Tag Archives: theft

Facebook Bans Sale of Piracy-Enabling Products & Devices

Post Syndicated from Andy original https://torrentfreak.com/facebook-bans-sale-of-piracy-enabling-products-devices-170525/

Riding the crest of a wave made possible by the rise of Internet streaming, piracy-enabled set-top boxes and similar devices have been hitting the homes of millions around the globe.

Often given the broad title of ‘Kodi Boxes’ after the legal open source software that commonly comes pre-installed, these devices are regularly configured for piracy with the aid of third-party addons.

Easy to use, set-top devices have opened up piracy to a whole new audience, normalizing it during the process. It’s a problem now being grappled with by anti-piracy outfits in a number of ways, including putting pressure on services where the boxes are being sold.

Now there are signs that Facebook has decided – or more likely been persuaded – to ban the sale of these devices from its platform. The latest addition to its Commerce Policy carries a new rule (13) which targets infringing set-top boxes almost perfectly.

“Items, products or services sold on Facebook must comply with our Community Standards, as well as the Commerce Policies,” the page reads.

“Sale of the following is prohibited on Facebook: Products or items that facilitate or encourage unauthorized access to digital media.”

The move by Facebook follows similar overtures from Amazon back in March. In a change to its policies, the company said that devices that promote or facilitate infringement would not be tolerated.

“Products offered for sale on Amazon should not promote, suggest the facilitation of, or actively enable the infringement of or unauthorized access to digital media or other protected content,” Amazon said.

“Any streaming media player or other device that violates this policy is prohibited from sale on Amazon,” the company added.

The recent move by Facebook was welcomed by Federation Against Copyright Theft chief, Kieron Sharp.

“It is great to see Facebook follow the likes of Amazon and eBay in making changes to their policies to prohibit the sale of illicit streaming devices on their platforms,” Sharpe said.

“These days social media sites are more than just a place to share photos and comments with friends and family. Unfortunately, the fast-paced development of these sites are being exploited by opportunists for criminal activity which needs to be disrupted.”

The sale of infringing devices on social media does indeed pose a challenge to the likes of FACT.

While most piracy devices have traditionally needed an expert touch to configure and then sell, in 2017 almost anyone can buy a standard Android device and set it up for piracy in a matter of minutes. This means that every interested citizen is a potential seller and Facebook provides a perfect platform that people are already familiar with.

Nevertheless, recent rulings from the EU Court of Justice have clarified two key issues, both of which will help in the fight to reduce the availability of ‘pirate’ boxes, wherever they appear.

In April, the ECJ declared such devices illegal to sell while clarifying that users who stream pirate content to their homes are also breaking the law.

It’s unlikely that any end users will be punished (particularly to the ridiculous extent erroneously reported by some media), but it certainly helps to demonstrate illegality across the board when outfits like FACT are considering prosecutions.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Copyright Troll Attorney John Steele Disbarred by Illinois Supreme Court

Post Syndicated from Ernesto original https://torrentfreak.com/copyright-troll-attorney-john-steele-disbarred-by-illinois-supreme-court-170522/

Over the years, copyright trolls have been accused of involvement in various dubious schemes and actions, but there’s one group that has gone above and beyond.

Prenda Law grabbed dozens of headlines, mostly surrounding negative court rulings over identity theft, misrepresentation and even deception.

Most controversial was the shocking revelation that Prenda uploaded their own torrents to The Pirate Bay, creating a honeypot for the people they later sued over pirated downloads.

The allegations also raised the interest of the US Department of Justice, which indicted Prenda principals John Steele and Paul Hansmeier late last year. The two stand accused of running a multi-million dollar fraud and extortion operation.

A few weeks ago Steele pleaded guilty, admitting among other things that they did indeed use The Pirate Bay to operate a honeypot for online pirates.

Following the guilty plea the Illinois Supreme Court, which started looking into the case long before the indictment, has now decided to disbar the attorney. This means that Steele no longer has the right to practice law.

The decision doesn’t really come as a surprise. Steele has admitted to two of the 18 counts listed in the indictment, including some of the allegations that were also listed by the Supreme Court.

In its conclusion, the Court lists a variety of misconduct including “conduct involving dishonesty, fraud, deceit, or misrepresentation, by conduct including filing lawsuits without supporting facts, under the names of entities like Ingenuity 13 and AF Holdings, which were created by Movant for purposes of exacting settlements.”

Also, Steele’s trolling operation was “using means that had no substantial purpose other than to embarrass or burden a third person, or using methods of obtaining evidence that violates the legal rights of such a person…,” the Supreme Court writes.

Steele was disbarred “on consent,” according to Cook County Record, which means that he agreed to have his Illinois law practice license revoked.

The disbarment is not unexpected considering Steele’s guilty plea. However, victims of the Prenda trolling scheme may still welcome it as a form of justice. Meanwhile, Steele has bigger problems to worry about.

The former Prenda attorney is still awaiting his sentencing in the criminal case. In theory, he faces a statutory maximum sentence of 40 years in prison as well as a criminal fine of hundreds of thousands of dollars. However, by signing a plea agreement, he likely gets a reduced sentence.

The Illnois Supreme Court conclusions are available here (pdf), courtesy of Fight Copyright Trolls.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

NO, Kodi Users Are Not Risking Ten Years in Prison

Post Syndicated from Andy original https://torrentfreak.com/no-kodi-users-are-not-risking-ten-years-in-prison-170507/

Piracy has always been a reasonably popular topic in the UK and there can barely be a person alive today who hasn’t either engaged in or been exposed to the phenomenon in some way. Just lately, however, things have really entered the mainstream.

The massive public interest is down to the set-top box craze, which is largely fueled by legal Kodi software augmented with infringing addons that provide free access to premium movies, TV channels and live sports.

While this a topic one might expect technology sites to report on, just recently UK tabloids have flooded the market with largely sensational stories about Kodi and piracy in general, which often recycle the same story time and again with SHOCKING click-bait headlines YOU JUST WON’T BELIEVE.

We’ve had to put up with misleading headlines and stories for months, so a while ago we made an effort to discuss the issues with tabloid reporters. Needless to say, we didn’t get very far. Most ignored our emails, but even those who responded weren’t prepared to do much.

One told us that his publication had decided that articles featuring Kodi were good for traffic while another promised to escalate our comments further up the chain of command. Within days additional articles with similar problems were being published regardless and this week things really boiled over.

10 Years for Kodi users? Hardly

The above report published in the Daily Express is typical of many doing the rounds at the moment. Taking Kodi as the popular search term, it shoe-horns the topic into areas of copyright law that do not apply to it, and ones certainly not covered by the Digital Economy Act cited in the headline.

As reported this week, the Digital Economy Act raises penalties for online copyright infringement offenses from two to ten years, but only in specific circumstances. Users streaming content to their homes via Kodi is absolutely not one of them.

To fall foul of the new law a user would need to communicate a copyrighted work to the public. In piracy terms that means ‘uploading’ and people streaming content via Kodi do nothing of the sort. The Digital Economy Act offers no remedy to deal with users streaming content – period – but let’s not allow the facts to get in the way of a click-inducing headline.

The Mirror has it wrong too

The Mirror article weaves in comments from Kieron Sharp from the Federation Against Copyright Theft. He notes that the new legislation should be targeted at people making a business out of infringement, which will hopefully be the case.

However, the article incorrectly extrapolates Sharp’s comments to mean that the law also applies to people streaming content via Kodi. Only making things more confusing, it then states that people “who casually stream a couple of movies every once in a while are extremely unlikely to be prosecuted to such extremes.”

Again, the Digital Economy Act has nothing to do with people streaming movies via Kodi but if we go along with the charade and agree that people who casually stream movies aren’t going to be prosecuted, why claim “10 year jail sentences for Kodi users” in the headline?

The bottom line is that there is nothing in the article itself that supports the article’s headline claim that Kodi users could go to jail for ten years. In itself, this is problematic from a reporting standpoint.

Published by IPSO, the Editors’ Code of Practice clearly states that “the Press must take care not to publish inaccurate, misleading or distorted information or images, including headlines not supported by the text.”

But singling out the Daily Express and The Mirror on this would be unfair. Dozens of other publications jumped on the same bandwagon, parroting the same misinformation, often with similar click-bait headlines.

For people dealing with these issues every day, the ins-and-outs of piracy alongside developing copyright law can be easier to grasp, so it’s perhaps a little unfair to expect general reporters to understand every detail of what can be extremely complex issues. Mistakes get made by everyone, that’s human nature.

But really, is there any excuse for headlines like this one published by the Sunday Express this morning?

According to the piece, readers of TorrentFreak are also at risk of spending ten years in prison. You couldn’t make this damaging nonsense up. Actually, apparently you can.

In addition to a lack of research, the problem here is the prevalence of click-bait headlines driving traffic and the inability of the underlying articles to live up to the hype. If we can moderate the headlines and report within them, the rest should simply fall into place. Ditch the NEEDLESS capital letters and stick to the facts.

Society in 2017 needs those more than ever.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Kim Dotcom Asks Police to Urgently Interview FBI Director Jim Comey

Post Syndicated from Andy original https://torrentfreak.com/kim-dotcom-asks-police-to-urgently-interview-fbi-director-jim-comey-170425/

When authorities in the United States and New Zealand shut down Megaupload in 2012, large amounts of data were seized in both locations. The data in the US is currently gathering dust but over in New Zealand yet another storm is brewing.

In the weeks following the raid, hard drives seized from Dotcom in New Zealand were cloned and sent to the FBI in the United States. A judge later found that this should not have been allowed, ruling that the copies in the FBI’s possession must be destroyed.

Like almost every process in the Megaupload saga the ruling went to appeal and in 2014 Dotcom won again, with the Court of Appeal upholding the lower court’s decision, stating that the removal of the clones to the United States was “plainly not authorized.”

At the time Dotcom said that fighting back is “encoded in his DNA” and today he’s taking that fight to the FBI. On Sunday, FBI director James Comey touched down in Queenstown, New Zealand, for an intelligence conference. With Comey in the country, Dotcom seized the moment to file a complaint with local police.

In the complaint shared with TorrentFreak, lawyer Simon Cogan draws police attention to the Court of Appeal ruling determining that clones of Dotcom drives were unlawfully shipped to the FBI in the United States. Since Comey is in the country, police should take the opportunity to urgently interview him over this potential criminal matter.

“As director of the FBI, Mr Comey will be able to assist Police with their investigation of the matters raised in Mr Dotcom’s complaint,” the complaint reads, noting several key areas of interest as detailed below.

Speaking with TF, Dotcom says that since the New Zealand High Court and Court of Appeal have both ruled that the FBI had no authority to remove his data from New Zealand, the FBI acted unlawfully.

“In simple terms the FBI has committed theft,” Dotcom says.

“The NZ courts don’t have jurisdiction in the US and could therefore not assist me in getting my data back. But FBI Director Comey has just arrived in New Zealand for a conference meaning he is in the jurisdiction of NZ courts. We have asked the NZ police to question Mr Comey about the theft and to investigate.”

