You are browsing the archive for Over Easy.

by msmolly

Over Easy: The Heartbleed OpenSSL Bug

7:45 am in Uncategorized by msmolly

NO HEARTBLEED 02The OpenSSL security bug known as Heartbleed was a huge technology failure that has opened the door to criminal hackers — and probably the NSA, though they’ve vehemently denied knowing about it.

The Heartbleed bug allows anyone on the Internet to read the memory of the systems protected by the vulnerable versions of the OpenSSL software. This compromises the secret keys used to identify the service providers and to encrypt the traffic, the names and passwords of the users and the actual content. This allows attackers to eavesdrop on communications, steal data directly from the services and users and to impersonate services and users.
[...]
We have tested some of our own services from attacker’s perspective. We attacked ourselves from outside, without leaving a trace. Without using any privileged information or credentials we were able steal from ourselves the secret keys used for our X.509 [public key] certificates, user names and passwords, instant messages, emails and business critical documents and communication.

As of 2014, two-thirds of all web servers use OpenSSL. But its project management team is made up of 4 people, and the entire group has only 11 members, of which 10 are volunteers, with lead developer Stephen Henson the single full-time employee. It is just one recent demonstration of how substandard the USA’s investment in its cybersecurity infrastructure really is. For example, in a typical year, the OpenSSL Software Foundation receives just $2,000 in donations (to support security software on those 2/3 of all web servers).

When researchers announced that they had discovered the Heartbleed bug, it had been present in OpenSSL software for several years, but they did not know whether it had been exploited to launch attacks. Now it is forcing websites to issue new certificates, and is causing a lot of us to change and strengthen passwords on dozens of websites, especially those we access to purchase goods and services, do banking, and pay bills. This is not necessarily a bad thing, given how complacent many of us have been about our passwords.

Bruce Schneier, a security expert, explains a bit about how Heartbleed works on his Schneier On Security blog.

Basically, an attacker can grab 64K of memory from a server. The attack leaves no trace, and can be done multiple times to grab a different random 64K of memory. This means that anything in memory — SSL private keys, user keys, anything — is vulnerable. And you have to assume that it is all compromised. All of it.

On Monday, Canada’s Revenue Agency said private information of 900 people had been compromised, and security experts warned that more attacks are likely to follow. Hackers were able to steal social insurance numbers (like our Social Security numbers) that Canadians use for employment and access to government benefits, and possibly some other data.

From Reuters:

Lior Div, chief executive of the cybersecurity firm Cybereason, said that ‘even non-sophisticated hackers’ will attempt to launch attacks that exploit the vulnerability with the tools that are publicly available.

‘We are in a race,’ Div said. ‘People who hadn’t thought about using this type of attack will use it now.’

A top rated password management company called LastPass provides a Heartbleed Checker tool that allows individuals (not limited to their customers) to enter a website URL and determine whether it used OpenSSL, and if so, whether it has been patched. For example, my investment company website got a green light, as did my credit union, but here’s what the tool showed for Facebook:

WARNING: www.facebook.com was confirmed as vulnerable either publicly via statement or on 4/8/2014 LINK

Assessment:  Change your password on this site if your last password change was more than 1 week ago.

So what do we do now?

Read the rest of this entry →

by msmolly

Over Easy: Surprise! We’re Being Scored!

7:45 am in Uncategorized by msmolly

BalticServers data center

Data Center

Our lives are an open book, and we may be the only ones who don’t know it!

We all know about FICO scores by credit agencies, and if we’re smart we download and examine our free reports annually. But did we know we also have a social media influence score (klout score)? How about a Job Security score? Fraud Risk score? We may even a Brand Name Medicine Propensity score that indicates how likely we’ll purchase generic drugs.

A new report by the World Privacy Forum, The Scoring of America: How Secret Consumer Scores Threaten Your Privacy and Your Future, describes in detail how we’re scored and how threatening it is, or could be. (A PDF of the 90-page report is available at the above link.)

