NO! - Top EU court says U.S.-EU data transfer deal is invalid. (Reuters).
A system enabling data transfers from the European Union to the United States by thousands of companies is invalid, the highest European Union court said on Tuesday in a landmark ruling that will leave firms scrambling to find alternative measures.
"The Court of Justice declares that the Commission’s U.S. Safe Harbor Decision is invalid," it said in a statement.
The decision could sound the death knell for the Safe Harbor framework set up fifteen years ago to help companies on both sides of the Atlantic conduct everyday business but which has come under heavy fire following 2013 revelations of mass U.S. snooping.
Without Safe Harbor, personal data transfers are forbidden, or only allowed via costlier and more time-consuming means, under EU laws that prohibit data-sharing with countries deemed to have lower privacy standards, of which the United States is one.
The Court of Justice of the European Union (ECJ) said that U.S. companies are "bound to disregard, without limitation," the privacy safeguards provided in Safe Harbor where they come into conflict with the national security, public interest and law enforcement requirements of the United States.Read the full story here.
Information Giants Apple and Google Just Attended a Confidential Spy Summit in secluded English Mansion. (FirstLook).
At an 18th-century mansion in England’s countryside last week,
current and former spy chiefs from seven countries faced off with
representatives from tech giants Apple and Google to discuss government
surveillance in the aftermath of Edward Snowden’s leaks.
The three-day conference, which took place behind closed doors and
under strict rules about confidentiality, was aimed at debating the line
between privacy and security.
Among an extraordinary list of attendees were a host of
current or former heads from spy agencies such as the CIA and British
electronic surveillance agency Government Communications Headquarters,
or GCHQ. Other current or former top spooks from Australia, Canada,
France, Germany and Sweden were also in attendance.
Google, Apple, and
telecommunications company Vodafone sent some of their senior policy and
legal staff to the discussions. And a handful of academics and
journalists were also present. Read the full story here.
"Yes We Scan" Why Does Apple Include Government Certificate Authorities on the Mac? HT: Cryptogon ; Zit Seng’s Blog:
I’ve been sitting on this information for some time, waiting to get
more research done before I publish a post. But since word has come out
about how Lenovo preloads what amounts to very bad spyware on their PCs,
I thought I should also just go right ahead to spill the beans on the
Mac.
Yes, that’s right. Superfish is bad. The problem with the Mac
is only slightly related in that it also involves SSL certificates.
It’s also bad, in a different way. I haven’t found out how the situation
got to be like this, but I’ll just tell you what is happening.
The Certificate Authorities are usually trustworthy. Usually.
Except, when you look into the list Certificate Authorities trusted by
the Mac. There are the usual big name Certificate Authorities like
Verisign, GeoTrust, Symantec and Thawte. But how about these ones:
Subject: C=US, O=U.S. Government, OU=FPKI, CN=Federal Common Policy CA
Subject: C=US, O=U.S. Government, OU=DoD, OU=PKI, CN=DoD Root CA 2
Subject: C=JP, O=Japanese Government, OU=ApplicationCA
Subject: C=CN, O=China Internet Network Information Center, CN=China
Internet Network Information Center EV Certificates Root …To be clear, the U.S. government has several more Certification Authority certificates installed in the Mac.
But governments are the good people right? Erm, I don’t know. There
are people who don’t trust their own government. For example, U.S.
citizens may be concerned about their NSA (or FBI) spying activities.
They are afraid about the NSA being able to break encryption codes.
Well, it turns out that NSA’s job is a lot easier. There are no codes to break.
They just intercept your communication, carry out a man-in-the-middle
attack, and what else do they need? You think your HTTPS connection is
securely encrypted, but wait, couldn’t the U.S. government generate a
brand new fake certificate, give it to the NSA, and then serve that to
you? Your web browser won’t raise any alarm bells. The SSL certificate
is valid, and it is signed by a Certificate Authority that is trusted by
your computer.
So, just to get this straight. Not only does the U.S.
government have the privilege of intercepting any of your HTTPS
connections and present valid, trusted, SSL certificates to you, the
Japanese government and the Chinese government have the same privileges. Read the full story here.
Windows 10 Lets You Say Goodbye to Passwords 'and privacy' Forever.(Fars).
Microsoft is adding support for the Fast Identity Online (Fido) standard to Windows 10 to enable password-free sign-on for a number of applications.
PC users' reliance on weak passwords that are easily cracked (and yet somehow still easy to forget, leaving the IT department with the tedious and time-consuming chore of managing them) coupled with regular password leaks by consumer apps mean moving to fingerprint or other biometric authentication methods could make signing in easier for users and make systems more secure as well, ZDnet reported.
Dustin Ingalls, Windows security and identity program manager at Microsoft, said the company has contributed "design inputs" to the Fido's upcoming 2.0 technical specs.
"Transitioning away from passwords and to a stronger form of identity is one of the great challenges that we face in online computing," said Ingalls.
