Peer-To-Peer News - The Week In Review - February 29th, ’20

[JackSpratts]

Since 2002































February 29th, 2020




Super Channel is Suing Retailers, Customers Over TV Boxes and Pirate Content
Erica Alini

A lawsuit filed in Alberta provincial court is raising questions about how popular media-streaming devices are being used -- and whether consumers can be held responsible if they are used to watch illegal content. The suit was filed by Allarco Entertainment, the company that owns Super Channel, and is suing four popular Canadian retailers. Heather Yourex-West explains.

Canadians who bought Android TV boxes from four big-box retailers are among the groups of defendants named in a copyright lawsuit that raises questions about how streaming technology is changing the nature of piracy.

The lawsuit comes from Allarco Entertainment 2008, owner of premium network Super Channel, and centres around so-called “pirate devices” that enable customers to view paid TV programming online for free, according to court documents.

Although the lawsuit doesn’t name the devices, Super Channel president and CEO Don McDonald said they are primarily Android boxes sold pre-loaded with software that enables users to access pirated content.

McDonald says the lawsuit is designed to target what Super Channel considers to be a “culture” of content piracy.

In documents filed in the Court of Queen’s Bench of Alberta, the company says it has suffered “substantial damages” as consumers illegally access content to which Super Channel has the rights in Canada.

Named as defendants in court documents are four of Canada’s largest tech retailers — Staples Canada, Best Buy Canada, London Drugs, and Canada Computers, as well as the suppliers and manufacturers of the devices, as well as so-called “John Doe Customers” who bought the devices from the big-box stores.

In an effort to drive sales, staff and management at the four retailers are “advising,” “educating” and “encouraging” customers to use the devices to “steal” copyrighted material, the lawsuit alleges.

Super Channel is also demanding that the retailers reveal the identity of customers who bought the TV boxes.

The case is part of a recent trend of copyright lawsuits that are targeting end-users.

Undercover video

Super Channel is suing after what it described as an 18-month operation in which the company says it sent company investigators acting as secret shoppers to various Staples, Best Buy, London Drugs and Canada Computers locations across the country, buying approximately 150 of the devices.

The network has submitted in court more than 100 hours of undercover audio and video evidence in which it claims store staff are recorded encouraging customers to watch pirated movies and TV shows and offering instructions on how to do so.

In one video clip that Super Channel says was recorded at a Best Buy in Barrie, Ont., a man who appears to be a salesperson says:

“There’s pirate sites where to go and steal content from, like, HBO Canada.”

In another clip allegedly recorded at a Staples in Langley, B.C., an alleged store employee can be heard saying:

“You just go online in search of the movie and they give you a bunch of links to watch it. … It’s illegal.”

In another clip that Super Channel claims was taken at a London Drugs store in New Westminster, B.C., a man who appears to be a salesperson says:

“Essentially, you’re finding methods in ways of stealing the content.”

Super Channel did not share videos it says it has featuring Canada Computers stores.

In the lawsuit, the company alleges the retailers are “advising their Customers how to avoid detection of their pirating activities,” adding that in some instances they are showing pirate programming to customers in store.

In some of the clips seen by Global News, a Super Channel investigator posing as a customer inquires about how to stream movies that are still in the theatres. On a couple of occasions, for example, the secret shopper is heard wondering about how others were able to watch Jurassic World on their TV just days after its release on the big screen.

In an interview with Global News, McDonald defended those questions.

“The proper training a store person should have is to say, ‘Well, that … would be pirating that content and there’s nothing I can help you with,” McDonald said.

None of the undercover videos show actual customers, McDonald said.

Super Channel said it sent the four retailers cease and desist letters before proceeding with court action. Now, the company is seeking an injunction prohibiting the stores from selling the devices as well as $50 million in damages.

Best Buy and London Drugs deny Super Channel’s allegations.

“We offer technology from reputable manufacturers and leading brands. We take claims of intellectual property infringement seriously, but we believe that Super Channel’s claims are without merit, and intend to defend this action vigorously,” Best Buy said via email.

“We dispute Super Channel’s allegations and will vigorously defend against them,” London Drugs said.

“London Drugs has always respected the rights of content creators and holders of copyright in all forms. We sell products and provide services for many parties engaged in content creation and distribution and recognize and fully support their right to fair compensation.”

Staples declined to comment on matters that are before the courts.

Canada Computers did not respond to multiple requests for comment via phone and email.

Going after consumers

Super Channel wants consumers held responsible as well. Store customers, along with retailers and suppliers, have “intentionally interfered with the economic and business relations of the Plaintiff,” the lawsuit reads.

McDonald’s affidavit says entire seasons of TV series like The Oath and comedy series Swedish Dicks, to which Super Channel owns the rights in Canada, were available to be viewed on the devices before the company was permitted by its licence to show them to its own customers.

By naming unidentified customers as defendants, Super Channel is hoping to “change the culture of content piracy,” McDonald said.

“Most people understand that in order to acquire content, you have to pay for it,“ he added.

Copyright lawyer Howard Knopf, however, raised alarm bells about targeting end-users.

The Super Channel lawsuit is part of “a trend of a number of lawsuits that are going on in Canada, the United States, to basically rein in the internet,” added Knopf, who is counsel with Macera and Jarzyna in Ottawa and has represented some of the retailers in unrelated cases.

A new chapter in the piracy wars

At the core of the Super Channel lawsuit is the question of whether devices like Android boxes are, in fact, primarily meant for illegal use.

That’s a notion technology expert Graham Williams rejects.

“These devices are essentially media streamers. There’s nothing inherent about them that makes them into a pirating device,” said Williams, who is chief strategy officer at Blink, a Vancouver-based digital creative agency.

The boxes look similar to an Apple TV or Roku device but usually run the Android operating system, which is better known for its use on touchscreen mobile devices like smartphones and tablets. The devices can run any number of apps and software, including a piece of free open-source software known as Kodi.

Kodi allows users to stream content like photos, music and movies across devices using the internet. Williams, for example, said he uses Kodi to play his collection of 900 DVDs that he had ripped to a hard drive.

But Kodi, “is pretty much agnostic as to the type of content that it’s streaming,” he said. The software “sees a video file as a video file, whether it’s on your home network or whether it’s been made available for streaming online.”