In addition to seeking assistance from the police, Dotcom says that he’s also initiated a new lawsuit to have his data returned.

“We have also launched a separate civil court action to force Mr Comey to return my data to New Zealand and to erase any and all copies the FBI / US Govt holds. We expect an urgent hearing of the matter in the High Court tomorrow,” Dotcom concludes.

It’s likely that this will be another Dotcom saga that will run and run, but despite the seriousness of the matter in hand, Dotcom was happy to take to Twitter this morning, delivering a video message in his own inimitable style.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

RIAA Sues ISP Grande Communications For Failing to Disconnect Pirates

Post Syndicated from Andy original https://torrentfreak.com/riaa-sues-isp-grande-communications-for-failing-to-disconnect-pirates-170422/

Despite approaching the problem from a number of directions, major copyright holders have been unable to do much to stop millions of BitTorrent-based infringements taking place every day.

A new lawsuit filed by the RIAA against ISP Grande Communications aims to change all that.

Yesterday, UMG Recordings, Capitol Records, Warner Bros, Sony Music, Arista Records, Atlantic Records and almost a dozen other music companies sued the Texas-based provider over the infringements of its subscribers.

“Defendants have been notified that their internet customers have engaged in more than one million infringements of copyrighted works over BitTorrent systems, including tens of thousands of blatant infringements by repeat infringers of Plaintiffs’copyrighted works,” the lawsuit reads.

“Despite their knowledge of repeat infringements, Defendants have permitted
repeat infringers to use the Grande service to continue to infringe Plaintiffs’ copyrights without consequence.”

Right from the outset it’s clear that this case has a lot in common with the litigation currently underway against Cox Communications. In that case, Cox was accused by publishing company BMG of not taking significant action against thousands of its customers who persistently shared content using BitTorrent.

Like BMG’s case against Cox, the RIAA’s suit against Grande aims to strip away the protection the ISP normally enjoys under the Digital Millenium Copyright Act. By not taking “meaningful action” against repeat infringers, the RIAA says that Grande can be held liable for the copyright infringements of its customers.

“Neither Grande or its management company Patriot has taken any meaningful action to discourage this continuing theft, let alone suspend or terminate subscribers who repeatedly commit copyright infringement through its network, as required by law,” the RIAA writes.

“Upon information and belief, this is so even where Defendants have specific and actual knowledge of those subscribers’ blatant, repeat infringement. Defendants’ effective acquiescence in this wholesale violation of Plaintiffs’ rights, coupled with their failure to adopt and reasonably implement a policy to stop repeat infringers, excludes Defendants from the safe harbor protections of the Digital Millennium Copyright Act (‘DMCA’).”

The RIAA says that since Grande failed to take action against infringers, especially those identified as repeat infringers, it protected a “significant revenue stream” it receives each month from pirating subscribers. As such it is not only liable for contributory and vicarious copyright infringement, but inducement of copyright infringement too.

What’s also interesting about this case is the involvement of anti-piracy outfit Rightscorp. The anti-piracy settlement company is deeply involved in the Cox case having provided the infringement data for the litigation. The same is true of the case against Grande.

It appears that Rightscorp’s claimed expertise in identifying repeat infringers is now central to the case, having had contact with Grande in the past. It seems likely that historical data collected by the company is now proving useful in the RIAA’s case against Grande.

“Rightscorp has provided Grande with notice of specific infringers using Grande’s internet service to infringe various copyrighted works. Rightscorp also requested that Grande terminate the ‘subscribers and account holders’ who are repeat infringers of copyrighted works,” the RIAA writes.

“Despite its knowledge of specific repeat infringers of copyrighted works, Grande apparently refused to do so.”

The RIAA says that Grande received notices that 1,840 of its customers had engaged in infringement at least 100 times, with 456 customers generating 500 infringement notices between them. More than 200 subscribers generated 1000 notices each with some generating more than 2000.

In closing, the RIAA seeks statutory damages, which could go up to $150,000 per infringed work, actual damages, plus profits generated by Grande as a result of infringement. The music group also asks for preliminary and permanent injunctions preventing Grande from further infringement, plus a jury trial in due course.

Having backed away from the so-called “six strikes” scheme earlier this year, the RIAA was left without any effective means to tackle online infringement. It’s now clear that it intends to force Internet service providers to be its unpaid enforcers.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

How Backblaze Got Started: The Problem, The Solution, and the Stuff In-Between

Post Syndicated from Gleb Budman original https://www.backblaze.com/blog/how-backblaze-got-started/

How Backblaze Got Started

Backblaze will be celebrating its ten year anniversary this month. As I was reflecting on our path to get here, I thought some of the issues we encountered along the way are universal to most startups. With that in mind, I’ll write a series of blog posts focused on the entrepreneurial journey. This post is the first and focuses on the birth of Backblaze. I hope you stick around and enjoy the Backblaze story along the way.

What’s Your Problem?

The entrepreneur builds things to solve problems – your own or someone else’s. That problem may be a lack of something that you wish existed or something broken you want to fix. Here’s the problem that kicked off Backblaze and how it got noticed:

Brian Wilson, now co-founder and CTO of Backblaze, had been doing tech support for friends and family, as many of us did. One day he got a panicked call from one of those friends, Lise.

Lise: “You’ve got to help me! My computer crashed!”
Brian: “No problem – we’ll get you a new laptop; where’s your backup?”
Lise: “Look, what I don’t need now is a lecture! What I need is for you to get my data back!”

Brian was religious about backing up data and had been for years. He burned his data onto a CD and a DVD, diversifying the media types he used. During the process, Brian periodically read some files from each of the discs to test his backups. Finally, Brian put one disc in his closet and mailed another to his brother in New Mexico to have it offsite. Brian did this every week!

Brian was obviously a lot more obsessive than most of us.

Lise, however, had the opposite problem. She had no backup. And she wasn’t alone.

Whose Problem Is It?

A serious pain-point for one person may turn out to be a serious pain-point for millions.

At this point, it would have been easy just to say, “Well that sucks” or blame Lise. “User error” and “they just don’t get it” are common refrains in tech. But blaming the user doesn’t solve the problem.

Brian started talking to people and asking, “Who doesn’t back up?” He also talked with me and some of the others that are now Backblaze co-founders, and we asked the same question to others.

It turned out that most people didn’t back up their computers. Lise wasn’t the anomaly; Brian was. And that was a problem.

Over the previous decade, everything had gone digital. Photos, movies, financials, taxes, everything. A single crashed hard drive could cause you to lose everything. And drives would indeed crash. Over time everything would be digital, and society as a whole would permanently lose vast amounts of information. Big problem.

Surveying the Landscape

There’s a well-known adage that “Having no competition may mean you have no market.” The corollary I’d add is that “Having competition doesn’t mean the market is full.”

Weren’t There Backup Solutions?

Yes. Plenty. In fact, we joked that we were thirty years too late to the problem.

“Solutions Exist” does not mean “Problem Solved.” Even though many backup solutions were available, most people did not back up their data.

What Were the Current Solutions?

At first glance, it seems clear we’d be competing with other backup services. But when I asked people “How do you back up your data today?”, here were the answers I heard most frequently:

  • Copy ‘My Documents’ directory to an external drive before going on vacation
  • Copy files to a USB key
  • Send important files to Gmail
  • Pray
  • And “Do I need to back up?” (I’ll talk about this one in another post.)

Sometimes people would mention a particular backup app or service, but this was rare.

What Was Wrong With the Current Solutions?

Existing backup systems had various issues. They would not back up all of the users’ data, for example. They would only back up periodically and thus didn’t have current data. Most solutions were not off-site, so fire, theft or another catastrophe could still wipe out data. Some weren’t automatic, which left more room for neglect and user error.

“Solutions Exist” does not mean “Problem Solved.”

In fairness, some backup products and services had already solved some of these issues. But few people used those products. I talked with a lot of people and asked, “Why don’t you use some backup software/service?”

The most common answer was, “I tried it…and it was too hard and too expensive.” We’d learn a lot more about what “hard” and “expensive” meant along the way.

Finding and Testing Solutions

Focus is critical for execution, but when brainstorming solutions, go broad.

We considered a variety of approaches to help people back up their files.

Peer-to-Peer Backup: This was the original idea. Two people would install our backup software which would send each person’s data to the other’s computer. This idea had a lot going for it: The data would be off-site; It would work with existing hardware; It was mildly viral.

Local Drive Backup: The backup software would send data to a USB hard drive. Manually copying files to an external drive was most people’s idea of backing up. However, no good software existed at the time to make this easy. (Time Machine for the Mac hadn’t launched yet.)

Backup To Online Services: Weirder and more unique, this idea stemmed from noticing that online services provided free storage: Flickr for photos; Google Docs for documents and spreadsheets; YouTube for movies; and so on. We considered writing software that would back up each file type to the service that supported it and back up the rest to Gmail.

Backup To Our Online Storage: We’d create a service that backed up data to the cloud. It may seem obvious now, but backing up to the cloud was just one of a variety of possibilities at the time. Also, initially, we didn’t mean ‘our’ storage. We assumed we would use S3 or some other storage provider.

The goal was to come up with a solution that was easy.

We put each solution we came up with through its paces. The goal was to come up with a solution that was easy: Easy for people to use. Easy to understand.

Peer-to-peer backup? First, we’d have to explain what it is (no small task) and then get buy-in from the user to host a backup on their machine. That meant having enough space on each computer, and both needed to be online at the same time. After our initial excitement with the idea, we came to the conclusion that there were too many opportunities for things to go wrong. Verdict: Not easy.

Backup software? Not off-site, and required the purchase of a hard drive. If the drive broke or wasn’t connected, no backup occurred. A useful solution but again, too many opportunities for things to go wrong. Verdict: Not easy.

Back up to online services? Users needed accounts at each, and none of the services supported all file types, so your data ended up scattered all over the place. Verdict: Not easy.

Back up to our online storage? The backup would be current, kept off-site, and updated automatically. It was easy to for people to use, and easy to understand. Verdict: Easy!

Getting To the Solution

Don’t brainstorm forever. Problems don’t get solved on ideas alone.

We decided to back up to our online storage! It met many of the key goals. We started building.

Attempt #1

We built a backup software installer, a way to pick files and folders to back up, and the underlying engine that copies the files to remote storage. We tried to make it comfortable by minimizing clicks and questions.

Fail #1

This approach seemed easy enough to use, at least for us, but it turned out not to be for our target users.

We thought about the original answer we heard: “I tried it…and it was too hard and too expensive.”

“Too hard” is not enough information. What was too hard before? Were the icons too small? The text too long? A critical feature missing? Were there too many features to wade through? Or something else altogether?

Dig deeper into users’ actual needs

We reached out to a lot of friends, family, and co-workers and held some low-key pizza and beer focus groups. Those folks walked us through their backup experience. While there were a lot of difficult areas, the most complicated part was setting up what would be backed up.

“I had to get all the files and folders on my computer organized; then I could set up the backup.”

That’s like cleaning the garage. Sounds like a good idea, but life conspires to get in the way, and it doesn’t happen.