The Fido standards aim to create a "universal framework" for secure but password-free authentication. Fido supports biometrics such as face, voice, iris, and fingerprint or dongles, and members of the group include Samsung, Visa, PayPal, RSA, MasterCard, Google, Lenovo, ARM, and Bank of America as well as Microsoft.
Ingalls said the Fido implementation in the Windows 10 Technical Preview reflects Microsoft's contribution to the Fido 2.0 specification technical working group, and showcases integration with Windows 10 sign-in, Azure Active Directory, and access to software-as-a-services packages like Office 365 Exchange Online, Salesforce, Citrix, Box, and Concur.
"With Windows 10, for the very first time Windows devices and Microsoft-owned and partner SaaS services supported by Azure Active Directory authentication can be accessed end-to-end using an enterprise-grade two-factor authentication solution - all without a password," he said.
Windows 10 will also include Active Directory integration and Microsoft Account integration for consumer Microsoft services such as Outlook.com and OneDrive, Ingalls added.
Hmmm......The possibilities are endless.....Time to stock up on Windows 7-8 hardware and software.
@ColorMeRed just imagine the potential this has : 'User John Doe' ID xxxx will be blocked from the internet starting now
The White House Wants to Issue You an Online ID. HT: Motherboard.
A few years back, the White House had a brilliant idea: Why not create a single, secure online ID that Americans could use to verify their identity across multiple websites, starting with local government services.
The goal is to put to bed once and for all our current ineffective and tedious system of using passwords for online authentication, which itself was a cure for the even more ineffective and tedious process of walking into a brick-and-mortar building and presenting a human being with two forms of paper identification.
The program is just entering a test phase with select state government agencies only (there are currently plans to expand the trial out to 10 more organizations.)
But it's not far-fetched to think we're moving toward a standardized way to prove our identity in cyberspace the same way we do offline.
The White House argues cutting down on inefficiencies and fraud would bolster the information economy. In an era where we have cars that drive themselves and flying robots delivering beer, you have to wonder how much longer people are going to put up with standing in line at the DMV for four hours to hand a teller (with a taxpayer-paid salary) a copy of your birth certificate and piece of mail to prove you are you.
If an analysis of the pilot programs in Michigan and Pennsylvania find the centralized ID saves time and money and spares us the DMV line, privacy advocates are going to have a hell of a fight ahead of them.Read the full story here.
The Internet mirror - Ninety-nine percent of us live on the wrong side of a one-way mirror.(SA).
Imagine an Internet where unseen hands curate your entire experience. Where third parties predetermine the news, products and prices you see—even the people you meet.
A world where you think you are making choices, but in reality, your options are narrowed and refined until you are left with merely the illusion of control.
This is not far from what is happening today. Thanks to technology that enables Google, Facebook and others to gather information about us and use it to tailor the user experience to our own personal tastes, habits and income, the Internet has become a different place for the rich and for the poor. Most of us have become unwitting actors in an unfolding drama about the tale of two Internets. There is yours and mine, theirs and ours. As a result, 99 percent of us live on the wrong side of a one-way mirror, in which the other 1 percent manipulates our experiences.
Some laud this trend as “personalization”—which sounds innocuous and fun, evoking the notion that the ads we see might appear in our favorite color schemes. What we are talking about, however, is much deeper and significantly more consequential.Read the full story here.
" Google Data Will" - How to plan what will happen to your 'private' Google data. HT: SophosSecurity.By Lisa Vaas.
Google has launched a new tool that lets users plan what will happen to their private data after they die.
Announced on Google's blog by Product Manager Andreas Tuerk on Thursday, the tool is called Inactive Account Manager.
(You have to love the humility: "Not a great name, we know," Tuerk writes.
The Googlers could have had a field day with the name, but discretion, obviously, won the day.
One commenter's suggested name: "My Will." Better, and still classy!)
The Inactive Account Manager is located on the Google Account settings page, under the "Account Management" choice in the "Account" tab.
I had to hunt around to find it: you have to click on the option that says "Control what happens to your account when you stop using Google. Learn more and go to setup."
There, you can tell Google what to do with your Gmail messages and data from other Google services if your account becomes inactive for any reason.
One choice is to have your data deleted after periods of three, six, nine or 12 months of inactivity.
Another option is to pass on data from some or all of these services to your designated beneficiaries.Hmmmm........'Death is just the beginning'?Read the full 'Afterlife' Story here.
The New National Identification System Is Coming.(OM).
“Maybe we should just brand all the babies.” With this joke, Ronald Reagan swatted down a national identification card — or an enhanced Social Security card — proposed by his attorney general in 1981. For more than three decades since, attempts to implement the proposal have all met with failure, but now national ID is back, and it’s worse than ever.
As in 1981, immigration restrictions have provided the justification. In the name of stopping illegal employment, proposals floated by a bipartisan group of senators would create both a physical national ID — an “enhanced” Social Security card — and even more menacingly an Internet-based, electronic ID that could be accessed anywhere to confirm identity.
