Everything Computers!

By Nate Anderson
November 29, 2011

After a series of one-sided hearings, luxury goods maker Chanel has won recent court orders against hundreds of websites trafficking in counterfeit luxury goods. A federal judge in Nevada has agreed that Chanel can seize the domain names in question and transfer them all to US-based registrar GoDaddy. The judge also ordered "all Internet search engines" and "all social media websites"—explicitly naming Facebook, Twitter, Google+, Bing, Yahoo, and Google—to "de-index" the domain names and to remove them from any search results.

The case has been a remarkable one. Concerned about counterfeiting, Chanel has filed a joint suit in Nevada against nearly 700 domain names that appear to have nothing in common. When Chanel finds more names, it simply uses the same case and files new requests for more seizures. (A recent November 14 order went after an additional 228 sites; none had a chance to contest the request until after it was approved and the names had been seized.)

How were the sites investigated? For the most recent batch of names, Chanel hired a Nevada investigator to order from three of the 228 sites in question. When the orders arrived, they were reviewed by a Chanel official and declared counterfeit. The other 225 sites were seized based on a Chanel anti-counterfeiting specialist browsing the Web.

That was good enough for Judge Kent Dawson to order the names seized and transferred to GoDaddy, where they would all redirect to a page serving notice of the seizure. In addition, a total ban on search engine indexing was ordered, one which neither Bing nor Google appears to have complied with yet.

Missing from the ruling is any discussion of the Internet's global nature; the judge shows no awareness that the domains in question might not even be registered in this country, for instance, and his ban on search engine and social media indexing apparently extends to the entire world. (And, when applied to US-based companies like Twitter, apparently compels them to censor the links globally rather than only when accessed by people in the US.) Indeed, a cursory search through the list of offending domains turns up poshmoda.ws, a site registered in Germany. The German registrar has not yet complied with the US court order, though most other domain names on the list are .com or .net names and have been seized.

The US government has made similar domain name seizures through Operation In Our Sites, grabbing US-based domains that end in .com and .net even when the sites are located abroad. Such moves by themselves would seem to do little to stop piracy in the long-term; they simply teach would-be miscreants to register future domain names in other countries.
Why wait for SOPA?

Lawyer Venkat Balasubramani, writing about the case yesterday, sums it up eloquently: "Wow."

"I'm sympathetic to the 'whack-a-mole' problem rights owners face, but this relief is just extraordinarily broad and is on shaky procedural grounds," he writes. "I'm not sure how this court can direct a registry to change a domain name's registrar of record or Google to de-list a site, but the court does so anyway. This is probably the most problematic aspect of the court's orders."

Rightsholders have asked Congress to write these provisions (and a few more) into law, and they have pushed for government seizures like those from Operation In Our Sites (which just seized another batch of new domains this last weekend). But as Balasubramani points out, cases like Chanel's show that rightsholders can already get what they want from judges, and they can go after far more sites more quickly than the government.

"The fight against SOPA [the Stop Online Piracy Act] may be a red herring in some ways," he notes, "since IP plaintiffs are fashioning very similar remedies in court irrespective of the legislation. Thus, even if SOPA is defeated, it may turn out to be a Pyrrhic victory—opponents may win the battle but may not have gained much as a result."

Source

by Mike Masnick
November 29, 2011

from the this-is-getting-sad dept

We've talked about CreativeAmerica, the astroturfing group set up by the major Hollywood studios, pretending to be a "grassroots effort" in favor of SOPA & PIPA. A month ago, we challenged the group's claim that it had "sent 100,000 letters to Congress." Turns out that wasn't true. They had sent 4,191, and then about 33,000 people had "signed a petition" that the group had set up. The math by CreativeAmerica is that each thing sent out three letters: one to your Congressional Representative and one to each of your two Senators. Of course, petitions are mostly ignored. Letters have only slightly more weight -- and based on Creative America's own math, they really only had about 1,400 people sign their letter.

Either way, it seemed somewhat amusing to discover that some of the top execs at NBC Universal have been threatening all NBC Universal suppliers to sign the letter that CreativeAmerica put together or NBC might no longer be able to do business with them:

We are writing to ask you for help on an issue that is one our top business priorities – content theft on the Internet, which is a major threat to the strength of our business. Our major guilds and unions are joining us in the fight to keep our businesses strong so that the tidal wave of content theft does not kill jobs. But if the current trend continues, it’s not too strong to say that this threat could adversely affect our business relationship with you.

Grassroots effort? When NBC Universal's General Counsel, Rick Cotton -- who famously once claimed that piracy was destroying the lowly corn farmer, since people who watch pirated movies don't eat popcorn (or something) -- is threatening suppliers who don't sign on? That's not grassroots. That's just insane. Now, it's true that Cotton wrote this carefully such that you can read it to suggest it means that if this law doesn't pass, NBC Universal's business will be in so much trouble that it has to shut down or cut off deals with suppliers. But it seems pretty clear that the obvious implication is: sign this or we may no longer do business with you.

But, given that "the big guns" at NBC Universal are pushing all their suppliers to directly sign (or else!) the letter found at CreativeAmerica's site, you might think that a lot more people would have signed on. Especially over the last month, with SOPA making so much news. So we went and checked.

It appears that 4,673 letters have been sent. A month ago it was 4,191. That's a grand total of 482 new letters sent since we last checked almost a month ago. That means in a month, with this story making major news every which way... and the major studios putting a lot of marketing muscle behind it and even threatening partners to sign on, they only rustled up 482 more signatures. And, since CreativeAmerica claims that each person who signs really sends 3 letters, we should divide that by three.

That gives us 161 new signatures (actually 160.666666 etc -- which makes me wonder what happened to that extra third of a person). 161. In a month.

Meanwhile, a real grassroots campaign turned out one million emails to Congress and 87,834 calls in one day. It should be clear at this point that the public clearly does not support SOPA/PIPA, and no amount of "faking it" is driving any public support.

Source

by Mike Masnick
November 29, 2011

from the speak-up dept

We had already seen OpenDNS publicly come out against SOPA and PROTECT IP, and it appears other DNS providers are doing so as well. Dyn has come out strongly against the bill as well, comparing it directly to the Great Firewall of China.

Are you familiar with the Great Firewall Of China? Sometimes referred to as the Golden Shield project, it’s a Chinese government censorship and Internet surveillance project kicked off in 1998 and put into action in 2003. Simply put, it enables the government to restrict what content its citizens can read and view via IP blocking and DNS filtering. If they don’t like a site request a user makes, it won’t get viewed.

Many dismiss what’s happening in China and chalk to up to their communist political system. That could never happen in a free speech-driven, rights for all society like we have in the United States, right?

If the Stop Online Piracy Act (SOPA) introduced this week gets enacted into law, things could change negatively for Americans which is why Dyn opposes the bill.

Once again, this isn't just some "easy to dismiss" ranting from "the usual crowd." This is from a company that actually runs a DNS system and knows directly how this law will create the functional equivalent of the way blocking is done in China. It stuns me that politicians and folks at the MPAA still want to pretend that the concerns over DNS are nothing to pay attention to and that techies can just "change some code" to fix them.

Source

Michael Geist
Monday November 28, 2011

Last year, a Quebec court upheld the largest spam damage award in the world, ordering Adam Guerbuez, a Montreal-based email marketer, to pay Facebook $873 million dollars for sending millions of spam messages to users of the popular social network. Two months later, the Conservative government passed long overdue anti-spam legislation that finally established strict rules for electronic marketing and safeguards against the installation of unwanted software programs on personal computers, all backed by tough multi-million dollar penalties.

Then-Industry Minister Tony Clement promised that the law would "protect Canadian businesses and consumers from harmful and misleading online threats," but nearly a year later, my op-ed in the Hill Times (homepage version) notes the law is in limbo, the victim of an intense behind-the-scenes lobbying campaign that threatens to water-down the legislation such that Guerbuez, who maintains an active online presence, has publicly thanked the lobby groups for helping to keep him in business.

The spring election delayed the introduction of draft regulations for the anti-spam legislation, but since they were posted in early summer, lobby groups have used the process as an invitation to re-open the legislation and delay any implementation for months or even years.

While the government has remained mum on its plans, public comments from groups like the Canadian Marketing Association indicate that new regulations are on the way with backroom consultations with lobby groups that will create significant delays. Moreover, it appears that Industry Minister Christian Paradis has caved to the lobby pressure and is prepared to inject massive loopholes into what was touted as one of the world’s toughest anti-spam laws.

The law sets reasonable limits for online marketing consistent with rules found in many other countries. It includes important "opt-in" consent requirements, but also features numerous exceptions including a business-to-business exception so that businesses that send commercial email to other businesses are immediately exempt from the need to obtain consent. In fact, all commercial messaging to consumers is permitted - there are no limits - so long as the business has obtained prior consent.

Despite the balanced approach, lobby groups are determined to undo many basic protections. For example, the law includes an exception for commercial messages where there is a "personal relationship." Industry Canada proposed a regulation that defined a personal relationship as one involving an in-person meeting and a two-way communication at least once over the prior two years.

Lobby groups such as the Interactive Advertising Bureau Canada have called on the government to drop these conditions, arguing no in-person meeting and no time limit is needed.  In other words, according to the IAB, a 10 year old email exchange should qualify as a personal relationship and exempt the marketer from obtaining user consent and complying with the anti-spam rules.

The lobby groups have also targeted the tougher consent requirements, noting that they may exceed those required under current private sector privacy law. The tougher standards are a feature, not a bug, as MPs were well aware that the anti-spam law was increasing privacy protections.  Yet now lobby groups want to use the regulatory process to "grandfather" any earlier consent - even those that may have only been implied.  As a result, millions of Canadians will find that organizations claim consent to continue marketing to them.

Groups such as the Canadian Real Estate Association also have their sights set on dismantling protections against unwanted "referral" emails. While the law currently permits referral emails with appropriate consents, new regulations may establish broad exceptions that imply consent for many referral emails.

The campaign to undermine the law is not limited to spam. The law also contains mandatory disclosure requirements when Canadians install new software programs on their personal computers.  This issue was hotly debated at committee and the compromise legislation designed to protect individual privacy and security, while enabling common installations (such as security updates) to proceed unimpeded.

Lobby groups are similarly using the regulatory process to re-open the legislative compromise. For example, the Information Technology Association of Canada, which represents software and technology companies, argues that software vendors should be permitted to install programs without disclosure provided they notify the user of possible installations within the licence agreement. Given the common practice of burying such terms in long agreements that few consumers ever read, few will be aware that they have consented to the secret installation of programs designed to monitor their use of the software.

None of this would pose a significant concern if Paradis was prepared to tell the lobby groups that re-opening the spam law is not option.  But with secret meetings and leaked information, it is increasingly apparent that the protections promised to Canadians may soon dissolve, ensuring that the likes of Adam Guerbuez will continue to ridicule Canada’s effort to stop unwanted spam and calling into question the government’s promise to protect Canadian consumers and businesses.

Source

By David Kravets
November 28, 2011

Federal authorities have seized the online names of 150 websites allegedly hawking counterfeit and copyright goods, bringing to 350 the number of domains taken as part of a forfeiture program that began a year ago.

Monday’s announcement of the seizures falls on the biggest online shopping day of the year, known as “Cyber Monday.” The development comes as Congress is debating granting private rights holders the ability to cripple websites by blocking ad traffic and financing to sites they believe are violating their copyright and trademark rights.

“Through this operation we are aggressively targeting those who are selling counterfeit goods for their own personal gain while costing our economy much-needed revenue and jobs,” Attorney General Eric Holder said in a statement. “Intellectual property crimes harm businesses and consumers, alike, threatening economic opportunity and financial stability, and today we have sent a clear message that the department will remain ever vigilant in protecting the public’s economic welfare and public safety through robust intellectual property enforcement.”

Federal authorities are taking .com, .org. and .net domains under the same civil-seizure law the government invokes to seize brick-and-mortar drug houses, bank accounts and other property tied to alleged illegal activity. The feds are able to seize the domains because Verisign, which controls the .net and .com names, and the Public Interest Registry, which runs .org, are U.S.-based organizations. Under civil forfeiture laws, the person losing the property has to prove that the items were not used to commit crimes.

Immigration and Customs Enforcement leaves behind a message to online visitors that a site has been seized under a program called “Operation in Our Sites.”  Those messages have received 77 million page views, the government said.

Sen. Ron Wyden (D-Ore.) has questioned the operation, saying the process does not give “targeted websites an opportunity to defend themselves before sanctions are imposed.”

The government said Monday that undercover agents purchased counterfeit sports jerseys, golf equipment, DVD sets, footwear, handbags and sunglasses from the sites before obtaining seizure orders from federal judges.

At least one site has unsuccessfully challenged a forfeiture in federal court, a decision that is on appeal.

The site’s .com and .org domains were seized in January along with eight others connected to pirated streams of professional sports. Puerto 80, which owns the site, claims Rojadirecta had some 865,000 registered users until its seizure, and denies committing copyright infringement.

Puerto 80 describes the site as a discussion board where members can talks sports, politics and other topics, and it additionally links to sports streams hosted elsewhere. The site, which now operates as Rojadirecta.me, also includes a section called downloads, where users post links to recorded sporting events that can be downloaded from file-sharing sites.

Source

By Olivia Solon
November 29, 2011

In light of the erosion of privacy online, we need to be careful to protect our privacy at home, according to Michael Birnhack, law professor at Tel Aviv University, speaking at Intelligence Squared's If conference.

In direct contrast to Martin Blinder's argument in favor of personal analytics, Birnhack said: "Yes we can measure stuff, but do we want to measure all that stuff? I would argue that at least some of us would like to maintain a place where nothing is measured and nothing should be measured."

We have always used technology to maintain privacy within our properties, such as locks, curtains, shades, CCTV, and security systems, and a person's home has always provided a degree of privacy where you can do what you like. Birnhack contrasted this with the life of homeless people—who must live their lives out in public. "Privacy in the home is the management of the boundaries between me and you," he said. It is not clear who always makes that decision.

Birnhack was particularly concerned with the impact of technologies like Google Street View on privacy in the home. He made a comparison between having a stranger walk past and look into your home with Street View.

He said that many London houses have large windows, allowing people walking up and down the street to peer in. "But it's rare for someone to stand and stare inside. The person inside would then feel nervous, close the curtains, call the police and it could even get violent," he said. He explained that although people can see inside these houses quite easily, they don't, because there's a social norm that dictates that you shouldn't.

Google Street View, on the other hand, is permanent and opens up the windows of your house to a world beyond the people who walk down your street. But the main difference is the privacy implications. "I can't open my window and yell at Google's camera to get out of here. There's no social norm—they are completely irrelevant."

Birnhack is particularly concerned about thermal imaging, which has been used to spot criminals in their home growing cannabis with energy and heat-intensive hydroponic systems. Similar technology have been used recently by the Telegraph to see if protestors at St. Paul's were in their tents at night during the Occupy LSX protests. He said: "They have a technology that becomes more ubiquitous and once again it bypasses social norms but it also bypasses locks, curtains, and windows."

He called for careful consideration of the implications of these technologies for privacy and perhaps even legislation to control their use.

Source

by Mike Masnick
November 28, 2011

from the good-for-them dept

We've written a few times about how columnists at various mainstream press outlets have been speaking out against SOPA and PIPA, showing that the story is catching on in the mainstream media. However, some of our critics have complained that since these are just writers for those publications, it's unfair to suggest that the publication itself has come out. Okay... if that's the way you want it. Let's try this one on for size: the New York Times has officially come out against SOPA and PIPA. No, not a columnist, but an official editorial, meaning that it's the official stance of the paper. After discussing how infringement is an issue, it notes that the definitions are way too broad, and says:

The purpose of the legislation is to stop business flowing to foreign rogue Web sites like the Pirate Bay in Sweden. But these provisions could affect domestic Web sites that are already covered by the 1998 Digital Millennium Copyright Act. That act has safe harbors protecting sites, like YouTube, that may unknowingly host pirated content, as long as they take it down when notified.

Another provision would allow the attorney general to sue foreign sites that "facilitate" piracy, and to demand that domestic search engines stop linking to them and that Internet service providers redirect traffic. Experts have said this measure could be easily overcome by users and warn that it could undermine an industrywide effort to reduce hacking. Legislators should also think hard about the message it would send to autocratic regimes like China’s, which routinely block political Web sites.

While most of the editorial focuses on SOPA, it also mentions that PROTECT IP "has serious problems that must be fixed." The fixes that the NY Times suggests are as follows:

The bill should be made to stipulate clearly that all of its provisions are aimed only at rogue Web sites overseas. Foreign sites must be granted the same safe harbor immunity — and the bill must not open the door to punishments for domestic sites that abide by the 1998 digital copyright law. And rather than encouraging credit card companies and advertising networks to pre-emptively cut off business to Web sites accused of wrongdoing, a court order should be required before they take action.

As noted above, earlier in the editorial, it also comes out against any kind of DNS blocking, and suggests, if anything, only financial services should be cut off. I have some issues with that approach as well, but it would be a hell of a lot better than the bills we have now.

If that's not enough for you, how about an official editorial from the LA Times, again representing the official position of the editorial staff of the paper. This one may be even more surprising, given that the LA Times is the MPAA's hometown paper. The LA Times editorial is quite similar to the NY Times one, noting that neither proposal appears likely to help, and actually neither proposal even appears to be getting towards the "right answer."

Both bills go to risky extremes, however, in their efforts to stop these sites from attracting an audience. Of the two, the House bill goes further down the wrong path, weakening protections for companies — including those based in the United States — that enable users to store, publish or sell goods online. The change could force such companies to monitor everything their users do, turning them into a private security force for copyright and trademark owners.

At this point, I think it's difficult to argue that the mainstream press is ignoring this issue, or that they're simply "supporting pirates."

Source

Tim Cushing
November 28, 2011

from the clicking-our-way-to-a-safe-and-secure-nation dept

Senator Joe Lieberman, taking a break from his usual schedule of trying to stamp out all things Wikileaks-related, returns to his old anti-terrorism stomping grounds, sending out a letter to Google CEO Larry Page, expressing his concern that not enough stuff is getting labeled "terrorism."

He bases his request on the old "because someone did something once" argument that has served the DHS and TSA so well. (See also: "See something. Say something." because that one time a guy reported a vehicle with a bomb. See also: please remove your shoes and step into the Pornoscan because one time that guy tried to light his shoes on fire and that other time a guy had bomb-laced underwear.) Recent "lone wolf" terrorism suspect Jose Pimentel was, like so many other people in the world, a blogger. Lieberman apparently believes that the prevention of future acts of terrorism should be turned over to the blogosphere in the form of an option to "flag" a blog as containing "terrorist" content.

Talking Points Memo has more info:

"Pimentel's Internet activity - both his spreading of bomb-making instructions links and his hate-filled writings - were hosted by Google," Lieberman wrote.

"On his site www.trueislam1.com, Pimentel stated, 'People have to understand that America and its allies are legitimate targets in warfare. This includes facilities such as army bases, police stations, political facilities, embassies, CIA and FBI buildings, private and public airports, and all kinds of buildings where money is being made to help fund the war.' As demonstrated by this recent case, Google's webhosting site, Blogger is being used by violent Islamist extremists to broadcast terrorist content," Lieberman continued.

Lieberman also points out that Youtube already has this option (thanks to Liberman's tireless complaining), so it would logically follow that Blogger enforce the same limitations. In fact, he pretty much states that the same people that can prevent forest fires can also prevent terrorism (i.e. "You," meaning "all of us"), only in this case it can be done with a simple click of the mouse.

