Tag Archives: theft

Canada Remains a “Safe Haven” for Online Piracy, Rightsholders Claim

Post Syndicated from Ernesto original https://torrentfreak.com/canada-remains-a-safe-haven-for-online-piracy-rightsholders-claim-170214/

canada-pirateThe International Intellectual Property Alliance (IIPA) has released its latest 301 ‘watch list’ submission to the U.S. Government.

The IIPA, which includes a wide range of copyright groups including the MPAA, RIAA, and ESA, has listed its complaints against a whole host of countries. As in previous years, Canada is discussed in detail with the recommendation to put it on the 2017 Special 301 ‘watch list.’

One of the main criticisms is that, despite having been called out repeatedly in the past, the country still offers a home to many pirate sites.

“For a number of years, extending well into the current decade, Canada had a well-deserved reputation as a safe haven for some of the most massive and flagrant Internet sites dedicated to the online theft of copyright material,” IIPA writes.

The group notes that some progress has been made. For example, last year the Canadian authorities actively helped to shut down the popular torrent site KickassTorrents, which was partly hosted there. However, the rightsholders say that there’s more work to be done.

“Nonetheless, major online piracy operations still find a home in Canada. These include leading BitTorrent sites such as Sumotorrent.sx and Seedpeer.eu, and hybrid cloud storage services utilizing BitTorrents, such as cloudload.com.”

Another disturbing development, according to IIPA, is the emergence of stand-alone BitTorrent applications that allow users to stream content directly through an attractive and user-friendly interface, hinting at Popcorn Time.

In addition to the traditional pirate sites that remain in Canada, IIPA reports that several websites offering modified game console gear have also moved there in an attempt to escape liability under U.S. law.

“In a growing and problematic trend, sites selling circumvention devices that have been subject to DMCA takedown notices from right holders in the U.S. are moving to Canadian ISPs for hosting, to evade enforcement action under U.S. law. Canadian hosting services such as Hawk Host and Crocweb are particularly popular with such sites.”

The group specifically highlights R4cardmontreal.com, gamersection.ca and r4dscanada.com among the offenders, and notes that “This trend breathes new life into Canada’s problematic ‘safe haven’ reputation.”

The recommendation continues by stressing that Canada’s legal regime fails to deal with online piracy in a proper manner. This is also true for the “notice and notice” legislation that was adopted two years ago, which requires ISPs to forward copyright infringement notices to pirating subscribers.

IIPA notes that there is no evidence that this initiative has resulted in a significant change in consumer behavior, in part because there are no punishments involved for frequent offenders.

“…simply notifying ISP subscribers that their infringing activity has been detected is ineffective in deterring illegal activity, because receiving the notices lacks any meaningful consequences under the Canadian system,” IIPA writes.

This is even worse for hosting providers and other Internet services, who currently have no legal incentive to take infringing material down, IIPA argues.

“The ‘notice-and-takedown’ remedy that most other modern copyright laws provide is far from a panacea for online piracy, but it does, at a minimum, provide some incentives for cooperation, incentives that Canada’s laws simply lack.”

In addition, IIPA notes that a broad range of third-party services such as advertisers, payment processors, and domain name registrars are all too often abused to facilitate piracy. They believe that this is in part because Canadian law doesn’t offer enough “motivation” for these companies to cooperate.

The rightsholders hope that the U.S. Government can help to steer Canada in another direction and encourage more and better anti-piracy regulation. If not, they fear that Canada will remain a safe haven for pirates during the years to come.

IIPA’s full submission, which highlights a variety of countries which deserve a spot on the 301 Watch Lists per IIPA’s standards, is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Survey Data on Americans and Cybersecurity

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/02/survey_data_on_.html

Pew Research just published their latest research data on Americans and their views on cybersecurity:

This survey finds that a majority of Americans have directly experienced some form of data theft or fraud, that a sizeable share of the public thinks that their personal data have become less secure in recent years, and that many lack confidence in various institutions to keep their personal data safe from misuse. In addition, many Americans are failing to follow digital security best practices in their own personal lives, and a substantial majority expects that major cyberattacks will be a fact of life in the future.

Here’s the full report.

Movie Cammer & Prolific Uploader Receives Community Sentence

Post Syndicated from Andy original https://torrentfreak.com/movie-cammer-prolific-uploader-receives-community-sentence-170207/

When movies quickly become available online following their theatrical release, it’s likely that a copy has been recorded in a cinema. A wide range of cloaking techniques are used but in basic terms, someone points a camera at the screen and hits record.

The copies subsequently made available vary in quality, from passable to absolutely terrible. Nevertheless, so-called ‘cam’ copies of movies maintain their popularity online, and their existence is often referenced as the most damaging form of movie piracy.

As a result, copyright holders work hard to crack down on so-called ‘cammers,’ with two of the riskiest places being the United States and the United Kingdom. Cases rarely end well for defendants, with custodial sentences often the outcome. However, it doesn’t always go that way.

Back in September 2015, copies of American Ultra and Maze Runner: The Scorch Trials were recorded in Cineworld Cinema in Nottingham on their day of release and subsequently uploaded to the Internet.

Following a joint operation between EMSOU (the East Midlands Special Operations Unit), FACT (the Federation Against Copyright Theft) and the FCPA (Film Content Protection Agency), investigators found their way to then 33-year-old Shaun Patrick Forry.

Officers from the Government Agency Intelligence Network Disruption Team and EMSOU executed search warrants in the Hinkley area, with laptops and other equipment taken away for examination. FACT operatives were also in attendance.

Forry was arrested on suspicion of recording both movies and uploading them to the Internet. He was questioned and bailed pending further inquiries. The investigation later revealed that Forry had distributed more than 670 films online since August 2013, some of them while on police bail.

He subsequently pleaded guilty to two counts of possession of articles for use in fraud and one count of distributing copyrighted films. Previously, an individual who uploaded Fast & Furious 6 to the Internet received a 33-month jail sentence, but in this case the defendant got off relatively lightly.

According to a report from local police, Forry was sentenced yesterday at Nottingham Crown Court. He received an 18-month community order and was told to complete 150 hours unpaid work. But despite the relative slap on the wrist, the Film Content Protection Agency insist this was a serious case.

“This is a highly significant case concerning the illegal recording of films belonging to two UK film distributors, followed by the release of those films online,” says Simon Brown, Director of the FCPA.

“Over 90% of pirated films originate from a copy recorded during a public performance in cinemas worldwide, so it’s vital that offenders like Mr. Forry are identified and arrested promptly to prevent further damage to our film industry.

“Piracy not only costs the film industry millions of pounds but can also affect thousands of jobs, so we welcome this conviction. We thank the East Midlands GAIN for their diligent assistance in this case.”

It’s likely that moving forward we’ll hear quite a bit more about the Film Content Protection Agency. While historical camming cases were usually handled by the Federation Against Copyright Theft, a new FCPA unit formed in October 2016 will now spearhead anti-camming activity in the UK.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Security and the Internet of Things

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/02/security_and_th.html

Last year, on October 21, your digital video recorder ­- or at least a DVR like yours ­- knocked Twitter off the internet. Someone used your DVR, along with millions of insecure webcams, routers, and other connected devices, to launch an attack that started a chain reaction, resulting in Twitter, Reddit, Netflix, and many sites going off the internet. You probably didn’t realize that your DVR had that kind of power. But it does.

All computers are hackable. This has as much to do with the computer market as it does with the technologies. We prefer our software full of features and inexpensive, at the expense of security and reliability. That your computer can affect the security of Twitter is a market failure. The industry is filled with market failures that, until now, have been largely ignorable. As computers continue to permeate our homes, cars, businesses, these market failures will no longer be tolerable. Our only solution will be regulation, and that regulation will be foisted on us by a government desperate to “do something” in the face of disaster.

In this article I want to outline the problems, both technical and political, and point to some regulatory solutions. Regulation might be a dirty word in today’s political climate, but security is the exception to our small-government bias. And as the threats posed by computers become greater and more catastrophic, regulation will be inevitable. So now’s the time to start thinking about it.

We also need to reverse the trend to connect everything to the internet. And if we risk harm and even death, we need to think twice about what we connect and what we deliberately leave uncomputerized.

If we get this wrong, the computer industry will look like the pharmaceutical industry, or the aircraft industry. But if we get this right, we can maintain the innovative environment of the internet that has given us so much.

**********

We no longer have things with computers embedded in them. We have computers with things attached to them.

Your modern refrigerator is a computer that keeps things cold. Your oven, similarly, is a computer that makes things hot. An ATM is a computer with money inside. Your car is no longer a mechanical device with some computers inside; it’s a computer with four wheels and an engine. Actually, it’s a distributed system of over 100 computers with four wheels and an engine. And, of course, your phones became full-power general-purpose computers in 2007, when the iPhone was introduced.

We wear computers: fitness trackers and computer-enabled medical devices ­- and, of course, we carry our smartphones everywhere. Our homes have smart thermostats, smart appliances, smart door locks, even smart light bulbs. At work, many of those same smart devices are networked together with CCTV cameras, sensors that detect customer movements, and everything else. Cities are starting to embed smart sensors in roads, streetlights, and sidewalk squares, also smart energy grids and smart transportation networks. A nuclear power plant is really just a computer that produces electricity, and ­- like everything else we’ve just listed -­ it’s on the internet.

The internet is no longer a web that we connect to. Instead, it’s a computerized, networked, and interconnected world that we live in. This is the future, and what we’re calling the Internet of Things.

Broadly speaking, the Internet of Things has three parts. There are the sensors that collect data about us and our environment: smart thermostats, street and highway sensors, and those ubiquitous smartphones with their motion sensors and GPS location receivers. Then there are the “smarts” that figure out what the data means and what to do about it. This includes all the computer processors on these devices and ­- increasingly ­- in the cloud, as well as the memory that stores all of this information. And finally, there are the actuators that affect our environment. The point of a smart thermostat isn’t to record the temperature; it’s to control the furnace and the air conditioner. Driverless cars collect data about the road and the environment to steer themselves safely to their destinations.

You can think of the sensors as the eyes and ears of the internet. You can think of the actuators as the hands and feet of the internet. And you can think of the stuff in the middle as the brain. We are building an internet that senses, thinks, and acts.

This is the classic definition of a robot. We’re building a world-size robot, and we don’t even realize it.

To be sure, it’s not a robot in the classical sense. We think of robots as discrete autonomous entities, with sensors, brain, and actuators all together in a metal shell. The world-size robot is distributed. It doesn’t have a singular body, and parts of it are controlled in different ways by different people. It doesn’t have a central brain, and it has nothing even remotely resembling a consciousness. It doesn’t have a single goal or focus. It’s not even something we deliberately designed. It’s something we have inadvertently built out of the everyday objects we live with and take for granted. It is the extension of our computers and networks into the real world.

This world-size robot is actually more than the Internet of Things. It’s a combination of several decades-old computing trends: mobile computing, cloud computing, always-on computing, huge databases of personal information, the Internet of Things ­- or, more precisely, cyber-physical systems ­- autonomy, and artificial intelligence. And while it’s still not very smart, it’ll get smarter. It’ll get more powerful and more capable through all the interconnections we’re building.

It’ll also get much more dangerous.

**********

Computer security has been around for almost as long as computers have been. And while it’s true that security wasn’t part of the design of the original internet, it’s something we have been trying to achieve since its beginning.