After the election, Sen. Chuck Schumer (D-N.Y.), who is leading the Democrats immigration push, told NBC News that one of his top priorities was to “make sure that there is a non-forgeable document” for all employees. After years of pushing for one, Sen. Schumer may have broken through GOP opposition. “We’re going to have to come up with something, but the principle we all agree on,” Sen. Chuck Schumer said this week.
Sen. John McCain (R-Ariz.) toldPolitico that he was for “a super Social Security card that would have some sort of biometric things like a fingerprint in it.” Sen. Lindsay Graham (R-S.C.)—also, a longtime supporter of national ID — agrees. “You’ll have documents that can’t be faked,” he told CBS News after the election.
This path was the inevitable consequence of America’s broken immigration system. First, Congress made it prohibitively difficult to come. Then, unable to enforce that, they conscripted businessmen to police their workforce for them. Now that document fraud has ruined this scheme, the government wants even more surveillance. But national ID is more than just a card with a name and number — it is a system. It must contain data collected by the government on every legal worker that compares that name and number to you. This means the federal government must start collecting biometric information: pictures, fingerprints, retina scans, DNA, and whatever else is needed to make the system work.
Even worse than a physical card, the Department of Homeland Security (DHS) and Social Security Administration (SSA) has created an electronic national ID called electronic employment verification (EEV). The current rendition is known as E-Verify, which has combined DHS’s immigration database with the SSA’s database, containing your name, address, legal status, work authorization, and social security number. The Senate immigration bill will mandate all employers use E-Verify to check the immigration status of their employees. Right now, employers can voluntarily submit the employee’s name and number to check if they match the name and number in the system. If the names or numbers don’t match, you must take further steps to prove your identity at SSA offices.
The system creates a guilty-until-proven-innocent approach to employment that also allows DHS to monitor every worker throughout the country. Some proposed mandates would require employees who work multiple jobs to automatically visit SSA offices — the new DMVs of employment — to prove that they really do work both jobs. “People say ‘National ID,’ ” Sen. Schumer told Politico. “[But] that’s a card that you’d have to show whenever anyone, a police officer or anyone came up to you.” Actually, that’s not true. National ID is any mandatory system that could identify you at any given time. E-Verify combined with biometrics from state DMVs or elsewhere would meet that definition.
National ID need not be shown every time you go outside — it could just be used at checkpoints, airports, and toll booths or to access the Internet, firearms, prescription drugs, jobsites, or apartment buildings. Both the federal government and several states already prohibit renting to unauthorized immigrants. Potential tenants may soon be required to pass E-Verify to obtain housing with a similar “multiple homes” check. To argue that the same expansion of use — already being applied to the SS card — will not also apply to E-Verify is not believable. The calls for a national ID — electronic or otherwise — by these senators undermine their credibility when they claim their plan will actually stop illegal entries at the border. If it did, national ID and E-Verify would be unnecessary. America needs immigration reform, but what it doesn’t need is more bureaucracy and universal surveillance.Hmmmmm........Let's hope Pres Obama is the first to check his with E-Verify.Read the full story here.
Obama Plans to Create Internet ID
for All Americans.(Fox).President
Obama is putting plans in motion to give the Commerce Department authority to
create an Internet ID for all Americans, a White House official told
CNET.com.White House Cybersecurity Coordinator Howard Schmidt told the website
it is "the absolute perfect spot in the
U.S. government" to centralize efforts toward creating an "identity
ecosystem" for the Internet.The National Strategy for Trusted Identities in
Cyberspace is currently being drafted by the Obama administration and will be
released by the president in a few
months."We are not
talking about a national ID card. We are not talking about a government-controlled
system. What we are talking about is enhancing online
security and privacy, and reducing and perhaps even eliminating the need to
memorize a dozen passwords, through creation and use of more trusted digital
identities," Commerce Secretary Gary Locke said at an event Friday at the
Stanford Institute for Economic Policy Research, according to
CNET.com.Hmmmm......This is the kind of
totalitarian, policestate Stalin loved.Who's going to be
Beria?Read the full story here.
Google Wants Password123 In Museum Of Bad Headaches.(Phys).Should typed passwords ever make their way into the Memory Bin, no tears will be shed in certain quarters at Google. The search giant is taking a serious look at a computing future where users have a safer environment that can secure their online information and accounts via physical passwords, perhaps in the form of finger rings or USB sticks or keys. Google’s Vice President of Security Eric Grosse and engineer Mayank Upadhyay have presented their suggestions for better hardware authentication in an upcoming research paper to be published in Security & Privacy magazine. Google has been investigating alternatives to typed passwords, which includes a Yubico log-on device slid into a USB reader as part of Google’s quest to help strengthen password security. Google’s eyes are on future login techniques that will be primarily device-centric.
