Michael Geist
September 22, 2011

Lawful access, the government's planned legislation on Internet surveillance, has generated considerable attention over the past few days as the government decided against including it in its first omnibus crime bill. That decision generated media coverage, claims that the government backed down in the face of a 70,000 signature online petition, and a debate in the House of Commons in which Public Safety Minister Vic Toews stated that warrantless online wiretapping is not planned. While I recognize these developments feel like a cause for celebration, I fear there is a major problem developing as too much of this discussion doesn't actually involve the real lawful access.

First, the omission of lawful access from Bill C-10 does not mean lawful access is dead or defeated. It is only delayed as Justice officials have indicated that the government is "committed to reintroducing" the lawful access measures. In fact, yesterday Toews confirmed again "the legislation will come." The exclusion from the omnibus crime bill is definitely a step in the right direction - it should allow for the committee hearings that have never happened despite several attempts to pass lawful access - but lawful access will still be introduced and presumably passed at some point in the future.

Second, the debate has unfortunately veered into concerns over lawful access that don't reflect reality.

Much like the fears earlier this year over criminalization of linking, Canadians would be better served fighting the real provisions in lawful access. The most recent headlines involve the current claims over warrantless online wiretapping. Open Media, who released several well-produced lawful access videos, unfortunately perpetuate these concerns by focusing on the issue. The NDP, which has been outspoken on lawful access, is now also focusing on warrantless online wiretapping. In yesterday's debate, NDP MP Charmaine Borg stated:

Mr. Speaker, in the last Parliament, the NDP fought to stop the Conservatives from passing legislation allowing police officers to spy on citizens on the Internet without a warrant. Since this measure is not included in the omnibus crime bill, it is a victory for the NDP and all Canadians. Can the government confirm that it will, once and for all, heed the experts and the vast majority of the population, who are opposed to surveillance without a warrant?

Immediately afterward, NDP MP Pierre-Luc Dusseault asked:

Mr. Speaker, even former Minister of Public Safety Stockwell Day was opposed to electronic surveillance without a warrant. Can the minister confirm that his government is admitting that this surveillance initiative, an even greater intrusion into the lives of Canadians, has been abandoned? Can he guarantee today that it has been abandoned once and for all?

The problem with this line of attack is that lawful access doesn't envision warrantless online wiretapping, making this fight the equivalent of a political softball. Advocates rail against warrantless online wiretapping and Toews effortlessly swats away the concerns by assuring everyone that the government has no plans to introduce such measures.

If prior lawful access bills are any indication, Toews is right. Lawful access won't include warrantless online wiretapping, at least in the conventional sense. But to give the government a pass on those grounds is to overlook the real dangers that will be in the bill. If the Conservatives move forward with their complete lawful access package, it would feature a three-pronged approach focused on information disclosure, mandated surveillance technologies, and new police powers.

The first prong will mandate the disclosure of Internet provider customer information without court oversight. Under current privacy laws, providers may voluntarily disclose customer information but are not required to do so. The new system would require the disclosure of customer name, address, phone number, email address, Internet protocol address, and a series of device identification numbers. While some of that information may seem relatively harmless, the ability to link it with other data will often open the door to a detailed profile about an identifiable person.  Given its potential sensitivity, the decision to require disclosure without any oversight should raise concerns within the Canadian privacy community. It should be noted that this issue - mandated access to customer personal information without a warrant - was what Stockwell Day pledged not to do. Day took an important stand on the issue and it is crucial to call the government on it.

The second prong will require Internet providers to dramatically re-work their networks to allow for real-time surveillance. The bill is likely to set out detailed capability requirements that will eventually apply to all Canadian Internet providers. These include the power to intercept communications, to isolate the communications to a particular individual, and to engage in multiple simultaneous interceptions.

Moreover, based on the prior bill, it will establish a comprehensive regulatory structure for Internet providers that would mandate their assistance with testing their surveillance capabilities and disclosing the names of all employees who may be involved in interceptions (and who may then be subject to RCMP background checks). The bill will also likely establish numerous reporting requirements including mandating that all Internet providers disclose their technical surveillance capabilities within six months of the law taking effect.  Follow-up reports will also  be required when providers acquire new technical capabilities.

The requirements could have a significant impact on many smaller and independent Internet providers. Although the bill may grant them a three-year implementation delay, the technical capabilities extend far beyond most of their commercial needs. Indeed, after years of concern over the privacy impact associated with deep-packet inspection of Internet traffic (costly technologies that examine Internet communications in real time), these bills may require all Internet providers to install such capabilities.

Having obtained customer information without court oversight and mandated Internet surveillance capabilities, the third prong will create a several new police powers designed to obtain access to the surveillance data.  These include new transmission data warrants that would grant real-time access to all the information generated during the creation, transmission or reception of a communication including the type, direction, time, duration, origin, destination or termination of the communication.

Law enforcement could then obtain a preservation order to require providers to preserve subscriber information, including specific communication information, for 90 days.  Finally, having obtained and preserved the data, production orders can be used to require the disclosure of specified communications or transmission data.

While Internet providers would actively work with law enforcement in collecting and disclosing the subscriber information, they could also be prohibited from disclosing the disclosures as court may bar them from informing subscribers that they have been subject to surveillance or information disclosures.

Lawful access raises genuine privacy and free speech concerns, particularly given the fact that the government has never provided adequate evidence on the need for it, it has never been subject to committee review, and it would cost millions to implement yet there has been no disclosure on who would actually pay for it. Given these problems, it is not surprising that every privacy commissioner in Canada has signed a joint letter expressing their concerns. Canadians need to speak out to ensure that any lawful access package maintains appropriate oversight and reporting requirements. There is enough to worry about in the real lawful access proposals that critics don't need to focus on problems that don't exist.

Source

By Iain Thomson
September 26, 2011

Dead-tree rags hold up surprisingly well

Television news may still be the most popular local-news source for most people in the US, but it's losing ground to internet news and social networking, and in some cases even failing to outpace traditional newspapers.

According to a survey conducted by the Pew Research Center’s Project for Excellence in Journalism, although 74 per cent of people turn on the boobtube at least once a week for local news, a full 55 per cent get their information from what the survey refers to as "old-fashioned word of mouth". Around half use local radio or newspapers and 47 per cent use the internet.

On the face of it, these figures look rather good for local TV, but the study also looked into what type of news people use different sources for. There the situation looks a lot worse for the television stations. Local TV is primarily used for breaking news and weather, and ties with radio for traffic reports.

But for news about local services such as restaurants, the internet is the clear winner. Meanwhile, newspapers are still the most-used source for local events, crime reports, cultural events, and tax and local government news, and tie with TV as the top source for local politics. Furthermore, the websites of TV news stations get very little attention.

Local newspapers, while still important, aren’t as loved as they’d like to be. Overall, 69 per cent of respondents said they would see little or no loss in not having a local dead tree publication, and that figure rises with younger users and those with broadband. Those aged 40 or over still seem to be sticking to old media such as newspapers and TV, but among those yet to break the big four-oh, the internet is deemed the most-used source of information in almost all areas, narrowly losing out to TV for weather by three percentage points.

The data from 2,251 adults showed that consumers have become very savvy about the number of news sources to use when trying to find out information about their local communities. Nearly two thirds of people surveyed used at least three primary sources for weekly local news, and 15 per cent used at least six per week.

Source

Peter Nowak
September 23, 2011

The CRTC has been quite busy of late coming to the rescue of the poor, beleaguered consumer. That’s nice, but it prompts a few questions, such as: What happened? Why the change of pace? And why now?

On Wednesday, the broadcast and telecom regulator released an edict on vertical integration, or the recent trend that has seen companies that distribute things like TV shows and radio programs buy up the same producers and rights holders of those shows and programs, thereby introducing the danger of exclusive programming. The CRTC said this situation – which could potentially result in consumers having to subscribe to Bell TV to see hockey and Rogers TV to watch baseball, for example – was bad for consumers and essentially forbid it.

On Thursday, the regulator also issued guidelines on how it plans to handle complaints over service providers’ internet traffic management practices (ITMPs). The CRTC laid down its ITMP framework, which is designed to prevent ISPs from unfairly discriminating against certain kinds of internet traffic, back in 2009. The new ruling spells out how individuals can take providers to task when they feel that so-called net neutrality rules have been violated. The regulator says it will also play the name-and-shame game, where it will regularly report violators and the number of complaints it receives.

In both cases, the regulator placed the consumer front and centre. With Wednesday’s vertical integration decision, chairman Konrad von Finckenstein said: “Canadians shouldn’t be forced to buy a mobile device from a specific company or subscribe to its internet service simply to access their favourite television programs.” In Thursday’s net neutrality press release, he said: “The guidelines we issued today will help Canadians understand which practices are permitted and how to make a complaint.”

Well, well, well. Welcome to the party, CRTC. Nice of you to show up. Where have you been?

It’s hard not to be cynical about the apparent change of heart. After all, this is the same regulator who for years has been endorsing and pushing anti-consumer regulations and decisions, like the bone-headed approval of usage-based billing, the attempt to block the launch of Wind Mobile and the ongoing failure to enforce net neutrality in the first place.

It’s the same regulator whose spokesman the inimitable David Ellis quotes on his blog as saying, “We are not a consumer protection agency.”

With vertical integration, the regulator earlier this year approved Bell’s takeover of CTV with some conditions, the biggest of which was the requirement of a big investment in the production of Canadian programming. It also rubber-stamped Shaw’s acquisition of Canwest last year and launched a hearing into the effects of such vertical integration, which apparently resulted in Wednesday’s ruling.

While it’s true the CRTC placed a moratorium on any exclusive content arrangements when the Bell-CTV deal was announced in March, it didn’t take a rocket scientist to figure out that such was the end game of all involved players. Exclusive content was always at the root of the numerous billion-dollar takeovers, yet the regulator allowed them to happen anyway. Wednesday’s decision could easily have been included as a precondition to any of the deals going ahead and may have, in fact, caused some of the acquirers to think twice.

Instead, the new ruling is surely just the beginning of what will be a long and arduous battle that may go to the courts or cabinet, especially if Bell has anything to say about it, and of course it does.

On the net neutrality guidelines, well let’s just say 2009 called and it wants its complaint back. Consumer groups and politicians alike have since day one been critical of the framework for putting too much onus on internet users to prove issues and for being non-transparent. Again, these are criticisms that should have been prevented in the first place, or dealt with much sooner otherwise.

So why is the CRTC suddenly getting wise to the wants and needs of consumers? The most likely reason is because von Finckenstein and the other commissioners are getting tired of being embarrassed. On the Wind Mobile issue, the commission was thoroughly red-faced when the government overturned its decision, which led to the wireless carrier starting up. The CRTC was also caught with its pants down on usage-based billing, which resulted in a particularly embarrassing and somewhat sad grilling by commissioners of Open Media, the advocacy group that led the anti-UBB charge, during a hearing this past spring.

The truly cynical might say the new attitude is an effort by the chairman to get himself back into the good graces of the government. Von Finckenstein is reportedly seeking another term, but that seems about as likely as the vertically integrated media companies throwing their hands up and accepting the regulator’s Wednesday decision, or ISPs abandoning their throttling practices altogether.

In the end, although it’s easy to criticize the CRTC for being largely anti-consumer over the past few years, it really isn’t the regulator’s fault. Its split personality is a direct result of conflicting messages it has received from the government. When the Conservatives took office back in 2006, they told the commissioners to ease off regulating and instead let “market forces” do their thing. As I’ve harped on many, many times, with foreign ownership restrictions creating major barriers to new competitors of all stripes, market forces have never actually existed, so neither has competition in all the areas the CRTC governs.

The regulator has therefore been charged with trying to keep the chickens (aka consumers) happy while the wolves run the henhouse. No wonder it’s suffering from a major case of schizophrenia.

Source

September 22, 2011

After the ruckus raised by Roger's throttling World of Warcraft and other online games, and the uncovering of a long list of net neutrality (Internet openness) complaints, the CRTC today released new guidelines for how it will handle complaints about ISPs' traffic management practices. Pro-Internet group OpenMedia.ca is lauding the CRTC's initiative, and hopes that this is the first of many steps toward a more open, affordable Internet.

The new process, as summarized in the CRTC's press release, is this:

Upon the receipt of a complaint regarding a traffic management practice, CRTC staff will forward the complaint to the ISP in question and request a response. If the ISP fails to respond or bring itself into compliance, the CRTC will take further action to enforce its policy. This can include meeting with the ISP to discuss a complaint in more detail, requesting an on-site inspection or independent third-party audit, or calling the ISP to a public hearing.

While the half-a-million strong pro-Internet group is pleased with the CRTC's move toward transparency and the establishment of clearer guidelines, OpenMedia.ca executive director Steve Anderson notes that the process for enforcing Internet openness rules still relies far too heavily on customer complaints:

"These new guidelines are definitely a positive step in the right direction," says Anderson, "but the CRTC still has a ways to go before it can truly protect the open, affordable Internet. The onus to identify and report unfair traffic management practices still rests on Canadians, many of whom will be unable to identify a violation and properly navigate the complaints process.

"While today's move makes that process clearer, the real solution rests in regular independent audits of ISPs. The government must also allow the CRTC to effectively punish ISPs that unfairly throttle traffic—we literally want to make throttlers pay."

OpenMedia.ca pushed for and won Internet openness rules in 2009, and has been pushing for effective enforcement ever since.

Source

By Jamie Sturgeon
September 22, 2011

TORONTO — Striking an unexpectedly interventionist tone, the federal broadcast regulator Wednesday slapped a host of new conditions on the country’s biggest telecommunications conglomerates.

In a bid to curb “anti-competitive” behaviour between BCE Inc., Rogers Communications Inc., Shaw Communications Inc. and Quebecor Media Inc. — firms with considerable market power through their collective control of most of the country’s TV, Internet and wireless networks as well as the television content flowing over them — the regulator has enacted a new “code of conduct” and other provisions designed to guard the market place from disruptions, such as programming black outs.

