P2P-Zone  

Go Back   P2P-Zone > Peer to Peer
FAQ Members List Calendar Search Today's Posts Mark Forums Read

Peer to Peer The 3rd millenium technology!

Reply
 
Thread Tools Search this Thread Display Modes
Old 20-02-13, 08:02 AM   #1
JackSpratts
 
JackSpratts's Avatar
 
Join Date: May 2001
Location: New England
Posts: 10,013
Default Peer-To-Peer News - The Week In Review - February 23rd, '13

Since 2002


































"Just because an IP address is registered to an individual does not mean that he or she is guilty of infringement when that IP address is used to commit infringing activity." – Chief Judge Barry Ted Moskowitz



































February 23rd, 2013




Italian File-Sharing Site Owner Hit with Record $8.5m Fine

"Please explain where is the difference between sites like Google [and ItalianShare]."
Cyrus Farivar

According to local media (Google Translate), Italian authorities have fined the operator of file-sharing site ItalianShare.net with a record penalty: €6.4 million ($8.5 million). It's the largest such figure in the nation's history according to the Italian Music Industry Federation.

The fine is being imposed by the Salermo provincial judicial authority, acting as a result of a case brought by the national Finance Guard’s local office in Agropoli near Naples in southern Italy. The Finance Guard is the Italian agency tasked with cybercrime, financial crime, smuggling, intellectual property infringement, and guarding the national borders, among other duties.

ItalianShare was the largest of a handful of sites under the same network, which boasted more than 300,000 users and more than 30,000 links to unauthorized copyrighted material on BitTorrent, cyberlockers, and eDonkey.

The defendant has only been named publicly under his initials, “PG,” but is better-known under the alias Tex Willer. (The defendant took the name of a popular Italian comic book character from the late 1940s.) In July 2012, PG was arrested (Google Translate) by Italian authorities on charges of copyright violations, tax fraud, personal fraud and more.

Italian authorities said PG made an estimated €580,000 ($775,000) through advertising and donations to his site and by selling his users’ data to advertisers.

“The Italian copyright law provides for additional administrative fines based on the number of works illegally distributed,” Enzo Mazza, FIMI’s president, told TorrentFreak. “Due to the enormous amount of products the fine became so huge.”

Mazza added that if PG does not pay, “He will be prosecuted by the tax authority.”

In November 2011, the Italian tech news site PuntoInformatico, published a letter (Google Translate) from PG in which he outlined his viewpoint on file sharing.

PG espouses a viewpoint similarly argued by the likes of The Pirate Bay founders and Megaupload creator Kim Dotcom. In PG's mind, his sites themselves are not directly infringing copyright; they merely offer links to BitTorrent, eDonkey, and other file formats. “Please explain exactly where is the difference between sites like Google [and ItalianShare],” he wrote.
http://arstechnica.com/tech-policy/2...ord-8-5m-fine/





British Music Industry Bids to Block Three More File-Sharing Sites
Loek Essers

The British Phonographic Industry (BPI) is seeking to block file-sharing sites Fenopy, H33t and Kickass Torrents, the BPI said on Tuesday.

"We are seeking court orders requiring ISPs to block access to three infringing websites," said BPI Director of Communications, Adam Liversage, in an email. The BPI wants the U.K. ISPs BT, Sky, Virgin Media, O2, Everything Everywhere and TalkTalk to block access to these sites, Liversage said.

"The matter is currently being considered by the court and it isn't appropriate to comment further at this point," he added.

BPI's bid to get court orders to block the torrent sites follows a ruling by the British High Court ordering U.K. ISPs to block access to The Pirate Bay in April last year. The ISPs were asked to block access voluntarily, but refused without court orders.
The Pirate Bay ruling, as well as a 2011 ruling forcing BT to block Newzbin2, paved the way for more sites to be blocked, said U.K. consumer rights organization Open Rights Group (ORG) in a blog post on Monday.

"Website blocking is an extreme response. There are growing fears this precedent will make it too easy and quick to block sites. Time needs to be taken to consider the legitimate use of the sites," the ORG said. Furthermore, user rights are not well-represented in these cases, according to ORG.

Therefore, the ORG is planning to start influencing the legal process by hiring a legal officer to ensure user rights are adequately represented in the future, said Jim Killock, executive director of the group. The group started fundraising for a legal officer last year but needs more funds to attract one, Killock said.

The hearings against the three sites were scheduled to take place on Tuesday, but were moved to next week, according to Killock.
http://www.itworld.com/it-management...-sharing-sites





Six Ways Pirates Can Get Around the Coming 'Six Strikes'
Darlene Storm

Last August, Google changed its search algorithms so sites would rank lower based on “the number of valid copyright removal notices” that Google received. But “demoting pirate sites” was not enough, according to Recording Industry Association of America (RIAA) report [PDF]. The RIAA said it has “found no evidence” that Google’s plan is working since “these sites consistently appear at the top of Google’s search results for popular songs or artists.”

Despite the fact that the European Copyright Society (ECS) found that hyperlinking is not copyright infringement, the Hollywood-funded anti-piracy organization BREIN will not be happy until there is no daily limit on reporting “pirate links” to Google, and “wants to increase the daily DMCA cap from 10,000 to 40,000 and eventually remove the restrictions altogether.” However, ECS wrote, “As Tim-Berners Lee, who is regularly accredited as being an inventor of the World Wide Web, has explained, a standard hyperlink is nothing more than a reference or footnote, and that the ability to refer to a document is a fundamental right of free speech.”

The RIAA disagrees and if it had its way, even Google’s auto-complete feature would be wiped clean of “piracy-inducing keywords.” The RIAA report card concluded, "The search rankings for sites for which Google has received large numbers of instances of infringement do not appear to have been demoted by Google’s demotion signal in any meaningful way, at least with respect to searches for downloads or mp3s of specific tracks or artists.” Yet as Techdirt pointed out, most folks unhappy about their Google ranking would stop to learn about search engine optimization. Furthermore, the RIAA doesn’t seem to understand that if logged into Google, then different people see different Google search results. The bottom line: “The RIAA will never, ever be satisfied until Google wipes out all infringement with the magic ‘piracyBgone’ button.”

6 ways online pirating around the Copyright Alert System Six StrikesSpeaking of piracy and the RIAA, the Six Strikes escalated warning system is about to kick in and the idea of Hollywood—an unelected body of industry-connected officials who get to police the Internet—being given that power is such a horribly flawed plan that it is nearly inconceivable the Copyright Alert System (CAS) will soon launch. AT&T, Cablevision, Comcast, Time Warner Cable, and Verizon have struck Six Strikes deals with the Center for Copyright Information devil (RIAA and MPAA members). Some of the ISPs’ Six Strikes plans, like that of Verizon, have leaked out onto the net.

While not advocating piracy and I’m certainly not an expert on pirating, there seem to be many ways around Six Strikes—other than don’t pirate.

1. Since Six Strikes targets BitTorrent users, they should use a VPN or anonymizing proxy service—only 16% of file-sharers hide their IP now. Apparently even some FBI pirates don’t bother with hiding IPs, even though the FBI warns that pirating is a serious, not victimless, crime.

2. Switch over to Usenet or a similiar site.

3. Download from a free file-hosting service such as one listed in Google results that the RIAA is so vehemently opposed to.

4. Switch over to a streaming site without downloading movies. ICE may take it down, but you won’t be targeted by the Copyright Alert System. Torrent Freak reported, “The copyright alerts only target a subgroup of online pirates, namely BitTorrent users. The millions of users of file-hosting services, Usenet and streaming sites are not going to be affected.”

5. Switch to a higher priced business-class account with your ISP so your public Wi-Fi is considered “legitimate.” Jill Lesser, Executive Director of the CCI, claimed that “legitimate” businesses like Starbucks with free Wi-Fi would be immune to “Copyright Alerts.” Instead, “residential Internet accounts are the focus of our program.” If “very small businesses like a home-office or a local real estate office” use a residential account instead of paying big bucks for a business account, then “if an employee of the small business, or someone using an open Wi-Fi connection at the business, engages in infringing activity the primary account owner would receive Alerts.”

On The Media’s Brooke Gladstone interviewed Lesser about the coming Six Strikes in general. To ensure it doesn't happen again when given an alert, aka a strike, one of the punishments is a tutorial for "ensuring their wireless connection is password protected." If and when the fifth and sixth alerts are issued, then after a “copyright tutorial,” a residential-classed account will get cut down to slower-than-molasses speeds of 256kbps for two or three days. Although Lesser previously said Six Strikes was not “punitive,” good luck trying to get anything done at those 1990s speeds.

6. Diehard ‘casual’ pirates could ride out the Six Strikes storm, since nothing more happens after the sixth warning. At the start of WYNC’s OntheMedia interview, it was said that Six Strikes is supposed to "stop serial illegal downloaders." Later during the interview, when asked what happens if you get Strike 7, 8 or 9, Lesser said, “Once they've been mitigated, they've received several alerts, we're just not going to send them any more alerts. Because they are not the kind of customer that we're going to reach with this program." Nothing more “under this program” will happen. "For us it is reaching the casual infringer which is a large percentage of peer-to-peer piracy," Lesser stated.

The third-party tool MarkMonitor will be used to identify users who engage in copyright-infringing activities. It was approved as an accurate tracking methodology by an independent and impartial technical expert that is none other than Stroz Friedberg—a group that “was also the RIAA’s lobbying firm for half a decade.”

If you feel "wrongly accused” then there is a $35 ‘review fee’ to see precisely what you are accused of. It's refunded if you win, but if the Copyright Alert System is so sure of itself then why charge at all? Why not let individuals know what they are accused of without this stipulation that the fee is to stop "frivolous appeals?"

Below is the Copyright Alert System and Six Strikes OnTheMedia interview of the Center for Copyright Information director Jill Lesser

6 ideas to bypass Six Strikes Copyright Alert SystemAgain, I'm not advocating that copyright infringement is right and people should pirate. People work hard to create music, movies, content and they should be paid for it. But just as I was opposed to SOPA, it seems wrong to give Hollywood this much power into our private lives and over the Internet.
http://blogs.computerworld.com/inter...ng-six-strikes





RIAA: Google Failing to Demote Pirate Websites
Nick Kolakowski

The RIAA is claiming that Google has failed in its effort to knock down Websites with multiple copyright-violation notices.

In a new report (PDF), the Recording Industry Association of America (RIAA) claims that Google has failed in its attempt to lower the search-results rankings of so-called “pirate” Websites.

“We have found no evidence that Google’s policy has had a demonstrable impact on demoting sites with large amounts of piracy,” read the report’s summary. “These sites consistently appear at the top of Google’s search results for popular songs or artists.”

Last August, Google indicated that it would start lowering the search-result rankings of Websites with high numbers of “valid” copyright removal notices. “This ranking change should help users find legitimate, quality sources of content more easily—whether it’s a song previewed on NPR’s music website, a TV show on Hulu or new music streamed on Spotify,” Amit Singhal, Google’s senior vice president of Engineering, wrote in a corporate blog posting at the time.

Google, which receives millions of copyright removal notices every month, also offers a counter-notice tool for those who believe their Websites have been unfairly targeted for copyright violations.

Six months after Singhal’s announcement, the RIAA believes those pirate Websites haven’t suffered much from Google’s search adjustment. “The sites we analyzed, all of which were serial infringers per Google’s Copyright Transparency Report, were not demoted in any significant way in the search results,” read the RIAA’s report, “and still managed to appear on page 1 of the search results over 98 percent of the time in the searches conducted.”

Moreover, legitimate downloading Websites such as Amazon only appeared in the top ten results for just over half of the RIAA’s searches. “This means that a site for which Google has received thousands of copyright removal requests was almost 8 times more likely to show up in a search result than an authorized music download site,” the report added. “In other words, whatever Google has done to its search algorithms to change the ranking of infringing sites, it doesn’t appear to be working.”

The RIAA’s researchers performed Google searches for the top 50 tracks on the Billboard Hot 100 list as of December 3, 2012, formatting their search queries as “[artist] [track] mp3” and “[artist] [track] download.” The actual searches took place over a period of “several weeks.” Those researchers performed additional analysis on the results for the top 10 track queries. In a separate study, they also spent several months collecting data on the top 5 search results for “free [artist] mp3” and “free [artist] download.”

In the RIAA’s analysis, a little less than half (4.6) of the top 10 search results were for Websites that had received more than 1,000 copyright removal requests by January 23, 2013; on the flip side, authorized downloading sites appeared a mere 0.6 times out of 10 in those top 10 search results. The RIAA claims that Mp3skull.com, hit with roughly 100,000 instances of infringement, appeared more often as the topmost search result “than all of the well-known, authorized digital music download sites in the top 10 search results.”

The RIAA performed “several more measurements” to determine whether the so-called pirate Websites had truly received a demotion following Google’s August announcement:

Pirate Websites, it concluded, have not been demoted by Google “in any meaningful way, at least with respect to searches for downloads or mp3s of specific tracks or artists.”

Google, of course, needs to negotiate deals with record labels and other content-producers in order to stock its Google Play storefront. If those companies feel that Google isn’t doing enough to suppress piracy (particularly on Google-owned Websites such as YouTube), it could make securing that content a more fraught affair.
https://slashdot.org/topic/cloud/ria...rate-websites/





Germans Can’t See Meteorite YouTube Videos Due to Copyright Dispute

German rights group wants $0.005 per stream and Google says nein.
Cyrus Farivar

Last week, when the world was watching crazy Russian meteorite videos on YouTube, Germans weren’t.

As a result of an ongoing dispute between Google (YouTube's parent company) and GEMA, the primary German performance rights organization, a number of Russian YouTube videos have been blocked from within Germany. The reason? These videos contain background music playing from a Russian car radio.

This is just the latest example of a ridiculous situation that has developed in Germany. According to a recent study by OpenDataCity, more than 60 percent of the top 1,000 YouTube videos are unavailable in Germany because Google assumes the music rights might be owned by GEMA.

Germany doesn’t have an equivalent of the American fair use provision, which this would almost certainly fall under in the United States. Google did not immediately respond to Ars’ requests for comment. However, Google did provide a statement (Google Translate) on February 16, 2013 to the German Journalists’ Union (DJV), which first raised the issue last week. (Full disclosure: I was a DJV member when I was living and working in Germany as a journalist from March 2010 to March 2012.)

“YouTube has no insight into what rights GEMA represents,” the Google subsidiary wrote. “Due to the legal and financial risks that result from these processes in the context of GEMA’s [published royalty fee structure], music videos are blocked in Germany.”

Rights group wants a “per stream rate” of $0.005

In its own statement, the DJV pointed to one specific meteorite video, lamenting this sad state of affairs. The group believes the issue is limiting press freedom in Germany.

That video in particular, when viewed from Germany, results in this error message: “Sorry, this video, which includes music from [Sony Music Entertainment], is not available in Germany because GEMA has not granted the publishing rights thereto.”

When Ars asked GEMA via Twitter how it even knew whether it held the rights to the song in question, the group’s spokesperson, Ursula Goebel, simply wrote (German): “YouTube apparently blocks arbitrarily.”

Last month, GEMA wrote in a statement that Google’s German-language messages are “extremely misleading.”

“The displayed text gives the false impression that GEMA is categorically refusing to license the use of works of music,” wrote Harald Heker, GEMA’s CEO.