Wired, in a sneak peek at the research paper set for publication, reported that the paper explores several physical device options, to make a password process that will be easy to accommodate but also sufficiently secure. Google’s suggestions include a ring worn on the finger. and the YubiKey device from Yubico. In the YubiKey scenario, it would be programmed so that it can automatically log a user into that user’s Google account. (Yubico was founded in 2007 with a prototype of its YubiKey for securing online identities. The devices are manufactured in Sweden and the U.S.)
“Along with many in the industry, we feel passwords and simple bearer tokens such as cookies are no longer sufficient to keep users safe,” Grosse and Upadhyay wrote in their paper, according to Wired.
Their project focus is none too soon, as, beyond Google and within the general Internet community, hacker fever has turned into password-reset fatigue. Users have complained over wiped out mail accounts and stolen data from their hacked accounts. Security experts have argued that no passwords are really secure enough, and even CAPTCHA schemes to prove the user is human have been found lacking in keeping users safe.
Media attention to the password impasse grew widespread in November, when Wired senior writer Mat Honan wrote, “This summer, hackers destroyed my entire digital life in the span of an hour. My Apple, Twitter, and Gmail passwords were all robust-seven, 10, and 19 characters, respectively, all alphanumeric, some with symbols thrown in as well-but the three accounts were linked, so once the hackers had conned their way into one, they had them all. They really just wanted my Twitter handle: @mat. As a three-letter username, it’s considered prestigious. And to delay me from getting it back, they used my Apple account to wipe every one of my devices, my iPhone and iPad and MacBook, deleting all my messages and documents and every picture I’d ever taken of my 18-month-old daughter.”
Google’s Grosse does not see the utter obliteration of the password but instead a situation where users can be freed from the need to implement and re-enter complex passwords. “We’ll have to have some form of screen unlock, maybe passwords but maybe something else,” he said. Nonetheless, he added, the primary authenticator will be some piece of hardware.
Grosse and Upadhyay acknowledged that others have tried similar approaches and actually did not achieve much success in the consumer world, but the two authors of the research paper are not deterred. Success may come with wider cooperation outside Google. “Although we recognize that our initiative will likewise remain speculative until we’ve proven large scale acceptance, we’re eager to test it with other websites.” According to Wired, Google has created a universal protocol for device-based authentication that is able to work independent of Google’s own services; just a web browser is needed to support the standard.Read the full story here.
Video - Kim Dotcom attacks Obama with new song "Mr. President".(RT).Megaupload's Kim Dotcom — the man behind one of the most well-known file sharing sites — has a message for US President Barack Obama: where is your promise to keep the Internet free?
Dotcom, the 38-year-old founder of Megaupload.com, has come forth with his latest attempt to make a splash in the same industry that has employed every tactic in the book to put him behind bars. Even after being targeted by an international witch-hunt spearheaded by the Recording Industry Association of America, the Federal Bureau of Investigation and selected members of the US Congress, Dotcom has dropped a new musical number of his own.
And, of course, Dotcom has made the song available free of charge all over the Internet.
“Mr. President,” a bouncy, 4-minute-long request meant for Washington, was released on Friday, and Dotcom doesn’t hold back in his appeal for Internet freedoms. Dotcom may have been made the poster boy of online piracy thanks to an array of enemies in the RIAA, Hollywood and Capitol Hill, but in his latest number he embraces that allegations that he has facilitated copyright infringement and asks for his fans to demand a chance with the ways the Web is governed. “The war for the Internet has begun,” Dotcom declares over a simplistic synthesizer lead. “Hollywood is in control of politics / The Government is killing innovation / Don't let them get away with that.”
Dotcom has been a central figure in Washington’s war on online piracy for years now, but a highly publicized raid of his New Zealand mansion on January 20 has propelled him to near-iconic status. The FBI alleges that, by masterminding the operations of Megaupload, Dotcom cost Hollywood upwards of half a billion dollars in lost revenue. Since those allegations were delivered, though, Dotcom has spent six months mostly hulled up in his home, yet still jumping on just about every opportunity to attack America and its justice system.
Only days before “Mr. President” was released, Dotcom’s attorneys filed a rebuttal against the federal prosecutors involved in the copyright case that calls out America’s attorneys for inventing their own rules to try to build up charges against Megaupload, a hugely popular file-storage site that was shut down by the FBI in conjunction with January’s raid.
In his latest tune, Dotcom declares over a redundant German dance beat that, “[I]f we don’t do anything. . . they will just blame it on the copyright,” and that advocates for a free and open Internet need to “Keep this movement going,” “Keep this movement tweeting” and “Keep this movement moving” in order to erode attempts from Congress and other legislative bodies across the world that are running a campaign against online freedoms.
During the course of the song, Dotcom’s compliments the tune’s repetitive dance phrases by combining it with images of protesters from across the globe, frequently donned in the Guy Fawkes mask adopted by the Anonymous movement, to showcase how other advocates have successfully killed ACTA — the Anti-Counterfeiting Trade Agreement that aimed to establish new standards for governing intellectual property rights in countries around the globe, including the US, New Zealand, Canada and the European Union. Thanks in part to a massive social media campaign — to which Dotcom encouraged — ACTA was killed just weeks ago.