Among American adults, each individual with a credit or debit card or a bank account is likely to be the subject of one or more scores.  Many individuals signed up under the Affordable Care Act have a score. Individuals who buy airline tickets have a score.
Individuals who make non-cash purchases at large retail stores likely have a score. Scores such as the medication adherence score, the health risk score, the consumer
profitability score, the job security score, collection and recovery scores, frailty scores, energy people meter scores, modeled credit scores, youth delinquency score, fraud
scores, casino gaming propensity score, and brand name medicine propensity scores are among the consumer scores that score, rank, describe, and predict the actions of
consumers.

We are familiar with credit scores if we’ve ever applied for a mortgage or auto loan, and their use is no longer a secret. But like the infamous metadata, these other nearly invisible (to us) consumer scores are derived from our personal data to predict our health, our spending habits, and even our likelihood of identity theft.

A Wall Street Journal investigation in December 2012 found that the Staples, Inc. website displayed different prices to people after considering the person’s distance from a rival brick-and-mortar store (OfficeMax or Office Depot). You may have heard of Target’s ability to predict whether a woman is pregnant using information gleaned from her shopping habits. After shopping at Target, a young woman began receiving mail at her father’s house with ads for diapers, baby clothing, cribs and other baby-specific products. This is how her father learned that the young woman was pregnant.

The World Privacy Forum report estimates that there are hundreds, probably thousands of predictive scores. A few examples cited in the report:

  • Job security score: Predicts future income and capacity to pay.
  • Churn score: Predicts when customers will move their business or account to another merchant.
  • Brand name medicine propensity score: Predicts if you will buy generics or brand name medications.
  • Fraud score: Predicts if a customer is not who they claim to be or may be up to some mischief.

The Federal Trade Commission has been looking into predictive consumer scoring, with the goal of studying what is happening now and may be coming, what the potential privacy concerns are, and what regulations may be needed. Privacy advocates would like to see federal regulators establish rules for the use of consumer scores, to make sure they are not being used unfairly or to discriminate. They believe the big data companies should be required to take steps to ensure that information is accurate, and to disclose that a predictive score was used, if that score adversely impacts someone’s employment, credit, insurance or any significant consumer opportunity.

Read the rest of this entry →

by msmolly

Over Easy: “We the People” Gets Pwned

7:45 am in Uncategorized by msmolly

We the People logoLast January at Over Easy, the topic of the day was the success or failure of the We the People website the Obama administration touted as a way for ordinary citizens to have their voices heard.

As of January 2014 there are at least 30 “We the People” petitions that have crossed the 100K threshold for an official White House reply, but have not gotten one, including eight that have been queued up for more than a year. Unanswered petitions have been waiting nearly ten months on average for a reply, according to a Nextgov analysis.

It seems that some of those ordinary citizens are getting a bit tired of petitions going unanswered and essentially being ignored. A new petition went up on Tuesday, and I don’t think it was entirely an April Fool’s prank:

Respond to all Whitehouse.gov petitions that get over 100k signatures within one month.

Whitehouse.gov petitions were intended to give the public a voice. The idea is that if more than 100,000 people all feel strongly enough about something to hand over their home address and personal email to the government and complete a nearly impossible CAPTCHA, then the President of the United States should have to respond to them. Because… democracy.

Here’s the problem: there are dozens of Whitehouse.gov petitions that have received more than 100k signatures, but have gone months and even years without a response (1). That’s not improving transparency, it’s the same gov’t spin we’ve always had. So what will it, Obama, hypocrisy or democracy? Sign!

Some petitions appear to have taken up permanent residence in the administration’s “ignore this one” pile, while others well below the 100K signature threshold have been answered — either because the administration has a canned response all ready to go, or it wants to put out a talking point so it makes an extra effort.

Some of the others waiting for response demand more thoughtful answers, or responding would force the administration to take a public position on a controversial subject it would much rather avoid. The average wait for a response now has slipped to nearly 300 days. Some of the petitions the White House is still actively ignoring deal with pardoning Edward Snowden, or firing District Attorney Carmen Ortiz, who prosecuted Aaron Swartz.