"The private sector plays an important role in protecting our homeland from the preeminent threat of violent Islamist extremism, and Google's inconsistent standards are adversely affecting our ability to counter Islamic extremism online."

Oh, wait. We can't actually stop terrorism. We can only flag "Islamist extremism," which for some people could mean the site quotes the Koran. For others, all it might take is a few angry words delivered by certain foreign types. And for others, all they need is the urge to start pushing buttons.

This is another attempt by a politician to shove the culpability for terrorist acts onto the shoulders of hosting platforms. By all means, Google could add a "Report as TERROR" button to its blogging platform, but does anyone not named Lieberman actually believe that this will ever prevent a future act of terrorism? I'd rather potential terrorists bogged themselves down in the minutia of blogging (endlessly checking stats, rescuing legitimate comments from the spam container, arguing with pesky commenters, following incoming links back into malware deathtraps, gaming their Technorati rating, etc.) than actually, you know, doing terrorist stuff.

There's also the fact that "flagging something as something" has got to be the most ineffective deterrent ever devised, whether you're trying to stomp out spam or to do something more difficult, like save the world from "Islamist extremism." Not only will whoever's policing this new banhammer have to deal with a new set of false positives, this also puts Google in the awkward position of trying to decide if the blogs reported are actually harmful or just some random person spouting a bunch of untargeted nonsense.

And if Google does decide to start doing this, odds are that there will be a bunch of racially-motivated clicking going on, which will only add to the "noise" side of the signal-to-noise ratio. Once you start shutting down a particular religion based on clicks -- all because the federal government demanded it -- you're asking for all sorts of trouble in the First Amendment arena. Uglier than this is the fact that asking for a "Report" button is yet another punt by those in charge of keeping this country safe. The implicit statement seems to be "We can't figure out how to stop terrorists so we're leaving that to you," which would make this no different from every previous foiled terrorist attack. It's not the DHS, TSA or air marshals that stop terrorists. When they're not being foiled by their own incompetence, they're being taken down by fellow passengers. A plea for a "Report as Terrorism" button has all the hallmarks of another windmill tilt in the hopes of appearing to be doing "something."

Source

November 23, 2011

Google has expanded its search blacklist to include many of the top file-sharing sites on the Internet, including The Pirate Bay. The changes were quietly processed and appear to be broader than previous additions. Google’s blacklist prevents the names of sites appearing in their Instant and Autocomplete search services, while the pages themselves remain indexed.

Since January 2011, Google has been filtering “piracy-related” terms from its ‘Autocomplete‘ and ‘Instant‘ services.

Google users searching for terms like “torrent”, “BitTorrent” and “RapidShare” will notice that no suggestions and search results appear before they type the full word. As a consequence, there’s sharp decrease in Google searches for these terms.

Initially only a handful of “piracy-related” terms were censored, but a recent update to the blacklist includes nearly all the top file-sharing websites.

Searches referring to torrent sites such as “thepiratebay,” “the pirate bay,” “isohunt,” “torrentreactor,” “btjunkie,” “kickasstorrents,” “sumotorrent,” “btmon,” “extratorrent” and many others are now excluded from ‘Autocomplete‘ and ‘Instant‘. Interestingly, the full url “thepiratebay.org” is still offered as a suggestion.

The new list further includes several cyberlocker websites that were perviously left unfiltered, such as “4shared,” “filesonic” and “fileserve.” Although Google doesn’t censor the content of the websites in question, the Google searches for the affected terms drop significantly.

By voluntarily censoring parts of their search services, Google is trying to keep on friendly terms with copyright holders. The downside to this is that they put perfectly legitimate companies such as BitTorrent Inc and RapidShare at a disadvantage.

There is currently no clear definition of what Google considers to be piracy-inducing, but Google claims that the blacklist helps to reduce online piracy.

“While there is no silver bullet for infringement online, this measure is one of several that we have implemented to curb copyright infringement online,” Google spokesman Mistique Cano previously told TorrentFreak.

“This is something we looked at and thought we could make some narrow and relatively easy changes to our Autocomplete algorithm that could make a positive difference,” Cano added.

How positive this difference really is, of course depends on who you ask. IsoHunt owner Gary Fung told TorrentFreak that Google is going down a dangerous path.

“It’s a lot more subtle than the censorship attempts made possible by the pending PROTECT IP and SOPA bills, but it’s still censorship and it starts small. Google is increasingly becoming a self-righteous Big Brother of the Web. So much for ‘Do no evil’,” Fung told us.

A Pirate Bay insider also told TorrentFreak that Google doesn’t live up up to its famous motto.

“”It’s just another step towards censoring their search engine altogether – without a legal basis. We’re also wondering why this happens at almost the same time as they’ve released Google Music – a service where they sell music which in some cases might be found on The Pirate Bay,” he added.

Despite criticism from the public and the businesses affected by their blacklist, Google has said that it will continue to expand its piracy filter. The big question is, where will they draw the line?

Source

by Thom Holwerda
November 24, 2011

While the US is still pondering SOPA, we just got some absolutely fantastic news out of Europe. The European Court of Justice, the highest court in the European Union, has just ruled that P2P filters installed by ISPs violate the European Directive on electronic commerce as well as fundamental rights. This is a hugely important ruling that effectively protects all member states of the European Union from ever being subjected to ISP filtering and spying.

The origins of this ruling lie in Belgium. The Belgian version of the RIAA, SABAM, had sued Belgian internet provider Scarlet because the ISP's users were downloading copyrighted content without paying royalties. The President of the Tribunal de première instance de Bruxelles (Brussels Court of First Instance) then ordered Scarlet to install a filtering system to monitor the internet traffic of its subscribers.

Scarlet didn't like this and appealed, and argued before the European Court of Justice that such a filtering system is incompatible with the Directive on electronic commerce and with fundamental rights. Today, the European Court of Justice ruled in full agreement with Scarlet - this has to be one of the clearest and most straightforward rulings I've ever seen. The Court of Justice doesn't mince any words here.

There are two elements to the ruling. First, imposing such a filtering system would hinder Scarlet in freely conducting business, a violation of the Directive on on electronic commerce. This is the practical side of the ruling.

"In the present case, the injunction requiring the installation of a filtering system involves monitoring, in the interests of copyright holders, all electronic communications made through the network of the internet service provider concerned. That monitoring, moreover, is not limited in time," the Court of Justice states, "Such an injunction would thus result in a serious infringement of Scarlet's freedom to conduct its business as it would require Scarlet to install a complicated, costly, permanent computer system at its own expense."

Other than this practical side, the ruling also has a philosophical side which deals with the implications such a filtering system would have for fundamental rights such as privacy.

"What is more, the effects of the injunction would not be limited to Scarlet, as the filtering system would also be liable to infringe the fundamental rights of its customers, namely their right to protection of their personal data and their right to receive or impart information, which are rights safeguarded by the Charter of Fundamental Rights of the EU," the Court continues.

"It is common ground, first, that the injunction would involve a systematic analysis of all content and the collection and identification of users' IP addresses from which unlawful content on the network is sent. Those addresses are protected personal data," the Court further clarifies, "Secondly, the injunction could potentially undermine freedom of information since that system might not distinguish adequately between unlawful content and lawful content, with the result that its introduction could lead to the blocking of lawful communications."

The Court concludes, therefore, that ISP-side filtering systems would not strike a fair balance between IP protection on one side, and "the freedom to conduct business, the right to protection of personal data and the right to receive or impart information" on the other.

The European digital rights organisation EDRI is obviously pleased with the ruling. "This result is hugely important, as it protects the openness of the Internet," EDRI states in a press release, "The alternative would have been a decision which would ultimately have put all European networks under permanent surveillance and filtering. This would have had major negative consequences for both fundamental rights and the online economy in Europe."

It's interesting to see how many parts of Europe are starting to take serious stands against the draconian, anti-freedom laws and initiatives the United States is trying to impose upon the rest of the world. Just this week, the Dutch minister of foreign affairs refused to declassify all the documents and negotiation details surrounding ACTA - as a result, the Dutch Lower House accepted a motion to block all debates and talks in the Lower House until all materials related to ACTA are declassified and made available to the public. Until then, ACTA will not even be discussed in the Lower House, and thus, will not be accepted.

Meanwhile, the European Parliament is taking a stand against SOPA, and fighting to make unconditional net neutrality - as codified first by Chile and second by The Netherlands - part of European Union law. And now we have the highest courts on the side of freedom of speech and fundamental rights as well?

Only a few months ago I thought the fight was pretty much over, and that we, sanity, had lost. Now - things ain't looking so dire any more. The tables are turning.

Source

November 23, 2011

On the same day that the European Parliament had its first secret meeting on ACTA (Anti-Counterfeiting Trade Agreement), the Dutch parliament decided it will not take ACTA into consideration unless all ACTA negotiation texts are published.

A few weeks ago, the Dutch House of Representatives’ committee of Economic Affairs, Agriculture and Innovation requested the ACTA negotiation texts (the earlier versions of ACTA). The minister of Economic Affairs, Agriculture and Innovation, Maxime Verhagen, sent the texts to parliament, adding a non disclosure obligation. In debates, Members of Parliament may not refer to the documents, nor quote from them.

Sunday, Bits of Freedom sent a letter to the committee, asking the committee not to accept the secrecy.

Committee member Kees Verhoeven (D66) proposed a message from the committee to the minister that no substantive treatment of any ACTA document can be made without publication of all relevant documents and above all that the committee can discus all documents in public. According to experts, the treaty has major implications for Dutch legislation (eg on copyright and Internet freedoms) and the House can’t at the moment consult experts nor can it inform the public about ACTA’s consequences, since ACTA is partly confidential. For this reason, the committee also requests the minister not to take irreversible steps, neither in Europe and nor in the Netherlands, in terms of ACTA. And towards the commission itself, the proposal to temporarily withdraw all ACTA related documents from the agenda until the minister discloses all documents.

Bits of Freedom reports a majority in the Dutch House of Representatives (D66, PVV, GroenLinks, SP and PvdA) adopted the proposal.

Meanwhile in Brussels, the European Parliament International Trade committee (INTA) held a highly controversial in-camera meeting to learn what the legal service of the European Parliament thinks of ACTA.

On 9 November, the FFII had send an open letter to the Chairman of the Committee on International Trade (INTA), in which the FFII objected to the planned in-camera meeting on the 23th. On 12 November the INTA chairman defended the secrecy in a letter to the FFII.

7 civil society groups asked for European Parliament transparency on ACTA on the 17th. On Friday the 18th, the Parliament refused to disclose the legal service’s opinion on ACTA, “disclosure would undermine the protection of the public interest as regards international relations”.

On Sunday, the FFII filed a confirmatory application for legal service’s opinion on ACTA. According to the FFII, the argument that disclosure of the opinion would undermine international relations is totally overstretched. The Parliament’s second reason violates the European Court of Justice case law (Turco case), and the third argument lacks substance.

On Monday 21th, sources in Parliament reported the meeting was postponed. But on Wednesday the 23th, the meeting was on.

Henrik Alexandersson, assistant to Christian Engstrom, reports on his blog:

• Controversial INTA meeting on ACTA held in camera today 23 November despite protests from Civil Society.
• Previous decision to postpone the meeting annulled yesterday night by INTA Coordinators.
• Vote on holding the meeting in public was denied.

After 4 European Parliament resolutions asking for ACTA transparency, the Parliament now took the decision to keep the legal service’s opinion confidential. And to meet in-camera.

This whole show will be repeated soon: the Legal Affairs Committee asked for a legal service’s opinion as well.

A partly secret ratification process… How deep do you want to sink?

The European Parliament should take a good look at the Dutch Parliament’s example.

Source

By Kelly Fiveash
November 2011

Telcos troubled by domain cut-offs without court orders

Plans to allow Blighty cops to "switch off" websites used by criminals have been delayed following pressure from internet firms and campaigners, who claimed such a move would hamper freedom of expression online.

"We had hoped to submit a proposed policy to the [Nominet] Board in December, but following some recent public feedback, it is clear that there are issues that require further discussion," said the UK domain registry.

Nominet has been mulling over such a change to its policy, which would dramatically bolster police powers when it comes to cutting off domain names in the UK.

Under the proposals, cybercops would ask Nominet to remove sites from the .uk registry if police said they had reasonable grounds to believe the sites were being used for criminal activity.

However, the ISPA, London Internet Exchange (LINX) and the Open Rights Group have told the organisation that they disagree with the policy. The ISPA, a trade group that represents telcos including BT and Virgin Media, gave The Register this statement: "ISPA intends to continue to work with Nominet and the issue working group on the draft recommendations."

LINX, BT and Virgin Media hadn't immediately got back to us with comment at time of writing.

The Department for Culture, Media and Sport gave us this response: "Nominet are currently developing proposals to change their terms and conditions to deal with domain names connected to criminal activity.

"They are working with a broad range of interested parties and the government will continue to be part of that process."

The Open Rights Group said in a blog post on Wednesday that each party involved in discussions with Nominet about the policy proposals had "separately decided that domain suspensions need to take place after receipt of a court order".

Domains suspended upon polite request

However, as we reported earlier this month, it appeared that automatic powers granted to allow police to take down websites had been slightly clawed backed by Nominet.

The new plan said that a court order would be needed in some cases.

"Nominet has to date been suspending domain names at the mere request of law enforcement in a variety of cases," the ORG said.

"The full details of these suspensions have not been released: rather, some summary information has been provided orally giving an indication of the volumes and the nature of the offences. We are asking Nominet to publish this information."

The campaign group argued that such police powers would "inevitably be used more widely in the future".

If a domain suspension notice is disputed by a .uk registrant, Nominet would consult an "independent expert", such as an outside lawyer, before deciding whether to ask police for a court order, the new draft recommendations state.

That's a plan which clearly isn't far-reaching enough for telcos and campaigners, however.

"Our approach from the outset has been to seek consensus where possible. Therefore, we are working to reconvene the issue group in January to attempt to see whether differences can be resolved, prior to submitting any recommendation to the Board," Nominet said.

"We remain committed to ensuring all stakeholders have their views represented, so we can continue to run .uk for the benefit of all."

Update

A spokesperson for LINX got back to us to say that the organisation fears social networks, online auction houses and similar sites could be unfairly taken down by cops if their users upload dodgy material. Its statement reads:

A domain owner should be allowed to defend themselves in court. We are also concerned that the law enforcement agencies' proposal does not limit suspension to domains where the domain owner had criminal intent itself: this could place at risk any domain with user-generated content, such as auction sites and social networking.

LINX members are committed to helping the police combat criminal behaviour online, but all such action needs to be balanced and proportionate, and respect the property rights of legitimate businesses. We would welcome suspension of domains held by criminal enterprises, but to protect the innocent suspension should be ordered by a court.

Source

By Stephen C. Webster
November 23, 2011

The Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (Protect IP) and the Stop Online Piracy Act (SOPA) “are like two peas in a pod,” Sen. Ron Wyden, the bills’ most vocal opponent in the U.S. Senate, explained to Raw Story in an exclusive interview.

“These are Web blacklisting bills, Web censorship bills, and anybody with a Web site would be vulnerable,” he said, a tone of urgency prevailing in his voice.

“Had I not put a hold on it in May, it would have simply passed at that time,” Wyden continued. “I put a hold on the previous version back in December, and had I not put a public hold on it then, that version would have passed.”

Now, the Protect IP Act and SOPA are back, and this time seemingly with enough momentum to make it through Congress — but that could be changing.

The Business Software Alliance, a major industry advocacy group that once supported the bills, changed its mind just this week and is now working to oppose them.

Now companies like Apple, Microsoft and Intel are working to significantly alter the legislation, which critics say would fundamentally change the architecture of the Internet. Even Google and Facebook have come out against the bills, aruging that they simply go too far.

But they’re pitted against a collection of very powerful lobbies: the movie and music industries, along with other digital content providers like Sony and Nintendo.

“The other side, all of these lobbies, the content industry, is enormously powerful,” Wyden said. “They’ve spent hundreds of millions over the last few years in politics. They are very, very connected.”

“It is hard to accurately state how influential they are,” he went on. “[This lobby] has a history of making statements that are anti-innovation. It was not long ago when the motion picture industry said in a widely-viewed public forum that the VCR was to the movie industry what the Boston strangler was to women home alone. So, we’re up to a very savvy, very well financed lobby, and suffice it to say, these kinds of issues are a bit technical until people see what’s really at stake, which is a free and fair Internet.”

The only way to fight that kind of power and influence, he concluded, is to get Americans calling Congress, en masse, as soon as possible.

Should that effort fail, Wyden has a single last resort: an old school standing filibuster, during which he plans to read the names of people who sign his online petition against the bills. Over 60,000 have signed so far, his staff said.

But that’s still not enough, Wyden said: he may not have the votes to support his filibuster, meaning the Senate could simply override him.

“This is absolutely a crucial time,” he added. “The other side is going to try to override my hold, that’s what they’ll try and do, to see if they can get the votes in the Senate to proceed with the bill as written. That’s what I’m trying to block.”

“We’ve got to have folks all over the country who share our view, in terms of a free and open Internet, weighing in with their members of Congress with calls and emails and going to town hall meetings, everything they can do to get their voices heard in this government,” Wyden concluded. “If we can prevent this bill from coming to the floor as written, that’s the single most important step we can take.”

Source

by Matt Stempeck
November 21, 2011

Good ideas aren't enough. They need champions and constant vigilance, or Congress will take them from you.

Many problems arise when your country's legislature is consistently more responsive to its donors than its constituents. One of these problems is that simple good ideas can't just be left alone to bask in their goodness.

The Internet is clearly a good idea -- not tautologically good, but certainly one of the better things that's happened to human communication and the spread of knowledge in recent centuries. But now some people in Congress who didn't know what an MP3 was until their granddaughter got an iPod a few years ago, want to go and ruin the web to benefit a few reactionary trade groups who would prefer censorship to innovation. A bill that was introduced into the House last month, called the Stop Online Piracy Act (SOPA), aims to penalize or eliminate websites that have pirated content, and the repercussions for Internet users could be far-reaching.

The reaction online has been one of the largest upswells of traditional advocacy by web-native organizations in recent memory. Ever heard of Facebook, Google, Twitter, eBay, LinkedIn, Mozilla, KickStarter, Yahoo, AOL or Zynga? They're all opposed to the bill.

Google's fighting the good fight within the halls of Congress, where its representative was the only opposition witness allowed before the House Judiciary Committee. 4Chan, BoingBoing, and other top web properties converted their home pages to CENSORED home page takeovers, offering priceless in-kind advertising to the cause.

The result? Six thousand websites participated. One million emails were sent to Congress -- and 3,000 handwritten letters.

Tumblr takes it up a notch

Tumblr took even more dramatic action as far as getting users' attention, and redirected the roughly 500,000 daily unique visitors to Tumblr.com to a slick "call Congress" tool that dialed users, prompted them with talking points, and connected them to their representatives.

I need to take a minute and let you marinate on Tumblr's part in all of this. The service combines Twitter and blogging and has grown 900 percent in the last year. With 30 minutes' notice, Tumblr got hooked up with Mobile Commons, another New York-based start-up. And then they delivered an average of 3.6 calls per second to Congress. Because Tumblr is a blogging platform, its action also produced a sharp uptick in blog posts about SOPA.

The tool the Tumblr team built made me a little happy and a little sad. I was happy because it was perfectly executed. The interface was nice; it was blatantly clear what I was supposed to do; and it got my complete attention until the task was completed. But it also made me sad because I've been watching political technology for 10 years and have never seen anything nearly this good from the industry vendors who charge campaigns and non-profits significant sums of money for their clunky click-to-call tools.

