Tag Archives: Government

Google on Collision Course With Movie Biz Over Piracy & Safe Harbor

Post Syndicated from Andy original https://torrentfreak.com/google-on-collision-course-with-movie-biz-over-piracy-safe-harbor-180219/

Wherever Google has a presence, rightsholders are around to accuse the search giant of not doing enough to deal with piracy.

Over the past several years, the company has been attacked by both the music and movie industries but despite overtures from Google, criticism still floods in.

In Australia, things are definitely heating up. Village Roadshow, one of the nation’s foremost movie companies, has been an extremely vocal Google critic since 2015 but now its co-chief, the outspoken Graham Burke, seems to want to take things to the next level.

As part of yet another broadside against Google, Burke has for the second time in a month accused Google of playing a large part in online digital crime.

“My view is they are complicit and they are facilitating crime,” Burke said, adding that if Google wants to sue him over his comments, they’re very welcome to do so.

It’s highly unlikely that Google will take the bait. Burke’s attempt at pushing the issue further into the spotlight will have been spotted a mile off but in any event, legal battles with Google aren’t really something that Burke wants to get involved in.

Australia is currently in the midst of a consultation process for the Copyright Amendment (Service Providers) Bill 2017 which would extend the country’s safe harbor provisions to a broader range of service providers including educational institutions, libraries, archives, key cultural institutions and organizations assisting people with disabilities.

For its part, Village Roadshow is extremely concerned that these provisions may be extended to other providers – specifically Google – who might then use expanded safe harbor to deflect more liability in respect of piracy.

“Village Roadshow….urges that there be no further amendments to safe harbor and in particular there is no advantage to Australia in extending safe harbor to Google,” Burke wrote in his company’s recent submission to the government.

“It is very unlikely given their size and power that as content owners we would ever sue them but if we don’t have that right then we stand naked. Most importantly if Google do the right thing by Australia on the question of piracy then there will be no issues. However, they are very far from this position and demonstrably are facilitating crime.”

Accusations of crime facilitation are nothing new for Google, with rightsholders in the US and Europe having accused the company of the same a number of times over the years. In response, Google always insists that it abides by relevant laws and actually goes much further in tackling piracy than legislation currently requires.

On the safe harbor front, Google begins by saying that not expanding provisions to service providers will have a seriously detrimental effect on business development in the region.

“[Excluding] online service providers falls far short of a balanced, pro-innovation environment for Australia. Further, it takes Australia out of step with other digital economies by creating regulatory uncertainty for [venture capital] investment and startup/entrepreneurial success,” Google’s submission reads.

“[T]he Draft Bill’s narrow safe harbor scheme places Australian-based startups and online service providers — including individual bloggers, websites, small startups, video-hosting services, enterprise cloud companies, auction sites, online marketplaces, hosting providers for real-estate listings, photo hosting services, search engines, review sites, and online platforms —in a disadvantaged position compared with global startups in countries that have strong safe harbor frameworks, such as the United States, Canada, United Kingdom, Singapore, South Korea, Japan, and other EU countries.

“Under the new scheme, Australian-based startups and service providers, unlike their international counterparts, will not receive clear and consistent legal protection when they respond to complaints from rightsholders about alleged instances of online infringement by third-party users on their services,” Google notes.

Interestingly, Google then delivers what appears to be a loosely veiled threat.

One of the key anti-piracy strategies touted by the mainstream entertainment companies is collaboration between rightsholders and service providers, including the latter providing voluntary tools to police infringement online. Google says that if service providers are given a raw deal on safe harbor, the extent of future cooperation may be at risk.

“If Australian-based service providers are carved out of the new safe harbor regime post-reform, they will operate from a lower incentive to build and test new voluntary tools to combat online piracy, potentially reducing their contributions to innovation in best practices in both Australia and international markets,” the company warns.

But while Village Roadshow argue against safe harbors and warn that piracy could kill the movie industry, it is quietly optimistic that the tide is turning.

In a presentation to investors last week, the company said that reducing piracy would have “only an upside” for its business but also added that new research indicates that “piracy growth [is] getting arrested.” As a result, the company says that it will build on the notion that “74% of people see piracy as ‘wrong/theft’” and will call on Australians to do the right thing.

In the meantime, the pressure on Google will continue but lawsuits – in either direction – won’t provide an answer.

Village Roadshow’s submission can be found here, Google’s here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Sweden Considers Six Years in Jail For Online Pirates

Post Syndicated from Andy original https://torrentfreak.com/sweden-considers-six-years-in-jail-for-online-pirates-180218/

Ever since the infamous Pirate Bay trial more than a decade ago, prosecutors in Sweden have called for a tougher approach to breaches of copyright law. In general terms, the country has been painted as soft on infringement but that could all be about to change.

After reaching the conclusion that penalties in Sweden “appear to be low” when compared to those on the international stage, the government sought advice on how such crimes can be punished, not only more severely, but also in proportion to the alleged damage caused.

In response, Minister for Justice Heléne Fritzon received a report this week. It proposes a new tier of offenses with “special” punishments to tackle large-scale copyright infringement and “serious” trademark infringement.

Presented by Council of Justice member Dag Mattsson, the report envisions new criminal designations and crime being divided into two levels of seriousness.

“A person who has been found guilty of copyright infringement or trademark infringement of a normal grade may be sentenced to fines or imprisonment up to a maximum of two years,” the government notes.

“In cases of gross crimes, a person may be convicted of gross copyright infringement or gross trademark infringement and sent to prison for at least six months and not more than six years.”

Last year the Supreme Court found that although prison sentences can be handed down in such cases, there were no legislative indications that copyright infringement should be penalized via a term of imprisonment.

For an idea of the level of change, one only need refer to The Pirate Bay case, which would undoubtedly be considered as “gross infringement” under the new proposals.

Under the new rules, defendants Peter Sunde, Fredrik Neij and Carl Lundström would be sentenced to a minimum of six months and a maximum of six years. As things stood, with infringement being dealt with via fines or up to two years’ imprisonment, they were sentenced to prison terms of eight, ten and four months respectively.

Under the new proposals, damage to rightsholders and monetary gain by the defendant would be taken into account when assessing whether a crime is “gross” or not. This raises the question of whether someone sharing a single pre-release movie could be deemed a gross infringer even if no money was made.

Also of interest are proposals that would enable the state to confiscate all kinds of property, both physical items and more intangible assets such as domain names. This proposal is a clear nod towards the Pirate Bay case which dragged on for several years before the state was able to take over its thepiratebay.se domain.

“Today there is organized online piracy that has major consequences for the whole community,” Minister Fritzon said in a statement.

“Therefore, it is good that the punishments for these crimes have been reviewed, as the sentence will then be proportional to the seriousness of the crime.”

The legislative amendments are proposed to enter into force on July 1, 2019.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Major US Sports Leagues Report Top Piracy Nations to Government

Post Syndicated from Ernesto original https://torrentfreak.com/major-us-sports-leagues-report-top-piracy-nations-to-government-180216/

While pirated Hollywood blockbusters often score the big headlines, there are several other industries that have been battling with piracy over the years. This includes sports organizations.

Many of the major US leagues including the NBA, NFL, NHL, MLB and the Tennis Association, are bundling their powers in the Sports Coalition, to try and curb the availability of pirated streams and videos.

A few days ago the Sports Coalition put the piracy problem on the agenda of the United States Trade Representative (USTR).

“Sports organizations, including Sports Coalition members, are heavily affected by live sports telecast piracy, including the unauthorized live retransmission of sports telecasts over the Internet,” the Sports Coalition wrote.