I have been working in computer security for over 30 years: first in cryptography, then more generally in computer and network security, and now in general security technology. I have watched computers become ubiquitous, and have seen firsthand the problems ­- and solutions ­- of securing these complex machines and systems. I’m telling you all this because what used to be a specialized area of expertise now affects everything. Computer security is now everything security. There’s one critical difference, though: The threats have become greater.

Traditionally, computer security is divided into three categories: confidentiality, integrity, and availability. For the most part, our security concerns have largely centered around confidentiality. We’re concerned about our data and who has access to it ­- the world of privacy and surveillance, of data theft and misuse.

But threats come in many forms. Availability threats: computer viruses that delete our data, or ransomware that encrypts our data and demands payment for the unlock key. Integrity threats: hackers who can manipulate data entries can do things ranging from changing grades in a class to changing the amount of money in bank accounts. Some of these threats are pretty bad. Hospitals have paid tens of thousands of dollars to criminals whose ransomware encrypted critical medical files. JPMorgan Chase spends half a billion on cybersecurity a year.

Today, the integrity and availability threats are much worse than the confidentiality threats. Once computers start affecting the world in a direct and physical manner, there are real risks to life and property. There is a fundamental difference between crashing your computer and losing your spreadsheet data, and crashing your pacemaker and losing your life. This isn’t hyperbole; recently researchers found serious security vulnerabilities in St. Jude Medical’s implantable heart devices. Give the internet hands and feet, and it will have the ability to punch and kick.

Take a concrete example: modern cars, those computers on wheels. The steering wheel no longer turns the axles, nor does the accelerator pedal change the speed. Every move you make in a car is processed by a computer, which does the actual controlling. A central computer controls the dashboard. There’s another in the radio. The engine has 20 or so computers. These are all networked, and increasingly autonomous.

Now, let’s start listing the security threats. We don’t want car navigation systems to be used for mass surveillance, or the microphone for mass eavesdropping. We might want it to be used to determine a car’s location in the event of a 911 call, and possibly to collect information about highway congestion. We don’t want people to hack their own cars to bypass emissions-control limitations. We don’t want manufacturers or dealers to be able to do that, either, as Volkswagen did for years. We can imagine wanting to give police the ability to remotely and safely disable a moving car; that would make high-speed chases a thing of the past. But we definitely don’t want hackers to be able to do that. We definitely don’t want them disabling the brakes in every car without warning, at speed. As we make the transition from driver-controlled cars to cars with various driver-assist capabilities to fully driverless cars, we don’t want any of those critical components subverted. We don’t want someone to be able to accidentally crash your car, let alone do it on purpose. And equally, we don’t want them to be able to manipulate the navigation software to change your route, or the door-lock controls to prevent you from opening the door. I could go on.

That’s a lot of different security requirements, and the effects of getting them wrong range from illegal surveillance to extortion by ransomware to mass death.

**********

Our computers and smartphones are as secure as they are because companies like Microsoft, Apple, and Google spend a lot of time testing their code before it’s released, and quickly patch vulnerabilities when they’re discovered. Those companies can support large, dedicated teams because those companies make a huge amount of money, either directly or indirectly, from their software ­ and, in part, compete on its security. Unfortunately, this isn’t true of embedded systems like digital video recorders or home routers. Those systems are sold at a much lower margin, and are often built by offshore third parties. The companies involved simply don’t have the expertise to make them secure.

At a recent hacker conference, a security researcher analyzed 30 home routers and was able to break into half of them, including some of the most popular and common brands. The denial-of-service attacks that forced popular websites like Reddit and Twitter off the internet last October were enabled by vulnerabilities in devices like webcams and digital video recorders. In August, two security researchers demonstrated a ransomware attack on a smart thermostat.

Even worse, most of these devices don’t have any way to be patched. Companies like Microsoft and Apple continuously deliver security patches to your computers. Some home routers are technically patchable, but in a complicated way that only an expert would attempt. And the only way for you to update the firmware in your hackable DVR is to throw it away and buy a new one.

The market can’t fix this because neither the buyer nor the seller cares. The owners of the webcams and DVRs used in the denial-of-service attacks don’t care. Their devices were cheap to buy, they still work, and they don’t know any of the victims of the attacks. The sellers of those devices don’t care: They’re now selling newer and better models, and the original buyers only cared about price and features. There is no market solution, because the insecurity is what economists call an externality: It’s an effect of the purchasing decision that affects other people. Think of it kind of like invisible pollution.

**********

Security is an arms race between attacker and defender. Technology perturbs that arms race by changing the balance between attacker and defender. Understanding how this arms race has unfolded on the internet is essential to understanding why the world-size robot we’re building is so insecure, and how we might secure it. To that end, I have five truisms, born from what we’ve already learned about computer and internet security. They will soon affect the security arms race everywhere.

Truism No. 1: On the internet, attack is easier than defense.

There are many reasons for this, but the most important is the complexity of these systems. More complexity means more people involved, more parts, more interactions, more mistakes in the design and development process, more of everything where hidden insecurities can be found. Computer-security experts like to speak about the attack surface of a system: all the possible points an attacker might target and that must be secured. A complex system means a large attack surface. The defender has to secure the entire attack surface. The attacker just has to find one vulnerability ­- one unsecured avenue for attack -­ and gets to choose how and when to attack. It’s simply not a fair battle.

There are other, more general, reasons why attack is easier than defense. Attackers have a natural agility that defenders often lack. They don’t have to worry about laws, and often not about morals or ethics. They don’t have a bureaucracy to contend with, and can more quickly make use of technical innovations. Attackers also have a first-mover advantage. As a society, we’re generally terrible at proactive security; we rarely take preventive security measures until an attack actually happens. So more advantages go to the attacker.

Truism No. 2: Most software is poorly written and insecure.

If complexity isn’t enough, we compound the problem by producing lousy software. Well-written software, like the kind found in airplane avionics, is both expensive and time-consuming to produce. We don’t want that. For the most part, poorly written software has been good enough. We’d all rather live with buggy software than pay the prices good software would require. We don’t mind if our games crash regularly, or our business applications act weird once in a while. Because software has been largely benign, it hasn’t mattered. This has permeated the industry at all levels. At universities, we don’t teach how to code well. Companies don’t reward quality code in the same way they reward fast and cheap. And we consumers don’t demand it.

But poorly written software is riddled with bugs, sometimes as many as one per 1,000 lines of code. Some of them are inherent in the complexity of the software, but most are programming mistakes. Not all bugs are vulnerabilities, but some are.

Truism No. 3: Connecting everything to each other via the internet will expose new vulnerabilities.

The more we network things together, the more vulnerabilities on one thing will affect other things. On October 21, vulnerabilities in a wide variety of embedded devices were all harnessed together to create what hackers call a botnet. This botnet was used to launch a distributed denial-of-service attack against a company called Dyn. Dyn provided a critical internet function for many major internet sites. So when Dyn went down, so did all those popular websites.

These chains of vulnerabilities are everywhere. In 2012, journalist Mat Honan suffered a massive personal hack because of one of them. A vulnerability in his Amazon account allowed hackers to get into his Apple account, which allowed them to get into his Gmail account. And in 2013, the Target Corporation was hacked by someone stealing credentials from its HVAC contractor.

Vulnerabilities like these are particularly hard to fix, because no one system might actually be at fault. It might be the insecure interaction of two individually secure systems.

Truism No. 4: Everybody has to stop the best attackers in the world.

One of the most powerful properties of the internet is that it allows things to scale. This is true for our ability to access data or control systems or do any of the cool things we use the internet for, but it’s also true for attacks. In general, fewer attackers can do more damage because of better technology. It’s not just that these modern attackers are more efficient, it’s that the internet allows attacks to scale to a degree impossible without computers and networks.

This is fundamentally different from what we’re used to. When securing my home against burglars, I am only worried about the burglars who live close enough to my home to consider robbing me. The internet is different. When I think about the security of my network, I have to be concerned about the best attacker possible, because he’s the one who’s going to create the attack tool that everyone else will use. The attacker that discovered the vulnerability used to attack Dyn released the code to the world, and within a week there were a dozen attack tools using it.

Truism No. 5: Laws inhibit security research.

The Digital Millennium Copyright Act is a terrible law that fails at its purpose of preventing widespread piracy of movies and music. To make matters worse, it contains a provision that has critical side effects. According to the law, it is a crime to bypass security mechanisms that protect copyrighted work, even if that bypassing would otherwise be legal. Since all software can be copyrighted, it is arguably illegal to do security research on these devices and to publish the result.

Although the exact contours of the law are arguable, many companies are using this provision of the DMCA to threaten researchers who expose vulnerabilities in their embedded systems. This instills fear in researchers, and has a chilling effect on research, which means two things: (1) Vendors of these devices are more likely to leave them insecure, because no one will notice and they won’t be penalized in the market, and (2) security engineers don’t learn how to do security better.
Unfortunately, companies generally like the DMCA. The provisions against reverse-engineering spare them the embarrassment of having their shoddy security exposed. It also allows them to build proprietary systems that lock out competition. (This is an important one. Right now, your toaster cannot force you to only buy a particular brand of bread. But because of this law and an embedded computer, your Keurig coffee maker can force you to buy a particular brand of coffee.)

**********
In general, there are two basic paradigms of security. We can either try to secure something well the first time, or we can make our security agile. The first paradigm comes from the world of dangerous things: from planes, medical devices, buildings. It’s the paradigm that gives us secure design and secure engineering, security testing and certifications, professional licensing, detailed preplanning and complex government approvals, and long times-to-market. It’s security for a world where getting it right is paramount because getting it wrong means people dying.

The second paradigm comes from the fast-moving and heretofore largely benign world of software. In this paradigm, we have rapid prototyping, on-the-fly updates, and continual improvement. In this paradigm, new vulnerabilities are discovered all the time and security disasters regularly happen. Here, we stress survivability, recoverability, mitigation, adaptability, and muddling through. This is security for a world where getting it wrong is okay, as long as you can respond fast enough.

These two worlds are colliding. They’re colliding in our cars -­ literally -­ in our medical devices, our building control systems, our traffic control systems, and our voting machines. And although these paradigms are wildly different and largely incompatible, we need to figure out how to make them work together.

So far, we haven’t done very well. We still largely rely on the first paradigm for the dangerous computers in cars, airplanes, and medical devices. As a result, there are medical systems that can’t have security patches installed because that would invalidate their government approval. In 2015, Chrysler recalled 1.4 million cars to fix a software vulnerability. In September 2016, Tesla remotely sent a security patch to all of its Model S cars overnight. Tesla sure sounds like it’s doing things right, but what vulnerabilities does this remote patch feature open up?

**********
Until now we’ve largely left computer security to the market. Because the computer and network products we buy and use are so lousy, an enormous after-market industry in computer security has emerged. Governments, companies, and people buy the security they think they need to secure themselves. We’ve muddled through well enough, but the market failures inherent in trying to secure this world-size robot will soon become too big to ignore.

Markets alone can’t solve our security problems. Markets are motivated by profit and short-term goals at the expense of society. They can’t solve collective-action problems. They won’t be able to deal with economic externalities, like the vulnerabilities in DVRs that resulted in Twitter going offline. And we need a counterbalancing force to corporate power.

This all points to policy. While the details of any computer-security system are technical, getting the technologies broadly deployed is a problem that spans law, economics, psychology, and sociology. And getting the policy right is just as important as getting the technology right because, for internet security to work, law and technology have to work together. This is probably the most important lesson of Edward Snowden’s NSA disclosures. We already knew that technology can subvert law. Snowden demonstrated that law can also subvert technology. Both fail unless each work. It’s not enough to just let technology do its thing.

