FBI Apparently Made Darkweb Child Porn Site Faster During Its Hosting Of Seized Server

van TechDirt - 1 uur 37 min geleden

Another FBI/Playpen/NIT case has moved to the point of a motion to dismiss. The lawyer for defendant Steven Chase is arguing the government should abandon its prosecution because the FBI's activities during its conversion of child porn site Playpen into its own Rule 41-flouting watering hole were "outrageous." What did the FBI do (besides traveling beyond -- far beyond -- the warrant's jurisdiction to strip Tor users of their anonymity) to merit this accusation? It made Playpen a better, faster child porn website. Joseph Cox reports for Motherboard:

Newly filed court exhibits now suggest that the site performed substantially better while under the FBI's control, with users commenting on the improvements. The defense for the man accused of being the original administrator of Playpen claims that these improvements led to the site becoming even more popular.

“The FBI distributed child pornography to viewers and downloaders worldwide for nearly two weeks, until at least March 4, 2015, even working to improve the performance of the website beyond its original capability,” Peter Adolf, an assistant federal defender in the Western District of North Carolina, writes in a motion to have his client’s indictment thrown out.

The government generally isn't known for efficiency or immediate improvements, but the filing [PDF] points out that the gains were exponential.

From there the FBI distributed child pornography to viewers and downloaders worldwide for nearly two weeks, until at least March 4, 2015, even working to improve the performance of the website beyond its original capability. As a result, the number of visitors to Playpen while it was under Government control from an average of 11,000 weekly visitors to approximately 50,000 per week. During those two weeks, the website’s membership grew by over 30%, the number of unique weekly visitors to the site more than quadrupled, and approximately 200 videos, 9,000 images, and 13,000 links to child pornography were posted to the site.

A better child porn site, brought to thousands of criminal suspects all over the world by your tax dollars. What a time to be alive!

The motion to dismiss points out that making it easier and faster to download child porn images runs contrary to assertions the government has made in support of prosecutions and stricter penalties for child porn viewers.

This behavior is all the more shocking because the federal government itself – in sentencing memoranda, online mission statements, reports to congress, press releases, and arguments before this very Court and many others – has repeatedly emphasized that victims of child pornography are revictimized each and every time their images are viewed online. Despite these frequent pronouncements, the government here made no attempt during the two weeks it was running the site to reduce the harm to innocent third party victims by limiting the ability for users to view or access the images. Indeed, government agents worked hard to upgrade the website’s capability to distribute large amounts of child pornography quickly and efficiently, resulting in more users receiving more child pornography faster than they ever did when the website was running “illegally.”

And once the images have been downloaded from a (faster) source, they can be redistributed elsewhere, furthering the damage done to victims of child pornographers. It really can't be argued that the ends justified the means.

Once the government seized the server hosting the Playpen site, it possessed a wealth of information it could use to criminally prosecute users without resorting to operating the site for two weeks. Even if the government wanted to deploy an NIT, it could have done so without also rendering the Playpen site functional. It could have, for example, disabled access to the images of child pornography, turned off the ability to upload pictures or videos, or even just run the site for a much shorter period of time.

Moreover, as noted above, the government has charged less than 1% of Playpen members, the same percentage of users it already had IP addresses for on the day it seized the site. It cannot be that the government may distribute child pornography to a thousand users for each user it catches, particularly when it already has the necessary information to identify the same number of users before it had distributes a single image.

The defense points to a message [PDF] posted to the forums after the site was seized by the FBI as evidence the agency improved the site to better serve users (with its NIT). A Playpen administrator's account stated the following on February 28th, eight days after it took control of the site.

I upgraded the Token Ring to Ethernet about an hour ago and things seem to be working a bit better.

This is what the FBI will do to further its investigations: it will become a better distributor of illegal material than the criminals it's going after. The filing notes that a conservative estimate of the number of images distributed during the FBI's two-week hosting stint sits around one million.

Also of note: throwaway email accounts are to be expected when users create accounts at child porn sites. But I honestly expected more from the President of the United States.

The motion makes good points about the FBI's apparently hypocritical child porn distribution and points out it had many options -- including disabling image downloads -- to pursue that would still have allowed it to serve up its NIT to the site's visitors. Unfortunately, courts have a hard time finding law enforcement activity to be "outrageous" enough to toss cases. And in this particular prosecution, it's the worst of the worst being prosecuted: a child porn viewer.