It appears that Tumblr built in a day or two what no D.C.-based technology supplier could come up with in the last five years. The closest I've seen to Tumblr's tool was a short-lived but great "Whip Congress" tool built by Change Congress and a couple of Google employees. It provided a nice overview of which members of Congress to thank and which to spank for their stance on a bill.

Tumblr ended up routing 87,834 calls to representatives, for a total of 1,293 hours on the phone. For those of you who haven't worked in advocacy at the federal level, members of Congress pay a lot more attention to phone calls from constituents than emails or petitions.

But the bill lives on.

Protecting free speech

Even if this bill is defeated, what has happened this week is really important for the protection of free speech online (which is, in spirit if not in law, identical to the protection of free speech in general).

We take for granted that great things like the Internet exist (and frankly, we should be able to). The problem with the U.S. Congress is that if a tiny, tiny minority of people doesn't like something (like the open Internet), and they give lots of money to key members of Congress, their opinions suddenly trump the vast majority of citizens, who didn't realize they'd have to fight for something that's so obviously great and well-loved. In this case, pro-SOPA groups like Pfizer and the MPAA have given 12 times the amount of money to members of the House of Representatives as web companies and consumer groups.

So, in addition to paying more attention and donating LOTS more money, the people who want to ruin the Internet also have the advantage of surprise. Net-savvy individuals first have to find out about the threat to the web, and then they have to overcome the counterintuitive logic that something as brilliant as the Internet is being fundamentally threatened by the people who just got around to figuring out that Facebook and its 800 million users might be a good place to rent out Batman movies.

It's vital that even consumer-level websites are getting political right now. We need them to win this battle. And we need everyone who loves the open web to be relatively engaged in protecting it, at least when ideas as terrible as SOPA gain traction.

The same problem occurs on issue after issue. No one stands up for great things we all take for granted, because who would mess with great things? There's no real money or lobby behind protecting free speech, just some ideals and financially struggling non-profits. If it weren't for the courts, free speech would be a distant memory at the mercy of some industry inconvenienced by it.

It's really, really helpful when major and relatively apolitical sections of American society suddenly pay attention and push back on Congress. Many terrible ideas are advanced in the halls of Congress all the time, but they depend on the majority of us not paying attention until it's too late and they've already become law.

The battle lines have been drawn, and those on the side of an open Internet, and free speech in general, need to stand up. This week, they have. But the opposition is heavily funded and well-organized. Preventing the sabotage of the Internet will take more than some clever Javascript site takeover code. It'll take phone calls and long-term organizing and building support and paying attention during non-crisis moments.

Fortunately, some groups have started this process. I'd recommend at least joining their email lists and following them on Twitter, as these groups are working very hard to keep the Internet the Internet:

• Electronic Frontier Foundation
  
• Public Knowledge
  
• Center for Democracy & Technology
  

Source

By Richard Chirgwin
November 20, 2011

Putting a man-in-the-middle into an end-to-end protocol is dumb

It isn’t actually news as such: while the DoE’s own Sandia Labs has warned that the notorious Stop Online Piracy Act is a threat to the deployment of secure DNS – DNSSEC to its friends – the fragility of the protocol has been discussed for ages.

The problem is this: an end-to-end protocol is the simplest way to ensure that a browsing session isn’t hijacked along the way by a fake DNS record. Sandia’s letter is, in that sense, merely reiterating what’s already known.

DNSSEC proposes just such an end-to-end protocol. In today’s insecure world, the ordinary end user has very little opportunity to verify that foo.bar really is 192.168.0.10 rather than 192.168.1.10* – which opens the way to DNS hijacking and makes DNSSEC necessary.

The secured version of DNS performs the same basic function of DNS: it’s still a distributed, queryable database that allows humans to put http://www.theregister.co.uk/ into their browser bar, and get directed to 92.52.96.89 to actually get the content. But it mandates that the domain record used for that resolution is cryptographically signed.

As this paper, cited by Sandia, puts it:

“When implemented end-to-end between authoritative nameservers and requesting applications, DNSSEC prevents man-in-the-middle attacks on DNS queries by allowing for provable authenticity of DNS records and provable inauthenticity of forged data. This secure authentication is critical for combatting the distribution of malware and other problematic Internet behavior.

"Authentication flaws, including in the DNS, expose personal information, credit card data, e-mails, documents, stock data, and other sensitive information, and represent one of the primary techniques by which hackers break into and harm American assets.”

The paper was published in May 2011, in response to a different piece of mandated DNS poisoning stupidity, and is entitled Security and Other Technical Concerns Raised by the DNS Filtering Requirements in the PROTECT IP Bill.

“By mandating redirection, PROTECT IP would require and legitimize the very behavior DNSSEC is designed to detect and suppress,” the paper states. “[A] DNSSEC-enabled browser or other application cannot accept an unsigned response; doing so would defeat the purpose of secure DNS. Consistent with DNSSEC, the nameserver charged with retrieving responses to a user’s DNSSEC queries cannot sign any alternate response in any manner that would enable it to validate a query.”

(It’s worth noting that this latter statement only holds true in a world that’s completely adopted DNSSEC; as Sandia points out, when the majority of assets are still unsigned, browsers will still accept unsigned responses.)

In other words, the fools sockpuppets legislators proposing SOPA’s DNS-interference mechanism have done so when the impact of their thought-bubble was already known.

Moreover, as was pointed out to The Register by Australian Internet luminary Geoff Huston, DNSSEC is designed such that if a fake record is returned – for example, if a US court orders that infringing-site.com returns any address other than the authoritative record – it’s detectable.

“The NXDOMAIN response is a visible fake response in a DNSSEC world. And if you chose to block by non-response, then the DNSSEC NSEC records will again show that this is a lie,” he told us in an e-mail.

Even worse, Huston said, legislation like SOPA could encourage the formation of “darknet” alternative DNSs.

“This will not switch off the content, but will provide impetus for the formation of ‘alternate’ DNS worlds which include the blocked domain names,” he wrote.

“To what extent these alternative worlds will then be populated by ‘fake’ banks, ‘fake’ governments and all other kinds of attempts at trickery is an open question, but it is unlikely that the darker alternate DNS world will be any better than what we have today. So in effect, they argue, these attempts to suppress bad content through mucking around with the DNS encourages other forms of mucking around with the DNS, and that’s not a good thing.”

Nor will the measures proposed in SOPA actually block the content, since users will still be able to locate the “banned” resource directly using the IP address, by running a local resolver, using a foreign resolver, or by editing their hosts file.

As Sandia states, “Even non-technical users could learn to bypass filtering provisions.”

*Yes, I know 192.168.nnn.nnn is reserved. It’s an example.

Source

By Katitza Rodriguez
November 21, 2011

The Canadian national anthem proudly honors "The True North strong and free!” Yet Canadians face an imminent round of frightening online spy proposals that threaten long held civil liberties and privacy rights. Public Safety Minister Vic Toews has insisted that he won’t budge in his support of online spying legislation despite heavy criticism from privacy watchdogs.

We last discussed the former online spying bills (C-50, C-51 and C-52) Canada’s majority Government sought to advance in October. Collectively called the “lawful access” bills, these measures are essentially a backdoor for law enforcement to easily access personal information. While Public Safety Canada has defended the bills, stating they would enable authorities to protect Canadians from “criminal and terrorist activities” without “infringing on the rights of law abiding Canadians,” the outcry over this legislative mandate has been considerable.

Academics, civil society, all opposing political parties, Internet service providers, and even public officials have continually criticized these bills for risking Canadian’s online security and privacy. As last drafted, the bills represent a dramatic and dangerous attempt to leverage online service providers as agents of state surveillance. They include new police powers that would allow Canadian authorities easy access to Canadians’ online activities, including the power to force ISPs to hand over private customer data without a warrant. Adding insult to injury, the legislation will also pave the way to gag orders that would prevent online service providers from notifying subscribers that their private data has been disclosed–a move that would make it impossible for users to seek legal recourse for privacy violations.

The dangers of these measures should not be underestimated. Openmedia.ca, CIPPIC, and other civil society groups have firmly denounced these spy bills and worked tirelessly to raise awareness about their true impact and intent. The wildly successful Stop Online Spying campaign, which began in June, now has over 75,000 signatures (please sign now if you haven’t already).

Canadian Privacy Debate Heats Up

On October 26, Federal Privacy Commissioner Jennifer Stoddart sent a letter to Vic Toews outlining her deep concern about the potential impacts of this online spying legislation prior to its reintroduction. Commissioner Stoddart reminded Toews that privacy protection “underpins our democratic freedoms…It allows us to exercise these freedoms openly, without fear, mistrust or censorship. This is why caution is so critical, to avoid the possible erosion of our free, open society.”

Public Safety Minister Vic Toews replied that he won’t budge on the government's online surveillance laws despite the "deep concerns" of Canada's privacy watchdog. Toews was quick to uphold his support of these bills, saying that:

Our approach strikes an appropriate balance between the investigative powers used to protect public safety and the necessity to safeguard the privacy of Canadians…As technology evolves, many criminal activities — such as the distribution of child pornography — become much easier. We are proposing measures to bring our laws into the 21st Century and provide police with the tools they need to do their job.

“Privacy Invasion shouldn’t be ‘lawful’”

A few days after Toews’ reply, Information and Privacy Commissioner of Ontario Ann Cavoukian came out strongly against the bills in the National Post:

I must add my voice to the growing dismay regarding the impact of impending ‘lawful access’ legislation in this country. In my view, it is highly misleading to call it “lawful.” Let’s call it what it is — a system of expanded surveillance.

Commissioner Cavoukian also sent a letter to Toews outlining the imminent threats they posed to Canadians’ privacy: “New powers must not come at the expense of the constitutional framework." Warrantless access to subscriber information is "untenable and should be withdrawn."

Christopher Parsons, a PhD candidate studying surveillance technologies, recently blogged that:

A large number of Canadians who look at these proposals may feel some unease but then quickly assert that the legislation is ultimately innocuous. The standard rhetoric is that ‘If you have nothing to hide then you shouldn’t fear this legislation.’ Such a statement obfuscates the realities of both contemporary policing and what studies demonstrate about how people actually versus rhetorically understand privacy…

…being situated in a wrong category can have significant implications on one’s life regardless of whether a person has ‘something to hide’ or not…. [What matters is] the ‘types’ of people one knowingly and unknowingly associates with, whom their associates are connected to, and the risk profiles that are assigned to those communicative partners and their colleagues…

The government has attempted to defend its stance on warrantless disclosure of subscriber information, arguing such identifiers are analogous to what can be found in a phone book. Many have pointed out the flaws in this analogy. Canadian Internet Law expert Professor Michael Geist explains:

While some of that information may seem relatively harmless, the ability to link it with other data will often open the door to a detailed profile about an identifiable person. Given its potential sensitivity, the decision to require disclosure without any oversight should raise concerns within the Canadian privacy community.

On the merits of Minister Toews’ analogy, Commissioner Cavoukian adds:

Consider just one of the new threats to our fundamental freedoms: police could force telecoms to provide the name, address and unique device number of people (enabling online tracking) who posted comments on newspapers' websites under pseudonyms - without a warrant, without explanation and in secret.

Canadian Lawyer, David Fraser, former Chair of the Canadian Bar Association’s National Privacy and Access Law Section, joined the debate and explained why lawful access legislation should not be allowed:

We expect to carry on our lawful lives free from police intrusion unless a judge can be persuaded that the police are justified in their intrusion into your life, including the fact that the intrusion relates to a lawful investigation into criminal wrongdoing. Lawful access would remove the only check and balance, allowing police the ability monitor citizens without any reason.

The heavy technical surveillance capacity obligations the legislation seeks to impose on ISPs even threaten Canada’s fragile competitive telecom environment. A lawyer for a coalition of independent ISPs outlined the risks such bills pose to small independent ISPs. ITWorldCanada notes, reporting on a recent panel:

“Assuming it will be the same act introduced in the last Parliament, “this isn’t going to be sustainable,” Chris Tacit, who acts for the Canadian Network Operators Consortium (CNOC), said Wednesday during a regulatory panel discussion at a conference in Toronto for independent ISPs.”

While no one can know what the new versions of the bills will look like, it is our hope that Toews will at least begin to consider the 75,000 Canadian voices opposing a law that would fundamentally jeopardize Canadian privacy and security.  If similar bills are introduced in the coming weeks or months, Canadians must mobilize to fight to protect their data from excessive state surveillance.

Source

November 22, 2011

People involved in a project to maintain a secret layer of the internet have turned to Amazon to add bandwidth to the service.

The Tor Project offers a channel for people wanting to route their online communications anonymously.

It has been used by activists to avoid censorship as well as those seeking anonymity for more nefarious reasons.

Use of Amazon's cloud service will make it harder for governments to track, experts say.

Onion router

Amazon's cloud service - dubbed EC2 (Elastic Compute Cloud) offers virtual computer capacity.

The Tor developers are calling on people to sign up to the service in order to run a bridge - a vital point of the secret network through which communications are routed.

"By setting up a bridge, you donate bandwidth to the Tor network and help improve the safety and speed at which users can access the internet," the Tor project developers said in a blog.

"Setting up a Tor bridge on Amazon EC2 is simple and will only take you a couple of minutes," it promised.

Users wishing to take part in the bridging project, need to be subscribed to the Amazon service.

It normally costs $30 (£19) a month. However, Amazon is currently offering a year's worth of free storage as part of a promotion, which Tor developers believe their users will qualify for.

Amachai Shulman, chief technology officer of data security firm Imperva believes that cloud services could have a big impact on Tor.

"It creates more places and better places to hide," he said.

"With cloud services it will be easier to create a substantial number of bridges. Amazon is hosting millions of applications and it will be difficult for governments to distinguish between normal access to Amazon's cloud and Tor access," he said.

Tor is short for The Onion Router, so named because of the multi-layered nature of the way it is run. It is also known as the dark net.

It has been in development since 2002 and works by separating the way communications are routed via the internet from the person sending them.

Data is sent through a complex network of 'relays' or bridges run by volunteers around the world. When someone receives data routed via Tor it appears to come from the last person in the relay rather than from the original sender.

Internet addresses are encrypted to add to anonymity.

Ugly face

The Tor Project has been praised for offering people living in repressive regimes an opportunity to communicate freely with others without fear of punishment. Activists have used it in Iran and Egypt.

But it is also used to distribute copyrighted content.

The people behind the Newzbin 2 website are suggesting its members use the network to continue sharing illegal downloads after BT blocked access to the site in the UK.

Tor is also used by people wanting to share images of child abuse. Hacktivist group Anonymous recently launched Operation Darknet which targets such abuse groups operating via the network.

"There is an ugly face to Tor," said Mr Shulman. "Studies suggest that most of the bandwidth is taken by pirated content."

While cloud services are unlikely to make Tor mainstream, the more bridges there are, the more anonymous the network becomes.

Imperva research estimates that there are currently "a few thousand" exit nodes on Tor - the points at which communications reveal themselves on the wider internet.

"There could be far more other nodes but it gives a sense of the size of the community," said Mr Shulman.

Access to Tor is not limited to fixed line communications.

Android users can access it via an application called Orbot and earlier this week Apple approved Covert Browser for iPad to be sold in its App Store, the first official iOS app that allows users to route their online communications through Tor.

Source

by Alex Wilhelm
November 17, 2011

After writing a rather lengthy and somewhat firey post on the Stop Online Piracy Act (SOPA) yesterday, I realized this morning that I didn’t know Microsoft’s position on the matter. As I edit our Microsoft channel, I immediately sent off a query to the company concerning the Act.

To my surprise it took some time to hear back, and when I did get word the response was ‘no comment.’ Obviously intrigued, I dug into the issue. As it turns out, ‘no comment’ is Microsoft’s official position on SOPA. The company has made no noise at all on the issue, other than what I would wager is a rather conspicuous silence.

But Microsoft did support the pre-SOPA Protect IP Act, something that SOPA did draw on heavily for its roots. To quote the official page on the House website: “The Stop Online Piracy Act (H.R. 3261) builds on the Pro IP Act of 2008 and the Senate’s Protect IP Act introduced earlier this year.” So we have Microsoft supporting the intellectual ancestor of SOPA, but that’s certainly not enough to say that the company supports SOPA outright.

We can, however, show that it does. And somewhat disingenuously, if I may. You see, Microsoft is a major player in the Business Software Alliance, along with Apple and 27 other companies. And the BSA supports SOPA. This is from a recent BSA bulletin:

The Business Software Alliance today commended House Judiciary Committee Chairman Lamar Smith (R-Texas) for introducing the “Stop Online Piracy Act” (H.R. 3261) to curb the growing rash of software piracy and other forms of intellectual property theft that are being perpetrated by illicit websites.

Yeah, how about that. In short, Microsoft is using a front group to throw its support behind SOPA, while publicly saying and doing nothing, thus avoiding our rancor and displeasure. Well, no, that won’t do at all.

The following list is every single member of the Business Software Alliance. Each of them is complicit in supporting SOPA unless they publicly distance themselves from the BSA on the issue. As the companies are, presumably, dues paying members of the BSA, they are financially supporting the enaction of SOPA.

• Adobe
• Apple
• Autodesk
• AVEVA
• AVG
• Bentley Systems
• CA
• Cadence Design Systems
• CNC Software – Mastercam
• Compuware
• Corel
• Dassault Systèmes SolidWorks Corporation
• Dell
• Intel
• Intuit
• Kaspersky
• McAfee
• Microsoft
• Minitab
• Progress Software
• PTC
• Quark
• Quest
• Rosetta Stone
• Siemens PLM Software, Inc.
• Sybase
• Symantec
• TechSmith
• The MathWorks

Source

November 17, 2011

The European Parliament has adopted a resolution which criticizes domain name seizures of “infringing” websites by US authorities. According to the resolution these measures need to be countered as they endanger “the integrity of the global internet and freedom of communication.” With this stance the European Parliament joins an ever-growing list of opposition to the Stop Online Piracy Act.

Starting in 2010, US authorities have used domain name seizures as a standard tool to take down websites that are deemed to facilitate copyright infringement.

Despite fierce criticism from the public, legal experts and civil liberties groups, taking control of domain names is now one of the measures included in the pending Stop Online Piracy Act (SOPA), legislation designed to give copyright holders more tools to protect their rights against foreign sites.

Opposition to SOPA has been swelling in recent days, and today the European Parliament adds its voice by heavily criticizing the domain seizures that are part of it.

A resolution on the EU-US Summit that will be held later this month stresses “the need to protect the integrity of the global internet and freedom of communication by refraining from unilateral measures to revoke IP addresses or domain names.”

If SOPA does indeed become law the US would be able to shut down domains worldwide, as long as they are somehow managed by US companies. This includes the popular .com, .org and .net domains, and thus has the potential to affect many large websites belonging to companies in EU member states.

This can lead to problematic situations.

During one of the seizure rounds earlier this year, US authorities took the domain name Rojadirecta, which belongs to the Spanish company Puerto 80. The site in question had been declared legal in Spain by two courts, but it only took a simple warrant for ICE to take it offline.

Puerto 80 is currently involved in a legal battle in the US to get their domain back, and has reportedly suffered significant losses in traffic and revenue from their streaming portal.

If SOPA passes and these seizures become common practice, thousands of companies will face the threat of losing their domains.

