Tag Archives: police

Apple’s FaceID

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/09/apples_faceid.html

This is a good interview with Apple’s SVP of Software Engineering about FaceID.

Honestly, I don’t know what to think. I am confident that Apple is not collecting a photo database, but not optimistic that it can’t be hacked with fake faces. I dislike the fact that the police can point the phone at someone and have it automatically unlock. So this is important:

I also quizzed Federighi about the exact way you “quick disabled” Face ID in tricky scenarios — like being stopped by police, or being asked by a thief to hand over your device.

“On older phones the sequence was to click 5 times [on the power button], but on newer phones like iPhone 8 and iPhone X, if you grip the side buttons on either side and hold them a little while — we’ll take you to the power down [screen]. But that also has the effect of disabling Face ID,” says Federighi. “So, if you were in a case where the thief was asking to hand over your phone — you can just reach into your pocket, squeeze it, and it will disable Face ID. It will do the same thing on iPhone 8 to disable Touch ID.”

That squeeze can be of either volume button plus the power button. This, in my opinion, is an even better solution than the “5 clicks” because it’s less obtrusive. When you do this, it defaults back to your passcode.

More:

It’s worth noting a few additional details here:

  • If you haven’t used Face ID in 48 hours, or if you’ve just rebooted, it will ask for a passcode.
  • If there are 5 failed attempts to Face ID, it will default back to passcode. (Federighi has confirmed that this is what happened in the demo onstage when he was asked for a passcode — it tried to read the people setting the phones up on the podium.)

  • Developers do not have access to raw sensor data from the Face ID array. Instead, they’re given a depth map they can use for applications like the Snap face filters shown onstage. This can also be used in ARKit applications.

  • You’ll also get a passcode request if you haven’t unlocked the phone using a passcode or at all in 6.5 days and if Face ID hasn’t unlocked it in 4 hours.

Also be prepared for your phone to immediately lock every time your sleep/wake button is pressed or it goes to sleep on its own. This is just like Touch ID.

Federighi also noted on our call that Apple would be releasing a security white paper on Face ID closer to the release of the iPhone X. So if you’re a researcher or security wonk looking for more, he says it will have “extreme levels of detail” about the security of the system.

Here’s more about fooling it with fake faces:

Facial recognition has long been notoriously easy to defeat. In 2009, for instance, security researchers showed that they could fool face-based login systems for a variety of laptops with nothing more than a printed photo of the laptop’s owner held in front of its camera. In 2015, Popular Science writer Dan Moren beat an Alibaba facial recognition system just by using a video that included himself blinking.

Hacking FaceID, though, won’t be nearly that simple. The new iPhone uses an infrared system Apple calls TrueDepth to project a grid of 30,000 invisible light dots onto the user’s face. An infrared camera then captures the distortion of that grid as the user rotates his or her head to map the face’s 3-D shape­ — a trick similar to the kind now used to capture actors’ faces to morph them into animated and digitally enhanced characters.

It’ll be harder, but I have no doubt that it will be done.

More speculation.

I am not planning on enabling it just yet.

A Million ‘Pirate’ Boxes Sold in the UK During The Last Two Years

Post Syndicated from Andy original https://torrentfreak.com/a-million-pirate-boxes-sold-in-the-uk-during-the-last-two-years-170919/

With the devices hitting the headlines on an almost weekly basis, it probably comes as no surprise that ‘pirate’ set-top boxes are quickly becoming public enemy number one with video rightsholders.

Typically loaded with the legal Kodi software but augmented with third-party addons, these often Android-based pieces of hardware drag piracy out of the realm of the computer savvy and into the living rooms of millions.

One of the countries reportedly most affected by this boom is the UK. The consumption of these devices among the general public is said to have reached epidemic proportions, and anecdotal evidence suggests that terms like Kodi and Showbox are now household terms.

Today we have another report to digest, this time from the Federation Against Copyright Theft, or FACT as they’re often known. Titled ‘Cracking Down on Digital Piracy,’ the report provides a general overview of the piracy scene, tackling well-worn topics such as how release groups and site operators work, among others.

The report is produced by FACT after consultation with the Police Intellectual Property Crime Unit, Intellectual Property Office, Police Scotland, and anti-piracy outfit Entura International. It begins by noting that the vast majority of the British public aren’t involved in the consumption of infringing content.

“The most recent stats show that 75% of Brits who look at content online abide by the law and don’t download or stream it illegally – up from 70% in 2013. However, that still leaves 25% who do access material illegally,” the report reads.

The report quickly heads to the topic of ‘pirate’ set-top boxes which is unsurprising, not least due to FACT’s current focus as a business entity.

While it often positions itself alongside government bodies (which no doubt boosts its status with the general public), FACT is a private limited company serving The Premier League, another company desperate to stamp out the use of infringing devices.

Nevertheless, it’s difficult to argue with some of the figures cited in the report.

“At a conservative estimate, we believe a million set-top boxes with software added
to them to facilitate illegal downloads have been sold in the UK in the last couple
of years,” the Intellectual Property Office reveals.

Interestingly, given a growing tech-savvy public, FACT’s report notes that ready-configured boxes are increasingly coming into the country.

“Historically, individuals and organized gangs have added illegal apps and add-ons onto the boxes once they have been imported, to allow illegal access to premium channels. However more recently, more boxes are coming into the UK complete with illegal access to copyrighted content via apps and add-ons already installed,” FACT notes.

“Boxes are often stored in ‘fulfillment houses’ along with other illegal electrical items and sold on social media. The boxes are either sold as one-off purchases, or with a monthly subscription to access paid-for channels.”

While FACT press releases regularly blur the lines when people are prosecuted for supplying set-top boxes in general, it’s important to note that there are essentially two kinds of products on offer to the public.

The first relies on Kodi-type devices which provide on-going free access to infringing content. The second involves premium IPTV subscriptions which are a whole different level of criminality. Separating the two when reading news reports can be extremely difficult, but it’s a hugely important to recognize the difference when assessing the kinds of sentences set-top box suppliers are receiving in the UK.

Nevertheless, FACT correctly highlights that the supply of both kinds of product are on the increase, with various parties recognizing the commercial opportunities.

“A significant number of home-grown British criminals are now involved in this type of crime. Some of them import the boxes wholesale through entirely legal channels, and modify them with illegal software at home. Others work with sophisticated criminal networks across Europe to bring the boxes into the UK.

“They then sell these boxes online, for example through eBay or Facebook, sometimes managing to sell hundreds or thousands of boxes before being caught,” the company adds.

The report notes that in some cases the sale of infringing set-top boxes occurs through cottage industry, with suppliers often working on their own or with small groups of friends and family. Invetiably, perhaps, larger scale operations are reported to be part of networks with connections to other kinds of crime, such as dealing in drugs.

“In contrast to drugs, streaming devices provide a relatively steady and predictable revenue stream for these criminals – while still being lucrative, often generating hundreds of thousands of pounds a year, they are seen as a lower risk activity with less likelihood of leading to arrest or imprisonment,” FACT reports.

