After developing a reputation for being some of the most prolific online pirates around, last year Australian citizens were told by the government that enough is enough.
Since years of negotiations between ISPs and entertainment companies had gone nowhere, service providers were told to propose voluntary measures to deter and educate pirating subscribers or have one forced upon them by law.
With a deadline looming, telecoms body the Communications Alliance has now published its draft proposal on behalf of its ISP members. Titled “Copyright Notice Scheme Industry Code”, the 34-page document hopes to pacify rightsholders and their allies in government by outlining a graduated response mechanism to deal with file-sharers.
“The Copyright Notice Scheme Code is designed to facilitate a cooperative industry-led copyright notice scheme through which
Internet Service Providers and the owners of copyright works will work to deter the practice of online copyright infringement and inform consumers about available and lawful content alternatives,” the draft begins.“The Code provides for the creation of a copyright notice scheme under which ISPs will accept reports (in a prescribed format) from Rights Holders. The reports will identify Internet Protocol addresses that a Rights Holder alleges have been used to infringe copyright in online work of the Rights Holder. The reports will request that the relevant ISP notify the relevant Account Holders of the alleged infringements.”
Month: February 2015
Eric Holder Says Putting Reporter James Risen Through Hell Is A Good ‘Example’ Of DOJ Process For Leak Investigations
Attorney General Holder raised some eyebrows earlier this week when answering a question about his Justice Department’s notorious crackdown on leaks, and by extension the press, most notably saying this about its notorious pursuit of New York Times reporter James Risen, while claiming the DOJ did nothing wrong:
If you look at the last case involving Mr. Risen, the way in which that case was handled after the new policies were put in place [is] an example of how the Justice Department can proceed.
The District Sentinel aptly took apart most of Holder’s comments, and they also provoked a stinging rebuke from Risen himself last night on Twitter. However, I think the facts of Risen’s case deserve a closer look to see just how unbelievable Holder’s statement is.
Let’s recap: since the very start of the Obama administration (read: for SIX years), the Justice Department was trying to subpoena James Risen. It fought for him to testify at a grand jury of CIA officer Jeffrey Sterling, which he refused to do, and when they were rejected by the court, it fought to have him testify in Sterling’s trial. They fought Risen on this all the way up to the Supreme Court.
Also, keep in mind, while the “new” media/leak guidelines that Holder bragged about are certainly a step forward, the old guidelines that applied to Risen’s case should have protected him just the same from the start—if they were actually enforced. He doesn’t get to pretend the preceding five and a half years didn’t happen just because he stregthened the Justice Department’s rules after public protest.
The case cost Risen and his publisher an untold fortune in legal fees, dominated his life, took away from time he could’ve spent reporting, and likely cost the taxpayers millions of dollars.
Along the way, we found out that the government had spied on virtually every aspect of James Risen’s digital life from phone calls, to emails, to credit card statements, bank records and more. (By the way, we still have no idea how they got this information. That’s secret.)
The Justice Department argued in court that not only was there no reporter’s privilege whatsoever — either embedded in the First Amendment or in Fourth Circuit common law — but also that journalists protecting sources was analogous to protecting drug dealers from prosecution.
FBI Flouts Obama Directive to Limit Gag Orders on National Security Letters
Despite the post-Snowden spotlight on mass surveillance, the intelligence community’s easiest end-run around the Fourth Amendment since 2001 has been something called a National Security Letter.
FBI agents can demand that an Internet service provider, telephone company or financial institution turn over its records on any number of people — without any judicial review whatsoever — simply by writing a letter that says the information is needed for national security purposes. The FBI at one point was cranking out over 50,000 such letters a year; by the latest count, it still issues about 60 a day.
The letters look like this:
Recipients are legally required to comply — but it doesn’t stop there. They also aren’t allowed to mention the order to anyone, least of all the person whose data is being searched. Ever. That’s because National Security Letters almost always come with eternal gag orders. Here’s that part:
That means the NSL process utterly disregards the First Amendment as well.
More than a year ago, President Obama announced that he was ordering the Justice Department to terminate gag orders “within a fixed time unless the government demonstrates a real need for further secrecy.”
And on Feb. 3, when the Office of the Director of National Intelligence announced a handful of baby steps resulting from its “comprehensive effort to examine and enhance [its] privacy and civil liberty protections” one of the most concrete was — finally — to cap the gag orders:
In response to the President’s new direction, the FBI will now presumptively terminate National Security Letter nondisclosure orders at the earlier of three years after the opening of a fully predicated investigation or the investigation’s close.