“GEMA has, on the contrary, always been willing to grant YouTube a license and YouTube has always had the option of acquiring a license itself in accordance with the legal regulations. For reasons that are unclear to us, YouTube has in the past not been prepared to go down this route. We have so far purposely avoided taking legal steps so as not to encumber the ongoing negotiations with further legal proceedings.”

In the same statement, though, GEMA said it wants royalty rates of a “per stream rate of €0.00375 ($0.005).” The organization has taken this dispute to the Arbitration Board of the German Patent and Trademark Office. In the meantime, GEMA adds that its talks with YouTube had been “broken off.”

GEMA did not respond to Ars’ request to pay €0.00375 to GEMA so that a friend in Germany could see the video in question.
http://arstechnica.com/tech-policy/2...right-dispute/





Anti-Piracy Groups Want Google to Lift DMCA Takedown Cap
Ernesto

Google is being criticized by copyright holders for the limits it puts on the number of “pirate” links that can be removed per day. The Hollywood -funded anti-piracy organization BREIN wants to increase the daily DMCA cap from 10,000 to 40,000 and eventually remove the restrictions altogether. The RIAA further wants the ability to do more queries to find illegal content and previously said that the current limits are “miniscule.”

There’s an interesting battle going on between copyright holders and search giant Google.

Over the past months the number of removal requests has increased dramatically, up to a point where Google hinted that the massive number of takedowns could threaten freedom of speech.

Copyright holders on their turn say that they are simply protecting their business. They are going full steam ahead removing millions of links per week and pushing Google to the limits, quite literally.

As it turns out, Google is throttling the number of daily takedown requests to 10,000 URLs per copyright holder per day. Since some copyright holders are reaching this limit they want Google to lift the cap.

Dutch anti-piracy group BREIN, which represent a variety of media companies, says it is optimistic that Google will soon allow more URLs to be reported.

“We expect to go to a limit of 40,000 URLs per day soon, and eventually we hope to be able to report URLs without any limitations,” BREIN’s director Kim Kuik told Nu.nl.

However, thus far Google hasn’t changed anything and in a response the company defended its policy. Google says it can’t ‘simply’ increase the limits as this may lead to technical problems.

The daily limits are put in place “in order to prevent the system from having to deal with unexpected peaks, which can cause technical problems,” Google spokesman Mark Jansen said in a comment.

BREIN are not alone in their calls for more freedom to censor Google’s index. Their stance is corroborated by other anti-piracy groups including the RIAA.

The RIAA told TorrentFreak that it wants Google to do more, and pointed to critique the record labels gave previously. The RIAA said that with the present limits it can’t successfully defend its rights.

“Google has the resources to allow take downs that would more meaningfully address the piracy problem it recognizes, given that it likely indexes hundreds of millions of links per day. Yet this limitation remains despite requests to remove it,” RIAA noted.

In addition to unthrottling the URL limits, RIAA also says it wants to lift the cap on the number of queries they can execute per day to find infringing content.

“Google places artificial limits on the number of queries that can be made by a copyright owner to identify infringements.”

“The number of queries they allow is miniscule, especially when you consider that Google handles more than 3 billion searches per day. Yet Google has denied requests to remove this barrier to finding the infringements,” RIAA said.

Without these extra powers the copyright holders fear that they are unable to keep up with the hundreds of thousands of infringing links that are added to Google every day.

That said, it is worth nothing that despite BREIN’s calls to lift the 10,000 URL per day limit, the current submission don’t come close to the cap. The group is currently sending less than 5,000 URLs per day on average according to Google’s Transparency Report.

One thing’s for sure, this won’t be the last thing we hear about Google’s takedown policy. Aside from exercising their rights, copyright holders have found that it’s a good way to pressure Google to do more about piracy.
http://torrentfreak.com/anti-piracy-...wn-cap-130219/





Sweden Pirate Party Threatened with Law Suit
Anton Nordenfur

Today,19 February 2013, the Pirate Party of Sweden reported that it received a letter from the Rights Alliance on account of the party supplying The Pirate Bay with Internet access. In the letter, the Rights Alliance makes it clear that they intend to take legal actions against the Pirate Party and its representatives if the party does not shut down The Pirate Bay’s Internet access by February 26.

The Pirate Party’s party leader, Anna Troberg, is upset over the threat:

“The Pirate Party’s operations are legal, and legal operations should not be subject to such threats. It is not illegal to provide The Pirate Bay with Internet access, says Troberg. There is no list of illegal sites that ISPs cannot provide access to.”

Unfortunately this type of blackmail that the Pirate Party is exposed to is not unusual. Large and small internet-providers are often the victims of similar pressure from the copyright industry’s lawyers.

– When they feel that the law isn’t enough they take matters into their own hands and turn the thumb screws on individuals and companies that have a hard time fending off the copyright industry’s wealthy giants, says Troberg. It is depressing that they are still allowed to continue this way without interference by either politicians or the judicial system.

“Similar cases has been marred by shocking miscarriage of justice, which obviously is something we need to take into consideration when deciding how to proceed with this. These days a legal operation is by no means a guarantee for a fair trial. This is why the Pirate Party exists and is needed, more than ever.” Troberg finishes.

The action by the copyright industry follows similar attacks on the Pirate Parties of The Netherlands and The United Kingdom where the leaders of PP.UK were personally threatened with legal action for hosting Pirate Bay proxies.
http://piratetimes.net/sweden-pirate...with-law-suit/





Today, we filed a police report! :D

PRESS RELEASE FOR IMMEDIATE RELEASE

The Pirate Bay, the world’s largest site for cultural diversity and file sharing, has today (Monday 2013-02-18) reported a suspected crime to the Finnish police. The suspected criminals are the Finnish anti-piracy organization CIAPC (locally known as TTVK).

The reason is that CIAPC have copied files from which The Pirate Bay is built, to produce a fraudulent parody site.

While The Pirate Bay may have a positive view on copying, it will not stand by and watch copyright enforcing organizations disrespect copyright.

- It's funny that we have to teach the copyright lobby the meaning of the law. The fact that they wrote it doesn’t mean that they are above it, says Winston Bay.

CIAPC is not new to balancing on the edge of what's right and wrong. Last year, they initiated a police raid against a 9 year old girl and confiscated her Winnie the Pooh laptop.

- CIAPC is like an ugly high school bully without friends. It's time to take a stand. Cyber bullying is a serious matter to us all, Winston Bay continues.

The money that CIAPC might have to pay for this crime will however not end up at The Pirate Bay.

- Our hearts are with the victimized 9 year old Finnish girl. Any money that might come out of this will fund a new computer for the girl.


Facts:
The Pirate Bay is the world’s largest file sharing site.
It ranks as the world’s 58th largest site.
Since its launch in 2003, it has maintained a strong stance for internet freedom and against censorship.
It is run by dozens of individuals from all around the world, all with the same values of liberty, kopimi and progressiveness.
https://thepiratebay.se/blog/227





Motion to Dismiss Complaint for Failure to State a Claim Granted in AF Holdings v Rogers
Ray Beckerman

In a San Diego, California, case, AF Holdings v. Rogers, a motion to dismiss the complaint, for failure to state a claim, has been granted. Chief Judge Barry Ted Moskowitz ruled as follows:

[T]he Court is concerned about the lack of facts establishing that Defendant was using that IP address at that particular time. Indeed, the [complaint] does not explain what link, if any, there is between Defendant and the IP address. It is possible that Plaintiff sued Defendant because he is the subscriber to IP address .... As recognized by many courts, just because an IP address is registered to an individual does not mean that he or she is guilty of infringement when that IP address is used to commit infringing activity.
http://recordingindustryvspeople.blo...r-failure.html





CBS Defeats Musicians' Bid To Block File-Sharing Software
Scott Flaherty

A California federal judge ruled Tuesday that a group of musical artists could not block a CBS Corp. unit from distributing file-sharing software online, saying the musicians had not shown the company intended the software to be used to infringe copyrights.

U.S. District Judge Dale S. Fischer denied a preliminary injunction motion lodged by a coalition of musical artists who allege that CBS Interactive Inc. and CNET Networks Inc. induced copyright infringement by operating CNET's Download.com, a site that hosts Web links to software downloads.
http://www.law360.com/articles/41680...aring-software





Why 3D Printing Will Be The Next Big Copyright Fight
John Paul Titlow

It's finally happening. That moment we've been hearing about for years - the one where futuristic-sounding 3D printing becomes ubiquitous - is actually upon us. President Obama even mentioned 3D printing in his State of the Union address. As prices drop and the technology improves, consumers are awaiting this disruptive new era with bated breath.

So are intellectual property lawyers.

Before long, many of us will be able to print physical objects as easily as we once burned DVDs. And just as the Internet made trading MP3 music files and ripped movies a breeze, downloading 3D images to print on your shiny new MakerBot printer will be as easy as torrenting "The Hurt Locker."

3D Copyright Takedown Notices Begin

Last week, HBO sent a cease-and-desist letter to Fernando Sosa asking him to stop selling a 3D printed iPhone dock he modeled after the Iron Throne chair from the popular HBO TV series Game of Thrones. Even though Sosa designed the dock himself in Autodesk Maya, HBO owns the rights to the show, its characters - and apparently the inanimate objects that appear onscreen.

It has been two years since the first known Digital Millennium Copyright Act (DMCA) takedown notice for a 3D printable object was sent. After 3D artist Ulrich Schwanitz created a printable version of the famous Penrose triangle optical illusion, another modeler mimicked (not copied) the 3D rendering necessary to print his own. Schwanitz sent a copyright infringement complaint, but then later rescinded it and released his design into the public domain.

In that case, the dispute involved two individuals. Now bigger, better-funded copyright owners are getting involved. As user-generated 3D model marketplaces like Thingiverse and Shapeways grow, expect to see them flooded with creations based on trademarked and copyrighted material. And expect to hear about more takedowns, lawsuits and new legal precedents.

Copyright and 3D Printing: It's Complicated

Unlike music and movies, the relationship between copyright and physical objects is not always straightforward. In general, non-artistic objects - that is, items intended to be used rather than admired for their aesthetic value - do not typically fall under the scope of copyright law. Certain objects can be patented, as long as they're not overly generic. Try as you might, though, you can't patent a chair, for example, unless you've designed an entirely new type of chair.

But what if you design a chair with a very unique ornamentation on the armrests? If you download my chair design and print yourself out a version of the chair for your very own, can I sue your brains out, RIAA-style?

When it comes to copyright and objects, courts try to apply what's called a "severability" test. That is, can you "sever" the artistic part from the useful part? If so, the artistic part is typically protected by copyright. The strictly useful part is not.

In a recent white paper titled "What Is The Deal With Copyright and 3D Printing?", Public Knowledge explored these issues, but came up short on clear answers. Precisely how copyright law applies to 3D printing will be established only as the technology grows and lawsuits get filed.

In the meantime, expect the intellectual property disputes to proliferate, almost as rapidly as the technology itself.
http://readwrite.com/2013/02/20/3d-p...opyright-fight





GameStop's Mayan Apocalypse Featured
Erik Kubik

The rumor mill is saying the next generation of consoles might not play used games. What does this mean for retailers such as Amazon, GameStop, and Best Buy? Will gamers flock to the one console that can still play used games? GoozerNation speculates if the Mayan apocalyspse draws near for used game sales

It is commonly known that GameStop makes a killing off its used game market. Gamers trade in x number of games for some credit. GameStop turns around and sells those games at 300% profit and the gamer turns around with their in store credit and uses it to buy new or used games. It is a similar operation at Amazon, Target, TRU, Hastings, and the list goes on and on. This generation has tried to make buying new on day one as attractive as possible. Exclusive DLC for early adopters, requiring one time keys to play online, offering special trade in deals on old games for the new AAA title (something GameStop really pushes), and throwing all sorts of pre-order bonuses at gamers.

If the new 360 cannot play used games, and the lock out method rumors include some sort of chip on the disc itself or something with the console. Who knows? Operation Flashpoint on the PC carried a message that if gamers pirated the game the copied disc would become unplayable

What about game rental services like Gamefly or Redbox? What about game trading sites like Goozex? Would they go along with GameStop and Amazon and focus on the previous generation?

In regards to consoles locking out used games, if the PS4 and the Wii U can play used games, gamers may hold off on buying a new Xbox and instead turn to the PS4 or possibly pick up the Wii U.

If none of the consoles can play used games I could see the price of games coming down. AAA titles may come out at $45 or $50 instead of $60. Retailers might give out more $10 giftcards, or have b2g1 sales more often.

Don’t like buying used games now? There is nothing wrong with that. I support this idea on a semi regular basis, especially for smaller studios. I wait till the games drop in price. Once a game hits the $20-$25 mark and I am interested I usually pick it up. Better yet just hold off until Black Friday. Some of the recent price drops I have seen are Assassin's Creed III for $25, Resident Evil 6for $20, Borderlands 2 for $30, and Paper Mario: Sticker Star for $20.

PC gaming is an entirely different topic. That is an industry where pirating has been going on for years. Although they have tried to combat it with CD keys etc, PC games are getting so cheap digitally that it makes sense to just buy them. A good example is Resident Evil 6, it is $20 for PC on Amazon, and $30 for PS3.

If the next generation of consoles lock out used games, I think more gamers will move to the PC. But for now this is all a rumor. Personally, I think GameStop will still be around for years to come no matter what happens to console gaming.
http://www.goozernation.com/index.ph...-for-gamestop?





Sony Pirates KDE Artwork
Jonathan Riddell

Sony, the company who created Audio CDs which installed a rootkit on Windows computer to try to stop people copying music has pirated KDE artwork. The preferences-system.png icon from Oxygen is on their Choose your Vaio webpages (next to configure) but impressively is also on the UEFI firmware should you boot up into Assist mode. Nowhere on their website terms of use does it list the LGPL 3 licence it may be copied under (It does say "Any unauthorised use or copying of site content, or use of site content which breaches these Terms (or their spirit) may violate trade mark, copyright and other proprietary rights, and have civil and criminal consequences" although it also says "You must seek and obtain the written consent the operator of this site before creating any link to this site" so I don't give that page any legal credit.) Should KDE e.V. and Nuno's Oxygen friends start a new business model by sueing them for everything they're worth?
https://blogs.kde.org/2013/02/21/son...es-kde-artwork





Indie Booksellers Sue Amazon and Big Publishers Over DRM (But Have No Idea What "DRM" and "Open Source" Mean)
Cory Doctorow

A group of independent booksellers have filed a suit against Amazon and the major publishers for their use of DRM, which, the booksellers say, freezes them out of the ebook market:

Alyson Decker of Blecher & Collins PC, lead counsel acting for the bookstores, described DRM as "a problem that affects many independent bookstores." She said the complaint is still in the process of being served to Amazon and the publishers and declined to state how it came about or whether other bookstores had been approached to be party to the suit.

"We are seeking relief for independent brick-and-mortar bookstores so that they would be able to sell open-source and DRM-free books that could be used on the Kindle or other electronic ereaders," Decker explained to The Huffington Post by telephone.

Such a move would lead to a reduction in Amazon's dominant market position, and completely reshape the ebook marketplace.

A spokesman for Fiction Addiction declined to comment as legal proceedings are ongoing. The other plaintiffs and Amazon did not respond to a request for comment.


That sounds great, but when you read the complaint, you find that what they mean by "open source" has nothing to do with open source. For some reason, they're using "open source" as a synonym for "standardized" or "interoperable." Which is to say, these booksellers don't really care if the books are DRM-free, they just want them locked up using a DRM that the booksellers can also use.