This new petition puts the administration in a position of having to agree to address petitions in a more timely manner. The Obama administration won’t like this if it intends to ignore some “uncomfortable” petitions until they’re out of office in 2016.

It’s quite possible that this petition was intended as an April Fool’s joke, but it makes a valid point nonetheless. So far it is a very long way from 100,000 signatures, so the White House is free to ignore it, which is exactly what it is likely to do.
Read the rest of this entry →

by msmolly

Over Easy: Correlation, Causation, and Preventable Diseases

7:45 am in Uncategorized by msmolly

Smallpox vaccine In July 2013, famous “anti-vaxxer” Jenny McCarthy was hired to replace Elisabeth Hasselbeck on The View, causing a storm of protest, including my post on July 19 here at Over Easy.

Jenny McCarthy gained considerable notoriety with her unfounded and refuted claims that childhood vaccines caused her son’s autism. (It is unclear whether he even has autism.) The study she based her claims on was retracted by The Lancet, and its author, Andrew Wakefield, was stripped of his medical credentials. Thanks in large part to Jenny McCarthy, an anti-vaccination (“anti-vaxxer”) movement has sprung up in recent years since the Wakefield study, causing many parents to elect not to have their youngsters vaccinated. You can still read, “My child was normal and bright until he received the MMR vaccine, and immediately began showing alarming symptoms!” testimonials from anguished parents who flock to articles about the subject to comment, insisting that correlation between the vaccination and the onset of symptoms must mean that the vaccination caused the condition. Many scientific studies have refuted the link, but the belief persists.

Not everyone has bought into McCarthy’s schtick, however. According to Slate, she invited people to respond to a question about their ideal mate using the Twitter hashtag #jennyasks, and “got a dose of her own anti-medicine.” The results are probably not what she expected.

The purpose of this post is not to rehash the debate, but to point out the impact of the anti-vaxxer movement, which is beginning to show alarming results.

Before the U.S. vaccination program started in 1963, 400 to 500 people died from measles every year here. Tens of thousands more were made very ill and were hospitalized. Today, that number has dropped to almost—but not quite—zero. And that’s because of vaccines.

However…

Cases of measles tripled here [in the US] in 2013, mostly due to anti-vaccination propaganda. There’s an outbreak in NYC going on right now, and one doctor isn’t afraid to point a finger right at the anti-vax movement. I don’t blame him; outbreaks tend to be centered in places where vaccine rates are low and someone traveling abroad brings the disease back with them.

An interactive map from the Council on Foreign Relations, Vaccine-Preventable Outbreaks, shows clearly how diseases that had been nearly eliminated have come roaring back in the past five years. The number of MMR vaccine recipients fell sharply during the 2000s, because charlatans like Jenny McCarthy and her often ignorant followers spread vaccine-autism hysteria. There was no effect on the incidence of autism, but it had a significant effect on the incidence of measles and mumps.

Vaccines.gov has an excellent diagram of Community or “Herd” Immunity that shows how vaccination affects the spread of illness. There are segments of the population — very young infants, those with compromised immune systems or allergies to components of the vaccine, etc. who cannot receive vaccinations of various kinds. The CDC has a comprehensive list of vaccines and who should not receive them at all, or should wait before being vaccinated.

I have seen reports of some physicians who refuse to treat unvaccinated individuals because of the risk to their other patients, especially vulnerable immune compromised individuals. There is some controversy among doctors about this decision, especially when parents claim a religious exemption from vaccinations.

But the fact remains that we are risking a comeback of preventible diseases, not only measles and mumps, but pertussis (whooping cough) and polio, which had been nearly eradicated. Michelle Bachmann spread the falsehood that the HPV vaccine, recommended for girls ages 9–14, causes mental retardation. Human papillovirus is the most common sexually transmitted infection, so common that nearly all sexually active men and women get it, and some types can cause health problems including cancers. But the HPV vaccine can stop this widespread health problem.

In the words of Phil Plait, author of the Slate article cited above,

…the lives we save may not be just our own, but that of the lovely toddler across the street, that of the carefree four-year-old next door, and every baby, every immune-compromised person, every elderly person we see. I’m even happy that my family’s own contribution to the herd immunity may save the life of some child whose parents didn’t vaccinate him.