“The Internet piracy of live sports telecasts is not only a persistent problem, but also a global one, often involving bad actors in more than one nation.”

The USTR asked the public for comments on which countries play a central role in copyright infringement issues. In its response, the Sports Coalition stresses that piracy is a global issue but singles out several nations as particularly problematic.

The coalition recommends that the USTR should put the Netherlands and Switzerland on the “Priority Watch List” of its 2018 Special 301 Report, followed by Russia, Saudi Arabia, Seychelles and Sweden, which get a regular “Watch List” recommendation.

The main problem with these countries is that hosting providers and content distribution networks don’t do enough to curb piracy.

In the Netherlands, sawlive.tv, strikezoneme, wizlnet, AltusHost, Host Palace, Quasi Networks and SNEL pirated or provided services contributing to sports piracy, the coalition writes. In Switzerland, mlbstreamme, robinwidgetorg, strikeoutmobi, BlackHOST, Private Layer and Solar Communications are doing the same.

According to the major sports leagues, the US Government should encourage these countries to step up their anti-piracy game. This is not only important for US copyright holders, but also for licensees in other countries.

“Clearly, there is common ground – both in terms of shared economic interests and legal obligations to protect and enforce intellectual property and related rights – for the United States and the nations with which it engages in international trade to work cooperatively to stop Internet piracy of sports programming.”

Whether any of these countries will make it into the USTR’s final list has yet to be seen. For Switzerland it wouldn’t be the first time but for the Netherlands it would be new, although it has been considered before.

A document we received through a FOIA request earlier this year revealed that the US Embassy reached out to the Dutch Government in the past, to discuss similar complaints from the Sports Coalition.

The same document also revealed that local anti-piracy group BREIN consistently urged the entertainment industries it represents not to advocate placing the Netherlands on the 301 Watch List but to solve the problems behind the scenes instead.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Can Consumers’ Online Data Be Protected?

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/02/can_consumers_o.html

Everything online is hackable. This is true for Equifax’s data and the federal Office of Personal Management’s data, which was hacked in 2015. If information is on a computer connected to the Internet, it is vulnerable.

But just because everything is hackable doesn’t mean everything will be hacked. The difference between the two is complex, and filled with defensive technologies, security best practices, consumer awareness, the motivation and skill of the hacker and the desirability of the data. The risks will be different if an attacker is a criminal who just wants credit card details ­ and doesn’t care where he gets them from ­ or the Chinese military looking for specific data from a specific place.

The proper question isn’t whether it’s possible to protect consumer data, but whether a particular site protects our data well enough for the benefits provided by that site. And here, again, there are complications.

In most cases, it’s impossible for consumers to make informed decisions about whether their data is protected. We have no idea what sorts of security measures Google uses to protect our highly intimate Web search data or our personal e-mails. We have no idea what sorts of security measures Facebook uses to protect our posts and conversations.

We have a feeling that these big companies do better than smaller ones. But we’re also surprised when a lone individual publishes personal data hacked from the infidelity site AshleyMadison.com, or when the North Korean government does the same with personal information in Sony’s network.

Think about all the companies collecting personal data about you ­ the websites you visit, your smartphone and its apps, your Internet-connected car — and how little you know about their security practices. Even worse, credit bureaus and data brokers like Equifax collect your personal information without your knowledge or consent.

So while it might be possible for companies to do a better job of protecting our data, you as a consumer are in no position to demand such protection.

Government policy is the missing ingredient. We need standards and a method for enforcement. We need liabilities and the ability to sue companies that poorly secure our data. The biggest reason companies don’t protect our data online is that it’s cheaper not to. Government policy is how we change that.

This essay appeared as half of a point/counterpoint with Priscilla Regan, in a CQ Researcher report titled “Privacy and the Internet.”

Australian Government Launches Pirate Site-Blocking Review

Post Syndicated from Andy original https://torrentfreak.com/australian-government-launches-pirate-site-blocking-review-180214/

Following intense pressure from entertainment industry groups, in 2014 Australia began developing legislation which would allow ‘pirate’ sites to be blocked at the ISP level.

In March 2015 the Copyright Amendment (Online Infringement) Bill 2015 (pdf) was introduced to parliament and after just three months of consideration, the Australian Senate passed the legislation into law.

Soon after, copyright holders began preparing their first cases and in December 2016, the Australian Federal Court ordered dozens of local Internet service providers to block The Pirate Bay, Torrentz, TorrentHound, IsoHunt, SolarMovie, plus many proxy and mirror services.

Since then, more processes have been launched establishing site-blocking as a permanent fixture on the Aussie anti-piracy agenda. But with yet more applications for injunction looming on the horizon, how is the mechanism performing and does anything else need to be done to improve or amend it?

Those are the questions now being asked by the responsible department of the Australian Government via a consultation titled Review of Copyright Online Infringement Amendment. The review should’ve been carried out 18 months after the law’s introduction in 2015 but the department says that it delayed the consultation to let more evidence emerge.

“The Department of Communications and the Arts is seeking views from stakeholders on the questions put forward in this paper. The Department welcomes single, consolidated submissions from organizations or parties, capturing all views on the Copyright Amendment (Online Infringement) Act 2015 (Online Infringement Amendment),” the consultation paper begins.

The three key questions for response are as follows:

– How effective and efficient is the mechanism introduced by the Online Infringement Amendment?

– Is the application process working well for parties and are injunctions operating well, once granted?

– Are any amendments required to improve the operation of the Online Infringement Amendment?

Given the tendency for copyright holders to continuously demand more bang for their buck, it will perhaps come as a surprise that at least for now there is a level of consensus that the system is working as planned.

“Case law and survey data suggests the Online Infringement Amendment has enabled copyright owners to work with [Internet service providers] to reduce large-scale online copyright infringement. So far, it appears that copyright owners and [ISPs] find the current arrangement acceptable, clear and effective,” the paper reads.

Thus far under the legislation there have been four applications for injunctions through the Federal Court, notably against leading torrent indexes and browser-based streaming sites, which were both granted.

The other two processes, which began separately but will be heard together, at least in part, involve the recent trend of set-top box based streaming.

Village Roadshow, Disney, Universal, Warner Bros, Twentieth Century Fox, and Paramount are currently presenting their case to the Federal Court. Along with Hong Kong-based broadcaster Television Broadcasts Limited (TVB), which has a separate application, the companies have been told to put together quality evidence for an April 2018 hearing.

With these applications already in the pipeline, yet more are on the horizon. The paper notes that more applications are expected to reach the Federal Court shortly, with the Department of Communications monitoring to assess whether current arrangements are refined as additional applications are filed.

Thus far, however, steady progress appears to have been made. The paper cites various precedents established as a result of the blocking process including the use of landing pages to inform Internet users why sites are blocked and who is paying.

“Either a copyright owner or [ISP] can establish a landing page. If an [ISP] wishes to avoid the cost of its own landing page, it can redirect customers to one that the copyright owner would provide. Another precedent allocates responsibility for compliance costs. Cases to date have required copyright owners to pay all or a significant proportion of compliance costs,” the paper notes.

But perhaps the issue of most importance is whether site-blocking as a whole has had any effect on the levels of copyright infringement in Australia.

The Government says that research carried out by Kantar shows that downloading “fell slightly from 2015 to 2017” with a 5-10% decrease in individuals consuming unlicensed content across movies, music and television. It’s worth noting, however, that Netflix didn’t arrive on Australian shores until May 2015, just a month before the new legislation was passed.