We had to solve that or users would never think of our service as ‘easy.’

Takeaway: Dig deeper into users’ actual needs.

Attempt #2

Trying to remove the need to “clean the garage,” we asked folks what they wanted to be backed up. They told us they wanted their photos, movies, music, documents, and everything important.

We listened and tried making it easier. We focused our second attempt at a backup solution by pre-selecting everything ‘important.’ We selected the documents folder and then went one step further by finding all the photo, movies, music, and other common file types on the computer. Now users didn’t have to select files and folders – we would do it for them!

Fail #2

More pizza and beer user testing had people ask, “But how do I know that my photos are being backed up?”

We told them, “we’re searching your whole computer for photos.”

“But my photos are in this weird format: .jpg, are those included? .gif? .psd?”

We learned that the backup process felt nebulous to users since they wouldn’t know what exactly would be selected. Users would always feel uncomfortable – and uncomfortable isn’t ‘easy.’

Takeaway: No, really, keep digging deeper into users’ actual needs. Identify their real problem, not the solution they propose.

Attempt #3

We took a step back and asked, “What do we know?”

We want all of our “important” files backed up, but it can be hard for us to identify what files those are. Having us guess makes us uncomfortable. So, forget the tech. What experience would be the right one?

Our answer was that the computer would just magically be backed up to the cloud.

Then one of our co-founders Tim wondered, “what if we didn’t ask any questions and just backed up everything?”

At first, we all looked at him askew. Backup everything? That was a lot of data. How would that be possible? But we came back to, “Is this the right answer? Yes. So let’s see if we can make it work.”

So we flipped the entire backup approach on its head.

We didn’t ask users, “What do you want to have backed up.” We asked, “What do you NOT want to be backed up?” If you didn’t know, we’d back up all your data. It took away the scary “pick your files” question and made people comfortable that all their necessary data was being backed up.

We ran that experience by users, and their surprised response was, “Really, that’s it?” Hallelujah.

Success.

Takeaway: Keep digging deeper. Don’t let the tech get in the way of understanding the real problem.

Pricing

Pricing isn’t a side-note – it’s part of the product. Understand how customers will perceive your pricing.

We had developed a solution that was easy to use and easy to understand. But could we make it easy to afford? How much do we charge?

We would be storing a lot of data for each customer. The more data they needed to store, the more it would cost us. We planned to put the data on S3, which charged $0.15/GB/month. So it would seem logical to follow that same pricing model.

People thought of the value of the service rather than an amount of storage.

People had no idea how much data they had on their hard drive and certainly not how much of it needed to be backed up. Worse, they could be off by 1000x if they weren’t sure about the difference between megabytes and gigabytes, as some were.

We had to solve that too, or users would never think of our service as ‘easy.’

I asked everyone I could find: “If we were to provide you a service that automatically would backup all of the data on your computer over the internet, what would that be worth to you?”

What I heard back was a bell-curve:

  • A small number of people said, “$0. It should be free. Everything on the net is free!”
  • A small number of people said, “$50 – $100/month. That’s incredibly valuable!”
  • But by far the majority said, “Hmm. If it were $5/month, that’d be a no-brainer.”

A few interesting takeaways:

  • Everyone assumed it would be a monthly charge even though I didn’t ask, “What would you pay per month.”
  • No one said, “I’d pay $x/GB/month,” so people thought of the value of the service rather than an amount of storage.
  • There may have been opportunities to offer a free service and attempt to monetize it in other ways or to charge $50 – $100/month/user, but these were the small markets.
  • At $5/month, there was a significant slice of the population that was excited to use it.

Conclusion On the Solution

Over and over again we heard, “I tried backing up, but it was too hard and too expensive.”

After really understanding what was complicated, we finally got our real solution: An unlimited online backup service that would back up all your data automatically and charge just $5/month.

Easy to use, easy to understand, and easy to afford. Easy in the ways that mattered to the people using the service.

Often looking backward things seem obvious. But we learned a lot along the way:

  • Having competition doesn’t mean the market is full. Just because solutions exist doesn’t mean the problem is solved.
  • Don’t brainstorm forever. Problems don’t get solved on ideas alone. Brainstorm options, but don’t get stuck in the brainstorming phase.
  • Dig deeper into users’ actual needs. Then keep digging. Don’t let your knowledge of tech get in the way of your understanding the user. And be willing to shift course as your learn more.
  • Pricing isn’t a side-note. It’s part of the product. Understand how customers will perceive your pricing.

Just because we knew the right solution didn’t mean that it was possible. I’ll talk about that, along with how to launch, getting early traction, and more in future posts. What other questions do you have? Leave them in the comments.

The post How Backblaze Got Started: The Problem, The Solution, and the Stuff In-Between appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Clever Physical ATM Attack

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/04/clever_physical.html

This is an interesting combination of computer and physical attack:

Researchers from the Russian security firm Kaspersky on Monday detailed a new ATM-emptying attack, one that mixes digital savvy with a very precise form of physical penetration. Kaspersky’s team has even reverse engineered and demonstrated the attack, using only a portable power drill and a $15 homemade gadget that injects malicious commands to trigger the machine’s cash dispenser. And though they won’t name the ATM manufacturer or the banks affected, they warn that thieves have already used the drill attack across Russia and Europe, and that the technique could still leave ATMs around the world vulnerable to having their cash safes disemboweled in a matter of minutes.

“We wanted to know: To what extent can you control the internals of the ATM with one drilled hole and one connected wire? It turns out we can do anything with it,” says Kaspersky researcher Igor Soumenkov, who presented the research at the company’s annual Kaspersky Analyst Summit. “The dispenser will obey and dispense money, and it can all be done with a very simple microcomputer.”

Acoustic Attack Against Accelerometers

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/04/acoustic_attack.html

Interesting acoustic attack against the MEMS accelerometers in devices like FitBits.

Millions of accelerometers reside inside smartphones, automobiles, medical devices, anti-theft devices, drones, IoT devices, and many other industrial and consumer applications. Our work investigates how analog acoustic injection attacks can damage the digital integrity of the capacitive MEMS accelerometer. Spoofing such sensors with intentional acoustic interference enables an out-of-spec pathway for attackers to deliver chosen digital values to microprocessors and embedded systems that blindly trust the unvalidated integrity of sensor outputs. Our contributions include (1) modeling the physics of malicious acoustic interference on MEMS accelerometers, (2) discovering the circuit-level security flaws that cause the vulnerabilities by measuring acoustic injection attacks on MEMS accelerometers as well as systems that employ on these sensors, and (3) two software-only defenses that mitigate many of the risks to the integrity of MEMS accelerometer outputs.

This is not that a big deal with things like FitBits, but as IoT devices get more autonomous — and start making decisions and then putting them into effect automatically — these vulnerabilities will become critical.

Academic paper.

Russia Wants To Hold Social Networks Liable For Internet Piracy

Post Syndicated from Andy original https://torrentfreak.com/russia-wants-hold-social-networks-liable-internet-piracy-170402/

When file-sharing was in its infancy, most infringement took place via P2P software such as Kazaa or LimeWire. With their built-in search and download features they were an all-in-one solution, ripe for a full on legal attack.

In more recent times the web has played a much more important role in the distribution of copyright-infringing material, via torrent or streaming sites, for example. However, the rise of social media presents a new threat, with huge numbers of people now accessing copyrighted content via Facebook, Twitter, and other platforms.

The social media problem is considered to be particularly problematic in Russia, with users sharing full movies, TV shows and music, via platforms such as vKontakte, Russia’s Facebook. Such sites claim to be fully compliant with copyright law and do make efforts to reduce infringement with licensing deals and content recognition software. Nevertheless, if the Russian government has its way, the noose could tighten significantly in the future.

Social networking platforms currently enjoy the status of ‘information intermediary’ in Russia, a standing that puts them on a par with Internet service providers who can not generally be held liable for the infringing acts of their subscribers.

However, the Ministry of Culture believes that since much of the copyright infringement in Russia is now carried out via social networks, it will soon be necessary to strip them of their intermediary status. That would have the effect of rendering them jointly liable for infringement alongside their errant subscribers.

According to news outlet Izvestia, the relevant bill has already been drafted and, after gaining approval from the Ministry of Culture board, will be presented for public comment.

The basic premise is that when imposing liability on a social platform, courts must consider several factors. They include whether a platform should have been aware that content is infringing, whether any preventative measures were taken to mitigate infringement (filtering), whether timely steps to stop infringement were taken once the platform was made aware (takedowns), and whether or not profit was generated from illegal use (advertising).

“Despite the excuses, the technical ability to [prevent infringement] exists. Of course, this will require a lot of money, but if you want to use content you have to pay for it,” a content producer told Izvestia.

“Today, virtually all Internet traffic is comprised of audiovisual content, all supplied by content creators and often not paid for. Measures should be taken – such as those in the Ministry of Culture bill, and many others – to drive illegal content into the ‘ghetto’. Piracy is theft, and it must be fought.”

But while content producers and distributors believe there are simple solutions, others view the situation as more complex.

In common with complaints voiced by critics in the US and Europe, there are concerns that huge burdens will be placed on platform providers if they are required to conduct a full legal analysis of every file uploaded by their users. There are also worries that non-infringing content (such as public domain material) could get caught up in filtering systems.

Quite how these plans will play out is unclear, but it seems likely that social networks will put up a fight to ensure that whatever responsibilities are imposed on them allow room for development and innovation.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

AWS Hot Startups – March 2017

Post Syndicated from Ana Visneski original https://aws.amazon.com/blogs/aws/aws-hot-startups-march-2017/

As the madness of March rounds up, take a break from all the basketball and check out the cool startups Tina Barr brings you for this month!

-Ana


The arrival of spring brings five new startups this month:

  • Amino Apps – providing social networks for hundreds of thousands of communities.
  • Appboy – empowering brands to strengthen customer relationships.
  • Arterys – revolutionizing the medical imaging industry.
  • Protenus – protecting patient data for healthcare organizations.
  • Syapse – improving targeted cancer care with shared data from across the country.

In case you missed them, check out February’s hot startups here.

Amino Apps (New York, NY)
Amino Logo
Amino Apps was founded on the belief that interest-based communities were underdeveloped and outdated, particularly when it came to mobile. CEO Ben Anderson and CTO Yin Wang created the app to give users access to hundreds of thousands of communities, each of them a complete social network dedicated to a single topic. Some of the largest communities have over 1 million members and are built around topics like popular TV shows, video games, sports, and an endless number of hobbies and other interests. Amino hosts communities from around the world and is currently available in six languages with many more on the way.

Navigating the Amino app is easy. Simply download the app (iOS or Android), sign up with a valid email address, choose a profile picture, and start exploring. Users can search for communities and join any that fit their interests. Each community has chatrooms, multimedia content, quizzes, and a seamless commenting system. If a community doesn’t exist yet, users can create it in minutes using the Amino Creator and Manager app (ACM). The largest user-generated communities are turned into their own apps, which gives communities their own piece of real estate on members’ phones, as well as in app stores.