Permalink | Comments | Email This Story
Categorieën: Technieuws

[Ticker] US museum condemns Hungary award for 'racist' journalist

van EU Observer - 2 uur 24 min geleden
The US Holocaust Museum Tuesday condemned the Hungarian government for granting a prestigious state award, the Order of Merit, to journalist Zsolt Bayer. Bayer, a member of the ruling Fidesz party "has a long record of racist speech and has written highly provocative anti-Semitic and anti-Roma articles in the Hungarian media", the museum said in a statement. Dozens of previous recipients have returned their award in protest of Bayer's honouring.
Categorieën: Europees nieuws

Slovakia's Fico goes to Russia

van EU Observer - 2 uur 26 min geleden
The Slovak prime minister, whose country currently chairs the EU council, will meet the Russian leader ahead of upcoming EU talks on Russia policy.
Categorieën: Europees nieuws

Sony Apparently Issuing Takedowns To Facebook For News Articles About PS4 Slim Leak

van TechDirt - 2 uur 35 min geleden

Recently, Sony had let it be known that it would soon be announcing some new offerings for its PlayStation 4 console. While most of the media coverage had focused on what is suspected to be a new, more powerful version of the console, a leak this week instead revealed a different console offering, consisting of a newly slimmed down form factor PlayStation 4 with a slightly redesigned controller. As an owner of a PS4, I can join others' interest in this design, with the original console being somewhat bulky. I can also join others in having only a mild bit of surprise as a reaction, given that Microsoft had already announced a slimmed down version of its Xbox product, and given that Sony has done this with previous versions of the console as well.

But I was slightly surprised to learn that Sony has apparently been setting its lawyers on spooking gaming media sites and taking down news articles from social media accounts about the leak. Reports of the latter have just started coming in.

Sony issued a takedown and had this post removed from my Facebook page: https://t.co/fIjP0buTdY

— Erik Kain (@erikkain) August 23, 2016

Now, Forbes has an annoying restriction on access to its site if you are sensibly using an ad-blocker, so I won't include the link for which the takedown was reportedly issued. That said, the post references the work Eurogamer did in visiting the leaker of the image to confirm the console is for real (it is), as well as generating its own image and even video of the console working for its story on the leak. But if you go today to the Eurogamer post about the leak, the video has been replaced by the following update.

UPDATE, 7.30pm: Upon taking legal advice, we have removed the video previously referenced in this article.

Left unsaid is whether or not any contact had been made by Sony with Eurogamer, thus prompting this "legal advice," but one can imagine that being the case, particularly given Sony's threats to social media users sharing images and reporting of Sony leaks and, more to the point, threats against any media that might report on those leaks. One can understand why a gaming website might blanch in the face of Sony's legal hounds, but it's still disappointing to see the tactic work.

Which brings us to this very moment. I imagine that the entire point behind these legal threats was to keep the news of a slimmed down PS4 from spreading prior to its official announcement. But, thanks to the Streisand Effect, here we are talking about it anyway, while simultaneously discussing the attempted coverup and questionable threats to fans and media that Sony has undertaken. So...mission accomplished?

Permalink | Comments | Email This Story
Categorieën: Technieuws

Daily Deal: SaferVPN Basic Subscription

van TechDirt - 2 uur 40 min geleden
Help protect your data online with a $49 unlimited subscription to SaferVPN Basic. You gain access to 400+ servers in 30 countries with unlimited bandwidth, data, and server switching. The simple to use app could be a perfect introduction to VPNs for the uninitiated.

Note: The Techdirt Deals Store is powered and curated by StackCommerce. A portion of all sales from Techdirt Deals helps support Techdirt. The products featured do not reflect endorsements by our editorial team.

Permalink | Comments | Email This Story
Categorieën: Technieuws

Scottish leader warns of independence

van EU Observer - 3 uur 6 min geleden
A report says a Brexit with no access to the EU single market would cost Scotland up to €13 billion a year.
Categorieën: Europees nieuws

Think Tank That First Proposed SOPA Now Claims 'Proof' That SOPA Would Have Been Great

van TechDirt - 3 uur 39 min geleden
Oh boy. The Information Technology and Innovation Foundation (ITIF) is a DC-based think tank that, from it's name, you might think would promote things that are important for innovation. And yet, this misleadingly named think tank has been on the wrong side of almost every major tech issue over the last few years -- perhaps because a large segment of its funding comes from anti-technology industries, like the entertainment industry and the large telco/broadband providers. This is the same organization that argued that net neutrality was bad, that kicking people off the internet for piracy was a good idea, that the US gov't should encourage countries to censor the internet and, most recently, that broadband companies charging more to not track your every move is "pro-consumer."