In a tweet sent earlier this month, Dotcom celebrated the end of ACTA and similar American legislation aimed at regulating the Internet by writing to his followers, “SOPA is dead. PIPA is dead. ACTA is dead. MEGA will return. Bigger. Better. Faster. Free of charge & shielded from attacks. Evolution!”
Elsewhere in the number, Dotcom reaches out directly to President Obama, insisting that the “change” that was promised during his 2008 campaign for the White House turned out to be nothing more than an attempt to bring difference to the Web by way of regulation. “What about free speech, Mr. President?” Dotcom asks. “What happened to change, Mr. President? Are you pleading the fifth, Mr. President? Are you going to fix this, Mr. President?”
Dotcom then deters his lyrical attacks to take aim at the entertainment industry representatives who have largely pushed for SOPA and PIPA, whose clout on Capitol Hill almost cost the rest of the country their Internet freedoms. “Hollywood marionettes [are] taking over our Internet,” he sings. “Don't let them get away with that.”
Before the song concludes, Dotcom asks his listeners to “Keep sharing this song.” “If you can't blog – tweet. If you can't tweet – like. But by all means – keep sharing.”
Verizon Wireless wants to 'edit' your Internet access.(CNet).
What if your wireless provider gave you Internet access and search results according to what it decided was a "priority"?
As a Verizon Wireless customer, I'm furious at the idea that it would "pick favorites" over what I was actually looking for -- especially if it was an emergency.
But that's just what Verizon is fighting in court to do right now. Verizon has filed a brief (Verizon vs. FCC) with the U.S. Court of Appeals for the D.C. Circuit for the "freedom" to edit your Internet, dear customer. If you think this would remain a Verizon issue, think again. If Verizon gatecrashes Internet access filtering, you better bet that other ISPs will hustle to get on the train to sell Internet "priority" spots to the highest bidders.
This comes at the same time that Verizon is set to win approval from the FCC, according to reports, in an airwave buyback deal from a group of cable companies (including Time Warner and Comcast). Only the U.S. Justice Department can block the deal.
Verizon is suing to have the FCC's net neutrality order thrown out -- and it's not the first time, as Verizon was quick to challenge the FCC about this very issue in 2011 when the FCC first set such rules.
The FCC's order was intended to keep the Internet as it was when it began -- to keep Internet service providers like Verizon from becoming "editors" or gatekeepers. It holds that neither Verizon nor any other Internet provider can block or slow access to online content, including if they disagree with its message or are being paid by a third party to favor some alternative.
Verizon's argument is sure to enrage people who cherish the free and open Internet. Verizon's reason is that Internet/broadband providers inherently have "editorial discretion."Hmmmm............“Withholding information is the essence of tyranny. Control of the flow of information is the tool of the dictatorship.” ~ Bruce Coville.Read the full story here.
F.B.I. warning :"You may not be able to connect to the internet after July 9". HT: IsraelMatzav.On July 9, 2012, there is a chance that many computers will cease to be able to surf the web because of malware that proliferated among millions of computers starting in 2007. You can find out if your computer is among them.
Starting in 2007, an Internet fraud ring running out of Estonia infected millions of computers worldwide with a virus to manipulate internet advertising. The way they did this was by redirecting users to rogue DNS servers which gave the cyber thieves the ability to manipulate users’ web activity by redirecting them from legitimate websites to fraudulent ones.
US authorities seized the rogue servers and replaced them with legitimate ones in order not to disrupt victims’ access to the web. However, those servers have been funded by US taxpayer dollars since November 2011, and of course this cannot go on indefinitely. The planned date for turning off the servers is July 9, which means that computers that have been accessing the web via these rogue-turned-legit servers, will lose that ability.
How to check if your computer is using rogue DNS servers
To find out if your computer is clean, or is using the rogue DNS servers, take the following steps:
Find out what your computer’s IP address is. You can do this by visiting this site: WhatIsMyIP. Your IP address is the 10 digit number that looks like this: 12.123.12.123. Copy it down somewhere.
Click on Check Your DNS. If your computer is clean, you’ll see the message: “Your IP is not configured to use the rogue DNS servers,” and you can breathe a sigh of relief.
If your computer is not clean, then you’ve got quite a job ahead of you. Visit this page on the DNS Changer Working Group site to see the steps you should take to clean your computer.
The FBI is encouraging users to visit a website run by its security
partner,http://www.dcwg.org,
that will inform them whether they're infected and explain how to fix the
problem. After July 9, infected
users won't be able to connect to the Internet. Will : I've posted on April 21 - 2012. a story on this before.
It can be read here.