While there’s certainly the potential to earn large sums from ‘pirate’ boxes and premium IPTV services, operating on the “hundreds of thousands of pounds a year” scale in the UK would attract a lot of unwanted attention. That’s not saying that it isn’t already, however.

Noting that digital piracy has evolved hugely over the past three or four years, the report says that the cases investigated so far are just the “tip of the iceberg” and that many other cases are in the early stages and will only become known to the public in the months and years ahead.

Indeed, the Intellectual Property Office hints that some kind of large-scale enforcement action may be on the horizon.

“We have identified a significant criminal business model which we have discussed and shared with key law enforcement partners. I can’t go into detail on this, but as investigations take their course, you will see the scale,” an IPO spokesperson reveals.

While details are necessarily scarce, a source familiar with this area told TF that he would be very surprised if the targets aren’t the growing handful of commercial UK-based IPTV re-sellers who offer full subscription TV services for a few pounds per month.

“They’re brazen. Watch this space,” he said.

FACT’s full report, Cracking Down on Digital Piracy, can be downloaded here (pdf)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

EU Prepares Guidelines to Force Google & Facebook to Police Piracy

Post Syndicated from Andy original https://torrentfreak.com/eu-prepares-guidelines-to-force-google-facebook-to-police-piracy-170915/

In the current climate, creators and distributors are forced to play a giant game of whac-a-mole to limit the unlicensed spread of their content on the Internet.

The way the law stands today in the United States, EU, and most other developed countries, copyright holders must wait for content to appear online before sending targeted takedown notices to hosts, service providers, and online platforms.

After sending several billion of these notices, patience is wearing thin, so a new plan is beginning to emerge. Rather than taking down content after it appears, major entertainment industry groups would prefer companies to take proactive action. The upload filters currently under discussion in Europe are a prime example but are already causing controversy.

Continuing the momentum in this direction, Reuters reports that the European Union will publish draft guidelines at the end of this month, urging platforms such as Google and Facebook to take a more proactive approach to illegal content of all kinds.

“Online platforms need to significantly step up their actions to address this problem,” the draft EU guidelines say.

“They need to be proactive in weeding out illegal content, put effective notice-and-action procedures in place, and establish well-functioning interfaces with third parties (such as trusted flaggers) and give a particular priority to notifications from national law enforcement authorities.”

On the copyright front, Google already operates interfaces designed to take down infringing content. And, as the recent agreement in the UK with copyright holders shows, is also prepared to make infringing content harder to find. Nevertheless, it will remain to be seen if Google is prepared to give even ‘trusted’ third-parties a veto on what content can appear online, without having oversight itself.

The guidelines are reportedly non-binding but further legislation in this area isn’t being ruled out for Spring 2018, if companies fail to make significant progress.

Interestingly, however, a Commission source told Reuters that any new legislation would not “change the liability exemption for online platforms.” Maintaining these so-called ‘safe harbors’ is a priority for online giants such as Google and Facebook – anything less would almost certainly be a deal-breaker.

The guidelines, due to be published at the end of September, will also encourage online platforms to publish transparency reports. These should detail the volume of notices received and actions subsequently taken. Again, Google is way ahead of the game here, having published this kind of data for the past several years.

“The guidelines also contain safeguards against excessive removal of content, such as giving its owners a right to contest such a decision,” Reuters adds.

More will be known about the proposals in a couple of weeks but it’s quite likely they’ll spark another round of debate on whether legislation is the best route to tackle illegal content or whether voluntary agreements – which have a tendency to be rather less open – should be the way to go.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Another iPhone Change to Frustrate the Police

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/09/another_iphone_.html

I recently wrote about the new ability to disable the Touch ID login on iPhones. This is important because of a weirdness in current US law that protects people’s passcodes from forced disclosure in ways it does not protect actions: being forced to place a thumb on a fingerprint reader.

There’s another, more significant, change: iOS now requires a passcode before the phone will establish trust with another device.

In the current system, when you connect your phone to a computer, you’re prompted with the question “Trust this computer?” and you can click yes or no. Now you have to enter in your passcode again. That means if the police have an unlocked phone, they can scroll through the phone looking for things but they can’t download all of the contents onto a another computer without also knowing the passcode.

More details:

This might be particularly consequential during border searches. The “border search” exception, which allows Customs and Border Protection to search anything going into the country, is a contentious issue when applied electronics. It is somewhat (but not completely) settled law, but that the U.S. government can, without any cause at all (not even “reasonable articulable suspicion”, let alone “probable cause”), copy all the contents of my devices when I reenter the country sows deep discomfort in myself and many others. The only legal limitation appears to be a promise not to use this information to connect to remote services. The new iOS feature means that a Customs office can browse through a device — a time limited exercise — but not download the full contents.

Founder of Fan-Made Subtitle Site Convicted for Copyright Infringement

Post Syndicated from Ernesto original https://torrentfreak.com/founder-of-subtitle-site-convicted-for-copyright-infringement-170914/

Every day millions of people enjoy fan-made subtitles. They help foreigners understand English-speaking entertainment and provide the deaf with a way to comprehend audio.

Quite often these subtitles are used in combination with pirated files. This is a thorn in the side to copyright holder groups, who see this as a threat to their business.

In Sweden, Undertexter was one of the leading subtitle resources for roughly a decade. The site allowed users to submit their own translated subtitles for movies and TV shows, which were then made available to the public.

In the summer of 2013, this reign came to an end after the site was pulled offline. Following pressure from Hollywood-based movie companies, police raided the site and seized its servers.

The raid and subsequent criminal investigation came as a surprise to the site’s founder, Eugen Archy, who didn’t think he or the site’s users were offering an illegal service.

“The people who work on the site don’t consider their own interpretation of dialog to be something illegal, especially when we’re handing out these interpretations for free,” he said at the time.

The arrest made it clear that the authorities disagreed. The Undertexter founder was prosecuted for distributing copyright-infringing subtitles, risking a possible prison sentence. While Archy was found guilty this week, luckily for him he remains a free man.

The Attunda District Court sentenced the now 32-year-old operator to probation. In addition, he has to pay 217,000 Swedish Kroner ($27,000), which will be taken from the advertising and donation revenues he collected through the site.

While there were millions of subtitles available on Undertexter, only 74 movies were referenced by the prosecution. These were carefully selected to ensure a strong case it seems, as many of the titles weren’t commercially available in Sweden at the time.

During the trial, the defense had argued that the fan-made subtitles are not infringing since movies are made up of video and sound, with subtitles being an extra. However, the court disagreed with this line of reasoning, the verdict shows.

While the copyright holders may have hoped for a heftier punishment, the ruling confirms that fan-made subtitles can be seen as copyright infringements. Prosecutor Henrik Rasmusson is satisfied with the outcome, IDG reports, but he will leave the option to appeal open for now.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Indian Movie Actor Mobbed By Press After Arrest of Torrent Site Admin

Post Syndicated from Andy original https://torrentfreak.com/indian-movie-actor-mobbed-by-press-after-airport-torrent-site-arrest-170913/

While most of the headlines relating to Internet piracy are focused on North America and Europe, there are dozens of countries where piracy is a way of life for millions of citizens. India, with its booming economy and growth in technology, is certainly one of them.

