least three media organisations in the country have been hit by file-encrypting malware, while at the same time Russian news agency Interfax said its systems have been affected by a "hacker attack" -- and were seemingly knocked offline by the incident. Other organisations in the region including Odessa International Airport and the Kiev Metro also made statements about falling victim to a cyber-attack, while CERT-UA, the Computer Emergency Response Team of Ukraine, also posted that the "possible start of a new wave of cyberattacks to Ukraine's information resources" had occurred, as reports of Bad Rabbit infections started to come in. At the time of writing, it's thought there are almost 200 infected targets and indicating that this isn't an attack like WannaCry or Petya was -- but it's still causing problems for infected organisations. "The total prevalence of known samples is quite low compared to the other "common" strains," said Jakub Kroustek, malware analyst at Avast. 2. It's definitely ransomware Those unfortunate enough to fall victim to the attack quickly realised what had happened because the ransomware isn't subtle -- it presents victims with a ransom note telling them their files are "no longer accessible" and "no one will be able to recover them without our decryption service". Victims are directed to a Tor payment page and are presented with a countdown timer. Pay within the first 40 hours or so, they're told, and the payment for decrypting files is 0.05 bitcoin -- around $285. Those who don't pay the ransom before the timer reaches zero are told the fee will go up and they'll have to pay more. The encryption uses DiskCryptor, which is open source legitimate and software used for full drive encryption. Keys are generated using CryptGenRandom and then protected by a hardcoded RSA 2048 public key. 3. It's based on Petya/Not Petya If the ransom note looks familiar, that's because it's almost identical to the one victims of June's Petya outbreak saw. The similarities aren't just cosmetic either -- Bad Rabbit shares behind-the-scenes elements with Petya too. Analysis by researchers at Crowdstrike has found that Bad Rabbit and NotPetya's DLL (dynamic link library) share 67 percent of the same code, indicating the two ransomware variants are closely related, potentially even the work of the same threat actor. 4. It spreads via a fake Flash update on compromised websites The main way Bad Rabbit spreads is drive-by downloads on hacked websites. No exploits are used, rather visitors to compromised websites -- some of which have been compromised since June -- are told that they need to install a Flash update. Of course, this is no Flash update, but a dropper for the malicious install. Infected websites -- mostly based in Russia, Bulgaria, and Turkey -- are compromised by having JavaScript injected in their HTML body or in one of their .js files. 5. It can spread laterally across networks... Much like Petya, Bad Rabbit comes with a potent trick up its sleeve in that it contains an SMB component which allows it to move laterally across an infected network and propagate without user interaction, say researchers at Cisco Talos. What aids Bad Rabbit's ability to spread is a list of simple username and password combinations which it can exploit to brute-force its way across networks. The weak passwords list consists of a number of the usual suspects for weak passwords such as simple number combinations and 'password'. 6. ... but it doesn't use EternalBlue When Bad Rabbit first appeared, some suggested that like WannaCry, it exploited the EternalBlue exploit to spread. However, this now doesn't appear to be the case. "We currently have no evidence that the EternalBlue exploit is being utilized to spread the infection," Martin Lee, Technical Lead for Security Research at Talos told ZDNet. 7. It may not be indiscriminate At the same point following the WannaCry outbreak, hundreds of thousands of systems around the world had fallen victim to ransomware. However, Bad Rabbit doesn't appear to indiscriminately infecting targets, rather researchers have suggested that it only infects selected targets. "Our observations suggest that this been a targeted attack against corporate networks," said Kaspersky Lab researchers. Meanwhile, researchers at ESET say instructions in the script injected into infected websites "can determine if the visitor is of interest and then add content to the page" if the target is deemed suitable for infection. However, at this stage, there's no obvious reason why media organisations and infrastructure in Russia and Ukraine has been specifically targeted in this attack. 8. It isn't clear who is behind it At this time, it's still unknown who is distributing the ransomware or why, but the similarity to Petya has led some researchers to suggest that Bad Rabbit is by the same attack group -- although that doesn't help identify the attacker or the motive either, because the perpetrator of June's epidemic has never been identified. What marks this attack out is how it has primarily infected Russia - Eastern Europe cybercriminal organisations tend to avoid attacking the 'motherland', indicating this unlikely to be a Russian group. 9. It contains Game of Thrones references Whoever it behind Bad Rabbit, they appear to be a fan of Game of Thrones: the code contains references to Viserion, Drogon, and Rhaegal, the dragons which feature in television series and the novels it is based on. The authors of the code are therefore not doing much to change the stereotypical image of hackers being geeks and nerds. 10. You can protect yourself against becoming infected by it At this stage, it's unknown if it's possible to decrypt files locked by Bad Rabbit without giving in and paying the ransom - although researchers say that those who fall victim shouldn't pay the fee, as it will only encourage the growth of ransomware. A number of security vendors say their products protect against Bad Rabbit. But for those who want to be sure they don't potentially fall victim to the attack, Kaspersky Lab says users can block the execution of file 'c: \ windows \ infpub.dat, C: \ Windows \ cscc.dat.' in order to prevent infection. http://www.zdnet.com/article/bad-rab...ware-outbreak/ How Lobbyists Convinced Lawmakers to Kill a Broadband Privacy Bill Leaked documents reveal scare tactics that helped ISPs avoid privacy rules. Jon Brodkin When a California state legislator proposed new broadband privacy rules that would mirror the federal rules previously killed by Congress, broadband industry lobbyists got to work. The lobbyists were successful in convincing the state legislature to let the bill die without passage last month, leaving Internet users without stronger rules protecting the privacy of their Web browsing histories. This week, the Electronic Frontier Foundation (EFF) released documents that lobbyists distributed to lawmakers before the vote. The EFF described one as "an anonymous and fact-free document the industry put directly into the hands of state senators to stall the bill" and the other as "a second document that attempted to play off fears emerging from the recent Charlottesville attack by white supremacists." You can read them here and here. The California bill, introduced by Assembly-member Ed Chau (D-Monterey Park), was modeled on now-defunct Federal Communications Commission rules and would have required Internet service providers to obtain customers' permission before they use, share, or sell the customers' Web browsing and application usage histories. Rules would disrupt fight against terror, lobbyists claim Internet usage histories are valuable to ISPs that want to serve up personalized advertisements. But that's not the argument made in the documents distributed to legislators. Instead, among other things, the documents claimed the rules would present a homeland security threat. "The bill would bar ISPs from sharing potentially identifiable information with law enforcement in many circumstances," one of the documents claimed. "For example, a threat to conduct a terror attack could not be shared (unless it was to protect the ISP, its users, or other ISPs from fraudulent, abusive, or unlawful use of the ISP's service. AND the bill instructs that all such exceptions are to be construed narrowly." The second document got more specific, saying that "ISPs who inadvertently learned of a right-wing extremist or other violent threat to the public at large could not share that information with law enforcement without customer approval. Even IP address of the bad actor could not be shared." Those claims simply aren't true, EFF Legislative Counsel Ernesto Falcon wrote: There is absolutely nothing true about this statement. AB 375 [the privacy bill] specifically said that an ISP can disclose information without customer approval for any "fraudulent, abusive, or unlawful use of the service." More importantly, it also included what is often referred to as a "catchall provision" by allowing ISPs to disclose information "as otherwise required or authorized by law." That catchall provision makes a big difference, because existing laws that would not have been disrupted by the privacy bill would have let ISPs continue providing information to police in emergencies, he wrote. Websites and ISPs joined in opposition While the documents released this week are anonymous, they expand on claims made previously in a letter signed by AT&T, Comcast, Charter, Frontier, Sprint, Verizon, and some broadband lobby groups. That letter was also signed by advertiser groups such as the Association of National Advertisers and the Data & Marketing Association, as well as the Internet Association, which represents Internet companies such as Facebook and Google. Chau's bill would not have imposed requirements on websites, but the Internet Association was apparently worried that the restrictions would eventually spread beyond ISPs. We asked Chau today if he knows who was spreading the documents to legislators and will provide an update if we get one. Through their membership in the Internet Association, "Google and Facebook locked arms with AT&T, Verizon, and Comcast to oppose this critical legislation," Falcon wrote. "What is worse, they didn’t just oppose the bill, but lent their support to a host of misleading scare tactics." “The great, fake pop-up scare” One of the two lobbyist documents released this week responded directly to the EFF's arguments, comparing what the EFF called a "myth" to the "facts" as determined by lobbyists trying to kill the privacy bill. For example, the EFF had called it a myth that the bill would inundate Internet users with pop-ups asking for permission to have their data used. Consumers would only have to consent to information sharing once, "not every time they use the Internet," the EFF argued. But according to lobbyists, "new requests for consent would be required for any use not specifically included in the initial request for consent. This would likely annoy consumers." Falcon called this "the great, fake pop-up scare." While the bill would have required getting customers' permission before monetizing customers' Internet usage history, "it did not mandate that people have to constantly receive pop-ups to obtain that consent," Falcon wrote. "In fact, once you said no, they couldn’t keep asking you over and over again without violating this law and likely laws that regulate fraud and deceptive acts by businesses." If you agreed to information sharing and the ISP changed the terms of that agreement, "they would have to ask your permission again," he noted. But that ensures that ISPs can't "sneak through new invasions of privacy" without telling customers first, he wrote. The EFF expects further battles to enact privacy laws in 2018 and said it "plan[s] to make sure that every legislator who was bamboozled by companies like Google, Facebook, Comcast, and AT&T is given the facts." https://arstechnica.com/tech-policy/...old-lawmakers/ Michigan Lawmaker Flees Twitter After Reports Highlight She Helped AT&T Push Anti-Competition Broadband Law Karl Bode Last week we noted how Freshman Michigan Representative Michele Hoitenga has been pushing a broadband competition-killing bill she clearly neither wrote nor understands. The industry-backed bill, HB 5099 (pdf), would ban Michigan towns and cities from using taxpayer funds to build or operate community broadband networks, and would hamstring these communities' abilities to strike public/private partnerships. The bill is just the latest example of broadband industry protectionist laws ISPs ghost write, then shovel unobstructed through the corrupt state legislative process. ISPs want to have their cake and to eat it too; they don't want to upgrade or deploy broadband into rural or lower income areas, but they don't want others to either. Why? Because these communities might highlight how there's creative, collaborative alternatives to the duopoly status quo we all despise. And they certainly don't want added outside pressure disrupting the good thing (read: duopoly regulatory capture resulting in no competition and higher rates) they've enjoyed for the better part of a generation. While companies like AT&T could deter towns and cities from looking for creative alternatives by offering better, cheaper service, it's much less expensive to throw money at lawmakers who, with the help of groups like ALEC, craft and pass laws protecting their regional mono/duopolies. All while pretending that their only real motivation is to protect the taxpayer, of course. And while this process has played out in dozens of states repeatedly over the last fifteen years (more than twenty states have let ISPs write similar state laws), Hoitenga's lack of experience provided a closer look at the often-grotesque process. As we noted last week, Hoitenga doesn't appear to even remotely understand how the broadband industry works, from her belief that Michigan residents had 37 different ISPs to choose from, to her argument that letting giant ISPs dictate what locals can do in their own communities somehow...helps the little guy. As the press began to politely highlight how Hoitenga should probably actually understand