RIAA chief: ISPs to start policing copyright by July 1.(CNet).Comcast, Time Warner, and Verizon are among the ISPs preparing to implement a graduated response to piracy by July, says the music industry's chief lobbyist.The country's largest Internet service providers haven't given up on the idea of becoming copyright cops. CNET broke the news last June that the RIAA and counterparts at the trade group for the big film studios, had managed to get the deal through--with the help of the White House.
Last July, Comcast, Cablevision, Verizon, Time Warner Cable and other bandwidth providers announced that they had agreed to adopt policies designed to discourage customers from illegally downloading music, movies and software. Since then, the ISPs have been very quiet about their antipiracy measures.
But during a panel discussion before a gathering of U.S. publishers here today, Cary Sherman, CEO of the Recording Industry Association of America, said most of the participating ISPs are on track to begin implementing the program by July 1. "Each ISP has to develop their infrastructure for automating the system," Sherman said. They need this "for establishing the database so they can keep track of repeat infringers, so they know that this is the first notice or the third notice. Every ISP has to do it differently depending on the architecture of its particular network. Some are nearing completion and others are a little further from completion." The program, commonly referred to as "graduated response," requires that ISPs send out one or two educational notices to those customers who are accused of downloading copyrighted content illegally. If the customer doesn't stop, the ISP is then asked to send out "confirmation notices" asking that they confirm they have received notice. At that time, the accused customers will also be informed of the risks they incur if they don't stop pirating material. If the customer is flagged for pirating again, the ISP can then ratchet up the pressure. Participating ISPs can choose from a list of penalties, or what the RIAA calls "mitigation measures," which include throttling down the customer's connection speed and suspending Web access until the subscriber agrees to stop pirating. Read the full story here.
U.S. Six Strikes Copyright Infringement Scheme Delayed Again.(GP).And it's one, two, six strikes you’re out at the old ball game - but the ball game has been delayed. And when I say ballgame, I mean the agreement between rights holders in the United States and Internet service providers which would institute a "six strikes" system for those naughty people that infringe on copyrights while using the Internet... In an undetermined (at this point) number of months, the Center for Copyright Information (CCI) will begin the process of tracking down copyright infringers as part of an agreement all major U.S. Internet providers struck with the MPAA and RIAA. All of the parties involved eventually agreed to a system where copyright infringers would receive a series of warnings from their service providers telling them that that their behavior is unacceptable and would offer some form of "education" to show those individuals the error of their ways. After six warnings ISPs can decide what kind of action to take against repeat offenders including slowing down connections or temporary disconnections. The agreement was called "Copyright Alerts" when it was revealed in July of last year and some ISPs were expected to send out the first warnings before the end of 2011. But something happened and that deadline passed by without a peep from all involved. The one thing that was revealed was that there was a new deadline: July 1, 2012, but it looks like that one will be missed too.
Web site TorrentFreak recently asked the CCI about the upcoming target date:
"The dates mentioned in the Memorandum of Understanding (MOU) are not hard deadlines but were intended to keep us on track to have the Copyright Alert System up and running as quickly as possible and in the most consumer friendly manner possible," a spokesperson told the publication. "We do not intend to launch until we are confident that the program is consumer friendly and able to be implemented in a manner consistent with all of the goals of the MOU. We expect our implementation to begin later this year."
The CCI went on to tell the publication that the group has selected a third-party company that will be responsible for monitoring BitTorrent swarms, but did not reveal the name of that company.
"The technology partner we have identified and begun working with is an independent and impartial expert and we expect to have an announcement about the independent expert shortly," TorrentFreak was told. This could be why the six strikes plan has been delayed, because the unnamed technology partner is being doubly scrutinized to make sure their data collection methods are accurate.Read the full story here.
Google Agrees to Allow ‘Do-Not-Track’ Button in Browser.(BW).Feb. 23 (Bloomberg) -- Google Inc. will allow a “do-not- track” button to be embedded in its Web browser, letting users restrict the amount of data that can be collected about them. The world’s most popular search engine will join with other Web companies to support the anti-tracking initiative, which prevents an individual’s browsing history from being used to tailor ads, according to an e-mailed statement today.
“We’re pleased to join a broad industry agreement to respect the ‘do-not-track’ header in a consistent and meaningful way that offers users choice and clearly explained browser controls,” Google Senior Vice President of Advertising Susan Wojcicki said in the statement. Google, based in Mountain View, California, joined the initiative as the Obama administration unveiled plans to give consumers more control over their personal information online. Congress should enact a privacy bill of rights for Web users, the administration said in a report released today.
Revelations about potential privacy vulnerabilities during the past year have spurred calls from regulators and lawmakers in Washington for stronger protections of personal data online and on Internet-connected mobile devices.Hmmmm......‘If something sounds too good to be true, it probably is.’ Well, in the internet world, ‘If something sounds too good to be true, it definitely is.’We'll just have to wait to see where the 'Byte' is.Read the full story here.