No one deserves to die of measles. Of pertussis. Of polio. Of the flu. Talk to your board-certified doctor, and if they recommend it, get vaccinated.

UPDATE: BoxTurtle adds (comment #3) that there is a renewed outbreak of whooping cough, because the vaccines may be wearing off.
Why Whooping Cough Vaccines Are Wearing Off Read the rest of this entry →

by msmolly

Over Easy: Did They Know All Along?

7:45 am in Uncategorized by msmolly

Upstream slide of the PRISM presentation

PRISM presentation slide

Last June when Edward Snowden’s leaked documents revealed the existence of the PRISM program, almost all of the giant US internet companies listed as participants in PRISM, including Apple, Google, Microsoft, Yahoo, Facebook and others, insisted they did not know about the program and were not knowingly giving the NSA access to their customers’ information.

PRISM allows the NSA to collect material directly from the servers of major providers, including the contents of emails, file transfers, live video or voice chats, VoIP (such as Skype), videoconferencing, social media interactions, search history, etc. In November the Guardian published a large (41 slides) PowerPoint presentation that described PRISM program capabilities in detail and was apparently used to train intelligence personnel on the program.

The presentation states that these companies assisted with the operation of PRISM, but all of the companies denied knowing about the program at all. Google said, “Google does not have a back door for the government to access private user data” while Apple said it had “never heard of” PRISM. Senior executives of the tech companies insisted that if it was happening, it was being done without their knowledge.

But an article by Spencer Ackerman published in Wednesday’s Guardian argues that the companies did know all along.*

US tech giants knew of NSA data collection

The senior lawyer for the National Security Agency stated unequivocally on Wednesday that US technology companies were fully aware of the surveillance agency’s widespread collection of data, contradicting months of angry denials from the firms.

Rajesh De, the NSA’s General Counsel, said all communications content and associated metadata harvested by the NSA under a 2008 surveillance law occurred with the knowledge of the companies – both for the internet collection program known as Prism and for the so-called ‘upstream’ collection of communications moving across the internet.

The FISA Amendments Act passed in 2008, Title VII, section 702, allows the NSA’s foreign surveillance programs such as PRISM (and some earlier data collection activities previously authorized under the President’s 2001 Surveillance Program) to collect internet, phone, email, and other communications content when one party to the communication is reasonably believed to be a non-American outside the United States. The NSA stores PRISM data for five years, and communications taken directly from the internet for two years. Snowden’s leaked documents showed that the NSA has unmonitored blanket access to tech companies’ customer information. The secret FISA court (FISC) that oversees US surveillance activities renews authorizations annually for NSA targeted surveillance under Section 702. It isn’t clear what legal processes the government serves on a company to compel access to content and metadata under the PRISM program or upstream collection. Section 702 prohibits intentional targeting of Americans or US persons, known as “reverse targeting,” but the in the process of collection, large amounts of Americans’ phone calls and emails are swept up.

Section 702 also permits NSA analysts to search through the collected communications for identifying information about Americans, an amendment to so-called ‘minimisation’ rules revealed by the Guardian in August and termed the ‘backdoor search loophole’ by [Senate Intelligence Committee member Ron] Wyden.

[snip]

De argued that once the Fisa court permits the collection annually, analysts ought to be free to comb through it, and stated that there were sufficient privacy safeguards for Americans after collection and querying had occurred. ‘That information is at the government’s disposal to review in the first instance,’ De said.

Other Snowden documents the Washington Post published revealed that the NSA also siphons data in transit between the Google and Yahoo data centers, including from fiber optic cables between servers at various locations around the world, an activity reportedly conducted under Executive Order 12333. While an individual user may have an encrypted connection to a website, the internal data flows are not encrypted and allow the NSA to gather millions of records each month, including both metadata and such content as video, audio, and text.