“We felt that some safeguards were needed,” said Konrad von Finckenstein, the Canadian Television-radio and Telecommunications Commission’s chairman.

Perhaps the most important is a permanent ban on exclusive content deals between the TV arms of an integrated carrier and its mobile and Internet distribution arms, such as between the new Bell Media and Bell Mobility.

CRTC’s strict program to keep integrated telcos in line:

• Prohibit companies from offering television shows on an exclusive basis to their mobile or Internet subscribers.
• Companies can offer exclusive programming to their customers if it is produced specifically for an Internet portal or a mobile device.
• At least 25% of specialty services distributed by a large integrated company must be owned by an independent broadcaster.
• Adopt a code of conduct to prevent anti-competitive behaviour.

“That is for our business the most critical part of the decision,” Michael Hennessy, senior vice-president of regulatory affairs for Telus Corp. The Vancouver-based company is the third-largest wireless operator in the country and a primary TV and Internet provider in Western Canada, where it competes with Shaw.

Telus as well as other independent television distributors such as Cogeco Cable in Ontario share concerns content would be denied to them on both television and emerging platforms, such as online or on smartphones and tablets.

At minimum, they warn costs to their customers would soar as vertically integrated competitors seek price increases. While costs may still climb for those carriers unaligned with content and who must still negotiate for carriage, TV signals cannot now be pulled, a fear substantiated by recent black-outs in the United States.

Wednesday’s decision removes the incentive to cut programming if negotiations break down — a scenario that could potentially be exploited to drive consumers to switch carriers — by mandating access during talks as well as demanding unresolved talks be subject to “binding” arbitration.

The “standstill” access rule extends to on-demand, mobile and Web-based viewing options, meaning recently introduced video packages such as Bell’s Mobile TV and Shaw’s online Movie Club must also be made available to competitors.

The decision was trumpeted by market observers and consumer advocates as a victory for the viewer, who now avoids being forced to select a service depending on what shows are available on it.

“This approach will ensure that customers will not have to subscribe to several distributors in order to view the most popular programming,” the CRTC said.

The CRTC’s move is a significant blow for integrated carriers such as BCE and Shaw, who have built business models around using their broadcast content in “innovative” and largely exclusive ways on tablets and other viewing platforms.

“The outright ban on exclusives in our view … prevents parties from trying to innovate, test things out and try to differentiate,” Mirko Bibic, senior vice-president of regulatory affairs said.

The executive railed against the standstill and arbitration stipulations, suggesting the regulator is not pursuing its own mandate of allowing the market to operate under minimum intervention.

“It’s heavy regulation — when you get down to regulating price that’s the heaviest form you can have,” Mr. Bibic said.

The decision from CRTC comes after months of deliberations following BCE’s successful acquisition in April of the CTV network, a deal pairing the largest broadcaster in the country with the biggest provider of TV, Internet and wireless services.

The commission also said Wednesday television providers must begin moving toward offering more “a la carte” channel packages, another pro-consumer move.

“What jumps out here is how activist the CRTC is in setting up new rules of the game,” Stephen Zolf, a media lawyer at Heenan Blaikie said. “The death of regulation has been greatly exaggerated.”

Source

By Andrew Orlowski
September 22, 2011

Agree to act, just not how

Exclusive Leading UK ISPs are now privately agreed on the principle of restricting access to websites in response to hastily obtained court orders, according to sources close to discussions that took place in Westminster this week. The shift follows the landmark Newzbin2 ruling in July, which affirmed the responsibility ISPs have to enforce copyright laws.

However, the structure and processes acceptable to both ISPs and creative industries have yet to be tabled, and significant concerns remain in the Internet industry over legal issues and costs.

Rights-holders reacted a little more positively, pointing to the acknowledgement of greater responsibility, lower costs and speedier access to justice than offered by current legal processes. Although one source was cautious:

"Don't expect a signing ceremony or even a public announcement, it's going to be more of a voluntary solution through accretion," he told us.

The change of heart was evident at the latest in a series of regular industry discussions chaired by Culture Minister Ed Vaizey on Monday this week, according to multiple sources familiar with the discussions. It's the latest in a series of meetings designed to produce a self-regulatory substitute for the Digital Economy Act's Section 17 and 18 web-blocking powers. The government has said it won't implement these, but wants ISPs and creative industries to devise a replacement acceptable to both. This was the first meeting since June, and also the first since the Newzbin2 ruling.

June saw a voluntary plan floated (and leaked), which saw strong opposition in BT, the defendant in the Newzbin2 case. This has now been sidelined. Instead, ISPs will still demand a court order but work on an expedited process. Fighting Newzbin2 cost Hollywood studios an estimated £1m and took 18 months – and that's the heart of the dispute. Copyright enforcement options today are expensive and impractical. Reports that ISPs will be asked to turn around court orders in an hour, however, are inaccurate, according to multiple insiders. But ISPs will respond to court orders that have been processed more quickly.

"ISPs have had to acknowledge that being a mere conduit is not an absolute defence," said one industry representative.

While conceding the main issue, ISPs privately point to several positives for service providers: they'll respond to court orders on a per-site basis, rather than lists of sites, and believe fewer pirate sites will be requested by rights-holders.

Industry association ISPA told us it was concerned about the costs of setting up the blocking solutions on smaller ISPs.

That leaves much of the detail to be decided. One is the nature of the "evidence test" a court will need to block access.

And at least two sources on different sides of the talks agree, glumly, that we may see more litigation before a voluntary self-regulation concord takes effect.

Vaizey held a second meeting on the subject of site-blocking on Tuesday, an open meeting attended by anti-copyright groups including The Pirate Party and the Open Rights Group, and blogger activists.

Yet there's little mistaking the direction talks are taking. By opposing every single copyright enforcement measure ever proposed – and there have been some quite insane proposals – activists have only accelerated the marginalisation of what may be quite rational objections.

Bootnote

One objection raised was that small UK web businesses "would need weekend cover" under a less Pirate-friendly copyright enforcement regime.

So Shoreditch entrepreneurs don't work at weekends, then? As a small UK web business here at El Reg we can affirm nothing ever happens to websites between Friday night and Monday morning.. Phew.

Source

By Brid-Aine Parnell
September 22, 2011

Students and yuppies rate web as essential

A third of college students and young professionals feel that the internet is as important as air, food, water or shelter, according to a new survey.

Cisco's 2011 Connected World Technology Report (PDF) found that 32 per cent thought the web was as important as the necessities of life, while over half of students and 62 per cent of employees in their 20s said they couldn't live without it.

The global report looks at the next generation of the workforce and how they are going to perform in a connected workplace. The study concluded that:

Students and young professionals share similar perceptions on the importance of the internet. For most, accessing the internet through their computer is their primary information and news source and an integral part of their daily life.

In fact, the internet is so important to the 'yoof', it can prove a distraction. The need to check Facebook, answer an IM or phone call or go on some other social media is so strong that 43 per cent of students worldwide said they were distracted three or more times an hour when they were supposed to be doing their homework.

British, Australian and Canadian students were the most easily engrossed, with nine in 10 students leaving the books for the siren call of social media once an hour.

The survey also found that eight in 10 students check their Facebook at least once a day and 73 per cent of young employees do the same.

"The results of the Cisco Connected World Technology Report should make businesses re-examine how they need to evolve in order to attract talent and shape their business models," Marie Hattar, VP of enterprise marketing at Cisco, said in a canned statement on the results.

The study took an online survey of 1,441 college students and 1,412 employees under the age of 30 in 14 countries.

Source

September 21, 2011

Last week, Usenet indexer Newzbin2 delivered on their promise of delivering a mechanism to circumvent the court-ordered blocking measures set to hit their site in the weeks to come. After releasing a second version of their encryption software in just three days and an OSX version in under a week, the site’s operators now say they are prepared to adapt their client to help other blocked sites stay online.

Last week, in response to a High Court judge’s decision to order UK ISP BT to block Usenet indexer Newzbin2, the operators of the site delivered on their promise to neutralize the looming threat.

Last Wednesday, TeamRDogs – the group behind the site – released Newzbin Client 1.0.0.127, their first software release designed to circumvent BT’s Cleanfeed online censorship system. Our tests revealed that encryption is one of the main tools being used to circumvent the system.

Following the release, TorrentFreak caught up with Mr White from TeamRDogs, a character far more colorful than his monochromatic name might suggest. He told us that being forced to create this software was not only a waste of their time, but a sad testament to the state of the open Internet dream.

“Having to write a client program like this is an admission that the open web is in the process of failing. The ability of vested interests to choke the Internet with a vinculum woven from malevolent law and technology is very depressing,” Mr White told us.

“TeamRDogs would rather spend its time in titty bars drinking whisky and snorting lines than hacking the MAFIAA’s Client of Doom (hmmm, CoD – we may call it that), but they’ve made it necessary.”

The Newzbin2 anti-blocking software, which was updated with a new release just before the weekend followed by a brand new OSX version this week, is said to include ‘Agility Technology’. But what does that mean?

“This is simply a mechanism that will allow the application and its configuration to be modified to adapt to the new web censorship techniques that we can envisage arising,” Mr White explains. “The App can also ‘Phone Home’ for a friendly message if Newzbin2′s Intarwebs is cut off.”

While Newzbin2 could indeed become the first victim of the pro-copyright web-blocking movement in the West, if the lobbyists get their way it certainly won’t be the last. But by picking on a site like Newzbin2, which has already shown it is prepared to fight technology with technology (a route to failure in itself), the prospect of successful future web blocks has already been reduced.

Mr White told TorrentFreak that rather than keep their toys to themselves, in the spirit of sharing Newzbin2 could adjust their code to assist other victims of web-blocking.

“We could adapt it to help out other websites so if, for example, the MAFIAA start to go after NZBMatrix [another Usenet indexing site] or torrent sites we’d be happy to help them out.”

However, it’s not all plain sailing. We’ve already had pessimists point out that since TeamRDogs obtained the original Newzbin database by unconventional means, their software should be viewed with caution. But that notion is dismissed by Mr White.

“Some people will worry that [the client] will have adware/malware etc: given the heuristic examination that it will inevitably be subject to that would be dumb on a Sony scale,” says Mr White referencing the Sony CD rootkit fiasco. “It’s clean, we swear this on Ron Jeremy’s manhood.”

Mr White says that in addition to the new client, TeamRDogs also recommends tools offered by 3rd parties.

“Despite the App we reckon that MAFIAAFire will also be a good bet for most for now but we believe in having options,” he concludes. “And doubles all round.”

Source

Michael Geist
September 21, 2011

With the House of Commons back in session this week, it should not take long for copyright reform to reappear. Canadian Heritage Minister James Moore has already indicated the bill will be reintroduced unchanged from Bill C-32 and that the legislative committee will pick up where it left off without the need to hear from any persons or groups who appeared under Bill C-32. That suggests things could move very quickly with a few sessions and a march to passing the bill before the end of 2011.

My posts in the months leading up to the bill gave some sense of what was likely on the way and more recently I've written on the Wikileaks cables that demonstrate the remarkable U.S. influence over the Canadian copyright agenda. I've now obtained a series of documents that provide some useful insights into the behind-the-scenes work within the government and the C-32 legislative committee. While access-to-information requests typically exclude information about government bills, the death of Bill C-32 meant the information was fair game. Over the next week, I plan daily posts of various documents including the government's full clause-by-clause analysis, its C-32 committee witness strategy, and an analysis of the submissions provided to the committee by dozens of groups and individuals.

The series starts with the complete question and answer document [15 MB PDF] prepared for Ministers Moore and Clement for their committee appearance in November 2010 (Scribd version embedded below). The document covers a wide range of anticipated questions and the official government response to each. The answers will not surprise as anyone following the issue will have heard the Ministers and other MPs repeat them regularly. Nevertheless, the more interesting scripted responses to key questions include (with some context in square brackets):

• C-32's consumer exceptions and digital locks: the response comes clean that the government is indeed adopting an approach where digital locks trump consumer rights. The government justifies its approach with the refrain that consumers can decide whether or not they want to buy products with digital locks [which is inaccurate for some students who are required to purchase digitally-locked books for their courses].
• C-32 digital lock rules going far beyond what is required by the WIPO Internet treaties: the government does not dispute this and has no answer other than to say it believes the bill represents good policy.
• C-32 digital lock rules and permitting circumvention for non-infringing purposes: the government does not have a direct response, choosing instead to talk about protecting jobs and a limited number of exceptions. [The response doesn't actually address why non-infringing purposes, which mean the intended use is legal, shouldn't qualify for an exception.]
• C-32 digital locks rule exceptions not in-line with U.S. exceptions: the government response is that the Canadian market is different. [This is correct, which is precisely why the DMCA approach on digital locks is inappropriate.  Moreover, the question fails to note that the U.S. permits circumvention of DVDs in some circumstances, whereas the Bill c-32 did not.]
• Doesn't C-32 create exceptions that mean "anything goes"?: the government response notes that the overwhelming majority of Canadians are law abiding and will follow the rules. [While this response addresses exceptions, that view is precisely why the digital lock rules - which presume that no one is law abiding and therefore the lock trumps virtually all rights - gets it wrong.]
• The YouTube remix exception: the government does a nice job explaining why it is needed and how it features important built-in safeguards to prevent misuse. [Interestingly, the government reiterates its view that Canadians are law abiding here too.]
• Fair dealing for education: the government response reiterates the reality that "fair dealing is not a blank cheque" and is even broader in other countries
• The "book burning" provisions that require the destruction of course materials after 30 days: the government argues that destruction of materials "are an essential part of the balance."
• Will the bill allow for suits against individuals for large amounts like in the U.S.?: The government says the bill is designed to ensure Canadians will not face disproportionate penalties for infringement. [The Hurt Locker lawsuits demonstate the bill does not go far enough in order to achieve this objective.]
• Why has Canada caved to US pressure?: The government notes differences from U.S. law including one digital lock exception, notice-and-notice for ISPs, and statutory damages reform. [The Wikileaks cables obviously tell a much different story]
• Will C-32 get us off the US Piracy Watch list? The government gets this one exactly right - "Canada does not recognize the validity of the Special 301 process and considers it to be flawed. The Report does not employ a clear methodology in its country ranking, as it relies on industry allegations rather than empirical evidence and analysis."
• Do the C-32 exceptions meet the Berne Convention requirements?: The government says yes.