The software also doesn’t distinguish between legal and pirated content. This can make it hard for consumers to tell the difference as well, Williams said.

“You purchase one of these boxes, you get at home, you click on a movie and you don’t know whether it’s somebody who’s breaking the law to provide it to you or a legal copyright holder,” he said.

McDonald, however, believes most consumers know better. People understand “darn well” that when they’re watching an episode of HBO’s Game of Thrones for free, it’s not legal, he said.

Super Channel argues the main draw of streaming devices that are sold pre-loaded with Kodi software is to enable consumers to illegally watch paid programming for free.

The U.S. non-profit behind Kodi, XBMC Foundation, said the software does not provide any support for bootleg video content.

“We make a basic tool which is highly flexible and effective. Other people including some software developers misuse it by adding to it and encouraging users to perform unlawful activities. We at Kodi have never authorized these and condemn such usage,” the foundation said via email through its legal representatives at the Software Freedom Law Center.

“We have worked in cooperation with media companies on such matters to check illegal activities and we will continue to do so,” the foundation also said.

Google, which developed the Android mobile operating system, did not respond to a request for comment.

For his part, Knopf, the copyright lawyer, links lawsuits like Super Channel’s to Hollywood’s attempted legal crackdown on the VCR in the mid-1980s.

When households started to tape movies and shows that aired on TV, the studios argued “the VCR was to the entertainment industry what the Boston Strangler was to the woman alone,” Knopf recalled.

Eventually, though, Hollywood figured it could make billions off the VCR by renting cassettes at affordable prices, he added.

Something similar happened when Netflix and other streaming services started to make premium content available at low cost, which killed the allure of torrent sites that share pirate content.

But as the number of paid streaming services multiplies, with the arrival of platforms like Disney+ and Apple TV Plus, so do the monthly fees consumers must pay to access popular movies and shows.

This may be increasing the appeal of open-source TV boxes that offer the ability to access movies and TV shows at no other cost other than the initial purchase of the devices, many of which sell for less than $150 in Canada.

“If we go to this splintered world again, where content is less accessible — maybe available online, but expensive — and not on platforms that consumers actually want to use, then we’re going to see a resurgence in piracy,” said David Fewer, an intellectual property and technology lawyer.

But there are a couple of twists in what looks like a new chapter in the war on piracy.

The first is that, according to Fewer, it’s now easier to unintentionally consume pirated content. In the past, consumers had to put in a cassette and press the record button or navigate to the dark corners of the web to download pirated material. Now, they can access illicit content on TV boxes sold by mainstream retailers.

It’s not always obvious which apps and plugins search the internet for pirated content, said Fewer, who serves as executive director of the Samuel-Glushko Canadian Internet Policy and Public Interest Clinic at the University of Ottawa.

The second twist is that simply watching content does not, in itself, break the law in Canada — even if the content was obtained or distributed illegally.

“You’re not making a copy, downloading anything. You’re just streaming it, you’re watching it, you’re experiencing it,” Fewer said.

Both Fewer and Knopf expressed doubts about whether Super Channel will be able to successfully make the case in court that TV boxes with open-source software are, in fact, “pirate devices.” They also questioned whether the company will be able to go after consumers who bought the devices.

Super Channel has withdrawn a similar lawsuit it initially filed in federal court, deciding instead to resubmit the case in Alberta.

Still, piracy rates may be climbing again, Fewer said.

“And that’s not good for anybody.”
https://globalnews.ca/news/6547064/s...-android-kodi/





Love Zombies? Thank the Public Domain
Jenica Jessen

With more than 3.1 million views to date, “Night of the Living Dead” is among the most popular feature films on the Internet Archive. The 1968 movie is also generally acknowledged as one of the landmark films of the horror genre, as well as the work that single handedly created the modern conception of the zombie. But none of that would have been possible without a mistake—one that landed the film firmly in the public domain.

Legends about zombies date back to 19th-century Haitian folklore, and originally featured corpses (or even living people) that were enslaved by powerful sorcerers. However, George Romero—who co-wrote and directed “Night of the Living Dead”—created something quite different for his film. Romero’s monsters were cannibals who craved human flesh, serving nobody and nothing except their mindless hunger. They were victims of disease, transformed by being bitten, whose sudden appearance caused entire societies to collapse. In fact, these creatures were so unique that the movie never even called them “zombies”—Romero referred to his creations as “ghouls.”

At one point, this innovative work-in-progress with its innovative monsters was called “Night of the Flesh Eaters,” but the production company decided to change the title to avoid confusion with a preexisting film. The title card was switched to rename the film “Night of the Living Dead,” accidentally omitting the copyright symbol in the process. Under US intellectual property law at the time, the film immediately entered the public domain. Not only could the film be legally copied, shared, and redistributed—which led to its rapid dissemination through American pop culture—but anybody was free to adapt, change, or borrow from it.

What followed was not only a revolution within the horror genre, but an explosion of zombie-related content. “Night of the Living Dead” spawned nine direct sequels and several unofficial ones, as well as hundreds of works taking advantage of an uncopyrighted new monster. Works ranging from “The Walking Dead” to “World War Z,” “Pride and Prejudice and Zombies” to “Game of Thrones,” or “Resident Evil” to “Shaun of the Dead” all rely on Romero-type zombies or their derivatives.

Zombies dominate pop culture like few monsters have before or since, in large part because artists and authors can reuse, remix, or adapt them without fear. Night of the Living Dead is a shining example of what happens when quality works come into the public domain, joining the marketplace of ideas. If you want to watch this cinematic masterpiece for yourself, download or stream it here!
https://blog.archive.org/2020/02/24/...public-domain/





Musicians Algorithmically Generate Every Possible Melody, Release Them to Public Domain

Damien Riehl and Noah Rubin generated and saved every possible melody to a hard drive, then turned it back around to the commons.
Samantha Cole

Two programmer-musicians wrote every possible MIDI melody in existence to a hard drive, copyrighted the whole thing, and then released it all to the public in an attempt to stop musicians from getting sued.

Programmer, musician, and copyright attorney Damien Riehl, along with fellow musician/programmer Noah Rubin, sought to stop copyright lawsuits that they believe stifle the creative freedom of artists.