* Late update: Mike Masnick at Techdirt says, “Not so fast, buddy!” After kudos to Spencer Ackerman’s customary outstanding reporting, Masnick says,

Read the rest of this entry →

by msmolly

Over Easy: The Tug-of-War Over Metadata

7:45 am in Uncategorized by msmolly

US-DeptOfJustice-Seal

Dept. of Justice Seal


This has been an interesting week in our surveillance state, with a tug-of-war between the FISA Court (FISC) and the DoJ over an ability to keep — or a requirement to dispose of — collected metadata. [You will recall the discussion of metadata at Over Easy last week.]

NSA’s metadata is an integral component of a series of lawsuits against the government. In February the DoJ asked the FISA Court to bend the minimization rules, and extend the metadata holding period from five years to an indefinite period. The DoJ argued that evidence could be destroyed that it might need to defend the government in lawsuits filed since Edward Snowden revealed the NSA’s bulk collection programs.

In a ruling last week, outgoing FISC Judge Reggie Walton turned the DoJ’s request down, highlighting the risk of granting the DoJ an extension, saying that an extension would significantly increase the likelihood of the metadata they keep being improperly used or disseminated. Changing the stipulations of the minimization procedures would put the entire metadata collection on shaky constitutional ground, since it almost entirely consists of information on American citizens who are not the subjects of any current NSA investigations.

Marcy Wheeler had this to say about the ruling:

Mind you, I’m not sure whether FISC or the government is right in this case, as I do have concerns about the data from the troubled period during 2009 aging off. But I will at least take some Friday afternoon amusement that the FISC just scolded the government about the word ‘relevant.’

But this week US District Court Judge Jeffrey Wright handed down a contradictory decision, ruling that the NSA is required to hold onto metadata relevant to ongoing lawsuits. This presented a conundrum for the NSA, requiring it to choose whether it would prefer data that doesn’t expire, or destroyed data that could never appear in court.

So then the NSA filed a motion asking the FISA court to reverse its decision on destroying the held metadata. The motion refers to the temporary restraining order Judge Wright issued mandating that the NSA retain the data until the pending cases are resolved. The NSA wound up under two contradictory notices, and it asked the FISA court to honor the District Court’s decision.

Yesterday FISC judge Reggie Walton issued an opinion in which he agreed with the District Court’s order, and he will allow the NSA to retain the metadata specifically related to the two cases listed in Judge Wright’s order: Jewel v. NSA, and First Unitarian Church v. NSA. The DoJ’s original request to retain the data was based on common law rules that are normally applied to retention of corporate data in civil cases, which is entirely unrelated to bulk surveillance metadata. Judge Walton also pointed out that none of the plaintiffs in the cases the DoJ listed had requested that the data be retained.

So the tug-of-war over our metadata goes on. Gee, I feel safer already!
Read the rest of this entry →

by msmolly

Over Easy: Hands Off My Metadata!

7:45 am in Uncategorized by msmolly

Give Her Back Her Metadata (9181610871)Are you still hearing, “But they’re just collecting metadata!” when the subject of the NSA’s rampant collection of information about us comes up? There is no such thing as “just metadata.” With enough different data points, your life becomes an open book that a variety of government agencies can examine at will. “Just metadata” is a big lie that supports the surveillance state, and makes a mockery of our expectation of privacy under the Fourth Amendment.

Last week the ACLU of Northern California Technology and Civil Liberties Project released Metadata: Piecing Together a Privacy Solution, a policy paper that explains some reasons why lawmakers originally decided to give metadata less protection than content, why those reasons are no longer valid, and what we can do to address the problem.

Keep in mind that metadata is information generated as you use technology. For phone calls, metadata includes the phone number of callers, serial numbers of phones involved, time and duration of call, and location of each participant. For emails, metadata includes (among other technical information) the sender’s and recipient’s name and email address, the sender’s IP address, the subject of the email, and the date, time and time zone. For Google searches (Google is so dominant in search engines that “to Google” has become a verb), metadata includes not only search queries and results but also pages you visit from those results. We generate metadata every time we use technology, and mostly we are blissfully unaware of it.

