EFF Appeals Dismissal of Warrantless Wiretapping Case: Via EFF.org Updates.

EFF today filed its appeal to the 9th Circuit Court of Appeals of the dismissal of Jewel v. NSA, the case EFF brought against the U.S. government and government officials on behalf of AT&T customers to stop the National Security Agency's illegal, unconstitutional, and ongoing mass surveillance of their communications and communications records. The case arises from the still growing stacks of evidence confirming the surveillance, including the technical documents presented by former AT&T employee Mark Klein that describe the NSA's secret mass wiretapping facility in San Francisco. [ Read more ... ]

Hooking Up The Big Brother Machine... And Fighting It: Via EFF.org Updates.

Here's a movie pitch: One lone telecommunications technician, going about his ordinary daily work in San Francisco, begins to realize things aren't quite what they seem. There's a "secret room" downstairs, and ordinary employees aren't allowed to enter it. Coworkers — almost casually! — remark that a government spy agency is involved, that similar facilities are being built across the country, that some of them are stamped with the government's ominous eye-and-pyramid "Total Information Awareness" logo.

Soon, the plot thickens. Mundane technical procedures produce startling revelations. He stumbles on a document that suggests the room contains a supercomputer designed to data-mine phone calls and Internet traffic. And, indeed, he soon realizes that the room is sucking up copies of electronic communications from millions of random Americans.

All this in the early 2000s, when "the political atmosphere in the country after 9/11 had a witchhunt feel to it, and even modest criticism of the administration was getting painted as disloyalty or worse."

What happens to our hero when he finally decides to go public? [ Read more ... ]

Zeus botnet dealt a blow as ISP Troyak knocked out: Via Computerworld Cybercrime/Hacking News.

Internet service providers linked to the notorious Zeus botnet have been taken down, knocking out a third of the command-and-control servers that run the network of hacked machines.

Two ISPs, named Troyak and Group 3, were home to 90 of the 249 known Zeus command-and-control servers. Zeus Tracker, a Web site that tracks the botnet, noticed the steep drop in servers on Wednesday morning.

The Troyak network was itself an upstream provider to six networks, known to host a large number of cybercrime servers, including Web sites used in drive-by attacks and phishing sites, according to Kevin Stevens, a researcher with SecureWorks. "There's lots of Zeus and Fragus exploit kit [sites]," he said. Whoever was behind the takedown "just decided to knock out a large area of cybercirme, and this was probably one of the easiest ways to do it." [ Read more ... ]

The Botnet Challenge: by CDT Via Comcast Voices | The Official Comcast Blog.

Editor's Note: Our thanks to Leslie Harris, President and CEO, Center for Democracy & Technology, for writing this guest blog post about botnets.

Botnets are armies of computers that criminals have infected with malicious software so they can control them to remotely to steal information, launch denial-of-service attacks, spread malware and host illegal content. Botnets are one of the most serious threats to Internet security today. They have compromised untold millions of computers – and even DSL routers – worldwide. The Conficker worm alone has infected up to 15 million consumer, business and government computers into a massive botnet in a little over two years.

Botnet armies are built on the computers of regular Internet users who have no idea that their PCs have been compromised and are being used for malicious purposes. In fact, botnets depend on users’ ignorance in order to stay operational. At the same time, the spam, phishing, and denial-of-service attacks that botnets perpetrate may have little or no impact on the compromised users or their ISPs, while wreaking havoc on faraway users connected to entirely different networks. [ Read more ... ]

Major ISPs Help Fund BitTorrent User Tracking Research: Via Slashdot YRO.

An anonymous reader writes "I was scanning conference proceedings to come up with ideas for a reading group I run at my workplace, and I noticed an interesting paper from the new IEEE WIFS forensics conference. Researchers from the University of Colorado have published a technique for tracking BitTorrent users (PDF) by joining and actively probing torrent swarms using low-cost cloud computing services. They claim their methods allowed them to monitor the entire Pirate Bay torrent set for as little as $13/mo using EC2. But that's not even the interesting part. Their work appears to have been 'funded in part through gifts from PolyCipher' — a broadband ISP consortium. That's right; three major national ISPs funded this round of BitTorrent tracking research, not the MPAA/RIAA. Could this be evidence of ISP support for ACTA and a global three-strikes law?"

Read Original Article:(Via Slashdot.)

Thousands Sign Petition Protesting Net Neutrality Loopholes for Copyright Enforcement: Via EFF.org Updates.

San Francisco - The Electronic Frontier Foundation (EFF) submitted a petition signed by more than 7000 people to the Federal Communications Commission (FCC) today demanding that the agency close a loophole for copyright enforcement in its proposed regulations for network neutrality.