the industry she's legislating and the bill she's supporting, the lawmaker refused to comment -- and instead chose to flee Twitter: The Michigan lawmaker who is trying to ban municipal broadband doesn't seem to enjoy Twitter so much anymore https://t.co/M3CqqXQFps pic.twitter.com/Jr7s1odfhk — Jorb S. Pumpkins (@jbrodkin) October 21, 2017 For added protection, she blocked my account specifically from following her whatsoever: That should certainly fix the problem, right? While it's unclear which giant ISP wrote the bill Hoitenga couldn't bother to understand, AT&T has been particularly active on this front over the last decade and is the most likely culprit. And based on a quick look at campaign financing and lobbying disclosures, Hoitenga's fealty to the status quo appears to have come relatively cheap for the multi-billion dollar media, television and telecom conglomerate: Campaign finance records reviewed by IBT show that two of her largest campaign contributors are AT&T Michigan and the Telecommunications Association of Michigan (TAM): AT&T gave her campaign $1,500 while TAM provided her with $3,500 — large amounts for a first term state representative. The Michigan Cable Telecommunications Association — a separate entity from TAM — gave Hoitenga’s campaign $1,000. According to state lobbying records reviewed by IBT, Hoitenga met and dined with TAM lobbyists during the first half of the year. Michigan’s lobbying disclosures are filed every six months, so it is currently unknown if TAM lobbyists has met with Hoitenga since June. The $142.82 spent to take Hoitenga out for a meal appears to be the only food and beverage expense TAM has disclosed in conjunction with its lobbying since 2001 , as far back as online lobbying records go. Again, why bother to offer better and cheaper broadband service when you can quite literally buy protectionist state law for a few thousand dollars and some duck a l'orange? Update: While Hoitenga has since restored public access to her Twitter account, I remain blocked. She has subsequently tried to claim on Facebook that the accounts she blocked were issuing threats against her and her family. For the record I asked Hoitenga one, entirely civil question. https://www.techdirt.com/articles/20...band-law.shtml Big Telecom Spent $200,000 to Try to Prevent a Colorado Town From Even Talking About a City-Run Internet Fort Collins, Colorado is set to vote on a ballot measure that would open the door for municipal broadband, and Big Telecom is fighting mad. Kaleigh Rogers Politics is an expensive game, but when an oligopoly is at stake, there's no price tag too high for Big Telecom. In Fort Collins, Colorado—a town of about 150,000 north of Denver—Big Telecom has contributed more than $200,000 to a campaign opposing a ballot measure to simply consider a city-run broadband network. It's the latest example of how far Big Telecom is willing to go to prevent communities from building their own internet and competing with the status quo. "It's been wild," said Glen Akins, a Fort Collins advocate for municipal broadband. "We're overwhelmed by the amount of money the opposition is spending." When the residents of Fort Collins vote on November 7 they'll have a couple of ballot measures to consider, including one on city-run internet. If that measure is approved, Fort Collins will be able to change the city charter to allow it to run a municipal broadband utility. This doesn't mean it will happen for sure, and the city still hasn't finalized what that utility would look like, but it opens the door to further discussions. It's part of a process that is necessary because Colorado is one of 23 states that have laws restricting the development of municipally owned broadband (all of which have been lobbied for by telecom companies). Colorado's law can be bypassed with a ballot measure, and in recent years this action has become particularly popular. Last year, 26 communities in Colorado voted on municipal broadband measures—all of them passed, meaning those municipalities can now explore building their own networks. In total, more than 100 communities in Colorado have voted in favor of measures to bypass the state's restriction. Fort Collins passed this hurdle in 2015, and the new vote would take the next step of amending the town charter. But there are surprisingly strong forces at play lobbying against the Fort Collins measure, and funding a campaign that includes TV and radio ads, Google search ads, and flyers. The biggest contributor to the anti-municipal broadband measure is the Colorado Cable Telecommunications Association, a trade group representing the traditional telecom providers in the state. "We are involved in the chamber of commerce and in the Colorado Cable Telecommunications Association," Leslie Oliver, Comcast's director of external communications for its west division, told me over the phone. The CCTA forked over $125,000 to Priorities First Fort Collins, the anti-municipal broadband campaign, according to filings published Wednesday. But there's also been a $85,000 contribution from Citizens for a Sustainable Economy, a local nonprofit run by the city's Chamber of Commerce, which include local provider CenturyLink as a member. "There are two explanations: one is that all of the cable companies in the state feel very strongly about drawing a line in the sand now, after 100 communities have already made this decision," Christopher Mitchell, Community Broadband Networks initiative director at the Institute for Local Self-Reliance, said over the phone. "Or Comcast is the one pushing it, and we've seen that in countless states before." Oliver told me Comcast had not made any public statements about the ballot measure. Motherboard reached out to Centurylink but did not receive an immediate response. The "no" campaign's main argument is that the city shouldn't waste money on projects like a municipal broadband network where there are other, more important, issues at hand. But the ads don't seem to acknowledge that if Fort Collins did decide to go forward with city-run internet—at an estimated cost of $150 million—it would be funded through utility bonds, which wouldn't be available to use on other issues, like road repairs. "The broadband budget is going to be funded 100 percent through subscriber fees," Atkins noted. "If you don't build the network, it doesn't magically create $150 million to spend on something else." And, again, the ballot measure is just to open the door to possibility; Why put so much effort and money into a campaign against starting a conversation? But Big Telecom has a history of opposing municipal broadband initiatives. It has gone to extreme lengths, from suing the FCC to throwing around money in local elections, including in nearby Longmont, Colorado. In 2011, a remarkably similar anti-muninet campaign, also supported by the CCTA, spent more than $300,000 to oppose a ballot measure in Longmont. But Longmont residents voted in favor of the measure, and the town's municipal broadband network lit up in 2014. Akins is eagerly awaiting November, when the city will find out if voters followed in Longmont's footsteps. He told me his totally unofficial guesstimate: the measure will pass, but just barely. https://motherboard.vice.com/en_us/a...y-run-internet How Australia's A$49bn Internet Network Came to be Ridiculed Trevor Marshallsea In 1872, rugged, frontier Australia was lauded for overcoming the tyranny of distance to connect itself to the world via the "bush telegraph", a two-year project stringing 3,200km (2,000 miles) of wire through the outback that became part of the nation's folklore. By contrast today, while striving to be seen as an "innovation nation", Australia stands condemned, even ridiculed, for its latest drive for connectivity: a modern, fast internet network. Three letters - NBN - have come to strike dread into the minds of consumers, with the National Broadband Network symbolising for many a template in how not to do things. Given Australia's large size and sparse population density of three people per square kilometre, the NBN is the country's largest ever infrastructure project. The total budget sits at A$49bn (£29bn; $38bn). Of that budget, around 35% must be spent connecting the final 10% of users, including wiring to remote areas, erecting many of the required 2,600 wireless towers and, most expensively, putting two satellites in the sky. This week, Prime Minister Malcolm Turnbull called the NBN a mistake and a "calamitous train wreck" by a previous Labor government. Former Prime Minister Kevin Rudd hit back by saying the project's issues "lie all on your head" - meaning the current conservative government. The escalating blame game, the NBN's slow roll-out, and a switch to inferior technology midstream have combined with other factors to leave Australians frequently asking the question: Why is our internet so slow? @NBN_Australia Finally got NBN setup. Extremely disappointed. Paid for plan at 100mbps download. Told my max line speed is only 39mbps...... — Lucas Atkins (@UberLucas) October 23, 2017 Report End of Twitter post by @UberLucas I live in one the most densely populated neighbourhoods in Australia, and @NBN_Australia isn't available in my 50-unit building. It's a joke — Doom Knightmare ��️�� (@domknight) October 23, 2017 Report End of Twitter post by @domknight Actually, I think the NBN has been a great suc [LOADING...] [....] [.......] [.............] cess — Kara Schlegl (@karaschlegl) October 23, 2017 Report End of Twitter post by @karaschlegl In 2013, Australia ranked 30th for average internet speeds. The NBN was meant to improve that, but the most recent standings ranked Australia 50th. The State of the Internet survey by US internet firm Akamai put Australia - with an average of 11.1 Mbps (megabits per second) - behind countries including Kenya, Hungary and Russia. And while it promotes itself as part of go-ahead Asia, Australia sits only eighth in the region, behind neighbours such as Thailand (21st overall) and New Zealand (27th). Some comparisons are misleading. Only 1.75% of Kenyan homes have fixed-line internet, compared with 90% in Australia. For many, particularly inner-city Australians on the best NBN technology, fixed-line speeds are adequate, particularly if you pay more. But there's no escaping Australia has been overtaken by many countries on the internet table. What's worse is that with many of those connected to the NBN reporting no improvement over old ADSL connections, of the homes equipped to take the new service, only 40% have chosen to do so. In business, and international competitiveness, the fears are perhaps more serious. NBN by the numbers A$49bn The current estimated cost of building the network 2007 The year the project was announced 2020 When the rollout is expected to be completed A$91,196 The cost of connecting one remote property 159% The rise in complaints since last financial year "Going lower in ranking is alarming, and just not acceptable," says University of Sydney academic Dr Tooran Alizadeh, who has researched the NBN extensively and, like others, worries Australia's best minds will be lost to countries with better technology. "Australia wants to be in the first 10 or so economies in the world. Obviously if you want to do that your internet access cannot be ranked 50th." The history In 2007, Mr Rudd announced 98% of Australian homes would be on the NBN by 2020. It was a breathtakingly ambitious idea. It was also, according to critics, backed by inadequate research into logistics and costs, initially put at A$15bn. The natural starting point was Australia's oldest telecom company, Telstra. Elsewhere, countries like New Zealand simply used the infrastructure already laid by their major telecom company to install fast internet cabling. But Telstra, halfway privatised at the time, clashed with regulators over how it might onsell broadband access to its competitors, and so pulled out of the running to build the network. Eventually, the government announced it would simply start a whole new semi-autonomous company from scratch. Called the NBN, it would set up the infrastructure to connect Australians with state-of-the-art fibre optic cables to their homes, selling bandwidth wholesale to retailers. Progress was slow, sporadic, and expensive. With Australia's preference for underground wiring, often concrete driveways would have to be dug up and relaid. Costs thus blew out for connecting houses from an envisaged average of A$4,400 to, in some cases, more than A$20,000, an NBN spokesman says. Complaints soon arose over why some regions were connected before others, with schools and hospitals, for example, getting very unequal standards of internet quality. Accusations of government pork-barrelling, however, were wide of the mark. "The government just wanted progress, so it became a matter of which places were easiest and quickest to connect," one source with intimate knowledge of the subject told the BBC. "Often this came down to issues like basic geology - where was the rock easiest to drill through?" After the conservative government attained power in 2013, the NBN struck more upheaval, with copper wire ordered for the final stretches of connection, surrounding neighbourhood broadband nodes. This presents a slower connection to the twice-as-expensive fibre optics. It also means residents, say 400 metres from the node, will have slower internet than a neighbour a few doors away. Critics also charge it's a false saving, since copper wire needs replacing far earlier than fibre optics. Complaints and competition Then came the NBN's high pricing to retailers, who buy limited supply to pass on to consumers, which leaves so many Australians staring in frustration while buffering or, worse still, service drop-outs occurring each peak hour. "NBN has worked hard to bring the cost of bandwidth down but we cannot fill the pipes ourselves - it is up to the retailers to make sure that they are buying enough capacity to deliver a good quality of service," an NBN spokesman told the BBC. Yet another complication is the number of retailers - 180 - making it hard for the NBN to police quality control for end users. "We've had