The introductory paragraphs of the policy paper paint a chilling scenario:

Imagine bringing a date home for dinner. You put the laptop away and mute your phone. You prepare a gourmet home-cooked meal for two, queue up a selection of romantic songs and pick out a movie to watch after dinner. As the evening winds down, your heart races a bit as you go in for a kiss and wonder how your night will end.

Now imagine that someone is monitoring each and every event of your evening. Oh, don’t worry, they’re not actually watching you or listening in on your conversation. They just know who you emailed or called just before you put your computer away. They know what you bought for dinner and how you prepared it. They know who came over, where he or she came from and how long he or she stayed. They know what time you started the movie and which songs you listened to. They even know what time you turned off the lights — and whether or not the music was still playing when you did. And they know all of this without ever getting a search warrant.

The ACLU report describes just how much metadata reveals about a person, a fact that government agencies know quite well but don’t want to admit to the public. The entire report is eye-opening and well worth reading, especially by anyone who still buys into the NSA’s attempt to deflect scrutiny by claiming they are “just collecting metadata.”

The report proposes five strong principles to guide the protection of metadata (abbreviated here):

➤ Protect Sensitive Information Regardless of Form

In order to adequately protect individual privacy, legal protections must apply to all sensitive personal information, regardless of the type or category of that information. This is the only way to produce a forward-looking regime that is capable of keeping pace with the rapid evolution of technology.

➤ Protect Sensitive Information Regardless of Possessor or Storage Location

The idea of robust privacy protections for metadata is fundamentally inconsistent with the third party doctrine. While there are various types of metadata that individuals generate and retain on their own device or otherwise in their possession, the overwhelming majority of metadata is created or captured by third parties.

➤ Protect Sensitive Information Derived from Data Aggregation

Comprehensive protection of metadata must also take into account the fact that large sets of data can reveal sensitive information that cannot be inferred from any specific element in that set. This means that privacy protections need to apply not only to data directly collected from an individual but also to any inferences or derivative information generated through the analysis of that data.

➤ Provide Tools and Guidance for Law Enforcement Access to Metadata

Read the rest of this entry →

by msmolly

Over Easy: Tech Notes for Friday

7:45 am in Uncategorized by msmolly

Teléfono de cordel (1882)

Let’s chat!

Last Friday, Apple quietly pushed out an update for its iOS mobile devices (iPhone, iPad, iPod) to fix a major security flaw known as “gotofail” that could allow hackers, even those with low-level skills, to retrieve and control our sensitive information. Apparently it went unnoticed for 18 months! The flaw is in the way iOS 7 validates the SSL (secure socket layer) certificates intended to protect websites, and could allow an attacker on the same network as a victim to eavesdrop on all the victim’s activity. On Tuesday Apple finally released an update that fixes the gotofail flaw for Mac computers. Find out if you are vulnerable at the gotofailweb page, which will automatically assess your device and (in the case of Macs) which apps may be vulnerable. The Safari browser, of course, is one.

Bitcoin-coinsBitcoins, which exist in electronic form, depend on a network of computers that solve complex mathematical problems to verify and record every transaction. Investors deposit their bitcoins in digital “wallets” at various exchanges. Bitcoin deposits have no government-backed insurance as bank accounts do. Instead, customers have the same legal remedies as anyone who entrusts property to an institution that fails to protected it adequately.

Mt. Gox was the largest exchange, but it and other exchanges halted withdrawals after a series of cyber attacks. Customers were unable to access their accounts. Read How Mt. Gox went down. Mt. Gox also is being investigated by Federal prosecutors.

Minor update on Aereo this week: Broadcasters Warn Supremes Of The Innumerable Non-Existent Horrors That Will Befall Everyone If Aereo Wins.

…broadcasters have long argued that if they’re not given what they want they’re sure to go out of business, even if the evidence never actually supports that. Their latest incarnation of that has been in heavy rotation during their battle against live TV streaming service Aereo, with broadcasters arguing that if Aereo is allowed to survive, they’ll pull all of their broadcast channels from over the air and move them to paid cable tiers.

I say they should go right ahead and do that. The publicly-owned airwaves these broadcasters are using could certainly be put to better use. I’ll bet the broadcasters will love the anger of sports fans and the politicians who’ll side with those fans to gain political brownie points. Heh.