According to a recently published report, India now has 355 million Internet users out of a population of more than 1.3 billion. Not only is there massive room for growth, that figure is up from 277 million just two years ago. The rate of growth is astonishing.

Needless to say, Indians love their Internet and increasing numbers of citizens are also getting involved in the piracy game. There are many large sites and prominent release groups operating out of the country, some of them targeting the international market. Carry out a search for DVDSCR (DVD screener) on most search indexes globally and one is just as likely to find Indian movie releases as those emanating from the West.

If people didn’t know it already, India is nurturing a pirate force to be reckoned with, with local torrent and streaming sites pumping out the latest movies at an alarming rate. This has caused an outcry from many in the movie industry who are determined to do something to stem the tide.

One of these is actor Vishal Krishna, who not only stars in movies but is also a producer working in the Tamil film industry. Often referred to simply by his first name, Vishal has spoken out regularly against piracy in his role at the Tamil Film Producers Council.

In May, he referred to the operators of the hugely popular torrent site TamilRockers as ‘Internet Mafias’ while demanding their arrest for leaking the blockbuster Baahubali 2, a movie that pulled in US$120 million in six days. Now, it appears, he may have gotten his way. Well, partially, at least.

Last evening, reports began to surface of an arrest at Chennai airport in north east India. According to local media, Gauri Shankar, an alleged administrator of Tamilrockers.co, was detained by Triplicane police.

This would’ve been a huge coup for Vishal, who has been warning Tamilrockers to close down for the past three years. He even claimed to know the identity of the main perpetrator behind the site, noting that it was only a matter of time before he was brought to justice.

Soon after the initial reports, however, other media outlets claimed that Gauri Shankar is actually an operator at Tamilgun, another popular pirate portal currently blocked by ISPs on the orders of the Indian government.

So was it rockers or gun? According to Indiaglitz.com, Vishal rushed to the scene in Chennai to find out.

Outside the police station

What followed were quite extraordinary scenes outside the Triplicane police station. Emerging from the building flanked by close to 20 men, some in uniform, Vishal addressed an excited crowd of reporters. A swathe of microphones from various news outlets greeted him as he held up his hands urging the crowd to calm down.

“Just give us some time, I will give you the details,” Vishal said in two languages.

“Just give us some time. It is too early. I’ll just give it to you in a bit. It’s something connected to website piracy. Just give me some time. I have to give you all the details, proper details.”

So, even after all the excitement, it’s unclear who the police have in custody. Nevertheless, the attention this event is getting from the press is on a level rarely seen in a piracy case, so more news is bound to follow soon.

In the meantime, both TamilRockers and TamilGun remain online, operating as normal. Clearly, there is much more work to be done.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

KinoX / Movie4K Admin Detained in Kosovo After Three-Year Manhunt

Post Syndicated from Andy original https://torrentfreak.com/kinox-movie4k-admin-detained-in-kosovo-after-three-year-manhunt-170912/

In June 2011, police across Europe carried out the largest anti-piracy operation the region had ever seen. Their target was massive streaming portal Kino.to and several affiliates with links to Spain, France and the Netherlands.

With many sites demonstrating phoenix-like abilities these days, it didn’t take long for a replacement to appear.

Replacement platform KinoX soon attracted a large fanbase and with that almost immediate attention from the authorities. In October 2014, Germany-based investigators acting on behalf of the Attorney General carried out raids in several regions of the country looking for four main suspects.

One raid, focused on a village near to the northern city of Lübeck, targeted two brothers, then aged 21 and 25-years-old. The pair, who were said to have lived with their parents, were claimed to be the main operators of Kinox.to and another large streaming site, Movie4K.to. Although two other men were arrested elsewhere in Germany, the brothers couldn’t be found.

This was to be no ordinary manhunt by the police. In addition to accusing the brothers of copyright infringement and tax evasion, authorities indicated they were wanted for fraud, extortion, and arson too. The suggestion was that they’d targeted a vehicle owned by a pirate competitor, causing it to “burst into flames”.

The brothers were later named as Kastriot and Kreshnik Selimi. Born in 1992, 21-year-old Kreshnik was born in Sweden. 25-year-old Kastriot was born in Kosovo in 1989 and along with his brother, later became a German citizen.

With authorities piling on the charges, the pair were accused of being behind not only KinoX and Movie4K, but also other hosting and sharing platforms including BitShare, Stream4k.to, Shared.sx, Mygully.com and Boerse.sx.

Now, almost three years later, German police are one step closer to getting their men. According to a Handelsblatt report via Tarnkappe, Kreshnik Selimi has been detained by authorities.

The now 24-year-old suspect reportedly handed himself to the German embassy located in the capital of Kosovo, Prestina. The location of the arrest isn’t really a surprise. Older brother Kastriot previously published a picture on Instagram which appeared to show a ticket in his name destined for Kosovo from Zurich in Switzerland.

But while Kreshnik’s arrest reportedly took place in July, there’s still no news of Kastriot. The older brother is still on the run, maybe in Kosovo, or by now, potentially anywhere else in the world.

While his whereabouts remain a mystery, the other puzzle faced by German authorities is the status of the two main sites the brothers were said to maintain.

Despite all the drama and unprecedented allegations of violence and other serious offenses, both Movie4K and KinoX remain stubbornly online, apparently oblivious to the action.

There have been consequences for people connected to the latter, however.

In December 2015, Arvit O (aka “Pedro”) who handled technical issues on KinoX, was sentenced to 40 months in prison for his involvement in the site.

Arvit O, who made a partial confession, was found guilty of copyright infringement by the District Court of Leipzig. The then 29-year-old admitted to infringing 2,889 works. The Court also found that he hacked the computers of two competitors in order to improve Kinox’s market share.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

The Things Pirates Do To Hinder Anti-Piracy Investigations

Post Syndicated from Andy original https://torrentfreak.com/the-things-pirates-do-to-hinder-anti-piracy-outfits-170909/

Dedicated Internet pirates dealing in fresh content or operating at any significant scale can be pretty sure that rightsholders and their anti-piracy colleagues are interested in their activities at some level.

With this in mind, most pirates these days are aware of things they can do to enhance their security, with products like VPNs often get discussed on the consumer side.

This week, in a report detailing the challenges social media poses to intellectual property rights, UK anti-piracy outfit Federation Against Copyright Theft published a list of techniques deployed by pirates that hinder their investigations.

Fake/hidden website registration details

“Website registration details are often fake or hidden, which provides no further links to the person controlling the domain and its illegal activities,” the group reveals.

Protected WHOIS records are nothing new and can sometimes be uncloaked by a determined adversary via court procedures. However, in the early stages of an investigation, open records provide leads that can be extremely useful in building an early picture about who might be involved in the operation of a website.

Having them hidden is a definite plus for pirate site operators, especially when the underlying details are also fake, which is particularly common practice. And, with companies like Peter Sunde’s Njalla entering the market, hiding registrations is easier than ever.

Overseas servers

“Investigating servers located offshore cause some specific problems for FACT’s law-enforcement partners. In order to complete a full investigation into an offshore server, a law-enforcement agency must liaise with its counterpart in the country where the server is located. The difficulties of obtaining evidence from other countries are well known,” FACT notes.