huge problems getting our house connected to the footpath node," says Matt Grant, a factory manager in suburban St Clair, just 39km from central Sydney. "But when I complained to the retailer, they told me to talk to the NBN. When I talked to the NBN, they sent me back to the retailer." He was eventually connected, but said "it's no better than we had with ADSL, especially in peak times". Last week, Australia's Telecommunications Industry Ombudsman revealed there had been a 159% increase in NBN-related complaints in the last financial year. NBN chief executive Bill Morrow told the Australian Broadcasting Corp this week that it "turns [his] stomach" that some customers were being left behind, but he placed blame on retailers, and said the government would ultimately decide when to replace copper connections. He also noted increasing competition from mobile broadband technology. "Look, it is a competitive environment, but I just want to repeat we are doing everything we can to ensure the NBN delivers a great service," he said. The network says it's still on target to have 98% of homes connected by 2020, but Australia's internet malaise will still take some solving. There's hope of improvement, but not until base prices can come down as the NBN gradually recoups its massive expenditure. And despite the political finger-pointing, Mr Turnbull's government insists the network will be "fit for purpose". "Australia needs a 21st Century broadband network and this is not being delivered," said Laurie Patton, executive director of consumer advocacy group Internet Australia. "The way we're heading now, whoever is in office in 2020 will have to deal with our biggest ever national infrastructure debacle." http://www.bbc.com/news/world-australia-41577003 T-Mobile Gains More Ground as Sprint Merger Nears The carrier boasts another strong quarter, but everyone's just wondering when its deal with Sprint will go down. Roger Cheng Outspoken T-Mobile CEO John Legere is playing it low-key this time. On Monday, the "Un-carrier" posted third-quarter results -- usually a chance for Legere to jump on a conference call to crow about the company's performance or to bash its competitors. But aside from a seven-minute video Q&A segment and a quote in a press release, Legere is remaining mum. That's because T-Mobile is that close to a deal to merge with Sprint, and Legere & Co. would probably like to avoid questions they wouldn't be able to answer. "With all the rumors and speculation out there, we decided that we wanted to make sure you all saw and focused the Q3 results, and not just on the rumors and speculation that seem fill the news every day," Legere said in the video blog. T-Mobile and Sprint, and their respective parents, German carrier Deutsche Telekom and Japanese carrier SoftBank, all still expect to announce a deal, according to a person familiar with the talks. Bloomberg reported on Thursday that the merger would be delayed for a few weeks. So for now, T-Mobile is focusing on its quarterly results, which saw the nation's third-largest carrier add 595,000 postpaid phone subscribers, or customers who pay at the end of the month and typically boast higher bills and credit scores. It added a total of 817,000 postpaid customers when factoring in other connected devices like tablets and wearables. The results mark the seventh quarter in which T-Mobile has led the rest of the industry in postpaid growth, a product of aggressive marketing and a continued rollout of perks. The company has continued to turn heads with freebies like its T-Mobile Tuesday giveaway program, free international data and its all-in, tax-free pricing. Its latest deal gives Netflix away to family customers on its unlimited data plan. The moves have benefited consumers even if they aren't with T-Mobile. Verizon has reintroduced an unlimited data plan, and AT&T bundles HBO with its unlimited data offering. Sprint offers a year of service for free. That competitive spirit has had an impact on T-Mobile's results, which marked a decline from a year ago. T-Mobile blamed rival promotions, a split in the release of the iPhones (the iPhone X is due to hit markets next month) and the impact from a series of hurricanes that struck the US. The big question is whether things change with a T-Mobile-Sprint merger. Critics warn that the industry may get less competitive, resulting in fewer perks and discounts for consumers. Integrating two national carriers may also prove to be a distraction for the combined company. Sprint itself is the product of a disastrous merger between the original Sprint and Nextel. T-Mobile has the benefit of a strong track record of execution. In total, T-Mobile added a net 1.3 million new customers in the period, the 18th straight quarter in which it exceeded the 1 million mark. It also raised its 2017 forecast range for new subscriber growth to 3.3 million to 3.6 million, up from 3 million to 3.6 million. The company posted a third-quarter profit of $550 million, or 63 cents a share. Revenue rose 8 percent to $10 billion. Analysts, on average, had forecast earnings of 46 cents a share and revenue of $10.01 billion, according to Yahoo Finance. T-Mobile shares rose 1.9 percent to $61.60 in premarket trading. https://www.cnet.com/news/t-mobile-g...-merger-nears/ AT&T Loses Record 385,000 Traditional Pay-TV Subscribers in Q3, Posts Gains for DirecTV Now Todd Spangler AT&T’s DirecTV and U-verse TV businesses were hammered in the third quarter of 2017, while the telco’s over-the-top DirecTV Now service delivered its biggest quarterly increase since launching less than a year ago. The company reported a record quarterly loss of 385,000 traditional pay-TV subs, which AT&T blamed on increased competition from other pay-TV operators and over-the-top services, as well as implementing stricter credit standards and “hurricane disruptions.” That was partially offset by 296,000 net adds for the DirecTV Now service. Overall, AT&T saw a net loss of 89,000 video subscribers in the period. At Sept. 30, 2017, AT&T had 25.08 million video subscribers in the U.S., including 787,000 for DirecTV Now. That’s down from 25.92 million a year earlier. For the fourth quarter, AT&T expects to report a net addition of traditional TV subscribers, CFO John Stephens told investors on the company’s earnings call Tuesday — after a net loss of 969,000 in the first nine months of 2017. Stephens called out AT&T’s bundling strategy with DirecTV, saying wireless-and-TV bundle subscribers have grown 20% since the close of the DirecTV deal, with 6.5 million video customers currently also taking a wireless service. “We only have about a quarter of the video base in these bundles, so we see considerable opportunity in our future,” he said. AT&T has launched a beta trial for its next-generation TV software platform — expected to launch widely in early 2018 — which will include features like cloud DVR, according to Stephens. He didn’t provide additional details. Variety reported Tuesday that DirecTV is gearing up to introduce an Android TV-based set-top box, described as the “new AT&T/DirecTV Wireless 4K OTT Client,” that will deliver programming via the internet rather than satellite. Stephens also touted the growth of DirecTV Now, noting it has live local TV channels in more than 75 markets, and said customer acquisition costs for the OTT service are just a fraction of legacy pay-TV services. “We are confident in the direction we are heading,” he said. Half of DirecTV Now’s customers have come from traditional pay-TV rivals, with 10% from DirecTV or U-verse and the rest representing “cord-nevers,” who have not previously had pay television, Stephens said on the call. Earlier this month, AT&T warned investors that it was projecting its traditional pay-TV services would shed 390,000 customers in the quarter, with a gain of about 300,000 DirecTV Now OTT subscribers. Meanwhile, AT&T’s proposed $85 billion takeover of Time Warner remains pending. The companies on Monday said they extended the termination date of the deal “for a short period of time” as they await approval by the U.S. Department of Justice. AT&T says it remains poised to close the Time Warner acquisition by the end of 2017. “We look forward to closing our acquisition of Time Warner and bringing together premium content with world-class distribution to deliver a better entertainment experience for consumers and more effective targeted advertising,” AT&T chairman and CEO Randall Stephenson said in announcing earnings. Overall, AT&T reported Q3 revenue of $39.67 billion and earnings per share of 74 cents. Wall Street had expected EPS of 74 cents on revenue of $40.12 billion. AT&T’s Q3 revenue in the consumer wireless segment was $7.7 billion, down 6.3% year over year. That was due to fewer phone sales and upgrades, as well as a $419 million decline in postpaid service revenue due to AT&T shifting customers to its business segment. It reported 3 million total wireless net adds, including 2.3 million in the U.S. Revenue in the telco’s entertainment group, which includes DirecTV, broadband and wireline voice, was $12.65 billion, down 0.6%, largely driven by a 19% year-over-year drop in revenue from legacy voice and data services. Video entertainment revenue for Q3 was $9.2 billion, up 1.9%. http://variety.com/2017/biz/news/att...ss-1202598165/ Charter Sees Revenues Increase, Profits Drop in Third Quarter Paul Schott Charter Communications’ revenues rose and profits fell in the past three months as it presses on with the integration of the two companies it acquired last year, according to its third-quarter earnings released Thursday. Revenues hit $10.46 billion, a 4 percent increase from the total in the same period last year. A $48 million profit represented a nearly 75 percent plunge from the bottom line in the third quarter of 2016. The Stamford-based company attributed the drop to fiscal changes including higher depreciation and amortization, greater interest expenses and fewer gains on financial instruments. In an earnings call Thursday, Charter officials said they remained bullish about the company’s direction since closing in May 2016 on a $55 billion acquisition of Time Warner Cable and a $10 billion purchase of Bright House Networks. Those deals made Charter the No. 2 cable carrier in the country after Philadelphia-based Comcast. “We’re creating one company with a unified and centralized operating approach, which puts Charter on a path to grow faster over a multi-year period,” Tom Rutledge, Charter’s CEO and chairman, said on the call. “The integration is going well and remains on schedule.” Charter now serves about a total of nearly 27 million residences and small and medium-sized businesses. Its customer base in the past quarter grew by around 200,000. The company’s number of internet and voice customers increased, respectively, by 249,000 and 27,000. But the number of video accounts dropped by 104,000. “We still think we can grow the video business going forward and expect to grow the video business going forward,” Rutledge said. “It’s true there are many pressures on the video bundle, the biggest pressure being price.” Hurricanes Harvey and Irma slightly tamped down the company’s earnings in the past quarter, Charter officials said. Among new initiatives, the company plans to launch its wireless service in 2018, Rutledge said. Reflecting its growth, the company announced earlier this month that it planned to relocate its Stamford headquarters from its current downtown base at 400 Atlantic St., to what would be a new 500,000-square-foot building at 406 Washington Blvd. Charter plan to makes the move in 2019. While it continues to expand, the company has weathered recent controversy. It resolved last week a contractual dispute with Viacom, which distributes to Charter about two-dozen channels including Comedy Central, MTV, BET and VH1. Charter still faces a strike of about 1,800 technicians in New York and New Jersey who are unhappy with the new contract terms that the company has offered. The company’s shares closed Thursday at about $316, down about 8 percent from their closing total Wednesday. http://www.newstimes.com/business/ar...n-12309113.php Wall Street Still Annoyed That Competition Forced Wireless Carriers To Bring Back Unlimited Data Plans Karl Bode T-Mobile's loopy idea to try and treat wireless subscribers better (well, if you exclude their attacks on the EFF and net neutrality) has been a great thing for American consumers and wireless sector competition. Thanks to more consumer-friendly policies, T-Mobile has been adding more subscribers per quarter than any other major carrier for several years running. This added competitive pressure recently resulted in both AT&T and Verizon being forced to bring back the unlimited data plans the companies had been insisting for years consumers didn't actually want. The problem, if you're a wireless carrier or investor, is that AT&T and Verizon are making slightly less money now that they're unable to sock consumers with restrictive caps and overage fees. In fact, wireless sector revenues dipped slightly in the first quarter for the first time in seventeen years, as T-Mobile competition forced carriers to engage in a little more than theatrical non-price competition. Keep in mind these companies are still making some fairly-incredible profits, and their expansion into areas like smart cities and the IOT give them ample opportunity for new revenue streams. But unlimited data plans returned at the start of the year, and Wall Street firms still can't quite let go of the fact that these industry giants might just have to make a little less money. Cowen and Company Equity Research analyst Colby Synesael simply isn't very happy about this whole competition thing: "The first quarter of unlimited for all four carriers left much to be desired. Both AT&T and Verizon incurred postpaid losses for the first time on record, a trend that could continue. Verizon specifically had its worst quarter in recent memory with a lackluster performance on nearly all sub metrics. Even T-Mobile’s guidance included a ‘less great’ postpaid net add increase of just +250,000. Combined with continued pricing pressure, AT&T