The RIAA and MPAA for example pointed out that they consider the Russian social networking site VKontakte and the Chinese media portal Xunlei as potential targets. These two companies employ hundreds, if not thousands of people, and both are even considering going public on the American stock exchange.

By adopting a resolution against domains seizures the European Parliament recognizes the dangerous precedent the pending SOPA legislation would set, and it wouldn’t be a surprise if more foreign criticism follows.

No country should have the ability to simply take over international domain names, and surely the US would feel the same if this plan was put in motion by a foreign country. Or as some 60 press freedom and human rights advocate groups put it in their letter to the US representatives:

“This is as unacceptable to the international community as it would be if a foreign country were to impose similar measures on the United States.”

Source

By Howard Solomon
November 16, 2011

Canadian Internet providers say they could be in financial trouble if they have to buy equipment to comply with the government's expected surveillance act

The Conservative government’s anticipated lawful Internet access law could financially wipe out small Canadian Internet service providers, warns a lawyer for a group ISPs

Assuming it will be the same act introduced in the last Parliament, “this isn’t going to be sustainable,” Chris Tacit, who acts for the Canadian Network Operators Consortium (CNOC), said Wednesday during a regulatory panel discussion at a conference in Toronto for independent ISPs.

“If a smaller ISP has to make major network changes it could be game over.”

The government has to face the possible economic impact for ISPs of all sizes, he added, but “crucial” for small service providers.

Tacit was supported by others on the panel.

The act “dramatically changes the world you live in right now,” said University of Ottawa Internet law professor Michael Geist. “It turns you into highly regulated bodies, but regulated by law enforcement.”

Jonathan Daniels, vice-president of regulatory law at BCE Inc., which owns Bell Canada [TSX, NYSE: BCE], said the carrier wants to see the final act and the accompanying regulations, which might outline government compensation for complying with the act. Regulations weren’t published when the proposed act was introduced in the last parliament.

“We have big concerns about the capital requirements” for equipment, Daniels, said as well for possible high annual operating costs of maintaining a real-time data surveillance system across the country.

The Investigating and Preventing Criminal Electronic Communications Act (numbered Bill C-52) was introduced in the last parliament but died when the May election was called.

The Harper government, which now has a majority, says its crime-related legislation will be re-introduced. It already started with an omnibus bill consolidating several pieces of legislation. Geist believes the lawful access act will be re-introduced into Parliament before the end of the year.

The law would give law enforcement agencies lawful access to certain subscriber information without a judicial warrant. Again, assuming the proposed act isn’t changed, within six months of coming into effect service providers would have to report to police what their networks look like and their real-time data surveillance capabilities. Law enforcement agencies would have the power to test a provider’s surveillance capabilities.

ISPs may have to add deep packet inspection (DPI) appliances to their networks, Geist warned, to meet the data surveillance requirements. Government may give ISPs three years to buy necessary equipment, he added.

Source

By David Kravets
November 16, 2011

Legislation that would prevent Americans from visiting websites the government claims are violating copyright rules had a tumultuous first hearing Wednesday, with its main sponsor unexpectedly expressing reservations over the bill’s scope.

Rep. Lamar Smith (R-Texas), one the chief sponsors of the bill, expressed uncertainty over allowing the Justice Department to obtain court orders demanding that American ISPs prevent users from visiting blacklisted websites. ISPs receiving such orders would have to alter records in the net’s system for looking up website names, known as DNS.

The House bill also allows the Justice Department to order search sites like Google to remove an allegedly “rogue” site from its search results.

“I’m not a technical expert on this,” the chairman of the committee said, adding moments later: “I’m trying to ferret this out.” When he introduced the package last month, however, he pronounced that the bill was needed because “Rogue websites that steal and sell American innovations have operated with impunity.”

In a marathon, 3.5-hour hearing before the 38-member House Judiciary Committee, lawmakers debated among themselves and with a panel of six witnesses, five of which favored the Stop Online Piracy Act. The committee took no immediate action, but it was apparent that the 79-page measure is likely to be amended, in no small part, due to a backlash from the tech community.

Much of the package is similar to a stalled Senate measure known as the Protect IP Act.

Both proposals amount to the holy grail of intellectual-property enforcement that the recording industry, movie studios and their union and guild workforces have been clamoring for since the George W. Bush administration under the theory that online copyright infringement is destroying American jobs.

Smith, who said “everybody in this panel is committed to fighting piracy,” noted commentary from internet security experts concerned over the fallout if the Justice Department begins ordering American internet service providers to stop giving out the correct DNS entry for an infringing website under the .com, .org and .net domains.

Putting false information into the DNS system — the equivalent of the net’s phonebook — would be ineffective, frustrate security initiatives and lead to software workarounds, according to a paper co-signed by security experts Steve Crocker of Shinkuro, David Dagon of Georgia Tech, Dan Kaminsky of DKH, Danny McPherson of Verisign and Paul Vixie of Internet Systems Consortium.

“These actions would threaten the Domain Name System’s ability to provide universal naming, a primary source of the internet’s value as a single, unified, global communications network,” they wrote.

In other words, the bill would break the internet’s universal character and hamper U.S. government-supported efforts to rollout out DNS-SEC, which is intended to prevent hackers from hijacking the net through fake DNS entries.

The bill’s big-pocketed proponents weren’t moved by those arguments.

Michael O’Leary, Motion Picture Association of America vice president, told Smith that, “it’s a concern, but frankly overstated.”

Rep. Zoe Lofgren (D-California) whose district includes Silicon Valley, expressed alarm that Google was the only company invited to testify against the bill. Google was peppered over and again by lawmakers asking why it it doesn’t simply stop rendering infringing sites in search results.

“The search engines are not capable of actually censoring the World Wide Web,” Lofgren said. “We need to go after people committing crimes.”

Katherine Oyama, Google’s policy council, responded at one point:

“We don’t control the World Wide Web,” she said, adding that Google does not know what sites are hosting infringing content unless the rights holder tells Google. When that happens, she said, Google usually stops displaying results pointing to that particular page within six hours.

The MPAA’s O’Leary countered later that, on a Google search, the in-theater-only movie J-Edgar has “a better chance that the Pirate Bay is going to end up ahead of Netflix” on a Google search.

Google, Facebook, LinkedIn, AOL, Yahoo, eBay, Mozilla, the Electronic Frontier Foundation, the American Civil Liberties Union and a host of other groups and companies oppose the measure, saying the bill will break the internet as we know it.

Not all members of the committee said the legislation needed work.

Rep. Bob Goodlatte (R-Virginia) said, “This is a good bill.”

Rep. Mel Watt (D-North Carolina) expressed some reservations, but said legislation was needed.

“Doing nothing is not an option,” he said. “Not only are online privacy and counterfeiting drains on our economy, they expose consumers to fraud, identity theft, confusion and to harm.”

John Clark, the security chief for Pfizer, testified that counterfeit drug sales run rampant on the internet.

“I see counterfeited medicines as attempted murder,” he said.

Troubling to Rep. Maxine Waters (D-California) was how the bill described what sites could be targed, those “dedicated to infringing activity.”

The House bill allows rights holders to demand that online ad services and credit card companies stop working with an allegedly infringing sites. The copyright holder need only allege the site is “dedicated to infringing activity” — as say Viacom alleges about YouTube, and if the ad service or credit card company does not quickly sever ties, they can be held liable. No court approval is needed to send such a letter.

“It imposes harsh, arbitrary sanctions without due process,” Google’s Oyama said.

Smith’s measure also grants the U.S. attorney general sweeping powers to block the distribution of workarounds, such as the MafiaaFire plugin on the Firefox browser, that let users navigate to sites that have been blacklisted or had their domain name seized.

Smith asked witness Maria Pallante, the U.S. Registrar of Copyrights, what she meant by her testimony that if “Congress does nothing,” the “U.S. copyright system will ultimately fail.”

“I don’t think,” Pallante said, “that’s an overstatement.”

It’s not clear how the copyright system is failing given that the Netflix streaming service counts more than 21 million subscribers, accounting for the largest share of peak internet traffic every night; that YouTube is paying millions out to copyright holders; and an increasing number of people get their online music from paid and ad-supported services such as Pandora, Spotify, Rdio, Amazon and iTunes.

Source

By Nate Anderson
November 16, 2011

A major new survey of American attitudes to online copyright infringement has found that 70 percent of all 18 to 29-year-olds have pirated music, TV shows, or movies. But almost no Americans are hardcore grog-swillers, and two-thirds of those who do acquire copyrighted material without permission also acquire content legally.

The new research comes courtesy of a forthcoming report called Copy Culture in the US and Germany, and it was done by some of the same researchers who worked on the groundbreaking Media Piracy in Emerging Economies report earlier this year. Data comes from a Princeton Survey Research Associates telephone poll of 2,303 American adults during the month of August; a Google grant funded some of the research.

The poll found that 46 percent of all Americans have engaged in piracy, but that young people skew the numbers significantly. And while it found that piracy is common, it also found that most is relatively casual. Only 2 percent of Americans are “heavy music pirates” with more than 1,000 tracks of infringing music; only 1 percent of Americans are heavy TV/movie pirates with more than 100 infringing shows or films.

For most people, downloading music and video goes hand-in-hand with acquiring it legally; less than one-third of admitted pirates copped to owning an entire collection of illicit material. And large numbers of pirates have already altered their behavior in response to more attractive legal services for acquiring content.

When it comes to music, 46 percent of American pirates said that they grab unauthorized music less than they used to thanks to legal streaming services (and the survey was done before Spotify launched in the US). For video, 40 percent of pirates have already curtailed their activity thanks to legal alternatives like Netflix.

As for video game pirates, they're negligible. Only 3 percent of homes with game consoles have machines modified to accept pirated discs.

The takeaway: Americans pirate, but few are engaged in some kind of principled War Against Copyright. Most just want easy access to legal material and are willing to pay reasonable fees to get it (see the success of iTunes, Netflix, and the Kindle for examples of this in action). Indeed, only 16 percent of Americans believe that it's acceptable to upload pirated content to sites where anyone can download it, only 8 percent say posting pirated content to Facebook would be acceptable, and only 6 percent think selling copies of pirated content is okay.

Oh—and piracy isn't gendered. The survey found that “men outpolled women by 2 percent or less” when it came to piratical behavior.

Source

16 November 2011

Throttling worse than France and Germany

Tests suggest that the UK's ISPs are the worst offenders in Europe when it comes to 'throttling' broadband connections, the New York Times has reported.

Broadband speeds on BT connections appeared to be throttled in 74% of the tests carried out using a tool, called Glasnost, developed by the Max Planck Institute in Germany.

Internet connection speeds are often intentionally slowed-down in order to provide a more reliable service. However these tests suggest that speeds are inhibited to a greater extent in the UK than in many other countries.

How does the UK compare globally?

Speeds appeared to be restricted in 32% of the tests made globally, while 23% of the tests made on US networks were reported as being intentionally impaired. Internet providers in Germany were among those who appear to be less likely to hinder speeds, with 16% of tests showing signs of throttling.

Dr Rob Reid, scientific policy advisor at Which?, said: 'If these figures are correct they highlight a common industry practice that has a significantly negative impact on the quality of service that consumers sign up for. ISPs must be much more transparent about how they are managing traffic on their networks. They must provide clear consumer information on traffic management at the point of sale so consumers can make informed choices about the service they choose.'

The report claims that BT isn't the only offender in the UK and that tests for throttling also exceeded 50% for other British operators, including Virgin Media (identified as NTL/Telewest) and TalkTalk (as Opal Telecom, Pipex and Tiscali).

BT's response

BT contacted Which? to provide the following statement: 'BT is transparent about slowing down peer-2-peer traffic at peak times to ensure all customers receive a good online experience. This ensures that customers streaming video and browsing web pages are able to enjoy prompt delivery of their real-time demands. BT’s Fair Usage Policy, which is one of the most liberal among major ISPs, is available to customers on BT's website. The reported Glasnost data refers to defunct operators, such as NTL and Telewest, who became Virgin Media in 2006, and also Tiscali, who’s UK business became part of TalkTalk in 2009, which raises a question mark about the quality of the research.'

The Max Planck Institute, however, told PC Pro that while the old ISPs names are listed it 'does not have any implication on the date of the results, which were all gathered in 2011.'

Source

Michael Geist
November 17, 2011

Earlier this fall, I wrote about the return of file sharing lawsuits to Canada as the copyright owners of the film the Hurt Locker obtained a court order requiring three major ISPs - Bell, Videotron, and Cogeco - to reveal the identities of dozens of subscribers alleged to have downloaded the movie. I noted that the targeted Canadians would likely face the prospect of demands to pay thousands of dollars in order to settle the case (or spend thousands in legal fees fighting the claims in court).

Several months later, sources advise that the demand letters to alleged file sharers have been sent. Assuming the content of the letters mirrors that found in the U.S. (which it likely does), the subscribers face demands to pay $2900 to settle the case, which increases to $3900 if the target does not accept the offer within three weeks. A copy of a recent U.S. letter can be found here. The system is so automated that there is a website devoted to the settlements with "all major credit cards accepted."

It is worth repeating that the industry was specifically asked about the possibility of Hurt Locker lawsuits making their way to Canada when they appeared before the Bill C-32 committee.  The response:

Ted East: We're not interested in sweeping up the John Does. We're looking for legislation that basically stops online piracy and illegal file sharing, which requires changes to the bill that exists. Whatever laws we have here are going to be different from those in the United States. As Patrick referred to earlier, we need massive education, because a significant portion of the population in Canada, particularly younger people, have grown up in an environment where piracy seems to be okay, where it has no consequences. We have notice and notice, but everybody that they know is doing it, so changes have to be made.

Bill C-11 tries to address the issue by creating a $5,000 cap on liability for non-commercial infringement, yet the Hurt Locker case suggests that does not go far enough. A better approach would be to eliminate statutory damages in non-commercial cases altogether. That change, which would bring Canada into line with most of its trading partners, would allow for full $20,000 per infringement liability for commercial infringement, while requiring claimants to offer evidence of actual damages in non-commercial cases. Without such a change, the government is still leaving the door open to thousands of potential lawsuits against individuals.

Source

Michael Geist
Wednesday November 16, 2011

The U.S. Congress is currently embroiled in a heated debated over the Stop Online Piracy Act (SOPA), proposed legislation that supporters argue is needed combat online infringement, but critics fear would create the "great firewall of the United States." SOPA’s potential impact on the Internet and development of online services is enormous as it cuts across the lifeblood of the Internet and e-commerce in the effort to target websites that are characterized as being "dedicated to the theft of U.S. property." This represents a new standard that many experts believe could capture hundreds of legitimate websites and services.

For those caught by the definition, the law envisions requiring Internet providers to block access to the sites, search engines to remove links from search results, payment intermediaries such as credit card companies and Paypal to cut off financial support, and Internet advertising companies to cease placing advertisements. While these measures have unsurprisingly raised concern among Internet companies and civil society groups (letters of concern from Internet companies, members of the US Congress, international civil liberties groups, and law professors), my weekly technology law column (Toronto Star version, homepage version) argues the jurisdictional implications demand far more attention. The U.S. approach is breathtakingly broad, effectively treating millions of websites and IP addresses as "domestic" for U.S. law purposes.

The long-arm of U.S. law manifests itself in at least five ways in the proposed legislation.

First, it defines a "domestic domain name" as a domain name "that is registered or assigned by a domain name registrar, domain name registry, or other domain name registration authority, that is located within a judicial district of the United States." Since every dot-com, dot-net, and dot-org domain is managed by a domain name registry in the U.S., the law effectively asserts jurisdiction over tens of millions of domain names regardless of where the registrant actually resides.

Second, it defines "domestic Internet protocol addresses" - the numeric strings that constitute the actual address of a website or Internet connection - as "an Internet Protocol address for which the corresponding Internet Protocol allocation entity is located within a judicial district of the United States."

Yet IP addresses are allocated by regional organizations, not national ones. The allocation entity located in the U.S. is called ARIN, the American Registry for Internet Numbers. Its territory includes the U.S., Canada, and 20 Caribbean nations. This bill treats all IP addresses in this region as domestic for U.S. law purposes.

To put this is context, every Canadian Internet provider relies on ARIN for its block of IP addresses. In fact, ARIN even allocates the block of IP addresses used by federal and provincial governments. The U.S. bill would treat them all as domestic for U.S. law purposes.

Third, the bill grants the U.S. "in rem" jurisdiction over any website that does not have a domestic jurisdictional connection. For those sites, the U.S. grants jurisdiction over the property of the site and opens the door to court orders requiring Internet providers to block the site and Internet search engines to stop linking to it.

Should a website owner wish to challenge the court order, U.S. law asserts itself in a fourth way, since in order for an owner to file a challenge (described as a "counter notification"), the owner must first consent to the jurisdiction of the U.S. courts.

If these measures were not enough, the fifth measure makes it a matter of U.S. law to ensure that intellectual property protection is a significant component of U.S. foreign policy and grants more resources to U.S. embassies around the world to increase their involvement in foreign legal reform.

U.S. intellectual property lobbying around the world has been well documented with new Canadian copyright legislation widely viewed as a direct consequence of years of political pressure. The new U.S. proposal takes this aggressive approach to another level by simply asserting jurisdiction over millions of Canadian registered IP addresses and domain names.

Source

By Ms. Smith
November 14, 2011

As seen at a secret conference open only to law enforcement and intelligence agencies, vendors offered cell phone capturing equipment and lessons about location tracking via mobile phones. Does it, however, violate the Fourth Amendment? Do you give up a reasonable expectation of privacy and freedom from being tracked by carrying a cell phone?

Tracking via mobile devices continues to be a popular, yet extremely invasive means of electronic location surveillance with law enforcement. We looked at secret sessions that teach government and law enforcement how to hack and conduct surveillance on the masses. At that same ISS World Americas conference, there were several teaching sessions devoted to mobile devices and vendors promoting surveillance tech and cell phone capturing equipment. TeleStrategies taught a session that included, "Transforming cell records and location data into actionable intelligence, Smart Phone intercept and wireless provider business model, Apple iPhone, Google Android and LTE Challenges."

Utimaco LIMS presented "SMS, the forgotten source of intelligence!" VASTech, whose tech was used by Gadhafi’s security agents to record "between 30 and 40 million minutes per month from both landline and mobile phone conversations," demonstrated "Satellite Signal Analyzer" Discover de Sky. And Berkeley Varitronics Systems, which puts out technology like the Squid, taught Handheld Tools for Cell Phone Direction Finding and Location. Septier taught Mobile Location Tracking that is based on a Integration of an in network GMLC and Tactical Cellular Location Direction Finders.

If the government knows your location and knows who you are via cell phone tracking, CNN reported it can "reveal our private associations and relationships with one another. The government could make note of whenever people being tracked crossed paths or spent time together, showing who our friends, associates and lovers are." Does it, however, violate the Fourth Amendment?

On The Volokh Conspiracy, Orin Kerr wrote about the oral arguments in the United States v. Jones GPS case. "Justice Sotomayor and Ginsburg were both very worried about the Big Brother implication of using GPS devices: I counted 5 or so references to Orwell's 1984." David Kravets at Wired also mentioned that SCOTUS saw shades of 1984 in the case. According to Reuters, Justice Sotomayor wanted to know "how far the government could go, questioning whether the police could put a computer chip in a person's overcoat or could monitor and track everyone through their cell phones. 'That's really the bottom line'." Justice Stephen Breyer told the government's attorney, "If you win this case, there is nothing to prevent the police or government from monitoring 24 hours a day every citizen of the United States. The real issue here is whether this is reasonable."