Any policy changes to secure this world-size robot will mean significant government regulation. I know it’s a sullied concept in today’s world, but I don’t see any other possible solution. It’s going to be especially difficult on the internet, where its permissionless nature is one of the best things about it and the underpinning of its most world-changing innovations. But I don’t see how that can continue when the internet can affect the world in a direct and physical manner.

**********

I have a proposal: a new government regulatory agency. Before dismissing it out of hand, please hear me out.

We have a practical problem when it comes to internet regulation. There’s no government structure to tackle this at a systemic level. Instead, there’s a fundamental mismatch between the way government works and the way this technology works that makes dealing with this problem impossible at the moment.

Government operates in silos. In the U.S., the FAA regulates aircraft. The NHTSA regulates cars. The FDA regulates medical devices. The FCC regulates communications devices. The FTC protects consumers in the face of “unfair” or “deceptive” trade practices. Even worse, who regulates data can depend on how it is used. If data is used to influence a voter, it’s the Federal Election Commission’s jurisdiction. If that same data is used to influence a consumer, it’s the FTC’s. Use those same technologies in a school, and the Department of Education is now in charge. Robotics will have its own set of problems, and no one is sure how that is going to be regulated. Each agency has a different approach and different rules. They have no expertise in these new issues, and they are not quick to expand their authority for all sorts of reasons.

Compare that with the internet. The internet is a freewheeling system of integrated objects and networks. It grows horizontally, demolishing old technological barriers so that people and systems that never previously communicated now can. Already, apps on a smartphone can log health information, control your energy use, and communicate with your car. That’s a set of functions that crosses jurisdictions of at least four different government agencies, and it’s only going to get worse.

Our world-size robot needs to be viewed as a single entity with millions of components interacting with each other. Any solutions here need to be holistic. They need to work everywhere, for everything. Whether we’re talking about cars, drones, or phones, they’re all computers.

This has lots of precedent. Many new technologies have led to the formation of new government regulatory agencies. Trains did, cars did, airplanes did. Radio led to the formation of the Federal Radio Commission, which became the FCC. Nuclear power led to the formation of the Atomic Energy Commission, which eventually became the Department of Energy. The reasons were the same in every case. New technologies need new expertise because they bring with them new challenges. Governments need a single agency to house that new expertise, because its applications cut across several preexisting agencies. It’s less that the new agency needs to regulate -­ although that’s often a big part of it -­ and more that governments recognize the importance of the new technologies.

The internet has famously eschewed formal regulation, instead adopting a multi-stakeholder model of academics, businesses, governments, and other interested parties. My hope is that we can keep the best of this approach in any regulatory agency, looking more at the new U.S. Digital Service or the 18F office inside the General Services Administration. Both of those organizations are dedicated to providing digital government services, and both have collected significant expertise by bringing people in from outside of government, and both have learned how to work closely with existing agencies. Any internet regulatory agency will similarly need to engage in a high level of collaborate regulation -­ both a challenge and an opportunity.

I don’t think any of us can predict the totality of the regulations we need to ensure the safety of this world, but here’s a few. We need government to ensure companies follow good security practices: testing, patching, secure defaults -­ and we need to be able to hold companies liable when they fail to do these things. We need government to mandate strong personal data protections, and limitations on data collection and use. We need to ensure that responsible security research is legal and well-funded. We need to enforce transparency in design, some sort of code escrow in case a company goes out of business, and interoperability between devices of different manufacturers, to counterbalance the monopolistic effects of interconnected technologies. Individuals need the right to take their data with them. And internet-enabled devices should retain some minimal functionality if disconnected from the internet

I’m not the only one talking about this. I’ve seen proposals for a National Institutes of Health analog for cybersecurity. University of Washington law professor Ryan Calo has proposed a Federal Robotics Commission. I think it needs to be broader: maybe a Department of Technology Policy.

Of course there will be problems. There’s a lack of expertise in these issues inside government. There’s a lack of willingness in government to do the hard regulatory work. Industry is worried about any new bureaucracy: both that it will stifle innovation by regulating too much and that it will be captured by industry and regulate too little. A domestic regulatory agency will have to deal with the fundamentally international nature of the problem.

But government is the entity we use to solve problems like this. Governments have the scope, scale, and balance of interests to address the problems. It’s the institution we’ve built to adjudicate competing social interests and internalize market externalities. Left to their own devices, the market simply can’t. That we’re currently in the middle of an era of low government trust, where many of us can’t imagine government doing anything positive in an area like this, is to our detriment.

Here’s the thing: Governments will get involved, regardless. The risks are too great, and the stakes are too high. Government already regulates dangerous physical systems like cars and medical devices. And nothing motivates the U.S. government like fear. Remember 2001? A nominally small-government Republican president created the Office of Homeland Security 11 days after the terrorist attacks: a rushed and ill-thought-out decision that we’ve been trying to fix for over a decade. A fatal disaster will similarly spur our government into action, and it’s unlikely to be well-considered and thoughtful action. Our choice isn’t between government involvement and no government involvement. Our choice is between smarter government involvement and stupider government involvement. We have to start thinking about this now. Regulations are necessary, important, and complex; and they’re coming. We can’t afford to ignore these issues until it’s too late.

We also need to start disconnecting systems. If we cannot secure complex systems to the level required by their real-world capabilities, then we must not build a world where everything is computerized and interconnected.

There are other models. We can enable local communications only. We can set limits on collected and stored data. We can deliberately design systems that don’t interoperate with each other. We can deliberately fetter devices, reversing the current trend of turning everything into a general-purpose computer. And, most important, we can move toward less centralization and more distributed systems, which is how the internet was first envisioned.

This might be a heresy in today’s race to network everything, but large, centralized systems are not inevitable. The technical elites are pushing us in that direction, but they really don’t have any good supporting arguments other than the profits of their ever-growing multinational corporations.

But this will change. It will change not only because of security concerns, it will also change because of political concerns. We’re starting to chafe under the worldview of everything producing data about us and what we do, and that data being available to both governments and corporations. Surveillance capitalism won’t be the business model of the internet forever. We need to change the fabric of the internet so that evil governments don’t have the tools to create a horrific totalitarian state. And while good laws and regulations in Western democracies are a great second line of defense, they can’t be our only line of defense.

My guess is that we will soon reach a high-water mark of computerization and connectivity, and that afterward we will make conscious decisions about what and how we decide to interconnect. But we’re still in the honeymoon phase of connectivity. Governments and corporations are punch-drunk on our data, and the rush to connect everything is driven by an even greater desire for power and market share. One of the presentations released by Edward Snowden contained the NSA mantra: “Collect it all.” A similar mantra for the internet today might be: “Connect it all.”

The inevitable backlash will not be driven by the market. It will be deliberate policy decisions that put the safety and welfare of society above individual corporations and industries. It will be deliberate policy decisions that prioritize the security of our systems over the demands of the FBI to weaken them in order to make their law-enforcement jobs easier. It’ll be hard policy for many to swallow, but our safety will depend on it.

**********

The scenarios I’ve outlined, both the technological and economic trends that are causing them and the political changes we need to make to start to fix them, come from my years of working in internet-security technology and policy. All of this is informed by an understanding of both technology and policy. That turns out to be critical, and there aren’t enough people who understand both.

This brings me to my final plea: We need more public-interest technologists.

Over the past couple of decades, we’ve seen examples of getting internet-security policy badly wrong. I’m thinking of the FBI’s “going dark” debate about its insistence that computer devices be designed to facilitate government access, the “vulnerability equities process” about when the government should disclose and fix a vulnerability versus when it should use it to attack other systems, the debacle over paperless touch-screen voting machines, and the DMCA that I discussed above. If you watched any of these policy debates unfold, you saw policy-makers and technologists talking past each other.

Our world-size robot will exacerbate these problems. The historical divide between Washington and Silicon Valley -­ the mistrust of governments by tech companies and the mistrust of tech companies by governments ­- is dangerous.

We have to fix this. Getting IoT security right depends on the two sides working together and, even more important, having people who are experts in each working on both. We need technologists to get involved in policy, and we need policy-makers to get involved in technology. We need people who are experts in making both technology and technological policy. We need technologists on congressional staffs, inside federal agencies, working for NGOs, and as part of the press. We need to create a viable career path for public-interest technologists, much as there already is one for public-interest attorneys. We need courses, and degree programs in colleges, for people interested in careers in public-interest technology. We need fellowships in organizations that need these people. We need technology companies to offer sabbaticals for technologists wanting to go down this path. We need an entire ecosystem that supports people bridging the gap between technology and law. We need a viable career path that ensures that even though people in this field won’t make as much as they would in a high-tech start-up, they will have viable careers. The security of our computerized and networked future ­ meaning the security of ourselves, families, homes, businesses, and communities ­ depends on it.

This plea is bigger than security, actually. Pretty much all of the major policy debates of this century will have a major technological component. Whether it’s weapons of mass destruction, robots drastically affecting employment, climate change, food safety, or the increasing ubiquity of ever-shrinking drones, understanding the policy means understanding the technology. Our society desperately needs technologists working on the policy. The alternative is bad policy.

**********

The world-size robot is less designed than created. It’s coming without any forethought or architecting or planning; most of us are completely unaware of what we’re building. In fact, I am not convinced we can actually design any of this. When we try to design complex sociotechnical systems like this, we are regularly surprised by their emergent properties. The best we can do is observe and channel these properties as best we can.

Market thinking sometimes makes us lose sight of the human choices and autonomy at stake. Before we get controlled ­ or killed ­ by the world-size robot, we need to rebuild confidence in our collective governance institutions. Law and policy may not seem as cool as digital tech, but they’re also places of critical innovation. They’re where we collectively bring about the world we want to live in.

While I might sound like a Cassandra, I’m actually optimistic about our future. Our society has tackled bigger problems than this one. It takes work and it’s not easy, but we eventually find our way clear to make the hard choices necessary to solve our real problems.

The world-size robot we’re building can only be managed responsibly if we start making real choices about the interconnected world we live in. Yes, we need security systems as robust as the threat landscape. But we also need laws that effectively regulate these dangerous technologies. And, more generally, we need to make moral, ethical, and political decisions on how those systems should work. Until now, we’ve largely left the internet alone. We gave programmers a special right to code cyberspace as they saw fit. This was okay because cyberspace was separate and relatively unimportant: That is, it didn’t matter. Now that that’s changed, we can no longer give programmers and the companies they work for this power. Those moral, ethical, and political decisions need, somehow, to be made by everybody. We need to link people with the same zeal that we are currently linking machines. “Connect it all” must be countered with “connect us all.”

This essay previously appeared in New York Magazine.

‘Pirate’ Kodi Box Seller Enters “Not Guilty” Plea in Landmark Trial

Post Syndicated from Andy original https://torrentfreak.com/pirate-kodi-box-seller-enters-not-guilty-plea-landmark-trial/

With the advent of cheap Android devices such as Amazon’s Fire Stick and dozens of set-top variants, anyone can install legal software such as Kodi to watch recorded media.

However, those very same devices can be modified to do things that at best sit in a legal gray area and at worst could be illegal. We’re talking about viewing movies, TV shows, live TV and PPV events, without paying a dime to anyone.

In some parts of the world the phenomenon has reached epidemic proportions, so much so that the Federation Against Copyright Theft now cite it as a major concern in the UK. But while there is not much anyone can do to clamp down on people at home doing a DIY job on their own setups, it is possible to crack down on people who supply pre-modified devices.