and Verizon are pivoting to new avenues of growth such as Mexico, content, media, IoT and 5G, all of which can’t come soon enough." Mike McCormack of Jefferies shares similar worries about how the elimination of often-arbitrary usage caps and overage fees means precious wireless industry giants now have to more seriously compete: "The resurgence of unlimited plans is likely to delay more meaningful ARPU stabilization for multiple quarters due to the loss of overages and plan rightsizing. Impacts to ARPU on an incremental basis (i.e. for new subscribers) will depend on the number of accompanying lines activated. Our analysis suggests a willingness to use price with the hopes that multiline subscribers will churn less frequently. The move to unlimited also diminishes the ability to monetize growing data usage, removing an important lever of growth." Poor darlings, having to actually compete on price and listen to consumers! But worry not. Wall Street and these wireless companies have an ingenious solution to the sudden influx of T-Mobile competition: reduce competition through additional sector mergers and acquisitions. Wall Street analysts have been relentlessly fanning the flames of a Sprint acquisition of T-Mobile, which would eliminate one of four major competitors in the space. Sprint owner Softbank has been buttering up the Trump administration for much of the year in the hopes he'll approve a deal that was blocked by regulators in 2014 because it would have reduced competition. Sprint CEO Marcelo Claure spent this week insisting such a union would create "enormous" synergies, and the fusion of the two companies would let the merged company battle more effectively with the likes of AT&T and Verizon Wireless. Granted if you've spent five minutes with a history textbook (especially one governing the telecom sector), you'll find that these megamergers almost always kill jobs, reduce overall competition, and reduce incentive for consumer service and network improvements. Meaning that if this merger is approved, bringing back unpopular usage caps and overage fees will be a top priority. https://www.techdirt.com/articles/20...ta-plans.shtml Verizon-Tied Group Says Killing Net Neutrality Aids Puerto Rico Karl Bode A minority organization with funding ties to Verizon this week falsely claimed that killing net neutrality protections would somehow help Puerto Rico recover from Hurricane Maria. Puerto Rico remains in dire straights after the storm, with many still struggling to obtain clean drinking water, and most telecom services not expected to be meaningful restored until sometime next year. As such, the fight over net neutrality is likely the last thing on many Puerto Ricans' minds as they struggled to rebuild after the devastating hurricane. The Intercept notes that the National Puerto Rican Chamber of Commerce apparently thought it would be a good idea to use the Hurricane to push repeal of the popular consumer protections. “My organization’s interests -- especially those of small businesses and entrepreneurs in Puerto Rico who now need to be afforded every advantage and opportunity to grow more than ever before -- and our members’ mutual experience have made it clear that the best thing for America’s fragile economy will be for the FCC to continue its plan to repeal the unnecessary regulations,” Justin Vélez-Hagan, executive director and founder of the chamber, wrote in an opinion piece over at the Hill. Gutting popular consumer protections, Velez-Hagan wrote, would provide “incentive for businesses to invest in Puerto Rico (and others impacted by natural disasters) instead of relying solely on relief packages.” So one, as we've long noted, industry claims that net neutrality hampered investment are indisputably false, something easily proven by SEC filings, earnings reports, and public executive statements. The idea that killing net neutrality aids Puerto Rico in this moment of crisis is not only absurd, but insulting. Two, we've noted how one of the greasier lobbying tactics in telecom involves paying minority or diversity groups to parrot policies that actually undermine their constituents. Like when the cable industry paid Jesse Jackson to write an article insisting that efforts to improve cable box competition was akin to racism. Or the time AT&T paid the The Hispanic Institute to insist AT&T's attempted acquisition of T-Mobile -- which would have raised rates for everybody -- was a real boon to minority interests. These efforts are distasteful but effective, and because there doesn't appear to be any public repercussion for using them, they persist. In this instance, Vélez-Hagan wasn't willing to comment when asked by the Intercept whether Verizon funding helped inform his highly dubious claim that killing consumer protections magically help speed up disaster recovery. https://www.dslreports.com/shownews/...to-Rico-140591 Verizon Will Stop Throttling Video on Unlimited Plans if You Pay an Extra $10 Per Month For an added fee, your smartphone won’t be limited to 720p video when using mobile data Chris Welch Two months ago, Verizon implemented a change to all of its unlimited data plans that placed limits on the quality at which users could stream video. The company split its unlimited plan into two tiers, with the cheaper option restricting video streaming to 480p resolution; a higher-priced $85 “Beyond Unlimited” plan tops out at 720p video on smartphones (and 1080p on tablets). The new restrictions immediately applied to all plans and Verizon customers had no way of opting out if they wanted to watch 1080p video on their phone or even higher resolutions on capable devices using mobile data. But now Verizon will give subscribers a way to completely remove the video quality handcuffs — for an extra $10 every month. If you’re willing to pay that $10 charge, you can stream video at the maximum quality supported by any device you’ve got connected to Verizon, whether it’s 1080p, 1440p, or even 4K. But keep in mind that the extra fee is applied per line for anyone on a family plan who wants to lift the limits. Even on a single-line plan, it adds up. Tacking $10 onto Verizon’s Beyond Unlimited ratchets up the monthly price to $95. The $10 add-on will be available beginning November 3rd. It’s particularly hard to swallow this extra charge when none of these video streaming constraints existed in the first place on Verizon only three months ago when there was only one unlimited plan, but here we are. You’re paying more money to get back to full quality video. None of this is a concern when you’re connected to Wi-Fi. And Verizon would tell you that very few customers have been complaining since the 720p ceiling was put in place for smartphones. But this trend of US carriers quietly muddying and restricting mobile video is really starting to feel equal parts annoying and scammy. How much does it cost to watch full-quality video on T-Mobile? T-Mobile customers must have the T-Mobile One Plus plan to watch HD video, which starts at $80 / month for a single-line plan. For a full 4-line family plan, it would be $50 per line. The regular T-Mobile One plan is limited to 480p or “DVD quality.” What about AT&T? AT&T’s Unlimited Plus plan, which is the one you need for HD video streaming, costs $90 for one line or $50 / line for 4 lines. And Sprint? Sprint’s Unlimited Freedom allows video quality streaming up to 1080p on mobile data and starts at $60 per month for a single line. If you want to watch at a higher quality than 1080p, it’s an extra $10 per month. Most of these prices include discounts for setting up auto-pay and paperless billing. https://www.theverge.com/2017/10/25/...eo-quality-fee O'Reilly Scandal Creates More Headaches for Fox Bid in UK* Danica Kirka Bill O'Reilly's sexual harassment scandal is causing more headaches for 21st Century Fox's 11.3 billion pound ($14.8 billion) bid to take full control of U.K. cable network Sky Plc. Revelations that U.S.-based Fox News renewed O'Reilly's contract after he settled a sexual harassment lawsuit for $32 million came just a month after Britain's culture secretary asked competition regulators to review the takeover. Karen Bradley said one of the reasons for her decision was that Fox News' handling of a broader sexual harassment scandal raised concerns about corporate governance at Rupert Murdoch's 21st Century Fox. Soon after the New York Times broke the story about O'Reilly's contract renewal, a senior member of the British opposition Labour Party said he planned to ask the regulator to reject the takeover. "More revelations about the corporate culture at 21st Century Fox," Deputy Leader Tom Watson tweeted. "It shouldn't be allowed to take over Sky." Murdoch's media group wants to buy the 61 percent of Sky it doesn't already own. The takeover values Sky, which broadcasts Premier League soccer, at 18.5 billion pounds. Bradley in September asked the Competition and Markets Authority to evaluate the takeover in light of Fox's commitment to broadcasting standards and the deal's impact on media plurality in the U.K. That decision initiated what may be a six-month investigation into Murdoch's drive to consolidate his media empire, bringing renewed attention to the mogul's holdings. With Murdoch already owning the Sun and The Times newspapers, there are concerns that he and his company will wield too much power in Britain. But the regulator will also look at a variety of other issues to determine whether the merged entity would have a "genuine commitment to broadcasting standards objectives." Among these are allegations that 21st Century Fox's board failed to recognize that sexual harassment was a problem until a Fox News anchor took the issue to court, according to a Sept. 12 letter to the company from the Department for Digital, Culture, Media and Sport, which Bradley heads. The O'Reilly revelations are giving fresh oxygen to opponents of the takeover. The campaigning group Avaaz said it was amending its submission to the CMA to cast "further doubt" on the takeover. "While U.K. authorities were assessing their Sky bid, the Murdochs turned a blind eye to yet another O'Reilly sex scandal, then awarded him a multimillion dollar pay rise," said Alex Wilks, Avaaz's campaign director. "This behavior shoots a hole in their claim to have cleaned up their act. We're urging the competition watchdog to obtain full details of Fox's secret settlements and what the Murdochs knew." The issue has been fraught in Britain. An earlier Murdoch attempt to buy the remaining shares of Sky was scuttled by the 2011 phone-hacking scandal, in which journalists working for Murdoch newspapers were accused of gaining illegal access to the voicemail messages of celebrities, members of the royal family and crime victims. Murdoch's News Corp. withdrew its bid for Sky in 2012, amid fallout from the scandal. News Corp. in 2013 split itself into two companies, with 21st Century Fox focusing on broadcast and cable television, as well as film and TV studios. Murdoch shut down the 168-year-old News of the World tabloid at the height of the controversy. The anger over phone-hacking has abated, giving the media empire another shot at consolidating its holdings. The O'Reilly revelations are unlikely to shock regulators, particularly if 21st Century Fox was careful in disclosing past allegations to authorities as part of the bid. U.S. settlements are generally much larger than those in Britain in regard to sexual harassment cases, so that alone would not change the situation, said Alice Enders of Enders Analysis, a media expert. "We're not at a point that we're looking at something that is going to be the smoking gun," she said, adding that the O'Reilly revelations and the eye-watering sum will simply "reinforce existing impressions on questions of corporate governance issues." But analysts say it is important to point out that all of these reports serve to inform Culture Secretary Karen Bradley, who ultimately will decide whether to approve the deal. Any new information that raises questions about governance and company culture is relevant and must be considered or the government leaves itself open to further legal action. "Political pressures may be more important," said Damian Tambini, an expert in media communications regulation and policy at the London School of Economics. "In the current political climate, Ms Bradley will be very keen not to be seen as part of a move to excuse a company where there is an alleged culture of sexual harassment, or sweep it under the carpet." 21st Century Fox was not immediately available for comment. https://apnews.com/deba7c08fff74c2d8...