Source

September 20, 2011

The anti-piracy lobby group AFACT just championed a study which claims that nearly all of the popular files on BitTorrent point to infringing material. Although the study in question is probably not far off, the press-release of the anti-piracy group has been met with more doubt than ever before. Slowly journalists are starting to reflect on the ongoing propaganda stream from anti-piracy outfits, and some are even brave enough to call them out on it.

Last week the MPAA-supported lobby group AFACT released a study claiming that 72 percent of people would stop downloading infringing content if their Internet provider warned them.

The results claimed to support the effectiveness of a 3-strikes system for copyright infringers, but those who took a closer look saw that this was not the case.

As we pointed out, the results could also show that none of the current file-sharers would be deterred, as the question was also answered by the 78 percent of people who don’t even use file-sharing software.

The press release was nothing more that a cheap and misleading marketing stunt and it’s tricks like this that are causing the anti-piracy lobby to lose credibility at a rapid pace.

Just a few hours ago AFACT came out with another press release. This time they plug the results of a study they appear to be unrelated to, conducted by the University of Ballarat’s Internet Commerce Security Laboratory (ICSL). These are the same researchers who released some rather incompetent reports in the past, but their latest study shows signs of improvement.

As AFACT is happy to point out, the researchers conclude that 97.2 percent of the most popular files on BitTorrent are infringing (and that a lot are faked). Although this conclusion is probably not too far off, not all journalists are eager to pick it up as some are starting to see that AFACT has a habit of twisting the truth.

In a piece titled “Fooling some of the media, some of the time,” Canberra Times journalist Myles Peterson explains his concerns.

When Peterson received the three-strikes study press release last week he couldn’t help but notice that News Corp newspapers received the details before ‘regular’ journalists did. Yes indeed, that is the same News Corp organization that is a partner of anti-piracy groups such as IPAF, DEAA and AFACT.

“Last Monday, The Australian ran a full-court press in print and online dubbed ‘Piracy, the disease that’s crippling our creative industries’, comprising a number of articles from various angles, all attacking the scourge of online file sharing. Articles also appeared in News Corp tabloids The Adelaide Advertiser and The Daily Telegraph,” Peterson writes.

“That’s odd, I thought. The avalanche of coverage seemed to disproportionately reference the new study. Would a media outlet co-operate with a lobby group to generate mass coverage of a topic, I wondered.”

While following up on the study, Petersen noticed that various Australian anti-piracy outfits are conveniently sharing personnel. This, added with the recent Wikileaks revelation that the MPAA is the driving force behind these groups, lead to further doubts. They were only heightened when the obvious flaws in the ‘independent’ study were pointed out by us.

Using journalists in a propaganda war orchestrated by foreign companies wasn’t a very pleasant thought to Petersen.

“The story behind the stories, both those that appeared in News Corp media and TorrentFreak’s balancing rebuttal, stayed with me, as did a series of worrying questions. Are AFACT, the DEAA and IPAF being co-ordinated by the same group of people? Are these people being directed by the Motion Picture Association of America, as the WikiLeaks cable suggested? ” he writes.

“What stuck with me most was a similar concern to one uttered recently by Australian Greens leader Senator Bob Brown. Did a group of journalists put together a press campaign based on a biased study supplied by a lobby group that represents their own employer?”

And if that’s not bad enough, in a few days the anti-piracy outfits have a meeting at the Federal General Attorney’s office to push their agenda at the highest level. The fear is that this talk will be far from balanced, and we can only hope that the hosts will be able to see through it.

“When our federal lawyers host these lobby groups at the end of the week, I hope they cast a more critical eye over any research presented than certain media outlets did. I also hope they are able to work out which person in the room represents the ACIG, AFACT, DEAA, IPAF, MPA, MPAA or all of the above,” Petersen concludes.

The good news is that the piece in the Canberra Times shows that not all journalists are indirectly working for the MPAA. Increasingly, we see skepticism towards the continuous stream of anti-piracy propaganda and more room for a sensible discussion about the topics at stake. Perhaps the tide is turning?

Source

By Dan Goodin
September 19, 2011

Beware of BEAST decrypting secret PayPal cookies

Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserver and an end-user browser.

The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the successor to the secure sockets layer technology that serves as the internet's foundation of trust. Although versions 1.1 and 1.2 of TLS aren't susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website he's visiting.

At the Ekoparty security conference in Buenos Aires later this week, researchers Thai Duong and Juliano Rizzo plan to demonstrate proof-of-concept code called BEAST, which is short for Browser Exploit Against SSL/TLS. The stealthy piece of JavaScript works with a network sniffer to decrypt encrypted cookies a targeted website uses to grant access to restricted user accounts. The exploit works even against sites that use HSTS, or HTTP Strict Transport Security, which prevents certain pages from loading unless they're protected by SSL.

The demo will decrypt an authentication cookie used to access a PayPal account, Duong said.

Like a cryptographic Trojan horse

The attack is the latest to expose serious fractures in the system that virtually all online entities use to protect data from being intercepted over insecure networks and to prove their website is authentic rather than an easily counterfeited impostor. Over the past few years, Moxie Marlinspike and other researchers have documented ways of obtaining digital certificates that trick the system into validating sites that can't be trusted.

Earlier this month, attackers obtained digital credentials for Google.com and at least a dozen other sites after breaching the security of disgraced certificate authority DigiNotar. The forgeries were then used to spy on people in Iran accessing protected GMail servers.

By contrast, Duong and Rizzo say they've figured out a way to defeat SSL by breaking the underlying encryption it uses to prevent sensitive data from being read by people eavesdropping on an address protected by the HTTPs prefix.

“BEAST is different than most published attacks against HTTPS,” Duong wrote in an email. “While other attacks focus on the authenticity property of SSL, BEAST attacks the confidentiality of the protocol. As far as we know, BEAST implements the first attack that actually decrypts HTTPS requests.”

Duong and Rizzo are the same researchers who last year released a point-and-click tool that exposes encrypted data and executes arbitrary code on websites that use a widely used development framework. The underlying “cryptographic padding oracle” exploited in that attack isn't an issue in their current research.

Instead, BEAST carries out what's known as a plaintext-recovery attack that exploits a vulnerability in TLS that has long been regarded as mainly a theoretical weakness. During the encryption process, the protocol scrambles block after block of data using the previous encrypted block. It has long been theorized that attackers can manipulate the process to make educated guesses about the contents of the plaintext blocks.

If the attacker's guess is correct, the block cipher will receive the same input for a new block as for an old block, producing an identical ciphertext.

At the moment, BEAST requires about two seconds to decrypt each byte of an encrypted cookie. That means authentication cookies of 1,000 to 2,000 characters long will still take a minimum of a half hour for their PayPal attack to work. Nonetheless, the technique poses a threat to millions of websites that use earlier versions of TLS, particularly in light of Duong and Rizzo's claim that this time can be drastically shortened.

In an email sent shortly after this article was published, Rizzo said refinements made over the past few days have reduced the time required to under 10 minutes.

“BEAST is like a cryptographic Trojan horse – an attacker slips a bit of JavaScript into your browser, and the JavaScript collaborates with a network sniffer to undermine your HTTPS connection,” Trevor Perrin, an independent security researcher, wrote in an email. “If the attack works as quickly and widely as they claim it's a legitimate threat.”

Source

September 19, 2011

A short analysis of Internet killer Centemero draft law by Paolo Brini for AirVPN. Creative Commons 3.0 BY-SA (attribution, share-alike)

A bunch of Italian MPs from Berlusconi's party have proposed in late July a draft law which can hinder investments on the Internet in Italy, cause ISPs and hosting e-commerce collapse, and block freedom of expression and access to information. Currently the law has already been assigned to the proper committee for first analysis and check, an unusual fast track for Italy.

The draft law consists of two long articles amending the transposition of the eCommerce Directive in Italy (2000/31/EC, implemented with DLgs 70/2003) which state that:

1. citizens, outside of any judicial proceeding and without the right to appeal to the judicial authority, may be banned to access the Internet if ANYONE (a rightholder or an ordinary citizen) notifies a provider about alleged infringement of copyright or trademark or patent ("one strike" disconnections);
2. Internet service providers must comply to the blacklisting of citizens who are *suspected* of copyright or trademark or patent infringements ("proscription lists" to ban citizens from any access to the Net);
3. an Internet service provider must use preventive filters against services that infringe copyright, trademark or patents;
4. an Internet service provider must not promote or advertise, and must use preventive filters against, services that do not directly violate copyright, trademark or patents, but that *may* lead citizens to *think* that infringing services exist;
5. a provider or a hosting provider which does not use effective filters will be charged with civil liability.

Some parts of the draft law are clearly not applicable in real life, while others have the power to crumble ISPs and hosting e-commerce. It is *very* interesting to note that this draft law is compliant to one of the older versions of ACTA (the Anti Counterfeiting Trade Agreement). Some striking similarities and an analysis of "WikiLeaks cables" pertaining pressures on Italy about intellectual property privileges enforcement invite to further investigations about the real writers of the draft law.

Apart from constitutionality problems, the draft law does not seem compatible with the EU Acquis. In particular:

• it directly violates Directive 2000/31/EC, articles 12, 13, 14 and 15
• it directly violates Directive 2002/21/EC as amended by Directive 2009/140/EC ("Telecoms Package") art. 1(3.a). Telecoms Package has not yet been implemented in italian law (infraction procedure by the Commission may be imminent) but no Member State law can be incompatible with a Directive already approved by the Council and the Parliament, even though that Directive has not yet been transposed in the law of that Member State;
• it does not comply to the right to a due process, including the right to be heard and legal representation, as enshrined in the European Convention for the Protection of Human Rights and Fundamental Freedoms and the Charter of Fundamental Rights of the European Union;
• it does not comply to the right to conduct a business, as enshrined in the Charter of Fundamental Rights of the European Union;
• it does not satisfy the Principle of Proportionality.

Source

September 16, 2011

CRTC stands up to Rogers and demands Internet openness

Today’s events marked a small victory for Internet openness: the CRTC, Canada’s telecom regulator, has given Rogers ten days to correct their discriminatory slowing down of online games. OpenMedia.ca, a public engagement group that promotes an open and accessible Internet, is calling this a landmark decision.

“The CRTC is finally taking a stand to enforce its rules and stand up against the Big Telecom lobby,” says Steve Anderson, the pro-Internet group’s executive director. “This represents a move towards more Internet openness and accessibility—the core of a vibrant, democratic communications system in the digital age.”

The Canadian Gamers Organization, a group of concerned citizens who raised the alarm at the CRTC when Rogers began throttling the game World of Warcraft, wrote to the CRTC repeatedly to demand that Rogers comply with Internet traffic management policies. This decision is the result of their grassroots efforts and the work of public interest lawyers at CIPPIC, a member of OpenMedia.ca’s network.

OpenMedia.ca pushed for and won Internet openness rules in 2009, but has since been forced to fight for enforcement of those rules. As of now, the CRTC neither performs audits of Internet service providers to ensure they are complying with openness rules, nor has it been given the power to significantly punish ISPs who violate these rules. The CRTC action against Rogers represents a potential first step in changing this broken system.

Source

Siobhan Dowling
September 18, 2011

Irreverent campaign that initially focused on filesharing, data protection and censorship draws 8.5% of vote, exit polls indicate

An upstart band of internet freedom activists are to enter Berlin's state parliament, ousting the Free Democrats, Angela Merkel's junior partner in the unpopular national government. It marks a remarkable success for the small Pirate party, which attracted 8.5% of the vote, winning its first ever seats in a state parliament, according to the first exit polls on Sunday.

Their irreverent campaign captured the imagination of young voters as the party expanded its platform from an original focus on filesharing, censorship and data protection, to include social issues and citizens' rights. The party, which was founded in 2006, was "in tune with the Berlin vibe with their relaxed campaign", Holger Liljeberg of the Info polling institute, told Reuters. "They focus a lot on liberalism, freedom and self-determination."

Once opinion pollsters began to predict that they might overcome the crucial 5% hurdle to get into parliament, the momentum behind the Pirates began to grow, with supporters no longer worrying that a vote for them would be wasted.

The result is not the first European success for the Pirates. The original Swedish version of the party won a seat in the European parliament in 2009 after capturing just over 7% of the vote. Support for the party had soared after the jailing of the four founders of the Pirate Bay filesharing site.

While the Pirates were the surprise success story of the Berlin elections, the centre-left Social Democrats are also celebrating after topping the polls with 29.5% of the vote. Popular mayor Klaus Wowereit, who has run Berlin for 10 years, will form a new coalition with one of the smaller parties.

For the FDP, meanwhile, the Berlin vote was the latest in a series of humiliating defeats, marking the fifth ejection from a state parliament this year. Despite a last-ditch attempt to tap into public resentment at the bailouts for other eurozone countries, it only managed to attract 2% of the vote, down from 7.6% in 2006.

Source

By Michael Riley
September 15, 2011

CSIdentity’s artificial intelligence program extracts data from hackers

Hackers have proven they can crack just about any computer network, from Sony’s (SNE) to Citigroup’s (C). Afterward, they face another challenge: unloading the virtual booty. They often take stolen credit-card numbers, online banking credentials, e-mail logins, and Social Security numbers to a sprawling network of underground chat rooms and invitation-only forums, where such data are bought and sold. Law enforcement investigators hoping to catch the crooks lurk there as well, but with hacking incidents on the rise, the problem is far too big to police by traditional means.