" Kill switch Inside " Windows 8: Millions of PCs Will Get Kill Switches for the First Time.(BB).Janne Kytömäki, a Finnish software developer, was cruising Google’s (GOOG) Android Market for smartphone apps last year when he noticed something strange. Dozens of best-selling applications suddenly listed the same wrong publisher. It was as if Stephen King’s name had vanished from the covers of his books, replaced by an unknown author. Kytömäki realized the culprit was a piece of malware that was spreading quickly, and he posted his findings online. Google responded swiftly. It flipped a little-known kill switch, reaching into more than 250,000 infected Android smartphones and forcibly removing the malicious code. “It was sort of unreal, watching something like that unfold,” says Kytömäki, who makes dice simulator apps.
Kill switches are a standard part of most smartphones, tablets, and e-readers. Google, Apple (AAPL), and Amazon (AMZN) all have the ability to reach into devices to delete illicit content or edit code without users’ permission. It’s a powerful way to stop threats that spread quickly, but it’s also a privacy and security land mine.
With the rollout of the Windows 8 operating system expected later this year, millions of desktop and laptop PCs will get kill switches for the first time. Microsoft (MSFT) hasn’t spoken publicly about its reasons for including this capability in Windows 8 beyond a cryptic warning that it might be compelled to use it for legal or security reasons.
The feature was publicized in a widely cited Computerworld article in December when Microsoft posted the terms of use for its new application store, a feature in Windows 8 that will allow users to download software from a Microsoft-controlled portal. Windows smartphones, like those of its competitors, have included kill switches for several years, though software deletion “is a last resort, and it’s uncommon,” says Todd Biggs, director of product management for Windows Phone Marketplace.
Microsoft declined to answer questions about the kill switch in Windows 8 other than to say it will only be able to remove or change applications downloaded through the new app store. Any software loaded from a flash drive, DVD, or directly from the Web will remain outside Microsoft’s control. Hmmmmmm.......in the coming months unveiling of the Internet ID card...is it 'connected' with the 'kill switch' system?Read the full story here.
" Yes We Can! " - EU suspends ACTA ratification, refers treaty to European Court of Justice.(RT).The EU has suspended the ratification of the Anti-Counterfeiting Trade Agreement (ACTA) and referred the text to the European Court of Justice to investigate possible rights breaches. The European Commission decided on Wednesday to ask the EU’s top court “to clarify that the ACTA agreement and its implementation must be fully compatible with freedom of expression and freedom of the internet.
The ACTA debate “must be based upon facts and not upon the misinformation or rumor that has dominated social mediasites and blogs,” says EU Trade Commissioner Karel De Gucht. The EU will not ratify the international treaty until the court delivers its ruling, he added.
De Gucht insists the treaty will change nothing in the bloc, but help protect the creative economy.
European countries were quick to sign US- and Japan-lobbied ACTA agreement in Tokyo just a month ago. Ratification of the controversial agreement, however, is not going so smoothly.
ACTA faced fierce opposition by the Europeans, who saw it as an anti-democratic move. People took their anger to the streets in a synchronized protest, saying it violates their rights. About 200 cities participated in an anti-ACTA march on February 11.
The initial goal authorities pursued was to protect intellectual property and copyright, but human rights activists fought to prove its bias in favor of those in power. They argue it violates freedom of expression on the internet and allows unprecedented control of people’s personal information and privacy.
Some critics have been saying ACTA is a somewhat-disguised SOPA (Stop Online Piracy Act).
ACTA has so far been signed by the EU as a bloc, 22 EU members as individual states, and also by the USA, Canada, Japan, Australia, South Korea and some other countries. The total number of signatories to the treaty is 31.
The European Parliament is set to vote on ACTA in June. In parallel, the accord has to be ratified by all the 27 EU member states. Germany, the Netherlands, Cyprus, Estonia and Slovakia have not put individual signatures under the treaty as such and, in the wake of the mass anti-ACTA protests in Europe, are not eager to proceed with it. Bulgaria, the Czech Republicand Latvia suspended the ratification process, while Poland on the second thought refused to ratify the accord all together.
Wednesday’s decision means ACTA’s ratification in the EU could be delayed for months.
Bob Beschizza, the managing director of online magazine and group blog Boing Boing, says nothing can stop Internet file swapping.
“What the industry needs to do when it considers how it makes entertainment products – music, movies and so on – available, is make it so that people can easily buy them. People don’t want to be thieves. They don’t want to take things they are not entitled to,” he told RT.
Beschizza believes that legislative initiatives like ACTA never do anything to stop piracy.
“The way the Internet works [is], as long as two computers can connect to each other, people are going to find a way to share files. The Internet works by copying data,” he said. “So what we foresee is when these laws are passed, there’ll be all this social harm and there’ll be no actual prevention of piracy.”Hmmmm..........I wonder if king President Obama will refer ACTA to Congress and Senate?Read and see the full story here.