While FACT no doubt corresponds with entities overseas, the anti-piracy outfit has a history of targeting UK citizens who are reportedly infringing copyright. It regularly involves UK police in its investigations (FACT itself employs former police officers) but jurisdiction is necessarily limited to the UK.

It is possible to get overseas law enforcement entities involved to seize a server, for example, but they have to be convinced of the need to do so by the police, which isn’t easy and is usually reserved for more serious cases. The bottom line is that by placing a server a long way away from a pirate’s home territory, things can be made much more difficult for local investigators.

Torrent websites and DMCA compliance

“Some torrent website operators who maintain a high DMCA compliance rate will often use this to try to appease the law, while continuing to provide infringing links,” FACT says.

This is an interesting one. Under law in both the United States and Europe, service providers are required to remove infringing content from their systems when they are notified of its existence by a rightsholder or its agent. Not doing so can render them liable, if the content is indeed infringing.

What FACT appears to be saying is that sites that comply with the law, by removing infringing content when asked to, become more difficult targets for legal action. It sounds very obvious but the underlying suggestion is that compliance on the surface is used as a protective mechanism. No example sites are mentioned but the strategy has clearly hindered FACT.

Current legislation too vague to remove infringing live sports streams

“Current legislation is insufficient to effectively tackle the issue of websites illegally offering coverage of live sports events. Section 512 (c) of the Digital Millennium Copyright Act (DMCA) states that: upon notification of claimed infringement, the service provider should ‘respond expeditiously’ to remove or disable access to the copyright-infringing material. Most live sports events are under two hours long, so such non-specific timeframes for required action are inadequate,” FACT complains.

Since government reports like these can take a long time to prepare, it appears that FACT and its partners may have already found a solution to this particular problem. Major FACT client the Premier League now has a High Court injunction in place which allows it to block infringing streams on a real-time basis. It doesn’t remove the content at its source, but it still renders it largely inaccessible in the UK.

Nevertheless, FACT calls for takedowns to be actioned more swiftly, noting that “the law needs to reflect this narrow timeframe with a specified required response period for websites offering such live feeds.”

Camming content directly from cinema screen to the cloud

“Recent advancements in technology have made this a viable option to ‘cammers’ to avoid detection. Attempts to curtail and delete illicitly recorded film footage may become increasingly difficult with the emergence of streaming apps that automatically upload recorded video to cloud services,” FACT reports.

Over the years, FACT has been involved in numerous operations to hinder those who record movies with cameras in theaters and then upload them to the Internet. Once the perpetrator has exited the theater, FACT has effectively lost the battle, but the possibility that a live upload can now take place is certainly an interesting proposition.

“While enforcing officers may delete the footage held on the device, the footage has potentially already been stored remotely on a cloud system,” FACT warns.

Equally, this could also prove a problem for those seeking to secure evidence. With a cloud upload, the person doing the recording could safely delete the footage from the local device. That could be an obstacle to proving that an offense had even been committed when a suspect is confronted in situ.

Virtual currencies

“There is great potential in virtual currencies for money launderers and illicit traders. Government and law enforcement have raised concerns on how virtual currencies can be sent anonymously, leaving little or no trail for regulators or law-enforcement agencies,” FACT writes.

For many years, pirates of all kinds have relied on systems like PayPal, Mastercard, and Visa, to shift money around. However, these payment systems are now more difficult to deploy on pirate services and are more easily traced, even when operators manage to squeeze them through the gaps.

The same cannot be said of bitcoin and similar currencies that are gaining in popularity all the time. They are harder to use, of course, but there’s little doubt accessibility issues will be innovated out of the equation at some point. Once that happens, these currencies will be a force to be reckoned with.

The UK government’s Share and Share Alike report, which examines the challenges social media poses to intellectual property rights, can be downloaded here (pdf)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

New UK IP Crime Report Reveals Continued Focus on ‘Pirate’ Kodi Boxes

Post Syndicated from Andy original https://torrentfreak.com/new-uk-ip-crime-report-reveals-continued-focus-on-pirate-kodi-boxes-170908/

The UK’s Intellectual Property Office has published its annual IP Crime Report, spanning the period 2016 to 2017.

It covers key events in the copyright and trademark arenas and is presented with input from the police and trading standards, plus private entities such as the BPI, Premier League, and Federation Against Copyright Theft, to name a few.

The report begins with an interesting statistic. Despite claims that many millions of UK citizens regularly engage in some kind of infringement, figures from the Ministry of Justice indicate that just 47 people were found guilty of offenses under the Copyright, Designs and Patents Act during 2016. That’s down on the 69 found guilty in the previous year.

Despite this low conviction rate, 15% of all internet users aged 12+ are reported to have consumed at least one item of illegal content between March and May 2017. Figures supplied by the Industry Trust for IP indicate that 19% of adults watch content via various IPTV devices – often referred to as set-top, streaming, Android, or Kodi boxes.

“At its cutting edge IP crime is innovative. It exploits technological loopholes before they become apparent. IP crime involves sophisticated hackers, criminal financial experts, international gangs and service delivery networks. Keeping pace with criminal innovation places a burden on IP crime prevention resources,” the report notes.

The report covers a broad range of IP crime, from counterfeit sportswear to foodstuffs, but our focus is obviously on Internet-based infringement. Various contributors cover various aspects of online activity as it affects them, including music industry group BPI.

“The main online piracy threats to the UK recorded music industry at present are from BitTorrent networks, linking/aggregator sites, stream-ripping sites, unauthorized streaming sites and cyberlockers,” the BPI notes.

The BPI’s website blocking efforts have been closely reported, with 63 infringing sites blocked to date via various court orders. However, the BPI reports that more than 700 related URLs, IP addresses, and proxy sites/ proxy aggregators have also been rendered inaccessible as part of the same action.

“Site blocking has proven to be a successful strategy as the longer the blocks are in place, the more effective they are. We have seen traffic to these sites reduce by an average of 70% or more,” the BPI reports.

While prosecutions against music pirates are a fairly rare event in the UK, the Crown Prosecution Service (CPS) Specialist Fraud Division highlights that their most significant prosecution of the past 12 months involved a prolific music uploader.

As first revealed here on TF, Wayne Evans was an uploader not only on KickassTorrents and The Pirate Bay, but also some of his own sites. Known online as OldSkoolScouse, Evans reportedly cost the UK’s Performing Rights Society more than £1m in a single year. He was sentenced in December 2016 to 12 months in prison.

While Evans has been free for some time already, the CPS places particular emphasis on the importance of the case, “since it provided sentencing guidance for the Copyright, Designs and Patents Act 1988, where before there was no definitive guideline.”

The CPS says the case was useful on a number of fronts. Despite illegal distribution of content being difficult to investigate and piracy losses proving tricky to quantify, the court found that deterrent sentences are appropriate for the kinds of offenses Evans was accused of.

The CPS notes that various factors affect the severity of such sentences, not least the length of time the unlawful activity has persisted and particularly if it has done so after the service of a cease and desist notice. Other factors include the profit made by defendants and/or the loss caused to copyright holders “so far as it can accurately be calculated.”