Here’s what they’re saying:

The petitioners are appealing the denial of an injunction at the 2nd Circuit and are hoping to undercut Aereo’s own position that what it does is private in nature. The TV broadcasters reject Aereo’s conclusion that cloud computing and other novel technologies could be at stake, but they do raise dire warnings about what might happen should the Supreme Court rule in Aereo’s favor. As the brief states, ‘Indeed, if that is the world in which broadcasters must live, then they may be forced to reconsider whether they can afford to continue making the same quantity and quality of programming available to the public for free in the first place.’

Finally, we see that the UK’s GCHQ, the NSA’s collaborator in the out-of-control surveillance state, has been intercepting Yahoo webcam images from millions of users.

Britain’s surveillance agency GCHQ, with aid from the US National Security Agency, intercepted and stored the webcam images of millions of internet users not suspected of wrongdoing, secret documents reveal.

GCHQ files dating between 2008 and 2010 explicitly state that a surveillance program codenamed Optic Nerve collected still images of Yahoo webcam chats in bulk and saved them to agency databases, regardless of whether individual users were an intelligence target or not.

All in the name of keeping us safe™ I’m sure!

by msmolly

Over Easy: Tiny Aereo’s Fight With Big Broadcasters

7:30 am in Uncategorized by msmolly

Television Antenna - WTVR (2235691874)

Today’s TV antenna — soon to be a relic?

Barry Diller-backed startup Aereo is challenging the “big boys” of broadcast television, and so far, it has been winning. Here’s how Aereo describes its service:

Watch live TV online. Save shows for later. No cable required. With Aereo, you can watch real, live TV through a tiny remote antenna you control over the Internet — from home or anywhere in your home coverage area.

Aereo is a system that allows customers to access live broadcast over-the-air television (no cable or satellite channels) via their computers or other devices, with additional DVR features such as rewind or pause. Aereo doesn’t require rabbit ears or a rooftop antenna — customers rent (for about $8 – $12 per month) a dime-sized antenna in a vast array of TV antennas at an Aereo-owned location that pick up over-the-air broadcast signals and offer a very high speed Internet connection to a DVR-type device in the “cloud.” A nifty diagram of how it works is here.  Customers can launch Aereo on a smart phone, tablet, computer, or (with AppleTV or a Roku) watch on an existing TV set. The service is available in 11 United States broadcast markets, and the company plans to add more.

TV networks rake in enormous amounts of revenue from the carriage fees that cable and satellite companies pay to retransmit local broadcast channels. It is a multibillion dollar business, and broadcasters argue that Aereo is stealing TV signals without paying. Aereo says the tiny antennas it uses to capture signals before relaying them over the Internet should be treated no differently than antennas people legally use on their rooftops to pull in broadcast TV signals for free. The difference is only the length of the “cable” from the antenna to the TV device.

In March 2012 broadcasters including PBS, Fox, and Univision, filed two separate lawsuits against Aereo (collectively representing most of the major media outlets in New York City). They claimed that Aereo infringes on broadcasters’ copyrights. Broadcasters sought an injunction to prevent Aereo from releasing its product on the market, and sought monetary damages, but Aereo won at both the district court and appeals court levels in that suit.

In April 2013, the U.S. Second Circuit Court of Appeals rejected an appeal from TV networks by a 2-1 vote, concluding that Aereo’s system does not infringe the broadcaster’s copyrights. The broadcasters also argued that Aereo lacked the proper license to operate, but the court ruled that the license doesn’t matter, because Aereo customers are streaming their own unique copies to themselves. The decision cleared major legal hurdles for Aereo, forcing broadcast networks to win an appeal either at the full Second Circuit, or at the Supreme Court if they want to shut the streaming service down.