Enter the robot informant. A security firm in Austin, Tex., CSIdentity has created artificial-intelligence software capable of posing as a hacker and engaging ne’er-do-wells in the underground forums. Its goal is to solicit stolen data—a hacker hoping to fence 1,000 credit-card numbers will offer dozens for free to prove they’re real—and send them back to flesh-and-blood investigators. CSIdentity sells the data it collects to banks, cybersecurity companies, and others who have a stake in quickly discovering which businesses, accounts, and credit cards have been compromised. “Very often we are able to notify our customers that something is wrong before their bank” does, says Scott Mitic, chief executive officer of TrustedID, an identity-theft protection company which purchases CSIdentity’s data.

To design the chatbots, CSIdentity’s 10-person analyst team studied the dialog in hacker chat rooms, looking for patterns in the interactions, says Joe C. Ross, the company’s president. The hacker argot is filled with slang: A newly stolen credit card is “fresh,” and a “fullz” is a credit-card record that includes the victim’s personal data and the card’s three-digit security code along with the number. To keep up with the fast-moving conversation, the virtual informants use a technique from computer science known as fuzzy pattern recognition, which helps the bots make sense of terms and phrases that can be expressed in different ways. (When a hacker threatens to “doss that server,” the machine knows he means a distributed denial of service attack, a common way to shut down websites.)

Ross says the hunt has become a cat-and-mouse game. Hackers know to look for dialog that seems more algorithm than human, and employ tricks to ferret out the bots. One common one is to order the chat room members to log out and reconvene in a different room. If the chatbots have trouble understanding the commands, they will end up in an empty room.

The bots are helped by the fact that many hackers are non-native English speakers and more forgiving of an odd-sounding statement here and there, says Ross. And, when confused, the bots can always fall back on a swear word in these profanity-riddled forums. “Someone will make a comment and the bot will respond with an expletive,” Ross says. As they work, the bots send catalogs of stolen data and snippets of conversations back to the CSIdentity team, which often works late into the night, when the chat rooms are most active. The company fridge is stocked with Red Bull to help the humans keep up.

The bots aren’t of much use when it comes to the most sensitive undercover stings, such as those that attempt to penetrate members-only hacker forums run by organized crime rings in Eastern Europe, says Ross. Yet they can help make the problem of data loss a little more manageable, especially as its scale grows. In a single week in August, CSIdentity’s bots uncovered 419,000 new records up for sale. The data consisted mostly of e-mail account logins and passwords but also 15,000 credit card numbers and 168 Social Security numbers.

Among the compromised companies was ShoWorks, an events manager based in Spokane, Wash. CSIdentity doesn’t act on the data, only collects and sells it, so Cathy Doerr, the company’s president, says she found out about the network break-in only when federal investigators called in late August. “It’s created just a mess, and we’ve spent the last two weeks trying to clean it up,” she says. CSIdentity’s bots wouldn’t have prevented the theft, but they might have helped Doerr discover it sooner. “This happens every single day,” says Ross. “The scary thing is this is just the tip of the iceberg.”

Source

September 9, 2011

After targeting tens of thousands of U.S. Internet users alleged to have downloaded and shared the Oscar-winning movie The Hurt Locker, the movie’s makers have expanded their settlement business into new territory. Three Canadian ISPs have now been ordered by a court to hand over the personal details of their subscribers to Voltage Pictures.

In March 2010, the law firm Dunlap, Grubb and Weaver imported the mass litigation “pay up or else” anti-piracy scheme to the United States.

Some of the most high-profile customers of the law firm – who for the purposes of their settlement work are known as the U.S. Copyright Group – are Voltage Pictures, the makers of the Oscar-winning Hurt Locker.

Now it seems that the United States just isn’t a big enough market for settlements, so Voltage have taken their pay-up-or-else lawsuits north – and expanded into Canada.

Earlier, through law firm Goudreau Gage Dubuc LLP, Voltage Pictures applied for an order from the Federal Court in Montreal which would force three Canadian ISPs – Bell Canada, Cogeco Cable Inc. and Videotron GP – to hand over the personal details of subscribers said to have infringed its copyrights.

“Voltage Pictures LLC owns the copyright of the film ‘Hurt Locker’. The defendants have copied and distributed the film via the Internet without the permission of Voltage Pictures LLC,” says the order.

Voltage adds that although it has obtained IP addresses, without the help of Canadian ISPs the studio cannot convert them to real-life identities.

“Voltage Pictures LLC requests permission to interview internet service providers in advance in writing so that they disclose the names and addresses of customers who match the IP addresses already obtained,” says Voltage.

“Once it has identified these customers, Voltage Pictures LLC may send notices and, where appropriate, add these individuals as defendants in this action.”

On August 29th, the Federal Court in Montreal granted the order and gave the trio of ISPs just two weeks to hand over the names of subscribers. Since today is September 9th, and the weekend is almost upon us, one might assume that the details have already been handed over, or will be by Monday.

According to Canadian lawyer Michael Geist, there is no indication that the ISPs challenged the court order or that any public interests were given the opportunity to intervene.

“The prospect of thousands of Canadian peer-to-peer file sharing lawsuits – with potential liability of tens of thousands dollars per person for a single movie – highlights why the government was right in Bill C-32 to reform the statutory damages provision to distinguish between commercial and non-commercial infringement,” writes Geist.

“Non-commercial infringement was capped under the bill at $5000 for all infringements, though it can go far lower. This case confirms that mass lawsuits with the threat of thousands in liability is a real possibility in Canada and why changes to the law are needed.”

Canadian Internet users, with their relaxed attitude towards their culture of file-sharing, are likely to be outraged by the action taken by Voltage. Certainly one to watch.

Source

September 16, 2011

Hollywood-funded anti-piracy group BREIN says it will pursue a similar strategy to its counterparts in the United States and UK by pressuring payment processors like PayPal to stop doing business with file-sharing sites. But BREIN says the processors must go further. Either they can voluntarily hand over the names of the admins behind the site accounts, or they will go to court and sue them into submission.

No matter if there are pop-up and pop-under adverts on every page, or a single discreet button where someone can pledge a five dollar donation, thousands of file-sharing related sites need a mechanism by which to convert money into spendable funds.

For many the payment processor – PayPal and other similar services – provide their financial lifeline. After years of ignoring this Achilles’ heel, anti-piracy companies are taking steps to exploit this weakness and this week another group announced their plans – and they’re controversial to say the least.

“We are in talks with the Dutch payment providers and are working towards partnerships,” says Tim Kuik, chief of anti-piracy outfit BREIN.

Kuik says that by offering payment solutions to file-sharing sites, services such as PayPal are doing business with unlawful entities and therefore contributing to their ‘crimes’.

The idea isn’t new. In the United States the forthcoming PROTECT IP Act will oblige payment processors to stop doing business with “rogue sites” and in the UK the IFPI have similar but more private deals in the pipeline.

With BREIN, the ball is already rolling. The Hollywood-funded group has written to an unnamed selection of payment processors seeking cooperation with the issue in hand – strangling the finances of sites that BREIN, not a court, deem to be illegal.

But BREIN also sees the payment processors as potentially useful in another highly controversial area.

“We are often faced with services that operate anonymously and have given their hosting provider false information,” Kuik said. “We suspect that the payment providers have a good track, because the money they send has to go somewhere.”

Of course, BREIN have a job to do and will do whatever they can to achieve their goals, but when Kuik elaborated further in a discussion with Future of Copyright this week, it became clear that controversy is not something the group shies away from.

“We have requested several payment providers to give BREIN the name and address of illegal file sharing sites,” Kuik explained.

Now, BREIN hasn’t been to court on order to obtain specific permission to obtain this data, yet Kuik says that the payment processors can simply hand over the private details of account owners to his company. Unsurprisingly, the targets of BREIN’s affections aren’t yet falling over themselves to comply.

“The payment providers do not seem very willing to cooperate yet, but are deliberating on a response,” says Kuik. But he says they better respond positively – the pleasantries won’t last forever.

“If there will be no response, BREIN will sue them and refer the matter to court,” he warns.

Arnoud Engelfriet, a lawyer with Ictrecht law firm, believes that the law could be on BREIN’s side.

“Dutch case law (in particular the Pessers/Lycos case) has held that in certain cases internet providers and other intermediaries are indeed required to hand over identifying information if a customer is likely committing a tort. A court intervention is not necessary according to our High Court,” he told TorrentFreak.

“The legal requirements are that it is without serious doubt that this customer is committing the tort, that releasing the identifying information is relevant for the case *and* that an evaluation of customer privacy versus the interests of the third party reveals ultimately that privacy must give way to those interests.

“For example, if I am a whistleblower, my privacy would be very important and my employer wouldn’t easily get my identifying information with this ruling,” Engelfriet adds.

“For banks and payment processors the same requirement would apply. They have to evaluate how likely it is that their customer is violating third party rights and that handing over this data is more important than protecting the privacy of their customers.”

But Engelfriet says that given the sensitivity that banks normally apply to customer details, he would be surprised if they handed over this information without a fight.

“Freely handing over details would set a big precedent for them: anyone with a complaint could demand customer information. E.g. you buy something on eBay and you feel duped, you would demand bank information. Besides, banks have big pockets so I’m not too worried,” Engelfriet concludes.

Kuik won’t say which payment processors he’s contacted thus far, but says that should BREIN sue them their identities will quickly become public.

Source

September 15, 2011

As Parliament prepares to resume Canadians launch three online videos to let Canadians know about the government’s plan.

Proposed bill will allow authorities to access private information of any Canadian, at any time, without a warrant.

OpenMedia.ca just launched three PSA-style videos as part of a citizen-led public education campaign to raise awareness about impending electronic surveillance laws. The Conservative government is putting the finishing touches on a set of bills that will force every phone and Internet provider to surrender Canadians’ personal information to "authorities," without a warrant. In a recent survey, 8 out of 10 Canadians were opposed to the legislation.

“Where does it end? Are we going to let authorities look at our emails, our Facebook conversations, our phone discussions?” said OpenMedia.ca Executive Director Steve Anderson today.

Working with OpenMedia.ca, concerned citizens have produced several video and audio PSAs. The PSAs have been sent to media outlets across the country and shared online using social media. OpenMedia.ca has just sent the videos to its 540,000 pro-Internet community. They can be found and shared online at http://openmedia.ca/educate.

“The government has failed to inform Canadians about the privacy and critical data security implications of the invasive online spying bills they’re tabling,” says Steve Anderson, OpenMedia.ca Executive Director. “This is irresponsible and we’re happy to see citizens step up to the plate to educate their fellow Canadians at this pivotal moment.”

The videos show satirical real-world situations where everyday expectations of privacy are violated. The twist? These are the same violations that would occur online under the proposed laws.

Anderson adds: “This legislation will essentially create a new mandatory Internet registry of private data and force Canadians to pay for it. Canadians simply want an open and affordable Internet; this legislation clearly takes this country in the wrong direction.”

Over 50,000 Canadians have already signed the Stop Online Spying petition (http://stopspying.ca) that acts a voice of opposition against the government’s invasive legislation.

Source

September 13, 2011

Europe is much more hung up on privacy than we are in the U.S. European countries’ discomfort with Google Street View led to various investigations into the program — uncovering the fact that the cars had sucked up Wi-Fi data, emails, and passwords while they were mapping streets and Wi-Fi accounts. Google has gone ahead and shut Street View down in some of those countries, due to their strict regulation on what the company has to do to protect their citizens’ privacy. (Here in the U.S., meanwhile, the main pushback against Street View came in the form of a nearly-failed lawsuit by the Borings in Pennsylvania, a couple who sued the search giant for trespassing and invasion of privacy for taking photos of their front lawn. They won a whopping $1.)

Europe’s push does lead to privacy ripples in the U.S., though. Google announced today that it’s letting people opt out of the mapping of Wi-Fi hotspots that it does. After the Wi-Spy Street View snafu, Google stopped mapping Wi-Fi spots with its Street View cars, instead mapping them using geolocation feedback from Android phones. (Apple does something similar with the iPhone.) Moving forward, though, Google will let Wi-Fi hotspot owners opt not to be included on the map. Google’s chief privacy counsel in Europe writes:

Even though the wireless access point signals we use in our location services don’t identify people, we think we can go further in protecting people’s privacy. At the request of several European data protection authorities, we are building an opt-out service that will allow an access point owner to opt out from Google’s location services. Once opted out, our services will not use that access point to determine users’ locations.

We’ll be making this opt-out available globally, and we’ll release more detailed information about it when it’s ready to launch later this autumn.

So, if you don’t want your Wi-Fi network used as a address on the map, you’ll have the option to remove it. Google does note that this mapping makes the world a more convenient place for everyone. “These signals can make products much more useful – by enabling public transport authorities to show you when a bus is expected to arrive at your nearest bus stop, for example,” writes global privacy counsel Peter Fleischer.

So if you do decide to be selfish and remove yours, you’re hurting people’s ability everywhere to catch the bus on time.

Source

September 14, 2011

from the your-public-domain-is-being-seized dept

One of our most popular stories last week was about how Europe was retroactively extending copyright yet again. It's been interesting to see the reaction to the story among Europeans, where I've seen nothing but very palpable anger about this. Pretty much everyone who isn't a record label seems to think that this is a complete joke, and nothing more than an attempt to grant subsidies to big record label companies. It's even coming through in the more mainstream press in the UK, where Shane Richmond has cynically blasted the plan in The Telegraph (and reminded us that the main person driving this worked for the record labels just a few months ago). Is it that cynical when the regulatory capture by a single group of companies is so obvious?

I’ve written at length about this before so I won’t go over the arguments again here but study after study has shown that longer copyright terms do not protect creativity; they harm it. And yet copyright terms keep growing, in the face of the evidence.