Importantly, however, the CPS says that beyond issues of personal mitigation and timely guilty pleas, a jail sentence is probably going to be the outcome for others engaging in this kind of activity in future. That’s something for torrent and streaming site operators and their content uploaders to consider.

“[U]nless the unlawful activity of this kind is very amateur, minor or short-lived, or in the absence of particularly compelling mitigation or other exceptional circumstances, an immediate custodial sentence is likely to be appropriate in cases of illegal distribution of copyright infringing articles,” the CPS concludes.

But while a music-related trial provided the highlight of the year for the CPS, the online infringement world is still dominated by the rise of streaming sites and the now omnipresent “fully-loaded Kodi Box” – set-top devices configured to receive copyright-infringing live TV and VOD.

In the IP Crime Report, the Intellectual Property Office references a former US Secretary of Defense to describe the emergence of the threat.

“The echoes of Donald Rumsfeld’s famous aphorism concerning ‘known knowns’ and ‘known unknowns’ reverberate across our landscape perhaps more than any other. The certainty we all share is that we must be ready to confront both ‘known unknowns’ and ‘unknown unknowns’,” the IPO writes.

“Not long ago illegal streaming through Kodi Boxes was an ‘unknown’. Now, this technology updates copyright infringement by empowering TV viewers with the technology they need to subvert copyright law at the flick of a remote control.”

While the set-top box threat has grown in recent times, the report highlights the important legal clarifications that emerged from the BREIN v Filmspeler case, which found itself before the European Court of Justice.

As widely reported, the ECJ determined that the selling of piracy-configured devices amounts to a communication to the public, something which renders their sale illegal. However, in a submission by PIPCU, the Police Intellectual Property Crime Unit, box sellers are said to cast a keen eye on the legal situation.

“Organised criminals, especially those in the UK who distribute set-top boxes, are aware of recent developments in the law and routinely exploit loopholes in it,” PIPCU reports.

“Given recent judgments on the sale of pre-programmed set-top boxes, it is now unlikely criminals would advertise the devices in a way which is clearly infringing by offering them pre-loaded or ‘fully loaded’ with apps and addons specifically designed to access subscription services for free.”

With sellers beginning to clean up their advertising, it seems likely that detection will become more difficult than when selling was considered a gray area. While that will present its own issues, PIPCU still sees problems on two fronts – a lack of clear legislation and a perception of support for ‘pirate’ devices among the public.

“There is no specific legislation currently in place for the prosecution of end users or sellers of set-top boxes. Indeed, the general public do not see the usage of these devices as potentially breaking the law,” the unit reports.

“PIPCU are currently having to try and ‘shoehorn’ existing legislation to fit the type of criminality being observed, such as conspiracy to defraud (common law) to tackle this problem. Cases are yet to be charged and results will be known by late 2017.”

Whether these prosecutions will be effective remains to be seen, but PIPCU’s comments suggest an air of caution set to a backdrop of box-sellers’ tendency to adapt to legal challenges.

“Due to the complexity of these cases it is difficult to substantiate charges under the Fraud Act (2006). PIPCU have convicted one person under the Serious Crime Act (2015) (encouraging or assisting s11 of the Fraud Act). However, this would not be applicable unless the suspect had made obvious attempts to encourage users to use the boxes to watch subscription only content,” PIPCU notes, adding;

“The selling community is close knit and adapts constantly to allow itself to operate in the gray area where current legislation is unclear and where they feel they can continue to sell ‘under the radar’.”

More generally, pirate sites as a whole are still seen as a threat. As reported last month, the current anti-piracy narrative is that pirate sites represent a danger to their users. As a result, efforts are underway to paint torrent and streaming sites as risky places to visit, with users allegedly exposed to malware and other malicious content. The scare strategy is supported by PIPCU.

“Unlike the purchase of counterfeit physical goods, consumers who buy unlicensed content online are not taking a risk. Faulty copyright doesn’t explode, burn or break. For this reason the message as to why the public should avoid copyright fraud needs to be re-focused.

“A more concerted attempt to push out a message relating to malware on pirate websites, the clear criminality and the links to organized crime of those behind the sites are crucial if public opinion is to be changed,” the unit advises.

But while the changing of attitudes is desirable for pro-copyright entities, PIPCU says that winning over the public may not prove to be an easy battle. It was given a small taste of backlash itself, after taking action against the operator of a pirate site.

“The scale of the problem regarding public opinion of online copyright crime is evidenced by our own experience. After PIPCU executed a warrant against the owner of a streaming website, a tweet about the event (read by 200,000 people) produced a reaction heavily weighted against PIPCU’s legitimate enforcement action,” PIPCU concludes.

In summary, it seems likely that more effort will be expended during the next 12 months to target the set-top box threat, but there doesn’t appear to be an abundance of confidence in existing legislation to tackle all but the most egregious offenders. That being said, a line has now been drawn in the sand – if the public is prepared to respect it.

The full IP Crime Report 2016-2017 is available here (pdf)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Private Torrent Site Legal Battle Heard By Court of Appeal

Post Syndicated from Andy original https://torrentfreak.com/private-torrent-site-legal-battle-heard-by-court-of-appeal-170908/

Founded way back in 2006, SwePiracy grew to become one of the most famous private torrent sites on the Swedish scene. Needless to say, it also became a target for anti-piracy outfits.

Six years after its debut and following an investigation by anti-piracy group Antipiratbyrån (now Rights Alliance), during 2012 police in Sweden and the Netherlands cooperated to shut down the site and arrest its operator.

In early 2016, more than four years on, SwePiracy’s then 25-year-old operator appeared in court to answer charges relating to the unlawful distribution of a sample 27 movies between March 2011 and February 2012. The prosecution demanded several years in prison and nearly $3.13 million (25 million kronor) in damages.

SwePiracy defense lawyer Per E. Samuelsson, who previously took part in The Pirate Bay trial, said the claims against his client were the most unreasonable he’d seen in his 35 years as a lawyer.

In October 2016, three weeks after the full trial, the Norrköping District Court handed down its decision. Given some of the big numbers being thrown around, the case seemed to turn out relatively well for the defendant.

While SwePiracy’s former operator was found guilty of copyright infringement, the prosecution’s demands for harsh punishment were largely pushed aside. A jail sentence was switched to probation plus community service, and the millions of dollars demanded in damages were reduced to ‘just’ $148,000, payable to movie outfit Nordisk Film. On top, $45,600 said to have been generated by SwePiracy was confiscated.

Almost immediately both sides announced an appeal, with the defendant demanding a more lenient sentence and the prosecution naturally leaning the other way. This week the case was heard at the Göta Court of Appeal, one of the six appellate courts in the Swedish system.

“We state that the District Court made an inaccurate assessment of the damages. So the damages claim remains at the same level as before,” Rights Alliance lawyer Henrik Pontén told Sweden’s IDG.

“There are two different approaches. We say that you have to pay for the entire license [for content when you infringe]. The District Court looked at how many times the movies were downloaded during the period.”