One individual that has found himself in the middle of the controversy is UK-based Brian ‘Tomo’ Thompson. The Middlesborough-based shopkeeper was previously raided by police and Trading Standards after selling “fully loaded” Android boxes from his small premises.

Unusually for such cases, Thompson is being prosecuted by his local council. He’s under the impression that he’s done nothing wrong but now wants to discover where the boundaries lie for sellers of similar devices.

“All I want to know is whether I am doing anything illegal. I know it’s a gray area but I want it in black and white,” he said last September.

This morning Thompson appeared before Teeside Crown Court for a plea hearing. As promised, BBC reports that he pleaded not guilty, which means his case will now go to a full trial.

In what will be a landmark case, Thompson stands accused of two offenses under section 296ZB of the Copyright, Designs and Patents Act. This section deals with devices and services designed to circumvent technological measures.

“A person commits an offense if he — in the course of a business — sells or lets for hire, any device, product or component which is primarily designed, produced, or adapted for the purpose of enabling or facilitating the circumvention of effective technological measures,” the law reads.

Kodi installations with third-party addons effectively ‘farm’ content already available on various ‘pirate’ sites on the Internet. On that basis, it could be argued that any anti-circumvention/anti-copying measures put in place by broadcasters and other copyright holders have already been bypassed by the time the addon streams the content to the user.

However, the Court will have to decide what part, if any, Thompson played in circumventing those measures when he sold modified Kodi devices to his customers. According to the BBC, two of those sales were test purchases made by Middlesborough Council.

The outcome of the trial, which is likely to be complex one, will have little effect on people who modify their own Kodi installations at home. However, it is likely to determine the boundaries when it comes to those offering “fully loaded” Kodi TV devices for sale in the UK.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

President Trump Told That Strong Copyright Laws Are in His Interest

Post Syndicated from Andy original https://torrentfreak.com/president-trump-told-that-strong-copyright-laws-are-in-his-interests-170124/

trumpdOn Friday January 20, Donald J. Trump was inaugurated as the 45th President of the United States after one of the most controversial election campaigns of modern times.

For those who watched the historic inauguration, the message from the new president was clear.

From now on and even at the expense of outsiders, America will come first. Time and time again the president reiterated that the power would be put back into the hands of the people to “Make America Great Again.”

With vows to boost America’s economy by supporting local businesses ringing loud, President Trump has now received a letter from a powerful group hoping that their interests will receive a boost from his incoming policies.

The Copyright Alliance, which claims to represent 1.8 million creators and 13,000 pro-copyright organizations in the United States, begin by reminding the President that they’re already on the very same page.

“Throughout the long history of our country, few, if any, Presidents have had a more sizable and diverse copyright portfolio than you,” CEO Keith Kupferschmid writes.

“Your experiences as a businessman have afforded you insights into the value and importance of copyright and how copyright protections help drive the U.S. economy and create millions of well-paying jobs and small businesses.”

With the RIAA, MPAA and 3,000 music publishers as members, the Copyright Alliance believes that its sheer horsepower should be enough to grab the President’s attention, particularly alongside reminders that in 2015 the copyright industries’ 5.5 million workers added $1.2 trillion to the US GDP.

“The growth within core copyright industries far surpasses the average growth rate for other industries; in fact, between 2012 and 2015, those industries grew at a rate of more than 127% greater than the remainder of the economy,” Kupferschmid notes.

But this huge contribution to the economy doesn’t exist in a vacuum, the Alliance adds. It only works thanks to a strong copyright system that rewards creativity and discourages piracy, which in turn is good for the economy and indeed, President Trump himself.

“You, as an author and holder of numerous copyrighted works, know first-hand that creators rely on copyright law for their livelihood and careers, and they are harmed when the system fails to adequately protect their valuable creations in the United States and abroad,” Kupferschmid adds.

Noting that piracy in the Internet age has an adverse effect on U.S companies and the economy as a whole, the Copyright Alliance says that stronger copyright law boosts culture and as a result supports Trump’s mission to ‘Make America Great Again.’

“We need to enhance the protections afforded to the creative communities, not dilute them. We hope you will support a strong and vibrant copyright system in the United States that protects copyright holders from online theft and ensures that creators share in the massive profits being made by internet platforms from these copyrighted works,” the Alliance concludes.

While the Copyright Alliance certainly expects action against mainly overseas ‘pirate’ sites, the use of the word “share” in the above paragraph suggests companies a little closer to home. Google’s YouTube, for example, that stands accused by the music industry of “gaming” the safe harbor provisions of the DMCA.

When compared to the outgoing Democrats, Hollywood in particular has a less than great relationship with President Trump. Nevertheless, Trump will be acutely aware of the contributions made by the creative industries as a whole and how largely overseas websites have some capacity to undermine that.

Only time will tell how America’s new President will respond, but keeping in mind his promise to always put the United States first, the next report from the USTR has the potential to be quite a read. Will it maintain the status quo? Or will it serve as a shot across the bows of countries who dare to undermine the US economy? Stay tuned.

The full letter is available here (pdf)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Piracy is Theft! Classic Anti-Piracy Ads From the ’90s

Post Syndicated from Ernesto original https://torrentfreak.com/piracy-is-theft-classic-anti-piracy-ads-from-the-90s-170114/

piracytheftEvery now and then it can be quite amusing to look back at some of the anti-piracy campaigns deployed by rightholders in the past. Especially, when contrasted with newer initiatives.

Last week we reported on a new UK campaign where suspected pirates will get an “educational alert” in the mail if they are ‘caught’ sharing infringing content using BitTorrent.

The initiative breaks with the more aggressive traditions of scaring pirates with high fines, and rewarding snitches who tell on them, although there are still some remnants of this around.

How different was this in the early ’90s when the (now defunct) European Leisure Software Publishers Association (ELSPA) ran a controversial series of ads, warning pirates of potential jail time.

piracywarn

In an attempt to connect with a predominantly young audience, ELSPA also promoted a series of cartoon PSAs in UK computer magazines.

These ads informed readers that “piracy is theft” and encouraged them to report suspicious behavior to the Federation Against Software Theft (FAST). In return, the informants could look forward to a £1,000 reward.

piratecartoon1

The cartoons showed teens how they could report suspicious software sellers at a local market, or even teachers who dare to allow students to make copies.

piratecartoon2

Or what about friends, who ‘gang up’ on people so they can score a sizable reward? It was all possible, if the cartoons were to believed.

piratecartoon3

If ELSPA’s goal was to be noticed, the ads were definitely successful. Soon after the first ones were placed, angry parents started writing letters to computer magazines, including this one Commodore Format received in the early ’90s.

“I would like to strongly object to the advert which appeared in your magazine,” a concerned parent wrote.

“It encourages young, vulnerable children to think that a phone call will lead to £1,000 very easily. It has caused a lot of ill feeling where I live between boys who were friends and then fell out, and thought this was a way to get back at one boy causing unnecessary upset to the families.”

cf-elspa

ELSPA responded in the magazine and argued that these types of ads were needed to counter the growing threat of piracy. While the organization suggested that the cartoons were instrumental in lowering piracy rates, we now know that it certainly didn’t stop the copying.

Not even SIIA’s Don’t Copy that Floppy!, one of the all-time anti-piracy classics that turns 25 this year, could manage that.

In the years that followed many similar campaigns were launched, some more aggressive than others. And while the “piracy is theft” mantra is still in circulation, the general sense is that a ‘scare approach’ is not all that productive.

Perhaps this is one of the reasons why the latest UK anti-piracy effort relies more on carrots than sticks. Whether that will be successful has yet to be seen, but it’s certainly less “amusing.”

You know who…

youknowwho

The advertising images published here were sourced from WoS, where you can find some more examples. The Commodore Format scan is courtesy of the CF Archive.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Movie Director Steals Clam Chowder to Avenge Illegal Downloads

Post Syndicated from Andy original https://torrentfreak.com/movie-director-steals-clam-chowder-to-avenge-illegal-downloads-170119/

teboAmong most copyright holders and some artists there is an insistence that illegal downloading is tantamount to stealing. A download can result in a lost sale, they argue, thereby depriving creators (or distributors) of revenue.

File-sharers, on the other hand, have their own theories as to what their hobby amounts to. Conclusions vary, from “try before you buy” to satisfying demand unmet by authorized sources. Some merely want content for free but still argue that a copy does not amount to theft.

Director Casey Tebo, on the other hand, strongly disagrees.

Tebo, who has directed live performances for Aerosmith, Mötley Crüe, Judas Priest and Run DMC, believes that piracy is just like stealing. And, after becoming a victim himself, decided to do something about it.

According to the 42-year-old, who won an Emmy for his work on ESPN E:60’s Dream On: The Stories of Boston’s Strongest, the final straw was when he discovered people had been pirating one of his movies.

Tebo wrote and directed 2016 horror movie Happy Birthday and recently discovered that an old friend from school had watched it.

“He said ‘Bro, I saw your movie, it was amazing!’,” Tebo recalled.

When the director asked where he’d seen it – iTunes, Walmart etc – the guy dropped the bombshell. Someone at work supplied it.

“What do you mean, he brings the DVDs into work?” the director asked. “I don’t know what that means?”

In a mocking tone impersonating his former friend’s recollection, Tebo continued.

“He gets ’em off, you know, King Torrent, uTorrent, your fucking mother’s torrent, whatever the fuck it is.”

Noting that his movie only had a small budget with just three investors putting in $500K between them, Tebo said that one of his buddies came up with a plot to get revenge.

“You should go to the fuckin grocery store this cat works at and just fuckin steal some shit,” his buddy said. “And, if you get caught by the cops, just say ‘Hey, he steals my shit, why can’t I steal his shit?’”

In a video posted on YouTube, which he describes as a PSA (Pirates Suck Ass), Tebo reveals what happened next. A sped-up clip shows the director ‘shopping’ for $30 worth of ‘free’ ingredients to make a clam chowder. He then leaves the store without paying. Needless to say, Tebo (who apparently was born with six fingers on his right hand) didn’t get away with it.

Someone from the store came out to Tebo’s car after spotting him on the security camera and threatened to call the cops unless he came back and paid.

“Yeah I know, but this is like a really huge chain supermarket,” Tebo protested. Although subtle, this was almost certainly a dig at people who believe that downloading movies from big companies doesn’t hurt them.

“This is a store, you just robbed it,” the worker replied. Then, Tebo revealed his scheme.

“See, the guy who works at your store likes to download the movies and burn ’em and give them to everybody who works there. You have people in your store who are stealing from my industry, so why can’t I just steal from you guys?” he asked.

The store worker was having none of it. “Give me the bags or i’m calling the cops,” he said.

Again, Tebo underlined his point.

“I just want to know. If you’re the manager of this place and you got guys downloading illegal movies, why can’t I take groceries for free?” he questioned.

“Because it’s fucking stealing, asshole,” came the reply…..

Tebo says that he eventually gave the stuff back. He didn’t, however, explain why he thought it was fair to steal from the grocery store when his aim was to get revenge on one of its employees. Maybe this is the real-life equivalent of holding ISPs responsible for Internet pirates, who knows.

The whole bizarre affair is documented below.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Advertisers Promise to Boycott Pirate Sites After Police Visit

Post Syndicated from Andy original https://torrentfreak.com/advertisers-promise-boycott-pirate-sites-police-visit-170113/

One of the entertainment industries’ main strategies for tackling ‘pirate’ sites is to prevent them generating revenue from their activities. The theory is that such sites are profit-motivated and if none can be made, they will soon shut down.