Continued nondisclosures orders beyond this period are permitted only if a Special Agent in Charge or a Deputy Assistant Director determines that the statutory standards for nondisclosure continue to be satisfied and that the case agent has justified, in writing, why continued nondisclosure is appropriate.
Despite the use of the word “now” in that first sentence, however, the FBI has yet to do any such thing. It has not announced any such change, nor explained how it will implement it, or when.
AT&T Patents “Fast Lane” For File-Sharing Traffic
Despite the growing availability of legal services, unauthorized file-sharing continues to generate thousands of petabytes of traffic each month.
This massive network use has caused concern among many Internet providers over the years, some of which decided to throttle BitTorrent transfers. Interestingly, AT&T believes the problem can also be dealt with in a more positive way.
A new patent awarded to the Intellectual Property division of the Texas-based ISP describes a ‘fast lane’ for BitTorrent and other P2P traffic.
Titled “System and Method to Guide Active Participation in Peer-to-Peer Systems with Passive Monitoring Environment,” one of the patent’s main goals is to speed up P2P transfers while reducing network costs.
While acknowledging the benefits of file-sharing networks, the ISP notes that they can take up a lot of resources.
“P2P networks can be useful for sharing content files containing audio, video, or other data in digital format. It is estimated that P2P file sharing, such as BitTorrent, represents greater than 20% of all broadband traffic on the Internet,” AT&T writes.
To limit the impact on its network resources, AT&T proposes several technologies to serve content locally. This can be done by prioritizing local traffic and caching files from its own servers.
“The local peer server may provide the content to peers within the same subnet more efficiently than can a peer in another subnet,” the patent reads.
“As such, providing the content on the local peer server can reduce network usage and decrease the time required for the peer to download the content.”
If You Care About The Environment In Canada, You May Be Targeted As An ‘Anti-Petroleum Extremist’
The legislation identifies “activity that undermines the security of Canada” as anything that interferes with the economic or financial stability of Canada or with the country’s critical infrastructure, though it excludes lawful protest or dissent. And it allows the Canadian Security and Intelligence Service to take measures to reduce what it perceives to be threats to the security of Canada.
Clearly, that’s an incredibly broad definition, and would apply to just about any environmental or social movement — especially since even the most peaceful protests are often considered “illegal.” That, in its turn would allow Canada’s security agencies to collect information on these groups, and “disrupt” them. What’s also troubling about the leaked RCMP “intelligence assessment” that forms the source for the Globe and Mail story is the very clear political position it seems to be taking on fossil fuels and climate change:
The report extolls the value of the oil and gas sector to the Canadian economy, and adds that many environmentalists “claim” that climate change is the most serious global environmental threat, and “claim” it is a direct consequence of human activity and is “reportedly” linked to the use of fossil fuels.
Hello Barbie: Hang on, this Wi-Fi doll records your child’s voice?
Toymaker Mattel has unveiled a high-tech Barbie that will listen to your child, record its words, send them over the internet for processing, and talk back to your kid. It will email you, as a parent, highlights of your youngster’s conversations with the toy.
If Samsung’s spying smart TVs creeped you out, this doll may be setting off alarm bells too – so we drilled into what’s going on.
The Hello Barbie doll is developed by San Francisco startup ToyTalk, which says it has more than $31m in funding from Greylock Partners, Charles River Ventures, Khosla Ventures, True Ventures and First Round Capital, and others.
Its Wi-Fi-connected Barbie toy has a microphone, a speaker, a small embedded computer with a battery that lasts about an hour, and Wi-Fi hardware. When you press a button on her belt buckle, Barbie wakes up, asks a question, and turns on its microphone while the switch is held down.
The child’s replies are recorded, encoded, and sent in an encrypted form to ToyTalk’s servers, CEO Oren Jacob explained to The Register. The audio is processed by voice-recognition software, allowing ToyTalk’s systems to figure out what was said and how best to reply.
The doll is loaded up with scripts to read, and one of these is selected depending on what the kid said. If the tyke shows an interest in a particular past-time or thing, the doll’s backend software will know to talk about that – giving the kid the impression that chatty Barbie’s a good, listening friend.
Crucially, the recorded audio of children’s voices (and whatever else happens to be going on around them when they push the buckle button) is kept on ToyTalk’s computers. This material is supposed to help Mattel and ToyTalk improve Barb’s scripted replies. It’s also good test data for developing the voice-recognition code.