According to Pontén, the cost of such a license is hypothetical since there are no licenses available for distributing content through entities such as torrent sites, which have no mechanisms for control and no limits on sharing. That appears to have motivated the prosecution to demand a hefty price tag.

In addition to Rights Alliance wanting a better deal for their theoretical license, the official prosecutor also has issues with the amount of money that was confiscated from the platform.

“The operator has received donations to run the site. I have calculated how much money was received and the sum that the District Court awarded was almost half of my calculations,” Henrik Rasmusson told IDG.

Only time will tell how the Court of Appeal will rule but it’s worth noting that the decision could go either way or might even stand as it is now. In any event, this case has dragged on for far too long already and is unlikely to end positively for any of the parties involved.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Security Flaw in Estonian National ID Card

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/09/security_flaw_i.html

We have no idea how bad this really is:

On 30 August, an international team of researchers informed the Estonian Information System Authority (RIA) of a vulnerability potentially affecting the digital use of Estonian ID cards. The possible vulnerability affects a total of almost 750,000 ID-cards issued starting from October 2014, including cards issued to e-residents. The ID-cards issued before 16 October 2014 use a different chip and are not affected. Mobile-IDs are also not impacted.

My guess is that it’s worse than the politicians are saying:

According to Peterkop, the current data shows this risk to be theoretical and there is no evidence of anyone’s digital identity being misused. “All ID-card operations are still valid and we will take appropriate actions to secure the functioning of our national digital-ID infrastructure. For example, we have restricted the access to Estonian ID-card public key database to prevent illegal use.”

And because this system is so important in local politics, the effects are significant:

In the light of current events, some Estonian politicians called to postpone the upcoming local elections, due to take place on 16 October. In Estonia, approximately 35% of the voters use digital identity to vote online.

But the Estonian prime minister, Jüri Ratas, said at a press conference on 5 September that “this incident will not affect the course of the Estonian e-state.” Ratas also recommended to use Mobile-IDs where possible. The prime minister said that the State Electoral Office will decide whether it will allow the usage of ID cards at the upcoming local elections.

The Estonian Police and Border Guard estimates it will take approximately two months to fix the issue with faulty cards. The authority will involve as many Estonian experts as possible in the process.

This is exactly the sort of thing I worry about as ID systems become more prevalent and more centralized. Anyone want to place bets on whether a foreign country is going to try to hack the next Estonian election?

Another article.

State of MAC address randomization

Post Syndicated from Robert Graham original http://blog.erratasec.com/2017/09/state-of-mac-address-randomization.html

tldr: I went to DragonCon, a conference of 85,000 people, so sniff WiFi packets and test how many phones now uses MAC address randomization. Almost all iPhones nowadays do, but it seems only a third of Android phones do.

Ten years ago at BlackHat, we presented the “data seepage” problem, how the broadcasts from your devices allow you to be tracked. Among the things we highlighted was how WiFi probes looking to connect to access-points expose the unique hardware address burned into the phone, the MAC address. This hardware address is unique to your phone, shared by no other device in the world. Evildoers, such as the NSA or GRU, could install passive listening devices in airports and train-stations around the world in order to track your movements. This could be done with $25 devices sprinkled around a few thousand places — within the budget of not only a police state, but also the average hacker.

In 2014, with the release of iOS 8, Apple addressed this problem by randomizing the MAC address. Every time you restart your phone, it picks a new, random, hardware address for connecting to WiFi. This causes a few problems: every time you restart your iOS devices, your home network sees a completely new device, which can fill up your router’s connection table. Since that table usually has at least 100 entries, this shouldn’t be a problem for your home, but corporations and other owners of big networks saw their connection tables suddenly get big with iOS 8.

In 2015, Google added the feature to Android as well. However, even though most Android phones today support this feature in theory, it’s usually not enabled.

Recently, I went to DragonCon in order to test out how well this works. DragonCon is a huge sci-fi/fantasy conference in Atlanta in August, second to San Diego’s ComicCon in popularity. It’s spread across several neighboring hotels in the downtown area. A lot of the traffic funnels through the Marriot Marquis hotel, which has a large open area where, from above, you can see thousands of people at a time.

And, with a laptop, see their broadcast packets.

So I went up on a higher floor and setup my laptop in order to capture “probe” broadcasts coming from phones, in order to record the hardware MAC addresses. I’ve done this in years past, before address randomization, in order to record the popularity of iPhones. The first three bytes of an old-style, non-randomized address, identifies the manufacturer. This time, I should see a lot fewer manufacturer IDs, and mostly just random addresses instead.

I recorded 9,095 unique probes over a couple hours. I’m not sure exactly how long — my laptop would go to sleep occasionally because of lack of activity on the keyboard. I should probably setup a Raspberry Pi somewhere next year to get a more consistent result.

A quick summary of the results are:

The 9,000 devices were split almost evenly between Apple and Android. Almost all of the Apple devices randomized their addresses. About a third of the Android devices randomized. (This assumes Android only randomizes the final 3 bytes of the address, and that Apple randomizes all 6 bytes — my assumption may be wrong).

A table of the major results are below. A little explanation:

  • The first item in the table is the number of phones that randomized the full 6 bytes of the MAC address. I’m guessing these are either mostly or all Apple iOS devices. They are nearly half of the total, or 4498 out of 9095 unique probes.
  • The second number is those that randomized the final 3 bytes of the MAC address, but left the first three bytes identifying themselves as Android devices. I’m guessing this represents all the Android devices that randomize. My guesses may be wrong, maybe some Androids randomize the full 6 bytes, which would get them counted in the first number.
  • The following numbers are phones from major Android manufacturers like Motorola, LG, HTC, Huawei, OnePlus, ZTE. Remember: the first 3 bytes of an un-randomized address identifies who made it. There are roughly 2500 of these devices.
  • There is a count for 309 Apple devices. These are either older iOS devices pre iOS 8, or which have turned off the feature (some corporations demand this), or which are actually MacBooks instead of phones.
  • The vendor of the access-points that Marriot uses is “Ruckus”. There have a lot of access-points in the hotel.
  • The “TCT mobile” entry is actually BlackBerry. Apparently, BlackBerry stopped making phones and instead just licenses the software/brand to other hardware makers. If you buy a BlackBerry from the phone store, it’s likely going to be a TCT phone instead.
  • I’m assuming the “Amazon” devices are Kindle ebooks.
  • Lastly, I’d like to point out the two records for “Ford”. I was capturing while walking out of the building, I think I got a few cars driving by.