There is no such thing as "open source" DRM -- in the sense of a DRM designed to run on platforms that can be freely modified by their users. If a DRM was implemented in modifiable form, then the owners of DRM devices will change the DRM in order to disable it. DRM systems, including so-called "open" DRM systems, are always designed with some licensable element -- a patent, a trademark, something (this is called "Hook IP") -- and in order to get the license you have to sign an agreement promising that your implementation will be "robust" (implemented so that its owners can't change it). This is pretty much the exact opposite of "open source."

It's a pity. I empathize with these booksellers. I hate DRM. But I wish they'd actually bothered to spend 15 minutes trying to understand how DRM works and what it is, and how open source works, and what it is, before they filed their lawsuit. Grossly misusing technical terms (and demanding a remedy that no customer wants -- there's no market for DRM among book-buyers) makes you look like fools and bodes poorly for the suit.
http://boingboing.net/2013/02/20/ind...-amazon-a.html





Supreme Court Preview: Stakes are High in Dispute Over Rights to Genetically Modified Seeds
Ronald Mann

Bowman v. Monsanto Co., scheduled for oral argument Tuesday, presents a high-stakes question about biotech products: how tightly can Monsanto control what users do with the Roundup-resistant soybean seeds that Monsanto has patented?

Although the practical ramifications are substantial, the doctrinal question is quite elegant. Like Kirtsaeng v. John Wiley & Sons, argued during the November sitting, the case involves the “exhaustion” of intellectual property. Generally speaking, it is usually the case that when an owner of intellectual property sells a specific tangible copy of the product, the user is free to do what it wishes with the product, free of further constraints imposed by the IP owner. In the common parlance, the first sale of the particular copy by the IP owner is said to “exhaust” patent (or copyright) protection with respect to that object.

This case presents a nice hypothetical question about that doctrine: what happens when the object that is sold has the inherent ability to produce further (perhaps boundless) copies of itself. Bowman (a soybean farmer) takes the view that once Monsanto sells a particular seed, patent protection ends for the seed. Because the natural purpose of the seed – the purpose for which Monsanto has designed it – is to produce more seeds, the farmer who plants the seeds he purchases from Monsanto is free to go about his business with the purchased seeds.

In this case, Bowman purchased and planted one set of soybean seeds from Monsanto. The seeds (its “Roundup Ready” brand) were highly desirable because they included a genome modified by Monsanto to make them resistant to the herbicide Roundup; that allowed Bowman to use Roundup indiscriminately to kill weeds without any risk of harming the soybean crop. Bowman also purchased another set of so-called “commodity” seeds from a grain elevator. Although the commodity seeds are the commingled results of other farmers’ soybean harvests, the commercial dominance of Monsanto’s Roundup technology means that the overwhelming majority of those seeds in fact are progeny of Monsanto Roundup Ready seeds, which thus carry the Roundup-resistant genetic trait.

Monsanto’s reaction is that Bowman’s use of the commodity seeds plainly violates its patent. From its vantage point, Bowman might have been free to use the seeds he bought from Monsanto (on the theory that Monsanto’s patent rights for those seeds were exhausted by its sale of them), but Monsanto has never sold the seeds that Bowman bought and planted; Monsanto does not, for example, sell seeds to grain elevators. Because Monsanto has never sold those particular seeds, Bowman’s use of them to create new seeds infringes its patent as clearly as if Bowman had made a new light bulb copying Edison’s light-bulb patent.

From that central dispute, the case spins out along a number of potentially important dimensions. A ruling that the sale of a single self-replicating object exhausts patent rights not only for that object but also for its progeny is even more problematic for information technology than it is for seeds; the marginal cost of copying software, for example, is essentially nil. Accordingly, the Court’s ruling on the exhaustion question is of foundational importance for firms in the IT industry.

For another thing, Monsanto’s technology agreement (signed by all farmers who purchase Roundup Ready seeds) includes provisions that prohibit Bowman’s activities. Among other things, those agreements prohibit any planting of progeny seed; the only permitted use of soybean seeds grown from Roundup Ready seeds is sale for food and the like. If the Court rules against Monsanto on the basic exhaustion question, it then must confront the controversial question (crucial to, among others, the software industry) of the enforceability of license agreements that govern the rights of users of IP-infused products. On that question, the United States (which firmly supports Monsanto on the central exhaustion question) argues that the conceded sale makes any subsequent licensing restrictions invalid as to those seeds and their progeny; not surprisingly, amici like the Business Software Alliance contest that idea.

A group of economists also provide a powerful amicus brief in support of Monsanto. They emphasize the “spillover” effects of innovation in this area: the substantial benefits to society as a whole (from increased agricultural productivity), which far exceed the profits biotech firms can earn on their patents; that argument speaks directly to the concern the Justices have expressed in recent years about the balance between encouraging new innovation and fostering dissemination of technology. The economists go on to describe the recent spate of IP literature emphasizing the differing value of patents from sector to sector. As it happens, all of that literature agrees that biotechnology sectors are among the ones where patents are the most valuable, largely because of the immense development costs (hundreds of millions of dollars in this case, for example), the up-front uncertainty of success, and the very low cost of the individual units of the resulting products.

In the end, it seems most unlikely the Court will rule against Monsanto. At the highest level, the correct answer almost has to be that Monsanto has some way to protect its investment in the technology. Although petitioner tries mightily to suggest that Monsanto could protect the value of its investment through contracts or other non-patent mechanisms, Monsanto capably demolishes that contention in its brief. It emphasizes, for example, the large volumes of its seed distributed by the United States in foreign aid programs in less developed countries: is it to be believed that Monsanto will obligate the United States to obligate all of the aid recipients to agree to contracts binding them (and purchasers of their harvest) to comply with Monsanto’s restrictions on seed use?

In sum, it is surely not easy to predict the doctrinal path that the Court will follow. But by far the most likely outcome is one in which the Federal Circuit’s ruling in favor of Monsanto is affirmed.
http://www.scotusblog.com/2013/02/ar...odified-seeds/





EU Parliament Makes More than 900 Changes to Data Privacy Law

Civil liberties groups say politicians have caved in to big business pressure
Jennifer Baker

The European Parliament's industry committee has approved more than 900 amendments to proposed new data protection laws.

Civil liberties groups and consumer organizations were quick to accuse members of the Parliament (MEPs) of caving in to pressure from big business and the U.S.

"The Conservative and Liberal parties in the Parliament have voted against the interests of European consumers, who expect MEPs to ensure existing E.U. data protection standards are not diluted," said Monique Goyens, director general of the European consumer organization, BEUC.

Lobbying continued right up the final minutes before the vote, particularly on members of the liberal ALDE group. Digital civil liberties organization, La Quadrature du Net, posted a message to Twitter to remind citizens that they had "less than an hour" to contact parliamentarians with the aim of blocking "dangerous amendments" supported by the European Peoples Party (EPP) and European Conservatives and Reformists (ECR) .

EPP member Seán Kelly, the parliamentarian charged with steering the text through the Parliament's industry committee, ITRE, denied that he been pressured into any of the amendments. "My door was open, but nobody overly influenced me -- not big companies, NGOs or fellow MEPs," he said after the vote. He said the vote was a credit to the committee, saying the proposals were "by and large, well-balanced."

But according to Jeremie Zimmermann of La Quadrature Du Net, "Most of the compromise amendments attempt to modify the report by relaxing the obligations made to actors collecting personal data."

Digital activists are concerned about text that would allow companies that control data and third parties to process personal data without informing consumers, on grounds of "legitimate interest" except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject.

"This consciously keeps consumers in the dark and affords a license to collect and process personal data according to commercial interests. Regrettably, the majority of ITRE committee members did not remain strong on this in the face of concerted commercial pressure," Goyens said.

"The definition of personal data has also been narrowed to exclude 'pseudonymous data' and suggested safeguards were ignored. This is risky because such data can easily be associated to individuals," she continued.

This amendment seems similar to a Yahoo position document, leaked on Wednesday, in which the U.S. tech giant recommends supplementing "the definition of personal data in the draft regulation by adding a distinct subset of data considered pseudonymous, which will trigger differential obligations."

Meanwhile a new website, LobbyPlag.eu, compares amendments put forward by MEPs with the text submitted by lobbyists for Amazon, eBay and the American Chamber of Commerce. Civil liberties activists are angry that European parliamentarians seem to have copied many amendments from these submissions.

On Thursday the Parliament's employment committee will also vote on the draft report. However, the civil liberties committee, LIBE, is the lead committee in assessing the proposed law and it will take into account the opinions of the other committees before giving its final position, calling the whole European Parliament to vote for or against the new regulation during the final vote in plenary session in April.
http://www.cso.com.au/article/454316...a_privacy_law/





Dear Telstra, Leave My Interwebs Alone
James Manning

Telstra BigPond customers – especially those downloading a lot of pirated content – may soon notice their internet speeds dropping, courtesy of a trial the telco is conducting to, it says, improve its network.

The trial will see the internet speeds of BigPond ADSL customers who choose to share content via peer-to-peer networks deliberately slowed down, known as throttling, during peak periods.

While it is true that a lot of content downloaded over these networks is pirated material including music, movies and software; there is a lot of content that isn't.

Leaving the piracy issue aside, what gives internet service providers the right to selectively filter content and manipulate speeds based on that? It's just as bad as the government's notorious internet filter, which it thankfully backed away from in November last year.

Telstra has stated that the trial aims to better manage the traffic on its ADSL network, which has grown – Telstra claims – due to increased demand for 'real time entertainment'.

What we can deduce from this is that rather than invest in infrastructural upgrades to their network, Telstra will attempt to decrease the quality of internet access for customers who choose not to splash out on Telstra's own entertainment offerings via BigPond and T-Box in favour of those who do. Never mind the fact that all of these people are paying customers.

The Australian Competition and Consumer Commission has expressed concern and says it will investigate if a telco was found to be prioritising its own services.

But what if Telstra isn't necessarily prioritising its own services, what if it's just trying to play internet police?

If I am to pay for high-speed internet access (especially if I was to pay the premium charged by Telstra), I expect to receive that access unfettered and not tampered with before it gets to me.

So is this an attack on our internet freedom, or just good business? Probably both, unfortunately.

A disclaimer: Telstra is not my home internet service provider, but nor will it ever be if this trial becomes permanent, as sources close to the matter have suggested it will.
http://www.theage.com.au/digital-lif...213-2ech0.html





Bypassing Telstra's P2P Crackdown is Child's Play
Adam Turner

Does Telstra really think it can thwart P2P file-sharing, or does it just want to drive data hogs to other ISPs?

Telstra's threat to detect and throttle BitTorrent traffic is back in the headlines this week -- Telstra to clamp down on peer-to-peer -- after the telco confirmed a trial which could become permanent policy. It aims to detect P2P traffic using "deep packet inspection" to see exactly what its customers are uploading and downloading. It's roughly the equivalent of opening your mail to see if you're up to something dodgy -- a practice which naturally doesn't sit well with privacy advocates.

It's not the first time we've heard of such a plan from Telstra. ISPs around the world, including Australia, have deployed various hurdles over the years to thwart peer-to-peer traffic -- even though P2P itself isn't illegal and has many legitimate uses. Telstra's latest plan might sound like the death knell for file-sharing on Bigpond but, just as with the proposed Great Australian Firewall, encryption offers a simple workaround to bypass deep packet inspection.

Popular BitTorrent clients such as uTorrent already feature built-in encryption protocols and enabling them is as simple as ticking a box. Enabling encryption might reduce your download speeds if you only accept connections from other people using encryption. But the trade-off is that Telstra can't open your packets to see if they're P2P traffic. Modern BitTorrent clients are also designed to work around ISP tricks such as port throttling.

As more people start encrypting their P2P traffic, encrypted file-sharing will become faster and perhaps even the norm. Of course you could run a standalone VPN client to encrypt all your internet traffic, which would bypass deep packet inspection but really be overkill and perhaps hamper your internet speeds for other applications and services.

It's not unheard of for ISPs to go the extra step of throttling all VPN encrypted traffic, but Telstra is unlikely to go down this path as it would punish legitimate users, such as people using a VPN to log into work from home. Some ISPs deploy anti-P2P measures which recognise P2P traffic patterns even when it's encrypted, and they're in a cat and mouse battle with those looking to bypass it. Australians will look to the experience of US and Canadian users in their efforts to combat Telstra's anti-P2P plans.

So why would Telstra threaten a crackdown which is so easily bypassed, or else will drive away paying customers? Because it sounds scary, perhaps scary enough to encourage some file-sharers to switch to another ISP. What Telstra really wants is to drive away customers who actually push their broadband connection to the limit. Telstra only wants those juicy customers who pay for bandwidth which they never use, not customers who hammer their connection because they expect to get what they paid for.
http://www.smh.com.au/digital-life/c...206-2dy0n.html





Ad-Titan Google Blocks Adblock Plus in Android Security Tweak

We're being singled out, claims app maker
John Leyden

The maker of Adblock Plus is upset its users must jump through hoops to get its advert-banishing app working on devices running Android - the mobile OS made by advertising giant Google.

The complaint follows moves by Google that made it more difficult for Google Chrome users to use Adblock Plus as a browser extension.

The Android app no longer works out of the box on non-rooted devices running Android 4.1.2 or 4.2.2. Instead it shows a warning box telling users they must manually configure a proxy server: that's because the app works by routing web traffic through a server running on the handheld that filters out websites' adverts before they appear in a browser.

But Google took the position that there is a significant security risk in allowing software to automatically redirect web connections in this manner. The internet giant has now fenced off proxy configuration because malicious programs can use it to intercept users' data and endanger their privacy.

It's this change that's stopping the Adblock Plus app from working unless the user gets busy in the device's proxy settings to allow the app to receive web traffic.

The ad-blocking firm flagged up the drawbacks to the update on the official Android OS development site. Meanwhile Adblock Plus has published a workaround allowing users to continue using its software.

But the suggested solution is an eight-stage process, as illustrated in this guide for Galaxy S3 smartphone owners.

Till Faida, co-founder of the Adblock Plus project, told El Reg: "We are not opposed to the fix per se. We just think Google shouldn't deliberately break any functionality when fixing something. That's why we are hoping Google will not ignore the issue we have created on the Google code forums and provide a solution that addresses security concerns and still respects user's choices."

In Chrome land, Google changed the way users could search for its web browser's apps, and since Adblock Plus was established as an extension, the utility stopped appearing when users looked for apps. Adblock Plus switched to offering a Chrome app on 12 December, only for Google to take it down 12 hours later. The software's maker accused Google of singling out the utility, which we're told has been downloaded 190 million times for Firefox, for unfavourable treatment - and cast the Android security tweaks as the latest skirmish in a long-running battle.

Google is yet to respond to a request from El Reg to expand on the thinking behind its Android security update. We'll update this story as and when we hear more.
http://www.theregister.co.uk/2013/02..._adblock_plus/





Alan F. Westin, Who Transformed Privacy Debate Before the Web Era, Dies at 83
Margalit Fox

Alan F. Westin, a legal scholar who nearly half a century ago defined the modern right to privacy in the incipient computer age — a definition that anticipated the reach of Big Brother and helped circumscribe its limits — died on Monday in Saddle River, N.J. He was 83.

The cause was cancer, his family said.

A lawyer and political scientist, Mr. Westin was at his death emeritus professor of public law at Columbia, where he had taught for nearly 40 years.