-Fox-bid-in-UK Journalism’s Broken Business Model Won’t Be Solved by Billionaires William D. Cohan Ever since Donald Graham, the heir to the Washington Post, decided to sell the family’s newspaper for two hundred and fifty million dollars, in 2013, to Jeff Bezos, the founder of Amazon and one of the world’s richest men, the preferred solution for a financially struggling publication has been to find a deep-pocketed billionaire, with other sources of income, to buy it and run it more or less as a philanthropic endeavor. That seemed to be what the Wenners—Jann, the father, and Gus, the son—had in mind, too, when they put Rolling Stone, the iconic magazine founded by the elder Wenner, fifty years ago, up for sale recently. He told the Times that he hoped to find a buyer who understood the magazine’s mission and who had “lots of money.” But the story of Alice Rogoff and the Alaska Dispatch News is a cautionary tale that shows the limits of what a wealthy owner is willing, or able, to do for a struggling newspaper in the digital era. Rogoff is the wife of David Rubenstein, the billionaire co-founder of the Carlyle Group, the publicly traded, Washington-based private-equity behemoth. Rubenstein, with a net worth estimated by Forbes at nearly three billion dollars, is no stranger to lost causes. He provided $7.5 million to rebuild parts of the Washington Monument, after the 2012 earthquake, as part of his ongoing and iconoclastic “patriotic philanthropy” effort. He provided $18.5 million to restore the Lincoln Memorial. He provided twenty million dollars in cash to restore two buildings on the property at Monticello, the home of Thomas Jefferson, as well as to restore two floors of Jefferson’s home itself. He owns original copies of the Magna Carta, the Declaration of Independence, and the Constitution. He has a copy of the Emancipation Proclamation and the Thirteenth Amendment, which abolished slavery. He is the chairman of the board of Duke University (my alma mater, too) and the chairman of the board of the Kennedy Center. He is a co-chair of the board of trustees of the Brookings Institution and the chairman of the Council on Foreign Relations. He has an interview show on Bloomberg TV. He has agreed to take the Giving Pledge and donate half his wealth to charity. By all accounts, though, the Alaska Dispatch News was Rogoff’s baby. She reportedly fell in love with Alaska after a trip there in 2001, according to the Los Angeles Times. She explored the Arctic, hunted moose, and flew her own plane. A graduate of Connecticut College and Harvard Business School, Rogoff spent ten years as the chief financial officer of U.S. News & World Report and was also an assistant to Graham, when he was the publisher of the Washington Post. She bought the Alaska Dispatch News in March, 2014, from the McClatchy Company, for thirty-four million dollars, when it was known as the Anchorage Daily News. She promptly changed its name and bought a new printing press to leave little doubt that she was committed to continue to print the paper. “I don’t see an end to print,” she told the Los Angeles Times last year, explaining why she bought the paper and the new press. “If I could see it, I’d be preparing for it. We’re not.” She said that she hoped to continue publishing the paper, which had a paid circulation of about forty-two thousand, for “decades to come.” After buying the paper, she sold certain assets for some fifteen million dollars and used the proceeds of that sale to reduce the purchase price. She put in six million dollars of her own money and borrowed another thirteen million dollars from Northrim Bank. But Rogoff’s dream of running a local newspaper in her beloved Alaska—she often lived there apart from her husband—slammed into the economic realities of the newspaper business. In August, the Alaska Dispatch News filed for bankruptcy protection. Rogoff had been trying to sell it for months, without success. According to the bankruptcy filing, the paper was losing an average of a hundred and twenty-five thousand dollars per week and owed its venders some $2.5 million. She still owes Northrim Bank around $10.2 million, the security for which is the regular payments that she receives as part of a “marital settlement agreement” with her husband, as well as her Wells Fargo investment accounts and the remaining assets of the paper. (The couple are not divorced, though they have mostly lived apart—on opposite coasts—for many years.) In announcing the bankruptcy filing to readers, on August 12th, Rogoff struck a poignant and bittersweet note. “I think by now that most of you know owning this news organization has been a labor of love for me,” she wrote. “The body of work done in our time has been as good as we could hope for. We’ve worked hard to help illuminate the issues of our day and provide a platform for points of view from across Alaska. Yet like newspapers everywhere, the struggle to make ends meet financially eventually caught up with us. I simply ran out of my ability to subsidize this great news product. Financial realities can’t be wished away.” Last month, a bankruptcy judge in Alaska approved the sale of the newspaper to a new group of buyers, led by the Binkley family of Fairbanks, for a million dollars—the amount of the loan that the family had made to the paper a month earlier to keep it going. Very little, if anything, of that million dollars will go the paper’s existing creditors. “Obviously, this is not the outcome I would prefer,” Rogoff wrote in a court filing, “but the reason I agreed to these terms is that my primary desire is to see that the newspaper continue in operation.” For their part, the Binkleys made their fortune over five generations by taking tourists and freight up the Yukon River. They are determined to keep the paper going. “Newspapers across the country are in distress and operating independently in remote Alaska adds to the challenge,” Ryan Binkley wrote to the paper’s readers. “We will be working with the talented and dedicated team here at the company, building a winning organization. The ADN can’t be allowed to go away. It’s too important to the city of Anchorage and to the State of Alaska.” In the three years that Rogoff owned the paper, its value declined ninety-seven per cent. Sure, she had deep pockets, but not deep enough, it turned out. (Certainly, had she had full access to her husband’s multibillion-dollar fortune, or had he been interested in this particular lost cause, she likely could have kept running the paper, which lost $6.6 million in 2016, a million dollars more than it lost the year before, according to the financial statements filed in bankruptcy court.) She will likely end up losing the six million dollars that she invested, plus whatever portion of the $10.2 million that she still owes the bank, as part of the more than seventeen million dollars she told the bankruptcy court that she invested in the newspaper and the new printing press, which, according to the bankruptcy filing, remains unused and sitting idly in an old building in Anchorage. As for Rogoff herself, the Los Angeles Times reported that she left the bankruptcy hearing last month virtually unnoticed “and disappeared down the street without further comment.” Her Alaska attorney, Cabot Christianson, told the paper that she would continue to live in Alaska. (He declined my request to be interviewed about how it went wrong for Rogoff. She stopped tweeting last November.) “It is extremely painful,” she told the bankruptcy judge about the paper’s dénouement. Of course, Rogoff’s debacle is emblematic of a much bigger financial crisis in American journalism. Even with the arrival of a handful of rich backers—Bezos, at the Post; the Sandler family, at ProPublica; and Laurene Powell Jobs, at The Atlantic—the broader industry has failed to find a viable digital-news model as traditional forms of revenue—advertising and subscriptions—continue to evaporate like rain in the Sahara. (Even Condé Nast, the owner of The New Yorker, is not immune to the macroeconomic forces affecting the industry.) In an era when the Presidency demands more and better reporting than ever (and there has been much fabulous reporting), newsroom staffs continue to shrink. According to the annual survey conducted by the American Society of News Editors, thirty-two thousand nine hundred full-time journalists were employed in newsrooms across the country in 2015, down from fifty-seven thousand in 2007. (The organization has since modified the survey.) It’s difficult to see where all this is going. ProPublica just announced a program to pay for investigative reporters in local newsrooms across the country. That’s a positive step for journalism and our democracy. But the Alice Rogoff saga is a reminder that sometimes deep pockets are not enough to save a local newspaper. Creating indispensible journalism—whether at the local or national level—is not without cost. It does not want to be free. If people aren’t willing to pay for it, like they pay for the Internet or cell-phone service, then it will surely disappear, sometimes right before your eyes. https://www.newyorker.com/news/news-...y-billionaires The FCC Just Ended a Decades-Old Rule Designed to Keep TV and Radio Under Local Control Brian Fung Federal regulators have voted to eliminate a longstanding rule covering radio and television stations, in a move that could ultimately reshape the nation's media landscape. The regulation, which was first adopted almost 80 years ago, requires broadcasters to have a physical studio in or near the areas where they have a license to transmit TV or radio signals. Known as the "main studio rule," the regulation ensured that residents of a community could have a say in their local broadcast station's operations. Tuesday's vote by the Federal Communications Commission lifts that requirement. With the rise of social media, the agency said, consumers now have other ways to get in touch with their local broadcasters. "Additionally, technology allows broadcast stations to produce local news even without a nearby studio," FCC Chairman Ajit Pai said. But that same technological capability could prompt large media titans to take over small, local TV and radio stations, turning them into megaphones blasting content developed for a national audience rather than a local one, according to critics. "At a time when broadcast conglomerates like Sinclair are gobbling up more stations," the consumer advocacy group Free Press said in a regulatory filing on the matter in July, "the Commission’s proposal would allow these conglomerates to move even more resources away from struggling communities and further centralize broadcasting facilities and staff in wealthier metropolitan areas." Sinclair, a right-wing broadcaster, is trying to buy up Tribune Media in a $3.9 billion deal. The consolidation of the media industry has become a political flashpoint amid wider concerns about fake news and the polarization of news consumption. Even some conservatives have opposed the merger, on the grounds that it could limit the number of voices on the airwaves. "Anyone who understands how these big media companies operate can see the danger," Christopher Ruddy, the chief executive of Newsmax, a conservative media company that asked the FCC to reject the Sinclair deal, wrote in a recent Washington Post op-ed. "By owning local stations, the New York-based media networks could dictate local news coverage. With the planned elimination of the local studio rule, they will have a green light to do so." Supporters of the FCC decision to eliminate the main studio rule, including the National Association of Broadcasters, argue that it imposes unreasonable costs on station owners and that the savings from no longer operating a physical studio could be funneled into creating more local TV and radio programming. "[The] record shows that costs associated with main studio rule have stopped broadcasters from launching new stations in small towns," tweeted Matthew Berry, Pai's chief of staff. https://www.washingtonpost.com/news/...local-control/ Chevy Bolt: Meet the First Practical, Mass-Market Electric Vehicle Dan Neil Well, That was easy. Twenty years and a million tears after General Motors’ GM, +0.57% senior scientists built a fleet of nimble, lovable all-electric cars (the EV1) and then crushed them -- an episode told in Chris Paine’s film “Who Killed the Electric Car?” -- GM has delivered the world’s first affordable, long-range EV, the Chevrolet Bolt, with an EPA-estimated range of 238 miles and an MSRP of $37,495, before the $7,500 federal tax credit. GM reached this mark a few months sooner than industry pioneer Tesla TSLA, -1.91% , which is only now ramping up production of its Model 3 compact sedan to satisfy some 450,000 preorders. The Bolt -- a compact four-door, five-seat hatchback, assembled at the Orion plant near Detroit -- offers about the same range and acceleration as reported for Model 3 with the standard battery (50 kWh) and a bit more cargo flexibility, owing to the hatch design. The situation is ironic, since building a mass-market EV has been Tesla boss Elon Musk’s goal all along, whereas GM management had to be dragged to it, kicking and screaming. But there is value in being first. Wait-times for new orders of the Model 3 stretch from 12 to 18 months. While no raving beauty -- rather like a glass boot -- the Bolt is certainly good enough to peel some off the Tesla waiting list. If nothing else they can lease the Chevy until their Model 3 arrives. Obviously, these machines have very different pedigrees -- Tesla the disrupter, GM the disrupted -- and hold out contrasting owner narratives. The Bolt doesn’t reinvent GM’s wheel entirely. My butt could tell those seats blindfolded. Also, in our $43,905 Premier test car, the driver’s door’s inner seam wasn’t quite plumb. They do that to make me crazy. But the Bolt is a hell of a car, the quickest soulless appliance you could ask for, an absolute hoot in the sack. It dominates the BMW i3 and the Nissan Leaf, with more room, more power and more range. That’s amazing when you think about it: Nissan sank an entire year’s worth of R&D, $6 billion, tooling up for the Leaf. If the Bolt team had been given $6 billion they could have made it fly. What made the difference? At the risk of being reductive, the falling cost of automotive-grade lithium batteries. And while the Bolt’s liquid-cooled battery pack certainly boasts some respectable numbers, volts- and amps-wise, mostly it’s just big: 60 kWh sandwiched between the floorboards. The Bolt is all about the battery. While they were flirting with innovation, the designers worked to keep the human interface familiar. Unlike Tesla products, the Bolt waits for the driver to press the start button before the instrument panels bloom (the Tesla unlocks as you approach and lights up when you touch it). The Bolt’s gear selector is conventional in position and operation (you have to remember to press the P for park button). It’s not nearly as fun as the BMW i3 gear selector, like turning the right bolt in Frankenstein’s neck. At a stop, if you release the Bolt’s brake the car will start creeping forward, as if it had an engine and automatic transmission. As owners become more familiar with regenerative braking -- one-pedal operation, whereby the car slows when you lift the e-throttle -- they can slip the gear selector into L mode. One-pedal operation is more intuitive and safer than conventional foot controls and is one of the benefits of EVs. But after my first week with the Bolt, I would say the Bolt’s primary innovation is emotional. It’s the Prozac of range anxiety. Your humble correspondent is learning as I go. I had a Level 2 charger installed at my house this year; the