But perhaps the pinnacle of bullshit policy proposals from ITIF was that it was the organization (again, funded by the entertainment industry) that first proposed the basic framework of site blocking as a response to copyright infringement, back in 2009. The basis of that proposal was then turned into SOPA, leading ITIF to take a victory lap for creating what it believed was such a good law.

Of course, you know how that all went down. After actual technologists pointed out how problematic the ITIF approach to site blocking would be, and the public spoke up, the bill went nowhere. And ITIF is basically the sorest of sore losers. Last fall, ITIF published a bogus snarky "report" insisting that it's original SOPA plan for DNS blocking "did not break the internet." This, of course, conveniently misstates what was meant by "breaking the internet" when tech experts like Paul Vixie explained the problems with SOPA. It wasn't that the overall internet would just stop working or that fewer people would use it, but rather than basic ways in which the internet is expected to function (I reach out to this DNS entry, I get back the proper response) would fail, and that would open up opportunities for serious mischief, from man in the middle attacks to breaking how certain security protocols work.

But ITIF just can't let it go. This week it published a new report, once again using snark to insist that the internet didn't break: How Website Blocking Is Curbing Digital Piracy Without "Breaking the Internet." But its "evidence" is pretty suspect. It relies heavily on a recent report from some Carnegie Mellon professors, but leaves out the fact that those professors run a research center that was launched with a massive grant... from the MPAA. It also quotes papers from NetNames (funded by NBC Universal) and the Digital Citizens Alliances (a secretive MPAA front group that was a core component to the MPAA's "Project Goliath" plan to attack Google).

The paper is full of misleading statements and half truths. Take this for example: In the vitriolic debates over the Stop Online Piracy Act (SOPA) in the United States, many opponents of taking action to limit access to foreign websites dedicated to piracy argued that website blocking would “break the Internet,” although they never satisfactorily explained how this breakage would occur or why the Internet was not already broken, since some site blocking already existed before the SOPA debate. Nonetheless, no policymaker wanted to be accused of being responsible for breaking the Internet. Five years later, we have evidence to evaluate. Meanwhile, 25 nations have enacted policies and regulations regarding website blocking to find a better balance between preserving the benefits of a free and open Internet and efforts to stop crimes such as digital piracy. And the Internet still works just fine in these nations. Actually lots of people pretty clearly explained how and why it would break things -- including tech superstars like Paul Vixie and, yes, even Comcast, the owner of NBC Universal, an MPAA member. This is from Comcast: When we launched the Domain Helper service, we also set in motion its eventual shutdown due to our plans to launch DNSSEC. Domain Helper has been turned off since DNS response modification tactics, including DNS redirect services, are technically incompatible with DNSSEC and/or create conditions that can be indistinguishable from malicious modifications of DNS traffic (including DNS cache poisoning attacks). Since we want to ensure our customers have the most secure Internet experience, and that if they detect any DNSSEC breakage or error messages that they know to be concerned (rather than not knowing if the breakage/error was "official" and caused by our redirect service or "unofficial" and caused by an attacker), our priority has been placed on DNSSEC deployment -- now automatically protecting our customers... The non-technical policy wonks at ITIF might not understand this "technical" speak, but what Comcast is saying here is that using DNS blocking is a massive security risk. It doesn't mean that the internet itself "stops working" altogether, but that a core way that the internet is expected to work no longer does, and that exposes lots of people to lots of mischief.

ITIF, of course, will then point to the fact that 25 countries have implemented DNS blocking, and since they haven't seen the internet "stop" working in those places, they assume it's fine. This is dubious on two accounts. First, much of the mischief that can be caused by DNS blocking won't be directly observable to the public. ITIF really is in no position to know what kind of mischief is now enabled thanks to DNS blocking in those countries, but it won't be surprising to see that it eventually leads to security nightmares. The second is more fundamental: many people in those countries now use VPNs to virtually transport themselves elsewhere to get around these blocks. Many, in fact, transport themselves to the US to access things here. But, put in place site blocking in the US, where a huge percentage of internet traffic happens, and the opportunities for massive mischief increase quite a lot. But ITIF is too clueless to understand this.