(random)  4498
(Android)  1562
Samsung  646
Motorola  579
Murata  505
LG  412
Apple  309
HTC-phone  226
Huawei  66
Ruckus  60
OnePlus Tec  40
ZTE  23
TCT mobile  20
Amazon Tech  19
Nintendo  17
Intel  14
Microsoft  9
-hp-  8
BLU Product  8
Kyocera  8
AsusTek  6
Yulong Comp  6
Lite-On  4
Sony Mobile  4
Z-COM, INC.  4
ARRIS Group  2
AzureWave  2
Barnes&Nobl  2
Canon  2
Ford Motor  2
Foxconn  2
Google, Inc  2
Motorola (W  2
Sonos, Inc.  2
SparkLAN Co  2
Wi2Wi, Inc  2
Xiaomi Comm  2
Alps Electr  1
Askey  1
BlackBerry  1
Chi Mei Com  1
Clover Netw  1
CNet Techno  1
eSSys Co.,L  1
GoPro  1
InPro Comm  1
JJPlus Corp  1
Private  1
Quanta  1
Raspberry P  1
Roku, Inc.  1
Sonim Techn  1
Texas Instr  1
TP-LINK TEC  1
Vizio, Inc  1

Police Confiscate 245 ‘Pirate’ Media Players

Post Syndicated from Ernesto original https://torrentfreak.com/police-confiscate-245-pirate-media-players-170829/

More and more people are starting to use “fully-loaded” set-top boxes to stream video content directly to their TVs.

Although the media players themselves can be used for perfectly legal means, third-party add-ons turn them into pirate machines, providing access to movies, TV-shows and IPTV channels.

Over the past several years, there has been little enforcement effort on this front. However, this changed earlier this year, when the European Court of Justice ruled that selling devices pre-configured to obtain copyright-infringing content is illegal.

The hardware can still be sold and media player software such as Kodi is legal too, but vendors who ship boxes with pirate add-ons could get a letter or visit from rightsholders. Dutch anti-piracy outfit BREIN is particularly active on this front and has convinced hundreds of sellers to clean up shop.

One of these vendors, located in The Hague, recently promised that it would stop offering these boxes. However, BREIN discovered that while the pirate media players disappeared from the online store, they were still sold in the bricks-and-mortar store.

The anti-piracy group obviously wasn’t happy with this and reported the shop owner to the local police, who went in and confiscated 245 “pirate” media players a few days ago.

“We summoned this merchant to stop but, despite his promise to do so, he continued. We have therefore reported it to the police. These players cause great damage because people no longer pay for the movies and series they watch,” BREIN director Tim Kuik says.

It is now up to the authorities to determine if any further action is needed. BREIN expects that the prosecutor’s office will try to settle the case with a fine, but if the vendor refuses to pay it may also lead to a prosecution. At the same time, BREIN also has the option to file a civil case.

Although BREIN’s actions usually don’t result in criminal prosecutions, the anti-piracy group continues to pressure people who are involved in selling and developing these platforms. Ultimately, they hope that this will deter others from getting involved.

Earlier this year the Motion Picture Association described pirate media players as a major threat, dubbing them “Piracy 3.0.” While this threat is far from over, it has definitely become riskier for people to get involved in developing and selling these boxes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Entire Kim Dotcom Spying Operation Was Illegal, High Court Rules

Post Syndicated from Andy original https://torrentfreak.com/entire-kim-dotcom-spying-operation-was-illegal-high-court-rules-170825/

In the months that preceded the January 2012 raid on file-storage site Megaupload, authorities in New Zealand used the Government Communications Security Bureau (GCSB) spy agency to monitor Kim and Mona Dotcom, plus Megaupload co-defendant Bram van der Kolk.

When this fact was revealed it developed into a crisis. The GCSB was forbidden by law from conducting surveillance on its own citizens or permanent residents in the country, which led to former Prime Minister John Key later apologizing for the error.

With Dotcom determined to uncover the truth, the entrepreneur launched legal action in pursuit of the information illegally obtained by GCSB and to obtain compensation. In July, the High Court determined that Dotcom wouldn’t get access to the information but it also revealed that the scope of the spying went on much longer than previously admitted, a fact later confirmed by the police.

This raised the specter that not only did the GCSB continue to spy on Dotcom after it knew it was acting illegally, but that an earlier affidavit from a GCSB staff member was suspect.

With the saga continuing to drag on, revelations published in New Zealand this morning indicate that not only was the spying on Dotcom illegal, the entire spying operation – which included his Megaupload co-defendants – was too.

The reports are based on documents released by Lawyer Peter Spring, who is acting for Bram van der Kolk and Mathias Ortmann. Spring says that the High Court decision, which dates back to December but has only just been made available, shows that “the whole surveillance operation fell outside the authorization of the GCSB legislation as it was at the relevant time”.

Since Dotcom is a permanent resident of New Zealand, it’s long been established that the GCSB acted illegally when it spied on him. As foreigners, however, Megaupload co-defendants Finn Batato and Mathias Ortmann were previously considered valid surveillance targets.

It now transpires that the GCSB wasn’t prepared to mount a defense or reveal its methods concerning their surveillance, something which boosted the case against it.

“The circumstances of the interceptions of Messrs Ortmann and Batato’s communications are Top Secret and it has not proved possible to plead to the allegations the plaintiffs have made without revealing information which would jeopardize the national security of New Zealand,” the Court documents read.

“As a result the GCSB is deemed to have admitted the allegations in the statement of claim which relate to the manner in which the interceptions were effected.”

Speaking with RadioNZ, Grant Illingworth, a lawyer representing Ortmann and van der Kolk, said the decision calls the entire GCSB operation into doubt.

“The GCSB has now admitted that the unlawfulness was not just dependent upon residency issues, it went further. The reason it went further was because it didn’t have authorization to carry out the kind of surveillance that it was carrying out under the legislation, as it was at that time,” Illingworth said.

In comments to NZHerald, Illingworth added that the decision meant that the damages case for Ortmann and van der Kolk had come to an end. He refused to respond to questions of whether damages had been paid or a settlement reached.

He did indicate, however, that there could be implications for the battle underway to have Dotcom, Batato, Ortmann and van der Kolk extradited to the United States.

“If there was illegality in the arrest and search phase and that illegality has not previously been made known in the extradition context then it could be relevant to the extradition,” Illingworth said.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Your Personal Bodycam

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/08/your_personal_b.html

Shonin is a personal bodycam up on Kickstarter.

There are a lot of complicated issues surrounding bodycams — for example, it’s obvious that police bodycams reduce violence — but the one thing everyone is certain about is that they will proliferate. I’m not sure society is fully ready for the ramifications of this level of recording.

Police Intellectual Property Crime Unit Secures Funding Until 2019

Post Syndicated from Andy original https://torrentfreak.com/police-intellectual-property-crime-unit-secures-funding-until-2019-170823/

When compared to the wide range of offenses usually handled by the police, copyright infringement is a relatively rare offense.

Historically most connected to physical counterfeiting, in recent years infringement has regularly featured a significant online component.

Formed four years ago and run by the City of London Police, the Police Intellectual Property Crime Unit (PIPCU) has a mission to tackle IP crime wherever it may take place but with a special online focus. It is tightly linked to the music, movie, and publishing industries so can most often be viewed protecting their products from infringement.

PIPCU announced its arrival in the summer of 2013 and officially launched a few months later in December 2013, complete with £2.56million in funding from the UK government’s Intellectual Property Office (IPO). However, the unit had been already in operation for some time, writing warning letters to torrent and streaming site advising them to shut down – or else.

PIPCU’s initial funding secured the future of the unit until June 2015 but in October 2014, well in advance of that deadline, PIPCU secured another £3m from the IPO to fund the unit to September 2017.