Research commissioned by the Department of Communications and published a year later in 2016 (pdf) found that improved availability of legal streaming alternatives was the main contributor to falling infringement rates. In a juicy twist, the report also revealed that Aussie pirates were the entertainment industries’ best customers.

“The Department is aware that other factors — such as the increasing availability of television, music and film streaming services and of subscription gaming services — may also contribute to falling levels of copyright infringement,” the paper notes.

Submissions to the consultation (pdf) are invited by 5.00 pm AEST on Friday 16 March 2018 via the government’s website.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Kim Dotcom Begins New Fight to Avoid Extradition to United States

Post Syndicated from Andy original https://torrentfreak.com/kim-dotcom-begins-new-fight-to-avoid-extradition-to-united-states-180212/

More than six years ago in January 2012, file-hosting site Megaupload was shut down by the United States government and founder Kim Dotcom and his associates were arrested in New Zealand.

What followed was an epic legal battle to extradite Dotcom, Mathias Ortmann, Finn Batato, and Bram van der Kolk to the United States to face several counts including copyright infringement, racketeering, and money laundering. Dotcom has battled the US government every inch of the way.

The most significant matters include the validity of the search warrants used to raid Dotcom’s Coatesville home on January 20, 2012. Despite a prolonged trip through the legal system, in 2014 the Supreme Court dismissed Dotcom’s appeals that the search warrants weren’t valid.

In 2015, the District Court later ruled that Dotcom and his associates are eligible for extradition. A subsequent appeal to the High Court failed when in February 2017 – and despite a finding that communicating copyright-protected works to the public is not a criminal offense in New Zealand – a judge also ruled in favor.

Of course, Dotcom and his associates immediately filed appeals and today in the Court of Appeal in Wellington, their hearing got underway.

Lawyer Grant Illingworth, representing Van der Kolk and Ortmann, told the Court that the case had “gone off the rails” during the initial 10-week extradition hearing in 2015, arguing that the case had merited “meaningful” consideration by a judge, something which failed to happen.

“It all went wrong. It went absolutely, totally wrong,” Mr. Illingworth said. “We were not heard.”

As expected, Illingworth underlined the belief that under New Zealand law, a person may only be extradited for an offense that could be tried in a criminal court locally. His clients’ cases do not meet that standard, the lawyer argued.

Turning back the clocks more than six years, Illingworth again raised the thorny issue of the warrants used to authorize the raids on the Megaupload defendants.

It had previously been established that New Zealand’s GCSB intelligence service had illegally spied on Dotcom and his associates in the lead up to their arrests. However, that fact was not disclosed to the District Court judge who authorized the raids.

“We say that there was misleading conduct at this stage because there was no reference to the fact that information had been gathered illegally by the GCSB,” he said.

But according to Justice Forrest Miller, even if this defense argument holds up the High Court had already found there was a prima facie case to answer “with bells on”.

“The difficulty that you face here ultimately is whether the judicial process that has been followed in both of the courts below was meaningful, to use the Canadian standard,” Justice Miller said.

“You’re going to have to persuade us that what Justice Gilbert [in the High Court] ended up with, even assuming your interpretation of the legislation is correct, was wrong.”

Although the US seeks to extradite Dotcom and his associates on 13 charges, including racketeering, copyright infringement, money laundering and wire fraud, the Court of Appeal previously confirmed that extradition could be granted based on just some of the charges.

The stakes couldn’t be much higher. The FBI says that the “Megaupload Conspiracy” earned the quartet $175m and if extradited to the US, they could face decades in jail.

While Dotcom was not in court today, he has been active on Twitter.

“The court process went ‘off the rails’ when the only copyright expert Judge in NZ was >removed< from my case and replaced by a non-tech Judge who asked if Mega was ‘cow storage’. He then simply copy/pasted 85% of the US submissions into his judgment," Dotcom wrote.

Dotcom also appeared to question the suitability of judges at both the High Court and Court of Appeal for the task in hand.

“Justice Miller and Justice Gilbert (he wrote that High Court judgment) were business partners at the law firm Chapman Tripp which represents the Hollywood Studios in my case. Both Judges are now at the Court of Appeal. Gilbert was promoted shortly after ruling against me,” Dotcom added.

Dotcom is currently suing the New Zealand government for billions of dollars in damages over the warrant which triggered his arrest and the demise of Megaupload.

The hearing is expected to last up to two-and-a-half weeks.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Cabinet of Secret Documents from Australia

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/02/cabinet_of_secr.html

This story of leaked Australian government secrets is unlike any other I’ve heard:

It begins at a second-hand shop in Canberra, where ex-government furniture is sold off cheaply.

The deals can be even cheaper when the items in question are two heavy filing cabinets to which no-one can find the keys.

They were purchased for small change and sat unopened for some months until the locks were attacked with a drill.

Inside was the trove of documents now known as The Cabinet Files.

The thousands of pages reveal the inner workings of five separate governments and span nearly a decade.

Nearly all the files are classified, some as “top secret” or “AUSTEO”, which means they are to be seen by Australian eyes only.

Yes, that really happened. The person who bought and opened the file cabinets contacted the Australian Broadcasting Corp, who is now publishing a bunch of it.

There’s lots of interesting (and embarassing) stuff in the documents, although most of it is local politics. I am more interested in the government’s reaction to the incident: they’re pushing for a law making it illegal for the press to publish government secrets it received through unofficial channels.

“The one thing I would point out about the legislation that does concern me particularly is that classified information is an element of the offence,” he said.

“That is to say, if you’ve got a filing cabinet that is full of classified information … that means all the Crown has to prove if they’re prosecuting you is that it is classified ­ nothing else.

“They don’t have to prove that you knew it was classified, so knowledge is beside the point.”

[…]

Many groups have raised concerns, including media organisations who say they unfairly target journalists trying to do their job.

But really anyone could be prosecuted just for possessing classified information, regardless of whether they know about it.

That might include, for instance, if you stumbled across a folder of secret files in a regular skip bin while walking home and handed it over to a journalist.

This illustrates a fundamental misunderstanding of the threat. The Australian Broadcasting Corp gets their funding from the government, and was very restrained in what they published. They waited months before publishing as they coordinated with the Australian government. They allowed the government to secure the files, and then returned them. From the government’s perspective, they were the best possible media outlet to receive this information. If the government makes it illegal for the Australian press to publish this sort of material, the next time it will be sent to the BBC, the Guardian, the New York Times, or Wikileaks. And since people no longer read their news from newspapers sold in stores but on the Internet, the result will be just as many people reading the stories with far fewer redactions.

The proposed law is older than this leak, but the leak is giving it new life. The Australian opposition party is being cagey on whether they will support the law. They don’t want to appear weak on national security, so I’m not optimistic.

EDITED TO ADD (2/8): The Australian government backed down on that new security law.

EDITED TO ADD (2/13): Excellent political cartoon.

China to Start Blocking Unauthorized VPN Providers This April

Post Syndicated from Andy original https://torrentfreak.com/china-to-start-blocking-unauthorized-vpn-providers-this-april-180203/

Back in January 2017, China’s Ministry of Industry and Information Technology announced a 14-month campaign to crack down on ‘unauthorized’ Internet platforms.

China said that Internet technologies and services had been expanding in a “disorderly” fashion, so regulation was required. No surprise then that the campaign targeted censorship-busting VPN services, which are used by citizens and corporations to traverse the country’s Great Firewall.

Heralding a “nationwide Internet network access services clean-up”, China warned that anyone operating such a service would require a government telecommunications business license. It’s now been more than a year since that announcement and much has happened in the interim.