In fact, the only "problem" that ITIF says might come up with DNS blocking is that it might take down multiple servers behind the same DNS, but which ITIF insists is easy to fix. ITIF also insists that such a small percentage of people use VPNs, getting around DNS blocking won't be much of a problem. Though, hilariously, they then admit that the methods to get around DNS blocking could put users at risk. But ITIF never puts two and two together to recognize how DNS blocking puts more people at risk. Critics claim that DNS blocking, like IP blocking, will cause “collateral damage” due to the risk of over-blocking, as a single domain can host many websites through website extensions.26 However, this risk can be addressed by implementing DNS blocking at the subdomain level (e.g. www.piracysite.maindomain.com instead of www.maindomain.com)....

[....] Many, if not most, consumers have low levels of computer literacy and certainly are not sophisticated enough to understand how to manipulate the DNS settings in the network configuration of their computers, mobile phones, and other Internet-connected devices. Furthermore, users who switch DNS servers can expose themselves to many security risks if they cannot trust the responses from these servers.
You know what else will mean you can't trust the results from a DNS server? DNS blockades! That's the "breaking" of the internet that Vixie and others were talking about. Which ITIF still doesn't comprehend.

Later in the report, ITIF also claims that people who worried about DNS blocking for copyright infringement were "fine" for it in blocking malware: The irony is that just months before leading opponents stated their opposition to website blocking, a key opponent said it was okay to block domains that spread malware and that this could be done without harming the Internet itself. I'll just note that basically every other sentence in that paragraph has a footnote as a source for the information... but that sentence conveniently has no footnote. I've looked at the other footnoted links in that paragraph and none of them involve "leading opponents" supporting DNS blocking for malware. So I'm curious how ITIF's sourcing on this key point seems to have magically disappeared.

There's more in the ITIF report, but it's basically fighting the same old war: it lost on SOPA, but ITIF can't let it go. And so it's not just fighting, but fighting dishonestly. It takes quotes out of context, makes misleading statements and doesn't seem to actually understand the core technological issues at play here. And it would be at least marginally more compelling if every study it cited (and ITIF itself) weren't funded by the MPAA, the main driver behind SOPA.

Permalink | Comments | Email This Story
Categorieën: Technieuws

Peter Thiel's Lawyer Now Sending Questionable Defamation Threat Letters To Media On Behalf Of Melania Trump

van TechDirt - 4 uur 42 min geleden
Charles Harder is the California lawyer who likely will forever be known as "Peter Thiel's lawyer" after Thiel helped set up his own law firm with the "focal point" of hunting for any lawsuit that might destroy Gawker. It appears that Thiel is happy to share his pet lawyer with his new best buddy, Donald Trump, or Trump's wife, Melania. On Monday the UK's Daily Mail (not exactly known for its accuracy in reporting) received a threat letter from Harder, representing Melania Trump, claiming that its recent article on Melania was defamatory.

I'm not exactly sure where Mr. Harder is looking to sue but, if it's in the US, it's difficult to see how the article reaches the level of defamation by any stretch of the imagination. Melania Trump is, obviously, a public figure and, under US law, for a news report to be defamatory it needs to not only be incorrect and harmful but also published "with actual malice" -- meaning that the Daily Mail would have known that the published statements of fact were false, or they had a reckless disregard for the truth. Reading through the original Daily Mail article, I don't see how that could possibly be the case. The supposed "bombshell" claims in the piece are statements from a couple of different sources alleging that Melania was an escort when she first came to NY (and that may be how she met Donald in the first place). But the Mail is actually (somewhat surprisingly, given its reputation), quite careful with those statements, pointing out that they came from a book, but also noting that there's little evidence to back them up. It also points to a Slovenian magazine article claiming that the modelling agency Melania worked for was actually an escort service, but the Mail only notes that the magazine said this, and then gets a quote from the guy who ran the modelling agency saying (vehemently) that the story wasn't true.

Furthermore, the Daily Mail noted: There is no evidence to back up these startling claims made in Suzy magazine. The rest of the article is just kind of weird. Perhaps it's how the Mail normally reports, but much of the second half is stories from a guy who had a crush on Melania when they were both teens.

But, yeah, it's not at all clear how any of this rises to the level of defamation. The Daily Mail doesn't say anything defamatory about Melania at all. It just notes that certain sources (a book written by an anonymous author and a Slovenian magazine article) make these claims (both of which are accurate factual statements) and then notes that there's little actual evidence to back them up. And yes, this is a trashy tabloidy kind of thing to do ("some people say..." to say something mean, rather than making the case themselves), but it's difficult to see how it comes anywhere near the standard for actual defamation.