Through his work — notably his book “Privacy and Freedom,” published in 1967 and still a canonical text — Mr. Westin was considered to have created, almost single-handedly, the modern field of privacy law. He testified frequently on the subject before Congress, spoke about it on television and radio and wrote about it for newspapers and magazines.

“He was the most important scholar of privacy since Louis Brandeis,” Jeffrey Rosen, a professor of law at George Washington University and the legal affairs editor of The New Republic, said in a telephone interview on Thursday. “He transformed the privacy debate by defining privacy as the ability to control how much about ourselves we reveal to others.”

Since the first hominid grunted gossip about the hominid next door, every new communications medium has entailed new impingements on privacy. In a seminal 1890 article in The Harvard Law Review, Mr. Brandeis, the future Supreme Court Justice, and his law partner, Samuel D. Warren, were the first to articulate privacy as a legal right, defining it as “the right to be let alone.”

Brandeis and Warren were concerned primarily with covert photography; later scholarship, including work by Mr. Westin in the 1950s, centered on things like illegal wiretapping.

But by the 1960s and ’70s, as the widespread computerization of legal, financial, medical and other personal records loomed, technology had outrun the law.

Reproductive rights cases of the period — including the landmark Supreme Court cases Griswold v. Connecticut in 1965 and Roe v. Wade in 1973 — held that the Constitution protected an individual’s right to privacy in matters of the human body, including contraceptive use and abortion rights. But the law was largely silent on the question of how personal data might be used by government or the private sector.

During these years, long before the personal computer and longer still before the Internet, Mr. Westin set out to codify just this kind of privacy for the modern age.

“He knew social history, and he could appreciate the directions that the technology was pushing the social contract,” Lance J. Hoffman, the director of George Washington’s Cyber Security Policy and Research Institute, said in an interview.

Individuals, Mr. Westin argued in “Privacy and Freedom,” have the right to determine how much of their personal information is disclosed and to whom, how it should be maintained and how disseminated.

“This concept became the cornerstone of our modern right to privacy,” said Marc Rotenberg, the executive director of the Electronic Privacy Information Center, an advocacy group in Washington. “Part of ‘Privacy and Freedom’ is the argument that privacy enables freedom.”

“Privacy and Freedom” received two prestigious journalism prizes, the George Polk Award and the Hillman Prize.

The book, along with other work by Mr. Westin, is widely considered the foundation of a spate of modern privacy laws, among them the Privacy Act of 1974, the first law to delimit the gathering and use of personal information by the federal government.

Mr. Westin was no absolutist. In his early work on wiretapping, for instance, he condoned its use in certain instances, including cases where national security was at stake.

His argument prefigured the current national debate about privacy engendered by post-9/11 legislation like the Patriot Act, which Mr. Westin, in a 2003 interview, called “a justified piece of legislation.”

“He insisted on a balance between the competing demands of privacy, disclosure and surveillance,” Mr. Rosen said. “Much of his work in the 1960s and ’70s appears so prescient after 9/11 and in the age of Internet.”

When it came to the use of consumers’ personal data by corporations, Mr. Westin also steered a middle course. Consumers were entitled to withhold such data, he argued, but were equally entitled, if they wished, to have it used to alert them to products and services targeted to their interests. (This stance caused Mr. Westin to be accused by some critics of allying himself too closely with business interests.)

Mr. Westin, who in the 1970s was editor in chief of The Civil Liberties Review, a publication of the American Civil Liberties Foundation, published and edited the newsletter Privacy & American Business from 1993 to 2006. He was a consultant on privacy issues to major corporations, including Equifax, the consumer credit reporting giant; GlaxoSmithKline, the pharmaceutical concern; and Verizon Communications.

Mr. Westin’s wife died before him, as did a son, David. His survivors include a son, Jeremy; a daughter, Debra Westin; and three grandchildren.

A posthumous book by Mr. Westin, about privacy as a historically and philosophically Jewish construct, is being completed by Mr. Rosen.

In recent years, Mr. Westin turned his attention to the Niagara of personal data loosed by Google, Facebook and their ilk. Trying to stem this tide was a hopeless task, and he knew it.

“He recognized that the problems of protecting privacy are now so daunting that they can’t be dealt with by law alone, but require a mix of legal, social and technological solutions,” Mr. Rosen said.

The son of Irving Westin and the former Etta Furman, Alan Furman Westin was born in Manhattan on Oct. 11, 1929; received a bachelor’s degree in political science from the University of Florida in 1948, followed by a law degree from Harvard in 1951; was admitted to the bar in 1952; married Bea Shapoff, a teacher, in 1954 in a ceremony in which the bride wore a waltz-length white gown; joined the Columbia faculty in 1959; earned a Ph.D. in political science from Harvard in 1965 (his dissertation topic was “Privacy in Western Political History”); lived for many years in Teaneck, N.J.; edited a string of books, including “Freedom Now! The Civil-Rights Struggle in America” (1964), “Information Technology in a Democracy” (1971) and “Getting Angry Six Times a Week: A Portfolio of Political Cartoons” (1979); once made a sound recording titled “I Wonder Who’s Bugging You Now”; was a member of the American Civil Liberties Union, the Anti-Defamation League of B’nai B’rith and the American Jewish Congress; had a Social Security number obtained in Massachusetts; and was a registered Democrat who last voted in 2011 — all public information, obtainable online at the touch of a button or two.
https://www.nytimes.com/2013/02/23/u...ies-at-83.html





If You’re Collecting Our Data, You Ought to Protect It
Natasha Singer

LAST summer, employees at the National Aeronautics and Space Administration received an in-house newsletter illustrated with mock front pages of USA Today and The Washington Post and seemingly hyperbolic headlines like: “NASA Laptop Stolen, Potential Compromise of 10,000 Employees’ Private Information!”

The catastrophizing turned out to be prescient.

On Halloween, just a few months after the newsletter went out, a laptop used by an employee at NASA headquarters in Washington was stolen from a parked car. Subsequently, NASA sent letters to about 10,000 current and former employees and contractors, warning them that the laptop had not been encrypted. The letter explained that confidential details — like employees’ names, birth dates, Social Security numbers and, in some cases, personal information from background checks — may have been compromised.

When Robert M. Nelson, a solar systems scientist who recently retired after 34 years at the Jet Propulsion Laboratory, part of NASA, received the letter, he felt vindicated. Several years earlier, he and 27 other civilian scientists at the lab sued the agency to try to stop it from conducting open-ended background checks of researchers like them who worked on nonmilitary space projects.

“You’d think an agent of NASA would be a little more careful,” Dr. Nelson says. “Why does NASA need personal data unrelated to our work and then treat it in such a cavalier way that it is stolen from a car unencrypted?”

NASA has since notified an additional 30,000 people whose personal information may have been on the stolen laptop, says Robert Jacobs, a NASA spokesman. He declined to provide the job title of the person who left the laptop in the car. But he said that there had been no indication of identity theft and that the agency has encrypted practically all of its 38,000 laptops.

By now, reports of lost or stolen business devices are so common that many people open data-breach notices from their banks, insurers, medical institutions, schools and state agencies with something like resignation. In fact, negligence by employees and contractors has been a more common cause of corporate data breaches in the United States than malicious attacks, according to a study of 2011 done by the Ponemon Institute, a research center on data security, and financed by Symantec, a data security company. Institutions, companies and government agencies often devote more resources to collecting information about employees and consumers than to protecting it, security specialists say.

“This is an unfortunate but perfectly cautionary tale of not only how we should look more carefully at protecting data after it is collected,” says Lee Tien, a senior staff lawyer at the Electronic Frontier Foundation, a digital rights group in San Francisco, “but also how the data is to be safeguarded before we collect it to make sure it isn’t used improperly or disclosed accidentally.”

Dr. Nelson and his colleagues at the Jet Propulsion Lab, which is operated for NASA by the California Institute of Technology in Pasadena, didn’t set out to become crusaders for workplace data privacy and security. Initially, they wanted only to challenge NASA’s background checks, arguing that civilian scientists had a right to keep their romantic, psychiatric and other intimate information private from the government. Besides, they contended, the space agency would not be able to safeguard the information.

The scientists took their case all the way to the Supreme Court, only to lose. In 2011, the justices unanimously ruled that NASA had legitimate reasons to look into personal issues, like whether an employee had received drug counseling. A federal law called the Privacy Act of 1974, which restricts how government agencies share a person’s data, the justices said, should protect the information obtained in background checks.

“They were clearly wrong,” says Marc Rotenberg, executive director of the Electronic Privacy Information Center, an advocacy group in Washington that filed a friend-of-the-court-brief in the case. “Exactly the problem people anticipated came to pass.”

Privacy advocates say that one obstacle to improving workplace information security is a lack of consequences for employees who compromise personal data. In 2009, for example, the Government Accountability Office issued a report, titled “NASA Needs to Remedy Vulnerabilities in Key Networks,” which urged the agency to institute whole-disk encryption for all of its laptops. Unlike simple computer login passwords — which can often be guessed or bypassed to get to readable files — disk encryption scrambles files so they can’t be read without the correct key.

NASA eventually required the Jet Propulsion Laboratory to encrypt its laptops. But at the time of the Halloween theft, not all laptops at agency headquarters itself had been encrypted. Susan Landau, a Guggenheim fellow in cyber security, privacy and public policy, says companies and agencies are unlikely to improve data security without the threat of penalty.

“What are the personal consequences for employees who allow data breaches to happen?” Ms. Landau asks. “Until people lose their jobs, nothing is going to change.”

Mr. Jacobs declined to comment about whether NASA had disciplined the employee who left the laptop in the car, saying the issue was “covered by privacy.”

DR. NELSON did not emerge from his data rights battle unscathed. Caltech issued disciplinary citations to five employees of the Jet Propulsion Laboratory, including Dr. Nelson, who had used their nasa.gov e-mail addresses to send messages to thousands of colleagues about the Supreme Court decision. An employee who commits a second offense after receiving such a warning could be fired, Dr. Nelson says.

Lawren B. Markle, a spokesman for Caltech, says the employees used government resources, paid for by taxpayers, “to spam thousands of individuals, government officials and agencies, other businesses, and colleges and universities” with their political views.

“As a federal contractor,” Mr. Markle wrote in an e-mail, “we cannot allow the government resources entrusted to us to be used in this manner and particularly not to lobby for political positions.”

He added that a second warning would not automatically lead to dismissal. “The outcome would depend on the severity of the conduct and the history of the employee’s service,” he said.

The five employees have filed cases with the National Labor Relations Board, saying that they were unfairly disciplined because the e-mails were work-related.

“In the short time since the Supreme Court decision, tens of thousands of people have had their data compromised,” Dr. Nelson says. “For warning about what would eventually become true, we received disciplinary citations.”

An administrative judge is to rule on the matter in the coming months, but a Los Angeles office of the labor relations agency found merit in the scientists’ cases, concluding that Caltech unlawfully issued disciplinary warnings for the e-mails, says Mori Rubin, the regional director of the office. Her office also concluded that Caltech had disciplined the scientists for practices that other employees routinely undertook without penalty.

Such are the risks of taking a public stance on privacy.
https://www.nytimes.com/2013/02/17/t...rotect-it.html





Whatever Happened to the Phone Phreaks?
Chris Baraniuk

Phone phreaks demonstrated that the mundane telephone could become a gateway to virtual adventures which spanned the globe, anticipating the culture of hacking today.

"Let's say a shopping center," says the hacker I'm talking to online. He's British, but is using an alias, 'Belial', and I don't know his real name. "The elevators or lifts inside have emergency telephones and these telephones are attached to the PBX [a small telephone network for a building or business]. The speaker inside the lift has an extension like a phone would and you can dial the phone inside the lifts.

"You can monitor what's going on inside, so you can hear the lift saying 'you are on the third floor'. And you can hear people walking in and out, and you can speak to them and prank them. You can say, 'Due to technical issues, we're going to have to cut the cable on this lift, we apologize for any inconvenience this may cause you,' and stuff like that."

He chuckles a bit at this. And I confess that I do too. Belial experimented with phone phreaking in the 1990s as an Internet-curious teenager. He tells me that finding access to things like telephones in elevators was at the time a matter of using computers to "scan" sets of hundreds of numbers for what he terms "gems" -- call destinations (such as people's hotel rooms) which were worth exploring with a little creativity.

This is the point at which "phone phreaking" (hacking the telephone system) and the modern sense of computer hacking intersect. This, essentially, is phreaking's twilight. But where did the practice of accessing internal numbers, or making long-distance calls for free, or setting up phreak "conferences" that could endure from dusk till dawn actually begin? And what is left of it all today?

To answer the first question I spoke to Phil Lapsley, author of a brilliantly researched new book entitled, Exploding the Phone: The Untold Story of the Teenagers and Outlaws who Hacked Ma Bell.

Early in our interview I ask Lapsley what his personal favorite stories about phone phreaking are. Without much hesitation, he says, "the early days." "The early days," in this context, refers to phone phreaks of the late 1950s and early 1960s. Many of them were students at top universities like Harvard. Others were gifted engineers.

A few still were blind kids with perfect pitch like Joe Engressia who, through whistling into their telephone at precise frequencies, found ways to unlock a vibrant world of interaction and exploration within which natural sight became irrelevant.

"These people kind of crystallise what I love about this subject," explains Lapsley, "Which is simply the combination of innocence and curiosity. These were not people who were out to make free phone calls, you know, for the sake of making free phone calls. They were just like, 'Wow, what happens if. What happens if I dial this number? What happens if I play this tone?' They were simply curious."

Few capture this sense of wistful curiosity better than 'Captain Crunch'. Like Joe Engressia, Captain Crunch was interviewed in depth for a lengthy 1971 investigation into the world of phone phreaking published by Esquire magazine. This piece later became famous as the document with which Steve Wozniak introduced his friend and future business partner Steve Jobs to phone phreaking before they experimented with the phenomenon themselves.

In the Esquire article, Captain Crunch narrates excitedly to his interviewer Ron Rosenbaum the process by which he connected a single long-distance call via switching stations across Asia, Europe, South Africa, South America and the East coast until he reached a specific telephone in California.

Captain Crunch had in fact wrapped his call the entire way around the globe, for the ringing phone he had been patched through to was one right beside him -- his own second line. Crunch picked up the other receiver and listened to his own voice. "Needless to say I had to shout to hear myself," he told Rosenbaum, "But the echo was far out. Fantastic. Delayed. It was delayed twenty seconds, but I could hear myself talk to myself."

Lapsley and I discuss the idea that it was activity like this which brought us the modern paradigm of a hackable worldwide network. That is, a place full of strange, wonderful and sometimes dangerous things within which people were free to communicate and explore as they saw fit.

"It becomes a playground," Lapsley says, describing phone phreaks' determination to access remote or unusual telephone switchboards. "It becomes a question of... how far can you go. 'How close can you get to the north pole?' That's a game some kids used to play. 'Let's pick a spot to see how close we can get to it.' It becomes in some ways like virtual tourism and there's an infinite chain of puzzles. ... You can keep playing this game over and over again."

At this point Lapsley makes a salient observation. He notes that, with the rise of personal computing, it was generally thought that the "killer app" of computers would be software which would deliver some intelligence or insight to help us solve some problem or other.

"These people kind of crystallise what I love about this subject," explains Lapsley, "Which is simply the combination of innocence and curiosity. These were not people who were out to make free phone calls, you know, for the sake of making free phone calls."