In July 2017, Apple removed 674 VPN apps from its App Store and in September, a local man was jailed for nine months for selling VPN software. In December, another man was jailed for five-and-a-half years for selling a VPN service without an appropriate license from the government.

This week the government provided an update on the crackdown, telling the media that it will begin forcing local and foreign companies and individuals to use only government-approved systems to access the wider Internet.

Ministry of Industry and Information Technology (MIIT) chief engineer Zhang Feng reiterated earlier comments that VPN operators must be properly licensed by the government, adding that unlicensed VPNs will be subjected to new rules which come into force on March 31. The government plans to block unauthorized VPN providers, official media reported.

“We want to regulate VPNs which unlawfully conduct cross-border operational activities,” Zhang told reporters.

“Any foreign companies that want to set up a cross-border operation for private use will need to set up a dedicated line for that purpose,” he said.

“They will be able to lease such a line or network legally from the telecommunications import and export bureau. This shouldn’t affect their normal operations much at all.”

Radio Free Asia reports that state-run telecoms companies including China Mobile, China Unicom, and China Telecom, which are approved providers, have all been ordered to prevent their 1.3 billion subscribers from accessing blocked content with VPNs.

“The campaign aims to regulate the market environment and keep it fair and healthy,” Zhang added. “[As for] VPNs which unlawfully conduct cross-border operational activities, we want to regulate this.”

So, it appears that VPN providers are still allowed in China, so long as they’re officially licensed and approved by the government. However, in order to get that licensing they need to comply with government regulations, which means that people cannot use them to access content restricted by the Great Firewall.

All that being said, Zhang is reported as saying that people shouldn’t be concerned that their data is insecure as a result – neither providers nor the government are able to access content sent over a state-approved VPN service, he claimed.

“The rights for using normal intentional telecommunications services is strictly protected,” said Zhang, adding that regulation means that communications are “secure”.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Addressing Data Residency with AWS

Post Syndicated from Min Hyun original https://aws.amazon.com/blogs/security/addressing-data-residency-with-aws/

Whitepaper image

AWS has released a new whitepaper that has been requested by many AWS customers: AWS Policy Perspectives: Data Residency. Data residency is the requirement that all customer content processed and stored in an IT system must remain within a specific country’s borders, and it is one of the foremost concerns of governments that want to use commercial cloud services. General cybersecurity concerns and concerns about government requests for data have contributed to a continued focus on keeping data within countries’ borders. In fact, some governments have determined that mandating data residency provides an extra layer of security.

This approach, however, is counterproductive to the data protection objectives and the IT modernization and global economic growth goals that many governments have set as milestones. This new whitepaper addresses the real and perceived security risks expressed by governments when they demand in-country data residency by identifying the most likely and prevalent IT vulnerabilities and security risks, explaining the native security embedded in cloud services, and highlighting the roles and responsibilities of cloud service providers (CSPs), governments, and customers in protecting data.

Large-scale, multinational CSPs, often called hyperscale CSPs, represent a transformational disruption in technology because of how they support their customers with high degrees of efficiency, agility, and innovation as part of world-class security offerings. The whitepaper explains how hyperscale CSPs, such as AWS, that might be located out of country provide their customers the ability to achieve high levels of data protection through safeguards on their own platform and with turnkey tooling for their customers. They do this while at the same time preserving nation-state regulatory sovereignty.

The whitepaper also considers the commercial, public-sector, and economic effects of data residency policies and offers considerations for governments to evaluate before enforcing requirements that can unintentionally limit public-sector digital transformation goals, in turn possibly leading to increased cybersecurity risk.

AWS continues to engage with governments around the world to hear and address their top-of-mind security concerns. We take seriously our commitment to advocate for our customers’ interests and enforce security from “ground zero.” This means that when customers use AWS, they can have the confidence that their data is protected with a level of assurance that meets, if not exceeds, their needs, regardless of where the data resides.

– Min Hyun, Cloud Security Policy Strategist

After Section 702 Reauthorization

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/01/after_section_7.html

For over a decade, civil libertarians have been fighting government mass surveillance of innocent Americans over the Internet. We’ve just lost an important battle. On January 18, President Trump signed the renewal of Section 702, domestic mass surveillance became effectively a permanent part of US law.

Section 702 was initially passed in 2008, as an amendment to the Foreign Intelligence Surveillance Act of 1978. As the title of that law says, it was billed as a way for the NSA to spy on non-Americans located outside the United States. It was supposed to be an efficiency and cost-saving measure: the NSA was already permitted to tap communications cables located outside the country, and it was already permitted to tap communications cables from one foreign country to another that passed through the United States. Section 702 allowed it to tap those cables from inside the United States, where it was easier. It also allowed the NSA to request surveillance data directly from Internet companies under a program called PRISM.

The problem is that this authority also gave the NSA the ability to collect foreign communications and data in a way that inherently and intentionally also swept up Americans’ communications as well, without a warrant. Other law enforcement agencies are allowed to ask the NSA to search those communications, give their contents to the FBI and other agencies and then lie about their origins in court.

In 1978, after Watergate had revealed the Nixon administration’s abuses of power, we erected a wall between intelligence and law enforcement that prevented precisely this kind of sharing of surveillance data under any authority less restrictive than the Fourth Amendment. Weakening that wall is incredibly dangerous, and the NSA should never have been given this authority in the first place.

Arguably, it never was. The NSA had been doing this type of surveillance illegally for years, something that was first made public in 2006. Section 702 was secretly used as a way to paper over that illegal collection, but nothing in the text of the later amendment gives the NSA this authority. We didn’t know that the NSA was using this law as the statutory basis for this surveillance until Edward Snowden showed us in 2013.

Civil libertarians have been battling this law in both Congress and the courts ever since it was proposed, and the NSA’s domestic surveillance activities even longer. What this most recent vote tells me is that we’ve lost that fight.

Section 702 was passed under George W. Bush in 2008, reauthorized under Barack Obama in 2012, and now reauthorized again under Trump. In all three cases, congressional support was bipartisan. It has survived multiple lawsuits by the Electronic Frontier Foundation, the ACLU, and others. It has survived the revelations by Snowden that it was being used far more extensively than Congress or the public believed, and numerous public reports of violations of the law. It has even survived Trump’s belief that he was being personally spied on by the intelligence community, as well as any congressional fears that Trump could abuse the authority in the coming years. And though this extension lasts only six years, it’s inconceivable to me that it will ever be repealed at this point.

So what do we do? If we can’t fight this particular statutory authority, where’s the new front on surveillance? There are, it turns out, reasonable modifications that target surveillance more generally, and not in terms of any particular statutory authority. We need to look at US surveillance law more generally.

First, we need to strengthen the minimization procedures to limit incidental collection. Since the Internet was developed, all the world’s communications travel around in a single global network. It’s impossible to collect only foreign communications, because they’re invariably mixed in with domestic communications. This is called “incidental” collection, but that’s a misleading name. It’s collected knowingly, and searched regularly. The intelligence community needs much stronger restrictions on which American communications channels it can access without a court order, and rules that require they delete the data if they inadvertently collect it. More importantly, “collection” is defined as the point the NSA takes a copy of the communications, and not later when they search their databases.

Second, we need to limit how other law enforcement agencies can use incidentally collected information. Today, those agencies can query a database of incidental collection on Americans. The NSA can legally pass information to those other agencies. This has to stop. Data collected by the NSA under its foreign surveillance authority should not be used as a vehicle for domestic surveillance.