The petition is part of EFF's reply comments in the FCC's net neutrality rulemaking. The FCC's proposed rules generally prohibit ISPs from discriminating or blocking lawful content, but include a loophole for 'reasonable network management' by ISPs. The proposed rules then define 'reasonable network management" to include measures taken by ISPs to block unlawful content or transmissions. This exception would effectively permit ISPs to violate net neutrality rules and block lawful activities in the name of copyright enforcement.

"We can't afford to let lawful speech become collateral damage in Hollywood's war on copyright infringement," said EFF Senior Staff Attorney Fred von Lohmann. "Net neutrality regulations should not excuse ISPs that interfere with lawful content just because they claim they were acting as copyright cops." [ Read more ... ]

The Weakest Link Redux: Via EFF.org Updates.

We often criticize DMCA takedown abuse here at EFF, but last week's Cryptome snafu highlights another facet of the problem: how a DMCA takedown for one item can result in the removal of lots of lawful material.

To recap, Cryptome posted Microsoft’s global criminal compliance manual. Microsoft sent a DMCA takedown notice to Cryptome’s domain name registrar and web hosting provider, Network Solutions, alleging that the post infringed copyright. Under the DMCA, a web hosting provider is protected from copyright infringement liability if, among other things, it “expeditiously” disables access to material properly identified in a DMCA takedown notice. Network Solutions asked Cryptome to remove the Microsoft compliance manual. Cryptome refused explaining that the document was posted in order to help the public better understand Microsoft's practices, and followed up with a DMCA counternotice. Network Solutions promptly shut down the entire Cryptome website. Thus, a complaint about a single document caused significant collateral damage to the perfectly legal material on Cryptome. [ Read more ... ]

Cyberwar Hype Intended to Destroy the Open Internet: Via Threat Level.

The biggest threat to the open internet is not Chinese government hackers or greedy anti-net neutrality ISPs, it’s Michael McConnell, the former director of national intelligence.

McConnell’s not dangerous because he knows anything about SQL injection hacks, but because he knows about social engineering:  McConnell is the nice-seeming guy who is willing and able to use fear-mongering to manipulate the federal bureaucracy for his own ends, while coming off like a straight shooter to those not in the know.

When he was head of the country’s national intelligence, he scared President Bush with visions of e-doom, prompting the president to sign a comprehensive secret order that unleashed tens of billions of dollars into the military’s black budget so they can start making firewalls and malware into military equipment. And now McConnell, back safely in civilian life as a vice president at the secretive defense contracting giant Booz Allen Hamilton, is out in front of Congress and the media, peddling the same Cybaremaggedon! gloom.

And now he says we need to re-engineer the internet. [ Read more ... ]

Open Wi-Fi 'outlawed' by Digital Economy Bill(UK)k: Via ZDNet.co.uk .

The government will not exempt universities, libraries and small businesses providing open Wi-Fi services from its Digital Economy Bill copyright crackdown, according to official advice released earlier this week.

This would leave many organisations open to the same penalties for copyright infringement as individual subscribers, potentially including disconnection from the internet, leading legal experts to say it will become impossible for small businesses and the like to offer Wi-Fi access.

Lilian Edwards, professor of internet law at Sheffield University, told ZDNet UK on Thursday that the scenario described by the Department for Business, Innovation and Skills (BIS) in an explanatory document would effectively "outlaw open Wi-Fi for small businesses", and would leave libraries and universities in an uncertain position. [ Read more ... ]

China Widens Net Censorship; Google Exile Looms: Via Threat Level.

The Chinese government is imposing new internet restrictions demanding personal-website operators to acquire central-government permission to operate their sites.

The latest censorship measure, which covers .cn domestic domains, comes as Google is trying to convince Chinese censors to ease up. Google said 43 days ago it would undertake a self-imposed exile from China if the government does not back off from requiring it to censor search results.

The government said the latest move — which also requires site owners to submit a photograph and to show identification — was targeted at tackling pornography. Critics, though said it was based on silencing political dissent. China did not say when the rules would be enforced. [ Read more ... ]

Leaked ACTA draft reveals plans for internet clampdown: Via Computerworld(NZ).

ISPs must snoop on subscribers or face being sued by content owners

The US, Europe and other countries including New Zealand are secretly drawing up rules designed to crack down on copyright abuse on the internet, in part by making ISPs liable for illegal content, according to a copy of part of the confidential draft agreement that was seen by the IDG News Service.

It is the latest in a series of leaks from the anticounterfeiting trade agreement (ACTA) talks that have been going on for the past two years. Other leaks over the past three months have consisted of confidential internal memos about the negotiations between European lawmakers.

The chapter on the internet from the draft treaty was shown to the IDG News Service by a source close to people directly involved in the talks, who asked to remain anonymous. Although it was drawn up last October, it is the most recent negotiating text available, according to the source.