Often in copyright cases for song melodies, if the artist being sued for infringement could have possibly had access to the music they're accused of copying—even if it was something they listened to once—they can be accused of "subconsciously" infringing on the original content. One of the most notorious examples of this is Tom Petty's claim that Sam Smith's “Stay With Me” sounded too close to Petty's “I Won’t Back Down." Smith eventually had to give Petty co-writing credits on his own chart-topping song, which entitled Petty to royalties.

Defending a case like that in court can cost millions of dollars in legal fees, and the outcome is never assured. Riehl and Rubin hope that by releasing the melodies publicly, they'll prevent a lot of these cases from standing a chance in court.

In a recent talk about the project, Riehl explained that to get their melody database, they algorithmically determined every melody contained within a single octave.

To determine the finite nature of melodies, Riehl and Rubin developed an algorithm that recorded every possible 8-note, 12-beat melody combo. This used the same basic tactic some hackers use to guess passwords: Churning through every possible combination of notes until none remained. Riehl says this algorithm works at a rate of 300,000 melodies per second.

Once a work is committed to a tangible format, it's considered copyrighted. And in MIDI format, notes are just numbers.

"Under copyright law, numbers are facts, and under copyright law, facts either have thin copyright, almost no copyright, or no copyright at all," Riehl explained in the talk. "So maybe if these numbers have existed since the beginning of time and we're just plucking them out, maybe melodies are just math, which is just facts, which is not copyrightable."

All of the melodies they've generated, as well as the code for the algorithm that generated them, are available as open-source materials on Github and the datasets are on Internet Archive.

According to the project’s website, Rubin and Riehl released these melodies using a Creative Commons Zero license, which means they have “no rights reserved.” Functionally, this means they are similar to public domain works, though copyright lawyers disagree on whether this puts them truly in the public domain. A work is considered in the “public domain” if it’s a government work or if it has had its copyright expire, which happens many decades after a work’s release. The Creative Commons Zero license is the closest an artist can get to putting a work in the public domain without having the copyright actively expire (for more about this, Creative Commons and Motherboard have explainers.)

Whether this tactic actually works in court remains to be seen. Copyright law is complicated and often nonsensical. It’s difficult to say whether a court would consider Riehl to be the author of a melody that is made popular by another artist. In any case, he’s optimistic, and it’s a cool project.

"For just the melody alone, maybe those cases go away," Riehl said. "Maybe they're dismissed."
https://www.vice.com/en_us/article/w...-public-domain





Clarence Thomas Regrets Ruling That Ajit Pai Used to Kill Net Neutrality

Thomas says he was wrong in Brand X case that helped FCC deregulate broadband.
Jon Brodkin

Supreme Court Justice Clarence Thomas wants a do-over on his 2005 decision in a case that had a major impact on the power of federal agencies and regulation of the broadband industry.

In National Cable & Telecommunications Association v. Brand X Internet Services, better known as Brand X, Thomas wrote the 6-3 majority opinion that upheld a Federal Communications Commission decision to classify cable broadband as an information service. But in a dissent on a new case, released Monday, Thomas wrote that he got Brand X wrong. Thomas regrets that Brand X gave federal agencies extensive power to interpret US law, a power generally reserved for judges.

"Regrettably, Brand X has taken this Court to the precipice of administrative absolutism," Thomas wrote. "Under its rule of deference, agencies are free to invent new (purported) interpretations of statutes and then require courts to reject their own prior interpretations."

The impact of Brand X

In Brand X, the Supreme Court upheld a Bush-era FCC decision that classified cable broadband as an information service instead of a telecommunications service, which meant that cable Internet providers would not be regulated as common carriers under Title II of the Communications Act.

But the Supreme Court ruling in Brand X didn't lock the FCC into classifying cable as an information service forever. Instead, Brand X allowed the FCC to classify Internet service as either an information service or telecommunications as long as it provided a reasonable justification. This allowed the FCC to subsequently change its classification decision multiple times.

Under US communications law, telecommunications is defined as "the transmission, between or among points specified by the user, of information of the user's choosing, without change in the form or content of the information as sent and received." It's up to the FCC to decide whether that definition accurately describes broadband, and Republican and Democratic administrations have come to opposite conclusions.

The Obama-era FCC in February 2015 decided that both home and mobile broadband services were telecommunications, and it regulated the industries under Title II in order to impose net neutrality rules. The Trump-era FCC reversed that decision in December 2017, deciding that broadband isn't telecommunications, and thus deregulated the industry.

In each case, the FCC decision was appealed and reviewed by the US Court of Appeals for the District of Columbia Circuit. And in each case, appeals court judges cited Brand X and said the FCC could classify broadband however it wished as long as it provided a reasonable interpretation of US law.

Brand X tied judges' hands to such an extent that Circuit Judge Patricia Millett upheld FCC Chairman Ajit Pai's net neutrality repeal despite calling his claim that broadband isn't telecommunications "unhinged from the realities of modern broadband service." Pai's repeal of net neutrality rules could still be appealed to the Supreme Court.

Despite Thomas' change of heart, Brand X hasn't been reversed. What happened this week is that the Supreme Court decided not to hear a challenge of an appeals court decision in Baldwin v. United States. In Baldwin, the US Court of Appeals for the 9th Circuit cited Brand X when it deferred to an Internal Revenue Service interpretation of US law.

Thomas offered the lone dissent Monday, admitting his 15-year-old mistake in Brand X right up front.

"This petition asks us to reconsider Brand X," Thomas wrote. He continued:

Quote:

Although I authored Brand X, "it is never too late to 'surrende[r] former views to a better considered position.'" Brand X appears to be inconsistent with the Constitution, the Administrative Procedure Act (APA), and traditional tools of statutory interpretation. Because I would revisit Brand X, I respectfully dissent from the denial of certiorari.

https://arstechnica.com/tech-policy/...et-neutrality/





AT&T Loses California Case After Lying To Consumers About 'Unlimited' Data Throttling
Karl Bode

Back in 2014 the FTC sued AT&T for selling "unlimited" wireless data plans with very real and annoying limits. The lawsuit noted that, starting in 2011, AT&T began selling "unlimited" plans that actually throttled upwards of 90 percent of your downstream speeds after using just two or three gigabytes of data. AT&T spent years trying to wiggle out of the lawsuit via a variety of legal gymnastics, including at one point trying to claim that the very same net neutrality and FCC Title II rules AT&T was trying to kill prevented the FTC from holding it accountable.