Last October Aereo won an important ruling in a Massachusetts federal court, when a U.S. District Judge denied an injunction request made by Hearst Station, owner of ABC affiliate WCVB-TV. The broadcaster had argued in its copyright lawsuit that Aereo’s system of capturing over-the-air TV signals and delivering them to subscribers’ digital devices is a violation of public performance rights and amounts to delivering copyrighted works. Also in October, Aereo was sued in Utah. Fox, CBS, and local TV affiliates have just filed a lawsuit in district court, claiming that Aereo is retransmitting their valuable content without their permission, and without paying a fee.

Aereo argues that,

consumers are legally entitled to access broadcast television via an antenna and they are entitled to record television content for their personal use. Innovations in technology over time, from digital signals to Digital Video Recorders (‘DVRs’), have made access to television easier and better for consumers. Aereo provides technology that enables consumers to use their cloud DVR and their remote antenna to record and watch the broadcast television signal to which they are entitled anywhere they are, whether on a phone, a tablet, a television or a laptop.

Aereo’s CEO believes that the TV networks will go to Congress if necessary, and both CBS and News Corp have threatened to drop broadcast TV altogether if Aereo isn’t stopped. Even if the chances of that seem slim, it shows how much of a threat the networks believe Aereo poses to their lucrative revenue stream.

A Utah judge on Wednesday issued a preliminary injunction stopping Aereo from operating in several Western states until the U.S. Supreme Court takes up a related case in April:

Read the rest of this entry →

by msmolly

Over Easy: A Small Price to Pay?

7:45 am in Uncategorized by msmolly

Caricature of James Clapper

We’re only keeping you safe!

The myths surrounding the revelations by Ed Snowden about the unchecked surveillance state are like zombies that never die. After I posted the Day We Fight Back information on my Facebook timeline on Tuesday, a friend I’ll call “Susan” (not her real name) replied with the following comment:

I’m sorry but I believe it’s a small price to pay for our protection from evil.

The myths surrounding the NSA’s surveillance persist, despite some excellent attempts to counter them with facts. An article from The Guardian, republished on the ACLU website, tries to set things straight.

Within minutes after the Guardian published that first leak on the NSA’s activities, pro-surveillance forces starting making bold claims about how necessary broad spying is to our very security. And almost every justification for indiscriminate spying on Americans and people abroad has been methodically refuted ever since. It turns out that assertions made by the administration, members of Congress and security commentators were little more than myths.

Just a few of those myths:

NSA surveillance programs have thwarted terror attacks here at home.

Administration representatives insisted during hearings that spying, including vast collection of phone metadata, had stopped 54 terror incidents. When pressed for specific details, the administration said around 10 were based in the US. That number finally shrank to one San Diego cab driver who was convicted of sending $8,500 to a Somali terrorist group. So it turns out that there were no attacks in America that were derailed by domestic spying.

Top National Security Experts: Spying Program Doesn’t Make Us Safer, and Spying Leaks Don’t Harm America

We’ve stayed safe. Doesn’t that prove the government efforts have worked?

This is like believing that government spying has prevented alien invasions or stopped boogeymen from hiding under our beds. The 9/11 attacks argument is a straw-man justification for whatever the NSA wants to do, just another way of scaring us into accepting anything in the name of Keeping Us Safe™. NSA spying would not have stopped 9/11, because the government already had information it needed, and didn’t effectively share or act on it.

NSA’s programs only work if they collect all information on everyone.

In their investigation the Privacy and Civil Liberties Oversight Board found no cases supporting the need for bulk collection, and concluded that bulk collection has not provided any information that the NSA could not have gotten using more targeted surveillance.

They’re only collecting metadata, not listening in on our calls.

The NSA reportedly traces three hops from a target: Alice knows Bob, Jeff, and Rebecca. But if Jeff becomes a target, Jeff’s three hops mean the NSA can check out Fran, Evan and Gloria. The Guardian calculated that if Alice has 50 friends, the number of targets generated under the NSA’s three-hops rule would be more than 1.3 million people. I really do hope that you (and everyone you know, and the 1.3 million people they know) don’t mind too much. Are you OK with the government knowing whom you call and when, from where to where, and how long your call lasts, and for the government then to know who those people called and when and for how long?

There’s no less-intrusive way to achieve the same goals.

Read the rest of this entry →