It proposes making ISPs (internet service providers) liable under civil law for the content their subscribers upload or download using their networks. [ Read more ... ]

ACTA "internet enforcement" chapter leaks: Via Boing Boing .

Someone has uploaded a PDF to a Google Group that is claimed to be the proposal for Internet copyright enforcement that the USA has put forward for ACTA, the secret copyright treaty whose seventh round of negotiations just concluded in Guadalajara, Mexico. This reads like it probably is genuine treaty language, and if it is the real US proposal, it is the first time that this material has ever been visible to the public. According to my source, the US proposal is the current version of the treaty as of the conclusion of the Mexico round.

I've read it through a few times and it reads a lot like DMCA-plus. It contains, for example, a duty to technology firms to shut down infringement where they have "actual knowledge" that such is taking place. This argument was put forward in the Grokster case, and as Fred von Lohmann argued then, this is a potentially deadly burden to place on technology companies: in the offline world Xerox has "actual knowledge" that its technology is routinely used to infringe copyright at Kinko's outlets around the world -- should that create a duty to stop providing sales and service to Kinko's?

This also includes takedown procedures for trademark infringement, as well as the existing procedures against copyright infringement. [ Read more ... ]

Anonymous Unfurls ‘Operation Titstorm’: Via Threat Level.

Several Australian government websites were slowly recovering Wednesday hours after the online prankster group, Anonymous, unleashed a massive distributed denial-of-service attack to protest the country’s evolution toward internet censorship.

The group, which has brought down Scientology’s websites and undertaken a host of other online pranks, dubbed the attack “Operation Titstorm” to protest the government’s move to require the filtering of pornography hosting adult actors if they appeared under age. Other violent material targeting children is also to be censored.

Anonymous, whose past targets include uncool virtual worlds, an epilepsy message board and a Neo-Nazi webcaster,  sent Australian media e-mail messages warning of the attack, the Sydney Morning Herald said. [ Read more ... ]

Identifying John Doe: It might be easier than you think: Via Freedom to Tinker.

Imagine that you want to sue someone for what they wrote, anonymously, in a web-based online forum. To succeed, you'll first have to figure out who they really are. How hard is that task? It's a question that Harlan Yu, Ed Felten, and I have been kicking around for several months. We've come to some tentative answers that surprised us, and that may surprise you.

Until recently, I thought the picture was very grim for would-be plaintiffs, writing that it should be simple for "even a non-technical Internet user to engage in effectively untraceable speech online." I still think it's feasible for most users, if they make enough effort, to remain anonymous despite any level of scrutiny they are practically likely to face. But in recent months, as Harlan, Ed, and I have discussed this issue, we've started to see a flip side to the coin: In many situations, it may be far easier to unmask apparently anonymous online speakers than they, I, or many others in the policy community have appreciated. Today, I'll tell a story that helps explain what I mean. [ Read more ... ]

FBI wants records kept of Web sites visited: Via Politics and Law - CNET News.

WASHINGTON--The FBI is pressing Internet service providers to record which Web sites customers visit and retain those logs for two years, a requirement that law enforcement believes could help it in investigations of child pornography and other serious crimes.

FBI Director Robert Mueller supports storing Internet users' "origin and destination information," a bureau attorney said at a federal task force meeting on Thursday.

As far back as a 2006 speech, Mueller had called for data retention on the part of Internet providers, and emphasized the point two years later when explicitly asking Congress to enact a law making it mandatory. But it had not been clear before that the FBI was asking companies to begin to keep logs of what Web sites are visited, which few if any currently do.

The FBI is not alone in renewing its push for data retention. As CNET reported earlier this week, a survey of state computer crime investigators found them to be nearly unanimous in supporting the idea. Matt Dunn, an Immigration and Customs Enforcement agent in the Department of Homeland Security, also expressed support for the idea during the task force meeting. [ Read more ... ]

Net Neutrality book now out: Via IT Law in Ireland.

I've been looking forward to reading Chris Marsden's new book Net Neutrality and am glad to see that it's now been released by Bloomsbury - with a free download (PDF) under a CC licence being the icing on the cake. This passage gives a sense of the perspective he takes: [ Read more ... ]

A Free Internet, If We Can Keep It: Via Freedom to Tinker.

“We stand for a single internet where all of humanity has equal access to knowledge and ideas. And we recognize that the world’s information infrastructure will become what we and others make of it. "

These two sentences, from Secretary of State Clinton's groundbreaking speech on Internet freedom, sum up beautifully the challenge facing our Internet policy. An open Internet can advance our values and support our interests; but we will only get there if we make some difficult choices now.