With this in mind, industry bodies have sought to target companies who place or pay for advertising to appear on pirate sites. In many cases the companies don’t know exactly where their adverts are appearing, but in case they were in any doubt, this week the police stepped up to remind them.

According to information just released by City of London Police, this Wednesday, officers from the Police Intellectual Property Crime Unit (PIPCU) paid visits to eight organizations involved in placing adverts on pirate sites.

Accompanied by representatives from the Federation Against Copyright Theft (FACT), British Phonographic Industry (BPI), International Federation of the Phonographic Industry (IFPI) and PRS for music, PIPCU targeted brands, advertising agencies and networks.

The visits took place as part of the multi-agency anti-piracy initiative Operation Creative. PIPCU says that the companies were made aware that their advertising is appearing on pirate sites. It is not clear whether any of them already knew, but the police got the result they were hoping for.

After discussion, all agreed to cooperate by ensuring that they no longer support any of the platforms listed on the Infringing Website List (IWL) maintained by police and rightsholders.

“All of the organisations were keen to support Operation Creative and have pledged to sign up to the IWL to ensure advert placement from their brand and clients do not appear on the 1,232 websites listed on the IWL,” PIPCU said.

PIPCU offered no further details on the companies visited this week, which suggests that it views them as partners moving forward.

“Operation Creative is key to ending the funding of websites involved in digital piracy. It is important we tackle this issue, not only for brands and businesses’ reputation, but for consumers too,” said Operation Creative’s lead officer Detective Constable Steven Salway.

“When adverts from established brands appear on these sites, they lend them a look of legitimacy. By working with industry to discourage reputable brands from advertising on piracy sites, we will help consumers realise these sites are neither official nor legal.”

Director General of FACT, Kieron Sharp, praised the IWL and said that his group is pleased to be raising awareness within the advertising community.

“PIPCU’s IWL is the first of its kind and is a great tool for businesses to protect their brand reputation by ensuring their adverts don’t appear on pirate sites,” Sharp said.

“Consumers need to be aware that not only are the criminals behind these websites making substantial amounts of money from adverts, but simply visiting the sites can put the public at risk of malware, viruses and click-through scams.”

While the police action is likely to have some effect, there are still plenty of advertisers willing to show off their products on pirate platforms. It is clear, however, that the quality of advertising on such sites is steadily diminishing.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

FACT Lawyer Reveals Challenges of Kodi Box Seller Prosecutions

Post Syndicated from Andy original https://torrentfreak.com/fact-lawyer-reveals-challenges-kodi-box-seller-prosecutions-170106/

android-boxYesterday an interesting discussion took place on the BBC’s Radio Five. It involved the Federation Against Copyright Theft (FACT), who are the main driving force behind Kodi and IPTV prosecutions in the UK.

As always, it’s worth pointing out that Kodi is a neutral media platform that can be augmented with addons that provide access to infringing content. That is the problem that copyright holders are trying to address.

While broad in scope, one of the main points out of the debate was that copyright holders don’t appear to have much enthusiasm for going after people who use these devices in their own home. On the other hand, they do have an appetite for chasing down box sellers and other players further up the supply chain.

But, according to a lawyer that has successfully prosecuted big piracy cases for FACT, things aren’t always straightforward.

Speaking with Out-Law.com, lawyer Ari Alabhai of QEB Hollis Whitman says that FACT’s tendency to opt for a prosecution under the Fraud Act is partially based on the capacity of a jury to understand the charges.

Fraud can be easier for a jury to understand than the complexities of copyright law, he said, while also noting that such prosecutions have their limitations.

Alabhai, who successfully prosecuted the case against torrent release groups 26K, RemixHD, DTRG and RESiSTANCE, said that showing a conspiracy to defraud is not possible when only one person (such as a box seller) acted alone. In such cases, prosecutors have to try a different approach.

One option involves offences under section 107(2a) of the Copyright, Designs and Patents Act (CDPA).

“A person commits an offense who makes an article specifically designed or adapted for making copies of a particular copyright work..knowing or having reason to believe that it is to be used to make infringing copies for sale or hire or for use in the course of a business,” the section reads.

However, Alabhai told OutLaw that such a prosecution would be very complex and would only be subject to a maximum two-year prison sentence versus the ten years available under the Fraud Act. (Note: this term will be extended to 10 years under the Digital Economy Act)

Another option is the rather intriguing proposition of a prosecution under section 296ZB of the CDPA, which attempts to deal with devices and services designed to circumvent technological measures.

“A person commits an offense if he — in the course of a business — sells or lets for hire, any device, product or component which is primarily designed, produced, or adapted for the purpose of enabling or facilitating the circumvention of effective technological measures,” the section reads.

And we may not have to wait long to discover whether this kind of approach will be successful. The prosecution of UK-based box-seller Brian ‘Tomo’ Thompson looks like it will provide the test case but it’s hardly straightforward and is already in unchartered territory.

According to OutLaw, that case is set to go to trial at Teeside Crown Court in May 2017. Definitely one to watch.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

‘Copyright Trolls’ Hit With Class Action Lawsuit For Theft by Deception

Post Syndicated from Ernesto original https://torrentfreak.com/copyright-trolls-hit-with-class-action-lawsuit-for-theft-by-deception-170104/

trollsignIn recent years so-called copyright trolls have been accused of various dubious schemes and actions, including intimidation and extortion.

Last month it became apparent that these concerns are not just one-sided complaints, when the U.S. Government launched a criminal case against two of Prenda Law’s principals.

This week, copyright trolling allegations are once again brought to the forefront. In a class action lawsuit filed in an Illinois federal court on behalf of accused pirates, a group of rightsholders, lawyers, and a torrent monitoring expert are accused taking part in an “extortion conspiracy.”

The case centers around Clear Skies Network (CSN) which brought several lawsuits against alleged downloaders of the movie “Good Kill.” As is common in these campaigns, the rightsholders work in tandem with lawyers and BitTorrent monitoring experts to make their case.

One of their targets was a 62-year-old woman, who has now decided to strike back, also on behalf of other defendants that are in the same position.

The complaint details how the woman was repeatedly threatened and intimidated with a possible $150,000 in statutory damages, asking her to settle for only a few thousand. It also mentions various other allegations including false statements.

In addition, the complaint notes that the defendants may have purposefully operated a honeypot where they themselves distributed the infringing movie before its theatrical release in the U.S.

“CSN and/or the German John Doe relies on ‘fake experts’ and/or honeypots or seeds its Motion Picture for the express purpose of being able to claim that it has ‘caught’ people downloading the copyrighted material,” it reads.

The monitored torrents and the various associated IP-addresses were used as the base evidence for copyright lawsuits throughout the country. According to the class action complaint, the rightsholders continuously relied on the same German monitoring outfit whose evidence is insufficient to prove infringement.

Instead of protecting copyrights, the accused downloaders believe that the entire practice is primarily meant to generate a steady income flow for the filmmakers and other parties involved in the conspiracy.

“CSN’s existence has little to do with the protection of a copyright, and is instead an entity formed for the primary purpose of income generation through exploitation of the court system,” the complaint states.

As such, they accuse the alleged conspiracy of using the copyright cases as an extortion mechanism.

“[The defendants] have been engaged in a conspiracy to monetize infringement whereby they use questionable means to entrap unsuspecting Illinois residents who have allegedly violated CSN’s copyrights, and then extort money from these individuals using threatening and misleading settlement and litigation tactics under the guise of the Copyright Act.”

For the 62-year-old woman, this led to physical and emotional distress, and through the class action suit, she hopes to set the record straight.

Together with other potential members of the class, who have been treated similarly, she accuses CSN, the lawyers and the German torrent monitoring outfit, of conspiracy to improperly prosecute copyright infringement.

As compensation for the alleged unlawful acts, including of theft by deception barratry and maintenance, they ask for actual monetary damages as well as punitive damages.

According to FCT’s ‘Sophisticated Jane Doe’, it is about time that the Northern Illinois District takes a close look at these practices, and she hopes that it will help to finally cure this “judicial plague.”

A full copy of the class action complaint is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Infamous Piracy Group Says it Ready to Start Leaking Screeners

Post Syndicated from Andy original https://torrentfreak.com/infamous-piracy-group-says-it-ready-to-start-leaking-screeners-161229/

cofeeleakLast year during the Christmas period, pirates got much more than their fair share of festive booty. Screener copies of many of the latest movies appeared online, much to the disappointment of Hollywood.

The group that received much of the credit (or blame, depending on viewpoint) was Hive-CM8. This peer-to-peer release outfit famously released both The Hateful Eight and The Revenant in excellent quality before their theatrical release.

The group promised to deliver 40 screeners but the backlash was so severe that the run was eventually limited to ‘just’ 14 titles, a sum still not improved upon. As recently reported, the latter half of 2016 has been extremely quiet on the screener front overall, prompting many public discussions over whether any will actually appear.

Interestingly, however, Hive-CM8 has just put out a statement which suggests that January might be the month to watch. Alongside a TS (telesync) release of the new Assassins Creed movie, the group notes its absence but expresses eagerness to start leaking screeners again – with some caveats attached. (note: statement edited to fix typos/grammar)

“Yes, still here and kicking, we had to have a break for some time. Bet you are waiting for screeners, yep why not,” Hive-CM8 begin.

“We were definitely not in the mood to make the same mistakes as last year with screeners before Christmas or cinema release date.”

The fact that Hive-CM8 want to tone things down isn’t really a surprise. With last year’s Christmas bonanza still making waves, in late December 2015 the group actually published an apology, noting that releasing movies before their official debut wasn’t acceptable.

That said, Christmas 2016 is now over, and it appears that Hive-CM8 are ready to get going again.

“Now that Christmas holidays have passed we are actually looking forward to getting the dice rolling,” they say.

“We want to get the screeners out safely and securely like every year. Whoever has a screener or knows someone who has one and wants to share privately or in public, just let us know. We are here.”

The Hive ‘NFO’ file for Assassins Creedhive-nfo

A separate source informs TF that Hive-CM8 already has some screeners in hand but the group itself has not yet responded to our request for comment. Either way, we have a somewhat unique set of circumstances this year.

While studio security was expected to improve following 2015’s debacle, it appears that at least some pirates are consulting their moral compasses before making what could be a potentially damaging release.

Hollywood is likely to be quietly pleased with that result but don’t ever expect them to admit it. Theft is theft, ladies and gentlemen, or so the mantra goes.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Data Storage Disasters SMBs Should Avoid

Post Syndicated from Peter Cohen original https://www.backblaze.com/blog/data-storage-disasters-smbs-avoid/

Avoid Data Disasters

No one wants to get caught off guard when disaster strikes. And disasters are kind of inevitable, typically when you least expect them. Forewarned is forearmed. Here are five data storage disasters just waiting to happen to small to medium-sized businesses. We also offer some practical advice for how to avoid them.

Not Knowing Where Your Data Is

Data scatter is a big problem even in small organizations. Some data may be stored in the cloud, some may be on local machines, some may be on servers. Two-thirds of all corporate data exists outside the traditional data center. Make sure you know where your data is and how to protect it.

Conduct a data assessment to find out where your data lives. That includes customer records, financial and compliance data, application and server software, anything else necessary to keep your doors open. Know how data is used. Identify high-priority and high-value data to your organization.