And it's not just the Daily Mail that Harder is going after. The Guardian reports that Harder has said that Melania may also sue Politico and the Week for reporting on her immigration status a few weeks back. You may remember the story. Politico noted some discrepancies in the timing of when Melania had claimed she had come to America, and the date of some nude photos that the NY Post dug up from a photo shoot in NY. That led Politico to raise questions about whether or not Melania was an illegal immigrant -- a bit of irony considering her husband's hardline stance against illegal immigration.

Once again, going through the Politico story, it's basically ridiculous to argue that anything in there is defamatory. Again: the statements need to be statements of fact (not just questioning things) that were made with "actual malice." There's no way the Politico article reaches that level.

But, again, we're talking about Charles Harder and the Trumps here, and the legitimacy of the case may be secondary to just threatening people. Trump, of course, has a long history of SLAPP-like lawsuits designed to bury journalists he doesn't like. And that's not me just saying that, Trump has flat out admitted to doing this: Trump said in an interview that he knew he couldn’t win the suit but brought it anyway to make a point. "I spent a couple of bucks on legal fees, and they spent a whole lot more. I did it to make his life miserable, which I’m happy about." And, again, that's the basis of Thiel's campaign against Gawker, where no matter what you think of the Hogan case, the other cases that Harder has filed against Gawker appear to pretty clearly be basic SLAPP suits designed to burden the company with legal fees.

And, of course, some smaller publications have already been intimidated into silence. The NY Times notes that Harder has contacted other publications as well (mainly those that wrote about the Daily Mail's article) and at least two of them have retracted or apologized for their original stories. Here's the Inquisitr apologizing and retracting its story and here's Liberal America doing the same thing. Liberal America flat out explains: This is being written under duress because I don’t have enough money to fight a legal battle against the Trump machine. You can see the full threat letter that Charles Harder sent on behalf of Melania and judge for yourself. Harder claims that he can show "actual malice" in the reporting "by nature of the fact that my client has publicly denied the foregoing statements." That's not, actually, how one proves "actual malice."

Without being able to see the original stories at Inquisitr and Liberal America, I can't say definitively if either one said anything that would be considered defamatory, but it certainly sounds like they were just quoting what was in the Daily Mail article, which does not seem to be defamatory.

So what are we left with? A thin-skinned Presidential candidate who has admitted to happily filing bogus lawsuits to burden journalists whose reporting he doesn't like, whose wife has teamed up with a lawyer who was basically set up in business to "focus" on filing a bunch of lawsuits for the purpose of overburdening a publication another billionaire disliked. People have been disagreeing with me over whether or not the Gawker shutdown is a big deal, insisting that "if you just don't publish private sex tapes, there won't be a problem." Yet, here we have publications already being intimidated into not publishing stories and other larger publications being threatened for reporting which does not appear to be defamatory at all.

Doesn't that seem the least bit problematic to some people?

Permalink | Comments | Email This Story
Categorieën: Technieuws

Gelukkig houden terroristen zich altijd aan de wet

van Bits of Freedom - 6 uur 17 min geleden

Tenminste, dat moet de gedachtengang zijn van de Franse en Duitse ministers van Binnenlandse Zaken. Zij vragen de Europese Commissie te komen met een wetsvoorstel waarmee diensten zoals Telegram gedwongen kunnen worden versleutelde berichten weer leesbaar te maken.

In de persverklaring van de twee ministers zegt de Franse minister (hier in Googliaans Engels) dat in het kader van justitiële onderzoeken de communicatie tussen twee gebruikers van bijvoorbeeld Telegram toegankelijk moet zijn voor opsporings- en geheime diensten. Het is opmerkelijk dat hij Telegram noemt.

In een artikel in de Financial Times (paywall-alert) werd gisteren de baas van de Franse binnenlandse veiligheidsdiensten aangehaald. Die vertelt over de vele gigabytes aan informatie die zij na de aanslagen in Parijs in beslag hebben genomen. Veel van die informatie is versleuteld en niet te ontcijferen. De krant stelt vervolgens dat de terroristen veel gebruik maakten van WhatsApp en Telegram, omdat beide end-to-end encryptie gebruikten. Je snapt meteen waarom de Franse minister Telegram als voorbeeld neemt.