Nearly a decade after the battle began, the company agreed last fall to a $60 million settlement with the FTC without actually admitting any wrongdoing. That $60 million, after lawyers get a cut, will be split among millions of customers who signed up for AT&T unlimited data plans before 2011. Moving forward, AT&T also has to clearly disclose any limits on its "unlimited data plans" in a conspicuous manner (read: not hidden via fine print or embedded in a hyperlinked asterisk).

But AT&T took another hit last week in a different five-year-old case in California over the throttling. There, AT&T's attempt to ban consumers from suing it for bad behavior was initially upheld by a court ruling in 2016. But a 2017 California Supreme Court decision effectively changed the state's arbitration law, resulting in that AT&T victory being overturned in 2018. AT&T appealed that decision but last week lost the appeal, allowing the case to proceed:

"AT&T appealed that ruling to the US Court of Appeals for the Ninth Circuit, but a three-judge panel at that court rejected AT&T's appeal in a ruling issued Tuesday. Judges said they must follow the California Supreme Court decision—known as the McGill rule—"which held that an agreement, like AT&T's, that waives public injunctive relief in any forum is contrary to California public policy and unenforceable."

"Because we are bound by our decision in Blair [another case involving the McGill rule], we hold that AT&T's arbitration agreement is unenforceable. Accordingly, we affirm the district court's order denying AT&T's motion to compel arbitration," judges wrote Tuesday."

While class action lawsuits certainly have problems (lawyers getting new boats while plaintiffs get pennies being chief among them), they have been known to shift corporate behavior now and again. And however flawed the US class action system is, the binding arbitration system is arguably worse, giving even more power to giant corporations like AT&T, who've already successfully lobbied federal consumer protection and antitrust enforcement into an apathetic coma.

Folks upset at states amping up their consumers protection efforts (see: net neutrality, privacy) should place the blame where it belongs: a wholly corrupted federal government that threw serious consumer protection and corporate accountability overboard thirty to forty years ago.
https://www.techdirt.com/articles/20...rottling.shtml





Cellphone Carriers May Face $200 Million in Fines for Selling Location Data

The F.C.C. is about to propose some of its largest penalties in decades against four top telecommunications companies.
Jennifer Valentino-DeVries

The Federal Communications Commission is set to propose about $200 million in fines against four major cellphone carriers for selling customers’ real-time location data, according to three people briefed on the discussions.

The penalties would be some of the largest the agency has imposed in decades and represent the first action it has taken on the issue, though privacy advocates and critics in Congress say even that response is inadequate. The amount is not final, and the companies — AT&T, Sprint, T-Mobile and Verizon — will have the opportunity to respond and argue against the fines.

The trade in location data has emerged as a sensitive privacy issue because it affects hundreds of millions of people and can reveal intimate details about their lives, including personal relationships and visits to doctors. “It puts the safety and privacy of every American with a wireless phone at risk,” Jessica Rosenworcel, a Democratic commissioner at the F.C.C., said in a statement last month about the agency’s investigation.

Sale of the data is widespread among app makers and other technology companies, but the telecommunications sector is subject to more stringent laws protecting customers’ confidentiality.

Ajit Pai, the F.C.C. chairman, said in a letter to the House Commerce Committee last month that “one or more wireless carriers apparently violated federal law,” but it was unclear at that time what penalty his agency would suggest.

The F.C.C., scheduled to have a public meeting on Friday, has not yet made its proposal official but has the necessary votes, said the three people, who spoke on the condition of anonymity because they were not authorized to discuss the matter publicly.

Agency officials declined to comment until the final vote was announced. The Wall Street Journal reported earlier that the F.C.C. would be seeking fines in the case.

The investigation began after articles in The New York Times and elsewhere showed how carriers’ deals with companies called location aggregators posed privacy risks. The Times in 2018 reported that the data was eventually making its way to law enforcement, including to an official who was charged with using it to track people without a warrant.

Location data from cellphone carriers proved valuable because it was consistently available and included almost every American with a mobile phone. Carriers sold access to it for marketing purposes and services like bank fraud protection, under contracts that required location companies to get customers’ consent, for example by responding to a text message or pressing a button on an app.

But the companies did not always obey those contracts and the carriers had little way of enforcing them, allowing troves of personal information to be used in ways consumers had never intended. The F.C.C. found that the cellphone companies had broken federal law by being negligent with the data.

After the 2018 article and questions from lawmakers, the carriers pledged publicly to limit sales of the data, saying they would wind down their existing contracts with location aggregators. But a report in 2019 showed the data was still available to bounty hunters and others.

Later that year, the companies said in response to questions from an F.C.C. commissioner that they had stopped the practice.

The continued sale of data was the impetus behind the penalties, which amount to tens of millions of dollars for each carrier, people familiar with the matter said. The F.C.C. is fining companies based on the number of days the practice carried on.

“I am committed to ensuring that all entities subject to our jurisdiction comply” with the law and the F.C.C.’s rules, Mr. Pai said in his letter to lawmakers.

But the time between the initial 2018 report and the proposed penalties, and the expected size of the fines, has raised the ire of privacy hawks. One Democratic commissioner, Geoffrey Starks, wrote an opinion piece in The Times last year complaining that “nearly a year after the news first broke, the commission has yet to issue an enforcement action or fine those responsible.”

Senator Ron Wyden, an Oregon Democrat who first raised concerns about the data sharing and has repeatedly questioned the companies and the F.C.C. over the issue, said in a statement on Thursday that the chairman “only investigated after public pressure mounted.”

He said the fines were “comically inadequate” to deter future privacy violations.
https://www.nytimes.com/2020/02/27/t...tion-data.html





Smartphone Startups Take on Google, Apple and Put Privacy First
Nik Martin

We know our digital devices are logging our every move, yet we still trust in Apple, Facebook and Android. What if we "unGoogled" ourselves and took back control of our data? Two startups hope we will do just that.