FBI May Shut Down Your Internet Access March 8th.(AP).This March 8th, the FBI is planning to unplug DNS servers it set up to help eliminate malware from over half of Fortune 500 companies and government agencies still infected in early 2012.The change could potentially leave a great number of Internet users without access to the Web.
InfoWorld reports:...the feds replaced the criminals' servers with clean ones that would push along traffic to its intended destination. Without the surrogate servers in place, infected PCs would have continued trying to send requests to aim at the now-unplugged rogue servers, resulting in DNS errors.
The malware, called DNSChanger Trojan, is said to illegally redirect traffic and prevent users from accessing the updates necessary to remove it. Without access to these critical patches, these large companies, government agencies, and home users are said to be more susceptible to hackers.
This prompted InfoWorld to wonder: This fact does raise the question of why so many Fortune 500 companies and government agencies have failed to notice they have a problem, as they presumably have IT security professionals on staff who should be monitoring such incidents.Those computers still infected with the Trojan will not be able to access the Internet after the FBI shuts down their temporary servers.The feds received a court order in November, 2011 to replace the "rogue" servers with surrogate servers to operate "just long enough for companies and home users to remove DNSChanger malware from their machines."
Rod Rasmussen, president of Internet security company Internet ID, told Krebs on Security that there are still millions of PCs infected with DNSChanger. “At this rate, a lot of users are going to see their Internet break on March 8.”A working group advising the FBI is said to be considering requesting an extension of the court order to give more time to users of infected machines to remove the malware. Although this may indeed be a very real problem that Internet users must be vigilant to protect themselves from, depending on the government to provide servers when their own agencies are infected doesn't seem like a trustworthy solution. Additionally, a previous private-government working group put together in 2009 to combat the Conficker Worm has accomplished very little as 3 million computers are still said to be infected.
These viruses are called Trojans because they are disguised as something friendly, enter computers, and then install malicious software. Someone with a healthy distrust of the government may see the FBI's warning that millions will be cut off from the Internet as a Trojan Horse itself so that they may retain control over the new servers.After all, if the FBI is controlling the "legitimate" servers, wouldn't they have access to all the traffic information of individual users and large corporations?
To ensure your computer is not infected please follow the instructions here. And follow Krebs on Security for news updates pertaining to this story.Read the full story here.
Related? Flashback 08 Feb, MFS- The Other News:
Bill would give DHS broader control of cybersecurity, follows corporate-sponsored MIT study recommendations.(AP).By Madison Ruppert.In December of last year I covered a study conducted by MIT with the help of “advisers” from the exact corporations which would benefit from the implementation of the recommendations of the report, and now it appears that these ideas have made their way all the way to Capitol Hill.This bill, which is reportedly currently before Congress, would give the Department of Homeland Security (DHS) significantly more monitoring power of the cybersecurity practices of private industries and services which are supposedly part of the United States’ critical infrastructure.The details of the bill have yet to be released, and I have not even been able to track down a number for the legislation yet so I can actually read it (if anyone can help me out with this I would be quite grateful).The small portions of the bill which have been made public attempt to define which companies are covered by the bill, although it is hardly as precise as one might like.Furthermore, I find it laughable that any legislation is allowed to be kept from the public at all, although given that our current government refuses to even justify why they think they are able to murder Americans without charge or trial, this is hardly unusual.The companies which will be affected by the bill have systems “whose disruption could result in the interruption of life-sustaining services, catastrophic economic damage or severe degradation of national security capabilities.”As I’m sure you can tell, this leaves a lot of wiggle room, something which legislators and bureaucrats love because it allows them to exploit the legislation as much as possible without technically violating it.A recent article in the Washington Post claims that the bill is just going to allow DHS to inspect the computer systems and networks which fall under this jurisdiction in order to determine if they are sufficiently secured against cybersecurity threats.I’m not sure if DHS and our so-called Representatives are aware, but our own deadly drone fleets are infected with malware. Maybe they should worry about securing the most critical of government systems before beginning to impose themselves on private industries.If they can’t even manage to secure unmanned aerial vehicles or Pentagon networks, who in their right mind would trust them to tell private industries what to do when it comes to securing their networks?This bill would allow the DHS to actually require companies to upgrade their systems and improve security if they decide they do not meet their arbitrary standards.Read the full story here.
Video: Why we must fight for our online rights—before they’re sold, legislated, and programmed away.
Egyptian social activist Wael Ghonim said, "If you want to liberate a society just give them the Internet."
While the Internet certainly played a major role in the Arab Spring uprisings, access alone does not guarantee availability of all the information and opportunities the Web has to offer.
Rebecca MacKinnon, whose new book, Consent of the Networked: The Worldwide Struggle for Internet Freedom, was released last week, addressed the issue of Internet freedom at a TED Talk in Edinburgh last year. She spoke of the Internet's "border busting" potential, as well as how that potential is being stifled by censorship—and not just in the places you would expect. There is, according to MacKinnon, a "Magna Carta moment" coming when the people will demand that "government and technology serve the world's people and not the other way around."Read the full story here.