Amino’s vast global network of hundreds of thousands of communities is run on AWS services. Every day users generate, share, and engage with an enormous amount of content across hundreds of mobile applications. By leveraging AWS services including Amazon EC2, Amazon RDS, Amazon S3, Amazon SQS, and Amazon CloudFront, Amino can continue to provide new features to their users while scaling their service capacity to keep up with user growth.

Interested in joining Amino? Check out their jobs page here.

Appboy (New York, NY)
In 2011, Bill Magnuson, Jon Hyman, and Mark Ghermezian saw a unique opportunity to strengthen and humanize relationships between brands and their customers through technology. The trio created Appboy to empower brands to build long-term relationships with their customers and today they are the leading lifecycle engagement platform for marketing, growth, and engagement teams. The team recognized that as rapid mobile growth became undeniable, many brands were becoming frustrated with the lack of compelling and seamless cross-channel experiences offered by existing marketing clouds. Many of today’s top mobile apps and enterprise companies trust Appboy to take their marketing to the next level. Appboy manages user profiles for nearly 700 million monthly active users, and is used to power more than 10 billion personalized messages monthly across a multitude of channels and devices.

Appboy creates a holistic user profile that offers a single view of each customer. That user profile in turn powers contextual cross-channel messaging, lifecycle engagement automation, and robust campaign insights and optimization opportunities. Appboy offers solutions that allow brands to create push notifications, targeted emails, in-app and in-browser messages, news feed cards, and webhooks to enhance the user experience and increase customer engagement. The company prides itself on its interoperability, connecting to a variety of complimentary marketing tools and technologies so brands can build the perfect stack to enable their strategies and experiments in real time.

AWS makes it easy for Appboy to dynamically size all of their service components and automatically scale up and down as needed. They use an array of services including Elastic Load Balancing, AWS Lambda, Amazon CloudWatch, Auto Scaling groups, and Amazon S3 to help scale capacity and better deal with unpredictable customer loads.

To keep up with the latest marketing trends and tactics, visit the Appboy digital magazine, Relate. Appboy was also recently featured in the #StartupsOnAir video series where they gave insight into their AWS usage.

Arterys (San Francisco, CA)
Getting test results back from a physician can often be a time consuming and tedious process. Clinicians typically employ a variety of techniques to manually measure medical images and then make their assessments. Arterys founders Fabien Beckers, John Axerio-Cilies, Albert Hsiao, and Shreyas Vasanawala realized that much more computation and advanced analytics were needed to harness all of the valuable information in medical images, especially those generated by MRI and CT scanners. Clinicians were often skipping measurements and making assessments based mostly on qualitative data. Their solution was to start a cloud/AI software company focused on accelerating data-driven medicine with advanced software products for post-processing of medical images.

Arterys’ products provide timely, accurate, and consistent quantification of images, improve speed to results, and improve the quality of the information offered to the treating physician. This allows for much better tracking of a patient’s condition, and thus better decisions about their care. Advanced analytics, such as deep learning and distributed cloud computing, are used to process images. The first Arterys product can contour cardiac anatomy as accurately as experts, but takes only 15-20 seconds instead of the 45-60 minutes required to do it manually. Their computing cloud platform is also fully HIPAA compliant.

Arterys relies on a variety of AWS services to process their medical images. Using deep learning and other advanced analytic tools, Arterys is able to render images without latency over a web browser using AWS G2 instances. They use Amazon EC2 extensively for all of their compute needs, including inference and rendering, and Amazon S3 is used to archive images that aren’t needed immediately, as well as manage costs. Arterys also employs Amazon Route 53, AWS CloudTrail, and Amazon EC2 Container Service.

Check out this quick video about the technology that Arterys is creating. They were also recently featured in the #StartupsOnAir video series and offered a quick demo of their product.

Protenus (Baltimore, MD)
Protenus Logo
Protenus founders Nick Culbertson and Robert Lord were medical students at Johns Hopkins Medical School when they saw first-hand how Electronic Health Record (EHR) systems could be used to improve patient care and share clinical data more efficiently. With increased efficiency came a huge issue – an onslaught of serious security and privacy concerns. Over the past two years, 140 million medical records have been breached, meaning that approximately 1 in 3 Americans have had their health data compromised. Health records contain a repository of sensitive information and a breach of that data can cause major havoc in a patient’s life – namely identity theft, prescription fraud, Medicare/Medicaid fraud, and improper performance of medical procedures. Using their experience and knowledge from former careers in the intelligence community and involvement in a leading hedge fund, Nick and Robert developed the prototype and algorithms that launched Protenus.

Today, Protenus offers a number of solutions that detect breaches and misuse of patient data for healthcare organizations nationwide. Using advanced analytics and AI, Protenus’ health data insights platform understands appropriate vs. inappropriate use of patient data in the EHR. It also protects privacy, aids compliance with HIPAA regulations, and ensures trust for patients and providers alike.

Protenus built and operates its SaaS offering atop Amazon EC2, where Dedicated Hosts and encrypted Amazon EBS volume are used to ensure compliance with HIPAA regulation for the storage of Protected Health Information. They use Elastic Load Balancing and Amazon Route 53 for DNS, enabling unique, secure client specific access points to their Protenus instance.

To learn more about threats to patient data, read Hospitals’ Biggest Threat to Patient Data is Hiding in Plain Sight on the Protenus blog. Also be sure to check out their recent video in the #StartupsOnAir series for more insight into their product.

Syapse (Palo Alto, CA)
Syapse provides a comprehensive software solution that enables clinicians to treat patients with precision medicine for targeted cancer therapies — treatments that are designed and chosen using genetic or molecular profiling. Existing hospital IT doesn’t support the robust infrastructure and clinical workflows required to treat patients with precision medicine at scale, but Syapse centralizes and organizes patient data to clinicians at the point of care. Syapse offers a variety of solutions for oncologists that allow them to access the full scope of patient data longitudinally, view recommended treatments or clinical trials for similar patients, and track outcomes over time. These solutions are helping health systems across the country to improve patient outcomes by offering the most innovative care to cancer patients.

Leading health systems such as Stanford Health Care, Providence St. Joseph Health, and Intermountain Healthcare are using Syapse to improve patient outcomes, streamline clinical workflows, and scale their precision medicine programs. A group of experts known as the Molecular Tumor Board (MTB) reviews complex cases and evaluates patient data, documents notes, and disseminates treatment recommendations to the treating physician. Syapse also provides reports that give health system staff insight into their institution’s oncology care, which can be used toward quality improvement, business goals, and understanding variables in the oncology service line.

Syapse uses Amazon Virtual Private Cloud, Amazon EC2 Dedicated Instances, and Amazon Elastic Block Store to build a high-performance, scalable, and HIPAA-compliant data platform that enables health systems to make precision medicine part of routine cancer care for patients throughout the country.

Be sure to check out the Syapse blog to learn more and also their recent video on the #StartupsOnAir video series where they discuss their product, HIPAA compliance, and more about how they are using AWS.

Thank you for checking out another month of awesome hot startups!

-Tina Barr

 

Backup and Restore Time Machine using Synology and the B2 Cloud

Post Syndicated from Andy Klein original https://www.backblaze.com/blog/time-machine-synology-b2-backup-restore/

B2 Cloud Storage, Time Machine, and Synology NAS
Have you ever wished that you could have Time Machine, your Synology NAS, and B2 Cloud Storage work together to automatically backup your Mac locally and to the cloud? That would be cool. Of course, you’d also want to be able to restore your Time Machine backup from your Synology NAS or the B2 cloud. And while you’re wishing, it would be great if you could have an encrypted USB Hard Drive show up at your doorstep with your Time Machine backup. Stop wishing! You can do all that today. Here’s how.

Overview

Apple’s Time Machine app, included with every Mac, creates automatic backups of your Mac computer. Typically, these backups are stored on a local external hard drive. Time Machine backups can also be stored on other devices such as a Network Attached Storage (NAS) system on your network. If your computer crashes or you get a new computer, you can restore your data from the Time Machine backup.

We advocate a “3-2-1” backup strategy that combines local storage like a Time Machine backup with offsite backup to provide an additional layer of security and redundancy. That’s 3 copies of your data: 2 local (your “live” version and your Time Machine backup), and 1 offsite. If something happens to your computer or your NAS – if they’re stolen, or if some sort of disaster strikes – you can still count on your cloud backup to keep you safe.

You can use Backblaze to back up your computer to the cloud and use Time Machine to create a local backup. In fact, many of our customers do exactly that. But there’s another way to approach this that’s more efficient: Make a copy of the Time Machine backup and send it offsite automatically.

A Streamlined 3-2-1 Backup Plan

diagram of automatic backup of your Mac locally and to the cloud

The idea is simple: Have Time Machine store its backup on your Synology NAS device, then sync the Time Machine backup from the Synology NAS to Backblaze B2 Cloud Storage. Once this is set up, the 3-2-1 backup process occurs automatically and your files are stored locally and off-site.

We’ve prepared a guide titled “How to backup your Time Machine backup to Synology and B2” in the Backblaze Knowledge Base to help you with the setup of Time Machine, Synology, and Backblaze B2. Please read through the instructions before starting the actual installation.

Restoring Your Time Machine Backup

The greatest backup process in the world is of little value if you can’t restore your data. With your Time Machine backup now stored on your Synology NAS and in B2, you have multiple ways to restore your files.

Day-to-day Restores

From time to time you may need to restore a file or two from your local backup, in this case, your Time Machine backup stored on your Synology NAS. This works just like having your Time Machine backup stored on a locally connected external hard drive:

  • On the Mac menu bar (top right) locate and click on the Time Machine icon.
  • Select “Enter Time Machine”.
  • Locate the file or files you wish to restore.
  • Click “Restore” to restore the selected file(s).

The only thing to remember is that your Synology NAS device needs to be accessible via your network to access the Time Machine backup.

Full Restores

Most often you would do a full restore of your Time Machine backup if you are replacing your computer or the hard/SSD drive inside.

Method 1: Restore from the Synology NAS device

The most straight-forward method is to restore the Time Machine backup directly from the Synology NAS device. You can restore your entire Time Machine backup to your new or reformatted Mac by having Apple’s Migration Assistant app use the Time Machine backup stored on the Synology NAS as the restore source. The Migration Assistant app is included with your Mac.

Of course, in the case of a disaster or theft, the Synology NAS may suffer the same fate as your Mac. In that case, you’ll want to restore your Time Machine backup from Backblaze B2, here’s how.

Method 2: Restore a Time Machine Backup from B2 via a USB Hard Drive

The second method is to prepare a B2 snapshot of your Time Machine backup and then have the snapshot copied to a USB hard drive you purchase from Backblaze. Think of a snapshot as a container that holds a copy of the files you wish to download. Instead of downloading each file individually, you create a snapshot of the files and download one item, the snapshot. In this case, you create the snapshot of your Time Machine backup, and we copy the snapshot to the hard drive and FedEx it to you. You then use the USB Hard Drive as a restore source when using Migration Assistant.