One of these choices relates to anonymity. Will it be easy to speak anonymously on the Internet, or not? This was the subject of the first question in the post-speech Q&A: [ Read more ... ]

Netflix to FCC: scary loophole in net neutrality rules: Via Law & Disorder Section - Ars Technica.

Netflix, the company that mails out DVDs and streams movies to millions of home theater potatoes, made the rounds to the Federal Communications Commission on Friday. The company's general counsel told staffers and Commissioners that the movie rental distributor supports the agency's proposed Internet nondiscrimination rules. But they also include a potentially nasty loophole, Netflix warned—the "managed services" category that the Commission created in its Notice of Proposed Rulemaking back in October.

Read Original Article:(Via Law & Disorder Section - Ars Technica.)

Privacy Recommendations for the National Broadband Plan: Via CDT - Center for Democracy & Technology.

Last week, CDT filed two sets of comments to the Federal Communications Commission regarding privacy concerns and expectations associated with broadband adoption and use. The FCC is in the process of drafting a national broadband plan and CDT has called upon the Commission to include in this plan a number of policy initiatives and reforms that could help spur the Internet’s continued growth. [ Read more ... ]

EU has doubts as ISP rolls out DPI for copyright enforcement: Via Law & Disorder Section - Ars Technica.

Back in November, UK ISP Virgin Media announced that it would start using deep packet inspection gear to start riffling through user traffic. The goal was to search some of the leading P2P networks in order to measure copyrighted material passing through them. Today, the European Commission indicated that the plan is problematic, and it will keep a close eye on the trial. [ Read more ... ]

CDT Offers Recommendations For FCC “Open Internet” Rules: Via CDT - Center for Democracy & Technology.

1/25/2010

CDT Comments to the FCC on Net Neutrality

FCC's NPRM

Internet Openness & Standards

Internet Neutrality

1) CDT Offers Recommendations in FCC’s “Open Internet” Proceeding

2) Questioning the FCC’s Assertions of Jurisdiction over the Internet

3) Comments on the Proposed Rules

4) The Road Ahead and the Comcast Appeal

Read Original Article:(Via CDT - Center for Democracy & Technology.)

12 Trends to Watch in 2010: Via EFF.org Updates.

It's the dawn of a new year. From our perch on the frontier of electronic civil liberties, EFF has collected a list of a dozen important trends in law, technology and business that we think will play a significant role in shaping online rights in 2010.

In December, we'll revisit this post and see how it all worked out. [ Read more ... ]

"Three Strikes" and Verizon: Not Happening: Via Public Knowledge.

Yesterday’s CNET report that Verizon had secretly adopted a “three strikes” policy towards alleged copyright infringers had our office all atwitter last night - how could a charter member of our ad hoc copyright reform coalition be engaging in such radical activity? Well, it turns out they weren’t.

As their misquoted spokesperson explains here, what Verizon employs is a process for passing on warning notices to alleged infringers, but that process does not include automatic termination. My guess is that to the extent that she was talking about infringers having their internet access terminated, she was referring to people who had been adjudicated by a court to be infringing, and as such, they would be violating Verizon’s terms of service.

Passing on warning notices that do not involve deep packet inspection is a process for limiting infringement that PK wholeheartedly supports and which appears to be quite effective. [ Read more ... ]

Congress takes a bold stand against surveillance abuses: Via Salon: Glenn Greenwald.

Fixating on and condemning abuses of other countries is one of the greatest weapons the U.S. Government wields for distracting attention away from its own transgressions:  like those gossip-obsessed individuals endlessly mucking around in and passing judgment on the personal lives of others as a means of ignoring their own failings:

The San Francisco Chronicle, yesterday:

Few expect Google Inc.'s stare-down with China to usher in a new era of openness across the Asian nation, but some believe -- or hope -- it could pressure the government to improve relations with foreign technology companies. . . . The Obama administration issued statements of support for Google, and members of Congress are pushing to revive a bill banning U.S. tech companies from working with governments that digitally spy on their citizens.

Verizon Terminating Copyright Infringers’ Internet Access: Via Threat Level.

While it was not immediately clear whether other internet service providers were following suit, the move comes as the Recording Industry Association of America and the Motion Picture Association of America are lobbying ISPs and Congress to support terminating internet access for repeat, online copyright offenders.

All the while, the United States has been privately lobbying the European Union to “encourage” so-called three strikes policies, according to leaked documents surrounding a proposed international intellectual property accord.

Verizon was not immediately prepared to comment in detail on the developments, first reported by CNET, or to detail how many of its more than 8 million broadband subscribers it has terminated — although CNET said the number was “small.” The RIAA declined comment.

“We reserve the right to do that,” Verizon spokeswoman Bobbi Henson said in a telephone interview regarding the terminations. [ Read more ... ]