Last week, Google apologized after users' smartphone videos were mistakenly sent to complete strangers. During a five-day period in November, the privacy breach allowed tens of thousands of people to download footage from the Cloud that didn't belong to them.

While Google insists it takes great care to protect our data, while giving users more control over the information collected about them, the tech giant still watches our every move, even when it says it's not. A recent investigation by The Associated Press found that many Google services on Android and Apple devices stored users' location data even when they had switched off the option in their privacy settings.

This is on top of Google logging every search you make and YouTube video you watch. The tech giant also buys data from non-Google apps and then merges the statistics with other data it holds on you. All this to build the most comprehensive profile of users' behavior which is then sold to advertisers at great profit.

"If you have an Android phone, and that's 74% of global smartphone users, you send 12 megabytes (MB) of personal data per day to Google while the iPhone sends about 6MB," warned Gaël Duval, the creator of a privacy-first smartphone operating system (OS) known as /e/.

Time to get 'unGoogled'

With the support of thousands of backers from a Kickstarter campaign, the Frenchman set up a non-profit to build what he calls a "fully unGoogled mobile ecosystem" that puts privacy and security at the heart of everything it does. The software, — along with its secure storage, email, calendar, search, and app store — doesn't send any data to Google so the tech giant isn't aware that a user exists if they have a smartphone with the software on.

While /e/ focused on the OS that the phone runs on, another startup, the San-Francisco-based Purism crowdfunded $2.6 million (€2.4 million) to build its own privacy-first smartphone. Librem 5 started shipping at the end of last year and looks similar to any Android phone. This device, which runs the firm's own PureOS operating system, also promises not to gather users' data for profit, or lock them into one vendor, like Apple.

"Our applications don't capture and share data with marketing firms and our browser defaults to a search engine that also respects user privacy," Kyle Rankin, Purism's chief security officer, told DW.

Both /e/ and PureOS make it much more difficult for hackers or intelligence agencies to create a backdoor [secret access] to a user's phone, meaning data is also better protected from espionage or cyberattacks. The open-source software, however, can be easily evaluated by other app developers to prove that it is not extracting personal data.

Large range of apps

Both OS systems have a wide range of proprietary apps, which help protect users from insecure third-party alternatives in the Google Play store. /e/ also gives users the ability to download Android apps and gives each one a "privacy score" based on how well they protect users' data.

Purism's Librem 5 costs $749 but there is a 6-month waiting list while production is ramped up. A Made in the USA version is also available for $1999. /e/ comes pre-loaded on several Samsung Galaxy models but the phones are currently only shipped within Europe. Alternatively, tech-savvy users can download /e/ and install it directly onto their smartphone. Duval says it works on almost 90 Android models.

Taking on the giant Google-Apple duopoly is no mean feat. Such is the lure of smartphone technology that many users still prefer to turn a blind eye to the data harvesting carried out by tech giants. A survey conducted last year by Digital Content Next asked what measures users think Google undertakes to improve ad targeting and revealed a real lack of awareness among US consumers.

Around two-thirds of those surveyed didn't realize that the tech giant buys data from third-party apps and then links them to data they already hold on their users. More than half, meanwhile, failed to realize their Google accounts — including Gmail, Google Docs and Calendar — were all being linked to their web and app searches.

Users are 'powerless'

"Even those who are informed about privacy issues feel powerless to do anything about it," Purism's Rankin told DW. "So, what power does an individual have against multi-billion-dollar industries who hire the world's best engineers to capture every last bit of their data?"

Attitudes are, however, changing fast, thanks to numerous data breaches, and as consumers grow suspicious when the ads they are served are increasingly linked to their online behavior. A separate study earlier this year by Deloitte showed that 84% of US consumers think new laws should be enacted to restrict data harvesting and boost online privacy. More than nine-tenths of those surveyed demanded the chance to delete their personal data, while more than 80% thought users should profit from their own data.

Both /e/'s Duval and Rankin are betting their privacy-first products can gain traction before far-reaching legislation forces the hands of Google, Facebook and Apple. But they face resistance from the large sections of the business community that generate big profits from big data.

US consumers want a change in the law and/or a chance to profit from their own data

Rankin told DW that the tech and advertising sectors are "fighting legislation that would put actual limits on their ability to capture and sell people's data by default." He gave the example of where Purism had lobbied for the US state of California's Consumer Privacy Act to only allow user data to be captured if they had explicitly opted in. Big business, however, successfully lobbied to remove that provision before the bill became law.

'Redefining privacy'

Rankin warned that tech giants were now "redefining the word "privacy" in their own marketing." While they may claim to protect it, what they really want is to protect privacy from their competitors, he added. "They add security measures to their software and services so only they can capture, view and sell all of your data and others can't."

For Duval, /e/OS is "an act of resistance and digital sovereignty," that is long overdue. "People are growing increasingly uncomfortable with the tech giants deciding every aspect of our digital life. It encourages a kind of privatized totalitarianism and is a threat to democracy."
https://www.dw.com/en/smartphone-sta...rst/a-52369255





World Wide Web Founder Scales Up Efforts to Reshape Internet
John Thornhill

Inrupt, the start-up company founded by Sir Tim Berners-Lee to redesign the way the web works, is expanding its operational team and launching pilot projects in its quest to develop a “massively scalable, production-quality technology platform”.

Sir Tim, who invented the world wide web in 1989 but has become increasingly critical of the way it has been captured by giant corporations, said there had been a “rush of interest” from open source developers, entrepreneurs, tech company executives and government officials to support Inrupt’s mission to decentralise the web and hand power back to users.

But Inrupt now had to focus on the complexities of turning its underlying Solid technology into a scalable platform. “For the world to experience the true value of the web we’re building, we must address the vital issues related to privacy, trust and security,” he wrote in a blog post.

To tackle those challenges, Inrupt has hired a further five leading technologists, including Bruce Schneier, a veteran cryptography expert, as head of security architecture. The company is also working with the Greater Manchester Combined Authority in the UK to pilot an innovative “early years” app that will digitise children’s healthcare records up to the age of 2.5 years.

Mr Schneier said he believed in Sir Tim’s vision of creating a new distributed data ownership model to challenge the “digital feudalism” of the big tech companies. “The problem is that your data is not under your control. It is on computers owned by lots of other people. And you have no control over it and you do not have access to it in ways that are useful to you,” he said in a telephone interview.