Method 2: Restore a Time Machine backup from B2 via USB hard drive

We’ve prepared a guide titled, “How to restore your Time Machine backup from B2” in the Backblaze Knowledge Base to walk you through the process of restoring your Time Machine backup from Backblaze B2 using an encrypted USB Hard Drive.

Method 3: Restore a Time Machine Backup from B2 via Download

When using this method, give consideration to the size of the Time Machine backup. It is not uncommon for this file to be several hundred gigabytes or even a terabyte or two. Even with the reasonably fast network connection downloading such a large file can take a considerable amount of time.

Prepare a snapshot of your Time Machine backup from B2 and download it to your “new” Mac. After you “unzip” the file you can use Migration Assistant on your new Mac to restore the Time Machine backup using the unzipped file as the restore source.

Method 3: Restore a Time Machine backup from B2 via download

Summary

As we noted earlier, you can use Backblaze Computer Backup to backup your computer to the cloud and use Time Machine to create a local backup. That works fine, but if you are using a Synology NAS device in your environment, the 3-2-1 strategy discussed above gives you another option. In that case, all of the Time Machine backups in your home or office can reside on the Synology NAS. Then you don’t need an external drive to store the Time Machine backup for each computer and all of the Time Machine backups can sync automatically to Backblaze B2 Cloud Storage.

In summary, if you have a Mac, a Synology NAS, and a Backblaze B2 account you can have an automatic 3-2-1 Time Machine backup of the files on your computer. You don’t have to drag and drop files into backup folders, remember to hit the “backup now” button, or hoard backup external USB drives in your closet. Enjoy automatic, continuous backup, locally and in the cloud. 3-2-1 backup has never been so easy.

The post Backup and Restore Time Machine using Synology and the B2 Cloud appeared first on Backblaze Blog | Cloud Storage & Cloud Backup.

Premier League Obtains Intriguing Injunction to Tackle Pirate Streams

Post Syndicated from Andy original https://torrentfreak.com/premier-league-obtains-intriguing-injunction-to-tackle-pirate-streams-170309/

For huge numbers of sports fans around the UK and the rest of Europe, football (or soccer as it’s known elsewhere) is the number one spectator sport. As a result, huge sums of money are invested in its development and subsequent broadcasting rights.

In the UK, top tier football is handled by The Premier League, which is currently facing a growing problem. Instead of paying significant monthly subscriptions to broadcasters such as Sky and BT Sport, large numbers of fans are turning to piracy-enabled set-top boxes for their fix.

These devices, often running Kodi with third-party addons, not only provide free football but also enable fans to watch matches at 3pm on Saturdays, a time that no broadcaster is legally allowed to transmit games due to the blackout.

To tackle this threat, The Premier League has just obtained an injunction from Mr Justice Arnold at the High Court which will compel ISPs BT, Sky, TalkTalk and Virgin Media to block unauthorized streams at the football organization’s request.

Content providers have obtained site-blocking injunctions on many previous occasions, but the Premier League’s comments indicate a potentially significant development on a couple of fronts.

Firstly, regular blocking orders usually target entire sites on a permanent basis but this one appears to be somewhat more targeted. The stated aim of the injunction is to block actual streams that are fed to Kodi setups, IPTV boxes, and indeed the Internet overall.

“The Order was granted under Section 97a of the Copyright, Designs and Patents Act, and further demonstrates our intellectual property rights are protected by the law,” a Premier League statement reads.

“This will enable us to target the suppliers of illegal streams to IPTV boxes, and the internet, in a proportionate and precise manner.”

Since the High Court injunction is yet to be published, TorrentFreak asked the Premier League some specific questions about how it will work from a technical standpoint. The information provided was somewhat general, but reading between the lines it seems the football outfit intends to hit content at its source.

Rather than playing site-blocking whac-a-mole at the streaming site level (from where Kodi addons often scrape their content), it appears that the Premier League might be seeking to go further up the ‘content tree’ by targeting the servers that actually originate the pirated content used by sites and services lower down.

The injunction allows the group “to block servers that stream unauthorized Premier League content”, as opposed to the traditional approach of blocking single sites.

“The new block will enable a proportionate and targeted restriction of content that would otherwise have been proliferated to unauthorised websites and IPTV devices,” The Premier League adds.

Two further pieces of potentially interesting pieces of information come via Bloomberg.

Firstly, the publication indicates that Judge Arnold held part of the injunction hearing in private after The Premier League said it related to confidential information. Second, the article states that The Premier League can now block streams “during games.”

Since streams can pop up in unexpected places at any time, it makes sense that The Premier League would seek the ability to react quickly during a game. However, it’s difficult to see how there can be any meaningful legal oversight if the football organization tells the ISPs to instantly block a stream at 3pm on a Saturday, for example.

In the meantime, Sky – which is a Premier League broadcaster and also owns one of the ISPs that will carry out the blocking – welcomed the decision.

“We are pleased the Premier League’s application to crack down on illegal streaming has been granted. Content piracy is theft, and the success of this application is an important step in tackling the issue,” a spokesman said.

“We’ll continue to work with rights holders, government, online market places and content creators to tackle today’s piracy and make people aware of the risks it presents and the damage it causes.”

Once the text of the full injunction is published, we’ll go through the details but at this early stage, we could be witnessing a new blocking strategy for live content streaming in the UK.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Prenda Attorney Pleads Guilty to Operating a Piracy ‘Honeypot’

Post Syndicated from Ernesto original https://torrentfreak.com/prenda-attorney-pleads-guilty-to-operating-a-piracy-honeypot-170307/

In recent years, so-called copyright trolls have been accused of various dubious schemes and actions, with one group as the frontrunner.

Prenda Law grabbed dozens of headlines, mostly surrounding negative court rulings over identity theft, misrepresentation and even deception.

Most controversial was the shocking revelation that Prenda uploaded their own torrents to The Pirate Bay, creating a honeypot for the people they later sued over pirated downloads.

The allegations ultimately resulted in a criminal indictment last year, and now one of the main Prenda attorneys has pleaded guilty before the District Court of Minnesota. A few hours ago John Steele, 45, signed a plea agreement admitting that he is guilty of mail fraud, wire fraud, and conspiracy to commit money laundering.

According to Steele, he and his colleague Paul Hansmeier generated more than $6 million by threatening BitTorrent users who allegedly downloaded pirated porn videos, some of which the attorney created and uploaded himself.

“Steele admitted that he and Hansmeier created a series of sham entities to obtain copyrights to pornographic movies – some of which they filmed themselves – and then uploaded those movies to file-sharing websites like ‘The Pirate Bay’ in order to lure people to download the movies,” the Department of Justice (DoJ) announced.

The Pirate Bay played an important role in this case. Not only were the founders of the site heard as witnesses, but the site was also an unwitting part of Prenda’s honeypot scheme as our coverage exposed several years ago.

“…defendants caused P.H. to upload their clients’ pornographic movies to BitTorrent file-sharing websites, including a website named the Pirate Bay, without their clients’ consent in order to entice people to download the movies and make it easier to catch those who attempted to obtain the movies,” the plea agreement reads.

From the plea agreement

Prenda Law went to great lengths to hide its direct involvement in the uploading of the material as well as its personal stake in the lawsuits and settlements, according to the plea agreement.

After extracting IP-addresses of account holders who allegedly shared the files Prenda created and uploaded, they asked courts for subpoenas to obtain the personal info of their targets from ISPs. This contact information was then used to coerce victims to pay high settlement fees.

“Steele and Hansmeier used extortionate tactics such as letters and phone calls to threaten victims with enormous financial penalties and public embarrassment unless they agreed to pay a $3,000 settlement fee,” the DoJ writes.

No sentencing date has been set yet. In theory, the Prenda attorney now faces statutory maximum sentence of 40 years in prison as well as a criminal fine of hundreds of thousands of dollars. However, by signing a plea agreement Steele is likely eligible for a reduced sentence.

Steele’s co-defendant Paul Hansmeier remains innocent until proven otherwise. However, he appears to be worse off now that Steele’s words can be used against him. Steele’s full guilty plea is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Canada Remains a “Safe Haven” for Online Piracy, Rightsholders Claim

Post Syndicated from Ernesto original https://torrentfreak.com/canada-remains-a-safe-haven-for-online-piracy-rightsholders-claim-170214/

canada-pirateThe International Intellectual Property Alliance (IIPA) has released its latest 301 ‘watch list’ submission to the U.S. Government.

The IIPA, which includes a wide range of copyright groups including the MPAA, RIAA, and ESA, has listed its complaints against a whole host of countries. As in previous years, Canada is discussed in detail with the recommendation to put it on the 2017 Special 301 ‘watch list.’

One of the main criticisms is that, despite having been called out repeatedly in the past, the country still offers a home to many pirate sites.

“For a number of years, extending well into the current decade, Canada had a well-deserved reputation as a safe haven for some of the most massive and flagrant Internet sites dedicated to the online theft of copyright material,” IIPA writes.

The group notes that some progress has been made. For example, last year the Canadian authorities actively helped to shut down the popular torrent site KickassTorrents, which was partly hosted there. However, the rightsholders say that there’s more work to be done.

“Nonetheless, major online piracy operations still find a home in Canada. These include leading BitTorrent sites such as Sumotorrent.sx and Seedpeer.eu, and hybrid cloud storage services utilizing BitTorrents, such as cloudload.com.”

Another disturbing development, according to IIPA, is the emergence of stand-alone BitTorrent applications that allow users to stream content directly through an attractive and user-friendly interface, hinting at Popcorn Time.

In addition to the traditional pirate sites that remain in Canada, IIPA reports that several websites offering modified game console gear have also moved there in an attempt to escape liability under U.S. law.

“In a growing and problematic trend, sites selling circumvention devices that have been subject to DMCA takedown notices from right holders in the U.S. are moving to Canadian ISPs for hosting, to evade enforcement action under U.S. law. Canadian hosting services such as Hawk Host and Crocweb are particularly popular with such sites.”

The group specifically highlights R4cardmontreal.com, gamersection.ca and r4dscanada.com among the offenders, and notes that “This trend breathes new life into Canada’s problematic ‘safe haven’ reputation.”

The recommendation continues by stressing that Canada’s legal regime fails to deal with online piracy in a proper manner. This is also true for the “notice and notice” legislation that was adopted two years ago, which requires ISPs to forward copyright infringement notices to pirating subscribers.

IIPA notes that there is no evidence that this initiative has resulted in a significant change in consumer behavior, in part because there are no punishments involved for frequent offenders.

“…simply notifying ISP subscribers that their infringing activity has been detected is ineffective in deterring illegal activity, because receiving the notices lacks any meaningful consequences under the Canadian system,” IIPA writes.

This is even worse for hosting providers and other Internet services, who currently have no legal incentive to take infringing material down, IIPA argues.

“The ‘notice-and-takedown’ remedy that most other modern copyright laws provide is far from a panacea for online piracy, but it does, at a minimum, provide some incentives for cooperation, incentives that Canada’s laws simply lack.”

In addition, IIPA notes that a broad range of third-party services such as advertisers, payment processors, and domain name registrars are all too often abused to facilitate piracy. They believe that this is in part because Canadian law doesn’t offer enough “motivation” for these companies to cooperate.