So what is a reasonable expectation of privacy? Do you automatically give up a reasonable expectation of privacy by carrying a cell phone? Whether you are using your smartphone or not, it continues to ping towers if it is on and to register your location. Senator Mark Udall said of the 'secret law' of the Patriot Act, "When the American people find out how their government has secretly interpreted the Patriot Act, they will be stunned and they will be angry." Then Julian Sanchez for Cato @ Liberty reported that it "most likely includes unfettered government access to geolocation data from your smartphone. That might mean cell phone records for all of us that may be turned over in mass quantities by wireless phone service providers."

The ACLU has been looking into how, why and when law enforcement can use mobile phone location data to track Americans, and then obtained 2010 records for how long your cell phone provider stores that data for law enforcement access. There is very little oversight on how authorities secretly track the movements of Americans via cell phones.

The Wall Street Journal noted, "The use of cellphone tracking by authorities is among the most common types of electronic surveillance, exceeding wiretaps and the use of GPS tracking, according to a survey of local, state and federal authorities." WSJ has been following the use of 'stingrays' which can "locate a mobile phone even when it's not being used." These stingrays spoof cell phone towers, snag and record the unique ID numbers, traffic data and the location of the device before sending it on to a real cell phone tower. Authorities drive around, gathering the signal strength from a target's mobile device to connect the dots for an accurate location. Wired reported the feds said they are "perfectly within their rights" to fake a "Verizon cellphone tower to zero in" on the location of a suspect without needing a warrant.

In "we don't need no stinking warrant," Mobile Privacy pointed out, "The reason for using tools such as this is to circumvent the need to get information from carriers directly, which requires a subpoena, and a court order and possibly even a search warrant depending on the information requested. By intercepting the signals with these devices, law enforcement is able to essentially cut out the middle man."

While governments may not want info leaked about such systems, The Guardian reported that UK police are using Datong plc as a "covert surveillance technology that can masquerade as a mobile phone network, transmitting a signal that allows authorities to shut off phones remotely, intercept communications and gather data about thousands of users in a targeted area." It is a "suitcase-sized device that can remotely disable phones, intercept communications, record unique IDs and track you in real time." CNET got confirmation that the U.S. Secret Service has also done business with Datong plc in the past. Richi Jennings wrote, "This is all being justified on the grounds of fighting terrorism -- specifically, preventing bombs being triggered by an text-message received by a disposable mobile phone. We're also 'assured' that use of such equipment for interception requires government authorization."

So in the name of fighting that terrorism and other crime, at ISS World Americas, Geocell, LLC presented Cell Phone Intelligence Training and "why we can't keep ignoring this extremely valuable data!" This session included:

Introduction to Law Enforcement Surveillance Capabilities Regarding: Cell phones, Landlines, and the Internet, including, traps and traces/pen registers [Communications Assistance for Law Enforcement Act (CALEA) deliveries], geolocations, field cell phone locations, "target developments", and communications intercepts ("wiretaps"); and, capabilities that are required to conduct real-time surveillances.

How can you use the data in your cases? Including activation and subscriber information, payment information, communications("call") detail records (CDRs) (with, and without, geographic data), stored communications such as the content of text messages, voicemails, and emails, and, surveillance options: traps and traces/pen registers (CALEA deliveries), geolocations, cell phone locations, "target developments", communications intercepts ("wiretaps"), and, the prepaid cell phone myth, including what are Mobile Virtual Network Operators (MVNOs)?

The surveillance technology to track the locations of Americans via their mobile devices is certainly not going away. We are unlikely to stop carrying our cell phones, so the upcoming SCOTUS ruling on GPS tracking and a "reasonable expectation of privacy" will deeply affect us all. As the ACLU's Catherine Crump wrote, "The genius of the Constitution is that its limits on the government can still be applied in a modern world that the framers could scarcely have imagined. Anyone who values privacy should hope that the Court ensures the government cannot use technological advances to undermine the liberties this country was founded on."

Source

Jolie O'Dell
November 14, 2011

“When Bob and I started writing the specs for the Internet in 1973…”

Only a handful of people can start a sentence anything like that.

Today, Vint Cerf, one of the godfathers of the Internet, stood on a stage at the Google campus and addressed attendees of Atmosphere, the company’s cloud computing event.

With his snow-white beard and three-piece suit, Cerf looked like something out of a Jules Verne novel, subtly different from the Brooks Brothers army he faced.

And he spoke as one who still sees a world of freedom, innovation and possibility in the Internet.

Today, Cerf gave the audience strong words on contemporary issues of intellectual property, open-source development and the need for better security — not on the part of developers or companies, but on the part of normal Internet users.

Cerf on patents versus freedom

When asked what he would tell the developer of the Next Big Thing, the technology that could replace the Internet, Cerf said, “Shoot the patent lawyer.”

The room, which was full of chief information officers for large, proprietary companies, burst into both laughter and applause.

Cerf continued, “Bob [Kahn] and I knew we could not succeed if we tried to protect the Internet’s design. As it turns out that worked out really well, and I think that’s still pretty good advice.”

Cerf also spoke out against the Department of Homeland Security’s recent seizures of websites, such as last year’s seizure of scores of music sites and communities for copyright violations, which he called “a blunt instrument that can and should be exercised much more carefully.

As the one site owner told this correspondent at the time, the sites were being seized “without any previous complaint or notice from any court… While I was contacting GoDaddy I noticed the DNS had changed. Godaddy had no idea what was going on and until now they do not understand the situation, and they say it was totally from ICANN [via the Department of Homeland Security].”

Cerf said this was a step out of line, even in the name of IP protection. “Even our own government is beginning to go overboard in the protection of copyright…

“The open ability to develop new applications and try them out has been vital to the Internet’s growth and to the space in which we currently operate. It has interesting ways of enhancing both sides of the equation.”

He told the audience, “Remember, governance is a big word that includes human rights, freedom of speech, economic transactions on a worldwide basis — it touches everything. It’s everywhere, and that’s why Internet governance is topic A in many corners.”

Cerf on identity & security

Cerf also talked about a topic quite close to Google’s heart: the ability to traverse the Internet anonymously, if one so chooses. Google’s own suite of social tools, Google+, recently came under heavy fire for allowing its users to sign up only with their “given names,” linking their online activities with their real-world identities.

However, this decision has been reversed, due in no small part to the backlash from hackers inside Google’s own campus — including Cerf.

“We should preserve our ability to be anonymous or pseudonymous,” he said today, “but we also need strong authentication tools.” While certificates, Cerf said, are “not working too well,” users still and will always need secure ways to prove who they really are.

“We have serious work to do as a community to implement new technologies and… improve security on the Net.”

One of the main points Cerf made about security wasn’t about the need for better programmatic ways of thwarting attacks; rather, he said, consumers themselves need to get smarter about where their information goes when they click and browse around the web.

“I am comfortable that we have some good technologies for basic cryptography,” he said. “What worries me are all the other avenues that people can get information without having to break code.”

He said a recent episode of >spear phishing attacks on Gmail users “is a case in point… People clicked on those messages because they look credible.”

Cerf continued, “I’m much more worried about these open avenues for attack [including social and email attacks and malware from browsers], the social engineering, the tricking… we’re going to have to teach our children and each other much more about… the risk factors of doing certain things on the Net.”

Cerf on mobile

“When we bring technologies into being, we assume that the new technology will wipe out the old one,” said Cerf. He noted this assumption is incorrect; rather than destroying old systems, new technologies often enhance them, he said.

For example, Cerf noted, “The newspaper is in decline. News is not and should not be in decline… This is Darwin’s observation: Adapt or die. We have to figure out how our business models can operate under new conditions.”

When it comes to mobile devices and mobile ways of connecting to the Internet, Cerf said, “The immediacy of the mobile changes it from what we’re accustomed to in the personal computing world to something that’s instantaneous…What’s interesting and powerful about the mobile environment is that it’s connected to services on the Internet. This augments both platforms.”

And since mobile is still so new, Cerf said that ecosystem is more ripe for creative hacking than almost any other. “For systems in which you already have a lot of hardware and software, change is difficult,” he said.

“That’s why apps are so popular.” He continued to say that the infrastructure of mobile devices, operating systems and applications allow for more flexibility and innovation, because there aren’t too many legacy layers underneath.

Cerf on the Internet of things

Keeping in mind that he spoke at a cloud conference, Cerf said, “The cloud won’t do you any good unless you can connect to it. The stats have to include the reliability of the network connections that get you to the cloud… We have to keep the infrastructure in mind.”

Part of that infrastructure are the devices we use to connect to what we call “the cloud.” In addition to the evolving world of mobile devices and connectivity, Cerf also talked about other connected devices, a new way of thinking about what the Internet is and how it’s used: The Internet of things.

“I used to tell jokes about Internet-enabled lightbulbs,” he said. “I can’t tell jokes about it anymore — there already IS an Internet-connected lightbulb.”

But, Cerf said, “I also have an Internet-connected sensor system in my house.” Cerf’s home automation system controls such factors as light and temperature. While he said it sounds like a deeply nerdy indulgence, he told the Atmosphere audience, “The reason I’m doing it is very practical. I want to have data on how the heating ventilation and air conditioning system is performing.

“Many of you are CIOs of your businesses: Real data counts, and data drives the business.”

Source

November 3, 2011

BT has started blocking access to the controversial website Newzbin 2.

But the group behind the site claims that its users are still able to access it via a workaround that it issued in September.

Newzbin 2 is a members-only site which aggregates a large amount of the illegally copied material found on Usenet discussion forums.

Last month the movie industry won the right to impose blocks via BT.

BT told the BBC that the block had come into force on 2 November.

It is implementing the blocks by tweaking software developed to prevent users from finding websites showing images of child abuse.

"Newzbin have offered their customers a client for over a month that they claim will bypass Cleanfeed. However we're not in a position to comment on whether that claim is true or not," said a spokesman.

The group behind Newzbin 2 commented: "We've heard that the British Telecom censorship of the free web has begun."

It told the BBC that 93.5% of its active UK users have downloaded the workaround software.

It is not willing to reveal how the code attempts to get around the Cleanfeed block.

However, tests run by website TorrentFreak found that the program relies on encryption to hide communication between users and Newzbin2.

Another technique it uses is to route all traffic through a well-established system known as TOR, which masks the identity of users and what they are trying to look at.

TorrentFreak reports that some users are getting an error message when attempting to access the site.

Some are able to get to it by typing the raw IP address into their browser, while others are relying on the anti-blocking software provided by Newzbin.
Copyright infringement

The court case against BT was brought by the Motion Picture Association and is the first of its kind in the UK.

It is expected that other ISPs will be taken to court in coming months in order to impose further blocks on the site.

The MPA has described Newzbin as a "criminal organisation whose business model is based on wholesale copyright infringement".

The first version of the Windows program Newzbin2 members will use to get at the site was released in September. Versions for Apple's OSX and Linux are planned.

"Newzbin2 shall go on, its users shall continue to access the site and its facilities," the Newzbin team told the BBC.

"Nothing has changed and they [the MPA] have no change after paying millions of dollars in legal fees," it added.

Source

By Christopher Williams
November 4, 2011

Record labels have issued an ultimatum to BT demand in it blocks its six million broadband customers from accessing the Pirate Bay, one of the world’s biggest unlawful download websites.

The BPI, a record industry lobby group, has asked BT to voluntarily embargo the website following a landmark High Court victory for the film industry. Hollywood studios successfully sued BT to block access to Newzbin2, another website involved in copyright infringement.

In a letter yesterday, the BPI gave BT 14 days to respond to its request before it would launch a similar action.

“Now that the High Court has clarified the law, as a sector we need to keep up the pressure on these illegal sites,” said John Smith, general secretary of the Musicians’ Union and deputy chair of the Creative Coalition Campaign.

“For too long The Pirate Bay has been allowed to attack the livelihoods of individual artists and session musicians. We hope that BT will voluntarily block this prolific, illegal site.”

The Pirate Bay has been at the front line in the battle between the record and film industries and unlawful downloaders for eight years. It was founded by Swedish anti-copyright activists and acts as an index of files available via BitTorrent, a peer-to-peer filesharing network.

The website has resisted several attempts by record labels to close it down directly and become a totem for their critics. The request to BT marks an attempt to simply block users from accessing it, a strategy the industry is pursuing across Europe, with some success in Denmark, Ireland, Italy, Belgium and Sweden.

“It is crucial that the creative sector keeps up the momentum of getting internet companies to do their bit in tackling illegal sites,” said Richard Mollet, chief executive of the Publishers Association.

“The law is clear: the Pirate Bay is illegal, it can and should be stopped,” he added.

The BPI said it wrote to the Pirate Bay over summer with a request to remove links to a list of 1,000 pirated songs and albums, but got no response. Its chief executive Geoff Taylor said the website was "no more than a huge scam on the global creative sector".

A spokesman for BT indicated it would not voluntarily block the Pirate Bay.

"We can confirm we are now in receipt of a letter from the BPI. BT is considering its response," he said.

"In line with the Newzbin judgment, a court order will be needed before any blocking could begin. BT is currently focused on implementation of that order."

The High Court order for BT to block access to Newzbin2 was widely viewed as a legal landmark.

It showed that internet service providers could be held responsible for copyright infringement via their networks under existing law. Under the Human Rights Act, the judge found that the film industry's right to protect their property outweighed the rights to free expression of BT and its subscribers.

The film industry has said it hopes other major internet service providers will block access to Newzbin2 without further court action. BT has cut off access using Cleanfeed, a system developed to block websites that distribute images of child abuse.

Source

Darlene Storm
November 9, 2011

Geeks and security freaks are my favorite kind of people; it's a compliment, the same as being a hacker. They may not have always been considered cool labels, but most who fall in that category are not concerned about what people think. Instead of public opinion, these types of people apply their curiosity to other more important matters. 700 such security-minded individuals, ranging from DOD officials to members of the IT industry, recently met to discuss how to do a better job protecting military and commercial cyberspace. Cyberspace is considered a domain by the DOD and needs offensive and defensive protections the same as air, land, sea and space.

The U.S. Department of Defense reported on the mindboggling and perhaps migraine-inducing job to protect networks from attackers and cyberspies. DARPA Director Regina E. Dugan said, "The potential capability for cyber mayhem makes cyber security 'one of the most intense challenges of our time.'...Malicious cyberattacks are not merely an existential threat to our bits and bytes. They are a real threat to an increasingly large number of systems that we interact with daily, from the power grid to our financial systems to our automobiles and our military systems."

Army Gen. Keith B. Alexander, commander of U.S. Cyber Command and Director of the NSA, added, "When you look at the vulnerabilities that we face in this area, it's extraordinary. What we see is a disturbing trend, from exploitation to disruption to destruction." The DOD wants to "create special 'hunter teams' to actively look for computer viruses and malware" as part of "a 'dynamic' perimeter-defense network."

Alexander said cloud computing could manage serious cyber threats, but that's not the end of it. From protecting this nation from tech tainted with Trojans and embedded with malware, to keeping counterfeit or defective mission-critical hardware out of the ballistic missile defense system, America faces huge security challenges daily. According to the National Counterintelligence Executive Report to Congress [PDF], China and Russia cyberspies are hell-bent on espionage and trying to steal U.S. secrets in cyberspace. Last year there were said to be 440 million new hackable points on the smart grid and this year DHS warned that hacktivists might point, click, destroy industrial control systems.

Have skills and need a job in this cruddy economy? There's been a desperate need for hackers for a long time, hackers as in white hats, pen testers, and cyberwarriors. Earlier this year, DHS was facing "a trio of potential nightmares" which included cybersecurity, homegrown terrorists and intelligence sharing. There's "a shortage of sophisticated hackers to fill the cybersecurity gap." DARPA announced the DOD research wing was ready and willing to pay hackers to help block cyber threats. This year's Spot the Fed at DefCon wasn't too hard, being that about every acronym you could name was there: FBI, IRS, DOD, DHS, NASA, NSA all looking to recruit cyberwarrirors. And DARPA is still asking for hackers to help them.

Yeah, yeah, I know, it's an unpopular thing to say and much less attention-grabbing than say Antisec hackers mangling and pwning defense contractor Booz Allen Hamilton. The hacker label has become a bit tarnished in the age of AntiSec and Anonymous hacking like it's the 90s again. "It's a trap" seems to be the mindset of many hackers when asked if they might ever consider working for the government. This is not unique to the USA.

The Chaos Computer Club (CCC) in Germany turned 30 and OWNI interviewed Andy Müller-Maguhn who has been a part of the Chaos Club since 1985 when he was 14. The conversation turned from 30 years of political hacking, to former CCC hackers who were linked to intelligence agencies - sometime against their will. But after visiting a hacking conference in America, Müller-Maguhn was surprised to see how openly the U.S. government recruits hackers. "If you came here and asked someone to hack for the government, they will send you on your way," he said. "But if you entice them with a technical challenge that's relevant to their field, and a little money, it's not so clear cut. They do that very well. It's like the story of the boiling frog."

But instead of being flipped from the darkside into an FBI informant, or finding out you are indeed a boiling frog caught in a trap, would you consider hacking for Uncle Sam? Cybersecurity is one of the few fields that is "somewhat immune to spending and budget cuts." Input/Deltek estimated that security is growing by 9% yearly. "Federal government contracts alone amount to over $9 billion today and are projected to grow to $13.3 billion by 2015."

Jeff Moss, aka @TheDarkTangent, told the New York Times, "With the rise of hacktivism, now the people who break into you tell you they break into you. A little bit of public humiliation is going to go a long way in helping the security industry clean up." And The Atlantic quoted Moss as saying, "They need people with the hacker skill set, hacker mind-set. It's not like you go to a hacker university and get blessed with a badge that says you're a hacker. It's a self-appointed label -- you think like one or you don't."

Source

By Timothy B. Lee
November 9, 2011

In a Monday court filing, Warner Brothers admitted that it has issued takedown notices for files without looking at them first. The studio also acknowledged that it issued takedown notices for a number of URLs that its adversary, the locker site Hotfile, says were obviously not Warner Brothers' content.

Hotfile has been locked in a legal battle with Hollywood studios since February; the studios accuse the site of facilitating copyright infringement on a massive scale. Hotfile counters that it is immune from liability for the infringements of its users because it complies with the notice-and-takedown procedures established by the Digital Millennium Copyright Act. But Hotfile has also tried to turn the tables by arguing that one of the studios, Warner Brothers, has itself violated the DMCA by issuing bogus takedown requests.

In a September filing, Hotfile described how it provided Warner Brothers with an automated takedown tool to enable the studio to rapidly remove content it believed to be infringing. As we described it at the time, the studio doesn't seem to have used the tool very carefully:

Hotfile alleges that Warner Brothers abused this tool by submitting thousands of takedown requests for files it didn't own. Hotfile suggests these requests were generated by automated crawlers without adequate human supervision. For example, Warner Brothers owns the copyright for the 2009 movie The Box. Hotfile alleges that Warner Brothers scraped websites for hotfile.com links containing the phrase "the box," which of course led to takedowns for dozens of files that were clearly not Warner Brothers content. For example, Warner Brothers sought the removal of an audiobook called "Cancer: Out Of The Box" and a BBC production of "The Box that Saved Britain."

Indeed, some of the removed files were clearly not infringing at all. Hotfile says that the most popular file removed by Warner Brothers was a free software title that had been uploaded to Hotfile by its publisher. Warner Brothers also sought the removal of the file with the URL "http://hotfile.com/contacts.html and give them the details of where the link was posted and the link and they will deal with the @sshole who posted the fake."