Mr Schneier said it would be an immense challenge to create workable authentication and permission processes to enable Solid to work at scale, but he was convinced it was achievable. “It is ‘going to the moon’ hard rather than ‘faster than light travels’ hard,” he said.

“It is easy if some big party is in control. It has this massive power that decrees this and this is allowed. But if you want to distribute that authority so that users are in control, it is a lot harder.”

Inrupt was founded in 2017 to operationalise the Solid decentralisation technology, developed by Sir Tim’s team at the Massachusetts Institute of Technology. Last year, Inrupt raised a “significant” sum of money, in excess of $10m, from interested tech companies, individuals and institutions to fund the company’s development.

Some of the big tech companies privately dismiss Solid as a quixotic academic project that is unlikely ever to succeed because users are so path dependent on existing data platforms. But some of the biggest tech companies, including Apple, Google, Facebook, Microsoft and Twitter, are publicly backing the Data Transfer Project, launched in 2018, to help create an open-source, data portability platform that could integrate with Solid.

John Bruce, Inrupt’s co-founder and chief executive, said the company was working on several pilot projects, including the one in Manchester.

“We are seeing if we can collectively deliver better healthcare to UK residents. At the moment that data resides in silos across the NHS. Wouldn’t it be cool if it could be securely delivered straight to your nurse or your caregiver,” he said. “You would then have a holistic representation of your healthcare.”
https://www.ft.com/content/343febdc-...5-8e03987b7b20





The Cybersecurity 202: The Justice Department is Giving Up on an Encryption Truce with Big Tech
Joseph Marks

The Justice Department has essentially given up hope that tech companies will voluntarily build into their products a special way for law enforcement to access encrypted communications to help track terrorists and criminals, a top official says.

Instead, the department is focusing on getting legislation that forces companies to cooperate – and is hoping encryption-limiting laws in Australia and the United Kingdom will ease the path for a similar law in the United States, said John Demers, assistant attorney general for national security.

“If there were a proposal from tech companies or a desire to talk about this issue that wasn't just everybody rehashing their own positions…then we'd be happy to hear it,” he said. “But we really haven't gotten anywhere in however many years we've been open to talk.”

The shift illustrates how law enforcement believes it now has a political advantage in the debate over warrant-proof encryption – especially in Congress where lawmakers harangued officials from Apple and Facebook over the systems during a Senate Judiciary Committee hearing in December. As committee chairman Lindsey Graham (R-S.C.) warned the companies then: “You’re going to find a way to do this or we’re going to do it for you.”

“I've never seen such a bipartisan appetite for legislation," Demers said of that hearing. "It seems to me that in Congress something has shifted and it's shifted in favor of trying to find some solution to this problem.”

Demers was speaking with reporters ahead of the RSA Conference in San Francisco – one of the top annual gatherings of tech and cybersecurity executives. But there’s no organized plan to lobby any of those leaders on warrant-proof encryption, he said, describing their positions as “dug in.”

That's a sea change from 2016, when the FBI and Justice Department sought to appeal to Big Tech to find a compromise, as prospects for encryption-limiting legislation seemed all but dead. Back then, the momentum seemed to be security experts who argued there’s no way to give police special access to encrypted systems without raising the risk that criminal hackers could also break into those systems.

The FBI stepped back that year from a legal standoff with Apple in which it tried to force the company to help it crack into an encrypted iPhone used by San Bernardino shooter Syed Farook. And two years later the bureau was rocked by internal watchdog reports that found it had rushed to litigation against Apple without exploring other ways to crack into the phone and repeatedly overstated how many cases were foiled by encryption.

Demers pointed to two big changes since then that have given the government’s encryption arguments juice.

First, Congress and the broader public are feeling a lot less sympathetic to big tech companies in the wake of myriad privacy scandals and after Russian operatives co-opted social media to spread disinformation during the 2016 election.

“If you look at what the feeling is about social media companies in Congress today versus what it was…in 2015, it's very different,” he said. “There’s a sense that social media companies ought to have more responsibility for what's happening on their platforms.”

Second, Australia passed a first-of-its-kind law allowing police to force companies to give them access to encrypted communications in 2018 and the United Kingdom passed a more limited law in 2016.

Demers hopes those laws will create a model for how lawmakers in the United States might limit encryption, he said. But he’s also hoping if encryption-limiting laws spread that will knock back one big argument made by U.S. tech companies – that backdoors for law enforcement will mean lost business to companies in countries that aren’t bound by similar laws.

“If their competitors are in these other countries [with encryption-limiting laws] …then there's not going to be a competitive disadvantage for American companies,” he said.

Justice officials have also shifted their messaging on encryption, talking less about the danger of terrorists recruiting and planning operations outside law enforcement's view and more about the threat of a surge in child predators sharing illicit images or luring children on social media. There are signs it might be working: the tough-on-tech hearing in December came after Attorney General William P. Barr offered a public plea for Facebook to back off plans to expand encryption on its messaging platforms for these reasons.

Facebook refused to change its plans, saying limiting encryption would damage cybersecurity for all its users.
https://www.washingtonpost.com/news/...0fa632ba828ea/





DOJ Plans to Strike Against Encryption While the Techlash Iron Is Hot
Riana Pfefferkorn

There’s a story in today’s Washington Post “Cybersecurity 202” newsletter that confirms that the Department of Justice is capitalizing on the techlash in order to build up congressional support for the DOJ’s long-desired goal of legislation that will restrict your freedom to encrypt your data and communications.

The Post reports that, according to assistant attorney general for national security John Demers, the DOJ has given up hope that tech companies will “voluntarily” backdoor their own encryption, as the agency had been pressing them to do since around 2016. Instead, the DOJ is now “focusing on getting legislation that forces companies to cooperate – and is hoping encryption-limiting laws in Australia and the United Kingdom will ease the path for a similar law in the United States.”

Why now? What’s changed since 2016, when we had the great Apple vs. FBI showdown? According to Demers, two things: (1) the “techlash” by Congress and the public “in the wake of myriad privacy scandals” and the 2016 election; and (2) Australia’s 2018 passage of the Assistance and Access Act, which followed on the heels of similar legislation in the United Kingdom in 2016. Demers “hopes these laws will create a model for how lawmakers in the United States might limit encryption.”