Bolt is the first test car to get home-charging treatment. At 240 volts/32 amps, the Bolt can acquire 25 miles of range per hour of charging, amounting to a full charge overnight. At a fast-charge station (480 volts) those figures are 90 miles of range in 30 minutes, but that requires the optional fast-charge hardware ($750). Not being the fretful sort, I didn’t think I suffered from range anxiety, the fear of being stranded on the road with a flat battery. Even in EVs with less than 100 miles range, the charging duties seemed manageable. But, in retrospect, those ever-dwindling states of charge were never far from my mind, always in the corner of my eye. I never registered this gloom until it was lifted. The Bolt’s +200-mile range puts it beyond the nagging agues of range anxiety. I drove more than 170 miles in a day last week, mostly highway miles between 70 and 80 mph, with no apprehension. Just as important, the Bolt’s long legs means the average owner can skip several days between charges. If I owned a Bolt, I’d plug in about as often as I take the family van to the gas station now. And the bathrooms at home are cleaner. The Bolt’s mighty electron reserves change the experience fundamentally. It’s amazing how much fun EVs are when you’re not worried sick about running out of juice. What follows only sounds controversial but it’s not: For a general audience, electric vehicles will offer a better driving experience than cars with internal-combustion engines. It’s in the nature of the mechanism, which dispenses with the trembling gas-fired whirligig under the hood, the transmission, gas tank and tailpipes, in favor of a murmuring electric motor(s), a single gearset, soft-singing voltage controllers and low-slung batteries. For example, auto makers spend millions of development dollars keeping engine noise, vibration and harshness away from the cabin, lately including exotica like active noise cancellation, dynamic engine mounts and damping flywheels in the transmission. The Bolt doesn’t have any of that and at 70 mph it was so quiet in the cabin I could hear my wristwatch ticking, and my hearing ain’t all that good. It’s also quiet on the outside. I’m afraid I surprised a squirrel. Efficiency? The energy content of a gallon of gas is about 33 kWh, which means that the Bolt travels 238 miles on the equivalent of less than two gallons of gas (128/110/119 mpg-e, city/highway/combined.) Did somebody say acceleration? The Bolt is as good as its name. From a standstill, and hampered by its low-rolling-resistance tires, the Bolt hits 60 mph in less than 6.5 seconds, officially. But once it’s rolling, say, between 20 and 60 mph, the Bolt is outrageously, throw-your-head-back quick, stealthy and spontaneous. With 266 lb-ft of torque on hair-trigger alert, this little family car squirts past slower cars like a Subaru WRX STI, except nobody thinks it’s an air raid. The Bolt should come with a traffic attorney on retainer. As with other such EVs, the battery pack (960 pounds) imbues the Bolt with a low center of gravity, which is all the more palpable from the elevated perch of the driver seat. The low C-of-G does nice things for the Bolt’s standard-issue small-car suspension (struts in front and torsion-bar rear), like lead in a keel. With its low CofG and minimal body roll, the Bolt gives and gives in corners until the tires chirp their surrender. That, right . . . there . . . is gasoline’s Achilles’ heel: the comparative user experience. In the end, it will not matter how much the Big Oil spends propagandizing against electric cars or if gasoline goes back to 30 cents a gallon. Gainsayers need only run down to a Chevrolet dealership and drive, back to back, dollar for dollar, one of the company’s anodyne family haulers and the Bolt. Which one is quieter, more refined, quicker around town (much!), with better ride and handling? Which one feels like the future and the past? http://www.marketwatch.com/story/che...cle-2017-10-22 Solar Windows Could Meet 'Nearly All' of America's Electricity Demand Up to seven billion square metres of glass surface in the United States could be used to generate electricity Niamh McIntyre Solar cell technology could soon tap into the massive energy potential of windows and other transparent objects, new research has shown. Scientists have been working on transparent solar panels which could be used as windows in cars or homes at the same time as generating electricity. “Highly transparent solar cells represent the wave of the future for new solar applications”, said Richard Lunt, Professor of Chemical Engineering and Materials Science at Michigan State University. "We analysed their potential and show that by harvesting only invisible light, these devices can provide a similar electricity-generation potential as rooftop solar while providing additional functionality to enhance the efficiency of buildings, automobiles and mobile electronics.” The material is designed to capture just ultraviolet and near-infrared light. Commercial versions of the high tech new solar panels should be on the market in “the next few years”, Professor Lunt told Newsweek. An estimated five billion to seven billion square metres of glass surface in the United States could be used to meet 40 per cent of the country’s energy demand, according to the authors of the report - rising to nearly 100 per cent, if energy storage capacity is improved. In 2016, solar accounted for 1.4 per cent of US electrical generation, up from just 0.1 per cent in 2010 Meanwhile, the cost to install traditional solar panels in the US has fallen by more than 70 per cent since 2010. In the UK, solar’s overall share of the market is higher, accounting for 3.4 per cent of all electricity generated in 2016. https://www.independent.co.uk/news/w...-a8018071.html How Silicon Valley Divided Society and Made Everyone Raging Mad Jamie Bartlett Of all the fantasies about how the internet would improve our lives, the notion that connectivity automatically brings people together is the most alluring. Mark Zuckerberg’s oft-repeated promise to create a “global community” on Facebook is merely the most recent example. For decades, the utopians of Silicon Valley have firmly believed that digital connectivity will bridge all misunderstanding and difference. It increasingly feels like it is doing the precise opposite, fueling a tribal form of identity politics based on narrow markers of gender, race, religion or so on. This isn’t the fault of the net of course—identity politics far predates digital communication—but it has introduced a new urgency and force. Just as Netflix and YouTube replaced mass audience television with ever more personalized choice, so total connection offers up an infinite array of possible identities. Online, anyone can find any type of community they wish (or invent their own)—think alt-right, pro-ana, TERF, antifa—and with it thousands of likeminded people with whom they can mobilize. Anyone who is pissed off can now automatically find other people that are similarly pissed off. A network can bring people together, but it also produces homophily—birds of a feather flocking together. Homophily is often the basis for a community, but what transforms it into a forceful identity based movement is some sense of shared struggle or common enemy. This is where the tsunami of information online has inadvertently turbo-charged the rise of identity politics. Because the internet is a bottomless well of available grievance. If you are a transgender person, you can cite and share the awful crime statistics. If you are a person of color in the U.K., a recent government survey revealed still enormous differences in life chances. If you are white working class, data finds that your group has the lowest likelihood of getting to university and the lowest sense of personal agency. If you are a Muslim, you’re more likely to wind up in prison. If you are middle class, academic studies prove the last 30 years of globalization has led to an unprecedented decline in your wages. If you are a woman, you’re still earning less than men for the equivalent work. And on and on and on. Spend a little time on social media: you won’t go five minutes without seeing a report about how badly group x or group y is being treated. I don’t mean to denigrate these issues, since all the reports I cite above are accurate and reflect genuine problems. And obviously some grievances are objectively more serious than others. The point is that every individual now has readily available a truckload of reasons to feel legitimately aggrieved, outraged, oppressed, or threatened—even if their own life is going just fine. For some people, being generally decent and siding with underdogs, this produces a powerful sense of belonging and solidarity with a group they might never have thought about until they kept reading how oppressed they were. If you put a magnifying glass to a group of people, give them a label, collect data, and spread it about—even for very noble reasons—it inevitably creates an us and them feeling. Imagine for a moment someone collected some data about people from Kent, an area in southeast England, which is where I’m from. Doubtless it would reveal some problem or injustice, and it would be all over social media. Throw in a handful of viral anecdotes of Londoners treating Kent people with disdain. YouGov would then poll the region about whether they felt Kentish or British and some newspaper would publish the results with an exciting headline like “32 percent of Kentish People Feel DISLOYAL to Britain.” Before too long there would be a Facebook group called the Kentish Independence Movement; and another called Kent Patriots Against the Fascist K.I.M. Both would be full of angry zealots who’d never even thought about Kent before. Essentially, the internet has opened up new ways of forming, finding or joining tribes that we never even knew we belonged to. This alone is not necessarily a problem, and in some cases is both understandable and a route to redress an existing issue. (People who moan endlessly about identity politics sometimes forget this). But it is destructive when it tilts too tribal, when reason and argument give way to blind loyalty, when a single identity overwhelms all others, turning opponents into enemies and making arguments about who people are rather than the point they’re trying to make. It becomes dangerous when it’s reduced to a binary us versus them. This is the internet’s final gift to identity politics. Silicon Valley’s utopians genuinely but mistakenly believe that more information and connection makes us more analytical and informed. But when faced with quinzigabytes of data, the human tendency is to simplify things. Information overload forces us to rely on simple algorithms to make sense of the overwhelming noise. This is why, just like the advertising industry that increasingly drives it, the internet is fundamentally an emotional medium that plays to our base instinct to reduce problems and take sides, whether like or don’t like, my guy/not my guy, or simply good versus evil. It is no longer enough to disagree with someone, they must also be evil or stupid. And for all the newfound fear of social media creating echo-chambers or filter-bubbles of likeminded people, I think it often does the precise opposite. It’s incredibly easy to find opposing views on social media. I’ve never seen so many knaves and fools as pollute my timelines. Social media allows you to find the worst examples of other tribes (which are of course shared by your own one). It’s not a place to have your own views corroborated, but rather where your worst suspicions about the other lot can be quickly and easily confirmed. Nothing holds a tribe together like a dangerous enemy. That is the essence of identity politics gone bad: a universe of unbridgeable opinion between opposing tribes, whose differences are always highlighted, exaggerated, retweeted and shared. In the end, this leads us to ever more distinct and fragmented identities, all of us armed with solid data, righteous anger, a gutful of anger and a digital network of likeminded people. This is not total connectivity; it is total division. http://www.newsweek.com/how-silicon-...ing-mad-689811 Amazon Rivals Turn to Legal Fine Print to Stem Whole Foods Strategy Jeffrey Dastin Whole Foods Market met a new foe this summer during talks to lease a top retail space in a San Francisco mall: the Target next door. As City Centre mall’s largest tenant, Target Corp (TGT.N) had a say over changes to the property. According to people familiar with the lease discussions, Target balked at sharing the mall with Whole Foods because it feared competition from the grocery chain’s new owner, Amazon.com Inc (AMZN.O). Early attempts to persuade Target failed, and Whole Foods may now have to concede certain Amazon initiatives - such as lockers where customers can pick up goods ordered online - if it wants the location, the people said. Talks are ongoing. A Reuters examination of real estate agreements and interviews with 20 retail landlords, lawyers and brokers show that the strings attached to operating in malls like City Centre present an emerging and little-scrutinized challenge to Amazon’s quest to re-shape Whole Foods. Across the United States, large retailers including Target, Bed Bath & Beyond Inc (BBBY.O) and Best Buy Co Inc (BBY.N) have legal rights in many lease agreements that allow them to limit what Amazon can do with nearby Whole Foods stores, and where it can open new ones. Documents reviewed by Reuters show bans on Amazon lockers and delivery operations near a Target store in Illinois and also in Florida, where a new Whole Foods is set to open. Lockers for retrieving online orders are a way for Amazon to spur sales through the grocery chain. In Manhattan and other locations, the leases of Whole Foods’ big box neighbours bar it from selling a range of goods that Amazon has in its massive online inventory, from electronics to toys and linens. Even Whole Foods stores that do not share space with major rivals can face constraints imposed by local governments. A city council resolution in White Plains, New York, restricted the hours