"What turned out to be the killer app was people, right?" argues Lapsley. "It turned out to be people connected together via computers. Email becomes the killer app, or Twitter for example, and all these things are what people get excited about because what people really care about, it turns out, is other people."

Thinking about this, my thoughts turn to the writings of Jason Scott, a well-known hacker and Internet archivist who experimented with phone phreaking in his teenage years.

In 2006 he wrote about how he and fellow hackers would phreak their way into teleconferencing systems in order to have all-night group discussions -- always at the expense of someone else (a client of the teleconferencing company).

Scott summed up the vitality of these underground tele-meetings like this: "The difference between a two-party call and a telephone conference was like the difference between a Sno-cone [sic] and skiing. And the best part was how sometimes the conference would come to you, unannounced, just you picking up your ringing phone and a dozen people would call out your name and drag you into the never-ending conversation."

And in another post, he encapsulates beautifully the precise place at which he discovered his own hacker gene: a phreak-friendly payphone a few hundred yards from his house in Brewster, NY: "[It was] a classy, self-contained room that a young fellow spent his youth w[h]iling away the hours in, trying beyond all reason to be somebody different, somebody more powerful, a unique force at an age when you feel anything but."

When I spoke to Belial about how phone phreaking and computer hacking intersected, he echoed this sense of self-discovery and exploration. His goal had been to use phreaking techniques to connect to foreign computer terminals and access BBS (bulletin board systems --- like notice boards for the early Internet).

"It enabled me to be able to dial systems over a longer period of time without ever worrying about a phone bill being expensive," he recalled. "And I guess as a result of that it enabled me to have a wider view on the world, and be able to exchange information with people from Singapore, you know, all the way to New York and anywhere. And as a teenager growing up there were no border boundaries."

As phone companies clamped down on this activity, however, being a phone phreak meant coming up with savvier ways to connect to remote systems. Cruder methods whereby specific frequencies (like 2,600 Hz on US networks) could be used to surreptitiously make connections were eventually stopped when Western phone companies began to install digital filters that could recognise these attempts and block them. "You could blast away all you wanted and you wouldn't be able to get anything out of that switch at all," remembers Belial.

This coincided with the rise of "war dialling" (automatic scanning of numbers) and the creation of software which could use sophisticated, lightweight methods of finding switchboards, often in developing countries, which remained susceptible to phreaking. Belial tells me he knew many 1990s phreaks who he claims essentially had "full control" of such foreign exchanges and could route Internet traffic "any way they wanted." He adds, "It was quite a significant power to have."

These stories of latter-day phreaking via remote telephone exchanges is corroborated by another hacker with whom I make contact. He uses the pseudonym '10nix' and tells me: "I remember some years back there was this switch up in Livengood Alaska (population 29) that still responded to 2,600 Hz, and could be blue-boxed [gaining control over a connection via a device which transmits specific sequences of beeps and boops to the network]. [...]

"I remember getting such delight in calling a number that was not in service, playing 2,600 Hz into the phone, and hearing the switch chirp back. I still have a recording of it somewhere."

But hackers like Belial have still been able to acquire reams of new information through what are essentially just updated phreaking techniques. Belial tells me, for instance, that for a period of "about five or six years" he ran a program to listen for and decode pager messages from the telephone network in Britain.

He explains that he amassed a "significant" amount of them. When I ask what kind of number he's talking about he replies, "Eh, probably something in the region of 21 million."

From automated computer system updates configured by IT administrators to ambulance dispatch commands, Belial claims to have captured a fascinating cross-section of 1990s British telephone network activity. He even put all the messages into a database for his own reference. This allowed him to cross-check computer systems he wished to access since he could look up specific IP addresses and machine information. "As a result I was able to find a large amount of access [codes] -- user access, administrator access -- to telephone conferencing systems for large organizations and multi-nationals."

Belial says he now works professionally in high tech security and tells me that he has, in the past, disclosed system vulnerabilities to organisations potentially at risk. But he comments that such disclosures are rarely taken seriously -- perhaps a symptom of a culture which today can't imagine that telephone systems are really anything to worry about, even though they can to this day provide hackers with access to internal networks.

Since phreaking began with making free calls which shouldn't have been free, it has always occupied a difficult legal space. Phil Lapsley, in his book, charts the herculean efforts AT&T went to over the decades to prosecute and discourage phreaks (and criminals, who often bought blue-boxes) from sponging on their network.

But when I so much as allude to this in an email to 10nix he provides, in no uncertain terms, his view on this issue: "Phreaking has always been about finding and figuring out. It is a disservice to the pioneers of the craft to characterize the goal as theft. The theft was more of a means to an end, and not the goal itself."

In the world of hacking, where interpretation of the law is necessarily somewhat flexible, phreaking and legendary individual phreaks like Captain Crunch have achieved cult status. Depending on who you ask, phone phreaking is either "a dead art" or alive and well even if it "looks different" now.

However, everyone I talked to had a great deal of respect for the global telephone infrastructure, whether or not they had a positive opinion of the companies who own parts of it. As Phil Lapsley put it when I talked to him, phone phreaks demonstrated that the telephone, a seemingly mundane device, could become a "gateway" to virtual adventures which spanned the globe.

Lapsley reiterates to me his belief that this inquisitiveness is a fundamental and valuable part of humanity -- especially for a humanity which day by day absorbs more and more complex machinery for granted, placing it into the background noise of life.

Phone phreaks chose to listen to that noise before spitting oddly sequenced bleeps and tones back at it, "exploding" the quotidian simplicity of the telephone. The aftermath of that explosion has been absorbed into contemporary hacker culture as inspiration, as analogue, even as myth.

We in the mainstream, who are never inclined to unravel the infrastructure which surrounds us, will forever miss the thrill of the hack, the companionship of phreaks and the lost magic of 2,600 Hz.
http://www.theatlantic.com/technology/archive/2013/02/whatever-happened-to-the-phone-phreaks/273332/





"Frost" Attack Unlocks Android Phones' Data By Chilling Their Memory In A Freezer
Andy Greenberg

If you lose possession of an Android phone, your PIN or pattern unlock might not be enough to protect the sensitive data stored on it. Not, at least, after it’s spent an hour in a hacker’s freezer.

A pair of researchers at Erlangen University in Germany have shown that a trick known as a “cold boot attack” can read data from a Samsung Galaxy Nexus running the latest version of Android, even when the phone is protected by a PIN and has its storage disk encrypted. They call their technique FROST, or Forensic Recovery of Scrambled Telephones. By simply cooling the phone to around five degrees Fahrenheit and quickly rebooting it, Tilo Mueller and Michael Spreitzenbarth found they could read data from its memory including images, emails and web browsing history, as well as the key that in some cases allows them to decrypt the phone’s encrypted storage disk.

The attack, which was first shown on PCs in 2008 but has never before been applied to mobile devices, takes advantage of an effect known as the “remanence,” the lingering information that remains for a few moments in a device’s memory even when a power source has been removed. The colder the memory, the longer that information lingers. “RAM doesn’t lose its content immediately,” says Mueller. “If it’s 30 degrees celsisus, it’s lost in one or two seconds. But if you cool the phone, the contents are lost in five or six seconds. That gives us enough time to reboot the phone and access the memory.”

The researchers found that in that cold state, they could quickly remove and replace the battery while holding the phone’s power and volume buttons, which causes the phone to quickly reboot in “fastboot mode.” The entire process takes less than half a second, they say, and allows them to offload the phone’s RAM via USB while it still contains the cold, digital leftovers from before it was switched off.

Among the data stored in that RAM, the researchers found the key to the phone’s encrypted storage disk, which in some cases might give them full access to the device. But that final step would only work in phones with an unlocked bootloader–In its latest version, Samsung locks the bootloader and automatically wipes the user partition if it’s unlocked, preventing them from using the trick.

Even then, the researchers can access all data stored in RAM. Given that phones are rarely switched off, that often contains a significant cache of sensitive personal data, the researchers point out. They found they could recover fully intact address book contacts, thumbnail photos, and Wifi credentials, and partially recover calendar entries, emails, text messages, high-resolution photos, and Web history.

An example image of the Android logo in the device's memory over time at room temperature. The second image shows the state of the image at the earliest point where the researchers were able to extract it. The final image shows how it's deteriorated after six seconds.

Mueller says there are no easy defenses against the attack, other than turning a phone off before it’s out of the owner’s possession. Rebooting a phone more often may also leave less sensitive data in its memory. The researchers say they haven’t yet tested the attack on other phones, but believe that it would likely be much more difficult on iOS.

A graph from the researchers' paper, showing the deterioration of data in memory (in percent of memory lost) over time (in seconds) at different temperatures. Click to enlarge.

In their still-unpublished paper on FROST, the two researchers intend their technique to serve as a warning for Android users and as a useful tool for law enforcement forensic analysts trying to recover data from a seized phone. “It reveals a significant security gap that users should be aware of,” reads the paper. “Since smartphones are switched off only seldom, the severity of this gap is more concerning than on PCs. Second, we provide the recovery utility Frost which allows law enforcement to recover data from encrypted smartphones comfortably.”

See more photos of their technique here.
http://www.forbes.com/sites/andygree...-in-a-freezer/





NBC Says NBC.com Site is Now Safe to Visit

U.S. media company NBC Universal said late on Thursday that its NBC.com website was safe to visit following a security scare prompted by reports that it was infected with malicious software designed for banking fraud and cyber espionage.

"A problem was identified and it has been fixed," an NBC Universal spokeswoman told Reuters. She declined to elaborate on the nature of the problem.

Earlier on Thursday, several security experts had advised Internet users to avoid the site altogether, saying it had been compromised by malicious software.

The Dutch computer security firm SurfRight said on its HitmanPro blog that the site of its NBC television network was tainted with viruses known as the Citadel and ZeroAccess that are used for banking fraud, cyber espionage and other computer crimes.

The NBC spokeswoman said she could not confirm whether any users had been infected. But she said that no account information about users of the site had been compromised.

Earlier in the day, Facebook Inc blocked users from accessing the NBC.com website following reports that the site was infected with a computer virus.

Facebook users were told "This link has been reported as abusive" on Thursday when they attempted to access the NBC.com website.

NBC is controlled by Comcast Inc, which is buying out minority owner General Electric Co.

(Reporting By Jim Finkle and Jennifer Saba; Editing by Gary Hill, Bernard Orr)
http://www.reuters.com/article/2013/...91K1DQ20130221





Security Group Suspects Chinese Military is Behind Hacking Attacks
Ben Blanchard and Joseph Menn

A secretive Chinese military unit is believed to be behind a series of hacking attacks, a U.S. computer security company said, prompting a strong denial by China and accusations that it was in fact the victim of U.S. hacking.

The company, Mandiant, identified the People's Liberation Army's Shanghai-based Unit 61398 as the most likely driving force behind the hacking. Mandiant said it believed the unit had carried out "sustained" attacks on a wide range of industries.

"The nature of 'Unit 61398's' work is considered by China to be a state secret; however, we believe it engages in harmful 'Computer Network Operations'," Mandiant said in a report released in the United States on Monday.

"It is time to acknowledge the threat is originating in China, and we wanted to do our part to arm and prepare security professionals to combat that threat effectively," it said.

China's Defense Ministry issued a flat denial of the accusations and called them "unprofessional". It said hacking attacks are a global problem and that China is one of world's biggest victims of cyber assaults.

"The Chinese army has never supported any hacking activity," the Defense Ministry said in a brief faxed statement to Reuters. "Statements about the Chinese army engaging in cyber attacks are unprofessional and not in line with facts."

Unit 61398 is located in Shanghai's Pudong district, China's financial and banking hub, and is staffed by perhaps thousands of people proficient in English as well as computer programming and network operations, Mandiant said in its report.

The unit had stolen "hundreds of terabytes of data from at least 141 organizations across a diverse set of industries beginning as early as 2006", it said.

Most of the victims were located in the United States, with smaller numbers in Canada and Britain. The information stolen ranged from details on mergers and acquisitions to the emails of senior employees, the company said.

The 12-storey building, which houses the unit, sits in an unassuming residential area and is surrounded by a wall adorned with military propaganda photos and slogans; outside the gate a sign warns members of the public they are in a restricted military area and should not take pictures.

There were no obvious signs of extra security on Tuesday.

The Chinese Foreign Ministry said the government firmly opposed hacking, adding that it doubted the evidence provided in the U.S. security group's report.

"Hacking attacks are transnational and anonymous. Determining their origins are extremely difficult. We don't know how the evidence in this so-called report can be tenable," spokesman Hong Lei told a daily news briefing.

"Arbitrary criticism based on rudimentary data is irresponsible, unprofessional and not helpful in resolving the issue."

Hong cited a Chinese study which pointed to the United States as being behind hacking in China.

"Of the above mentioned Internet hacking attacks, attacks originating from the United States rank first."

"ECONOMIC CYBER ESPIONAGE"

Some experts said they doubted Chinese government denials.

"The PLA plays a key role in China's multi-faceted security strategy, so it makes sense that its resources would be used to facilitate economic cyber espionage that helps the Chinese economy," said Dmitri Alperovitch, chief technology officer and co-founder of CrowdStrike, one of Mandiant's competitors.

Though privately held and little known to the general public, Mandiant is one of a handful of U.S. cyber-security companies that specialize in attempting to detect, prevent and trace the most advanced hacking attacks, instead of the garden-variety viruses and criminal intrusions that befoul corporate networks on a daily basis.

But Mandiant does not promote its analysis in public and only rarely issues topical papers about changes in techniques or behaviors.

It has never before given the apparent proper names of suspected hackers or directly tied them to a military branch of the Chinese government, giving the new report special resonance.

The company published details of the attack programs and dummy websites used to infiltrate U.S. companies, typically via deceptive emails.

U.S. officials have complained in the past to China about sanctioned trade-secret theft, but have had a limited public record to point to.

Mandiant said it knew the PLA would shift tactics and programs in response to its report but concluded that the disclosure was worth it because of the scale of the harm and the ability of China to issue denials in the past and duck accountability.

The company traced Unit 61398's presence on the Internet - including registration data for a question-and-answer session with a Chinese professor and numeric Internet addresses within a block assigned to the PLA unit - and concluded that it was a major contributor to operations against the U.S. companies.

Members of Congress and intelligence authorities in the United States have publicized the same general conclusions: that economic espionage is an official mission of the PLA and other elements of the Chinese government, and that hacking is a primary method.

In November 2011, the U.S. National Counterintelligence Executive publicly decried China in particular as the biggest known thief of U.S. trade secrets.

The Mandiant report comes a week after U.S. President Barack Obama issued a long-awaited executive order aimed at getting the private owners of power plants and other critical infrastructure to share data on attacks with officials and to begin to follow consensus best practices on security.

Both U.S. Democrats and Republicans have said more powerful legislation is needed, citing Chinese penetration not just of the largest companies but of operations essential to a functioning country, including those comprising the electric grid.

(Additional reporting by Michael Martina and Koh Gui Qing in BEIJING, Carlos Barria in SHANGHAI and Jim Finkle in BOSTON; Editing by Robert Birsel and Sanjeev Miglani)
http://www.reuters.com/article/2013/...91I06120130219





A Chinese Hacker's Identity Unmasked
Dune Lawrence, Michael Riley

Joe Stewart’s day starts at 6:30 a.m. in Myrtle Beach, S.C., with a peanut butter sandwich, a sugar-free Red Bull, and 50,000 or so pieces of malware waiting in his e-mail in-box. Stewart, 42, is the director of malware research at Dell SecureWorks, a unit of Dell , and he spends his days hunting for Internet spies. Malware is the blanket term for malicious software that lets hackers take over your computer; clients and fellow researchers constantly send Stewart suspicious specimens harvested from networks under attack. His job is to sort through the toxic haul and isolate anything he hasn’t seen before: He looks for things like software that can let hackers break into databases, control security cameras, and monitor e-mail.