These two factors lay out, straight from the horse’s mouth, what I’ve been saying for a while. It comes as something of a relief for a high-ranking DOJ official to finally acknowledge publicly the playbook I could see they were running to try to get Congress to finally ban strong encryption. That doesn’t mean I’m happy about it.

I explained last month that the techlash has now gained enough momentum that law enforcement may have a fighting chance of getting its anti-encryption wish, under the guise of protecting children, in the form of a terrible bill called the EARN IT Act. That bill doesn’t look much like Australia’s Assistance and Access Act or the UK’s IP Act -- in fact it doesn’t mention the word “encryption” at all -- but right now it’s the lead contender for the DOJ to get an “encryption-limiting law” passed in the U.S.

Exploiting the techlash is a strategy I’ve been calling law enforcement out for since October 2017. It’s incredibly frustrating for me to see that this obvious ploy is working so well. AAG Demers admitted that the DOJ thinks it can persuade congressmembers to be angry at tech companies over encryption because they’re already mad at those companies for violating users’ privacy. But this, let’s call it, transitive rage contradicts itself. Why? Because encryption protects user privacy.

It doesn’t just do that; indeed, information security experts have had to push back for years against the overly simplistic “security versus privacy” framing to emphasize that the encryption debate is primarily a question of “security versus security.” Nevertheless, privacy certainly is one of the main interests that encryption protects. And it doesn’t just shield your data and conversations from criminals and snoops: it can even shield them from the eyes of the entity that provided the encryption. For example, when you use a chat app such as WhatsApp that end-to-end encrypts your conversations by default, not even the app provider (Facebook, in the case of WhatsApp) can read your messages or listen in on your calls. So, if you’re mad at Facebook for invading your privacy, you should be glad that they use encryption that prevents them from snooping on your WhatsApp conversations, and that they’re planning the same for their other messaging services too.

Thus, the DOJ’s strategy is obviously just trying to sow confusion among the public and Congress by mixing up the issues: conflating tech companies’ privacy violations with tech companies’ privacy-protective encryption, as I pointed out in a recent press article. Even Senator Graham, the author of the EARN IT Act bill, admitted in that very same article that this doesn’t make any sense: “When asked whether he saw any tension between Capitol Hill’s ongoing effort to pass privacy legislation and its burgeoning push to mandate encryption backdoors,” Graham admitted he saw “‘a lot.’”

So, if even Senator Graham can see through the DOJ’s ploy to elicit what I’m calling transitive rage, why is it working? The answer might be: children. Per the Post today (and me last fall), “Justice officials have also shifted their messaging on encryption, talking less about the danger of terrorists recruiting and planning operations outside law enforcement's view and more about the threat of a surge in child predators sharing illicit images or luring children on social media.” Congress seems receptive to this child-safety messaging. Legislators expect Big Tech to protect the privacy of users, including children. Encryption shields users’ privacy. Simultaneously, they also expect Big Tech to be able to detect the bad guys on their services, including those who are hurting children. But encryption shields the bad guys too.

How to resolve this dilemma? Previously, the answer from Congress was “do nothing,” both on passing an anti-encryption law -- something for which Congress has heretofore shown no appetite -- and on passing comprehensive federal privacy legislation. But the tide has shifted, the Hill is awash in the techlash, and the DOJ has succeeded in equating being pro-encryption with being anti-child safety. If pedophiles benefit from strong encryption built in by default to popular software and devices, then, according to Senator Graham, nobody should get that benefit anymore. (Never mind that it won’t work out the way he thinks.) In a Congress already dithering over passing a federal privacy law, the child safety rationale may prevail, at the expense of the many interests that encryption protects -- privacy not least among them.

Maybe Graham, in acknowledging the dilemma of demanding both privacy and encryption backdoors simultaneously, was really just tacitly admitting that when 327 million Americans’ privacy is pitted against the rhetorical power of “think of the children,” privacy loses. Overall, the attitude from Congress in 2020 seems to be, to paraphrase Michael Pollan: “Protect users. Not too much. Mostly kids.”

It is likewise unsurprising yet disappointing that DOJ views Australia’s stupid law as clearing the way to make anti-encryption legislation palatable to the U.S. Congress. In October 2018, I warned that the passage of the Australian law (then a pending bill) would likely have a domino effect on other Five Eyes countries, including the U.S. By passing the bill in December 2018, “Australia set an example of a Western democracy passing legislation that undermined encryption, making it look like that’s normal and OK,” I said last summer. It’s not OK, even if it becomes normal. Of the DOJ officials currently rejoicing over the opening Australia and the UK have given them to finally shove anti-encryption legislation through Congress, how many have ever said to their children, “And if all your friends jumped off a bridge, would you jump too?”

The DOJ wants the U.S. to take a blinkered view of how governments should handle the topic of encryption. In July 2018, I had predicted that the DOJ would place itself in an echo chamber where it would listen to “only other countries whose governments have adopted anti-encryption stances,” specifically Australia and the UK, while ignoring countries that have come out more strongly in favor of encryption, such as Germany. That seems to be what’s happening now: the DOJ wants America to imitate Australia, when Germany’s federal Office of Information Security just today issued a set of proposed requirements for smartphones that require full-disk encryption. This shows that another way is possible than the path chosen by the UK and Australia. The German approach may have much to teach the U.S. It is dangerous for DOJ to urge Congress to stick its head in the sand and refuse to listen.

Yet here we are. With the disastrous EARN IT Act bill about to drop, the DOJ is openly and pointedly taking the gloves off in the encryption fight. But make no mistake: once the DOJ throws its knock-out punch, it’ll be your privacy and security that hit the floor.
https://cyberlaw.stanford.edu/blog/2...hlash-iron-hot





Airbnb Just Launched New Surveillance Bugs To Make Sure Guests Behave
Zak Doffman

So this is creepy. Airbnb, the world’s leading short-term rental platform has put aside the stories of hosts secretly spying on guests to launch a range of its own surveillance devices. “We want to help you protect your space, maintain the privacy of your guests, and preserve your relationship with neighbors,” the company says on its website. “This means helping you detect issues in real time.”