This is part of an ongoing pattern - a more cynical person might even call it a campaign - in which copyright will be extended until it never expires. In 15 years or so, you can expect a renewed campaign to extend the copyright on sound recordings to 95 years, matching the term in the US. After that, we’ll see pressure to extend terms further, so that recording artists receive the same protection - life plus 70 years - as composers and lyricists.

The thing that amazes me about all of this is how the supporters of this law don't realize how much harm they're doing to their own cause. When stories like this come out, there's so much anger directed at the system, the politicians and the law that it makes people respect copyright law a hell of a lot less. If the industry still believes that they just need to "educate" people, the education people are getting is that copyright law is a joke that serves no purpose other than to protect the interests of a few big companies.

Richmond, nicely, contrasts the laughably false claims by the IFPI that copyright extension benefits artists, by pointing to the upcoming termination rights battle in the US, to show that the major labels and their trade groups (RIAA/IFPI) clearly do not have the artists' best interests in mind, and it's ridiculous for them to pretend they do:

It’s expected, according to Rolling Stone, that the record labels will argue that these artists were “work for hire” and therefore not entitled to their rights back. Labels like to talk about the rights of artists until the artists’ interests conflict with their own. How will the IFPI spin this argument? We’ll see soon enough.

The real shame is that the EU politicians, who approved this, will never actually have to answer for their seizure of the public domain, and for the fact that they reneged on a deal which the public made with content creators with no compensation. Those who voted for copyright extension -- in the face of widespread evidence that it does nothing to help artists and plenty to hold back culture -- should be seriously ashamed. They've sold out the public, who they're supposed to represent.

Source

September 14, 2011

The operators of Usenet indexing site Newzbin2 have introduced measures to circumvent court-ordered web-blocking measures designed to render the site inoperable in the UK. Site staff aren’t revealing how the stand-alone software client works but some basic network packet analysis shows that it defeats ISP BT’s Cleanfeed censorship system by using a handful of techniques including encryption.

Following a complaint from the Motion Picture Association, earlier this year a judge at London’s High Court ordered leading UK ISP BT to block subscriber access to Usenet indexing site Newzbin2.

Although the blocking measures aren’t expected to be put in place until after mid-October, a breakdown in one of Newzbin2′s DNS servers during the last few days led to fears that it had been implemented early.

The fault was quickly fixed, and Newzbin2′s operators said the problem encouraged them to work harder on their promised anti-blocking solutions.

Today, TeamRDogs – the group behind the site – released Newzbin Client 1.0.0.127, the first public piece of software designed to circumvent BT’s Cleanfeed online censorship system, the tool which the MPA hopes can neutralize Newzbin2 in the UK.

“We are pleased to announce the first Newzbin2 client software,” said Newzbin2′s Mr White.

“This is targeted at UK users who are likely to get blocked in October. This first version is a bit rushed and so not very polished. As time goes by we shall improve it and add features.”

The software provides a basic web interface for the Newzbin2 site but while OSX and Linux versions are planned for the future, the client (which downloads in a 2.4mb installer) is currently only available for Windows users. So how does it work?

“We can’t say how our client application works but it uses a number of techniques to utterly defeat Cleanfeed,” said Mr White in an email.

“The application also has Agility Technology to break any updated web censorship methods or anti freedom countermeasures.”

Using network protocol analysis software, TorrentFreak ran some basic tests on the Newzbin2 client today which revealed that it does indeed defeat known features of Cleanfeed in a number of ways.

Initially the client tries to resolve the site’s domain name to an IP in the usual manner via DNS, but from there, and without going into too many details, an encrypted session is initiated between the client and the Newzbin2 site in a way that Cleanfeed won’t like, rendering blocking impractical and snooping more or less impossible.

As can be seen from the screenshot above, the client also provides some other features such as accessing the Newzbin2 website via the TOR anonymity network. Other useful links to online resources such as IMDb and common search engines are also provided.

The client is in the early stages of development and will need a few features updating if it wants to be near bulletproof. We’re sure Newzbin2′s Mr Violet, the guy who put in much of the work, has all that covered – and more.

Source

By Graeme McMillan
September 8, 2011

Potential teenage Matthew Brodericks, beware: In this era of LulzSec, DDoS attacks on BART and hacktivst group Anonymous telling NATO that the world doesn't belong to them anymore, the White House has decided that it's time to take hacking seriously, asking for tougher sentencing for those found guilty of cybercrime.

Speaking before the Senate Judiciary Committee, Associate Deputy Attorney General James Baker and Secret Service Deputy Special Agent in Charge Pablo Martinez explained that sentencing has failed to keep up with the growing seriousness of hacking, and that the administration is calling for the Computer Fraud and Abuse Act to be folded into the Racketeering Influenced and Corrupt Organizations Act.

The key to understanding the proposed changes is the new presumption that modern hackers are not acting alone. Martinez told the Committee that "Secret Service investigations have shown that complex and sophisticated electronic crimes are rarely perpetrated by a lone individual," adding that online criminals "organize in networks, often with defined roles for participants, in order to manage and perpetuate ongoing criminal enterprises dedicated to stealing commercial data and selling it for profit" (or, you know, just to cause chaos and show that they can hack into that place someone said they couldn't, but whatever). It's a narrative picked up by Baker, who went even further, saying that "[a]s computer technology has evolved, it has become a key tool of organized crime. Many of these criminal organizations are similarly tied to traditional Asian and Eastern European organized crime organizations."

In addition to reclassifying hacking as an organized crime activity, the White House's proposal seeks the creation of a national data breach standard, replacing whatever various state laws may be in place.

Source

September 12, 2011

A prominent lawyer involved in the ever-growing pay-up-or-else anti-filesharing schemes in the United States has been admonished and punished by a judge. Evan Stone had asked the whether he could contact ISPs in order to discover the identities of alleged file-sharers, but the court said he’d have to wait. Stone ignored the court but was ultimately found out, which resulted in him picking up a $10,000 fine.

Texas lawyer Evan Stone is one of the more colorful characters in the U.S. file-sharing settlement sphere.

The self-described programmer, filmmaker and musician, who when speaking of his pirate-chasing lifestyle says “I was born to do this shit,” is perhaps best known for his attacks on BitTorrent users sharing anime. But like many of his counterparts, Stone also dabbles in pornography.

Last year, Stone filed a suit in the U.S. District Court for the Northern District of Texas on behalf of Mick Haig Production, which targeted 670 BitTorrent users who allegedly shared the movie Der Gute Onkel. Now his behavior in the case has drawn the ire of District Court Judge David C. Godbey.

Earlier, Judge Godbey had denied Stone’s request to start sending subpoenas to the ISPs. Stone had wanted to start straight away on matching his collected IP addresses with real-life identities. Instead, Judge Godbey ordered the ISPs to store the information for a later date and the EFF were brought in to represent the interests of, by definition, the as-yet unnamed ‘Does’ in the suit.

But events had already taken a turn for the strange. Internet users started to receive letters from Stone requesting cash settlements, despite the fact that only their ISPs knew their identities and Stone had not yet been given permission to access the information.

Soon the situation became clear. According to the EFF, despite the Judge’s earlier refusal to allow the sending of subpoenas to ISPs, Stone had contacted them anyway. Without a court order, ISPs had been handing over information on their subscribers to Stone and he had been contacting them for cash settlements.

Then in January 2011, Stone and his client dismissed the entire case with prejudice, which brought it to a complete conclusion. Their justification was that there was no “meaningful opportunity to pursue justice in this matter” because there was “little chance of discovery in sight,” this, despite already receiving settlements.

The pair also took the opportunity to bemoan the EFF’s involvement in the case, describing them as a group “renowned for defending internet piracy.”

In court papers dated last Friday, District Court Judge David C. Godbey is scathing of Stone’s conduct.

“To say that the subpoenas imposed an undue burden on their targets fails to capture the gravity of Stone’s abdication of responsibility,” writes the Judge.

“Because Stone obtained information that he had no right to receive, the subpoenas falsity transformed the access of the Does’ information from a bona fide state-sanctioned inspection into private snooping.”

“The Court appointed the Ad Litems [EFF and Public Citizen] to argue whether Stone could send the subpoenas. Stone argued that the Court should allow him to – even though he had already done so – and eventually dismissed the case ostensibly because the Court was taking too long to make a decision,” Judge Godbey continues.

“All the while, Stone was receiving identifying information and communicating with some Does, likely about settlement. The Court rarely has encountered a more textbook example of conduct deserving of sanctions.”

But for this clear and gross misconduct, the Judge fine Stone a mere $10,000. Texas lawyer Robert Cashman, who defends individuals targeted by file-sharing lawsuits, says he’s not impressed by the amount.

“This seems like pennies to an attorney who is bringing in $2,500 per settlement at what he claims is a 45% settlement rate. Ten thousand dollars is merely the equivalent of FOUR settlements,” Cashman writes.

“With the hundreds of letters that went out, even if he is lying about the settlement rate, don’t you think he made at MANY TIMES that amount? Think about it. There is nothing punitive about this order.

“Assume Evan Stone merely sent out 100 letters and had only a 20% success rate at $2,500 per settlement. This alone amounts to $50,000. The Mick Haig Productions case had *670* defendants.

“In short, while $10,000 may be a lot to a starving attorney, my opinion is that the sanctions wouldn’t even cover the IRS’ federal income taxes Mick Haig Productions would pay on the settlements they received from this misstep,” Cashman concludes.

Source

Mike Masnick
September 12, 2011

from the taking-ice-up-a-notch dept

We've noted in the past that as with Homeland Security's questionable process of seizing domain names without an adversarial hearing, law enforcement in the UK wanted to be able to do the same thing. In fact, reports came out that the .uk registrar, Nominet, had already helped police seize thousands of sites, but mostly on a technicality involving false contact details. However, they're now taking it up a notch, with a new proposal that would let police demand that a domain be blocked without a court order.

While Nominet insists that this should be limited to cases where it was needed "to prevent serious and immediate consumer harm," as we've seen with ICE's domain seizures, law enforcement (at the urging of the entertainment industry) likes to claim "serious and immediate consumer harm" from things like blogs that promote music. It's not difficult to see how this amorphous standard would be widely abused. Nominet also claims that this would only be used for "serious crimes" -- but the list includes: fraud, prostitution, money laundering, blackmail and copyright infringement. Ah, yes, copyright infringement. Forget due process, the UK police will just start shutting down sites on the say-so of the entertainment industry -- the same industry that says that the Internet Archive is a pirate site.

Source

Mike Masnick
September 12, 2011

Former RIAA Lobbyist, Now Judge, Says Lowest Possible Statutory Damages For Single Case Of Infringement Is $3,430 - from the punishment-does-not-fit-the-crime dept

Remember Judge Beryl Howell? She's one of the only judges who's received one of these copyright troll cases involving hundreds, if not thousands, of totally unrelated John Does in a single case to refuse to sever the unrelated defendants (and bizarrely tried to claim it was to their benefit to be sued together). It only later came out that Howell was very recently an official lobbyist for the RIAA. At the very least, that calls into question her objectivity on copyright cases.

Anyway, late last week, Judge Howell also made an interesting ruling in one of US Copyright Group's cases, involving the movie Call of the Wild. Like her earlier ruling, this one will have many more copyright trolls filing cases in her district, hoping to get a judge so amenable to the arguments of copyright trolls. The ruling was a default judgment, meaning that the guy being sued simply did not respond to being sued (a dumb move). Of course, with a default judgment, the court still has some leeway in ordering what kind of award is given, and in this case, Judge Howell has apparently decided that the absolute minimum anyone could pay if found in default on a copyright case is not the $200 for innocent infringers, nor the $750 amount that is the official minimum listed in the law... but, rather $3,430, which is the $750 amount plus another $2,680 in lawyer's fees. That's a bit strange since it's not all that common to award attorney's fees in such cases, and considering that US Copyright Group is a factory of sorts, pumping out tons of these cases, and suing tens of thousands of individuals without much effort to ascertain the legitimacy of the lawsuits, it's difficult to see how it could have cost them that much at all.

Still, have no fear that this particular default judgment will be waved around by USCG and others in their shakedown letters to people who are being pressured into paying up.

Source

Peter Nowak
September 8, 2011

It's not just Internet users who are angry over their service providers' usage-based billing and throttling policies. The man in charge of developing the biggest video game franchise in the world is pretty steamed too.

Mark Rubin, executive producer at Infinity Ward, the studio behind the 'Call of Duty' series, says Internet service providers are holding back innovation with restrictive practices. Both usage-based billing, where customers receive monthly download limits, and throttling, where certain applications are slowed down, are proving to be obstacles to the games industry's advancement.

"We're trying to progress and move into those new areas of downloading content and full games and streaming live. We're pushing forward and it seems like they're going backwards," Rubin said in an interview at this past weekend's inaugural Call of Duty XP fan convention in Los Angeles.

"I don't know what they're afraid of that they have to do all this capping. If they have serious problems with bandwidth, they need to solve that because society is moving forward."

ISPs have recently come under fire for billing practices. In Canada, where subscribers are typically capped at about 50 or 60 gigabytes per month before extra charges kick in, the issue of usage-based billing has even attracted government attention. When regulators gave Bell Canada its blessing earlier this year to implement caps on wholesale ISPs such as Teksavvy, no less than Prime Minister Stephen Harper stepped in to say no way.

Throttling, meanwhile, has been making headlines for years, mostly from ISPs in Canada and the U.S. slowing file-sharing services such as BitTorrent. Rogers Communications recently irked gamers, however, when it was discovered that its throttling was extending over to the popular World of Warcraft online game. Gamers complained to the CRTC, which is now seeking answers.

Internet users say both measures are efforts to limit services that compete with ISPs' own video businesses. The companies, for their part, say caps and throttling are necessary to prevent congestion on their networks.

Despite the backlash over usage-based billing in Canada, U.S. Internet providers are also following suit by moving toward smaller monthly caps.

As Rubin said, these issues are a problem for game developers.