The most recent reauthorization modified this lightly, forcing the FBI to obtain a court order when querying the 702 data for a criminal investigation. There are still exceptions and loopholes, though.

Third, we need to end what’s called “parallel construction.” Today, when a law enforcement agency uses evidence found in this NSA database to arrest someone, it doesn’t have to disclose that fact in court. It can reconstruct the evidence in some other manner once it knows about it, and then pretend it learned of it that way. This right to lie to the judge and the defense is corrosive to liberty, and it must end.

Pressure to reform the NSA will probably first come from Europe. Already, European Union courts have pointed to warrantless NSA surveillance as a reason to keep Europeans’ data out of US hands. Right now, there is a fragile agreement between the EU and the United States ­– called “Privacy Shield” — ­that requires Americans to maintain certain safeguards for international data flows. NSA surveillance goes against that, and it’s only a matter of time before EU courts start ruling this way. That’ll have significant effects on both government and corporate surveillance of Europeans and, by extension, the entire world.

Further pressure will come from the increased surveillance coming from the Internet of Things. When your home, car, and body are awash in sensors, privacy from both governments and corporations will become increasingly important. Sooner or later, society will reach a tipping point where it’s all too much. When that happens, we’re going to see significant pushback against surveillance of all kinds. That’s when we’ll get new laws that revise all government authorities in this area: a clean sweep for a new world, one with new norms and new fears.

It’s possible that a federal court will rule on Section 702. Although there have been many lawsuits challenging the legality of what the NSA is doing and the constitutionality of the 702 program, no court has ever ruled on those questions. The Bush and Obama administrations successfully argued that defendants don’t have legal standing to sue. That is, they have no right to sue because they don’t know they’re being targeted. If any of the lawsuits can get past that, things might change dramatically.

Meanwhile, much of this is the responsibility of the tech sector. This problem exists primarily because Internet companies collect and retain so much personal data and allow it to be sent across the network with minimal security. Since the government has abdicated its responsibility to protect our privacy and security, these companies need to step up: Minimize data collection. Don’t save data longer than absolutely necessary. Encrypt what has to be saved. Well-designed Internet services will safeguard users, regardless of government surveillance authority.

For the rest of us concerned about this, it’s important not to give up hope. Everything we do to keep the issue in the public eye ­– and not just when the authority comes up for reauthorization again in 2024 — hastens the day when we will reaffirm our rights to privacy in the digital age.

This essay previously appeared in the Washington Post.

New Anti-Piracy Coalition Calls For Canadian Website Blocking

Post Syndicated from Ernesto original https://torrentfreak.com/new-anti-piracy-coalition-calls-for-canadian-website-blocking-180130/

In recent years pirate sites have been blocked around the world, from Europe, through Asia, and even Down Under.

While many of the large corporations backing these blockades have their roots in North America, blocking efforts have been noticeably absent there. This should change, according to a new anti-piracy coalition that was launched in Canada this week.

Fairplay Canada, which consists of a broad range of organizations with ties to the entertainment industry, calls on the local telecom regulator CRTC to institute a national website blocking program.

The coalition’s members include Bell, Cineplex, Directors Guild of Canada, Maple Leaf Sports and Entertainment, Movie Theatre Association of Canada, and Rogers Media, which all share the goal of addressing the country’s rampant piracy problem.

The Canadian blocklist should be maintained by a yet to be established non-profit organization called “Independent Piracy Review Agency” (IPRA) and both IPRA and the CRTC would be overseen by the Federal Court of Appeal, the organizations propose.

“What we are proposing has been effective in countries like the UK, France, and Australia,” says Dr. Shan Chandrasekar, President and CEO of Asian Television Network International Limited (ATN), who is filing Fairplay Canada’s application.

“We are ardent supporters of this incredible coalition that has been formed to propose a new tool to empower the CRTC to address online piracy in Canada. We have great faith in Canadian regulators to modernize the tools available to help creators protect the content they make for Canadians’ enjoyment.”

The proposal is unique in the sense that it’s the first of its kind in North America and also has support from major players in the Telco industry. Since most large ISPs also have ties to media companies of their own, the latter is less surprising as it may seem at first glance.

Bell, for example, is not only the largest Internet provider in Canada but also owns the television broadcasting and production company Bell Media, which applauds the new plan.

“Bell is pleased to work with our partners across the industry and the CRTC on this important step in ensuring the long-term viability of the Canadian creative sector,” says Randy Lennox, President of Bell Media.

“Digital rights holders need up-to-date tools to combat piracy where it’s happening, on the Internet, and the process proposed by the coalition will provide just that, fairly, openly and effectively,” he adds.

Thus far the Government’s response to the plan has been rather reserved. When an early version of the plans leaked last month, Canadaland quoted a spokesperson who said that the Government is committed to opening doors instead of building walls.

Digital rights group OpenMedia goes a step further and brands the proposal a censorship plan which will violate net neutrality and limit people’s right to freedom of expression.

“Everybody agrees that content creators deserved to be paid for their work. But the proposal from this censorship coalition goes too far,” Executive Director Laura Tribe says.

“FairPlay Canada’s proposal is like using a machine gun to kill a mosquito. It will undoubtedly lead to legitimate content and speech being censored online violating our right to free expression and the principles of net neutrality, which the federal government has consistently pledged support for.”

While CTRC is reviewing FairPlay Canada’s plans, OpenMedia has launched a petition to stop the effort in its tracks, which has been signed by more than 45,000 Canadians to date.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

The problematic Wannacry North Korea attribution

Post Syndicated from Robert Graham original http://blog.erratasec.com/2018/01/the-problematic-wannacry-north-korea.html

Last month, the US government officially “attributed” the Wannacry ransomware worm to North Korea. This attribution has three flaws, which are a good lesson for attribution in general.

It was an accident

The most important fact about Wannacry is that it was an accident. We’ve had 30 years of experience with Internet worms teaching us that worms are always accidents. While launching worms may be intentional, their effects cannot be predicted. While they appear to have targets, like Slammer against South Korea, or Witty against the Pentagon, further analysis shows this was just a random effect that was impossible to predict ahead of time. Only in hindsight are these effects explainable.
We should hold those causing accidents accountable, too, but it’s a different accountability. The U.S. has caused more civilian deaths in its War on Terror than the terrorists caused triggering that war. But we hold these to be morally different: the terrorists targeted the innocent, whereas the U.S. takes great pains to avoid civilian casualties. 
Since we are talking about blaming those responsible for accidents, we also must include the NSA in that mix. The NSA created, then allowed the release of, weaponized exploits. That’s like accidentally dropping a load of unexploded bombs near a village. When those bombs are then used, those having lost the weapons are held guilty along with those using them. Yes, while we should blame the hacker who added ETERNAL BLUE to their ransomware, we should also blame the NSA for losing control of ETERNAL BLUE.

A country and its assets are different

Was it North Korea, or hackers affilliated with North Korea? These aren’t the same.

It’s hard for North Korea to have hackers of its own. It doesn’t have citizens who grow up with computers to pick from. Moreover, an internal hacking corps would create tainted citizens exposed to dangerous outside ideas. Update: Some people have pointed out that Kim Il-sung University in the capital does have some contact with the outside world, with academics granted limited Internet access, so I guess some tainting is allowed. Still, what we know of North Korea hacking efforts largley comes from hackers they employ outside North Korea. It was the Lazurus Group, outside North Korea, that did Wannacry.
Instead, North Korea develops external hacking “assets”, supporting several external hacking groups in China, Japan, and South Korea. This is similar to how intelligence agencies develop human “assets” in foreign countries. While these assets do things for their handlers, they also have normal day jobs, and do many things that are wholly independent and even sometimes against their handler’s interests.
For example, this Muckrock FOIA dump shows how “CIA assets” independently worked for Castro and assassinated a Panamanian president. That they also worked for the CIA does not make the CIA responsible for the Panamanian assassination.
That CIA/intelligence assets work this way is well-known and uncontroversial. The fact that countries use hacker assets like this is the controversial part. These hackers do act independently, yet we refuse to consider this when we want to “attribute” attacks.