Having received £5.56 million in public funds over three years, PIPCU needed to show some bang for its buck. As a result, the unit publicised numerous actions including streaming arrests, attempted domain seizures, torrent site closures and advertising disruptions. PIPCU also shut down several sports streaming and ebook sites plus a large number of proxies

With August 2017 already upon us, PIPCU should be officially out of funds in a month’s time but according to the Law Gazette, the unit is going nowhere.

An Intellectual Property Office (IPO) spokesperson told the publication that PIPCU has received £3.32m in additional funding from the government which runs from July 1, 2017, to June 30, 2019 – the unit’s sixth anniversary.

Much of PIPCU’s more recent activity appears to have been focused in two key areas, both operated under its ‘Operation Creative’ banner. The first concerns PIPCU’s Infringing Website List, which aims to deter advertisers from inadvertently finding ‘pirate’ sites.

Earlier this year, PIPCU claimed success after revealing a 64% drop in “mainstream advertising” revenue on 200 unauthorized platforms between January 2016 and January 2017. More recently, PIPCU revealed that gambling advertising, which is often seen on ‘pirate’ platforms, had reduced by 87% on IWL sites over the previous 12 months.

Finally, PIPCU has been taking action alongside local police forces, FACT, Sky, Virgin, BT, and The Premier League, against suppliers of so-called ‘fully loaded’ set-top boxes, many featuring Kodi bundled with illicit third party addons. However, after a fairly sustained initial flurry, the last publicized operation was in February 2017.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

iOS 11 Allows Users to Disable Touch ID

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/08/ios_11_allows_u.html

A new feature in Apple’s new iPhone operating system — iOS 11 — will allow users to quickly disable Touch ID.

A new setting, designed to automate emergency services calls, lets iPhone users tap the power button quickly five times to call 911. This doesn’t automatically dial the emergency services by default, but it brings up the option to and also temporarily disables Touch ID until you enter a passcode.

This is useful in situations where the police cannot compel you to divulge your password, but can compel you to press your finger on the reader.

Do the Police Need a Search Warrant to Access Cell Phone Location Data?

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/08/do_the_police_n.html

The US Supreme Court is deciding a case that will establish whether the police need a warrant to access cell phone location data. This week I signed on to an amicus brief from a wide array of security technologists outlining the technical arguments as why the answer should be yes. Susan Landau summarized our arguments.

A bunch of tech companies also submitted a brief.

Game of Thrones Pirates Arrested For Leaking Episode Early

Post Syndicated from Andy original https://torrentfreak.com/game-of-thrones-pirates-arrested-for-leaking-episode-early-170814/

Over the past several years, Game of Thrones has become synonymous with fantastic drama and story telling on the one hand, and Internet piracy on the other. It’s the most pirated TV show in history, hands down.

With the new season well underway, another GoT drama began to unfold early August when the then-unaired episode “The Spoils of War” began to circulate on various file-sharing and streaming sites. The leak only trumped the official release by a few days, but that didn’t stop people downloading in droves.

As previously reported, the leaked episode stated that it was “For Internal Viewing Only” at the top of the screen and on the bottom right sported a “Star India Pvt Ltd” watermark. The company commented shortly after.

“We take this breach very seriously and have immediately initiated forensic investigations at our and the technology partner’s end to swiftly determine the cause. This is a grave issue and we are taking appropriate legal remedial action,” a spokesperson said.

Now, just ten days later, that investigation has already netted its first victims. Four people have reportedly been arrested in India for leaking the episode before it aired.

“We investigated the case and have arrested four individuals for unauthorized publication of the fourth episode from season seven,” Deputy Commissioner of Police Akbar Pathan told AFP.

The report indicates that a complaint was filed by a Mumbai-based company that was responsible for storing and processing the TV episodes for an app. It has been named locally as Prime Focus Technologies, which markets itself as a Netflix “Preferred Vendor”.

It’s claimed that at least some of the men had access to login credentials for Game of Thrones episodes which were then abused for the purposes of leaking.

Local media identified the men as Bhaskar Joshi, Alok Sharma and Abhishek Ghadiyal, who were employed by Prime Focus, and Mohamad Suhail, a former employee, who was responsible for leaking the episode onto the Internet.

All of the men were based in Bangalore and were interrogated “throughout the night” at their workplace on August 11. Star India welcomed the arrests and thanked the authorities for their swift action.

“We are deeply grateful to the police for their swift and prompt action. We believe that valuable intellectual property is a critical part of the development of the creative industry and strict enforcement of the law is essential to protecting it,” the company said in a statement.

“We at Star India and Novi Digital Entertainment Private Limited stand committed and ready to help the law enforcement agencies with any technical assistance and help they may require in taking the investigation to its logical conclusion.”

The men will be held in custody until August 21 while investigations continue.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Usenet Pirate Pays €4,800 ‘Fine’ After Being Exposed by Provider

Post Syndicated from Ernesto original https://torrentfreak.com/usenet-pirate-pays-e4800-fine-after-being-exposed-by-provider-170811/

Dutch anti-piracy outfit BREIN has been very active over the past several years, targeting uploaders on various sharing sites and services.

They cast their net wide and have gone after torrent users, Facebook groups, YouTube pirates and Usenet uploaders as well.

To pinpoint the latter group, BREIN contacts Usenet providers asking them to reveal the identity of a suspected user. This is also what happened in a case involving a former customer of Eweka.

The person in question, known under the alias ‘Badfan69,’ was accused of uploading 9,538 infringing works to Usenet, mostly older titles. After Eweka handed over his home address, BREIN reached out to him and negotiated a settlement.

The 44-year-old man has now agreed to pay a settlement of €4,800. If he continues to upload infringing content he will face an additional penalty of €2,000 per day, to a maximum of €50,000.

The case is an important victory for BREIN, not just because of the money.

When the anti-piracy group reached out to Usenet provider Eweka, the company initially refused to hand over any personal details. The Usenet provider argued that it’s a neutral intermediary that would rather not perform the role of piracy police. Instead, it wanted the court to decide whether the request was legitimate.

This resulted in a legal dispute where, earlier this year, a local court sided with BREIN. The Court stressed that in these type of copyright infringement cases, the Usenet provider is required to hand over the requested details.

Under Dutch law, ISPs can be obliged to hand over the personal details of their customers if the infringing activity is plausible and the damaged party has a legitimate interest. Importantly, the legal case clarified that this generally doesn’t require an intervention from the court.

“Providers must decide on a motivated request for the handover of a user’s address, based on their own consideration. A refusal to provide the information must be motivated, otherwise, it will be illegal and the provider will be charged for the costs,” BREIN notes.

While these Usenet cases are relatively rare, BREIN and other parties in the Netherlands, such as Dutch Filmworks, are also planning to go after large groups of torrent users. With the Usenet decision in hand, BREIN may want to argue that regular ISPs must also expose pirating users, without an intervention of the court.

This is not going to happen easily though. Several ISPs, most prominently Ziggo, announced that they would not voluntarily cooperate and are likely to fight out these requests in court to get a solid ‘torrent’ precedent.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.