Maar toch. Telegram is eigenlijk een onhandige applicatie als je graag zeker wilt zijn dat je berichten voor anderen niet leesbaar zijn. Als je zonder opletten een nieuw gesprek begint in Telegram, dan is dat standaard niet versleuteld. Die end-to-end encryptie is er alleen maar als je expliciet kiest voor een Secret Chat. De conclusie die je hieruit kunt trekken: als iemand in Telegram een gesprek voert dat end-to-end versleuteld is, dan was dat een bewuste keuze.

Terug naar die Franse minister. Als een terrorist er expliciet voor kiest om zijn verbinding te versleutelen, hoe groot is dan de kans dat hij gebruik maakt van een dienst waarvan bekend is dat die afgetapt kan worden? Onze inschatting: zodra de Europese Commissie een wet introduceert waarmee Telegram en soortgelijke diensten gedwongen kunnen worden tot het leesbaar maken van versleutelde communicatie, kijkt een terrorist naar alternatieve tools. De “oplossing” van de Franse en Duitse minister werkt dus alleen als het gebruik van die alternatieve tools verboden wordt. Gelukkig houden terroristen zich altijd aan…

Het idee dat met het afluisterbaar maken van dergelijke diensten de communicatie van terroristen opeens te onderscheppen zou zijn is achterlijk. Wat het voorstel van de Fransen en Duitsers wel bewerkstelligt: de beveiliging van de digitale communicatie van “gewone mensen” wordt verzwakt. Het punt dat Peter R. de Vries gisteren in RTL Boulevard zo eloquent maakte. Of zoals cryptograaf Zimmerman het zo mooi zei: “When crypto is outlawed, only outlaws will have crypto.”

Categorieën: Technieuws

Your 'Smart' Power Outlets Are Now Botnets Thanks To The Internet Of Broken Things

van TechDirt - 6 uur 49 min geleden
Making fun of the Internet of Things has become a sort of national pastime, made possible by a laundry list of companies jumping into the space without the remotest idea what they're actually doing. When said companies aren't busy promoting some of the dumbest ideas imaginable, they're making it abundantly clear that the security of their "smart," connected products is absolutely nowhere to be found. And while this mockery is well-deserved, it's decidedly less funny once you realize these companies are introducing thousands of new attack vectors in every home and business network the world over.

Overshadowed by the lulz is the width and depth of incompetence on display. Thermostats that fail to heat your home. Door locks that don't protect you. Refrigerators that leak Gmail credentials. Children's toys that listen to your kids' prattle, then (poorly) secure said prattle in the cloud. Cars that could, potentially, result in your death. The list goes on and on, and it grows exponentially by the week.

The latest gift of the Internet of Things industry, revealed last week by security researchers at Bitdefender, is smart electrical sockets that can be hacked to hand over e-mail credentials, create a botnet, or (potentially) burn your house down by firing up connected appliances. The devices are sold as an amazing new tool to help create a connected home, allowing users to manage any device plugged into them via a smartphone and/or the internet. The problem, as usual, is an (unspecified) company that treated security as an afterthought. From the full Bitdefender research paper:"Bitdefender researchers observed that the hotspot is secured with a weak username and password combination. Furthermore, the application does not alert the user to risks associated with leaving default credentials unchanged. Changing them can be done by clicking ‘Edit’ on the name of the smart plug from the main screen and choosing a new name and a new password.

Secondly, researchers noticed that, during configuration, the mobile app transfers the Wi-Fi username and password in clear text over the network. Also, the device-to-application communication that passes through the manufacturer’s servers is only encoded, not encrypted.
That's not just bad security, that's yet another company that's not even trying. And not even trying, it should be added, despite a constant flood of news reports that have demolished an endless list of different brands for failing to embrace things like fundamental encryption. We're building a mansion out of flammable toothpicks and empty promises, and as Bruce Schneier recetly noted, it's really only a matter of time before the check comes due on a fairly massive scale.

And while security is a big part of the problem, equally troubling is the rise of "smart" products that stop working once the company's manufacturer gets bored or sold. Like, you know, connected light bulbs that no longer really connect to much of anything:"Earlier this month, our colleague and Consumerist reader Michelle spotted a great deal on some Connected by TCP smart lightbulbs she’d been eyeing for her home. Before buying, she checked to see if they’d be compatible with her Amazon Echo or Wink app, and it’s good that she checked first. As it turns out, those bulbs are no longer compatible with any device, app, or hub, because TCP pulled the plug on their server as of June 1. Whoops, sorry! Not only is the Internet of Things a total shit show when it comes to security and privacy, you also don't really own the things you buy, creating a universe of new possibilities when it comes to dysfunction, fraud, and misleading advertising promises. There are plenty of reasons why this incompetence is coming home to roost, though the simplest is that many companies were just too cheap and lazy to invest in quality kits, research and technology, and most IOT "evangelists" were too focused on self-promotion to much care about the fact that they were selling us an industrial-grade disaster.