Within the industry, Stewart is well-known. In 2003 he unraveled one of the first spam botnets, which let hackers commandeer tens of thousands of computers at once and order them to stuff in-boxes with millions of unwanted e-mails. He spent a decade helping to keep online criminals from breaking into bank accounts and such. In 2011, Stewart turned his sights on China. “I thought I’d have this figured out in two months,” he says. Two years later, trying to identify Chinese malware and develop countermeasures is pretty much all he does.

Computer attacks from China occasionally cause a flurry of headlines, as did last month’s hack on the New York Times. An earlier wave of media attention crested in 2010, when Google and Intel announced they’d been hacked. But these reports don’t convey the unrelenting nature of the attacks. It’s not a matter of isolated incidents; it’s a continuous invasion.

Malware from China has inundated the Internet, targeting Fortune 500 companies, tech startups, government agencies, news organizations, embassies, universities, law firms, and anything else with intellectual property to protect. A recently prepared secret intelligence assessment described this month in the Washington Post found that the U.S. is the target of a massive and prolonged computer espionage campaign from China that threatens the U.S. economy. With the possible exceptions of the U.S. Department of Defense and a handful of three-letter agencies, the victims are outmatched by an enemy with vast resources and a long head start.

Stewart says he meets more and more people in his trade focused on China, though few want that known publicly, either because their companies have access to classified data or fear repercussions from the mainland. What makes him unusual is his willingness to share his findings with other researchers. His motivation is part obsession with solving puzzles, part sense of fair play. “Seeing the U.S. economy go south, with high unemployment and all these great companies being hit by China … I just don’t like that,” he says. “If they did it fair and square, more power to them. But to cheat at it is wrong.”

Stewart tracks about 24,000 Internet domains, which he says Chinese spies have rented or hacked for the purpose of espionage. They include a marketing company in Texas and a personal website belonging to a well-known political figure in Washington. He catalogs the malware he finds into categories, which usually correspond to particular hacking teams in China. He says around 10 teams have deployed 300 malware groups, double the count of 10 months ago. “There is a tremendous amount of manpower being thrown at this from their side,” he says.

Investigators at dozens of commercial security companies suspect many if not most of those hackers either are military or take their orders from some of China’s many intelligence or surveillance organizations. In general, they say the attacks are too organized and the scope too vast to be the work of freelancers. Secret diplomatic cables published by WikiLeaks connected the well-publicized hack of Google to Politburo officials, and the U.S. government has long had classified intelligence tracing some of the attacks to hackers linked to the People’s Liberation Army (PLA), according to former intelligence officials. None of that evidence is public, however, and China’s authorities have for years denied any involvement.

Up to now, private-sector researchers such as Stewart have had scant success putting faces to the hacks. There have been faint clues left behind—aliases used in domain registrations, old online profiles, or posts on discussion boards that give the odd glimpse of hackers at work—but rarely an identity. Occasionally, though, hackers mess up. Recently, one hacker’s mistakes led a reporter right to his door.

Stewart works in a dingy gray building surrounded by a barbed-wire fence. A small sign on a keycode-locked door identifies it as Dell SecureWorks. With one other researcher, Stewart runs a patchwork of more than 30 computers that fill his small office. As he examines malware samples, he shifts between data-filled screens and white boards scribbled with technical terms and notes on Chinese intelligence agencies.

The computers in his office mostly run programs he wrote himself to dissect and sort the malware and figure out whether he’s dealing with variations of old code or something entirely new. As the computers turn up code, Stewart looks for signature tricks that help him identify the work of an author or a team; software writers compare it with the unique slant and curlicues of individual handwriting. It’s a methodical, technical slog that would bore or baffle most people but suits Stewart. He clearly likes patterns. After work, he relaxes with a 15-minute session on his drum kit, playing the same phrase over and over.

A big part of Stewart’s task is figuring out how malware is built, which he does to an astonishing level of detail. He can tell the language of the computer on which it was coded—helping distinguish the malware deployed by Russian criminal syndicates from those used by Chinese spies. The most important thing he does, however, is figure out who or what the software is talking to. Once inside a computer, malware is set up to signal a server or several servers scattered across the globe, seeking further marching orders. This is known in the information security business as “phoning home.” Stewart and his fellow sleuths have found tens of thousands of such domains, known as command and control nodes, from which the hackers direct their attacks.

Discovery of a command node spurs a noticeable rise in pitch in Stewart’s voice, which is about as much excitement as he displays to visitors. If a company getting hacked knows the Internet Protocol (IP) address of a command node, it can shut down all communication with that address. “Our top objective is to find out about the tools and the techniques and the malware that they’re using, so we can block it,” Stewart says.

The Internet is like a map, and every point—every IP—on that map belongs to someone with a name and an address recorded in its registration. Spies, naturally, tend not to use their real names, and with most of the Internet addresses Stewart examines, the identifying details are patently fake. But there are ways to get to the truth.

In March 2011, Stewart was examining a piece of malware that looked different from the typical handiwork of Russian or Eastern European identity thieves. As he began to explore the command nodes connected to the suspicious code, Stewart noticed that since 2004, about a dozen had been registered under the same one or two names—Tawnya Grilth or Eric Charles—both listing the same Hotmail account and usually a city in California. Several were registered in the wonderfully misspelled city of Sin Digoo.

Some of the addresses had also figured in Chinese espionage campaigns documented by other researchers. They were part of a block of about 2,000 addresses belonging to China Unicom, one of the country’s largest Internet service providers. Trails of hacks had led Stewart to this cluster of addresses again and again, and he believes they are used by one of China’s top two digital spying teams, which he calls the Beijing Group. This is about as far as Stewart and his fellow detectives usually get—to a place and a probable group, but not to individual hackers. But he got a lucky break over the next few months.

Tawnya Grilth registered a command node using the URL dellpc.us. It was a little too close to the name of Stewart’s employer. So Stewart says he contacted Icann (the Internet Corporation for Assigned Names and Numbers), the organization that oversees Internet addresses and arbitrates disputes over names. Stewart argued that by using the word Dell, the hackers had violated his employer’s trademark. Grilth never responded, and Icann agreed with Stewart and handed over control of the domain. By November 2011 he could see hacked computers phoning home from all over the world—he was watching an active espionage campaign in progress.

He monitored the activity for about three months, slowly identifying victim computers. By January 2012, Stewart had mapped as many as 200 compromised machines across the globe. Many were within government ministries in Vietnam, Brunei, and Myanmar, as well as oil companies, a newspaper, a nuclear safety agency, and an embassy in mainland China. Stewart says he’d never seen such extensive targeting focused on these countries in Southeast Asia. He broadened his search of IP addresses registered either by Tawnya Grilth or “her” e-mail address, jeno_1980@hotmail.com, and found several more. One listed a contact with the handle xxgchappy. The new addresses led to even more links, including discussion board posts on malware techniques and the website rootkit.com, a malware repository where researchers study hacking techniques from all over the world.

Then Stewart discovered something much more unusual: One of the domains hosted an actual business—one that offered, for a fee, to generate positive posts and “likes” on social network sites such as Twitter and Facebook. Stewart found a profile under the name Tawnya on the hacker forum BlackHatWorld promoting the site and a PayPal account that collected fees and funneled them to a Gmail account that incorporated the surname Zhang. Stewart was amazed that the hacker had exposed his or her personal life to such a degree.

In February 2012, Stewart published a 19-page report on SecureWorks’s website to coincide with the RSA Conference in San Francisco, one of the biggest security industry events of the year. He prefaced it with an epigraph from Sun Tzu’s The Art of War: “We cannot enter into informed alliances until we are acquainted with the designs of our neighbors and the plans of our adversaries.”

Stewart didn’t pursue Zhang. His job was done. He learned enough to protect his customers and moved on to the other countless bits of malware. But his report generated interest in the security world, because it’s so difficult to find any traces of a hacker’s identity. In particular, Stewart’s work intrigued another researcher who immediately took up the challenge of unmasking Tawnya Grilth. That researcher is a 33-year-old who blogs under the name Cyb3rsleuth, an identity he says he keeps separate from his job running an India-based computer intelligence company. He asked that his name not be used to avoid unwanted attention, including hacking attempts on his company.

Cyb3rsleuth says he’d already found a calling in outing the identities of Eastern European hackers and claims to have handed over information on two individuals to government authorities. Stewart’s work inspired him to post his findings publicly, and he says he hopes that unearthing more details on individual hackers will give governments the evidence to take action. The hackers are human and make mistakes, so the trick is finding the connection that leads to a real identity, Cyb3rsleuth says.

As Stewart’s new collaborator dug in, the window into Tawnya Grilth’s world expanded. There were posts on a car forum; an account on a Chinese hacker site; and personal photos, including one showing a man and a woman bundled up against the wind at what looked like a tourist site with a pagoda in the background.

Cyb3rsleuth followed the trail of the hacker’s efforts to drum up business for the social media promotion service through aliases and forums tied to the Hotmail account. He eventually stumbled on a second business, this one with a physical location. The company, Henan Mobile Network, was a mobile-phone wholesaler, according to business directories and online promotional posts. The shop’s website was registered using the Jeno Hotmail account and the Eric Charles pseudonym.

Cyb3rsleuth checked an online Chinese business directory for technology companies and turned up not only a telephone number for the company but also a contact name, Mr. Zhang, and an address in Zhengzhou, a city of more than 8 million in the central Chinese province of Henan. The directory listing gave three account numbers for the Chinese instant-messaging service called QQ. The service works along the lines of MSN Messenger, with each account designated by a unique number. One of those accounts used an alternate e-mail that incorporated the handle xxgchappy and listed the user’s occupation as “education.”

Putting that e-mail into Chinese search engines, Cyb3rsleuth found it was also registered on Kaixin001.com, a Chinese Facebook-style site, to a Zhang Changhe in Zhengzhou. Zhang’s profile image on Kaixin is of a blooming lotus, a traditional Buddhist symbol. Going back to the QQ account, Cyb3rsleuth found a blog linked to it, again with a Buddha-themed profile picture, whose user went by Changhe—the same pronunciation as the Kaixin user’s given name, though rendered in different characters. The blog contained musings on Buddhist faith, including this, from a post written in Chinese and titled “repentance”: “It’s Jan. 31, 2012 today, I’ve been a convert to Buddhism for almost five years. In the past five years, I broke all the Five Precepts—no killing living beings, no stealing, no sexual misconduct, no lies, and no alcohol, and I feel so repentant.” Amid his list of sins, from lack of sympathy to defensiveness to lying, is No. 4: “I continuously and shamelessly stole, hope I can stop in the future.”

The same QQ number appears on an auto forum called xCar, where the user is listed as belonging to a club for owners of the Dongfeng Peugeot 307—a sporty four-door popular among China’s emerging middle class—and where the user asked, circa 2007, about places to buy a special license-plate holder.

In a photo taken in 2009, Zhang stands on a beach, squinting into the sun with his back to the waves, arm in arm with a woman the caption says is his wife—the same person as in the pagoda picture. His bushy hair is cut short over a young face.

In March, Cyb3rsleuth published what he found on his personal blog, hoping that someone—governments, the research community, or some of the many hacking victims—would act. He knows of no response so far. Still, he’s excited. He’d found the face of a ghost, he says.

The city of Zhengzhou sprawls near the Yellow River in Henan province. The municipal government website describes it as “an example of a remarkably fast-changing city in China (without minor tourism clutter).” Kung-fu fans pass through on their way to the Shaolin Temple, a center of Buddhism and martial arts, 56 miles to the southwest. The city mostly serves as a gigantic transit hub for people and goods moving by rail to other places all over China.

About a 500-meter walk south from the central railway station is a tan, seven-story building with a dirty facade and red characters that read Central Plains Communications Digital City. The building is full of tiny shops, many selling electronics. The address listed for Zhang’s mobile-phone business is on the fourth floor, room A420.

Under dim fluorescent lights, two young clerks tell a reporter that they don’t know Zhang Changhe or Henan Mobile Network. The commercial manager of the building, Wang Yan, says the previous tenant of A420 moved out three years ago; she says she has no idea what the business had been, except that the proprietors weren’t there very often and that the operation didn’t last long.

A Chinese-language search on Google turns up a link to several academic papers co-authored by a Zhang Changhe. One, from 2005, relates to computer espionage methods. He also contributed to research on a Windows rootkit, an advanced hacking technique, in 2007. In 2011, Zhang co-authored an analysis of the security flaws in a type of computer memory and the attack vectors for it. The papers identified Zhang as working at the PLA Information Engineering University. The institution is one of China’s principal centers for electronic intelligence, where professors train junior officers to serve in operations throughout China, says Mark Stokes of the Project 2049 Institute, a think tank in Washington. It’s as if the U.S. National Security Agency had a university.

The gated campus of the PLA Information Engineering University is in Zhengzhou, about four miles north of Zhang Changhe’s mobile shop. The main entrance is at the end of a tree-lined lane, and uniformed men and women come and go, with guards checking vehicles and identification cards. Reached on a cell-phone number listed on the QQ blog, Zhang confirms his identity as a teacher at the university, adding that he was away from Zhengzhou on a work trip. Asked if he still maintained the Henan Mobile telephone business, he says: “No longer, sorry.” About his links to hacking and the command node domains, Zhang says: “I’m not sure.” About what he teaches at the university: “It’s not convenient for me to talk about that.” He denies working for the government, says he won’t answer further questions about his job, and hangs up.

Stewart continues to uncover clues that point to Zhang’s involvement in computer network intrusions. A piece of malware SecureWorks discovered last year and dubbed Mirage infected more than 100 computers, mainly in Taiwan and the Philippines. Tawnya Grilth owned one of the command domains. Late last year, Stewart was looking at malware hitting Russian and Ukrainian government and defense targets. The only other sample of that kind of malware he could find in his database was one that phoned home to a command node at AlexaUp.info. The billing name used in the registration: Zhang Changhe. Stewart says Zhang is affiliated with the Beijing Group, which probably involves dozens of people, from programmers to those handling the infrastructure of command centers to those who translate stolen documents and data. As Stewart discusses this, his voice is flat. He’s realistic. Outing one person involved in the hacking teams won’t stop computer intrusions from China. Zhang’s a cog in a much larger machine and, given how large China’s operations have become, finding more Zhangs may get easier. Show enough of this evidence, Stewart figures, and eventually the Chinese government can’t deny its role. “It might take several more years of piling on reports like that to make that weight of evidence so strong that it’s laughable, and they say, ‘Oh, it was us,’ ” says Stewart. “I don’t know that they’ll stop, but I would like to make it a lot harder for them to get away with it.”
http://mobile.businessweek.com/artic...ntity-unmasked





A Shocking Expose of China’s Black PR Industry Implicates Government Officials, is Quickly Deleted from the Web
C. Custer

Almost everyone knows about the public relations industry, but fewer people know about what in China is referred to as Black PR, the underground internet industry that has evolved with the spread of web 2.0 through China. Black PR firms provide client companies with both post deletion services to help them escape negative news stories, and some also provide placement for soft ads and hit pieces attacking competitors. The top black PR firms can offer these services even for stories posted to China’s most popular news portals.