There have been issues with the misuse of Airbnb properties—stories hitting the headlines of parties out of control, properties trashed, even the use of rentals to record adult movies. Well, now there’s a solution.

Party prevention device

There are three “party prevention” devices on offer, all are easy to fit, and can be ceiling or wall-mounted. The devices range in price from $100 to $150, with a monthly subscription that varies from nothing to $10 per month, depending on the device you buy and the number of properties you have listed.

Functionality varies: Whereas the Minut device “monitors noise, temperature, motion, humidity and alarms when your property is unoccupied,” the Noise Aware Indoor Sensor “will alert you within minutes of sustained noise levels, not instantaneous noises like doors slamming,” and is being marketed as “the best way to protect your home, your neighbors, and your reputation.”

Airbnb says it does not “endorse” the devices, but it does offer strong customer endorsements, with one U.S. lister telling the platform that “finding Noise Aware was a miracle for us—we now have peace of mind that our neighbors have a peaceful neighborhood. Thank you for developing such a simple system!"

Nils Mattisson, CEO of Minut, told me that “respect for privacy runs through everything we do, and we’re happy to see more people waking up to its importance. We believe that the best way to protect privacy is to not collect personal data in the first place. At Minut we accomplish this by recognizing events on the device and never collecting nor even transmitting any sensitive data across the network. This way we can always guarantee privacy while making home-sharing work for everyone; giving neighbors a good night’s sleep, hosts peace of mind and guests the privacy they deserve."

The devices themselves are not new—Airbnb pushing them to hosts, though, that’s fairly new. It was first announced in December. The devices even come with time-limited discounts to encourage buyers to take the plunge. One of the devices, the platform says, has already protected “over 700,000 reservations—proven to give you peace of mind that you will be the first to know of noise issues, not the last.”

But, for privacy advocates this is the thin end of a scary wedge. “File this under ‘that’s why we can’t have nice things’,” cyber-guru Ian Thornton-Trump told me, warning that “controlling people’s behavior through surveillance reminds me of the panopticon approach to prisons.”

Airbnb needs to do something to keep listings risk-free, this includes monitoring social media and screening guests for those most likely to use properties to host parties that run the risk of getting out of control.

“Perhaps we have detected one of the cracks in the Airbnb business model.” Thornton-Trump said. “The problem is that the few wreck it for the many. When you rent space there is risk—you really can’t escape it. Either choose your guests wisely or run it as a business with requisite licenses and insurance. There are reasons why some things are regulated and will be for the foreseeable future.”

There are rules that go with these installations—the devices are not intended to be hidden, renters should be informed they are in place, everything should be open and transparent. No devices should be installed in bedrooms or bathrooms. And the devices do not record audio or video. What could go wrong?

Airbnb was approached for any comments on this story.
https://www.forbes.com/sites/zakdoff...ou-all-behave/





Coronavirus Spread Benefits Netflix, Other ‘Stay-at-Home’ Companies, Analysts Say
Todd Spangler

Amid fears over a global economic slowdown from the widening coronavirus outbreak, companies like Netflix that provide in-home services are best positioned to withstand the storm or even see upside from the crisis, according to industry analysts.

Netflix “is an obvious beneficiary if consumers stay home due to coronavirus (COVID-19 virus) concerns, and this has been reflected in considerable stock price outperformance this week,” BMO Capital Market analyst Dan Salmon wrote in a research note Friday.

Netflix shares are up 0.8% this week through market close Thursday, amid the worst sell-off on Wall Street in nearly nine years over fears that a broader spread of the coronavirus may lead to a worldwide recession. The S&P 500 index has plunged 8.3% this week through Feb. 27.

In addition to Netflix, other tech companies catering to internet-connected consumers at home that could benefit from coronavirus include Facebook, Amazon, Peloton and Slack, according to MKM Partners analyst JC O’Hara. “We tried to identify what products/services/companies would potentially benefit in a world of quarantined individuals,” O’Hara wrote in a note Thursday, per CNBC. “What would people do if stuck inside all day?”

Earlier this week Perry Sook, CEO of TV giant Sinclair Broadcast Group, also put a positive spin on how coronavirus could affect his business. Nexstar is the largest owner of broadcast TV stations in the U.S. after acquiring Tribune Media last year, with a footprint spanning 197 stations and digital multicast networks in 115 markets.

If coronavirus cases become “more widespread in the United States, and there’s more quarantine in home and all of that, then it could potentially benefit our business because we’d be the primary source of entertainment,” Sook said on Nexstar’s Feb. 26 earnings call when asked about the potential financial impact of the virus.

To date, there have been 83,704 confirmed cases of coronavirus infection and 2,859 deaths, the majority in mainland China, according to the Johns Hopkins Center for Systems Science and Engineering’s coronavirus tracker.

Other analysts have identified home-entertainment providers as seeing a potential silver lining from a wider spread of the virus. “If the contagion became more internationally widespread but short of panic, more people are likely to seek home entertainment options such as from companies like Comcast and AT&T, and streaming TV shows and films from Netflix, Disney Plus, Comcast’s Peacock, AT&T’s HBO Max and others,” Moody’s Investors Services analysts led by Neil Begley commented in a Jan. 29 report.

Companies feeling the most immediate impact from the pandemic have been those with direct exposure to China’s manufacturing sector. Earlier this month, Apple warned investors it would miss revenue estimates for the March 2020 quarter, citing slowdowns in its iPhone supply chain and lower sales in China due to the virus outbreak.

Apple CEO Tim Cook suggested that the worst is over in an interview with Fox Business Channel Thursday. “It feels to me that China is getting the coronavirus under control. You look at the numbers, they’re coming down day by day by day,” Cook said. “And so I’m very optimistic there.”

Among the latest coronavirus-related disruptions, Facebook canceled its F8 2020 developers conference and Disney announced that it will shut down its Tokyo Disneyland and Tokyo DisneySea theme parks for two weeks as a precautionary measure. Meanwhile, K-pop sensations BTS have axed their scheduled April concerts in South Korea over coronavirus concerns.
https://www.newstimes.com/entertainm...r-15091809.php

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

February 22nd, February 15th, February 8th, February 1st

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public." - Hugo Black