when Whole Foods can use a loading dock prior to the grocer locating in the mall. Amazon declined to answer questions about how these restrictions across the country impact its plans. In a statement, Target said it is “focused on what’s best for the company and delivering on the reasons our guests love Target. Our more than 1,800 stores across the country are a strategic asset and a vital part of Target’s future.” The company did not discuss details of the restrictions reported by Reuters, but said, “It’s inaccurate to characterize lease agreements as our corporate strategy.” Reuters could not determine the full extent of limits on Whole Foods stores because lease deals vary from mall to mall, and many are not public. While restricting how neighbours operate is a standard practice in retail, Amazon is new to feeling the heat. Some mall owners and real estate brokers say Whole Foods will still find landlords who are eager to have the high-profile tenant driving traffic in their malls, and see rivals trying to keep Whole Foods out as short-sighted. But with nearly all of Whole Foods’ 473 stores subject to lease agreements and plans to add up to 85 stores, according to regulatory filings, Amazon has launched into brick-and-mortar with more constraints and entrenched enemies than in the online world it dominates. “Many people assume this big, 800-pound gorilla is going to come and beat up all of these retailers,” said Terrison Quinn, a senior vice president at brokerage SRS Real Estate Partners. “I just don’t think that’s going to be the case.” DOZENS OF RESTRICTIONS Amazon wasted no time in making changes when the $13.7 billion Whole Foods deal closed in August. The world’s largest online retailer cut grocery prices, started selling its Echo home speaker in stores and disclosed plans to add lockers to some locations and Whole Foods items to Prime Now, its two-hour delivery program. Analysts expect such moves will boost online orders and revenue for Amazon. But big box rivals have a number of ways to fight back. Retailers routinely negotiate guarantees that their landlords will not alter malls in a way that hurts sales, whether leasing to a strip club or starting construction projects without approval, real estate lawyers said. These leases, which often last 10 to 20 years with options to renew, may even name competitors barred from opening a store. A 16-page memo in July detailing the lease restrictions governing Miami’s Pinecrest Place mall, obtained by Reuters, offers a glimpse of the legal protections retailers are securing. Target required an affiliate of national landlord Regency Centers Corp (REG.N) to bar “Any lockers, lock-boxes or other type of storage system that is used to receive or store merchandise from a catalog or online retailer.” The document then specifies more than a dozen other restrictions for the mall, from leasing space to a pet shop or toy store to operating “a fulfilment centre in connection with receiving, storing or distributing merchandise from a catalogue or online retailer.” Slideshow (3 Images) Regency announced in April that Whole Foods will open in the centre, meaning the store cannot have Amazon lockers or fulfil orders for Prime Now. A May memo of lease for a Target in Evanston, Illinois, obtained by Reuters, contains similar prohibitions against lockers and online fulfilment. In another case, Target raised similar concerns about Amazon for a prospective Whole Foods location at the Stonestown Galleria in San Francisco, people familiar with the matter said. A Reuters analysis showed that 7 percent of existing Whole Foods' U.S. stores are within a quarter mile, or roughly five-minute walk, of a Target. For a graphic, click tmsnrt.rs/2yAt3nu OPPOSITION ABOUNDS Target is not alone in placing limits on Amazon. Lidl, a German grocery chain expanding in the United States, said in a deal this year it would “prohibit the operation of pickup facilities” by rivals such as “Wal-Mart and Amazon... that sell grocery items” near a planned store on Long Island in New York, according to a person familiar with the matter. The language is becoming common, the person said. Will Harwood, a spokesman for Lidl, said, “We adhere to industry norms and standard real estate practices when securing sites.” A Bed Bath & Beyond store in lower Manhattan bars its next-door tenant - Whole Foods - from selling linens, bathroom items, housewares and frames, its memo of lease said. The company declined to comment. And a Best Buy store just north of Miami has the exclusive right in its shopping centre to sell electronics. A lease carve-out, which states other tenants can sell gadgets on less than 250 square feet of floor space, allowed for the mall’s Whole Foods to display the Echo speaker, according to a memo seen by Reuters and a reporter who visited the location. “It is pretty standard for anchor tenants of a shopping centre to reserve the right in their leases to prohibit improvements to a centre - including the addition of new tenants - without approval and consent,” said Jeff Shelman, spokesman for Best Buy. Gabe Kadosh, vice president at real estate firm Colliers International (CIGI.O), said Amazon and Whole Foods “want to have freedom to do whatever they want. The challenge is in brick and mortar, and in multi-tenant shopping centres, you can’t just do that.” Reporting by Jeffrey Dastin in San Francisco; Additional reporting by Melissa Fares and Ashlyn Still in New York, Richa Naidu in Minneapolis and Zachary Fagenson in Aventura, Florida; Editing by Jonathan Weber and Edward Tobin https://uk.reuters.com/article/uk-br...-idUKKBN1CT1NF Microsoft to Drop Lawsuit after U.S. Government Revises Data Request Rules Microsoft Corp said it will drop a lawsuit against the U.S. government after the Department of Justice (DOJ) changed data request rules on alerting internet users about agencies accessing their information. The new policy limits the use of secrecy orders and calls for such orders to be issued for defined periods, Microsoft Chief Legal Officer Brad Smith said in a blog post on Monday. "As a result of the issuance of this policy, we are taking steps to dismiss our lawsuit," Smith said. bit.ly/2gE3kDp The company expects the changes to end the practice of indefinite secrecy orders. Microsoft filed the lawsuit in April 2016 arguing that the U.S. government was violating the constitution by preventing the company from informing its customers about government requests for their emails and other documents. reut.rs/2zLIjv0 The suit argued that the government’s actions were in violation of the Fourth Amendment, which establishes the right for people and businesses to know if the government searches or seizes their property, and the company’s First Amendment right to free speech. The changes will ensure that secrecy order requests are “carefully and specifically tailored to the facts in the case,” Smith said. “This is an important step for both privacy and free expression. It is an unequivocal win for our customers, and we’re pleased the DOJ (Department of Justice) has taken these steps to protect the constitutional rights of all Americans,” the statement said. While Microsoft has agreed to drop its lawsuit, Smith said the company is renewing its call to Congress for the amendment of the Electronic Communications Privacy Act which was adopted in 1986. The DOJ did not respond to request for comment outside regular business hours. Last week, the U.S. Supreme Court agreed to hear the Trump administration’s appeal of a lower court’s ruling preventing federal prosecutors from obtaining emails stored in Microsoft computer servers in Dublin, Ireland in a drug trafficking investigation. Government lawyers argued the lower court ruling threatened national security and public safety. Reporting by Kanishka Singh in Bengaluru; Editing by Gopakumar Warrier https://uk.reuters.com/article/uk-gl...-idUKKBN1CT02R DOJ Subpoenas Twitter About Popehat, Dissent Doe And Others Over A Smiley Emoji Tweet Mike Masnick So, here's a fun one. Back in May, the Justice Department -- apparently lacking anything better to do with its time -- sent a subpoena to Twitter, demanding a whole bunch of information on a five Twitter users, including a few names that regular Techdirt readers may be familiar with: If you can't see that, it's a subpoena asking for information on the following five Twitter users: @dawg8u ("Mike Honcho"), @abtnatural ("Virgil"), @Popehat (Ken White), @associatesmind (Keith Lee) and @PogoWasRight (Dissent Doe). I'm pretty sure we've talked about three of those five in previous Techdirt posts. Either way, they're folks who are quite active in legal/privacy issues on Twitter. And what info does the DOJ want on them? Well, basically everything: 1. Names (including subscriber names, user names, and screen names); 2. Addresses (including mailing addresses, residential addresses, business addresses, and e-mail addresses); 3. Records of session times and durations, and the temporarily assigned network addresses (such as Internet Protocol ("IP") addresses) associated with those sessions; 4. Length of service (including start date) and types of service utilized; 5. Telephone or instrument numbers (including MAC addresses, Electronic Serial Numbers ("ESN"), Mobile Electronic Identity Numbers ("MEIN"), Mobile Equipment Identifier ("MEID"), Mobile Identification Numbers ("MIN"), Subscriber Identity Modules ("SIM"), Mobile Subscriber Integrated Services Digital Network Numbers ("MSISDND"), International Mobile Subscriber Identifier ("IMSI"), or International Mobile Equipment Identities ("IMEI")); 6. Other subscriber numbers or identities, or associated accounts (including the registration Internet Protocol ("IP") address); 7. Means and source of payment for such service (including any credit card or bank account number) and billing records. That's a fair bit of information. Why the hell would the DOJ want all that? Would you believe it appears to be over a single tweet from someone to each of those five individuals that consists entirely of a smiley face? I wish I was kidding. Here's the tweet and then I'll get into the somewhat convoluted back story. The tweet is up as I write this, but here's a screenshot in case it disappears: And, just to make it clear, here are all the users "in the conversation" on that tweet (since Twitter now buries at least some of that information): You'll note that all of the names are the same names as listed in the subpoena above (as a point of clarification, the four users listed below were already in the conversation, so their metadata gets swept along, and then the tweeter, Justin Shafer, is also adding in @PogoWasRight to the conversation). So, who is Justin Shafer, and what the hell is all of this about? Buckle up, because it'll take a bit of background to get around to this tweet (and, yes, it will still feel very, very, stupid that this subpoena was ever issued). First up: Justin Shafer is a security researcher, who has some history spotting bad encryption. Go back to 2013 and he had spotted a weak not really "encryption" standard put out by Faircom. Once it was called out as weak, vulnerable and not really encryption, Faircom rebranded it from the "Faircom Standard Encryption" to "Data Camouflage" since the reporting by Shafer showed that it wasn't really encryption at all -- but just a weak attempt at obfuscation. Fast forward to late 2013, when a dentist named Rob Meaglia alerted some of his patients that a computer was stolen from his offices with "medical records and dental insurance information." But, Dr. Meaglia told his patients that the records system they were using, Dentrix, made by a company called Henry Schein, Inc., had all of that data encrypted. Except it appeared that Dentrix was actually using Faircom's "Data Camouflage" and not actual encryption. And, as that link notes, Henry Schein, Inc. had been informed of this problem months earlier, around the time Faircom admitted it wasn't actual encryption. In May of 2016, the FTC announced a settlement with Henry Schein, Inc. over the claim that it "falsely advertised the level of encryption it provided to protect patient data." Kudos to Justin Shafer. But, literally days later, the FBI was raiding Justin Shafer's home and taking all of his computers. This was not specifically about the Harry Schein case, but since Shafer had continued to investigate poor data security practices involving dentists, he'd come across an FTP server operated by another dental software company, Patterson Dental, which makes "Eaglesoft," a dental practice management software product. Shafer had discovered an openly available anonymous FTP server with patient data. Shafer did the right thing as a security researcher, and alerted Patterson. However, rather than thanking Shafer for discovering the server they had left with patient data exposed, Patterson Dental argued that Shafer had violated the CFAA in accessing the open anonymous FTP server. Hence the FBI raid. Not surprisingly, Shafer was none too pleased with the FBI's decision to raid his home and take all of his electronics. In particular, it appears he was especially annoyed with FBI Special Agent Nathan Hopp (who he initially believed was actually Nathan "Hawk.") Fast forward to March of this year, to an entirely different story: the FBI arresting John Rivello for "assaulting" journalist Kurt Eichenwald with a tweet. If you follow Techdirt related stuff, you probably remember that whole story. Lots of people, including us, posted the criminal complaint that was put together by one Nathan Hopp, a special agent at the FBI. It appears that the Rivello arrest and subsequent news coverage suddenly alerted Shafer to the fact that "Nathan Hawk" was actually "Nathan Hopp" and Shafer began a bit of an open source "investigation" on Twitter. I wouldn't necessarily call the following tweets "smart," but Shafer, finally aware of the FBI agent who lead the raid on his house, started trying to find any public info on Hopp -- and his family. Now, searching out his family isn't great. But it does appear that he was just looking up publicly available information: At this point, the FBI decided to start protecting its own. Seeing