Caixin, a well-regarded Chinese magazine, recently released a long feature expose on Black PR firms and the industry, but in a sad twist of irony, the story was quickly deleted from the magazine’s website. Luckily, the article has been preserved on the New York Times Chinese site (hat tip to Sinocism for spotting both these links).

Caixin often posts official English translations of its feature articles, but as no translation is available yet, we’re providing a brief summary. The article centers around two public relations companies, Xinxun Media and Yage Times, which until July of 2012 both occupied swanky offices in the high-rent Sanlitun Soho office complex. In July, though, their offices were raided by a swarm of police, and the employees were all detained and questioned.

The ensuing investigation found that the companies, especially Yage, were involved in black PR practices like deleting posts and articles from news portals for clients. This, it turns out, is a highly profitable business; in 2011 alone Yage Times made over 50 million RMB ($7.9 million) in profit according to one executive. And no wonder; according to the Caixin report getting a post deleted could cost from 1,000 to more than 10,000 RMB ($150-$1500 or more), and getting a search keyword blocked costs more than 100,000 RMB ($16,000). Insiders told Caixin that Yage was one of the top black PR firms in the country.

The men behind Yage started deleting posts for money in the mid-2000s as they saw an increasing demand for the service and noticed that it didn’t require much work or technical skill. At the time, it was possible to get a post deleted from Baidu’s Tieba BBS service for free simply by reporting it to the complaints staff at Baidu, but most people didn’t know this, so there was money to be made. Now, though, Caixin says the business is much more complex and carefully orchestrated. Deleting a post generally entails bribing either a management-level worker at the web portal you want to delete the article from or bribing a government or police official who can then send a deletion order to the web portal. In the case of Yage’s post deletion services, the police investigation has already led to ten arrests and more than sixty additional people are under investigation, including police officers in Beijing’s internet management office.

Charging money to delete posts is illegal — this came as a surprise to many of Xinxun and Yage’s employees, according to the Caixin article — but some black PR firms employ even darker tactics. In a pinch, some firms have been known to create fake government stamps and use them to send faux-official takedown notices to get articles pulled from the web. Another tactic is a more classic form of blackmail: the PR firm uses its connections or bribery to place a negative article online, then approaches the company that’s the subject of the article and offers to have it removed — for a high fee, of course.

Yage’s client list apparently includes very high profile companies including China Mobile, Pizza Hut, and Hengda Real Estate among many others.

Corporate entities aren’t the only people making use of black PR firms to delete negative stories, though. According to Caixin’s report — and this is probably why it was deleted — government officials are also willing to pay to get embarrassing posts about themselves and their administrations deleted. Yage Times, for example, made more than sixty percent of its profits from “government officials in second- and third-tier cities, including many police station chiefs and county leaders.” Often, upon seeing negative stories about political leaders, Yage employees would seek out and contact them proactively to arrange for post deletions.

Of course, the quickest way to eliminate a negative story is simply to block the relevant keywords altogether. This is a technique the government uses to restrict sensitive political information, but it’s also employed by black PR firms like Yage. Although Baidu insiders told Caixin this would be impossible to do at all but the highest levels, at one time Yage publicly offered keyword blocking services. Yage workers told Caixin this required using “higher-level powers outside the website,” and that it was very expensive. In other words, they bribed internet management officials, who would then order Baidu (or other search sites) to block the keywords in question. Because that required high-level political connections, it would run clients hundreds of thousands or even millions of RMB (hundreds of thousands of dollars). Some of those “high level” officials are apparently now implicated in the Yage investigation, which is ongoing.

But perhaps more concerning than what happened at Yage is the knowledge that there are still numerous other black PR firms in China, operating more or less as they have for the past few years. If you want to get a negative article scrubbed from the web, or post fake bad news about your competitors, you still have plenty of options. And while it’s increasingly well-understood that such services are illegal — a Baidu search for “delete posts” now displays a special warning reminding users these services aren’t legal, for example — it’s not likely that much will change if black PR companies can make literally millions in profit, and internet management officials and police are all also onboard the money train.

Believe it or not, the Caixin story goes much deeper even than this, and it’s very much worth a read. We’ll be sure to post a link to the official English translation if one becomes available.

(Caixin via New York Times Chinese, image source)
http://www.techinasia.com/caixin-pos...y-deleted-web/





Illinois State Senator Pushes Anti-Anonymity Bill
Josh Peterson

A recently introduced bill in the Illinois state Senate would require anonymous website comment posters to reveal their identities if they want to keep their comments online.

The bill, called the Internet Posting Removal Act, is sponsored by Illinois state Sen. Ira Silverstein. It states that a “web site administrator upon request shall remove any comments posted on his or her web site by an anonymous poster unless the anonymous poster agrees to attach his or her name to the post and confirms that his or her IP address, legal name, and home address are accurate.”

The Democratic lawmaker’s bill, which does not ask for or clarify requirements from entities requesting the comment removal, would take effect 90 days after becoming law.

Pseudonymous and anonymous comments have long been a critical part of U.S. public discourse, though, and the bill may be on shaky legal ground.

The Electronic Frontier Foundation (EFF) noted on its website that the “right to anonymous speech is also protected well beyond the printed page.”

“Thus in 2002 the Supreme Court struck down a law requiring proselytizers to register their true names with the mayor’s office before going door-to-door,” wrote EFF, noting that the Supreme Court protects Internet commentary as it does pamphleteering.

The bill is part of a larger trend of lawmakers seeking to censor anonymous online speech.

The New York State Assembly sought the passage of a similar bill in May 2012, and Arizona lawmakers worked to ban Internet trolling altogether in April 2012. Arizona Gov. Jan Brewer signed the bill into law in May 2012, but only after the contentious language was cut.

Local lawmakers took similar action in Tennessee in 2012, when the Shelby County Commission pressed for a court order to reveal the identities of online commentators who posted nearly 9,000 comments on Memphis news site, Commercial Appeal.

Silverstein did not return The Daily Caller’s request for comment.
http://dailycaller.com/2013/02/21/il...nonymity-bill/





FBI Employees, Entrusted with Stopping Computer Crimes, Commit Them Too

In this episode of Sext-Files: mining FBI databases for dirt on "hot" celebrities.
Nate Anderson

Though FBI agents are held to a high standard of conduct, some fall short—far short. Take, for instance, an incident in 2007 when an FBI employee "drove past a felony traffic stop, yelled 'Rodney King' out his car window and momentarily lost control of his vehicle, swerving into the oncoming lane and almost striking a police officer," according an account of an internal FBI investigation. (When cops pulled him over, the employee claimed he had yelled, "Geeze Louise.")

Thanks to the FBI's Office of Professional Responsibility (OPR), which rounds up accounts of these infractions and distributes the cautionary tales to employees each quarter, we get glimpses of the seedier side of life inside the agency. CNN has obtained a recent set of these memos (after obtaining earlier ones last year) that show employees sexting, breaking e-readers, viewing pornography in the office, improperly accessing databases, and even shoplifting "two ties from a local retailer."

Given the FBI's size, the number of such infractions is quite low, and the OPR investigations are encouraging. Still, they serve as a reminder of the need to watch the watchers. Here are some of the most intriguing technology-related offenses from FBI personnel over the last five years.

• "During argument with spouse, Employee broke spouse's e-reader in half and pointed unloaded gun at dog's head while dog was sitting in spouse's lap." The OPR report notes that the use of a handgun was "an extraordinarily serious escalation" of the situation.
• "Employee had a recording device in supervisor's office. In addition, without authorization, Employee made copies of supervisor's negative comments about Employee that Employee located by conducting an unauthorized search of the supervisor's office and briefcase." The employee in question then turned this information over to a lawyer and lied about the whole thing during an internal investigation. The employee was subsequently dismissed.
• "Employee destroyed or hid electronic surveillance (ELSUR) evidence instead of properly processing it. An enormous backlog of unprocessed evidentiary material accumulated over several years. When questioned about it, Employee repeatedly lied to supervisors and hid/destroyed the unprocessed tapes." The mishandling "negatively impacted investigations" and led to the employee's dismissal.
• "An employee failed to properly identify and secure materials on a thumb drive related to a child pornography investigation. As a result, the material was inadvertently viewed by other FBI employees."
• "An employee used FBI equipment to view pornographic movies in the office while sexually satisfying himself. In aggravation, the employee was a supervisor."

Database dives

An entire class of bad behavior concerns unauthorized usage of the FBI's vast databases. In a January 2013 internal e-mail, OPR said it had found only one recent case where an employee "made unauthorized use of FBI database to search for information about friends and coworkers"; that person was suspended for five days.

This is pretty tame stuff compared to past infractions. In late 2007, for instance, an employee was found to have "conducted more than 1,500 unauthorized FBI database searches" and to have shared some of that material with people outside the agency.

In early 2008, an FBI employee "searched FBI databases for information on public celebrities the employee thought were 'hot.' The employee also conducted NCIC searches on two employees' boyfriends and shared the results with those employees."

In late 2010, an employee was found to have "misused government database [sic] to conduct name checks on to friends who were foreign nationals employed as exotic dancers. Employee also failed to report his contact with foreign nationals and brought the two friends into FBI space after hours without proper authorization." And lest you think the employee was some intern who may not have known the rules, the report notes that the employee had already served a suspension for misusing a government database and was currently "in a leadership position at the time of this offense."

Smart phones, dumb people

Smartphones have created a new series of opportunities for humans to do stupid things involving naked bodies and cameras, and FBI employees are not immune to the siren song of sexting.

"Employee e-mailed nude photograph of herself to ex-boyfriend's wife," says the report on one of the oddest incidents. "Ex-boyfriend and wife reported the incident to the local police. Employee failed to cease contact with ex-boyfriend and wife after twice being ordered to do so by supervisor and Chief Security Officer." The sexting employee was "suffering from depression related to break-up" and was suspended for 10 days.

Another employee used a personal cell phone "to send nude photographs of self to several other employees. In aggravation, Employee's conduct created office gossip and negatively impacted office operations." Indeed, the pictures were enough to affect "the daily activities of several squads."

Finally, one employee used a government BlackBerry to send sexually explicit messages to another employee and did so repeatedly, intentionally, and "during work hours."
http://arstechnica.com/tech-policy/2...mmit-them-too/





Logging Off to Trace a Web Photo to Its Source
David Carr

When photographs of spontaneous events miraculously appear on the Web, it generally prompts two responses: wonder and skepticism.

So it was with an image of exploding manhole covers in Omaha that took over the Web last month. On Sunday, Jan. 27, an underground fire cut power in half of downtown. A vivid photograph of unknown provenance, showing fire shooting out of manholes on a city street, began popping up on Reddit, where it had 1.5 million views, and Gawker.

The photo — an indifferently composed shot of an event that looks very far away — would not win any Pulitzers, but something incredible seems to be under way at the precise moment it was taken. You can almost hear the sequential explosions emanating below the street: boom, boom, boom as flames appear to shoot up from hell itself.

In this age of Photoshop, it wasn’t long before the debates cropped up, on the Web and in Omaha, about the picture’s authenticity.

Matthew Hansen, a columnist at The Omaha World-Herald, wondered the same thing, and one night found himself in a bar engaged in the real-versus-fake debate. Like many photos on the Web, this one came from everywhere — forwarded, tweeted and blogged — and nowhere — there was no name on the image nor any text to indicate its origin.

Mr. Hansen, intrepid journalist that he is, solved the mystery and wrote a column about it. The photo was real, it turned out, but not in the way people thought. (More on that later.) So, did Mr. Hansen use deep photo analytics or examine metadata to peel back the truth?

Nope. There was a notebook involved, a lawyer, some phone calls, a cursory digital investigation and some street reporting, which included an interview with a man with no pants.

Shoe leather never looked or smelled so good.

Mr. Hansen’s first step in solving what he called the “Great Omaha Manhole Fire Photo of 2013” was to determine from the angle of the photo that it could have been taken from only one apartment building — called the Kensington Tower. He then used an architectural detail to conclude that it was shot from the top floor, on the west side.

He managed to gain entry to the building — that is, he sneaked in — and made his way to the top floor, where he began knocking on doors.

Mr. Hansen found a man named Kenneth who would not let Mr. Hansen in because he was indisposed — he became “Pantsless Kenneth” in the column — but said that he knew the photo in question and thought his neighbor had taken it.

But the neighbor wasn’t home, so Mr. Hansen stuck his business card in the door jamb and left.

When he returned to the office, Mr. Hansen jumped onto Reddit, found the person who had originally posted the photo there and through him found the person, Gwendolyn Olney, who had posted the photo on her Facebook page, the source for the Reddit posting.

Ms. Olney happened to be the associate counsel for The World-Herald. “Omaha is indeed a small town,” Mr. Hansen wrote in his column. He began to follow the pixilated bread crumbs.

“Gwen didn’t take the photo,” he added. “She got it from Rebecca, who didn’t take the photo. She got it from Brandon, who didn’t take the photo. They led me to Gwen’s friend Andrea, who didn’t take the photo, who led me to ... well, she couldn’t remember who she had gotten the photo from.”

Reading the column, you could almost hear his sigh when he wrote, “Dead end.”

Then his phone rang. “I took that photo,” the voice said.

The caller was Stephanie Sands, a graduate student at the University of Nebraska at Omaha. She said that the day after she took the photo, which she had no idea had become a sensation, she learned from her friends that a reporter was asking about it.

“I was impressed that he had sneaked upstairs and put a card in my door, so I called him,” she said in an interview by phone.

Ms. Sands agreed to meet Mr. Hansen and told him that she had heard the explosion and took two photos with her phone. She sent one to friends and thought nothing more of it.

“I was actually disappointed in how it turned out,” she told me. “Because I was shooting at a distance with an iPhone, it didn’t really capture the severity of what I saw and heard.”

She told Mr. Hansen that while the bright spout of light in the foreground was indeed flames shooting from under the street, the rest of the lights, neatly aligned in a row, were actually reflections of streetlamps on the rain-dappled pavement — not fiery, exploding manholes.

So the photo was real. The context assigned to it was not.

“When people suggested that I Photoshopped the photo, my first thought was, ‘Why would I do that? What for?’ ” she said. “And of course, people want photos to go viral, so they will do things to make that happen.”

Let’s stipulate that Mr. Hansen’s investigative reporting into the “Great Omaha Manhole Fire Photo of 2013” is not a scoop for the ages.

But at a time when almost everyone is beyond caring what is real or fake onscreen, knowing that, in this case, someone who is paid to get to the bottom of things did just that is somewhat comforting.

And it’s a useful reminder that even though daily newspapers are a threatened species, they continue to have value in the informational narrative. In The World-Herald, you have a newspaper backed by some fairly solid finances — someone named Warren Buffett — that is actually hiring reporters while other newspapers are laying them off. A good yarn about a photo and a guy with no pants may not change the economics of the industry, but it proves that having reporting boots on the ground still has value.

“It was an old-fashioned journey to answer a newfangled question,” Mr. Hansen said in a phone call.

“I can remember reading a profile that Calvin Trillin wrote about Edna Buchanan, the great crime writer, a long time ago, and when someone would tell her something, she would say, ‘That is interesting as heck.’ That photo fired my curiosity. It was interesting.”

Besides, he said, he got another column out of it. While talking to the man with no pants, Mr. Hansen found out that he was an accomplished restorer of rare art, which is good fodder for another piece. “I figure I owe him that because I christened him ‘Pantsless Kenneth’ in the column I already wrote,” Mr. Hansen said.