The rightsholders hope that the U.S. Government can help to steer Canada in another direction and encourage more and better anti-piracy regulation. If not, they fear that Canada will remain a safe haven for pirates during the years to come.

IIPA’s full submission, which highlights a variety of countries which deserve a spot on the 301 Watch Lists per IIPA’s standards, is available here (pdf).

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Survey Data on Americans and Cybersecurity

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/02/survey_data_on_.html

Pew Research just published their latest research data on Americans and their views on cybersecurity:

This survey finds that a majority of Americans have directly experienced some form of data theft or fraud, that a sizeable share of the public thinks that their personal data have become less secure in recent years, and that many lack confidence in various institutions to keep their personal data safe from misuse. In addition, many Americans are failing to follow digital security best practices in their own personal lives, and a substantial majority expects that major cyberattacks will be a fact of life in the future.

Here’s the full report.

Movie Cammer & Prolific Uploader Receives Community Sentence

Post Syndicated from Andy original https://torrentfreak.com/movie-cammer-prolific-uploader-receives-community-sentence-170207/

When movies quickly become available online following their theatrical release, it’s likely that a copy has been recorded in a cinema. A wide range of cloaking techniques are used but in basic terms, someone points a camera at the screen and hits record.

The copies subsequently made available vary in quality, from passable to absolutely terrible. Nevertheless, so-called ‘cam’ copies of movies maintain their popularity online, and their existence is often referenced as the most damaging form of movie piracy.

As a result, copyright holders work hard to crack down on so-called ‘cammers,’ with two of the riskiest places being the United States and the United Kingdom. Cases rarely end well for defendants, with custodial sentences often the outcome. However, it doesn’t always go that way.

Back in September 2015, copies of American Ultra and Maze Runner: The Scorch Trials were recorded in Cineworld Cinema in Nottingham on their day of release and subsequently uploaded to the Internet.

Following a joint operation between EMSOU (the East Midlands Special Operations Unit), FACT (the Federation Against Copyright Theft) and the FCPA (Film Content Protection Agency), investigators found their way to then 33-year-old Shaun Patrick Forry.

Officers from the Government Agency Intelligence Network Disruption Team and EMSOU executed search warrants in the Hinkley area, with laptops and other equipment taken away for examination. FACT operatives were also in attendance.

Forry was arrested on suspicion of recording both movies and uploading them to the Internet. He was questioned and bailed pending further inquiries. The investigation later revealed that Forry had distributed more than 670 films online since August 2013, some of them while on police bail.

He subsequently pleaded guilty to two counts of possession of articles for use in fraud and one count of distributing copyrighted films. Previously, an individual who uploaded Fast & Furious 6 to the Internet received a 33-month jail sentence, but in this case the defendant got off relatively lightly.

According to a report from local police, Forry was sentenced yesterday at Nottingham Crown Court. He received an 18-month community order and was told to complete 150 hours unpaid work. But despite the relative slap on the wrist, the Film Content Protection Agency insist this was a serious case.

“This is a highly significant case concerning the illegal recording of films belonging to two UK film distributors, followed by the release of those films online,” says Simon Brown, Director of the FCPA.

“Over 90% of pirated films originate from a copy recorded during a public performance in cinemas worldwide, so it’s vital that offenders like Mr. Forry are identified and arrested promptly to prevent further damage to our film industry.

“Piracy not only costs the film industry millions of pounds but can also affect thousands of jobs, so we welcome this conviction. We thank the East Midlands GAIN for their diligent assistance in this case.”

It’s likely that moving forward we’ll hear quite a bit more about the Film Content Protection Agency. While historical camming cases were usually handled by the Federation Against Copyright Theft, a new FCPA unit formed in October 2016 will now spearhead anti-camming activity in the UK.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.

Security and the Internet of Things

Post Syndicated from Bruce Schneier original https://www.schneier.com/blog/archives/2017/02/security_and_th.html

Last year, on October 21, your digital video recorder ­- or at least a DVR like yours ­- knocked Twitter off the internet. Someone used your DVR, along with millions of insecure webcams, routers, and other connected devices, to launch an attack that started a chain reaction, resulting in Twitter, Reddit, Netflix, and many sites going off the internet. You probably didn’t realize that your DVR had that kind of power. But it does.

All computers are hackable. This has as much to do with the computer market as it does with the technologies. We prefer our software full of features and inexpensive, at the expense of security and reliability. That your computer can affect the security of Twitter is a market failure. The industry is filled with market failures that, until now, have been largely ignorable. As computers continue to permeate our homes, cars, businesses, these market failures will no longer be tolerable. Our only solution will be regulation, and that regulation will be foisted on us by a government desperate to “do something” in the face of disaster.

In this article I want to outline the problems, both technical and political, and point to some regulatory solutions. Regulation might be a dirty word in today’s political climate, but security is the exception to our small-government bias. And as the threats posed by computers become greater and more catastrophic, regulation will be inevitable. So now’s the time to start thinking about it.

We also need to reverse the trend to connect everything to the internet. And if we risk harm and even death, we need to think twice about what we connect and what we deliberately leave uncomputerized.

If we get this wrong, the computer industry will look like the pharmaceutical industry, or the aircraft industry. But if we get this right, we can maintain the innovative environment of the internet that has given us so much.

**********

We no longer have things with computers embedded in them. We have computers with things attached to them.

Your modern refrigerator is a computer that keeps things cold. Your oven, similarly, is a computer that makes things hot. An ATM is a computer with money inside. Your car is no longer a mechanical device with some computers inside; it’s a computer with four wheels and an engine. Actually, it’s a distributed system of over 100 computers with four wheels and an engine. And, of course, your phones became full-power general-purpose computers in 2007, when the iPhone was introduced.

We wear computers: fitness trackers and computer-enabled medical devices ­- and, of course, we carry our smartphones everywhere. Our homes have smart thermostats, smart appliances, smart door locks, even smart light bulbs. At work, many of those same smart devices are networked together with CCTV cameras, sensors that detect customer movements, and everything else. Cities are starting to embed smart sensors in roads, streetlights, and sidewalk squares, also smart energy grids and smart transportation networks. A nuclear power plant is really just a computer that produces electricity, and ­- like everything else we’ve just listed -­ it’s on the internet.

The internet is no longer a web that we connect to. Instead, it’s a computerized, networked, and interconnected world that we live in. This is the future, and what we’re calling the Internet of Things.

Broadly speaking, the Internet of Things has three parts. There are the sensors that collect data about us and our environment: smart thermostats, street and highway sensors, and those ubiquitous smartphones with their motion sensors and GPS location receivers. Then there are the “smarts” that figure out what the data means and what to do about it. This includes all the computer processors on these devices and ­- increasingly ­- in the cloud, as well as the memory that stores all of this information. And finally, there are the actuators that affect our environment. The point of a smart thermostat isn’t to record the temperature; it’s to control the furnace and the air conditioner. Driverless cars collect data about the road and the environment to steer themselves safely to their destinations.

You can think of the sensors as the eyes and ears of the internet. You can think of the actuators as the hands and feet of the internet. And you can think of the stuff in the middle as the brain. We are building an internet that senses, thinks, and acts.

This is the classic definition of a robot. We’re building a world-size robot, and we don’t even realize it.

To be sure, it’s not a robot in the classical sense. We think of robots as discrete autonomous entities, with sensors, brain, and actuators all together in a metal shell. The world-size robot is distributed. It doesn’t have a singular body, and parts of it are controlled in different ways by different people. It doesn’t have a central brain, and it has nothing even remotely resembling a consciousness. It doesn’t have a single goal or focus. It’s not even something we deliberately designed. It’s something we have inadvertently built out of the everyday objects we live with and take for granted. It is the extension of our computers and networks into the real world.

This world-size robot is actually more than the Internet of Things. It’s a combination of several decades-old computing trends: mobile computing, cloud computing, always-on computing, huge databases of personal information, the Internet of Things ­- or, more precisely, cyber-physical systems ­- autonomy, and artificial intelligence. And while it’s still not very smart, it’ll get smarter. It’ll get more powerful and more capable through all the interconnections we’re building.

It’ll also get much more dangerous.

**********

Computer security has been around for almost as long as computers have been. And while it’s true that security wasn’t part of the design of the original internet, it’s something we have been trying to achieve since its beginning.

I have been working in computer security for over 30 years: first in cryptography, then more generally in computer and network security, and now in general security technology. I have watched computers become ubiquitous, and have seen firsthand the problems ­- and solutions ­- of securing these complex machines and systems. I’m telling you all this because what used to be a specialized area of expertise now affects everything. Computer security is now everything security. There’s one critical difference, though: The threats have become greater.

Traditionally, computer security is divided into three categories: confidentiality, integrity, and availability. For the most part, our security concerns have largely centered around confidentiality. We’re concerned about our data and who has access to it ­- the world of privacy and surveillance, of data theft and misuse.

But threats come in many forms. Availability threats: computer viruses that delete our data, or ransomware that encrypts our data and demands payment for the unlock key. Integrity threats: hackers who can manipulate data entries can do things ranging from changing grades in a class to changing the amount of money in bank accounts. Some of these threats are pretty bad. Hospitals have paid tens of thousands of dollars to criminals whose ransomware encrypted critical medical files. JPMorgan Chase spends half a billion on cybersecurity a year.

Today, the integrity and availability threats are much worse than the confidentiality threats. Once computers start affecting the world in a direct and physical manner, there are real risks to life and property. There is a fundamental difference between crashing your computer and losing your spreadsheet data, and crashing your pacemaker and losing your life. This isn’t hyperbole; recently researchers found serious security vulnerabilities in St. Jude Medical’s implantable heart devices. Give the internet hands and feet, and it will have the ability to punch and kick.

Take a concrete example: modern cars, those computers on wheels. The steering wheel no longer turns the axles, nor does the accelerator pedal change the speed. Every move you make in a car is processed by a computer, which does the actual controlling. A central computer controls the dashboard. There’s another in the radio. The engine has 20 or so computers. These are all networked, and increasingly autonomous.

Now, let’s start listing the security threats. We don’t want car navigation systems to be used for mass surveillance, or the microphone for mass eavesdropping. We might want it to be used to determine a car’s location in the event of a 911 call, and possibly to collect information about highway congestion. We don’t want people to hack their own cars to bypass emissions-control limitations. We don’t want manufacturers or dealers to be able to do that, either, as Volkswagen did for years. We can imagine wanting to give police the ability to remotely and safely disable a moving car; that would make high-speed chases a thing of the past. But we definitely don’t want hackers to be able to do that. We definitely don’t want them disabling the brakes in every car without warning, at speed. As we make the transition from driver-controlled cars to cars with various driver-assist capabilities to fully driverless cars, we don’t want any of those critical components subverted. We don’t want someone to be able to accidentally crash your car, let alone do it on purpose. And equally, we don’t want them to be able to manipulate the navigation software to change your route, or the door-lock controls to prevent you from opening the door. I could go on.