For the unitiated, 'Call of Duty' is one of the biggest entertainment concerns going. Since the first game's release in 2003, successive iterations on a variety of gaming systems have sold more than 100 million units, bringing publisher Activision Blizzard upward of $5 billion in revenue. At any minute of any given day, there are at least seven million people playing 'Call of Duty' games online.

The franchise has proven to be so popular, Activision has two studios alternating in producing games on an annual basis. Last year's 'Call of Duty: Black Ops,' produced by Treyarch (also based in California), earned more than $1 billion in its first month. This year's 'Call of Duty: Modern Warfare 3,' from Infinity Ward, will likely smash the records set just last year when it launches on Nov. 8.

At the fan event this past weekend, the company unveiled details of a new Elite service, a social network of sorts for hard-core fans. The free version will allow users to track their statistics in excrutiating detail while mobile apps for the iPhone and Android will let them tinker with game characters while on the bus ride home from school or work.

Elite's premium tier, which will cost $50 a year, will provide access to training videos and downloadable content such as new maps for the game's key multiplayer function. Film directors Tony and Ridley Scott and actors Jason Bateman and Will Arnett, all big fans of the game, will also produce videos for the service that revolve around the games.

For game makers such as Activision, this sort of shift to digital distribution and online revenue generation is vital because it nullifies two of their biggest issues: piracy of discs and the resale/rental business, from which they don't see a penny.

The ISP obstacles aren't just problematic for big publishers, Rubin said, they can also close the door on small independent game makers. These operations, of which there are many in both Canada and the United States, can only compete with the giants if they have easy access to digital distribution.

"The on-demand style of digital download is huge for those guys. They exist because we can do that," he said. "We don't have to worry about it for our title, but we worry about it for the industry. We grow as the industry grows so we want everyone's game to do well and be successful and push gaming further."

Ultimately, ISPs are going to have to bow in the face of societal forces, he added. The Canadian government's response earlier this year was just the tip of the iceberg.

"All that stuff is pushing on the boundary that they are trying to push back at and that's not going to work out," he said. "They're going to lose."

Source

By John Leyden
September 8, 2011

DNS redirection hack + forged digital certs = chaos

Analysis: Security watchers warn that hackers might be able to develop potent attacks that would be extremely hard to foil by combining DNS hacks of the kind that affected The Register and other high-profile websites over the weekend with DigiNotar-style forged digital certificates.

An attack on Domain Name System (DNS) service provider NetNames on Sunday affected scores of prominent websites, including those run by the Daily Telegraph, UPS, Acer, National Geographic, BetFair and Vodafone as well as El Reg. Surfers visiting the affected sites were redirected to a hacker holding page set up by Turkish hacker group Turkguvenligi.

Turkguvenligi pulled off the hack not by attacking the affected sites directly but by a SQL injection attack aimed at gaining access to NetNames systems. Once they had achieved access, the hackers placed counterfeit registry re-delegation orders through via NetNames' provisioning system. This meant that DNS records of affected sites were changed so that they pointed towards Turkguvenligi's page rather than at the legitimate sites.

The unauthorised changes were reversed and normality was restored over a matter of a few hours. NetNames disabled compromised accounts and bolstered the security of its systems to guard against future attacks.

Turkguvenligi launched a similar set of DNS redirection attacks against Korean websites and a Gary McKinnon support website back in August, as well as attacking vulnerability mitigation firm Secunia last year.

Ash Patel, country manager, UK & Ireland at security appliance firm Stonesoft, said that the DNS hack showed that organisations need to play close attention to the security policies of their suppliers. "It's not just the 'corporate' that needs to be concerned but all other businesses that serve such organisations," he said.

Mark James, technical manager at Eset, warned that although Turkguvenligi had only run the attacks to claim bragging rights, others might apply the same techniques to run cybercrime scams, such as particularly convincing phishing attacks.

"Whilst the attack seems to be 'harmless', the possible outcome could have been massively damaging if they had chosen to point to a 'look-a-like' site that requests user information," James said.

"SQL injection has been used for a long time and, in all honesty, shouldn’t be possible these days. The ability to direct unsuspecting users to fake websites could pave the way for massive amounts of abuse.

"These days, we expect to see phishing emails that 'look' like the real thing, but have masked addresses; however, if the end user types an address they know is correct, then they should be safe in the knowledge they are going to end up in the right place.”

Rik Ferguson, a security consultant at Trend Micro, warned that DNS redirection hacks might be combined with DigiNotar-style certificate breach to create especially sneaky attacks.

"Imagine a scenario where someone is able to modify DNS records for, say yourbank.com to a destination of their choice and at the same has got hold of fraudulent certificates to certify its identity," he explained. "Those two combined could spell real trouble and obviate the annoying need to get a 'man' in the middle."

The high-profile DNS attack last weekend coincides with the ongoing fallout from the DigiNotar breach. The two incidents collectively illustrate a worrying fragility in key systems that underpin the foundations of ecommerce transactions.

"Putting security solutions as add-ons to the infrastructure is not working," a security researcher at the Internet Storm Centre commented. "We need a fundamental rebuild of the security architecture we are using and we need it now."

Source

September 8, 2011

YouTube describes its Content-ID anti-piracy filter as a state-of-the-art technology, but those who look closely can see that in some cases it creates a huge mess. The system invites swindlers to claim copyright on other people’s videos and make money off them through ads. It automatically assigns thousands of videos to people who don’t hold the copyrights, and its take-down process appears to be hugely biased towards copyright holders.

In recent years Google and YouTube have gone to extremes to protect copyright holders. Perhaps the greatest achievement thus far is their state-of-the-art Content-ID system.

Content-ID allows rightsholders to upload the videos and music they own to a central ‘fingerprint’ database. YouTube will then scan their site for full or partial matches, and if there is a hit the copyright holder can automatically take it down, or decide to put their ads on it.

Although the above sounds like a fair and honest solution, not everything Content-ID does goes to plan. Of course some errors are expected when pioneering a new system, but the problems are more severe than that. Welcome to the world of YouTube swindlers, mass misattribution of copyrights and an unfair bias towards stubborn copyright holders.

One of the problems appears to be that people with bad intentions can claim copyright on videos they have nothing to do with, and even run ads on them. In the YouTube support forums there are hundreds of posts about this phenomenon, also summarized by the PRV blog recently.

Although some swindlers may indeed be around, most of the “misattribution” problems seem to be the result of screwups and technical limitations. A good example is the case of the Dutch game review site Gamer.nl, owned by the publishing platform Sanoma.

All Game Videos Are Belong to?

A quick Google search shows that the site has ‘claimed’ ownership of more than 10,000 YouTube videos, nearly all game related. However, most of the videos in question have nothing to do with the website. In fact, most are standard game trailers or fan made videos.

So what is going wrong here?

It appears that the Content-ID filter is automatically assigning these videos to Gamer.nl, because the clips produced by the review site also include snippets of trailers and in-game play. In other words, the Content-ID filter is set so broad that official game trailers are assigned to Gamer.nl because Gamer.nl uses footage from the trailers in its reviews.

As a result Gamer.nl is now collecting ad revenue on thousands of videos it has nothing to do with. And bear in mind that the above is just a single example, there are several similar examples which show that it’s a widespread issue.

TorrentFreak got in touch with Gamer.nl to hear their side of the story. They confirmed to us that in their case the videos are flagged by the system, not an actual person.

“Because our productions contain a lot of game footage, YouTube classifies videos with similar footage as infringing. Since this is an automated process we can’t do anything about it,” Gamer.nl’s Joost Wouterse said.

“Unfortunately the YouTube notice makes it look like we are actively flagging material as infringing, but this is not the case. We would never claim ownership on the game footage we use in our productions, but we do of course claim ownership on our full videos,” he added.

Wouterse understands that the confusion caused by the mass-takedowns is unfortunate, but at the same time he’s happy that the Content-ID system allows them to protect their own videos. The big question is of course, whether the thousands of videos that are assigned to them by mistake can simply be seen as collateral damage.

In response to this Wouterse said that YouTube users can file a counterclaim if they disagree with the removal of a video. But this isn’t as straightforward as it sounds.

Many users simply do not know whether they are allowed to post parts of a game trailer, or in-game material, and may think the claim from Gamer.nl is legit. Also, since YouTube threatens to ban the accounts of repeat infringers for life, they may not want to cause any trouble.

Bias Towards Copyright Holders?

Adding to the scare factor that might prevent people from complaining, YouTube’s Content-ID system also appears to hold an underreported bias towards copyright holder which sometimes makes bringing back content impossible.

Patrick McKay, candidate for Juris Doctor at Regent University School of Law and founder of FairUseTube.org, told TorrentFreak that there’s a systematic flaw in YouTube’s copyright enforcement system that needs to be addressed. A bias towards copyright holders which goes directly against U.S. law.

According to the DMCA, YouTube should make a video available again if a user disputes a claim from a copyright holder. The copyright holder then has to file a lawsuit to take the disputed video offline again. But this is not how YouTube works according to McKay.

“Under YouTube’s content ID system, the exact opposite is true. After a copyright holder rejects a Content ID dispute, that’s the end of it, and the user’s video is blocked without giving them further recourse under either copyright system—Content ID or DMCA,” he explained to TorrentFreak.

“Content ID thus gives the copyright holder sole authority to decide whether a video is fair use (and most copyright holders will never agree something is fair use), which is completely unfair to users, and ends up trampling fair use rights.”

McKay, who experienced the problem first hand, believes that YouTube needs to address this systematic bias towards copyright holders.

The issues outlined above illustrate that YouTube’s copyright enforcement system and Content-ID filter are not the solid machines they claim to be. Not for regular users at least. Although it’s understandable that mistakes are made when millions of videos are added every month, YouTube should work on getting the basics right.

Don’t let the war on pirates ruin the fun for everyone.

Source

By Nate Anderson
September 8, 2011

Over the last few weeks, some California federal judges have been hammering the lawyers bringing mass file-sharing lawsuits. Add Magistrate Judge Bernard Zimmerman to that list.

Last year, On the Cheap LLC sued 5,011 alleged pirates of its porn film Danielle Staub Raw. Zimmerman this week threw out 5,010 of the anonymous defendants. "No courtroom in the building can hold over 200 people, let alone 5,000," he wrote in his order. Even if it could, everyone would have different lawyers, different issues of fact, different defenses—in short, it would be a total nightmare for the efficient dispensation of justice.

Of course, this assumes the plaintiffs in the case want to go to trial against anyone. Judge Zimmerman strongly suspects that they do not. He ordered the plaintiffs to provide him detailed information on their settlement activities, but his order appears to have been ignored by On the Cheap. In a potent piece of footnoting to his new severance order, Zimmerman attacked the company:

The Court's concerns are heightened by plaintiff's refusal to file under seal a copy of its settlement letter and related information about its settlement practices. The film sells for $19.95 on plaintiff's website. According to public reports, plaintiffs in other BitTorrent cases, rather than prosecuting their lawsuits after learning the identities of Does, are demanding thousands of dollars from each Doe defendant in settlement. If all this is correct, it raises questions of whether this film was produced for commercial purposes or for purposes of generating litigation and settlements.

Put another way, Article 1, section 8 of the Constitution authorizes Congress to enact copyright laws "to promote the Progress of Science and useful Arts." If all the concerns about these mass Doe lawsuits are true, it appears that the copyright laws are being used as part of a massive collection scheme and not to promote useful arts.

Adding to the judge's suspicions, On the Cheap hasn't actually served any of the anonymous defendants in the case. ("Eleven months after the complaint was filed, not a single Does [sic] has been served," he wrote, and then denied a motion to extend the service time even longer.)

The judge makes clear that he "does not condone copyright infringement." And he likes settlements, which lead to mutual resolution of legal disputes and clear the court's calendar. But none of this justifies "perverting the joinder rules first to create the management and logistical problems discussed above and then offer to settle with Does defendants so they can avoid digging themselves out of the morass plaintiff is creating."

Ice burn!? Not exactly. Before Zimmerman shredded the case, On the Cheap was allowed to subpoena Internet providers and obtain the names of subscribers whose accounts may have been used to access Ms. Staub in the "raw." On the Cheap has already settled with at least 70 of them. Assuming an average settlement of $2,000, that's $140,000 in cash.

On the Cheap has to notify all 5,010 severed defendants by first-class mail about the new ruling, which should put an end to new settlements, but the company (and its lawyers) get to keep the cash they've picked up so far.

Source

Lindsey Pinto
September 3, 2011

The news of the day at the CRTC is that nothing has changed—a decision was made to keep Internet billing practices as-is in all Canadian markets. Billing transparency rules will apply to the 20% of markets that the CRTC recognizes as uncompetitive, and the other 80% will rely solely on competitive checks.

That's right, the CRTC's view is that the vast majority of Canada has enough ISP competition to ensure that Canadians won't be blindsided by Big Telecom. The pro-Internet community—and this is an understatement—disagrees. The interesting thing is that some Commissioners disagree as well.

Of particular interest in this otherwise annoyingly usual decision were the opinions of the dissenting commissioners, Suzanne Lamarre and Michel Morin. The latter argued that this policy leaves most Canadians with no assurance that they will get the transparency they deserve from the companies charging them to communicate, and little basis by which to decide between providers based on their monthly bills.

"Why," Morin asked, "is the Commission refusing to give Canadian consumers a lasting guarantee that they will always be correctly informed..?"

Lamarre's statement went further. Her goal for Canada includes allowing competitive forces to replace regulation, but she acknowledges that those forces do not yet exist. In an impassioned statement uncharacteristic of of the CRTC, she writes:

The regulatory measure does not aim to protect a vague and heterogeneous group of consumers, but is meant to protect each individual consumer, who has to make decisions that affect him or her personally, based on his or her own needs, expectations, and financial circumstances. It is crucial not to underestimate the importance of the decisions that consumers have to make, both financially and strategically, when choosing a provider and/or a service package – in that order or vice-versa. Telecommunications are becoming more and more important in our private lives, as well as for achievement in our education and careers. The Commission must therefore ensure that conditions that enable consumers to make fully informed and educated decisions at all times are not only implemented, but also maintained. This is what fosters reliance on market forces.