Attribution is political

We have far better attribution for the nPetya attacks. It was less accidental (they clearly desired to disrupt Ukraine), and the hackers were much closer to the Russian government (Russian citizens). Yet, the Trump administration isn’t fighting Russia, they are fighting North Korea, so they don’t officially attribute nPetya to Russia, but do attribute Wannacry to North Korea.
Trump is in conflict with North Korea. He is looking for ways to escalate the conflict. Attributing Wannacry helps achieve his political objectives.
That it was blatantly politics is demonstrated by the way it was released to the press. It wasn’t released in the normal way, where the administration can stand behind it, and get challenged on the particulars. Instead, it was pre-released through the normal system of “anonymous government officials” to the NYTimes, and then backed up with op-ed in the Wall Street Journal. The government leaks information like this when it’s weak, not when its strong.

The proper way is to release the evidence upon which the decision was made, so that the public can challenge it. Among the questions the public would ask is whether it they believe it was North Korea’s intention to cause precisely this effect, such as disabling the British NHS. Or, whether it was merely hackers “affiliated” with North Korea, or hackers carrying out North Korea’s orders. We cannot challenge the government this way because the government intentionally holds itself above such accountability.

Conclusion

We believe hacking groups tied to North Korea are responsible for Wannacry. Yet, even if that’s true, we still have three attribution problems. We still don’t know if that was intentional, in pursuit of some political goal, or an accident. We still don’t know if it was at the direction of North Korea, or whether their hacker assets acted independently. We still don’t know if the government has answers to these questions, or whether it’s exploiting this doubt to achieve political support for actions against North Korea.

The EU is Working On Its Own Piracy Watch-List

Post Syndicated from Ernesto original https://torrentfreak.com/the-eu-is-working-on-its-own-piracy-watch-list-180124/

Earlier this month, the Office of the US Trade Representative (USTR) released an updated version of its “Out-of-Cycle Review of Notorious Markets,” ostensibly identifying some of the worst IP-offenders worldwide.

The annual list overview helps to guide the U.S. Government’s position towards foreign countries when it comes to copyright enforcement.

The most recent version featured traditional pirate sites such as The Pirate Bay, Rapidgator, and Gostream, but also the Russian social network VK and China-based marketplaces Alibaba and Taobao.com.

Since the list only identifies foreign sites, American services are never included. However, this restriction doesn’t apply in Europe, where the European Commission announced this week that it’s working on its own piracy watch list.

“The European Commission – on the basis of input from the stakeholders – after thorough verification of the received information – intends to publish a so called ‘Counterfeit and Piracy Watch-List’ in 2018, which will be updated regularly,” the EU’s call for submissions reads.

The EU watch list will operate in a similar fashion to the US equivalent and will be used to encourage site operators and foreign governments to take action.

“The list will identify and describe the most problematic marketplaces – with special focus on online marketplaces – in order to encourage their operators and owners as well as the responsible local authorities and governments to take the necessary actions and measures to reduce the availability of IPR infringing goods or services.”

In recent years various copyright holder groups have repeatedly complained about a lack of anti-piracy initiatives from companies such as Google and Cloudflare, so it will be interesting to see if these will be mentioned.

The same is true for online marketplaces. Responding to the US list last week, Alibaba also highlighted that several American companies suffer the same piracy and counterfeiting problems as they do, without being reprimanded.

“What about Amazon, eBay and others? USTR has no basis for comparison, because it does not ask for similar data from U.S. companies,” Alibaba noted in a rebuttal.

The EU watch list is clearly inspired by the US counterpart. It shows striking similarities with the US version of the watch list and some of the language appears to be copied (or pirated) word for word.

The EU writes, for example, that their list “will not mean to reflect findings of legal violations, nor will it reflect the European Union’s analysis of the general intellectual property rights protection and enforcement climate in the country or countries concerned.”

Just a few days earlier the USTR noted that its list “does not make findings of legal violations. Nor does it reflect the U.S. Government’s analysis of the general IP protection and enforcement climate in the countries connected with the listed markets.”

The above means that, despite branding foreign services as notorious offenders, these are mere allegations. No hard proof is to be expected in the report, nor will the EU research the matter on its own.

If the US example is followed, the watch list will be mostly an overview of copyright holder complaints, signed by the authorities. The latter is not without controversy, as China says it doubts the objectivity of USTR’s report for this very reason.

Copyright holders and other interested parties are invited to submit their contributions and comments by 31 March 2018, and the final list is expected to be released later in the year.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Hollywood Says Only Site-Blocking Left to Beat Piracy in New Zealand

Post Syndicated from Andy original https://torrentfreak.com/hollywood-says-only-site-blocking-left-to-beat-piracy-in-new-zealand-180123/

The Motion Picture Distributors’ Association (MPDA) is a non-profit organisation which represents major international film studios in New Zealand.

With companies including Fox, Sony, Paramount, Roadshow, Disney, and Universal on the books, the MPDA sings from the same sheet as the MPAA and MPA. It also hopes to achieve in New Zealand what its counterparts have achieved in Europe and Australia but cannot on home soil – mass pirate site blocking.

In a release heralding the New Zealand screen industry’s annual contribution of around NZ$1.05 billion to GDP and NZ$706 million to exports, MPDA Managing Director Matthew Cheetham says that despite the successes, serious challenges lie ahead.

“When we have the illegal file sharing site the Pirate Bay as New Zealand’s 19th most popular site in New Zealand, it is clear that legitimate movie and TV distribution channels face challenges,” Cheetham says.

MPDA members in New Zealand

In common with movie bosses in many regions, Cheetham is hoping that the legal system will rise to the challenge and assist distributors to tackle the piracy problem. In New Zealand, that might yet require a change in the law but given recent changes in Australia, that doesn’t seem like a distant proposition.

Last December, the New Zealand government announced an overhaul of the country’s copyright laws. A review of the Copyright Act 1994 was announced by the previous government and is now scheduled to go ahead this year. The government has already indicated a willingness to consider amendments to the Act in order to meet the objectives of New Zealand’s copyright regime.

“In New Zealand, piracy is almost an accepted thing, because no one’s really doing anything about it, because no one actually can do anything about it,” Cheetham said last month.

It’s quite unusual for Hollywood’s representatives to say nothing can be done about piracy. However, there was a small ray of hope this morning when Cheetham said that there is actually one option left.

“There’s nothing we can do in New Zealand apart from site blocking,” Cheetham said.

So, as the MPDA appears to pin its hopes on legislative change, other players in the entertainment industry are testing the legal system as it stands today.

Last September, Sky TV began a pioneering ‘pirate’ site-blocking challenge in the New Zealand High Court, applying for an injunction against several local ISPs to prevent their subscribers from accessing several pirate sites.

The boss of Vocus, one of the ISP groups targeted, responded angrily, describing Sky’s efforts as “dinosaur behavior” and something one would expect in North Korea, not in New Zealand.

“It isn’t our job to police the Internet and it sure as hell isn’t SKY’s either, all sites should be equal and open,” General Manager Taryn Hamilton said.