Also understand that not everything is necessary to keep on-hand. Having redundancy and systems in place to retrieve every single bit of data is costly. Be wary of implementation issues that can create headaches, like time to restore. Separate out what’s absolutely necessary from that which would be nice to have, and that which is redundant and rebuildable.

Not Protecting Against Malware

Data breaches caused by malware infestations – especially ransomware – are on the rise. Ransomware encrypts an infected computer’s hard drive, locking you out. Unless you pay up using a cryptocurrency like Bitcoin, you’re locked out of your data with no way to restore it (with a backup).

Some organizations have paid hackers tens of thousands of dollars to unlock systems that have been taken down by ransomware. Even we at Backblaze have been affected by ransomware (having a recent backup got us out of that pickle). Even plain old malware which hijacks web browser search fields or injects advertisements causes problems that cost you time and money to fix.

Sure, you can disinfect individually affected machines, but when it happens to an entire organization it can be crippling. What’s more, any way you slice it, it wastes employee productivity, time and resources.

Use a multi-point strategy to combat malware that combines user education with best security practices. Help users discriminate between legitimate inbound emails and phishing attempts, for example. Make them wary of connecting Wi-Fi enabled devices on unsecured networks (or disable that capability altogether). Force periodic password changes. Use Mobile Device Management (MDM) tools to update remote machines and disable them if they’re stolen or lost.

Installing good anti-malware software is crucial, but endpoint security on user computers shouldn’t be the only proactive defense. If you take care of more than a handful of computers, save time and resources by using apps that centralize anti-malware software updates and malware definition file distribution.

Besides users, servers also need to be protected from malware. Also, update network gear with firmware updates to help maintain security. Make sure that passwords on those devices are changed periodically, as well.

Not Having A Disaster Recovery Plan

As we said at the outset, forewarned is forearmed. Create a written disaster recovery plan (stored safely if you need to retrieve it) that covers all possible contingencies. Think through the threats your business faces: Human error, malfeasance, natural disasters, theft, fire, device or component failure may be some of the things you should be thinking about.

Once you’ve assessed the threats, try to evaluate the actual risks. Being attacked by an angry grizzly bear is certainly a threat, but unless you’re in the Kodiak wilderness, it’s not a plausible risk. Conversely, if your business is located on a floodplain, it might be good to have a contingency in place for the next time the river nearby crests its banks.

Is your IT disaster recovery plan focused just specifically on one part of your business operations, like your server room or data center? What’s your plan for the laptop and desktop computers, handheld devices and other gear used by your employees? Do you have system images in place to quickly restore computers? Can you run some systems as virtual machines in a pinch?

Once you have plans in place, the important thing is to test them periodically. It’ll help you work out implementation problems beforehand, so when disaster strikes, your organization can still move like a well-oiled machine.

Not Using Encryption

Data theft is such a pernicious problem these days, you need to use every safeguard you can manage to protect the integrity of your data and its safety.

Someone could hack into your systems and steal information, or a careless employee can leave an unguarded laptop on the table at Starbucks. Any time your data is exposed or could be exposed to outside threats, there should be some inherent safeguard to protect it. Encryption can help.

macOS, Windows, and modern Linux distributions support full-disk encryption. It’s FileVault on the Mac, and BitLocker in Windows. Traveling executives, salespeople with laptops, field technicians or anyone else who takes sensitive data offsite are good encryption candidates. Anyone in-house who handles customer records or sensitive business intelligence should also use encryption wherever practical. Make sure that you keep a (secure) record of the encryption keys needed to decrypt any protected systems to avoid data recovery problems down the road.

Encrypting endpoint data is important, but so is encrypting data in transit. If you’re regularly backing up to the cloud or using online file sync services, make sure they support encryption to protect your data (all Backblaze backup products support encryption).

Not Having A Recent Backup

Having a good backup strategy in place is crucial to being able to keep your business running. Develop a backup strategy that protects all of your critical data, and automates it as much as possible to run on a schedule.

The 3-2-1 Backup Strategy is a good place to start: Three copies of data – live, backup and offsite. User systems with important data should be backed up, as should servers and any other computers needed to run the business. One backup should be stored locally for easy recovery, and one copy of the backup should be stored offsite. This is where a cloud service (like Backblaze for Business, or for server and NAS systems, B2 Cloud Storage) can come in really handy. Just make sure to observe safe data handling procedures (like encryption, as mentioned above) to keep everything in your control.

This is a good starting point for a discussion within your organization about how to protect yourselves from data loss. If you have questions or comments, please let us know!

The post Data Storage Disasters SMBs Should Avoid appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Security Risks of TSA PreCheck

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2016/12/security_risks_12.html

Former TSA Administrator Kip Hawley wrote an op-ed pointing out the security vulnerabilities in the TSA’s PreCheck program:

The first vulnerability in the system is its enrollment process, which seeks to verify an applicant’s identity. We know verification is a challenge: A 2011 Government Accountability Office report on TSA’s system for checking airport workers’ identities concluded that it was “not designed to provide reasonable assurance that only qualified applicants” got approved. It’s not a stretch to believe a reasonably competent terrorist could construct an identity that would pass PreCheck’s front end.

The other step in PreCheck’s “intelligence-driven, risk-based security strategy” is absurd on its face: The absence of negative information about a person doesn’t mean he or she is trustworthy. News reports are filled with stories of people who seemed to be perfectly normal right up to the moment they committed a heinous act. There is no screening algorithm and no database check that can accurately predict human behavior — especially on the scale of millions. It is axiomatic that terrorist organizations recruit operatives who have clean backgrounds and interview well.

None of this is news.

Back in 2004, I wrote:

Imagine you’re a terrorist plotter with half a dozen potential terrorists at your disposal. They all apply for a card, and three get one. Guess which are going on the mission? And they’ll buy round-trip tickets with credit cards and have a “normal” amount of luggage with them.

What the Trusted Traveler program does is create two different access paths into the airport: high security and low security. The intent is that only good guys will take the low-security path, and the bad guys will be forced to take the high-security path, but it rarely works out that way. You have to assume that the bad guys will find a way to take the low-security path.

The Trusted Traveler program is based on the dangerous myth that terrorists match a particular profile and that we can somehow pick terrorists out of a crowd if we only can identify everyone. That’s simply not true. Most of the 9/11 terrorists were unknown and not on any watch list. Timothy McVeigh was an upstanding US citizen before he blew up the Oklahoma City Federal Building. Palestinian suicide bombers in Israel are normal, nondescript people. Intelligence reports indicate that Al Qaeda is recruiting non-Arab terrorists for US operations.

I wrote much the same thing in 2007:

Background checks are based on the dangerous myth that we can somehow pick terrorists out of a crowd if we could identify everyone. Unfortunately, there isn’t any terrorist profile that prescreening can uncover. Timothy McVeigh could probably have gotten one of these cards. So could have Eric Rudolph, the pipe bomber at the 1996 Olympic Games in Atlanta. There isn’t even a good list of known terrorists to check people against; the government list used by the airlines has been the butt of jokes for years.

And have we forgotten how prevalent identity theft is these days? If you think having a criminal impersonating you to your bank is bad, wait until they start impersonating you to the Transportation Security Administration.

The truth is that whenever you create two paths through security — a high-security path and a low-security path — you have to assume that the bad guys will find a way to exploit the low-security path. It may be counterintuitive, but we are all safer if the people chosen for more thorough screening are truly random and not based on an error-filled database or a cursory background check.

In a companion blog post, Hawley has more details about why the program doesn’t work:

In the sense that PreCheck bars people who were identified by intelligence or law enforcement agencies as possible terrorists, then it was intelligence-driven. But using that standard for PreCheck is ridiculous since those people already get extra screening or are on the No-Fly list. The movie Patriots Day, out now, reminds us of the tragic and preventable Boston Marathon bombing. The FBI sent agents to talk to the Tsarnaev brothers and investigate them as possible terror suspects. And cleared them. Even they did not meet the “intelligence-driven” definition used in PreCheck.

The other problem with “intelligence-driven” in the PreCheck context is that intelligence actually tells us the opposite; specifically that terrorists pick clean operatives. If TSA uses current intelligence to evaluate risk, it would not be out enrolling everybody they can into pre-9/11 security for everybody not flagged by the security services.

Hawley and I may agree on the problem, but we have completely opposite solutions. The op-ed was too short to include details, but they’re in a companion blog post. Basically, he wants to screen PreCheck passengers more:

In the interests of space, I left out details of what I would suggest as short-and medium-term solutions. Here are a few ideas:

  • Immediately scrub the PreCheck enrollees for false identities. That can probably be accomplished best and most quickly by getting permission from members, and then using, commercial data. If the results show that PreCheck has already been penetrated, the program should be suspended.
  • Deploy K-9 teams at PreCheck lanes.

  • Use Behaviorally trained officers to interact with and check the credentials of PreCheck passengers.

  • Use Explosives Trace Detection cotton swabs on PreCheck passengers at a much higher rate. Same with removing shoes.

  • Turn on the body scanners and keep them fully utilized.

  • Allow liquids to stay in the carry-on since TSA scanners can detect threat liquids.

  • Work with the airlines to keep the PreCheck experience positive.

  • Work with airports to place PreCheck lanes away from regular checkpoints so as not to diminish lane capacity for non-PreCheck passengers. Rental Car check-in areas could be one alternative. Also, downtown check-in and screening (with secure transport to the airport) is a possibility.

These solutions completely ignore the data from the real-world experiment PreCheck has been. Hawley writes that PreCheck tells us that “terrorists pick clean operatives.” That’s exactly wrong. PreCheck tells us that, basically, there are no terrorists. If 1) it’s an easier way through airport security that terrorists will invariably use, and 2) there have been no instances of terrorists using it in the 10+ years it and its predecessors have been in operation, then the inescapable conclusion is that the threat is minimal. Instead of screening PreCheck passengers more, we should screen everybody else less. This is me in 2012: “I think the PreCheck level of airport screening is what everyone should get, and that the no-fly list and the photo ID check add nothing to security.”

I agree with Hawley that we need to overhaul airport security. Me in 2010: “Airport security is the last line of defense, and it’s not a very good one.” We need to recognize that the actual risk is much lower than we fear, and ratchet airport security down accordingly. And then we need to continue to invest in investigation and intelligence: security measures that work regardless of the tactic or target.

Prenda Copyright Trolls Arrested and Charged With Fraud and Extortion

Post Syndicated from Ernesto original https://torrentfreak.com/prenda-copyright-trolls-arrested-and-charged-with-fraud-and-extortion-161216/

fbi-logoIn recent years copyright trolls have been accused of various dubious schemes and actions, but there’s one group that tops them all.

Prenda Law grabbed dozens of headlines, mostly surrounding negative court rulings over identity theft, misrepresentation and even deception.

Most controversial was the shocking revelation that Prenda uploaded their own torrents to The Pirate Bay, creating a honeypot for the people they later sued over pirated downloads.

Today, this and other evidence was presented in a criminal indictment filed in the Minnesota District Court. The U.S. Government accuses Prenda principals John Steele and Paul Hansmeier of running a multimillion-dollar fraud and extortion operation.

That the case might go criminal first came to light when Pirate Bay co-founders Peter Sunde and Fredrik Neij were approached for information, but that was just the tip of the iceberg.

According to the indictment, the defendants earned millions of dollars in copyright lawsuit settlements from the public, by deceiving state and federal courts all over the country.