as the guy whose home the FBI had ridiculously raided a year earlier was now tweeting some info about one of its special agents, the FBI started putting together a new criminal complaint arguing that all of the tweets above amounted to "Cyber Stalking" under 18 USC 2216A. This seems like a huge stretch, because that law requires "intent to kill, injure, harass, intimidate, or place under surveillance...." Either way, about the time all of this was happening, Ken "Popehat" White had started another Twitter thread about the Rivello arrest, leading Virgil and Keith Lee to respond about the criminal complaint, eventually leading Mike Honcho to note "Nathan Hopp is the least busy FBI agent of all time." It is to that tweet that Shafer replies with his smiley emoji and adds or cc's, Dissent Doe to the conversation: And that takes us to 10 days later, when a new criminal complaint against Shafer is issued, arguing that those tweets were criminal Cyber Stalking. And because part of that included his smiley emoji in response to the Popehat thread/Honcho tweet, the DOJ felt it necessary to issue a subpoena demanding basically all info on those 5 Twitter users (including Popehat, a former Assistant US Attorney whose info is pretty easy to find on Google). Perhaps the FBI somehow thinks that Shafer was really behind those other accounts or something -- but anyone with even the slightest level of competence should realize that's unlikely -- and that's got nothing to do with anything here anyway. As an aside, look closely at that criminal complaint against Shafer. I have no idea why but it appears that the FBI/DOJ is so clueless that rather than submitting the final complaint, they actually submitted the copy showing the "comments" on the Word doc they were using to prepare the complaint -- which shows two comments that both suggest the FBI is well aware that this complaint is weak sauce and probably doesn't meet the standard under the law... but this story is crazy enough without spending too much time on that. Twitter is apparently fighting back against this subpoena. And even though it was issued back in May, a few days ago, the company alerted the individuals that the DOJ was demanding info on. Dissent Doe has already stated publicly a plan to move to quash the subpoena as well, and I wouldn't be surprised to see the others named take similar steps. But, really, take a step back and everything about this situation is crazy. Going after Shafer the first time was crazy. Going after him again for supposed "Cyber Stalking" over a few harmless tweets was clearly just the FBI trying to protect its own from being embarrassed online. Then, to subpoena a ton of info on 5 totally unrelated Twitter users... just because Shafer tweeted a smiley face emoticon at them? What the fuck is the DOJ up to? Doesn't Assistant US Attorney Douglas Gardner, who signed the subpoena, have better things to do with his time, like going after actual criminals, rather than harassing people for tweeting? https://www.techdirt.com/articles/20...ji-tweet.shtml The New York Times is Now Available as a Tor Onion Service Runa Sandvik Today we are announcing an experiment in secure communication, and launching an alternative way for people to access our site: we are making the nytimes.com website available as a Tor Onion Service. The New York Times reports on stories all over the world, and our reporting is read by people around the world. Some readers choose to use Tor to access our journalism because they’re technically blocked from accessing our website; or because they worry about local network monitoring; or because they care about online privacy; or simply because that is the method that they prefer. The Times is dedicated to delivering quality, independent journalism, and our engineering team is committed to making sure that readers can access our journalism securely. This is why we are exploring ways to improve the experience of readers who use Tor to access our website. One way we can help is to set up nytimes.com as an Onion Service — making our website accessible via a special, secure and hard-to-block VPN-like “tunnel” through the Tor network. The address for our Onion Service is: https://www.nytimes3xbfgragh.onion/ This onion address is accessible only through the Tor network, using special software such as the Tor Browser. Such tools assure our readers that our website can be reached without monitors or blocks, and they provide additional guarantees that readers are connected securely to our website. Technology Onion Services exist for other organizations — most notably Facebook and ProPublica, each of which have created custom tooling to support their implementations. Our Onion Service is built using the open-source Enterprise Onion Toolkit (EOTK), which automates much of the configuration and management effort. The New York Times’ Onion Service is both experimental and under development. This means that certain features, such as logins and comments, are disabled until the next phase of our implementation. We will be fine-tuning site performance, so there may be occasional outages while we make improvements to the service. Our goal is to match the features currently available on the main New York Times website. Over time, we plan to share the lessons that we have learned — and will learn — about scaling and running an Onion Service. We welcome constructive feedback and bug reports via email to onion@nytimes.com. Finally, we would like to extend our thanks to Alec Muffett for his assistance in configuring the Enterprise Onion Toolkit for our site. https://open.nytimes.com/https-open-...e-e0d0b67b7482 This Store with Nothing for Sale Wants to Help You Take Control of Your Online Privacy Gianluca Mezzofiore There's a lot of high-brow, abstract talk about privacy and personal data. But when it comes to our personal experience with it, all we usually get is a long, boring, overlooked list of conditions that nobody reads before signing up to Facebook or other social media giants. Do we truly understand what part of our digital footprint is owned by these companies? That's why the Glass Room, which just opened in central London, is important. At first sight, it's just another all-white, sleek, shiny, minimalist pop-up tech store, with massive windows overlooking central London and interactive handsets methodically placed in tactical positions. It bears more than a fleeting resemblance to a famous retail store, which shall remain nameless. Except that once you get inside and start checking out the "products", you're left amused at best, desperately baffled at worst. Mozilla and Technical Tech, the organisers of The Glass Room, call it "a tech store with a twist", and its declared purpose is to make the intangible — the theoretical, philosophical world of privacy, data and digital life — tangible in a playful, cheeky manner, so you can make better, informed decisions about your data and the way they interact with big tech companies. "The world of privacy and security is actually very difficult to help individuals understand in a tangible way," Jascha Kaykas-Wolff, Chief Marketing Officer at Mozilla, said. "What happens when they go online and choose to interact with different kinds of businesses? Glass Room is a series of artists' interventions to help you physically feel, touch, and see the way that your data works for different companies." Most of the items exhibited are interactive, from Where The Fk was I?, a book listing the artist's locations from June 2010 to April 2011 as recorded by his Apple's iPhone, to "Smell Dating", a new way to make connections that matches single people based on their olfactory compatibility. Some of the "products" have a dark shroud of creepiness. "Data Production Labour", from artist and activist Manuel Beltran, investigates how the data we produce is a form of productive labour. You simply place your phone on the mat and scroll Facebook, while a sensor records your hand movements and an emotion-recognition software tracks your facial expressions to see your response to what you see. The result is checked against the minimum wage in London. Facial recognition also features in "Megapixel", which is a clever, intuitive way into the dominant debate on AI and privacy. The visitor simply walks up to the front of it and the system starts scanning your face and attempts to match it against a publicly accessible database of photos. "The database that Megapixel uses to train for its facial recognition is available through common licensing, off of Flickr. So what you and I may not know is when you choose to upload your information into a place that we like because it offers a good service, that data is made available to other other businesses that can choose to do whatever they want," Kaykas-Wolff said. A part of The Glass Room is dedicated to the big tech companies — Google, with a piece showing Alphabet's massive network of acquisitions; Facebook, with a model showing Mark Zuckerberg's house; Microsoft, with a remote-control fertility chip developed by the Bill and Melinda Gates Foundation. At the end of your visit, a group of white-clad volunteers called "Ingenious" introduce you to a cheeky tool: the Data Detox Kit, a programme in eight prescribed steps — one for each day — to take back control of your data online and have a healthier relationship with the businesses running your life. "What we don't understand as a mass of people around the world is how we can individually take control of our data," Kaykas-Wolff said. "With Glass Room, they'll understand their relationship into contributing to a healthier internet choosing to do something as simple as let's say shutting off location services on your phone." http://mashable.com/2017/10/25/glass...a-privacy-art/ US Voting Server in Election Security Probe is Mysteriously Wiped Nothing to see here, comrade. Move along, move along Kieren McCarthy Analysis A computer at the center of a lawsuit digging into woeful cyber-security practices during the US presidential election has been wiped. The server in question is based in Georgia – a state that narrowly backed Donald Trump, giving him 16 electoral votes – and stored the results from the state's voting systems. The deletion of its data makes analysis of whether the computer was compromised impossible to ascertain. There is good reason to believe that the computer may have been tampered with: it is 15 years old, and could have be harboring all sorts of exploitable software and hardware vulnerabilities. No hard copies of the votes are kept, making the electronic copy the only official record. It is feared the machine may have been hacked by Russian agents, who have taken a keen interest in the 2016 White House race, or potentially any miscreant on the planet. While investigating the Kennesaw State University's Center for Election Systems, which oversees Georgia's voting system, last year, security researcher Logan Lamb found its system was misconfigured, exposing the state's entire voter registration records, multiple PDFs with instructions and passwords for election workers, and the software systems used to tally votes cast. "You could just go to the root of where they were hosting all the files and just download everything without logging in," he said. He also noted the files had been indexed by Google, making them readily available to anyone looking in the right place. Despite Lamb letting the election center knows of his findings, the security holes were left unpatched for seven months. He later went public after the US security services announced there had been a determined effort by the Russian government to sway the presidential elections, including looking at compromising electronic voting machines. Let's have a look In an effort to force the state to scrap the system, a number of Georgia voters bandied together and sued. They asked for an independent security review of the server, expecting to find flaws that would lend weight to their argument for investment in a more modern and secure system. But emails released this week following a Freedom of Information Act request reveal that technicians at the election center deleted the server's data on July 7 – just days after the lawsuit was filed. The memos reveal multiple references to the data wipe, including a message sent just last week from an assistant state attorney general to the plaintiffs in the case. That same email also notes that backups of the server data were also deleted more than a month after the initial wipe – just as the lawsuit moved to a federal court. It is unclear who ordered the destruction of the data, and why, but they have raised yet more suspicions of collusion between the Trump campaign team, the Republican Party, and the Russian government. So far, everyone is claiming ignorance of the event. A spokesperson for Georgia’s secretary of state, Brian Kemp, who is in overall charge, denied having anything to do with the decision. And the election center's director, Michael Barnes, is refusing to comment. Since the server was not under a court protection order, the destruction of its data is not illegal but it is extremely suspicious. As for the information itself, there is one more avenue to recover it: the FBI took a copy of the server's filesystem contents when it opened an investigation into the system back in March. So far the Feds have refused to say whether they still have that copy. https://www.theregister.co.uk/2017/1...georgia_wiped/ Until next week, - js. Current Week In Review** Recent WiRs - October 21st, October 14th, October 7th, September 30th Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved. "The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public." - Hugo Black __________________ Thanks For Sharing

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11	JackSpratts	Peer to Peer	0	13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11	JackSpratts	Peer to Peer	0	06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10	JackSpratts	Peer to Peer	0	27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10	JackSpratts	Peer to Peer	0	13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09	JackSpratts	Peer to Peer	0	02-12-09 08:32 AM