To me, your humble OpenMedia.ca communications manager, these opinions represent the beginning of a growth in the CRTC's understanding of the public interest, and will to rule in favour of citizens rather than industry giants. As the November deadline for the CRTC to decide on usage-based billing (Internet metering) draws nearer, we maintain hope that the CRTC is slowly becoming a pro-Internet regulator, and that Commissioners will finally make the decision to stop the meter.

Source

September 5, 2011

Last month a lawyer was ordered by a judge to reveal how much money he has received from threatening to sue alleged BitTorrent users. The lawyer, Ira M. Siegel, missed the court’s deadline and even then failed to answer fully as required. After describing the EFF as a group wanting “freedom from the tyranny of having to pay for content,” his eventual response began with a surprising attack on an anti-copyright troll blogger.

While there are countless lawsuits being filed in the U.S. targeting alleged BitTorrent users, at the moment On The Cheap, LLC vs Does 1-5011 is generating particular interest.

The case is one of the porn-based BitTorrent lawsuits filed late last year by Ira M. Siegel using evidence from the Copyright Enforcement Group, ostensibly to ‘protect’ the work entitled Danielle Staub Raw – a sex tape featuring reality show star Danielle Staub.

The case, filed in the northern district of California, has piqued the judge’s attention on several fronts, no doubt in part due to the involvement of the EFF.

At a hearing late August, Judge Bernard Zimmerman expressed unhappiness with the lack of progress in the case, as well as the possibility that the case is really just a fishing scheme to get money. Siegel took umbrage at the suggestion, and went on to lambast the EFF as wanting “freedom from the tyranny of having to pay for content.”

The jurisdiction issue was another sticking point. Judge Zimmerman had trouble with Siegel’s claims that being in a BitTorrent swarm subjects people to nationwide jurisdiction. There was also concern stemming from the Plaintiff and the lawyer being based in southern California, while filing in northern California.

At the end of the hearing the Judge made an order requiring the presentation of several items of information including details of any settlements paid (the previous week Siegel had dismissed 68 defendants with prejudice, indicating a settlement), copies of all settlement demands sent out, details of the distribution of the work, and the hiring of the Copyright Enforcement Group.

Zimmerman’s concern; that courts are being used as collections agencies.

The response to this motion was due by the end of August but not only did Siegel miss the deadline by filing late, he failed to respond as required, and refused outright to reveal how much he has received in settlements. Furthermore, he began his lengthy response with a surprising attack on blogger Sophisticated Jane Doe, a defendant from another case who posts on the FightCopyrightTrolls.com blog.

Sophisticated Jane Doe has been covering developments in the current case and Siegel is clearly unhappy with that. He describes Jane Doe as someone “who wants to see roadblocks in the way of copyright enforcement” and takes issue with ‘her’ (Siegel points out that sex should not be taken for granted) use of terms and phrases such as “Troll”, “he extorted”, “most sinister” and references to “shameless” honeypot schemes.

“This is brought to the Court’s attention because it further illustrates that with which we are dealing: people pirating copyrighted works and otherwise engaging in tortious activity behind what they hope is the shield of anonymous IP addresses and the hurdles and expenses to which a copyright owner must go to uncover their identities,” Siegel writes.

Ironically, while Siegel criticizes FightCopyrightTrolls for having an anonymous WHOIS protected domain, Copyright Enforcement Group, the company Siegel works with in these cases, protects its domain in exactly the same manner.

Despite the attack, Sophisticated Jane Doe is pleased with the attention.

“Have you ever heard about [the] Streisand Effect, Mr. Siegel? The sole reason of my fight is to make sure my (and other victims’) side of the story is heard by judges, not to influence them, but to make sure their decisions are fair and balanced,” she writes in response.

“Now I have a huge helping hand from the least expected player: a troll! Thank you Mr. Siegel! Given the significance of this help, I even forgive you for the veiled threats you’ve extended towards me. I’m immune against threats, you should have known it if you read this blog carefully.”

Interestingly, according to Robert Cashman, a Texas lawyer defending dozens of individuals affected by these mass BitTorrent lawsuits, the late filing of a response in the case may have been deliberate.

“The question I keep asking myself is 1) was the late submission of a reply a purposeful attempt by Ira Siegel to give Judge Zimmerman a pretext to dismiss the case on grounds such as failing to properly respond?

“And, 2) would Siegel be willing to throw this case and risk it being dismissed in order to shield from the court how much money his client has made from settlements?” Cashman writes.

“In sum, there is a lot that is going on in these cases, and some days it feels more like drama, deception, and posturing rather than discussing the case on its merits. Judge Zimmerman appears to be trying to remedy this,” notes Cashman.

“While we will now wait and see if and how Judge Zimmerman responds to what he will no doubt see as blatant disregard to his order, I expect that Siegel’s latest move will result in a dismissal of his case. Perhaps it will even create some ripples in his other cases as well,” Cashman concludes.

Source

September 7, 2011

New copyright laws came into force last week.

The volume of New Zealand's internet traffic has fallen since the introduction of new copyright laws Thursday, the New Zealand Herald reported, citing an unnamed source.

The new law requires internet companies to issue three warning notices to customers suspected of illegally downloading copyright content. Following the third notice, the rights holders can bring a case against the customer before the Copyright Tribunal.

The Herald reports the unnamed employee, from one of the country's largest internet companies, said demand for international traffic had dropped sharply since the new antipiracy rules came into force.

Click here to find out more!The New Zealand Herald added that Orcon chief executive Scott Bartlett said he had also seen a change in traffic volume with the amount of international peer-to-peer traffic travelling over the company's network down around 10%.

Source

Michael Geist
September 03, 2011

Copyright, U.S. lobbying, and the stunning backroom Canadian response gets front page news treatment today as the Toronto Star runs my story on new revelations on copyright from the U.S. cables released by Wikileaks. The cables reveal that former Industry Minister Maxime Bernier raised the possibility of leaking the copyright bill to U.S. officials before it was to be tabled it in the House of Commons, former Industry Minister Tony Clement’s director of policy Zoe Addington encouraged the U.S. to pressure Canada by elevating it on a piracy watch list, Privy Council Office official Ailish Johnson disclosed the content of ministerial mandate letters, and former RCMP national coordinator for intellectual property crime Andris Zarins advised the U.S. that the government was working on a separate intellectual property enforcement bill.

The disclosures are particularly relevant since Parliament is set to resume in several weeks with the reintroduction of a copyright reform bill slated to be one of the government’s top priorities. The bill is expected to mirror Bill C-32, the previous copyright package that died with the election in the spring.

That bill garnered some praise for striking a balance on difficult issues such as fair dealing, damages, and the liability of Internet providers. However, its approach to digital locks - which are used to control access to DVDs, CDs, and electronic books - was roundly criticized by consumer, education, and technology groups since it effectively ensured that inclusion of a digital lock trumps consumer and fair dealing rights. The bill’s digital lock rules largely mirrored those found in the United States.

The Canadian approach is difficult to understand if viewed solely from a policy or legal perspective. As a policy matter, concerns over digital locks was the top issue raised during the 2009 copyright consultation as well as in the hundreds of submissions to the Bill C-32 legislative committee. From a legal perspective, countries such as Switzerland and New Zealand have adopted a far more balanced approach, demonstrating that protection for digital locks need not eviscerate consumer rights.

The rationale appears to lie not in law or policy, but in politics. While U.S. pressure on Canadian copyright is nothing new, secret U.S. government cables demonstrate not only a massive behind-the-scenes lobbying effort to promote U.S.-style laws in Canada, but also a shocking willingness by senior Canadian officials to cave to the pressure.

Several Wikileaks cables released earlier this year chronicle the sustained U.S. lobbying effort on copyright. In a June 2005 cable, the U.S. talks about the "need to engage the legislative branch as well as relevant departments", proposes creating a bi-lateral working group, and offers to conduct training sessions for Canadian officials. A June 2006 cable discusses meetings with Bernier and then-Canadian Heritage Minister Bev Oda. A March 2007 cable reports on repeated meetings and attempts to elevate the issue as a top priority.

The cables also discuss a joint strategy with Canadian copyright lobby groups to allow for a "good cop, bad cop" approach, with the lobby groups using U.S. pressure “as a signal to the Government of Canada that they are willing to be ‘more reasonable than the Americans’.”

In the face of sustained pressure, Canadian officials regularly assure the U.S. that reforms are on the way. The cables include confirmation that Prime Minister Harper personally promised then-U.S. President George Bush at the 2008 Security and Prosperity Partnership summit in Montebello, Quebec that Canada would pass copyright legislation.

Canadian action extends beyond repeated promises to act, however. An 2006 confidential cable recounts a meeting between Bernier and then-U.S. ambassador David Wilkins. The cable states that Bernier "promised to keep the Ambassador informed on the copyright bill’s progress, and indicated that US government officials might see the legislation after it is approved by Cabinet, but before it is introduced in Parliament."

While Bernier never had the chance to leak the bill - he was shuffled to the Foreign Affairs portfolio before it was tabled - other officials did provide the U.S. with confidential information. A 2007 cable reveals that Ailish Johnson, an official at the Privy Council Office, told U.S. officials "the mandate letters from the Prime Minister to the incoming Ministers of Industry [Prentice] and Canadian Heritage [Verner] charged both Ministers with introducing a copyright reform bill before the end of the year." The content of Ministerial mandate letters is not public.

Given its insider access, the U.S. appears to be aware of legislative initiatives before almost anyone else. Another previously unreleased confidential 2009 cable discusses Canadian plans for an intellectual property enforcement bill separate from the copyright reform bill. The cable states "the government has completed legislation to enhance Canada’s IPR enforcement measures. However, the government has no plans to introduce the bill in Parliament any time soon because no funding was linked to the legislation in the last budget."The government has never confirmed nor discussed the existence of such a bill.

The U.S. source for this information appears to be Andris Zarins, the RCMP's former national coordinator for intellectual property crime. A confidential 2007 cable reveals that Zarins told U.S. embassy officials that the government was drafting legislation to grant customs officers new seizure powers for counterfeit products and that it planned to create a new national intellectual property crime coordination office. Zarins also revealed forthcoming changes to proceeds of crime rules in copyright cases, which were amended in 2009 as he predicted.

The 2009 cable also raises questions about the copyright consultation that year and Canadian encouragement of the U.S. pressure.  The cable reports that Zoe Addington, Clement’s former director of policy, said the consultations would be used "as an opportunity to educate consumers and ‘sell’ the Government view."

Moreover, Addington encouraged the U.S. intensify its lobbying efforts, stating "if Canada is elevated to the Special 301 Priority Watch List (PWL), it would not hamper - and might even help - the Government of Canada’s ability to enact copyright legislation."Days later, Canada was elevated on the Watch list.

The cables paint a discouraging picture of U.S. lobbying resulting in privileged insider access to government plans with Canadian officials eager to satisfy U.S. demands. Those efforts likely led to Bill C-32’s digital lock rules, which seemingly had far more to do with U.S. pressure than Canadian policy.

While the Canadian government will undoubtedly claim that its forthcoming bill reflects a made-in-Canada approach, even the U.S. is not so easily fooled. A 2007 cable recounts an Oda press conference in which she told the media that a new anti-camcording bill was an independent policy change that was not the result of lobbying pressure from the U.S.  The cable calls her response "disingenuous.”

Source

By Dan Goodin
September 3, 2011

Game over for DigiNotar and its PKIoverheid fiefdom

The network breach in July that forged a near-perfect replica of a Google.com credential minted more than 200 other SSL certificates for more than 20 different domains, a top manager for Mozilla's Firefox browser said.

In stern rebuke of substandard practices at Netherlands-based certificate authority DigiNotar, Director of Firefox Engineering Johnathan Nightingale recited a litany of failures that put entire internet populations at risk. Bad enough was DigiNotar's inability to accurately account for the certificates it issued, and its six-week delay in warning Mozilla of fraudulent certificates detected in mid July, one of which spoofed the sensitive https://addons.mozilla.org site.

Worse yet was the determination that DigiNotar's lapses resulted in “multiple reports of these certificates being used in the wild.”

“The integrity of the SSL system cannot be maintained in secrecy,” Nightingale wrote in the first, and long-overdue, reprimand of DigiNotar. “Incidents like this one demonstrate the need for active, immediate and and comprehensive communication between CAs and software vendors to keep our collective users safe online.”

Nightingale went on to confirm what El Reg reported earlier today: that Mozilla was updating its software to permanently distrust two DigiNotar certificates formally adopted by the Dutch authorities for official government business. Previously, Mozilla, Google and possibly Microsoft excepted DigiNotar-signed PKIoverheid certificates from their ban after being assured by the Dutch officials they weren't compromised during the security breach DigiNotar detected on July 19.

“The Dutch government has since audited DigiNotar's performance and rescinded this assessment,” Nightingale wrote. “We are now removing the exemption for these certificates, meaning that all DigiNotar certificates will be untrusted by Mozilla products. We understand that other browser vendors are making similar changes.”

Around the same time Nightingale issued his statement, Google released a new version of its Chrome browser that also adds all DigiNotar certificates to a permanent block list.

Representatives with Microsoft have repeatedly declined to answer questions for the past 36 hours. Google officials have confirmed that preparations are under way to block the additional certificates but said discussions are still underway about whether they will follow suit.

Nightingale's update coincided with a bare-bones report from a Dutch news service that said Netherlands Interior Minister Piet Hein Donner gave a press conference in the early hours of Saturday in which he announced plans to “hand over control of internet security to a different firm.”

DigiNotar is a wholly owned subsidiary of Vasco Data Security, an Illinois-based provider of two-factor authentication products and services. The company has barely uttered a peep since the fraudulent certificates first surfaced six days ago.