The response from ISPs suggests that even when the matter of site-blocking is discussed as part of the Copyright Act review, introducing specific legislation may not be smooth sailing. In that respect, all eyes will turn to the Sky process, to see if some precedent can be set there.

Finally, another familiar problem continues to raise its head down under. So-called “Kodi boxes” – the now generic phrase often used to describe set-top devices configured for piracy – are also on the content industries’ radar.

There are a couple of cases still pending against sellers, including one in which a budding entrepreneur sent out marketing letters claiming that his service was better than Sky’s offering. For seller Krish Reddy, this didn’t turn out well as the company responded with a NZ$1m lawsuit.

Generally, however, both content industries and consumers are having a good time in New Zealand but the MPDA’s Cheetham says that taking on pirates is never easy.

“It’s been called the golden age of television and a lot of premium movies have been released in the last 12 or 18 months. Content providers and distributors have really upped their game in the last five or 10 years to meet what people want but it’s very difficult to compete with free,” Cheetham concludes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Skygofree: New Government Malware for Android

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/01/skygofree_new_g.html

Kaspersky Labs is reporting on a new piece of sophisticated malware:

We observed many web landing pages that mimic the sites of mobile operators and which are used to spread the Android implants. These domains have been registered by the attackers since 2015. According to our telemetry, that was the year the distribution campaign was at its most active. The activities continue: the most recently observed domain was registered on October 31, 2017. Based on our KSN statistics, there are several infected individuals, exclusively in Italy.

Moreover, as we dived deeper into the investigation, we discovered several spyware tools for Windows that form an implant for exfiltrating sensitive data on a targeted machine. The version we found was built at the beginning of 2017, and at the moment we are not sure whether this implant has been used in the wild.

It seems to be Italian. Ars Technica speculates that it is related to Hacking Team:

That’s not to say the malware is perfect. The various versions examined by Kaspersky Lab contained several artifacts that provide valuable clues about the people who may have developed and maintained the code. Traces include the domain name h3g.co, which was registered by Italian IT firm Negg International. Negg officials didn’t respond to an email requesting comment for this post. The malware may be filling a void left after the epic hack in 2015 of Hacking Team, another Italy-based developer of spyware.

BoingBoing post.

Dark Caracal: Global Espionage Malware from Lebanon

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2018/01/dark_caracal_gl.html

The EFF and Lookout are reporting on a new piece of spyware operating out of Lebanon. It primarily targets mobile devices compromised by fake secure messaging clients like Signal and WhatsApp.

From the Lookout announcement:

Dark Caracal has operated a series of multi-platform campaigns starting from at least January 2012, according to our research. The campaigns span across 21+ countries and thousands of victims. Types of data stolen include documents, call records, audio recordings, secure messaging client content, contact information, text messages, photos, and account data. We believe this actor is operating their campaigns from a building belonging to the Lebanese General Security Directorate (GDGS) in Beirut.

It looks like a complex infrastructure that’s been well-developed, and continually upgraded and maintained. It appears that a cyberweapons arms manufacturer is selling this tool to different countries. From the full report:

Dark Caracal is using the same infrastructure as was previously seen in the Operation Manul campaign, which targeted journalists, lawyers, and dissidents critical of the government of Kazakhstan.

There’s a lot in the full report. It’s worth reading.

Three news articles.

Amazon Web Services Is the First Global Cloud Service Provider to Achieve the Korea-Information Security Management System Certification

Post Syndicated from Oliver Bell original https://aws.amazon.com/blogs/security/amazon-web-services-is-the-first-global-cloud-service-provider-to-achieve-the-korea-information-security-management-system-certification/

Scope of certification: Operation of infrastructure in the AWS Asia Pacific (Seoul) Region
Period of validity: December 27, 2017, through December 26, 2020

Amazon Web Services (AWS) has achieved the Korea-Information Security Management System (K-ISMS) Certification. The Korea Internet and Security Agency (KISA) completed its assessment of AWS, which covered the operation of infrastructure (such as compute, storage, networking, databases, and security) in the Asia Pacific (Seoul) Region. AWS is the first global cloud service provider to earn this status in Korea.

Sponsored by KISA and affiliated with the Korean Ministry of Science and ICT (MSIT), K-ISMS serves as a standard for evaluating whether enterprises and organizations operate and manage their information security management systems consistently and securely such that they thoroughly protect their information assets. The K-ISMS certification assessment covers 104 criteria, including 12 control items in 5 sectors for information security management, and 92 control items in 13 sectors for information security countermeasures.

With this certification, enterprises and organizations across Korea can meet KISA compliance requirements more effectively. Achieving this certification demonstrates the proactive approach AWS has taken with regard to driving compliance with the Korean government’s requirements and delivering secure AWS services to Korean customers. Enterprises and organizations in Korea that need the K-ISMS certification can use the work that AWS has done to reduce the time and cost of getting their own certification.

– Oliver

Kim Dotcom Sues Government for ‘Billions’ Over Erroneous Arrest

Post Syndicated from Ernesto original https://torrentfreak.com/kim-dotcom-sues-government-for-billions-over-erroneous-arrest-180121/

Six years ago, New Zealand police carried out a spectacular military-style raid against individuals accused only of copyright infringement.

Acting on allegations from the United States government and its Hollywood partners, New Zealand’s elite counter-terrorist force raided the mansion of Kim Dotcom, who was detained along with his wife and children.

Megaupload’s founder has always maintained that his arrest was unlawful under New Zealand law, and he is determined to hold the authorities accountable.

In addition to getting married and celebrating his birthday this weekend, the German born entrepreneur announced that he is seeking damages from the New Zealand Government.

“Today, 6 years ago, the NZ Govt enabled the unlawful destruction of Megaupload and seizure of my global assets,” Dotcom wrote on Twitter.

“I was arrested for the alleged online piracy of my users. Not even a crime in NZ. My lawyers have served a multi billion dollar damages claim against the Govt today,” he added.

Dotcom’s lawyer Ira Rothken informs TorrentFreak that a damages claim was filed at the New Zealand High Court last December.

“We confirm that our legal team filed a Statement of Claim in the New Zealand High Court for monetary damages on December 22, 2017 on behalf of Kim Dotcom against the United States and NZ governmental entities alleging that defendants pursued with malice and material non disclosure an erroneous arrest warrant,” Rothken says.

In the claim, Dotcom’s legal team argues that the arrest warrant was invalid. They say that there were no reasonable grounds on which the District Court could conclude that Dotcom’s alleged crimes were an extraditable offense.

The consequences, however, were rather severe. Dotcom lost his freedom and also his company, which was worth billions and preparing for an IPO, according to the legal paperwork.

“At the time the Restraint Orders were granted, second plaintiff was preparing to list on the Stock Exchange of Hong Kong at a conservative valuation of not less than US$2.6 billion,” the claim reads.

This valuation is based on a valuation of $40 for each of the 66 million users Megaupload had, which generated $45 million in profits per year. If Megaupload had not have been raided, today’s value could be as high as $10 billion.

Mega value

Dotcom has a 68 percent stake in the Megaupload companies and seeks damages that will compensate for lost profits. In addition, he requests compensation for legal costs, lost business opportunities, loss of reputation, and other losses.

The exact scale of the damages isn’t specified and will have to be determined at a later stage, before trial.

The claim doesn’t come as a surprise to the New Zealand Government, Prime Minister Jacinda Ardern said in a brief response.

“This has obviously been an ongoing matter, so no it doesn’t surprise me,” she commented.