That’s a lot of different security requirements, and the effects of getting them wrong range from illegal surveillance to extortion by ransomware to mass death.

**********

Our computers and smartphones are as secure as they are because companies like Microsoft, Apple, and Google spend a lot of time testing their code before it’s released, and quickly patch vulnerabilities when they’re discovered. Those companies can support large, dedicated teams because those companies make a huge amount of money, either directly or indirectly, from their software ­ and, in part, compete on its security. Unfortunately, this isn’t true of embedded systems like digital video recorders or home routers. Those systems are sold at a much lower margin, and are often built by offshore third parties. The companies involved simply don’t have the expertise to make them secure.

At a recent hacker conference, a security researcher analyzed 30 home routers and was able to break into half of them, including some of the most popular and common brands. The denial-of-service attacks that forced popular websites like Reddit and Twitter off the internet last October were enabled by vulnerabilities in devices like webcams and digital video recorders. In August, two security researchers demonstrated a ransomware attack on a smart thermostat.

Even worse, most of these devices don’t have any way to be patched. Companies like Microsoft and Apple continuously deliver security patches to your computers. Some home routers are technically patchable, but in a complicated way that only an expert would attempt. And the only way for you to update the firmware in your hackable DVR is to throw it away and buy a new one.

The market can’t fix this because neither the buyer nor the seller cares. The owners of the webcams and DVRs used in the denial-of-service attacks don’t care. Their devices were cheap to buy, they still work, and they don’t know any of the victims of the attacks. The sellers of those devices don’t care: They’re now selling newer and better models, and the original buyers only cared about price and features. There is no market solution, because the insecurity is what economists call an externality: It’s an effect of the purchasing decision that affects other people. Think of it kind of like invisible pollution.

**********

Security is an arms race between attacker and defender. Technology perturbs that arms race by changing the balance between attacker and defender. Understanding how this arms race has unfolded on the internet is essential to understanding why the world-size robot we’re building is so insecure, and how we might secure it. To that end, I have five truisms, born from what we’ve already learned about computer and internet security. They will soon affect the security arms race everywhere.

Truism No. 1: On the internet, attack is easier than defense.

There are many reasons for this, but the most important is the complexity of these systems. More complexity means more people involved, more parts, more interactions, more mistakes in the design and development process, more of everything where hidden insecurities can be found. Computer-security experts like to speak about the attack surface of a system: all the possible points an attacker might target and that must be secured. A complex system means a large attack surface. The defender has to secure the entire attack surface. The attacker just has to find one vulnerability ­- one unsecured avenue for attack -­ and gets to choose how and when to attack. It’s simply not a fair battle.

There are other, more general, reasons why attack is easier than defense. Attackers have a natural agility that defenders often lack. They don’t have to worry about laws, and often not about morals or ethics. They don’t have a bureaucracy to contend with, and can more quickly make use of technical innovations. Attackers also have a first-mover advantage. As a society, we’re generally terrible at proactive security; we rarely take preventive security measures until an attack actually happens. So more advantages go to the attacker.

Truism No. 2: Most software is poorly written and insecure.

If complexity isn’t enough, we compound the problem by producing lousy software. Well-written software, like the kind found in airplane avionics, is both expensive and time-consuming to produce. We don’t want that. For the most part, poorly written software has been good enough. We’d all rather live with buggy software than pay the prices good software would require. We don’t mind if our games crash regularly, or our business applications act weird once in a while. Because software has been largely benign, it hasn’t mattered. This has permeated the industry at all levels. At universities, we don’t teach how to code well. Companies don’t reward quality code in the same way they reward fast and cheap. And we consumers don’t demand it.

But poorly written software is riddled with bugs, sometimes as many as one per 1,000 lines of code. Some of them are inherent in the complexity of the software, but most are programming mistakes. Not all bugs are vulnerabilities, but some are.

Truism No. 3: Connecting everything to each other via the internet will expose new vulnerabilities.

The more we network things together, the more vulnerabilities on one thing will affect other things. On October 21, vulnerabilities in a wide variety of embedded devices were all harnessed together to create what hackers call a botnet. This botnet was used to launch a distributed denial-of-service attack against a company called Dyn. Dyn provided a critical internet function for many major internet sites. So when Dyn went down, so did all those popular websites.

These chains of vulnerabilities are everywhere. In 2012, journalist Mat Honan suffered a massive personal hack because of one of them. A vulnerability in his Amazon account allowed hackers to get into his Apple account, which allowed them to get into his Gmail account. And in 2013, the Target Corporation was hacked by someone stealing credentials from its HVAC contractor.

Vulnerabilities like these are particularly hard to fix, because no one system might actually be at fault. It might be the insecure interaction of two individually secure systems.

Truism No. 4: Everybody has to stop the best attackers in the world.

One of the most powerful properties of the internet is that it allows things to scale. This is true for our ability to access data or control systems or do any of the cool things we use the internet for, but it’s also true for attacks. In general, fewer attackers can do more damage because of better technology. It’s not just that these modern attackers are more efficient, it’s that the internet allows attacks to scale to a degree impossible without computers and networks.

This is fundamentally different from what we’re used to. When securing my home against burglars, I am only worried about the burglars who live close enough to my home to consider robbing me. The internet is different. When I think about the security of my network, I have to be concerned about the best attacker possible, because he’s the one who’s going to create the attack tool that everyone else will use. The attacker that discovered the vulnerability used to attack Dyn released the code to the world, and within a week there were a dozen attack tools using it.

Truism No. 5: Laws inhibit security research.

The Digital Millennium Copyright Act is a terrible law that fails at its purpose of preventing widespread piracy of movies and music. To make matters worse, it contains a provision that has critical side effects. According to the law, it is a crime to bypass security mechanisms that protect copyrighted work, even if that bypassing would otherwise be legal. Since all software can be copyrighted, it is arguably illegal to do security research on these devices and to publish the result.

Although the exact contours of the law are arguable, many companies are using this provision of the DMCA to threaten researchers who expose vulnerabilities in their embedded systems. This instills fear in researchers, and has a chilling effect on research, which means two things: (1) Vendors of these devices are more likely to leave them insecure, because no one will notice and they won’t be penalized in the market, and (2) security engineers don’t learn how to do security better.
Unfortunately, companies generally like the DMCA. The provisions against reverse-engineering spare them the embarrassment of having their shoddy security exposed. It also allows them to build proprietary systems that lock out competition. (This is an important one. Right now, your toaster cannot force you to only buy a particular brand of bread. But because of this law and an embedded computer, your Keurig coffee maker can force you to buy a particular brand of coffee.)

**********
In general, there are two basic paradigms of security. We can either try to secure something well the first time, or we can make our security agile. The first paradigm comes from the world of dangerous things: from planes, medical devices, buildings. It’s the paradigm that gives us secure design and secure engineering, security testing and certifications, professional licensing, detailed preplanning and complex government approvals, and long times-to-market. It’s security for a world where getting it right is paramount because getting it wrong means people dying.

The second paradigm comes from the fast-moving and heretofore largely benign world of software. In this paradigm, we have rapid prototyping, on-the-fly updates, and continual improvement. In this paradigm, new vulnerabilities are discovered all the time and security disasters regularly happen. Here, we stress survivability, recoverability, mitigation, adaptability, and muddling through. This is security for a world where getting it wrong is okay, as long as you can respond fast enough.

These two worlds are colliding. They’re colliding in our cars -­ literally -­ in our medical devices, our building control systems, our traffic control systems, and our voting machines. And although these paradigms are wildly different and largely incompatible, we need to figure out how to make them work together.

So far, we haven’t done very well. We still largely rely on the first paradigm for the dangerous computers in cars, airplanes, and medical devices. As a result, there are medical systems that can’t have security patches installed because that would invalidate their government approval. In 2015, Chrysler recalled 1.4 million cars to fix a software vulnerability. In September 2016, Tesla remotely sent a security patch to all of its Model S cars overnight. Tesla sure sounds like it’s doing things right, but what vulnerabilities does this remote patch feature open up?

**********
Until now we’ve largely left computer security to the market. Because the computer and network products we buy and use are so lousy, an enormous after-market industry in computer security has emerged. Governments, companies, and people buy the security they think they need to secure themselves. We’ve muddled through well enough, but the market failures inherent in trying to secure this world-size robot will soon become too big to ignore.

Markets alone can’t solve our security problems. Markets are motivated by profit and short-term goals at the expense of society. They can’t solve collective-action problems. They won’t be able to deal with economic externalities, like the vulnerabilities in DVRs that resulted in Twitter going offline. And we need a counterbalancing force to corporate power.

This all points to policy. While the details of any computer-security system are technical, getting the technologies broadly deployed is a problem that spans law, economics, psychology, and sociology. And getting the policy right is just as important as getting the technology right because, for internet security to work, law and technology have to work together. This is probably the most important lesson of Edward Snowden’s NSA disclosures. We already knew that technology can subvert law. Snowden demonstrated that law can also subvert technology. Both fail unless each work. It’s not enough to just let technology do its thing.

Any policy changes to secure this world-size robot will mean significant government regulation. I know it’s a sullied concept in today’s world, but I don’t see any other possible solution. It’s going to be especially difficult on the internet, where its permissionless nature is one of the best things about it and the underpinning of its most world-changing innovations. But I don’t see how that can continue when the internet can affect the world in a direct and physical manner.

**********

I have a proposal: a new government regulatory agency. Before dismissing it out of hand, please hear me out.

We have a practical problem when it comes to internet regulation. There’s no government structure to tackle this at a systemic level. Instead, there’s a fundamental mismatch between the way government works and the way this technology works that makes dealing with this problem impossible at the moment.

Government operates in silos. In the U.S., the FAA regulates aircraft. The NHTSA regulates cars. The FDA regulates medical devices. The FCC regulates communications devices. The FTC protects consumers in the face of “unfair” or “deceptive” trade practices. Even worse, who regulates data can depend on how it is used. If data is used to influence a voter, it’s the Federal Election Commission’s jurisdiction. If that same data is used to influence a consumer, it’s the FTC’s. Use those same technologies in a school, and the Department of Education is now in charge. Robotics will have its own set of problems, and no one is sure how that is going to be regulated. Each agency has a different approach and different rules. They have no expertise in these new issues, and they are not quick to expand their authority for all sorts of reasons.

Compare that with the internet. The internet is a freewheeling system of integrated objects and networks. It grows horizontally, demolishing old technological barriers so that people and systems that never previously communicated now can. Already, apps on a smartphone can log health information, control your energy use, and communicate with your car. That’s a set of functions that crosses jurisdictions of at least four different government agencies, and it’s only going to get worse.

Our world-size robot needs to be viewed as a single entity with millions of components interacting with each other. Any solutions here need to be holistic. They need to work everywhere, for everything. Whether we’re talking about cars, drones, or phones, they’re all computers.