“In order to carry out the scheme, the defendants used sham entities to obtain copyrights to pornographic movies-some of which they filmed themselves – and then uploaded those movies to file-sharing websites in order to lure people to download the movies,” the indictment reads.

Through various companies, the goal of the conspiracy was to obtain the identities of alleged file-sharers of their pornographic films. As is common in these cases, that was achieved by obtaining a subpoena to compel ISPs to hand over personal details of subscribers.

This info was then used to extort the accused file-sharers, the Department of Justice alleges.

“After receiving this information, the defendants – through extortionate letters and phone calls – threatened the subscribers with enormous financial penalties and public embarrassment unless the subscribers agreed to pay a settlement, all thee while concealing their collusion in the alleged copyright infringement.”

The Pirate Bay plays an important role in this case. Not only were the founders of the site heard as witnesses, but the site was also named as part of Prenda’s honeypot scheme.

“Beginning in or about April 2011, defendants caused P.H. to upload their clients’ pornographic movies to BitTorrent file-sharing websites, including a website named the Pirate Bay, in order to entice people to download the movies and make it easier to catch those who attempted to obtain the movies.

“As defendants knew, the BitTorrent websites to which they uploaded their clients’ movies were specifically designed to allow users to share files, including movies, without paying any fees to the copyright holders,” the indictment adds.

The two Prenda principals have been arrested according to Star Tribune, who broke the story. They are charged with 18 counts in total, including conspiracy to commit fraud, money laundering and perjury.

Prenda crossed many lines in their settlement schemes, so it can’t be easily compared to other “trolling” cases. However, there are several similar outfits that will be seriously concerned about this indictment and the possible jail sentences Prenda’s bosses face.

As it turns out, the U.S. Government realizes very well that ‘pirate chasers’ are not above the law.

A copy of the full indictment is available here.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Music Industry Pressures Trump on Piracy Ahead of Silicon Valley Meeting

Post Syndicated from Andy original https://torrentfreak.com/music-industry-pressures-trump-on-piracy-ahead-of-silicon-valley-meeting-161214/

trumpIn a matter of weeks the United States will have a brand new president, so it’s now time to resign a bitter election battle to history and make plans for the future.

This afternoon, representatives of some of the most significant technology companies on the planet will meet with President-elect Donald Trump for a round-table discussion in New York.

Heading to Trump Tower will be Larry Page and Eric Schmidt of Google parent Alphabet, Tim Cook of Apple, Sheryl Sandberg of Facebook and Satya Nadella of Microsoft. According to the New York Times, the companies are keeping a low profile about the event, but with giants like IBM, Intel and Cisco also in attendance, flying under the radar just isn’t possible.

The meeting today clearly hasn’t gone unnoticed by America’s music industry either. Despite some attempts at building bridges with companies such as Google, there is a gaping chasm of understanding due to the manner in which platforms like YouTube are said to utilize music without properly compensating artists. The industry feels that Trump has a role to play in solving this problem.

In an open letter to president-elect Trump congratulating him on his election, the RIAA and an A to Z of music groups make it clear that he should keep them in mind when he meets with the technology giants this afternoon. Protection of their intellectual property is paramount, they argue.

“Congratulations on your election to serve as the 45th President of the United States. We look forward to working with you and your Administration on behalf of American music – one of our nation’s most valuable forms of art and intellectual property, and a powerful driver of high – quality U.S. jobs and exports,” they begin.

Pointing to a statement Trump issued earlier this year when he described intellectual property as “a driving force in today’s global economy of constant innovation” while calling for its protection, the groups paint themselves as sharing the president-elect’s goals.

“So much of what you wrote in your platform this summer about intellectual property and private property rights resonated with many of us,” they write, adding that they share the desire to take strong action to enforce intellectual property laws against infringers.

Noting that they’re aware of the meeting today, the music groups lay out the significance of their industry, claiming a $1.2m trillion contribution to the economy while supporting the jobs of 5.5 million Americans. However, they also remind America’s forthcoming new leader that some of the companies he will meet with today owe a great debt to the music industry.

“Indeed, many of today’s popular technology platforms owe much of their growth and success to music. Music is responsible for the most-followed accounts on Facebook and Twitter, the most-watched videos on YouTube, and is one of the most popular draws for phones and other personal devices,” they note.

The music groups say that such platforms thrive by delivering the work created by artists and many deserve to be commended for valuing and protecting the music industry. But while some have developed systems to “deter theft”, much more needs to be done.

“Search engines, user upload content platforms, hosting companies, and domain name registrars and registries should follow others’ example to effectively stop theft and assure fair payment,” they say.

“Further, there is a massive ‘value grab’ as some of these corporations weaken intellectual property rights for America’s creators by exploiting legal loopholes never intended for them – perversely abusing U.S. law to underpay music creators, thus harming one of America’s economic and job engines.

“Surely the world’s most sophisticated technology corporations can do better – by helping to prevent illegal access and paying fair market value for music with prices set by or based on the free market.”

All of these issues were covered by the Joint Strategic Plan for Intellectual Property Enforcement released by the Obama administration this week. At this point (and despite political differences) it seems unlikely that Trump will deviate far from its key goal of protecting American interests both domestically and overseas.

However, as the SOPA debate of almost five years ago brought sharply into focus, technology companies and the content industries might need each other to progress, but agreement on IP issues are usually tough to come by, especially when that involves holding tech companies responsible for the infringements of others. Trump certainly has a balancing act up ahead, but the music groups know which way they want him to go.

“Strong protection for intellectual property rights will assure growth in both creativity and technology, benefiting the American economy as a whole. We hope you will lead the effort to assure American creativity is encouraged, invested in, protected and fairly compensated in a manner that carries out the exclusive rights guaranteed in the Constitution to those who, with the genius of their mind, form the cultural identity of our great nation,” they conclude.

The original letter can be found here (pdf)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

US Government Publishes New Plan to Target Pirate Sites

Post Syndicated from Andy original https://torrentfreak.com/us-government-publishes-new-plan-to-target-pirate-sites-161213/

whitehouse-logoThe Office of the Intellectual Property Enforcement Coordinator (IPEC) has just released its Joint Strategic Plan (JSP) for Intellectual Property Enforcement, titled Supporting Innovation, Creativity & Enterprise: Charting a Path Ahead.

“The Plan – which incorporates views from a variety of individual stakeholders across government, industry, educational institutions, trade organizations and public interest groups — offers a blueprint for the work to be carried out over the next three years by the Federal Government in support of a healthy and robust intellectual property enforcement policy environment,” a White House statement reads.

The plan has four stated goals:

– Enhance National understanding of the economic and social impacts flowing from misappropriation of trade secrets and the infringement of intellectual property rights

– Promote a safe and secure Internet by minimizing counterfeiting and IP-infringing activity online

– Secure and facilitate lawful trade

– Enhance domestic strategies and global collaboration in support of effective IP enforcement.

The 163-page report leaves few stones unturned, with Section 2 homing in on Internet piracy.

Follow The Money

While shutting down websites is often seen as the ultimate anti-piracy tool, more commonly authorities are targeting what they believe fuels online piracy – money. The report says that while original content is expensive to create, copies cost almost nothing, leading to large profits for pirates.

“An effective enforcement strategy against commercial-scale piracy and counterfeiting therefore, must target and dry up the illicit revenue flow of the actors engaged in commercial piracy online. That requires an examination of the revenue sources for commercial-scale pirates,” the report says.

“The operators of direct illicit download and streaming sites enjoy revenue through membership subscriptions serviced by way of credit card and similar payment-based transactions, as is the case with the sale and purchase of counterfeit goods, while the operators of torrent sites may rely more heavily on advertising revenue as the primary source of income.”

To cut-off this revenue, the government foresees voluntary collaboration between payment processor networks, online advertisers, and the banking sector.

Payment processors

“All legitimate payment processors prohibit the use of their services and platforms for unlawful conduct, including IP-infringing activities. They do so by way of policy and contract through terms of use and other agreements applicable to their users,” the JSP says.

“Yet, notwithstanding these prohibitions, payment processor platforms continue to be exploited by illicit merchants of counterfeit products and infringing content.”

The government says that pirates and counterfeiters use a number of techniques to exploit payment processors and have deployed systems that can thwart “test” transactions conducted by rightsholders and other investigators. Furthermore, the fact that some credit card companies do not have direct contractual relationships with merchants, enables websites to continue doing business after payment processing rights have been terminated.

The JSP calls for more coordination between companies in the ecosystem, increased transparency, greater geographic scope, and bi-lateral engagements with other governments.

“IPEC and USPTO, with private sector input, will facilitate benchmarking studies of current voluntary initiatives designed to combat revenue flow to rogue sites to determine whether existing voluntary initiatives are functioning effectively, and thereby promote a robust, datadriven voluntary initiative environment,” the report adds.

Advertising

The JSP begins with the comment that “Ad revenue is the oxygen that content theft to breathe” and it’s clear that the government wants to asphyxiate pirate sites. It believes that up to 86% of download and streaming platforms rely on advertising for revenue and the sector needs to be cleaned up.

In common with payment processors, the report notes that legitimate ad networks also have policies in place to stop their services appearing on pirate sites. However, “sophisticated entities” dedicated to infringement can exploit loopholes, with some doing so to display “high-risk” ads that include malware, pop-unders and pixel stuffing.

Collaboration is already underway among industry players but the government wants to see more integration and cooperation, to stay ahead of the tactics allegedly employed by sites such as the defunct KickassTorrents, which is highlighted in the report.

kat-ad

“IPEC and the IPR Center (with its constituent law enforcement partners), along with other relevant Federal agencies, will convene the advertising industry to hear further about their voluntary efforts. The U.S. Interagency Strategic Planning Committees on IP Enforcement will assess opportunities to support efforts to combat the flow of ad revenue to criminals,” the JSP reads.

“As part of best practices and initiatives, advertising networks are encouraged
to make appropriately generalized and anonymized data publicly available to permit study and analysis of illicit activity intercepted on their platforms and networks. Such data will allow study by public and private actors alike to identify patterns of behavior or tactics associated with illicit actors who seek to profit from ad revenue from content theft websites.”

Domain hopping

When pirate sites come under pressure from copyright holders, their domain names are often at risk of suspension or even seizure. This triggers a phenomenon known as domain hopping, a tactic most visibly employed by The Pirate Bay when it skipped all around the world with domains registered in several different countries.

tpb-hop

“To evade law enforcement, bad actors will register the same or different domain name with different registrars. They then attempt to evade law enforcement by moving from one registrar to another, thus prolonging the so-called ‘whack-a-mole’ pursuit. The result of this behavior is to drive up costs of time and resources spent on protecting intellectual property right,” the JSP notes.

The report adds that pirate sites are more likely to use ccTLDs (country code Top-Level Domains) than gTLDs (Generic Top-Level Domains) due to the way the former are administrated.

“The relationship between any given ccTLD administrator and its government will differ from case to case and may depend on complex and sensitive arrangements particular to the local political climate. Different ccTLD policies will reflect different approaches with respect to process for the suspension, transfer, or cancellation of a domain name registration,” it reads.

“Based on the most recent Notorious Markets lists available prior to issuance of this plan, ccTLDs comprise roughly half of all named ‘notorious’ top-level domains. Considering that ccTLDs are outnumbered by gTLDs in the domain name base by more than a 2-to-1 ratio, the frequency of bad faith ccTLD sites appear to be disproportionate in nature and worthy of further research and analysis.”