No, that's not a misplaced quotation mark. A scraper apparently misidentified part of a web comment as an infringing URL, and no one at the studio noticed the mistake.

In the Monday court filing, Warner Brothers confirmed key details of Hotfile's story. In particular, Warner admitted that it submitted takedown requests for "Cancer: Out Of The Box," "The Box that Saved Britain," and that "@ssholes" URL.

Warner Brothers also tacitly acknowledged removing the free software title, which it characterized as "software that had been posted alongside infringing Warner content in order to facilitate the rapid downloading of the infringing Warner content." The studio also requested removal of some gaming software, though it insists it did so with the permission of the relevant copyright owners.

The studio also "admits that it did not (and did not need to) download every file it believed to be infringing prior to submitting the file's URL" to the Hotfile takedown tool. That's because "given the volume and pace of new infringements on Hotfile, Warner could not practically download and view the contents of each file prior to requesting that it be taken down."

This is interesting because the DMCA requires a copyright holder issuing a takedown notice to state that it has a "good faith belief that the use of the material in the manner complained of is not authorized by the copyright owner, its agent, or the law." It's hard to see how anyone at Warner Brothers could have formed any beliefs—good faith or otherwise—about files it admits that no human being at Warner had even looked at.

The recently-proposed Stop Online Piracy Act, which is backed by the major Hollywood studios, would give copyright holders new powers to cut off websites' access to payment processors and advertising networks. It even includes a new DMCA-style notice-and-takedown scheme. But given the cavalier way that Warner Brothers has used the powers it already has under the DMCA, policymakers may be reluctant to expand those powers even further.

Source

by Mike Masnick
November 9, 2011

from the speak-up dept

When I went to Washington DC a few weeks ago with other entrepreneurs and venture capitalists, one of those whom I had the pleasure of meeting and walking the halls of Congress with was David Ulevitch, the CEO of OpenDNS, the world's largest DNS and internet security service. His service protects over 30 million people every day, and is currently used to protect people in approximately one-third of every public K-12 school. Hearing his story and his concerns about PROTECT IP and SOPA was really eye-opening. He's someone who clearly understands DNS and DNS/IP blocking better than probably anyone. And he told me that if SOPA were in place when he was first creating OpenDNS, he wouldn't have bothered. The liability would be just too great.

David has now penned an open letter to Congress, which we've embedded below, asking Congress to reject SOPA and PROTECT IP as being extremely bad bills that will have massive unintended consequences, hurting jobs and internet security at the same time. Here are just a few excerpts:

It’s likely that if SOPA and PIPA existed when I started my company, we would have incorporated outside of the United States and all of the jobs and investment that I have put into the economy would have been taken elsewhere. I expect many businesses will make the decision to incorporate elsewhere should this legislation pass and it’s possible that existing corporations will relocate to more entrepreneur-friendly countries.

My company invented many of the specific techniques that SOPA and PIPA would require all domestic Internet Service Providers and companies like mine to employ. Needless to say, we understand the censorship technology being proposed in this legislation and we are deeply concerned. While the aims of protecting IP and reducing piracy are noble, there are many reasons why SOPA and PIPA are dangerous as currently written. Here are the three that impact my business most:

1. It will, by definition, be overbroad, as there is no way to censor only illegal content without harming legitimate uses on sites as well. This is particularly true in light of the broad notion of “sites dedicated to infringing activity.”
2. Through their requirements to block websites, these bills will create a domestic Internet firewall designed to censor websites equivalent to the “Great Firewall of China” that is used to suppress information. If we implemented such a solution we would be setting a terrible example for the rest of the world, including countries we criticize for the same behavior like Iran, Syria, and China.
3. They will burden companies with an onerous level of liability for all user-generated content. What the bills propose would be akin to requiring the phone company to be responsible for the legality of every phone call that takes place. With that kind of regulation, companies will spend more on lawyers and litigation than they will on hiring and innovating. Existing laws like the Digital Millennium Copyright Act already provide a satisfactory legal framework to remove copyright infringement and enforce intellectual property rights.

It's difficult to argue that Ulevitch doesn't know what he talks about. He runs the largest DNS provider in the world. How much longer will Congress continue to ignore the people who actually understand the technology they're trying to regulate?

Source

November 10, 2011

Belgian music royalty collecting agency Sabam has once again stepped up to enforce their strict copyright regime. Today the group announced that it will bill Internet providers for allowing subscribers to play and download copyrighted songs. Sabam claims it is entitled to this compensation based on existing copyright law, and is demanding 3.4 percent of the monthly fee paid by subscribers.

Royalty collection agencies are known for going to extremes as they go about claiming money on behalf of artists and music composers.

In this respect Belgian group Sabam is one of the most aggressive of its kind. Earlier this year it was revealed that they even collect money for artists that don’t exist.

Today Sabam is making the headlines again, and this time they want to see money from Internet providers (pdf). The music group is claiming 3.4 percent of Internet subscriber fees as compensation for the rampant piracy that they enable through their networks.

Sabam base their claim on a provision in the Copyright Act of 1994, which states that authors should be paid for any “public broadcast” of a song. According to Sabam, downloads and streams on the Internet are such public broadcasts, and they are therefore entitled to proper compensation. This 3.4 percent share is the same amount as the copyright fees on cable television.

But even in the event they begin to receive payments, Sabam stresses that any compensation would by no means legalize piracy. The license fee is only meant to legitimize the ISPs part in transferring these unauthorized files.

The Belgian Internet providers, who are also involved in a longstanding legal battle with Sabam over a network-broad piracy filter, believe the demands of the music rights group make little sense.

“It’s their interpretation of the law, but that is not legally justified,” Belgacom spokesman Jan Margot told De Standaard in a response.

IT lawyer Matthias Dobbelaere agrees that Sabam’s interpretation might be a bit far-fetched: “I don’t think such a broad interpretation of copyright law will hold up,” he noted.

The decision of the music rights group to claim a share of subscriber fees comes after they were unable to reach a workable solution in direct talks with ISPs. The ISPs say they would rather focus on offering legal alternatives than quibble over piracy, a point also noted by Minister of Economy Vincent Van Quickenborne.

“The timing is unfortunate, just as Belgacom and others come to the market with a range of legal streaming services,” a spokesman for the Minister said, adding that his department would look into the legal issues.

Aside from the question of whether the law provides for such an Internet licensing fee, the 3.4 percent figure seems unfair as only a minority of the Internet users transfer unauthorized music.

The plan would mainly hurt legitimate consumers who will have to pay more for their Internet access. Perhaps even much more, as the movie, book, software, gaming, photography and other industries will also claim their share of the booty.

Source

By Emil Protalinski
November 10, 2011

Summary: German authorities are looking to sue Facebook over its use of facial recognition technology. The argument is over opt-in versus opt-out. Facebook insists the latter is compliant with the law.

Johannes Caspar, data protection commissioner for the German state of Hamburg, today declared he is preparing legal action against Facebook and will soon fine the company over its use of biometric facial recognition technology. He said “further negotiations are pointless” because the company had ignored a deadline he set for it to remove the feature. German authorities could fine Facebook up to €300,000 ($420,000).

For its part, Facebook continues to reject Caspar’s position, saying the feature satisfies German law because it is easy to disable. This may be true, but one of the founding principles of German data protection law is that users must opt-in, not merely have the option to opt-out, before data can be collected about them.

“This requires storing a comprehensive database of the biometric features of all users,” the organization wrote in a German-language statement published on its website, according to a translation by Deutsche Welle. “Facebook has introduced this feature in Europe, without informing the user and without obtaining the required consent. Unequivocal consent of the parties is required by both European and national data protection law.”

“We believe that any legal action is completely unnecessary,” a Facebook spokesperson said in a statement. “[The] tag suggest feature on Facebook is fully compliant with EU data protection laws.”

When you upload new photos, Facebook uses software similar to that found in many photo editing tools to match your new photos to other photos you’re tagged in. Similar photos are grouped together and, whenever possible, Facebook suggests the name(s) your friend(s) in the photos. In other words, the square that magically finds faces in a photo now suggests names of your Facebook friends to streamline the tagging process, especially when the same friends are in multiple uploaded photos. Facebook rolled out Tag Suggestions across the US in December 2010, but only in June 2011 did it start pushing it out to many other countries, including Germany.

European Union data-protection regulators started looking into the feature almost immediately after Facebook began rolling it out worldwide.

A month later, Germany threatened Facebook with legal action saying the technology violates the country’s privacy and data protection laws. Facebook has repeatedly come under fire in Germany, where privacy is a particularly sensitive issue for historical reasons.

Source

By Trevor Timm
November 7, 2011

During the past week, momentum against the House’s draconian copyright bill has gained steam, as venture capitalists, Internet giants and major artists have denounced it for handing corporations unprecedented power to censor countless websites and stifle free speech. In response, the bill’s big-pocketed supporters have gone on the offensive, attempting to mislead the public about the bill’s true reach. In a particularly egregious example, the Chamber of Commerce posted an attack on its website insisting that the Stop Online Piracy Act (SOPA) is not a “blacklist bill."

Before they even saw the House bill, they started calling it the “New Internet Blacklist Bill.” Blacklist?  That sounds pretty bad. But before we get carried away, let’s take a look at the actual language of the actual legislation. Can YOU find a blacklist? No? Can you find a list of ANY kind? No?

Of course the word “blacklist” does not appear in the bill’s text—the folks who wrote it know Americans don’t approve of blatant censorship. The early versions of PROTECT-IP, the Senate’s counterpart to SOPA, did include an explicit Blacklist Provision, but this transparent attempt at extrajudicial censorship was so offensive that the Senate had to re-write that part of the bill. However, provisions that encourage unofficial blacklisting remained, and they are still alive and well in SOPA.

First, the new law would allow the Attorney General to cut off sites from the Internet, essentially “blacklisting” companies from doing business on the web.  Under section 102, the Attorney General can seek a court order that would force search engines, DNS providers, servers, payment processors, and advertisers to stop doing business with allegedly infringing websites.

Second, the bill encourages private corporations to create a literal target list—a process that is ripe for abuse.  Under Section 103 (cleverly entitled the “market based” approach), IP rightsholders can take action by themselves, by sending notices directly to payment processors—like Visa, Mastercard, and PayPal—demanding that they cut off all payments to the website. Once notice is delivered to the payment processor, that processor has only five days to act.1 The payment processor, and not the rightsholder, is then responsible for notifying the targeted website. So by the time Visa or Mastercard—who will no doubt be receiving many of these notices—processes the notice, informs the website, and the website decides whether to file a counter notice, the five days will almost certainly have elapsed. The website will then be left without a revenue source even if it did nothing wrong.

Third, section 104 of SOPA also allows payment processors to cut websites off voluntarily—even if they haven’t received a notice. Visa and Mastercard cannot be held accountable if they cease processing payments to any site, as long as they have a “reasonable belief” that the website is engaged in copyright violations of any kind. Hmm, wonder how long it will take big media to publicly post a list of allegedly infringing sites, and start pressuring payment processors to cut them off? As long  the payment processors are willing to comply, the rightsholders can essentially censor anyone they see fit. Even well-meaning payment processors might do this to avoid liability down the road.

The potential for rampant abuse is obvious—whether it’s a frivolous claim that wouldn’t withstand the scrutiny of the official process or an attempt to put an emerging competitor at an extreme disadvantage.

Clearly, contrary to the Chamber of Commerce’s rhetoric, SOPA gives rightsholders many ways to blacklist a website: they can hope the attorney general acts, they can cut off a website with a notice, or they can give notice unofficially and let the payment processors do their dirty work for them. Please help keep the Internet free and take action to help stop this bill!

Source

by Glyn Moody
November 9, 2011

from the don't-give-them-ideas dept

Back in April of this year, the Russian government put out a tender:

Last week, Roskomnadzor, Russian Federal Service for Telecoms Supervision, announced a public tender for developing Internet monitoring system. According to the tender, the budget for such system is 15 million rubles (about $530,000) and the job applications should be submitted by April 15, 2011. The system needs to be developed by August 15, 2011 and the testing period should end on December 15, 2011.

The stated purpose of the monitoring system was quite specific:

The major target of the monitoring, at least according to the Russian officials, is not traditional media websites or blogs, but comments at the online media outlets (it is important to note that the monitoring system is intended to be used for the content of the sites officially registered as online mass media).

Here's what it would be searching for:

Michail Vorobiev, an assistant to the head of Roskomnadzor, told [ru] Russian information agency RIA Novosti that the system's purpose was to discover content recognized by the Russian law as illegal. Such system will be based on two elements: a storage that would contain illegal materials (some sort of "thesaurus of illegal keywords") and the search system that will scan through the online space and compare the online text with the illegal content in the storage.

The description of the tender is a long and openly published document [ru], so what exactly the system should look for is not a secret. The number and the nature of goals that the search robot should achieve are surprising. It goes ways beyond incitement of national hatred or appeals to violence. In includes not only terrorism, appeals to actions that threaten constitutional order, materials that disclose classified security information, propaganda of drugs and pornography, but also false information about federal and regional officials, as well as content that threatens the freedom and secrecy of choice during elections. Another interesting goal is to discover content with hidden embedded components that seek to influence subconsciousness. If it’s not enough, the program would monitor not only textual, but also visual content (photos and videos).

It's hard to see how a system costing just half-a-million dollars could achieve all that. And as Russian commentators have pointed out, allowing just a few months for the development and testing is equally suspicious:

For instance, Maksim Salomatin from Park.ru says [ru] that the fact that participants of the tender should finish the work on the system in impossible 3 months means that, probably, Roskomnadzor has in mind some particular organization that has already worked on this program.

In other words, perhaps the whole tendering process was a formality, and things had already been moving forward on this front in the background for some time. Support for that theory comes from the fact that despite the "impossible 3 months" of development, the system will indeed be rolled out next month:

Roskomnadzor, Russian telecommunications control body, will launch content monitoring system in December 2011, Kommersant.ru reports [ru]. The system ordered in March, 2011 (see GV analysis here) is now in pre-release condition. Its documented abilities allow the monitoring of up to 5 mln keywords published at the websites registered as online mass media outlets. It will also monitor user comments. The experts fear that the scale of monitoring will extend to non-registered blogs and sites.

As that points out, the danger is that once such a system is up and running, it will be progressively extended to include first "unofficial" media sites like blogs, and then, eventually, everything online. That might also explain why the tender quotes such a ridiculously small figure: the final system would be pretty expensive, but revealing that fact in the original tender would give away the true scope.

The question then becomes: what will the authorities do with all that information? Since 2010, Roskomnadzor has been able to require online mass media to remove illegal comments, so it will presumably do the same when content is flagged up by the new system. But the very breadth of the online search is troubling, including as it does things like "false information about federal and regional officials", something that could clearly be used against whistle-blowers.

Moreover, the danger here is not just for Russian citizens. Once again we are seeing a government striving to keep a much closer watch on key parts of the Internet – in this case, mass media sites. Assuming it succeeds -- or at least claims to have succeeded -- that is likely to encourage other countries to do the same.

Although it would be nice to think that only "repressive" governments would even think of doing such a thing, recent proposals by politicians in the US and Europe regarding blocking sites and spying on users indicate how naïve that would be.

Source

November 8, 2011

Soon the European Court of Justice will have to decide whether an Internet service provider can be forced by a music rights group to proactively filter all of its traffic – both inbound and outbound – for copyright infringements. As detailed in a new paper by intellectual property expert Cedric Manara, the notion is fraught with difficulties and the potential for collateral damage huge.

While most eyes are on the Internet-breaking potential of the proposed PROTECT IP and SOPA legislations in the United States, there is a huge decision pending for the European Court of Justice.

The case involves the Belgian music rights group SABAM and Internet service provider Scarlet. The pair have been locking horns for some time, with the former demanding that the latter install filtering devices on its network to monitor customer communications and stop them if they attempt to send or receive copyrighted music.

In 2007 SABAM initially won their case, but the mandated Audible Magic fingerprinting system did not perform which meant that Scarlet could not comply with the court order. The court reversed its decision and the case went to the Brussels Court of Appeal. The case is now awaiting a ruling from the European Court Of Justice.

In advance of the ECJ decision, intellectual property expert Prof. Cedric Manara has published an enlightening paper that investigates the potential consequences of implementing such a draconian filtering system.

In his paper Manara argues that such a system would be illegal, since communications of all Scarlet subscribers would have to be spied on in order to work out what information they are sending or receiving. Furthermore, this spying would have to be carried out by a private anti-piracy company, one which would have to be given authority to check all customer traffic for apparent wrong-doing.

“Indeed, to be able to seek out all infringements of copyright, one would have to screen every electronic communication,” writes Manara, adding that SABAM is seeking to shift the costs of doing so to intermediaries, an act he describes as “disproportionate”.

Manara notes that the legal concerns are numerous. Article 15 of the Electronic Commerce Directive states that providers may not be subject to “a general obligation to monitor the information which they transmit or store, nor a general obligation actively to seek facts or circumstances indicating illegal activity.” Simply put, providers are already forbidden by law to install a filtering system of the nature demanded by SABAM.

One of the most serious drawbacks of this kind of filtering is the effect it can have on legitimate activity. SABAM’s list of musical ‘fingerprints’ is non-negotiable and would block the transfer of any material matching them, potentially affecting legitimate parties.

“With such a measure aimed at filtering and blocking everything listed in the collective management society comprehensive way possible, one can imagine a video whose creator or producer wishes to put online; it would be blocked as soon as it was recognized by the access provider leading also to unsolvable conflicts of interest between the artists and producers themselves, both having distinct rights over the same works,” writes Manara.

And what happens when Internet subscribers or indeed copyright holders want to put some of their legally purchased or indeed personally created music into “the cloud”? The filtering system is nowhere near ‘smart’ enough to work out the legality of that and would simply block the transaction. “Fair Use” does not exist in the world of copyright filtering.

“Thus it can be seen that the proposed measure may lead to paradoxical results with respect to copyright, forbidding certain actions in the name of the copyright holder himself or herself, or authorized person,” Manara adds.

As previously noted, the Audible Magic fingerprinting system has already failed to perform, which creates what Manara describes as a “double jeopardy” situation for service providers.

An order which requires an ISP, in this case Scarlet, to block infringements or face punishment would be unfair, not least because it would be forced to operate a technical solution developed and selected by third parties. Not only would the ISP have to pay for it, but would also be found liable when it inevitably failed to perform 100% of the time.

“To make [the ISP] liable for the fact that an effective system does not exist goes against the principle of lex cogit ad non impossibilia,” writes Manara. In other words, the law does not contemplate the impossible.

But the problems don’t stop there. The notion that an ISP is a “mere conduit” of information is torn apart if a court orders the provider to start spying on and interfering with subscriber traffic.

Furthermore, as previously pointed out by Advocate General Cruz Villalón in his advice on the case, the effect of a filtering order would extend outside Scarlet’s customer base to subscribers of other ISPs, since Scarlet customers may very well be communicating with them on the Internet.

“Should they be warned that these blockings have taken place, and how? Do they have recourse against their contractual counterpart, the latter having proceeded to block because of a legal order?” the paper questions.

“The contemplated measures are so general that they would conflict with many other legal rules, let alone endanger some fundamental rights,” says Manara, adding in conclusion that they are excessive and, most importantly, will not be effective.

Block the Filtering! A Critical Approach to the SABAM Cases can be downloaded here (pdf)

Source

November 3, 2011

Wireless data usage, contracts are consumers' main sore points, report says

Complaints from Canadians about their wireless and home-phone services more than doubled in 2010-11, mostly involving wireless problems.