Source

James Firth
August 30, 2011

Reasons for further delays to the Initial Obligations Code (IOC) - legislation which details exactly how the online copyright clamp-down under the Digital Economy Act will operate - were revealed in a document leaked online nearly a month ago, but very few seem to have noticed the leak (and I've been busy with a new arrival)!

I previously reported that further delays could be expected to the UK's 3-strikes anti-filesharing laws when I noticed only one of two remaining pieces of legislation arrived at the EC this month.

Leaked documents; or rather, sections redacted in previously-released official documents; now reveal at least one reason for further delays to the IOC is because the Government made a direct request to Ofcom that it should make it harder for people accused of copyright infringement to appeal the accusation.

The request comes under the guise of reducing costs of the scheme; however costs should not be of concern to government as the entire cost of running the measures are due to be met by copyright owners and, to a much lesser extent, by ISPs.

The request to narrow the grounds for appeal comes on top of the announcement at the start of this month that those wishing to appeal will have to pay an appeals fee before an appeal can be heard, renewing concerns from consumer groups that those on a low income will be denied access to justice.

No more public consultations, chilling effects on open public WiFi

In a further blow to public confidence in the Digital Economy Act, sources indicate the changes will be made without further public consultation, and rushed to Brussels by the end of September.

Public consultation is now essential, due to the importance of ensuring the appeals process remains fair, robust and lawful under relevant sections of the Digital Economy Act.

The appeals process is critical to an individual's right to due process under law, because accusations of copyright infringement will be made solely on evidence gathered by groups working directly for copyright owners.  The appeals process is the first time those accused of copyright infringement have a chance to examine the evidence against them and have their side heard by an independent body.

Consultation is also overdue because of changes I'm told are in the latest update of the IOC to protect those who offer open internet access in light of a lobbying campaign by schools, colleges and libraries.

I'm hopeful that all bodies who offer open internet access will be protected after comments made by Justice Kenneth Parker [paragraphs 235-240] concerning potentially "chilling effects" on free an open public WiFi during a judicial review of the Act.

Section 13(6)(b) of the Digital Economy Act means those who do not take "reasonable steps to prevent other persons infringing copyright" (i.e. closing-down all open WiFi) will not be able to appeal any accusations of copyright infringement made made against them.  This for me is one of the most contentious areas of the Act, as it - despite protestations from government - effectively introduces vicarious liability of the ISP subscriber for activity occurring on their internet connection; even if they had no knowledge.

Leaks and redaction of recommendations

A tipster reported Twitter account @ThemisProject to this blog, whose tweet dated 3rd August provides a link to what appears to be an unredacted copy of the Ofcom report.  Authenticity of the leaked report cannot be verified at this stage, but the content appears genuine as it closely matches what other previously-reliable sources have told me.

I recently had a Freedom of Information request for an unredacted copy of this document refused.  It's not clear at this stage whether the document published on Twitter entered the public domain via a leak or a flawed redaction technique.

Sources indicate that the IOC is being redrafted in line with the recommendations in this report.

Comparing the official (redacted) document to the leak reveals The Government has asked Ofcom to remove a catch-all in the appeals process which allowed appeals to be made on "any other reasonable ground."

This catch-all was previously thought necessary, as the list of grounds for appeal was "non-exhaustive" and may need updating as technology evolves.  Justice for internet subscribers is now dependent on Ofcom coming back with an exhaustive list of appeal grounds in the redrafted IOC; and, keeping this list up-to-date as technology evolves (and, presumably, updating the legislation in Parliament and notifying each update to the EC).

Ruling-out a public consultation makes it more likely that grounds will be overlooked.

It's worth stressing again that the government appears to have asked for this change; this approach is not the approach first recommended by Ofcom.

Also revealed in the redacted sections is that a scheme to help improve the accuracy of infringement accusations by requiring ISPs sign-up to a Quality Assurance process to ensure accuracy of IP address matching will not be mandatory.  Note also the equivalent Quality Assurance process copyright holders are required to sign up to is centred around self certification, with no obvious checks and balances.  It's hard to see how voluntary/self-certification processes will do anything to improve the accuracy of accusations of copyright infringement.

Source

By Richard Chirgwin
August 31, 2011

Pope turns out to be Catholic

A second cable discussing the “world+dog vs. iiNet” court case has emerged on Wikileaks, confirming the widespread suspicion in Australia that Hollywood was behind both the action and the choice of target.

Running just slightly ahead of the last one, this cable was actually classified (“Confidential”, the lowest tier in US secrecy classifications); and of interest is its confirmation that the “prime mover” in the case was the Motion Picture Association of America.

The cable, attributed to US ambassador to Australia at the time Robert McCallum, states that “despite the lead role of AFACT … this is an MPAA / American studios production.”

However, the MPAA and its international operation (the Motion Picture Association, dropping the second “A” into the discard pile) lacked any Australian presence, so AFACT filed the case as “MPAA’s Australian subcontractor”. The cable reports that the MPAA also wanted to avoid any perception that this action was just “Hollywood ‘bullying some poor little Australian ISP’.”

A scan of headlines from the time shows how unsuccessful this exercise in perception management turned out to be: Australian news outlets have identified AFACT as acting on behalf of Hollywood since 2009.

Moreover, the cable confirms what iiNet and others have long suspected: Hollywood’s choice of target reflected iiNet’s Goldilocks status. iiNet was just right: Telstra is large, loud, litigious, and possessed of significant lobbying experience; too small a target, and the case risked inviting the “bullying” perception that the MPAA was keen to avoid.

And why Australia? The cable cites Mike Ellis, president of the MPA’s Asia Pacific operation, as saying that the case would be “closely followed” in other Commonwealth countries – in effect, the MPA and MPAA was hoping that a precedent in Australia would serve as a lever to use on other Commonwealth countries.

“We will watch this case as it unfolds”, the cable says, “for its IPR implications and also to see whether or not the ‘AFACT vs. the local ISP’ featured attraction spawns a ‘giant American bullies vs. little Aussie battlers’ sequel.”

Source

August 31, 2011

DULLES, VA - (Marketwire) - More than five million domain names were added to the Internet in the second quarter of 2011, bringing the total number of registered domain names to more than 215 million worldwide across all domains, according to the latest Domain Name Industry Brief, published by VeriSign, Inc. (NASDAQ: VRSN), the trusted provider of Internet infrastructure services for the networked world.

The increase of 5.2 million domain names marks a growth rate of 2.5 percent over the first quarter. Registrations have grown by more than 16.9 million, or 8.6 percent, since the second quarter of 2010.

The .com and .net Top Level Domains (TLDs) experienced aggregate growth, surpassing a combined total of 110 million names in the second quarter of 2011. This represents a 1.8 percent increase in the base over the first quarter of 2011 and an 8.3 percent increase over the same quarter in 2010. New.com and.net registrations totaled 8.1 million during the quarter. This reflects a 2.0 percent increase year over year in new registrations.

The top TLDs in terms of registrations remained largely unchanged between Q1 and Q2. The only change in the order was .cn (China) moving up one slot to become the world's eighth largest TLD, and .eu (European Union) dropping one slot to become ninth largest. Taken together, country-code TLDs (ccTLDs) worldwide added a total of 2.9 million names in the second quarter.

Verisign's average daily Domain Name System (DNS) query load during the quarter was 56 billion, with a peak of 68 billion. Compared to the previous quarter, the daily average declined 1 percent and the peak grew 1 percent.

Domain Brief Spotlights Small Businesses, New gTLDs

The latest issue of the Domain Name Industry Brief also focuses on some of the unique cybersecurity challenges facing small and mid-sized businesses (SMBs), and some of the solutions that are available to those companies. In addition, it contains an update on the Internet Corporation for Assigned Names and Numbers (ICANN) plan to introduce new generic TLDs (gTLDs).

The SMB section of the Domain Name Industry Brief focuses on how cybersecurity efforts in small and mid-sized businesses have failed to keep pace with rising threats against those very companies. As larger enterprises improve their defenses and make cybersecurity a larger priority, SMBs have become even more attractive to cyber-criminals looking for easy, and profitable, targets.

The brief outlines a combination of common sense security procedures and smart investments in security technology and services that can help SMBs protect themselves and their customers.

On the new gTLD front, the brief touches on ICANN's decision to approve the creation of potentially hundreds of new gTLDs in the near future, and discusses what that means for potential applicants, brand owners, domain name registrants and ordinary Internet users worldwide.

Verisign publishes the Domain Name Industry Brief to provide Internet users throughout the world with significant statistical and analytical research and data on the domain name industry and the Internet as a whole. Copies of the 2011 second quarter Domain Name Industry Brief, as well as previous reports, can be obtained at: www.verisigninc.com/DNIB.

Source

August 29, 2011

It may surprise bookworms, but apparently masterpieces such as Jane Eyre are lacking a certain something – sound effects.

An electronic-book firm is adding background noises and music to the works of Charlotte Bronte, Sir Arthur Conan Doyle and William Shake- speare in the hope of attracting younger readers.

In one example, a description of rain lashing against a window in a Sherlock Holmes story will be ‘enhanced’ with matching noises.

The Booktrack releases are available to iPad users, with other tablet computer versions to follow.

The concept is already in use in the U.S., where the classics come with added sound effects.

Readers for example can hear the china cups chinking in Mr Darcy's garden as they read Pride And Prejudice.

A story by Booker Prize winner Salman Rushdie will be released later in the year with a specially crafted orchestral score.

Rushdie's story In The South will be released with a soundtrack provided by the New Zealand Symphony Orchestra.

There is huge support for the development which is hoped will spark young people's interest in literature.

The Power Of Six by Pittacus Lore, a novel for young adults, is one of the first to be trialled with a soundtrack which builds in suspense in keeping with the plot.

It has been created by Booktrack which synchronises music to each novel. It is funded by Peter Thiel, a co-founder of PayPal.

It works by timing the speed of each reader and the software measures the 'turning' of a page and moves the music or sounds along accordingly.

Mr Thiel said: 'It's always exciting to witness the creation of a new form of media. The technology promises to captivate readers in a way that will seem intuitive in hindsight.'

However they have been greeted with horror by traditionalists, who say the technology takes away the pleasure of having one’s imagination stimulated by a story.

They also raise the prospect of having to ask an overly eager reader to turn their book down.

David Nicholls, whose bestseller One Day was recently turned into a film starring Anne Hathaway, said: ‘This sounds like the opposite of reading. It would be a distraction.’

Source

August 29, 2011

The Pirate Bay founders have launched a new file-sharing platform today. After leaving the world famous torrent site, two of the original founders are now back with a one-click file-hosting service called Bayfiles. Although Hollywood wont be cheering them on, unlike The Pirate Bay the new service is dedicated to respecting copyrights while offering its users a great platform to store and share files.

In the fall of 2003, a group of friends from Sweden decided to launch a BitTorrent tracker named ‘The Pirate Bay’.

In the years that followed the BitTorrent site made history as it grew to become one of the most recognized brands on the Internet.

At a time where cyberlockers are quickly catching up with BitTorrent as the preferred way to share files online, today the founders of The Pirate Bay launch a brand new file-sharing venture called Bayfiles. One of the main reasons for this move is to provide users with a more reliable option for sharing and storing files.

“BitTorrent is increasingly throttled or even filtered by ISPs, HTTP usually is not,” Bayfiles co-founder Fredrik Neij tells TorrentFreak.

“Storage and transfers on Bayfiles also preserve users’ privacy. And another advantage is that users can be sure that content stays up, which is important for personal backups. It also guarantees that other personal files such as your MP3 collection are always accessible, so users are able to stream it live to any device,” Fredrik says.

Bayfiles works similarly to other one-click-hosting services such as Megaupload, RapidShare and Hotfile. With just a single click, users can upload files to the Bayfiles server, and then easily share them with the online public. The site itself offers no search functionality or file directory to find content that other people have uploaded.

A novelty, compared to The Pirate Bay, is that Bayfiles will respect the DMCA and accept copyright infringement notices. The terms of service clearly state that content that “violates third-party copyrights” is not permitted to be uploaded. It further states that repeat infringers will have their account disabled “regardless of proof of infringement.”

How strictly the above policy will be enforced is yet to be seen, but co-founder Fredrik Neij told TorrentFreak that their Hong Kong based company Bayfiles Limited has officially registered DMCA agents. After all the trouble they had to go through in court for The Pirate Bay, Fredrik and former Pirate Bay spokesman Peter Sunde want to avoid running into more trouble with their new venture.

Looking forward, Neij told TorrentFreak that Bayfiles will be much more than just a simple cyberlocker. There are ideas to expand it into a more feature rich cloud hosting service comparable to the likes of Dropbox. As with The Pirate Bay, the ultimate goal is to make sharing both effortless and efficient.

As for the features, unregistered users can share files up to 250MB, regular members have a limit of 500MB and premium members can upload files as large as 5GB with unlimited storage. The premium accounts do come at a price, 5 euros per month or 45 euros for a full year. Unlike other cyberlockers, Bayfiles does not offer a reward program where uploaders of popular content can be paid for their services.

In the past The Pirate Bay founders have launched many side-projects, with varying success. None of these projects ever rivalled the popularity of The Pirate Bay, but if one site can outgrow the famous BitTorrent site in terms of users, it certainly is Bayfiles.

The popularity of cyberlockers has increased exponentially in recent years. Just a few days ago we reported that 8 of the 10 largest English language file-sharing sites are related to cyberlockers, each with hundreds of millions of pageviews a month. It is not unthinkable that Bayfiles will join this list in the future.

In terms of copyright law, Bayfiles is a perfectly legal operation as long as the site doesn’t encourage or promote copyright infringement. Previously a U.S. federal court ruled that RapidShare, a competing file-hosting service, is not liable for any copyright infringements its users may commit.

That said, we doubt whether Hollywood will be happy with this new venture from a team of people who’ve been their arch rivals for more than half a decade. Exciting times ahead.

Source