All of which serves as a reminder to reporters — and those who read their work — that if journalists take their eyes off the screen, leave their cubicle and actually go out and talk with people, they might discover something that is interesting as heck.
https://www.nytimes.com/2013/02/18/b...ome-clues.html





White House Announces New US Open Access Policy
Richard Van Noorden

In a long-awaited leap forward for open access, the US government said today that publications from taxpayer-funded research should be made free to read after a year’s delay – expanding a policy which until now has only applied to biomedical science.

In a memo, John Holdren, the director of the White House’s Office of Science and Technology Policy (OSTP), told federal agencies to prepare plans to make their research results free to read within 12 months after publication.

“The Obama Administration is committed to the proposition that citizens deserve easy access to the results of scientific research their tax dollars have paid for,” the memo says. The OSTP also tells agencies to maximise public access to non-classified scientific data from research they fund.

The policy applies to all federal agencies that spend more than $100 million on research and development, and is likely to double the number of articles made public each year. The US National Institutes of Health has since 2008 required research to be publicly accessible after 12 months. ”This new policy call does not insist that every agency copy the NIH approach exactly, [but] it does ensure that similar policies will appear across government,” Holdren wrote today in a separate response to a petition that had been launched in May 2012, urging the president to require free access to scientific journal articles from publicly-funded research. (That has gathered some 64,000 signatures.)

The policy has been a long time in preparation, both at the OSTP and at federal agencies. The OSTP had already asked for public views on the subject twice, in 2009 and again in 2011. It had been charged with improving public access to research under a re-authorization of the America COMPETES Act, in December 2010. Meanwhile, both the National Science Foundation (NSF) and the Department of Energy (DOE) have been talking to researchers and publishers over the last 18 months about new public access and data management policies, says Fred Dylla, the executive director of the American Institute of Physics, a publisher based in College Park, Maryland.

Federal agencies have been told to provide OSTP with their draft policies in six months’ time. They are allowed some flexibility, with the 12-month embargo only a “guideline” – suggesting that different embargo periods might apply in different disciplines. That is a key concern for publishers, who also want to know whether federal agencies will set up repositories of their funded work, rather like the NIH’s PubMed Central (PMC). Martin Frank, executive director at the American Physiological Society, argues that PMC has pulled viewers away from accessing articles on publisher sites, for example.

The White House statement comes a week after a bill, FASTR (‘Fair Access to Science and Technology Research’) , was introduced into the US Congress which would require public access to papers just six months after publication.

Whatever the fate of that legislation, it is now clear that US public-access policy is taking a different direction to that in the UK, where government-funded science agencies want authors to pay publishers up-front to make their work free to read immediately. This immediate open-access policy involves extra money taken from science budgets to pay publishers. The NSF’s director Subra Suresh explained to Nature that he could not justify taking money out of basic research to pay for open access at a time when demand for the agency’s funding was high.

With both the US and Europe supporting delayed-access to publications, the UK government looks increasingly isolated in its preference for immediate open access. That policy is due to come in from 1 April, but the details are not yet clear. Communication around the policy was yesterday criticized as “unacceptable” by a House of Lords inquiry.
http://blogs.nature.com/news/2013/02...ss-policy.html





Petition to Make Unlocking Phones Legal Again Passes 100,000 Signatures; White House Now Required to Respond
Emil Protalinski

A White House petition to make unlocking cell phones legal again has passed the 100,000 signature mark. Passing the milestone means the US government has to issue an official response.

There were also at least two pushes that made this possible. On Tuesday, the most popular Anonymous account on Twitter, YourAnonNews with over 900,000 followers, pointed out that there were only five days left to sign the petition. At that point, just under 20,000 signatures were needed. On Wednesday, a second push came from Reddit, at a point where there were just under 10,000 signatures needed.

It’s early Thursday morning now, and the petition has managed to get the 20,000 signatures it needed in just two days. The first 80,000 signatures took 26 days. Either way, the six figure mark has now been broken:

Back in late January, a new US federal policy stating certain mobile phones could not be unlocked legally went into effect. Citizens doing so would be in violation of the Digital Millenium Copyright Act (DMCA).

The US Copyright Office says only owners of the software, which in almost all cases means the companies that make mobile operating systems like Apple, Google, and Microsoft, can unlock handsets. Many consumers disagree as they believe once they buy a phone they should be able to do whatever they want with the device, including unlocking it in order to switch carriers.

A petition was quickly launched in response. One of the reasons the petition only met its goal now is due to a change by the Obama administration, which recently raised the number of signatures needed to elicit a response from the White House from 25,000 to 100,000.

Although this was mainly done to cut down on the number of “joke” petitions (see Death Star example), it has also had the effect of seriously cutting down on the spirits of those pushing to address serious issues. In the last few days, however, we’ve seen a huge acceleration in signatures as Americans realized the final 100,000 mark was achievable.

It was a close call, as the petition would have expired two days from now on Saturday.

For reference, here’s the petition’s full description:

The Librarian of Congress decided in October 2012 that unlocking of cell phones would be removed from the exceptions to the DMCA. As of January 26, consumers will no longer be able unlock their phones for use on a different network without carrier permission, even after their contract has expired.

Consumers will be forced to pay exorbitant roaming fees to make calls while traveling abroad. It reduces consumer choice, and decreases the resale value of devices that consumers have paid for in full. The Librarian noted that carriers are offering more unlocked phones at present, but the great majority of phones sold are still locked.

We ask that the White House ask the Librarian of Congress to rescind this decision, and failing that, champion a bill that makes unlocking permanently legal.


Hopefully the Obama administration will give a response worthy of 100,000 signatures.

Update at 3:00PM EST: Sina Khanifar, the man who started the petition, wants to continue the fight against the DMCA. If you want to help, sign up at FixTheDMCA.org.
http://thenextweb.com/insider/2013/0...ed-to-respond/





FCC Moves to Boost Wireless Speeds, Avoid Congestion

FCC looks to open more 5GHz spectrum but opposition is sure to surface.
Michael Cooney

The Federal Communications Commission said it wants to make up to 195 megahertz of additional spectrum in the 5 GHz band available to unlicensed wireless devices with the idea that such a move would enable Wi-Fi equipment that can offer faster speeds of one gigabit per second or more, increase overall capacity, and reduce congestion.

"Unlicensed National Information Infrastructure devices today operate in 555 megahertz of spectrum in the 5 GHz band, and are used for short range, high speed wireless connections including Wi-Fi enabled local area networks and fixed outdoor broadband transceivers used by wireless Internet service providers to connect smart phones, tablets and laptops to the broadband network," the FCC stated.

The FCC proposal needs to go through a public comment period and is by no means a slam dunk as the military, the US Department of Homeland Security and others already parts of that spectrum and have expressed concern about sharing it with commercial applications.

"Wi-Fi congestion is a very real and growing problem. Like licensed spectrum, demand for unlicensed spectrum threatens to outpace supply. The core challenge is the dramatically increased use of wireless devices, which require spectrum," said FCC Chairman Julius Genachowski said at the agency's monthly meeting in Washington. "This additional spectrum will increase speeds and alleviate Wi-Fi congestion at major hubs, such as airports, convention centers and large conference gatherings. In addition, this would also increase speed and capacity for Wi-Fi in the home where multiple users and devices are often on the network at the same time. Because the 5GHz band is already used for other purposes by both federal and non-federal users, the effort will require significant consultation with stakeholders to enable non-interfering shared use of the spectrum. But consultation can't be an excuse for inaction or delay."

Interestingly deflecting such battles is the idea behind a new program researchers at Defense Advanced Research Projects Agency (DARPA) will detail this month. DARPA's Shared Spectrum Access for Radar and Communications (SSPARC) program has a goal of boosting radar and communications capabilities for military and commercial users by creating technical ways to enable spectrum sharing.

SSPARC looks to support two beyond state of the art types of spectrum sharing: Military radars sharing spectrum with military communications networks, and military radars sharing spectrum with commercial communications networks, DARPA stated.

"Balancing national security requirements of radars and military networks with the growing bandwidth demands of commercial wireless data networks calls for innovative approaches to managing spectrum access," DARPA stated.

DARPA went on to say that the challenge of spectrum access is especially acute in the frequencies between 2-4 GHz, which are highly desirable for military systems and commercial networks. SSPARC will focus on technologies to share spectrum at these frequencies. Technologies developed in the program could be applicable at other frequencies as well.

In related news, the FCC approved a new regulation letting companies or consumers use approved and licensed signal boosters to amplify signals between wireless devices. Signal boosters, thousands of which are already in use, not only help consumers improve coverage where signal strength is weak, but they also aid public safety first responders by extending wireless access in hard-to serve areas such as tunnels, subways, and garages, the FCC stated.

"Most of the procedural and technical rules we adopt for consumer signal boosters are based on a Consolidated Proposal, agreed to by several signal booster manufacturers, the four nationwide wireless service providers, and over 90 small, rural, wireless service providers. They are designed to facilitate the development of safe, economical signal boosters, reduce consumer confusion, and encourage innovation in the booster market," said FCC's Mignon Clyburn. "We also adopt different, but sensible rules for Industrial Signal Boosters. These devices are typically designed, to serve multiple users simultaneously, and cover larger areas such as stadiums, airports, office buildings, and hospitals. They are high powered and may use a greater number of antennas, amplifiers, and other components. Given the characteristics of industrial boosters, this order reasonably requires greater coordination by the installer with the wireless service provider."
https://www.networkworld.com/community/node/82399





For $19, an Unlimited Phone Plan, Some Flaws
Walt Mossberg

A typical smartphone costs around $200, but it’s usually shackled to a two-year contract that often costs $70 or more monthly and includes limits on data consumption, voice minutes and texts. Even prepaid smartphones, without a contract, can cost $30 to $50 a month and carry limits.

But I’ve been testing an Android smartphone from an upstart carrier that charges just $19 a month for unlimited data, voice and texts — with no contract. That’s right: $19 a month, unlimited.

This carrier is called Republic Wireless, a private firm in Raleigh, N.C., which launched its service in December. The sole phone that works with the company’s technology is a Motorola model, the Defy XT. The phone costs $249 — partly to help offset the low monthly price.

However, as of Tuesday, the company is offering a second pricing option for people who would rather pay less up front: $99 for the phone and then $29 a month, unlimited. That’s still a bargain service price. The phone and two service plans are only available online, at republicwireless.com. The company offers a 30-day money-back guarantee. And to sweeten the deal, Republic says Motorola will be offering customers a $50 credit at the Google Play online store, where Android owners can buy apps and content.

So what’s the catch? Well, Republic is using an unusual technology approach that’s smart and may even represent the future. But today, it doesn’t deliver the best voice quality and it requires a specially equipped phone. The sole phone that works with the system now is mediocre.

Republic is mostly able to offer such low monthly prices because it’s a Wi-Fi-centric carrier. That means whenever you make a voice call while the phone is connected to a Wi-Fi network, your Republic phone places it over Wi-Fi rather than using a costlier cellular phone network. The same is true of texts.

You aren’t limited to Wi-Fi calling and texting — the phone can make calls, send texts and connect to the Internet over Sprint’s cellular network, at no extra charge. But Republic believes so many people connect their phones to Wi-Fi so often that most calls and other activity will be conducted over Wi-Fi, saving the company money on payments it makes to Sprint. And it says it has developed a system that properly places 911 calls over Wi-Fi, which has often been a problem.

Wi-Fi phone calls aren’t new, or unique to Republic. You can easily install an app on your iPhone or Android phone that will place calls over the Internet via Wi-Fi, just like Republic. But these apps generally require you to use a separate dialer and have a separate phone number.

Republic’s phone is what it calls a “hybrid” device — the main dialer and text-messaging modules have been configured to work on either Wi-Fi or the cellular network, without the need to launch an app. The phone defaults to Wi-Fi but will place the call over Sprint if it decides the Wi-Fi connection isn’t good enough, or if you manually choose cellular.

In my tests, conducted in and around Washington, D.C.; Los Angeles and Silicon Valley, call quality was adequate, text service worked normally, and Web browsing and apps mostly worked okay, at my home, office and public Wi-Fi hot spots in airports and coffee shops. But there were definite downsides.

First is the phone itself. The Defy XT is a chunky device with a lower-resolution screen than any current iPhone or leading Android model. It comes with only about 2.5 gigabytes of usable storage, compared with a more typical 16GB on other phones, though you can expand the storage by buying a larger memory card. It has a relatively small 3.7-inch display. And when it isn’t on Wi-Fi, it can only use an older-type, slow, 3G network. Plus, it runs a clunky, old version of Android called Gingerbread that was released two years ago.

Republic says it plans to roll out several better phones running current versions of Android and much faster networks, including the best — 4G LTE — starting in late summer.

Second, there’s no seamless handoff between Wi-Fi calls and cellular calls. If you leave a Wi-Fi coverage area, the call drops, and, after a brief but annoying delay, the phone will redial the call over Sprint. Republic says it plans to roll out a feature this summer that will cut the handoff to seconds and make it nearly seamless.

Third is call quality. Wi-Fi calls have come a long way and in my tests, most were adequate, meaning the other person on the call and I could understand each other. But many of my calls had some slight echo effect or occasional clipped words, despite a recent software update intended to fix the problem. There was a noticeable improvement when I made the call on the same phone over Sprint.

The phone even displays a button during calls, called informally “the escape hatch,” which allows you to kill the Wi-Fi call and force the phone to redial the other person over Sprint for no added charge. But in general, I found the Wi-Fi calling acceptable, if not pristine, as long as I wasn’t walking too far away from the Wi-Fi hot spot.

Finally, there’s almost no company-provided customer service. Republic relies on online forums of avid customers — its “community” — to provide help to users with problems. You can get help from an employee through these forums, but that’s not typical.

If you can live with these limitations, Republic Wireless can save you a lot of money.
http://allthingsd.com/20130219/for-1...an-some-flaws/

















Until next week,

- js.



















Current Week In Review





Recent WiRs -

February 16th, February 9th, February 2nd, January 26th

Jack Spratts' Week In Review is published every Friday. Submit letters, articles, press releases, comments, questions etc. in plain text English to jackspratts (at) lycos (dot) com. Submission deadlines are Thursdays @ 1400 UTC. Please include contact info. The right to publish all remarks is reserved.


"The First Amendment rests on the assumption that the widest possible dissemination of information from diverse and antagonistic sources is essential to the welfare of the public."
- Hugo Black
JackSpratts is offline   Reply With Quote
Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Peer-To-Peer News - The Week In Review - July 16th, '11 JackSpratts Peer to Peer 0 13-07-11 06:43 AM
Peer-To-Peer News - The Week In Review - July 9th, '11 JackSpratts Peer to Peer 0 06-07-11 05:36 AM
Peer-To-Peer News - The Week In Review - January 30th, '10 JackSpratts Peer to Peer 0 27-01-10 07:49 AM
Peer-To-Peer News - The Week In Review - January 16th, '10 JackSpratts Peer to Peer 0 13-01-10 09:02 AM
Peer-To-Peer News - The Week In Review - December 5th, '09 JackSpratts Peer to Peer 0 02-12-09 08:32 AM






All times are GMT -6. The time now is 04:09 AM.


Powered by vBulletin® Version 3.6.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© www.p2p-zone.com - Napsterites - 2000 - 2024 (Contact grm1@iinet.net.au for all admin enquiries)