Permalink | Comments | Email This Story
Categorieën: Technieuws

[Ticker] Germany to take hundreds of refugees from Italy

van EU Observer - 7 uur 10 min geleden
Germany will step up efforts to accept asylum seekers from Italy under the EU's relocation scheme, Italy's interior minister Angelino Alfano has said. He told La Repubblica TV that the EU scheme had been a "flop", but that from September "hundreds of refugees" would go to Germany every month. Some 961 people have been relocated from Italy since the scheme was launched last year, compared with the target of 39,600.
Categorieën: Europees nieuws

[Ticker] Merkel asks Turks in Germany for loyalty

van EU Observer - 7 uur 45 min geleden
Angela Merkel expects people of Turkish origin living in Germany to "develop a high level of loyalty to our nation", she told Dortmund-based newspaper Ruhr Nachrichten. The chancellor also asked Turkish-Germans to keep calm in the face of Turkey's political upheavals. President Recep Tayyip Erdogan launched a crackdown on dissent following a foiled coup on 15 July. Germany is home to more than three million people of Turkish origin.
Categorieën: Europees nieuws

What It Looks Like When The Terrorists Win: The JFK Stampede Over Fans Cheering For Usain Bolt

van TechDirt - 9 uur 56 min geleden

We've talked a great deal here about what a theater of security our national airports have become. Far from accomplishing anything having to do with actually keeping anyone safe, those in charge of our airports have instead decided to engage in the warm fuzzies, attempting to calm an easily-spooked traveling public through bureaucracy and privacy invasion. The hope is that if everyone suffers the right level of inconvenience and humiliation, we'll all feel safe enough traveling.

But it's quite easy for the 4th wall in this security theater to be broken by the right sort of circumstance. In case you missed it, one such circumstance happened recently at JFK Airport. The fallout was described in a first-person account in New York Magazine by David Wallace-Wells. Following a long plane ride after a delayed departure, Wallace-Wells describes the start of the ensuing chaos as he and his wife waited to get to passport control:

On the right of the hallway was that familiar line of people-movers, each of them stalled, when suddenly somebody realized that you could lap the line by walking down it like it was a highway shoulder in a traffic jam. Risa turned, smiled, and dashed off to take advantage. I made a show of protesting, hanging back for a second, and then followed her, but probably 50 people had swum into that lane between us in the meantime, and I couldn’t even catch sight of her to roll my eyes. Then the screaming began. I can’t remember what happened first — the flashing light of a fire alarm, the yelled warnings of a bomb and a shooter, the people turning around in a mob panic. I thought I saw smoke. I know I saw bags dropped, people falling to the floor and others stomping past them, through them, on them. Everybody was screaming. And I couldn’t find Risa. See her, really. Because there was no moving in the other direction. There was not even time or space to process what was happening, really. People were shouting about terrorism right next to me, as they ran next to me, but I wasn’t thinking about a shooter; I was just thinking, GO!

He goes on to describe being in the middle of one of several literal stampedes that had broken out throughout the airport, with travelers scattering in many directions and trampling one another. Members of the public were escorted out onto the tarmac, then back inside, then back out onto the tarmac again. Airport security alternatively either bolted for the exits when the scare began, or else were ineptly ushering the public in one direction or another. NYPD officers were inside the airport terminals, clearing them, but nobody seemed to be informing or instructing the public as to what to do. It was, in simple terms, chaos. A woman in a hijab called to her family, and everyone around her panicked. Even the set-pieces of the security theater contributed to the bedlam.

When people started running, a man I met later on the tarmac said, they plowed through the metal poles strung throughout the terminal to organize lines, and the metal clacking on the tile floors sounded like gunfire. Because the clacking was caused by the crowd, wherever you were and however far you’d run already, it was always right around you.