This has lots of precedent. Many new technologies have led to the formation of new government regulatory agencies. Trains did, cars did, airplanes did. Radio led to the formation of the Federal Radio Commission, which became the FCC. Nuclear power led to the formation of the Atomic Energy Commission, which eventually became the Department of Energy. The reasons were the same in every case. New technologies need new expertise because they bring with them new challenges. Governments need a single agency to house that new expertise, because its applications cut across several preexisting agencies. It’s less that the new agency needs to regulate -­ although that’s often a big part of it -­ and more that governments recognize the importance of the new technologies.

The internet has famously eschewed formal regulation, instead adopting a multi-stakeholder model of academics, businesses, governments, and other interested parties. My hope is that we can keep the best of this approach in any regulatory agency, looking more at the new U.S. Digital Service or the 18F office inside the General Services Administration. Both of those organizations are dedicated to providing digital government services, and both have collected significant expertise by bringing people in from outside of government, and both have learned how to work closely with existing agencies. Any internet regulatory agency will similarly need to engage in a high level of collaborate regulation -­ both a challenge and an opportunity.

I don’t think any of us can predict the totality of the regulations we need to ensure the safety of this world, but here’s a few. We need government to ensure companies follow good security practices: testing, patching, secure defaults -­ and we need to be able to hold companies liable when they fail to do these things. We need government to mandate strong personal data protections, and limitations on data collection and use. We need to ensure that responsible security research is legal and well-funded. We need to enforce transparency in design, some sort of code escrow in case a company goes out of business, and interoperability between devices of different manufacturers, to counterbalance the monopolistic effects of interconnected technologies. Individuals need the right to take their data with them. And internet-enabled devices should retain some minimal functionality if disconnected from the internet

I’m not the only one talking about this. I’ve seen proposals for a National Institutes of Health analog for cybersecurity. University of Washington law professor Ryan Calo has proposed a Federal Robotics Commission. I think it needs to be broader: maybe a Department of Technology Policy.

Of course there will be problems. There’s a lack of expertise in these issues inside government. There’s a lack of willingness in government to do the hard regulatory work. Industry is worried about any new bureaucracy: both that it will stifle innovation by regulating too much and that it will be captured by industry and regulate too little. A domestic regulatory agency will have to deal with the fundamentally international nature of the problem.

But government is the entity we use to solve problems like this. Governments have the scope, scale, and balance of interests to address the problems. It’s the institution we’ve built to adjudicate competing social interests and internalize market externalities. Left to their own devices, the market simply can’t. That we’re currently in the middle of an era of low government trust, where many of us can’t imagine government doing anything positive in an area like this, is to our detriment.

Here’s the thing: Governments will get involved, regardless. The risks are too great, and the stakes are too high. Government already regulates dangerous physical systems like cars and medical devices. And nothing motivates the U.S. government like fear. Remember 2001? A nominally small-government Republican president created the Office of Homeland Security 11 days after the terrorist attacks: a rushed and ill-thought-out decision that we’ve been trying to fix for over a decade. A fatal disaster will similarly spur our government into action, and it’s unlikely to be well-considered and thoughtful action. Our choice isn’t between government involvement and no government involvement. Our choice is between smarter government involvement and stupider government involvement. We have to start thinking about this now. Regulations are necessary, important, and complex; and they’re coming. We can’t afford to ignore these issues until it’s too late.

We also need to start disconnecting systems. If we cannot secure complex systems to the level required by their real-world capabilities, then we must not build a world where everything is computerized and interconnected.

There are other models. We can enable local communications only. We can set limits on collected and stored data. We can deliberately design systems that don’t interoperate with each other. We can deliberately fetter devices, reversing the current trend of turning everything into a general-purpose computer. And, most important, we can move toward less centralization and more distributed systems, which is how the internet was first envisioned.

This might be a heresy in today’s race to network everything, but large, centralized systems are not inevitable. The technical elites are pushing us in that direction, but they really don’t have any good supporting arguments other than the profits of their ever-growing multinational corporations.

But this will change. It will change not only because of security concerns, it will also change because of political concerns. We’re starting to chafe under the worldview of everything producing data about us and what we do, and that data being available to both governments and corporations. Surveillance capitalism won’t be the business model of the internet forever. We need to change the fabric of the internet so that evil governments don’t have the tools to create a horrific totalitarian state. And while good laws and regulations in Western democracies are a great second line of defense, they can’t be our only line of defense.

My guess is that we will soon reach a high-water mark of computerization and connectivity, and that afterward we will make conscious decisions about what and how we decide to interconnect. But we’re still in the honeymoon phase of connectivity. Governments and corporations are punch-drunk on our data, and the rush to connect everything is driven by an even greater desire for power and market share. One of the presentations released by Edward Snowden contained the NSA mantra: “Collect it all.” A similar mantra for the internet today might be: “Connect it all.”

The inevitable backlash will not be driven by the market. It will be deliberate policy decisions that put the safety and welfare of society above individual corporations and industries. It will be deliberate policy decisions that prioritize the security of our systems over the demands of the FBI to weaken them in order to make their law-enforcement jobs easier. It’ll be hard policy for many to swallow, but our safety will depend on it.

**********

The scenarios I’ve outlined, both the technological and economic trends that are causing them and the political changes we need to make to start to fix them, come from my years of working in internet-security technology and policy. All of this is informed by an understanding of both technology and policy. That turns out to be critical, and there aren’t enough people who understand both.

This brings me to my final plea: We need more public-interest technologists.

Over the past couple of decades, we’ve seen examples of getting internet-security policy badly wrong. I’m thinking of the FBI’s “going dark” debate about its insistence that computer devices be designed to facilitate government access, the “vulnerability equities process” about when the government should disclose and fix a vulnerability versus when it should use it to attack other systems, the debacle over paperless touch-screen voting machines, and the DMCA that I discussed above. If you watched any of these policy debates unfold, you saw policy-makers and technologists talking past each other.

Our world-size robot will exacerbate these problems. The historical divide between Washington and Silicon Valley -­ the mistrust of governments by tech companies and the mistrust of tech companies by governments ­- is dangerous.

We have to fix this. Getting IoT security right depends on the two sides working together and, even more important, having people who are experts in each working on both. We need technologists to get involved in policy, and we need policy-makers to get involved in technology. We need people who are experts in making both technology and technological policy. We need technologists on congressional staffs, inside federal agencies, working for NGOs, and as part of the press. We need to create a viable career path for public-interest technologists, much as there already is one for public-interest attorneys. We need courses, and degree programs in colleges, for people interested in careers in public-interest technology. We need fellowships in organizations that need these people. We need technology companies to offer sabbaticals for technologists wanting to go down this path. We need an entire ecosystem that supports people bridging the gap between technology and law. We need a viable career path that ensures that even though people in this field won’t make as much as they would in a high-tech start-up, they will have viable careers. The security of our computerized and networked future ­ meaning the security of ourselves, families, homes, businesses, and communities ­ depends on it.

This plea is bigger than security, actually. Pretty much all of the major policy debates of this century will have a major technological component. Whether it’s weapons of mass destruction, robots drastically affecting employment, climate change, food safety, or the increasing ubiquity of ever-shrinking drones, understanding the policy means understanding the technology. Our society desperately needs technologists working on the policy. The alternative is bad policy.

**********

The world-size robot is less designed than created. It’s coming without any forethought or architecting or planning; most of us are completely unaware of what we’re building. In fact, I am not convinced we can actually design any of this. When we try to design complex sociotechnical systems like this, we are regularly surprised by their emergent properties. The best we can do is observe and channel these properties as best we can.

Market thinking sometimes makes us lose sight of the human choices and autonomy at stake. Before we get controlled ­ or killed ­ by the world-size robot, we need to rebuild confidence in our collective governance institutions. Law and policy may not seem as cool as digital tech, but they’re also places of critical innovation. They’re where we collectively bring about the world we want to live in.

While I might sound like a Cassandra, I’m actually optimistic about our future. Our society has tackled bigger problems than this one. It takes work and it’s not easy, but we eventually find our way clear to make the hard choices necessary to solve our real problems.

The world-size robot we’re building can only be managed responsibly if we start making real choices about the interconnected world we live in. Yes, we need security systems as robust as the threat landscape. But we also need laws that effectively regulate these dangerous technologies. And, more generally, we need to make moral, ethical, and political decisions on how those systems should work. Until now, we’ve largely left the internet alone. We gave programmers a special right to code cyberspace as they saw fit. This was okay because cyberspace was separate and relatively unimportant: That is, it didn’t matter. Now that that’s changed, we can no longer give programmers and the companies they work for this power. Those moral, ethical, and political decisions need, somehow, to be made by everybody. We need to link people with the same zeal that we are currently linking machines. “Connect it all” must be countered with “connect us all.”

This essay previously appeared in New York Magazine.

‘Pirate’ Kodi Box Seller Enters “Not Guilty” Plea in Landmark Trial

Post Syndicated from Andy original https://torrentfreak.com/pirate-kodi-box-seller-enters-not-guilty-plea-landmark-trial/

With the advent of cheap Android devices such as Amazon’s Fire Stick and dozens of set-top variants, anyone can install legal software such as Kodi to watch recorded media.

However, those very same devices can be modified to do things that at best sit in a legal gray area and at worst could be illegal. We’re talking about viewing movies, TV shows, live TV and PPV events, without paying a dime to anyone.

In some parts of the world the phenomenon has reached epidemic proportions, so much so that the Federation Against Copyright Theft now cite it as a major concern in the UK. But while there is not much anyone can do to clamp down on people at home doing a DIY job on their own setups, it is possible to crack down on people who supply pre-modified devices.

One individual that has found himself in the middle of the controversy is UK-based Brian ‘Tomo’ Thompson. The Middlesborough-based shopkeeper was previously raided by police and Trading Standards after selling “fully loaded” Android boxes from his small premises.

Unusually for such cases, Thompson is being prosecuted by his local council. He’s under the impression that he’s done nothing wrong but now wants to discover where the boundaries lie for sellers of similar devices.

“All I want to know is whether I am doing anything illegal. I know it’s a gray area but I want it in black and white,” he said last September.

This morning Thompson appeared before Teeside Crown Court for a plea hearing. As promised, BBC reports that he pleaded not guilty, which means his case will now go to a full trial.

In what will be a landmark case, Thompson stands accused of two offenses under section 296ZB of the Copyright, Designs and Patents Act. This section deals with devices and services designed to circumvent technological measures.

“A person commits an offense if he — in the course of a business — sells or lets for hire, any device, product or component which is primarily designed, produced, or adapted for the purpose of enabling or facilitating the circumvention of effective technological measures,” the law reads.

Kodi installations with third-party addons effectively ‘farm’ content already available on various ‘pirate’ sites on the Internet. On that basis, it could be argued that any anti-circumvention/anti-copying measures put in place by broadcasters and other copyright holders have already been bypassed by the time the addon streams the content to the user.

However, the Court will have to decide what part, if any, Thompson played in circumventing those measures when he sold modified Kodi devices to his customers. According to the BBC, two of those sales were test purchases made by Middlesborough Council.

The outcome of the trial, which is likely to be complex one, will have little effect on people who modify their own Kodi installations at home. However, it is likely to determine the boundaries when it comes to those offering “fully loaded” Kodi TV devices for sale in the UK.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.