A copy of the full claim is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

China Seriously Doubts Objectivity of US ‘Pirate Site’ List

Post Syndicated from Ernesto original https://torrentfreak.com/china-seriously-doubts-objectivity-of-us-pirate-site-list-180120/

Late last week, the Office of the US Trade Representative (USTR) released an updated version of its “Out-of-Cycle Review of Notorious Markets,” identifying some of the worst IP-offenders worldwide.

The overview is largely based on input from major copyright holders and related industry groups. While the US Government admits that it doesn’t make any judgments, the list carries a lot of weight and can hurt the image of companies that are singled out.

For some of the ‘classic’ pirate sites such as The Pirate Bay, this doesn’t really matter. On the contrary, they may see it as a badge of honor. However, for billion-dollar businesses such as Alibaba and VK, it’s a different story.

They are not at risk of being the target of a criminal prosecution, as some classic pirate sites are, but the listing will make them a hot topic on the political agenda.

Interestingly, it seems that not all countries are happy with seeing some of their top companies being singled out. When China’s commerce ministry spokesman Gao Feng was confronted with the fact that Alibaba and its Taobao.com site were listed, he made some noteworthy observations.

“In the report, the U.S. frequently discusses the relevant Chinese businesses with the words like ‘reportedly,’ ‘according to authoritative sources’ and the like,” Feng told the local press.

In its report, the US Government stressed that Alibaba should do more to combat counterfeiting and piracy on Taobao.com and other platforms, but China’s officials don’t seem convinced.

“It lacked conclusive evidence and had no relevant figures to back up its points. We have no choice but to express our doubts about the objectivity and reliability of the department that issued the report,” Feng added.

China’s commerce ministry has a point. The USTR report is compiled from comments that are provided by copyright holders. These are not thoroughly vetted, as far as we know, which doesn’t seem very objective.

Even more concerning, copyright holders often cite the USTR’s notorious markets list in legal and lobbying efforts, even though they are in essence their own findings in a rewritten form. While that may be very convenient, it can also be misleading.

Alibaba itself went a step further than the commerce ministry and noted that the company is being used as a “scapegoat” in a geopolitical game. In a detailed ten-page rebuttal, the marketplace responded to the allegations point by point.

“As a result of the rise of trade protectionism, Alibaba has been turned into a scapegoat by the USTR to win points in a highly-politicized environment and their actions should be recognized for what they are,” the company commented.

“The USTR’s actions made it clear that the Notorious Markets List, which only targets non-US marketplaces, is not about intellectual property protection, but just another instrument to achieve the US Government’s geopolitical objectives.”

Critique on the USTR’s Special 301 reports, which the Notorious Markets lists are part of, is not new. Earlier this year Canada’s Government described the process as flawed as it’s mainly driven by one-sided copyright industry claims.

“Canada does not recognize the validity of the Special 301 and considers the process and the Report to be flawed,” a Government memo read.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons

Hollywood Asks New UK Culture Secretary To Fight Online Piracy

Post Syndicated from Andy original https://torrentfreak.com/hollywood-asks-new-uk-culture-secretary-to-fight-online-piracy-180119/

Following Prime Minister Theresa May’s cabinet reshuffle earlier this month, Matt Hancock replaced Karen Bradley as Secretary of State for Digital, Culture, Media and Sport.

Hancock, the 39-year-old MP for West Suffolk, was promoted from his role as Minister for Digital and Culture, a position he’d held since July 2016.

“Thrilled to become DCMS Secretary. Such an exciting agenda, so much to do, and great people. Can’t wait to get stuck in,” he tweeted.

Of course, the influence held by the Culture Secretary means that the entertainment industries will soon come calling, seeking help and support in a number of vital areas. No surprise then that Stan McCoy, president and managing director at the ‎Motion Picture Association’s EMEA division, has just jumped in with some advice for Hancock.

In an open letter published on Screen Daily, McCoy begins by reminding Hancock that the movie industry contributes considerable sums to the UK economy.

“We are one of the country’s most valuable economic and cultural assets – worth almost £92bn, growing at twice the rate of the economy, and making a positive contribution to the UK’s balance of payments,” McCoy writes.

“Britain’s status as a center of excellence for the audiovisual sector in particular is no accident: It results from the hard work and genius of our creative workforce, complemented by the support of governments that have guided their policies toward enabling continued excellence and growth.”

McCoy goes on to put anti-piracy initiatives at the very top of his wishlist – and Hancock’s to-do list.

“A joined-up strategy to curb proliferation of illegal, often age-inappropriate and malware-laden content online must include addressing the websites, environments and apps that host and facilitate piracy,” McCoy says.

“In addition to hurting one of Britain’s most important industries, they are overwhelmingly likely to harm children and adult consumers through nasty ads, links to adult content with no age verification, scams, fraud and other unpleasantness.”

That McCoy begins with the “piracy is dangerous” approach is definitely not a surprise. This Hollywood and wider video industry strategy is now an open secret. However, it feels a little off that the UK is being asked to further tackle pirate sites.

Through earlier actions, facilitated by the UK legal system and largely sympathetic judges, many thousands of URLs and domains linking to pirate sites, mirrors and proxies, are impossible to access directly through the UK’s major ISPs. Although a few slip through the net, directly accessing the majority of pirate sites in the UK is now impossible.

That’s already a considerable overseas anti-piracy position for the MPA who, as the “international voice” of the Motion Picture Association of America (MPAA), represents American corporations including Disney, Paramount, Sony Pictures, 20th Century Fox, Universal, and Warner Bros.

There’s no comparable blocking system for these companies to use in the United States and rightsholders in the UK can even have extra sites blocked without going back to court for permission. In summary, these US companies arguably get a better anti-piracy deal in the UK than they do at home in the United States.

In his next point, McCoy references last year’s deal – which was reached following considerable pressure from the UK government – between rightsholders and search engines including Google and Bing to demote ‘pirate’ results.

“Building on last year’s voluntary deal with search engines, the Government should stay at the cutting edge of ensuring that everyone in the ecosystem – including search engines, platforms and social media companies – takes a fair share of responsibility,” McCoy says.

While this progress is clearly appreciated by the MPA/MPAA, it’s difficult to ignore that the voluntary arrangement to demote infringing content is somewhat special if not entirely unique. There is definitely nothing comparable in the United States so keeping up the pressure on the UK Government feels a little like getting the good kid in class to behave, while his rowdy peers nearer the chalkboard get ignored.

The same is true for McCoy’s call for the UK to “banish dodgy streaming devices”.

“Illegal streaming devices loaded with piracy apps and malware – not to mention the occasional electrical failure – are proliferating across the UK, to the detriment of consumers and industry,” he writes.

“The sector is still waiting for the Intellectual Property Office to publish the report on its Call for Views on this subject. This will be one of several opportunities, along with the promised Digital Charter, to make clear that these devices and the apps and content they supply are unacceptable, dangerous to consumers, and harmful to the creative industry.”

Again, prompting the UK to stay on top of this game doesn’t feel entirely warranted.

With dozens of actions over the past few years, the Police Intellectual Property Crime Unit and the Federation Against Copyright Theft (which Hollywood ironically dumped in 2016) have done more to tackle the pirate set-top box problem than any group on the other side of the Atlantic.

Admittedly the MPAA is now trying to catch up, with recent prosecutions of two ‘pirate’ box vendors (1,2), but largely the work by the studios on their home turf has been outpaced by that of their counterparts in the UK.

Maybe Hancock will mention that to Hollywood at some point in the future.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and more. We also have VPN discounts, offers and coupons