The commissioner for complaints to telecommunications services says complaints jumped by 114 per cent in 2010-11 over the previous year to 8,007. The agency is an independent, industry-financed body established by the federal government in 2007 to resolve consumer complaints against telecom companies.

The CCTS said most of the 8,007 complaints it fielded this year were about wireless services, and almost all of these were about billing errors or contract disputes.

It suggested that much of the increase in the number of complaints is due to growing public awareness of the agency. It said the numbers are likely to increase as awareness of the complain process grows. As well, a recent Canadian Radio-television and Telecommunications Commission decision expanded the agency's mandate to cover all telecom service providers.

Data usage complaints

In its annual report, the agency said charges for data usage produce a lot of complaints from consumers who don't know the limits of their plans or have no idea how much data they use. The report urged the industry to take steps to increase consumer confidence in data measurements.

It also suggested consumers needed to monitor usage more effectively: "This way, even customers who did not understand what a megabyte or gigabyte represents might have ensured that they did not exceed their data usage allowance.

Many customers don't fully understand how their devices use data, it said.

"For example, in some of our investigations, we determined that a substantial amount of the customers' data usage was caused by applications working in the background, with the customer having no idea that these applications were regularly conducting operations that consumed significant amounts of data."

The report said contracts also cause problems, with many complaints about early-termination charges. But the agency can only check the contract to make sure the charges are clearly detailed.

"As much as customers must be diligent in reviewing the terms of their contract before committing, service provider contracts must be clearly understandable," said Howard Maker, the complaints commissioner.

Of all complaints listed in the report, the companies complained about were led by:

• Bell — 29.3%.
• Telus — 17.3%.
• Rogers — 16.9%.
• Fido — 8.2%.

The agency can save people money in some instances. In one anonymous case study included in the report, a business had its phone system breached by hackers who ran up $20,000 in long-distance calls.

In investigating, the agency found that the terms of service for the business phone didn't clearly lay out the customer's liability in such a case. The charges were eventually waived.

The agency looks at complaints about most telecom services, from home phones to internet services, wireless services, long-distance service and even such things as pre-paid calling cards.

Source

Michael Geist
November 08, 2011

The enforcement of Canada’s net neutrality rules, which govern how Internet providers manage their networks, was in the spotlight earlier this year when documents obtained under the Access to Information Act revealed virtually all major Canadian ISPs have been the target of complaints, but there have been few, if any, consequences arising from the complaints process.

The documents painted a discouraging picture, with multiple complaints against Rogers Communications due to the throttling of online games going seemingly nowhere, while a complaint against satellite Internet provider Xplorenet languished for months until the Commission threatened to launch a public proceeding.

In the aftermath of document disclosures, my weekly technology column (Toronto Star version, homepage version) notes there has been slow but steady change.

In September, the Canadian Radio-television and Telecommunications Commission, the agency that established and enforces the net neutrality rules (known as Internet traffic management guidelines) issued a new advisory on responding to complaints and enforcing the rules.

The best aspect of the advisory was a commitment to publish quarterly reports featuring a summary of the number and types of complaints it has received, including the number of active and resolved complaints. Moreover, any findings of non-compliance will be published on the Commission’s website and will include the Internet provider’s name and the nature of the complaint.

While the move toward greater transparency is welcome and an important step in pressuring Internet providers to comply with the guidelines, the changes will only really matter if the CRTC steps up its enforcement activity.

On the enforcement front, it appears the Commission is prepared to adopt a more muscular approach. Rogers will be the first Internet provider to face enforcement actions, the result of painstakingly detailed complaint over the throttling of online games (thereby rendering some unusable) by the Canadian Gamers Organization.

The dispute over Rogers’ practices have dragged on for months even as one international report found that the cable giant is the world’s most aggressive user of throttling technologies. The Commission dismissed several early complaints after Rogers provided assurances that it had fixed any concerns. Yet the CGO continued to investigate the effect of Rogers throttling practices, using the results to contest Rogers’ claims and file additional complaints.

Late last month, the CRTC advised both parties that it was sending the matter to its enforcement branch for further action. The move sends a clear signal that the Commission is no longer content to allow Internet providers to adopt a whack-a-mole approach that involves temporary fixes that fail that to address the more fundamental problem that their traffic management technologies are seemingly unable to comply with Commission requirements.

If the Commission is serious about enforcement, the Rogers case will only be the beginning. Bell recently advised its wholesale Internet provider customers that it was dropping its throttling practices, citing reduced network congestion from peer-to-peer file sharing.

The Bell advisory raises the prospect that the company’s current retail throttling practices may now violate the CRTC's guidelines. While Bell says its network congestion has been reduced, its retail throttling practices have remained unchanged, throttling peer-to-peer applications from 4:30 pm to 2:00 am.

Given the decline in congestion, a CRTC complaint might ask whether the current throttling policy "results in discrimination or preference as little as reasonably possible" and ask for explanation why its data cap policies "would not reasonably address the need and effectively achieve the same purpose as the ITMP." Moreover, Bell is hardly the only Canadian ISP that has justified its traffic management practices on network congestion from peer-to-peer traffic, raising the possibility of further enforcement actions.

The CRTC still requires tougher penalty power - it does not have the power to levy financial penalties for net neutrality violations - but the outcome of the Rogers case will send a strong signal on whether the Commission is now serious about enforcing net neutrality rules in Canada.

Source

By Ryan Paul
November 7, 2011

A group of Internet activists gathered last week in an Internet Relay Chat (IRC) channel to begin planning an ambitious project—they hope to overcome electronic surveillance and censorship by creating a whole new Internet. The group, which coordinates its efforts through the Reddit social networking site, calls its endeavor The Darknet Project (TDP).

The goal behind the project is to create a global darknet, a decentralized web of interconnected wireless mesh networks that operate independently of each other and the conventional internet. In a wireless mesh network, individual nodes can relay data for other nodes, ensuring that the routing of data remains robust as nodes on the network are added and removed. The idea behind TDP is that such a network would be resistant to censorship and shutdown because there would be no central point of control over the infrastructure.

"Basically, the goal of the darknet plan project is to create an alternative, more free internet through a global mesh network," explained a TDP organizer who goes by the Internet handle 'Wolfeater.' "To accomplish this, we will establish local meshes and connect them via current infrastructure until our infrastructure begins to reach other meshes."

TDP seems to have been influenced in part by an earlier unofficial effort launched by the Internet group Anonymous called Operation Mesh. The short-lived operation, which was conceived as a response to the Anti-Counterfeiting Trade Agreement (ACTA) and its potential impact on Internet infrastructure, called for supporters to create a parallel Internet of wireless mesh networks.

The idea is intriguing, but it poses major technical and logistical challenges, and it's hard to imagine that TDP will ever move beyond the conceptual stage. The group behind the effort is big on ideas but short on technical solutions for rolling out a practical implementation. During the IRC meeting, they struggled to coordinate a simple discussion about how to proceed with their agenda.

Still, despite TDP's dysfunctional organizational structure and lack of concrete strategy, their message seems to resonate with an audience on the Internet. And enthusiasm for mesh networks and decentralized Internet isn't isolated to the tinfoil hat crowd; serious government programs aim at producing similar technology. Earlier this year, the New York Times reported on a US government-funded program to create wireless mesh networks that could help dissidents circumvent political censorship in authoritarian countries.

As repressive governments continue to get better at thwarting circumvention of their censorship tools, dissidents will need more robust tools of their own to continue propagating information. The US State Department seems to view decentralized darknets as an important area of research for empowering free expression abroad.

A growing number of independent open source software projects have also emerged to fill the need for darknet technology. Many of these projects are backed by credible non-profit organizations and segments of the security research community. Such projects could find a useful ally in the TDP if they were to engage with the growing community and help mobilize its members in a constructive direction.

Unlike TDP, the original Operation Mesh coordinators had specific technologies in mind: they highlighted the I2P anonymous network layer software and the BATMAN ad-hoc wireless routing protocol as the best prospective candidates. Both projects are actively maintained and have modest communities, though the I2P website is currently down. Promising projects like Freenet develop software for building darknets on top of existing Internet infrastructure.

Another group that might benefit from broader community support is Serval, a project to create ad-hoc wireless mesh networks using regular smartphones. The group has recently developed a software prototype that runs on Android handsets. They are actively looking for volunteers to help test the software and participate in a number of other ways.

TDP members who are serious about fostering decentralized Internet infrastructure could meaningfully advance their goals by assisting any of the previously mentioned projects. The growing amount of popular grassroots support for Internet decentralization suggests that the momentum behind darknets is increasing.

Source

November 8, 2011

OpenMedia.ca commends LPC House Leader Garneau for standing up for Canadians’ privacy rights

The movement against online spying took one giant leap today when Marc Garneau, the Liberal Party of Canada’s House Leader, released the party’s position on the pending online spying (“Lawful Access”) bills. The Liberals’ statement is in line with concerns expressed by OpenMedia.ca, the Stop Online Spying Coalition, Canada’s Privacy Commissioners, and the 75,000+ Canadians who have signed the petition at http://StopSpying.ca.

The Liberals’ statement raises concerns about the warrantless nature of the proposed legislation. Under the online spying bills, authorities would have unprecedented access to Canadians’ personal information, without judicial oversight.

The letter reads:

"the Liberal Party of Canada (LPC) is against granting police access to personal information (subscriber or otherwise) without a warrant. The intent to include warrantless access to subscriber data was affirmed by the Honourable Mr. Toews on the floor of the House at the introduction of C-10."

"Almost every party except the Conservatives has recognized what a slippery slope the online spying bills are," says Steve Anderson, Executive Director of OpenMedia.ca. "With every major political party and 8 in 10 Canadians against these measures, it’s past time the government put some reasonable privacy safeguards in place."

The Liberal Party, New Democratic Party, Green Party, and privacy commissioners from every province and territory have spoken out against the government’s proposed online spying legislation.

Liberal Party Statement (pdf)

Source

Ann Cavoukian
October 31, 2011

I must add my voice to the growing dismay regarding the impact of impending "lawful access" legislation in this country. In my view, it is highly misleading to call it "lawful." Let's call it what it is - a system of expanded surveillance.

At issue is the anticipated re-introduction of a trio of federal bills that will provide police with much greater ability to access and track information, via the communications technologies we use every day, such as the Internet, smart phones and other mobile devices. I have no doubt that, collectively, the legislation will substantially diminish the privacy rights of Ontarians and Canadians as a whole.

Let's take a brief look at the surveillance bills, which were introduced prior to the last election:

• Bill C-50 would make it easier for the police to obtain judicial approval of multiple intercept and tracking warrants and production orders, to access and track e-communications.
• Bill C-51 would give the police new powers to obtain court orders for remote live tracking, as well as suspicionbased orders requiring telecommunication service providers and other companies to preserve and turn over data of interest to the police.
• Bill C-52 would require telecommunication service providers to build and maintain intercept capability into their networks for use by law enforcement, and gives the police warrantless power to access subscriber information.

I well understand the attraction for law enforcement officials - the increased ability to access and track our e-communications, with reduced judicial scrutiny, would put a treasure trove of new information at their fingertips.

However, we must be extremely careful not to allow the admitted investigative needs of police forces to interfere with or violate our constitutional right to be secure from unreasonable state surveillance. The proposed surveillance powers come at the expense of the necessary privacy safeguards guaranteed under the Charter of Rights and Freedoms. The federal government must be persuaded to acknowledge the sensitivity of traffic data, stored data and tracking data, and strongly urged to re-draft the bills. For a start, the proposal for warrantless access to subscriber information is untenable and should be withdrawn. If special access to subscriber information is considered to be absolutely necessary, it must take place under a court-supervised regime.

The government needs to step back and consider all of these implications. A comprehensive cost-benefit analysis should precede the entrenchment of so many significant public policy decisions. Public Parliamentary hearings must also be scheduled to ensure that civil society, as well as the telecom industry, has a full opportunity to provide input.

Canadians must press the federal government to publicly commit to enacting muchneeded oversight legislation in tandem with any expansive surveillance measures. Intrusive proposals require, at the very least, matching legislative safeguards. The courts, affected individuals, future Parliaments and the public must be well informed about the scope, effectiveness and damaging negative effects of such intrusive powers.

We can, and must, have both greater security and privacy, in unison. It cannot be one at the expense of the other. The true value of privacy must be recognized in any effort to modernize law enforcement powers. Imposing a mandatory surveillance regime on the public and its telecom service providers must not o forward withut strong safeguards to protect the future of our fundamental freedoms.

Source

by Greg Sandoval
November 6, 2011

NEW YORK--The four largest record labels are unhappy with the way the courts have interpreted the Digital Millennium Copyright Act in recent years and may need to ask Congress for changes, according to Jennifer Pariser, the attorney who oversees litigation for the Recording Industry Association of America.

The DMCA is just not providing the kind of protection against online piracy that Congress intended, Pariser said at a conference here on Thursday.

"I think Congress got it right, but I think the courts are getting it wrong," Pariser said during a panel discussion at the NY Entertainment & Technology Law Conference. "I think the courts are interpreting Congress' statute in a manner that is entirely too restrictive of content owners' rights and too open to [Internet] service providers.

"We might need to go to Congress at some point for a fix," Pariser added. "Not because the statute was badly drafted but because the interpretation has been so hamstrung by court decisions."

Following the panel, Pariser clarified that nobody at the RIAA has asked anyone on Capitol Hill for action and there's no plan to do so in the near future. But Pariser is among the first high-ranking entertainment executives to acknowledge that the battle to protect copyrights online, at least in the courts, has gone against content owners.

The DMCA is supposed to balance the rights of content producers with those of Web service providers. The law limits the liability of service providers for copyright violations committed by their users--provided they obey certain guidelines. For example, a service provider must remove infringing content quickly after being notified by a copyright owner and must boot users who repeatedly post pirated material.

Another requirement involved is known as "red-flag knowledge." Service providers can't have direct participation in infringement of course but also must not have knowledge or a reason to know of direct infringement.

This "red flag" requirement is at the core of where the courts have fallen down, says Pariser as well as others on the side of content owners. In the three most notable copyright cases on this issue, the judges have seemingly chopped away at the red-flag requirement, rendering it almost meaningless, say content owners.

In 2007, Viacom--the conglomerate behind MTV, Paramount Pictures, and Comedy Central--alleged in a $1 billion copyright suit that YouTube and parent company Google encouraged users to post unauthorized video clips copied from movies and TV shows. Viacom argued that the vast amounts of pirated video on the site--prior YouTube's development of a content filter--made it obvious to anyone of the copyright violations on the site. Viacom's lawyers also pointed to e-mails they claim shows YouTube managers were well aware that their service was loaded with infringing materials.

That kind of knowledge isn't enough to violate the red-flag requirement, according to District Judge Louis Stanton. A service provider must have knowledge of specific violations, and YouTube has always said that it is impossible for the company to determine whether a clip of a movie or TV show was uploaded illegally by some teen in his basement or it was posted for promotional reasons by a studio business managers and completely legal.

The judge in Universal Music Group's copyright suit against Veoh, as well as the judge in EMI vs. MP3tunes.com, issued similar findings. The courts have now determined the burden of policing the Web for infringing materials is the content owner and not the service provider.

Content companies think it is unfair for them to be required to spend resources on scouring the Web when their pirated work helps service providers make money. What they complain about almost as much is that after they notify a service provider of an infringing song or movie clip and they're removed, new copies appear almost immediately.

Source

November 6, 2011

News-Service.com, one of the leading Usenet providers with many prominent resellers, has terminated its services with immediate effect. The shutdown is the direct and unavoidable outcome of a two-year battle with Dutch anti-piracy outfit BREIN, which was eventually decided against the Usenet provider. News-Service announced that it will appeal the decision “out of principle” as it threatens the entire 30-year-old Usenet community.

Two years ago BREIN, representing the movie and music industries, took News-Service.com (NSE) to court.

Although the name NSE might not ring a bell with many people, it is the largest usenet provider in Europe and has many high-profile resellers such as Usenext.

Through the court BREIN demanded that the NSE delete all infringing content from its servers, and six weeks ago the Court of Amsterdam sided with the copyright holders.

In an attempt to keep their service operational, NSE asked the Court to put the execution of the verdict on hold while the Usenet provider appealed its case, but this week that request was denied. As a result NSE was forced to shut down its services.

“This means that we are forced to cease our operations with immediate effect,” NSE said in a statement.

Despite the setback the Usenet provider will persist with its appeal, not least because the landmark verdict could have disastrous consequences for other Usenet providers.

“For reasons of principle, News-Service.com will not accept the verdict and has lodged an appeal,” NSE announced.

The verdict of the Amsterdam Court is very similar to the one that decimated BitTorrent site Mininova two years ago. It requires NSE to finding a way to identify and delete all copyrighted files from its servers, which is practically impossible.

Aside from threatening many other Usenet providers, a similar judgement would also mean the end of file-hosting sites such as Megaupload, and other cloud storage services including Dropbox. All these services remove copyrighted files when they are asked to, but policing their own servers proactively may prove to be impossible.

BREIN is nevertheless delighted with the verdict of the court. “It is a breakthrough step to further dismantle the availability of illegal content on Usenet,” director Tim Kuik said previously.

It wouldn’t be a surprise if BREIN now waves this verdict in the face of other Usenet providers, in the hope of shutting them down. Using this same tactic BREIN has already managed to pull hundreds of (small) torrent sites offline in the Netherlands.

TorrentFreak contacted NSE to ask what the decision means for their resellers and whether they have plans to “go abroad” in some shape or form. We will update this article when a response comes in.

Source

by Don Reisinger
November 4, 2011

The Central Intelligence Agency (CIA) has established a compound in Virginia that focuses on one very important aspect of international espionage: social network spying.

According to the Associated Press, which was provided some insight into the CIA's operations, the Open Source Center, a team also known as the "vengeful librarians," analyzes up to 5 million tweets a day to gauge public opinion around the world. The group also examines messages shared via Facebook and comments made in Internet chat rooms, in addition to listening in on more traditional forms of information dissemination, such as TV news channels and local radio stations.

But before U.S.-based privacy advocates get too concerned about the CIA's practices, it's worth noting that the entirety of its actions, the center's director, Doug Naquin, told the AP, centers on the examination of social activity in other countries.

The U.S. government is barred by law from spying on tweets, Facebook messages, or e-mails sent by U.S. citizens without a warrant.

According to the AP, the Open Source Center was first established after the 9/11 attacks to combat international terrorism. But now, the group told the AP, its focus goes far beyond a focus on terrorism, and examines public opinion on a host of matters around the world.

For example, the group told the AP, it provided information to "the highest levels at the White House" on the Middle East's reaction to this year's killing of Osama bin Laden. The group told the AP that it found that the majority of Urdu tweets and Chinese tweets were negative, seeming to indicate that the Pakistani people and Chinese were not pleased with the news. After President Obama announced bin Laden's death, reactions on social networks were negative in several countries in the Middle East.

The stakes appear to be high for the vengeful librarians. According to the AP, their analyses of tweets, messages, and other citizen reactions around the world find their way into the President's daily briefings, and thus, play a role in his decision-making.

However, even though the intelligence community has continued to say that it doesn't engage in any spying of U.S. citizen communications, not everyone is so convinced.

In 2009, for example, Greg Nojeim, an attorney for the Center for Democracy and Technology sat down with CNET to discuss the possibility of the U.S. government spying on its citizens' online communications. As far as he was concerned at the time, the U.S. could spy on its citizens, although there was no way to prove that it does, in fact, do so.