Once again, the US government calls for more cooperation alongside an investigation to assess the scope of “abusive domain name registration tactics and trend.”

Policies to improve DMCA takedown processes

As widely documented, rightsholders are generally very unhappy with the current DMCA regime as they are forced to send millions of notices every week to contain the flow of pirate content. Equally, service providers are also being placed under significant stress due to the processing of those same notices.

In its report, the government acknowledges the problems faced by both sides but indicates that the right discussions are already underway to address the issues.

“The continued development of private sector best practices, led through a multistakeholder process, may ease the burdens involved with the DMCA process for rights holders, Internet intermediaries, and users while decreasing infringing activity,” the report says.

“These best practices may focus on enhanced methods for identifying actionable infringement, preventing abuse of the system, establishing efficient takedown procedures, preventing the reappearance of previously removed infringing content, and providing opportunity for creators to assert their fair use rights.”

In summary, the government champions the Copyright Office’s current evaluation of Section 512 of the DMCA while calling for cooperation between stakeholders.

Social Media

The Joint Strategic Plan highlights the growing part social media has to play in the dissemination of infringing content, from driving traffic to websites selling illegal products, unlawful exploitation of third-party content, to suspect product reviews. Again, the solution can be found in collaboration, including with the public.

“[The government will] encourage the development of industry standards and best
practices, through a multistakeholder process, to curb abuses of social media channels for illicit purposes, while protecting the rights of users to use those channels for non-infringing and other lawful activities,” it notes.

“One underutilized resource may be the users themselves, who may be in a
position to report suspicious product offerings or other illicit activity, if provided a streamlined opportunity to do so, as some social media companies are beginning to explore.”

And finally – education

The government believes that greater knowledge among the public of where it can obtain content legally will assist in reducing instances of online piracy.

“The U.S. Interagency Strategic Planning Committees on IP Enforcement, and other relevant Federal agencies, as appropriate, will assess opportunities to support public-private collaborative efforts aimed at increasing awareness of legal sources of copyrighted material online and educating users about the harmful impacts of digital piracy,” it concludes.

The full report is available here (163 pages, PDF)

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

UK Jails Pirate IPTV Box Supplier For Four Years

Post Syndicated from Andy original https://torrentfreak.com/uk-jails-pirate-iptv-box-supplier-for-four-years-161212/

streamingkeyWhile many Internet users are happy to use the web to access movies, TV shows, music and sports streams, millions are now doing so from the comfort of their living rooms.

Amazon’s Fire TV and various Android and Linux devices are all capable of supplying legitimate content, but all have a darker side. With the right know-how and a few tweaks here and there, these cheap pieces of hardware can open a whole new world of pirate streaming.

As a result, a massive black market of suppliers has sprung up worldwide. There are basically two approaches. The first involves the legal Kodi media player and third-party addons. The second involves professional (but illegal) IPTV services as detailed in our earlier article, either piped through Kodi or dedicated Linux-powered devices.

Over the past couple of years, the UK’s Police Intellectual Property Crime Unit (PIPCU) has targeted individuals selling these kinds of devices and services, but the first convictions have taken a while to arrive. Two have now been delivered and they send a message to people offering these devices in a commercial context.

After initially involving PIPCU, the prosecution of Terry O’Reilly, 53, and Will O’Leary, 43, was brought by The Premier League, the top professional league for football in the UK. It was alleged that the pair had been selling piracy-configured devices to both pubs and consumers.

In addition to other media, the devices were able to show Premier League football matches transmitted by foreign channels, a particularly sensitive issue for The Premier League.

In the UK, football is subject to something known as the “3pm Blackout” or “Closed Period,” which bans live football from TV between 2:45pm and 5:15pm on a Saturday. The ban is designed to encourage match attendance but foreign channels do not abide by the rules. Using either modified Kodi installations or Linux-powered set-top IP boxes, these matches are freely available in the UK.

The case against O’Leary and O’Reilly was heard at Nottingham Crown Court where both were accused of Conspiracy to Defraud. Speaking with TorrentFreak this morning, a FACT spokesperson confirmed that the pair not only supplied the hardware and software, but were also involved in providing the unauthorized streams.

O’Reilly, 53, of Liverpool, was accused of selling 1,200 devices. He was found guilty of two charges of Conspiracy to Defraud and jailed for four years.

O’Leary, 43, of Coddington, Nottinghamshire, was described as a “reseller” of around 300 devices. Commonly, re-sellers purchase access to an already available service and then offer their own customers the same product (sometimes rebranded) while making a profit or earning commission.

O’Leary admitted one charge of Conspiracy to Defraud and was handed a two-year sentence, suspended for a year.

“This case is particularly important as it is the first involving sellers of so-called IPTV devices which enable people to watch illegal content,” says Premier League Director of Legal Services, Kevin Plumb.

“The courts have provided a clear message: this is against the law and selling systems which allow people to watch unauthorized Premier League broadcasts is a form of mass piracy and is sufficiently serious to warrant a custodial sentence.”

FACT Director General, Kieron Sharp also placed emphasis on the importance of the case in acting as a warning to individuals who sell such devices.

“The sale and distribution of these boxes, which are loaded with infringing apps and add-ons allowing access to copyrighted content, is a criminal offense and the repercussions could result in years behind bars,” Sharp said.

In September, the IP Crime Report 2015/16 cited IPTV and modified Kodi installations as a growing threat. FACT said tackling them would become one of its top priorities.

“In the last year FACT has worked with a wide range of partners and law enforcement bodies to tackle individuals and disrupt businesses selling illegal IPTV boxes. Enforcement action has been widespread across the UK with numerous ongoing investigations,” FACT said.

In response to the convictions of O’Leary and O’Reilly, The Premier League said that there can now be “no doubt for consumers that these systems are illegal.” However, it remains unclear whether using such devices for streaming in a private setting constitutes a crime.

The Premier League and broadcasting partner Sky don’t make any effort to target individual consumers who watch these broadcasts but the same cannot be said about device sellers and their commercial customers. Several cases against pubs have gone to court and now The Premier League and FACT have a conviction against suppliers under their belts.

Finally, it will be interesting to see if the convictions of O’Leary and O’Reilly have an effect on the case pending in Middlesborough against Brian ‘Tomo’ Thompson. He was previously raided by police and Trading Standards after selling “fully loaded” Android boxes from his shop.

Crucially, however, Thompson wasn’t involved in the supply of the streams, only the hardware and software. That could be all-important for the UK market for pre-configured Kodi-powered devices.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Antigua & Barbuda Threatens to Punish U.S. With Piracy Free-For-All

Post Syndicated from Andy original https://torrentfreak.com/antigua-barbuda-threatens-us-with-piracy-161129/

pirate-runningFor years, the small Caribbean country of Antigua and Barbuda had a flourishing gambling industry, with an estimated 5% of all countrymen working in gambling-related companies.

However, measures taken by central, regional and local authorities in the US seriously affected the cross-border supply of gambling services, with Antigua’s High Commissioner to London stating that they had subsequently shrunk “to virtually nothing.”

In desperation, Antigua filed a dispute at the World Trade Organization (WTO), which it won. A 2005 ruling by the WTO found that denying Antiguan gambling companies access to the US market violated free-trade.

In 2007 the WTO ramped up the pressure, granting Antigua the right to suspend U.S. IP rights up to $21 million annually. With little progress made in the dispute, in 2013 Antigua threatened to launch its own ‘pirate’ site, which prompted a sharp response from the US.

“If Antigua actually proceeds with a plan for its government to authorize the theft of intellectual property, it would only serve to hurt Antigua’s own interests,” the U.S warned.

After three years without such a site appearing, a release from the WTO’s Dispute Settlement Board (DSB) indicates that Antigua and Barbuda has finally run out of patience and is ready to suspend protection of US intellectual property rights. A letter from a government representative to the WTO explains the situation.

“It has been 12 long years since an Arbitration panel, established under the rules and procedures of this body, issued a decision that found the United States of America in violation of international obligations under the General Agreement on Trade in Services.

“Over that entire 12-year period, my small country with a Gross Domestic Product of just $1 billion has been deprived of trade revenues which now exceed $250 million. For my country’s tiny economy, $250 million is a meaningful sum of money,” the statement reads.

Pointing out that $250m represents only 0.0003% of just one year of GDP for the US, the letter adds that over the past 12 years, the US has enjoyed a trade surplus with Antigua and Barbuda of more than $1 billion.

“Over all this time my government has patiently engaged in good faith consultations with the Government of the United States in the genuine hope that the harm done to our economy by US action would be repaired through a settlement that recognizes justice and fairness.

“Alas, the US has not been able to propose terms for a settlement that would even remotely compensate for the harm that has been done to our economy and continues to impact it negatively.”

The statement from Antigua and Barbuda adds that while the US continues to defy WTO rulings, it remains the most active user of the institution’s Dispute Settlement System, something which threatens to undermine the integrity of the WTO.

“[T]he protracted failure by the US to settle this matter, despite the fact that it is not compliant with WTO rules, has the potential to collapse confidence in the efficacy and credibility of the rules-based trading system.

“Antigua and Barbuda, one of the smallest economies in the world is yet to reap any benefit from having prevailed against the United States through the rulings and recommendations of the DSB,” it adds.

In a final warning that the gloves are about to come off, the statement concludes that time is running out and in a matter of weeks, unless something is done, United States intellectual property will receive no protection

“My government has almost exhausted its patient efforts to reach a settlement with the US. This is regrettable since, on our side, we have always conducted our relations with the US at a high level of regard and cooperation.

“We advise this body that we are now engaged in a final effort with representatives of the US Trade Representative’s Office to reach an agreed settlement. We hope that a sense of right will prevail. But, we cannot go beyond the end of this year.

“In light of the above, Antigua and Barbuda now informs the DSB that, if an appropriate and beneficial settlement is not reached with the US by year-end, the government will be compelled to take action to enforce the suspension of copyright on the sale of US intellectual property, consistent with the award of the DSB.”

The United States says it remains committed to resolving the matter but is “disappointed that Antigua and Barbuda had characterized the US as having acted in bad faith when the US had taken a constructive approach to resolving the matter.”

The US said it had put forward a package of concessions but Antigua and Barbuda are the only WTO member blocking the proposals.

Attorney Mark Mendel, a lawyer in Ireland who previously led the fight for Antigua at the WTO, informs TorrentFreak that a number of options remain open for the Carribean country.

“A couple of years back, when Antigua last came very close to implementing the remedies given them by the WTO, we had identified a significant number of areas where the suspension of United States intellectual property rights would, we had assessed, have had the desired effect,” Mendel explains.

“By ‘desired effect’, I mean the purpose of the remedies as given in the WTO rules – to put substantial domestic pressure on a recalcitrant government from a completely ‘innocent’ sector of the economy so as to encourage the government to comply with WTO rulings or at least agree a reasonable settlement. Since that time, all of those very well considered options exist, as do a few more that might even be more promising.”

Mendel says that since the remedies have been approved by the WTO, technically there will be no ‘pirating’, and whatever the Antigua and Barbuda government decides to do will be in compliance with the law.

“The only party in violation of International obligations in this dispute is the United States and I have all confidence that Antigua will continue to conduct itself in accordance with the agreed rule of law,” Mendel concludes.

The next meeting of the WTO’s Dispute Settlement Board is scheduled for mid-December. Whether any progress will be made to end the 12-year dispute remains to be seen but if not, 2017 could be an eventful one for pirates of the Carribean.

The full letter Antigua & Barbuda sent to the WTO is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.