IRS Encourages Poor Cryptography
I’m not sure what to make of this, or even what it means. The IRS has a standard called IDES: International Data Exchange Service: “The International Data Exchange Service (IDES) is an electronic delivery point where Financial Institutions (FI) and Host Country Tax Authorities (HCTA) can transmit and exchange FATCA data with the United States.” It’s like IRS data submission, but for other governments and foreign banks.
Buried in one of the documents are the rules for encryption:
While performing AES encryption, there are several settings and options depending on the tool used to perform encryption. IRS recommended settings should be used to maintain compatibility:
- Cipher Mode: ECB (Electronic Code Book).
- Salt: No salt value
- Initialization Vector: No Initialization Vector (IV). If an IV is present, set to all zeros to avoid affecting the encryption.
- Key Size: 256 bits / 32 bytes Key size should be verified and moving the key across operating systems can affect the key size.
- Encoding: There can be no special encoding. The file will contain only the raw encrypted bytes.
- Padding: PKCS#7 or PKCS#5.
ECB? Are they serious?
Tumblr Censors “Torrent” Related Tags and Searches
It appears that piracy is becoming a growing concern for micro-blogging platform Tumblr.
Earlier this week users panicked following an increase in takedown notices, which resulted in the termination of several blogs.
While this uproar was rather public, there are also better concealed changes that seem to target pirated content. Tumblr’s decision to hide posts mentioning the word “torrent” for example.
Those who search the site for “torrent” related queries will notice that there are no results displayed, even though there are plenty of posts mentioning the word. The same is true for posts tagged with “torrent.”
Tumblr is hiding the results in question from both public and logged in users but the latter can make the posts show up if they switch off the “safe mode” lock on the right hand side of the screen.
Tumblr’s “safe mode” was turned on by default over a year ago to hide offensive “adult oriented” content from the public view. The same filter also blocks words such as “penis” for the same reason.
THE GREAT SIM HEIST HOW SPIES STOLE THE KEYS TO THE ENCRYPTION CASTLE
AMERICAN AND BRITISH spies hacked into the internal computer network of the largest manufacturer of SIM cards in the world, stealing encryption keys used to protect the privacy of cellphone communications across the globe, according to top-secret documents provided to The Intercept by National Security Agency whistleblower Edward Snowden.
The hack was perpetrated by a joint unit consisting of operatives from the NSA and its British counterpart Government Communications Headquarters, or GCHQ. The breach, detailed in a secret 2010 GCHQ document, gave the surveillance agencies the potential to secretly monitor a large portion of the world’s cellular communications, including both voice and data.
The company targeted by the intelligence agencies, Gemalto, is a multinational firm incorporated in the Netherlands that makes the chips used in mobile phones and next-generation credit cards. Among its clients are AT&T, T-Mobile, Verizon, Sprint and some 450 wireless network providers around the world. The company operates in 85 countries and has more than 40 manufacturing facilities. One of its three global headquarters is in Austin, Texas and it has a large factory in Pennsylvania.
In all, Gemalto produces some 2 billion SIM cards a year. Its motto is “Security to be Free.”
With these stolen encryption keys, intelligence agencies can monitor mobile communications without seeking or receiving approval from telecom companies and foreign governments. Possessing the keys also sidesteps the need to get a warrant or a wiretap, while leaving no trace on the wireless provider’s network that the communications were intercepted. Bulk key theft additionally enables the intelligence agencies to unlock any previously encrypted communications they had already intercepted, but did not yet have the ability to decrypt.
Rightscorp is hit with another TCPA lawsuit
This week Rightscorp, which has been hopelessly struggling to save its floor-hitting stock from being delisted from NASDAQ, was hit with yet another lawsuit, this time in Georgia (Melissa Brown and Ben Jenkins v. Righscorp, Inc. et al, GAMD 15-cv-00012).
The complaint is short and concentrates on a single deliberate violation of the Telephone Consumer Protection Act — harassing robocalling and messaging without the recipients’ consent. This is not a class action, and the plaintiffs seek an award of trebled statutory damages ($1,500 per each call). Depending on how many violations the court will find actionable, it may result in a hefty sum. In any case, if the plaintiffs prevail (which is most likely going to happen), this precedent has a potential of opening a floodgate of similar actions: in its latest press release (1/22/2015) the troll claimed that it “closed over 170,000” cases of copyright infringement.” How many of these “closures” are the result of unlawful telephone harassment? Just imagine if every robocall recipient decides that he/she wants a small piece of the Rightscorp’s flesh!
The plaintiffs are represented by Sergei Lemberg.