"Who wants to live in a world where the government can listen in on every communication without any evidence of crime?" Nojeim said. "The consequences of that are that people won't communicate freely and the country would be very different as a result. Imagine how your conversation with a close personal friend would change if you knew someone else was listening. That's what is at stake. That's what needs to be protected."

Julian Assange, the founder of WikiLeaks, which has exposed U.S. diplomatic cables, videos from the wars, and more, is also concerned that some of the most prominent online companies--Facebook and Google, among others--are tools for the government to be used for access to any kind of information they want.

"Facebook in particular is the most appalling spying machine that has ever been invented," Assange said in an interview with Russian news site RT earlier this year. "Here we have the world's most comprehensive database about people, their relationships, their names, their addresses, their locations and the communications with each other, their relatives, all sitting within the United States, all accessible to U.S. intelligence."

Assange went on to say that the companies "have built-in interfaces for U.S. intelligence."

"It's not a matter of serving a subpoena," Assange told RT. "They have an interface that they have developed for U.S. intelligence to use."

It's worth noting, however, that neither those companies Assange mentioned nor the U.S. intelligence community have ever confirmed that they are working in cahoots to spy on people.

Source

Michael Geist
November 03, 2011

ACTRA is in Ottawa this week for a two-day lobby campaign on issues such as cultural funding and copyright. The group will undoubtedly focus on extending the private copying levy to iPods, an issue it has raised in the past. While there is seemingly no prospect of extending the levy to iPods, the question now is whether the government is prepared to take action against the plan to extend it to memory cards.

The Copyright Board of Canada recently established the timing for the hearing on extending the private copying levy to electronic memory storage devices such as SD cards. The hearing will not start until October 2012, but the time for the government to act is now. Given its opposition to the "iPod tax", it is hard to see how it can possibly support extending the levy to SD cards and other storage devices. In fact, last year Canadian Heritage Minister James Moore specifically referenced memory cards in a debate on extending the levy:

This idea of imposing a new tax on iPods and MP3 players is not a new idea because there are very few new ideas, unfortunately, that come from the opposition on the issues of copyright and taxes. However, this idea is really toxic and, frankly, really dumb. This would punish consumers if we were to put in place a tax of up to $75 on iPods, Blackberries, cell phones, laptops, computers, memory sticks and automobiles, anything that is capable of playing digital music.

It turns out the Canadian Private Copying Collective provided the government with a roadmap for how to stop the memory card tax. As part of its submission to the Bill C-32 committee, the CPCC stated:

No Basis for Fear of a Levy on All Devices with a Hard Drive or on Any Inappropriate Device

The Act also makes provision for the Governor in Council to limit the scope of qualifying “devices” by regulation. Specifically, the definition of "audio recording medium" at section 79 of the Act permits the Governor in Council to prescribe by regulation that a particular type of "recording medium" is not an "audio recording medium".

The process set out in the Act is one that would provide advance notice of any medium or device on which the CPCC wished to collect a levy. The CPCC must file a proposed tariff by March 31st of the year prior to the year in which the levy would come into effect. If the CPCC sought a tariff on a device deemed inappropriate, the Governor in Council could issue a regulation that prevented the Copyright Board from considering such a request. There is, therefore, no legitimate basis for fear that a levy would be imposed on all devices with a hard drive or on any device to which a levy should not apply.

Moore is already on record in describing extending the levy to memory cards as a "toxic" and "dumb" idea. The issue is now whether - as the CPCC suggests - the Governor in Council will issue a regulation preventing the Copyright Board from considering the request.

Source

by Mike Masnick
November 3, 2011

From the that's-chutzpah dept

It appears that the big Hollywood studios/MPAA have absolutely no shame. Thankfully, employees at some of those companies recognize just how ridiculous their employers look and have been passing along some details. On Wednesday, Warner Bros. announced third quarter profits (not revenue) of $822 million, representing a 57% increase on last year. Revenues were $7.07 billion, 11% higher than last year. The company sent out an email to employees talking about how it was "another record" quarter for the company. Then, very soon after that email went out, another email went out, telling employees about how difficult life was at Warner Bros. these days due to the scourge of "content theft," and urging people to support the astroturfing group CreativeAmerica.

In July, we informed you about the creation of and Warner Bros.’ involvement with Creative America, a grassroots coalition uniting the entertainment community and others against one of the biggest threats we face as an industry: content theft. Thank you to those of you who have already joined and supported Creative America. This is an important first step, but there’s still more we can do.

Thieves in the U.S. and abroad continue to make millions of dollars off our work, talents and creativity. For instance, “The Big Bang Theory” is one of the most popular targets of digital content thieves, with more than 600,000 illegal digital downloads thus far in 2011. Meanwhile, “The Hangover Part II” was illegally downloaded some 700,000 times in the first five months since its theatrical release.

Content theft doesn’t just affect a single show or film or even studio. It affects residual benefits, pension funds and health plans as well as jobs that our industry supports—whether directly or in ancillary markets and businesses. Therefore, it’s in all of our interests to stand behind Creative America.

I dunno. WB, if you've just made $822 million in profits alone, perhaps you could donate some of that to residuals? Ha Ha, who am I kidding? Movie studios never pay residuals. Remember, this is Warner Bros. And part of the reason it was so profitable this quarter was the latest Harry Potter movie. But last year, we got to analyze the accounting on an earlier Harry Potter movie, showing how Warner Bros. played with the numbers to take a movie that brought in $938 million and still let Warner Bros. claim a $167 million "loss," through highly questionable accounting, designed almost entirely to avoid paying royalties. The trick, of course, is to set up each movie as its own "corporation" that has to pay the parent studio "fees" for certain "services." You keep ratcheting up those fees, and the studio makes a ton, but the "company" that is the movie can always claim a loss to avoid paying royalties.

Honestly, if you know anything about the numbers, you'd know that Warner Bros. is a much larger threat to residuals and other things like health plans and jobs, than any file sharing by some kids who'd never pay to see the movie anyway. SOPA/E-PARASITE isn't going to help people in the business get paid. Execs, sure. But not everyone else. Not by a long shot.

Source

By Dan Goodin
November 3, 2011

Digicert Malaysia banished from Chrome, IE, Firefox

Microsoft, Google, and Mozilla will banish yet another web authentication authority from their software after learning that it issued secure sockets layer certificates that could be used to attack people visiting Malaysian government websites.

Digicert Malaysia, an intermediate certificate authority that was certified by parent authority Entrust, issued 22 certificates with weak private keys and other serious deficiencies, the companies said. The lapses, which also included a failure to include revocation details and EKU, or extended key usage, designations, constituted a breach of obligations all CAs are required to follow to ensure the security of the SSL system.

“There is no indication that any certificates were issued fraudulently, however, these weak keys have allowed some of the certificates to be compromised,” Jerry Bryant, a spokesman in Microsoft's Trustworthy Computing group, wrote in a blog post. “The subordinate CA has clearly demonstrated poor CA security practices and Microsoft intends to revoke trust in the intermediate certificates.”

The public rebuke comes two months after software makers revoked the signing credentials of DigiNotar following revelations the Netherlands-based authority suffered a colossal security breach that allowed attackers to mint 531 bogus certificates for high-profile services. At least one of the counterfeits was exploited to spy on more than 300,000 Google Mail users in Iran.

In March, a security breach on a certificate reseller of rival CA Comodo resulted in the forgeries of credentials for many of the same domains, which in addition to Gmail, included Skype, Mozilla add-ons, and Microsoft update. Four months ago, another CA, Israel-based StartSSL, also said it was hacked, although the attackers were unable to obtain certificates that would allow them to spoof websites in a similar fashion. At least four other CAs have reported being compromised since June.

Entrust, the US-based CA whose imprimatur authorized Digicert Malaysia, said in its own blog post that it also planned to remove that trust. This Chromium update indicates that Google is taking similar steps, and a spokesman confirmed the company also intend to revoke trust in the Malaysian CA.

The omissions of Digicert Malaysia appear to be a serious violation of CA security standards. Its use of 512-bit keys, for instance, stand in stark contrast to the minimum requirement that keys contain twice that length. What's more, the lack of revocation information makes it harder to recall Digicert Malaysia certificates if they're found to be flawed, and the failure to include EKU information allows them to be abused in ways that otherwise wouldn't be possible.

“An attacker could use one of these weak certificates to impersonate the legitimate owners,” Mozilla's statement warned. “This could deceive users into trusting websites or signed software appearing to originate from these owners, but actually containing malicious content or software.”

The 22 certificates belonged to a “mix of Malaysian government websites and internal systems.”

Digicert Malaysia's banishment is effective Tuesday. It's not clear if that means the certificates are susceptible to abuse until them. Digicert Malaysia has no affiliation to Digicert Inc. based in Utah.

Source

by Steven Musil
November 3, 2011

Google is considering a plan to offer paid TV services to consumers across high-speed fiber-optic lines, according to a Wall Street Journal report.

The Web giant has considered adding TV services to a previously announced high-speed Internet service in Kansas City, Mo., and Kansas City, Kansas, the Journal said, citing people briefed on the company's plans. Google has reportedly hired cable TV executive Jeremy Stern to lead talks with media companies such as Disney and Time Warner.

A Google representative declined to confirm the pay TV report but said, "We're still exploring what product offerings will be available when we launch Google Fiber."

The report comes as competition heats up for consumers' entertainment dollars. Amazon and Dish Network recently announced forays into streaming content to challenge Netflix, which has been experiencing a subscriber backlash after a price increase in its DVD-and-streaming plan.

Google itself recently announced a $100 million investment to develop original content for dozens of new YouTube channels. And even though Hulu said it was taking itself off the market, Google was reportedly the high bidder for the online video service and may still be mulling another bid.

Source

October 31, 2011

John Wiley and Sons, one of the world’s largest book publishers, have sued 27 BitTorrent users at a federal court in New York. The publisher claims that the defendants have shared copies of its “For Dummies” books without permission, and demands compensation. After several movie studios started filing lawsuits against BitTorrent users last year, Wiley is the first book publisher to take this kind of action.

Since early 2010 more than 200,000 people have been sued in the U.S. for sharing copyrighted works via BitTorrent. Thus far these lawsuits have been the exclusive territory of independent and adult film studios, but today they are joined by one of the world’s largest book publishers.

John Wiley and Sons have sued 27 Does at a federal court in New York for downloading and sharing copies of its “For Dummies” books using BitTorrent. The complaint (pdf), obtained by TorrentFreak, shows that all defendants allegedly shared the books on October 18 and 19 of this year.

Wiley argues that through the massive piracy that occurs on BitTorrent, their company is suffering severe losses that might cost several authors their jobs.

“Defendants are contributing to a problem that threatens the profitability of Wiley. Although Wiley cannot determine at this time the precise amount of revenue that it has lost as a result of peer-to-peer file sharing of its copyrighted works though BitTorrent software, the amount of revenue that is lost is enormous,” Wiley’s attorney writes.

“For example, BitTorrent users on a single site, demonoid.me, have downloaded one of the works that is the subject of this suit, ‘Photoshop CS 5 All-In-One FOR DUMMIES,’ more than 74,000 times since June 6, 2010,” the complaint adds.

Other pirated books listed in the complaint include familiar titles such as “AutoCAD 2011 for Dummies,” “Day Trading for Dummies”, “Calculus Essential for Dummies” and “Word Press For Dummies”. Interestingly, the popular “BitTorrent for Dummies” is not included.

Aside form the direct financial damage through copyright infringement, Wiley also claims that “counterfeit” copies of their books may result in damage to the company’s image.

“The damage to Wiley includes hark to its goodwill and reputation in the marketplace for which money cannot compensate. Wiley is particularly concerned that its trademarks are used in connection with unauthorized electronic products, which could contain malicious viruses.”

“Wiley is also concerned that these unauthorized electronic editions of its works may be of inferior quality to the original versions,” the complaint reads.

The 27 defendants are all accused of copyright infringement, trademark infringement and trademark counterfeiting, and the publisher demands to be compensated for the damage they have caused.

The court papers end with an overview of the 27 IP-addresses through which these titles were shared. These are all located in the State of New York according to the attorney.

Although Wiley’s suit can be classified as a mass-BitTorrent lawsuit, the complaint is quite different from the ones we’ve seen thus far. Also, Wiley has hired the law firm Dunnegan LLC which has no track record of filing similar cases.

At this point it is not clear whether Wiley is determined to take the 27 defendants to trial, or whether it will offer them settlements as we’ve seen in nearly all other cases thus far. However, there is little doubt that Wiley’s move to make a stand against book piracy will be watched closely by other book publishers.

Source

By Brid-Aine Parnell
November 1, 2011

US rejects calls for 'national barriers on information'

US Vice President Joe Biden has made it clear that America is not interested in the sort of global internet rules that China and Russia have been calling for.

China, Russia, Uzbekistan and Tajikistan proposed a voluntary "code of conduct" for information security to the UN in September.

Countries following the code would have “respect for human rights and fundamental freedoms and respect for the diversity of history, culture and social systems of all countries”, and promise “not to use information and communications technologies, including networks, to carry out hostile activities or acts of aggression, pose threats to international peace and security or proliferate information weapons or related technologies”.

But they would have to curb “the dissemination of information that incites terrorism, secessionism or extremism or that undermines other countries’ political, economic and social stability, as well as their spiritual and cultural environment” as part of the pact.

The US has shown before that it’s reluctant to sign any sort of restrictive internet treaty and Biden, speaking at the London Conference on Cyberspace (LCC), agreed with remarks by UK Foreign Secretary William Hague and Prime Minister David Cameron that the internet needed to stay free and open and out from under heavy government control.

“There are some who have a different view, as you know. They seek an international legal instrument that would lead to exclusive government control over Internet resources, institutions, and content, and national barriers on the free flow of information online,” Biden said.

“But this, in our view, would lead to a fragmented internet, one that does not connect people but divides them, a stagnant cyberspace, not an innovative one, and ultimately a less secure cyberspace with less trust among nations.”

He added that existing international law principles existed in cyberspace as well as the real world, so there was no need for additional regulation, a view he summarized in one of his favourite adages – if it ain’t broke, don’t fix it.

The vice president addressed the conference over a video link from Washington, after a planned visit from US Secretary of State Hillary Clinton was cancelled when her mother fell ill.

Source

November 1, 2011

The web video site ventures into original programming by partnering with celebrities like Madonna and Deepak Chopra to launch 100 new channels

YouTube may be the top destination for videos of cats playing the piano, but could it be a threat to television? Google is betting it is. The company announced that YouTube, which Google owns, is partnering with Madonna, Ashton Kutcher, Amy Poehler, The Onion, Slate, and others to launch 100 new online "channels" with exclusive original programming — a deal reportedly worth $100 million. The first channel is expected to launch this month. Google is also updating Google TV to offer an easier way to access the new YouTube channels. Is this the first step toward making YouTube a replacement for cable TV?

Google may be on to something: "The traditional TV industry should consider itself warned," says Matt Rosoff at Business Insider. As more and more programming migrates online, TV is "changing from a world of a few hundred channels to millions of 'channels' available via the web." Google is smart to capitalize on that movement, and the Google TV link will put the YouTube programming on "equal footing" with cable shows.

All it needs is one success: YouTube's problem has been that "skateboarding-chicken videos aren't necessarily what most people look for when they settle in on the couch" for the evening, says Michael Hogan at Moviefone. But "a skateboarding channel programmed by Tony Hawk" might be. Even if 90 percent of these channels fail, Google's investment will pay off if one or two can build a loyal audience, bypassing "the gatekeepers of broadcast and cable television."

There is no way this will work: It's hard to imagine YouTube becoming "a viable alternative for television," says Mack Rawden at Cinema Blend. It just doesn't have enough substance, and it still won't even with these new channels. "Every year, hundreds of schemes and inventions are touted as waves of the future." Like most of them, this experiment will probably be "written off as costly and foolish" within the year.

Source

October 28, 2011

The MPAA has submitted a new list of “notorious websites” to the Office of the US Trade Representative, sites that are all in danger of becoming the target of planned U.S. legislation. The list contains the most-visited torrent sites including The Pirate Bay, file-hosting and linking sites such as MegaUpload, and Russia’s Facebook equivalent, VKontakte. Interestingly, file-hosting service RapidShare is absent from the filing.

In a response to a request from the Office of the US Trade Representative (USTR), the MPAA has submitted a new list of “notorious markets” they say promote illegal distribution of movies and TV-shows.

The filing is particularly interesting since U.S. lawmakers have this week introduced a bill in the House that aims to neutralize these sites. The MPAA has been one of the most vocal proponents of the bill and the group is expected to call for action against the websites when it passes.

“The rogue overseas marketplaces highlighted in today’s filing are a direct threat to our community and the millions of hard-working Americans that rely on it for their livelihoods,” the MPAA writes in a statement.

“The MPAA commends and greatly appreciates the USTR’s recognition of the damage inflicted by these illicit markets on US global competitiveness and we applaud their work to protect American jobs.”

In their filing the MPAA lists a variety of websites, which they have organized in various categories. In addition to the location where the sites in question are hosted, the MPAA has also provided a short description for each of the sites.

Torrent and P2P Sites

The MPAA’s first category includes all the major torrent sites, which the group claims are facilitating mass copyright infringement. Also in this list is the Chinese BitTorrent-based application Xunlei, which is partly owned by Google.

• ThePirateBay.org
• Rutracker.org
• Kat.ph
• IsoHunt.com
• Demonoid.me
• Torrentz.eu
• Btjunkie.org
• Xunlei.com

File-hosting and streaming sites

The second category includes several file-hosting and streaming sites, but also the Russian Facebook equivalent VKontakte. The social networking site hosts a wide variety of music and video files uploaded by users. The MPAA describes VKontakte as a purposefully created hotbed of piracy.

“This result stems from the combination of site specific user upload and search functionality – including torrent functionality – designed to facilitate easy hosting and access to popular media files, together with the lack of any affirmative efforts by the sites’ operators to prevent copyright infringement,” they write.

• Megaupload.com/Megavideo.com
• Putlocker.com
• Wupload.com
• Simdisk.co.kr
• VKontakte

Linking sites

The third group covers so-called linking websites. These organize links to copyrighted material which can be streamed or downloaded from third-party sites. On the top of the list is Video2k.tv, a site that sprung up when the popular German-based linking site Kino.to was raided earlier this year.

• Video2k.tv
• Letmewatchthis.ch
• Movie2k.to
• Seriesyonkis.com
• 3000filmes.com

Newsgroups

The MPAA concludes their list of rogue websites with Usenet, but lists only one provider.

“This worldwide collection of servers is known as the Usenet, a high-speed direct download service offering access to a searchable global file exchange network. Today, illegal copies of movies and television shows are commonly posted in newsgroups for download by users around the world,” they write in their filing.

• Usenext.com

One notable absentee from the list is RapidShare. The file-hosting service was included in the MPAA submission last year but was left out this time, although nothing has changed in its business setup. This could be a strategic decision as RapidShare itself has hired lobbyists to represent their interest in Washington recently.

The problem with the MPAA’s submission is that it’s not clear what distinguishes a “rogue” from a legitimate site. Until there are distinct and quantifiable characteristics this means that thousands of sites could fall under this label, and have their businesses ruined if the U.S. Government decides to intervene.

TorrentFreak asked the MPAA whether they could give a clear description of a rogue site, but they chose not to reply. The sites above can only hope that judges will see through the MPAA’s subjective definition when they have to review a domain seizure request or ISP blockade in the future.

Source