There was a second stampede, I heard some time later, in Terminal 4. I was caught up in two separate ones, genuine stampedes, both in Terminal 1. The first was in the long, narrow, low-ceilinged second-floor hallway approaching customs that was so stuffed with restless passengers that it felt like a cattle call, even before the fire alarm and the screaming and all the contradictory squeals that sent people running and yelling and barreling over each other — as well as the dropped luggage, passports, and crouched panicked women who just wanted to take shelter between their knees and hope for it, or “them,” to pass.

I can only imagine the terror one must feel being caught within a panic inside an airport under these circumstances. As the author notes, it was clear to anyone in the airport that day just how silly the idea is that authorities could respond to a threat at an airport in a methodical and organized way. Part of the lesson of this story is just how useless the security theater we've allowed to be propped up before us actually is. Useless as a system for when a terror event actually occurs, but more useless at keeping travelers calm and feeling safe.

Because the cause of this chaos would be laughable if it weren't so terrifyingly frustrating.

When the first stampede began, my plane had just landed. It started, apparently, with a group of passengers awaiting departure in John F. Kennedy Airport Terminal 8 cheering Usain Bolt’s superhuman 100-meter dash. The applause sounded like gunfire, somehow, or to someone; really, it only takes one. According to some reports, one woman screamed that she saw a gun.

That's all it took. A spooked public whose fear is unassuaged by the pretend security the government has set up at the airport, mixed with applause for an Olympic athlete, gets you bedlam. This is everyone's fault, from a public that can't bother to keep the threat of terrorism in perspective, to politicians that decided on a feel-good show at airports that couldn't even achieve that goal, to federal agencies keeping everyone so on edge that simple applause rang as gunfire in the minds of some.

It's hard to think of a more powerful example of how terrorism works than that.

Permalink | Comments | Email This Story
Categorieën: Technieuws

Turkey recalls ambassador from Austria

van EU Observer - 10 uur 25 min geleden
Ankara reproaches Vienna for allowing a PKK demonstration but not anti-coup rallies. But the Austrian police said there is no ban on Turkish demonstrations.
Categorieën: Europees nieuws

[Focus] Finland rushes to finalise US defence pact

van EU Observer - 12 uur 55 min geleden
Finland’s defence minister has said it aims to conclude a defence pact with America before US president Barack Obama leaves office, amid concern over Russian aggression.
Categorieën: Europees nieuws

[Ticker] EP mocked over Olympic medals tally

van EU Observer - 13 uur 30 sec geleden
The European Parliament has sparked criticism with a medal tally graphic that showed EU nations combined captured 325 medals at the Olympic Games in Rio, while the US had 121 and China got 70. Brexit supporters dismissed the graphic, while others pointed out that the number of participants per country was limited, so that the EU as one nation could never collect 325 medals.
Categorieën: Europees nieuws

[Ticker] EU spy chiefs would limit encrypted communication

van EU Observer - 13 uur 1 min geleden
EU officials are weighing the possibilities of limiting encrypted messaging to combat terrrorism, the Financial Times newspaper has reported. France’s interior minister Bernard Cazeneuve will meet his German counterpart Thomas de Maiziere Tuesday to discuss new measures that would limit the use of encrypted communications across the EU. A boom in end-to-end encryption in online platforms and apps means they are almost impossible to monitor by Europe’s intelligence services.
Categorieën: Europees nieuws

[Ticker] French emissions report omits Renault discrepancy

van EU Observer - 13 uur 10 min geleden
A French government report published last month omitted significant details about Renault cars emitting nitrogen oxides at levels nine to 11 times higher than EU limits. “The report was ultimately written by the state and they decided what would remain confidential,” Charlotte Lepitre, of France Nature Environment who sat on the commission, told the Financial times. Renault denied using software to cheat emissions testing.
Categorieën: Europees nieuws

[Ticker] EU must make joint decision on Nord Stream 2

van EU Observer - 13 uur 12 min geleden
Denmark's former foreign minister, Martin Lidegaard, has appealed for Nordic countries to back a joint EU decision on Russia's Nord Stream 2 gas-pipeline project. Speaking on Danish Radio Tuesday, the liberal politician said the pipeline would cross Danish maritime territory, so it would need Copenhagen's approval. If Denmark said yes, Poland would be upset, he noted. If Denmark said no, Germany would not be pleased.
Categorieën: Europees nieuws

'Big three' leaders say EU will survive Brexit

van EU Observer - 13 uur 30 min geleden
Merkel, Hollande and Renzi urge better security and intelligence cooperation between EU nations at a meeting designed to relaunch the union after Brexit.
Categorieën: Europees nieuws