US top cop decries encryption, demands backdoors

US top cop decries encryption, demands backdoors
Attorney general: “technological advances” allow criminals to “avoid detection.”
By David Kravets
Oct 1 2014
<http://arstechnica.com/tech-policy/2014/10/us-top-cop-decries-encryption-demands-backdoors/>

Attorney General Eric Holder, the US top law enforcement official, said it is “worrisome” that tech companies are providing default encryption on consumer electronics. Locking the authorities out of being able to physically access the contents of devices puts children at risk, he said.

“It is fully possible to permit law enforcement to do its job while still adequately protecting personal privacy,” Holder said during a Tuesday speech before the Global Alliance Against Child Sexual Abuse Online conference. “When a child is in danger, law enforcement needs to be able to take every legally available step to quickly find and protect the child and to stop those that abuse children. It is worrisome to see companies thwarting our ability to do so.”
Holder’s remarks, while he did not mention any particular company by name, come two weeks after Apple announced its new iPhone 6 models would be equipped with data encryption that prevents authorities from accessing the contents of the phone. At the same time, Google said its upcoming Android operating system will also have default encryption.

The encryption decision by two of the world’s biggest names in tech is a bid to gain the trust of customers in the wake of the Edward Snowden surveillance revelations.

Holder said he wants a backdoor to defeat encryption. He urged the tech sector “to work with us to ensure that law enforcement retains the ability, with court-authorization, to lawfully obtain information in the course of an investigation, such as catching kidnappers and sexual predators.”

Recent technological advances have the potential to greatly embolden online criminals, providing new methods for abusers to avoid detection. In some cases, perpetrators are using cloud storage to cheaply and easily store tens of thousands of images and videos outside of any home or business—and to access those files from anywhere in the world. Many take advantage of encryption and anonymizing technology to conceal contraband materials and disguise their locations.

The attorney general—who plans to step down from the position he has held for six years as soon as a successor takes office—is the highest-ranking member of the President Barack Obama administration to assail encryption in the wake of the Apple and Google announcements. 

[snip]

“The TV model is broken,” says ISP that stopped offering pay-TV

“The TV model is broken,” says ISP that stopped offering pay-TV
Programming costs cause some telecoms to drop channels or TV altogether.
By Jon Brodkin
Oct 1 2014
<http://arstechnica.com/business/2014/10/the-tv-model-is-broken-says-isp-that-stopped-offering-pay-tv/>

Programming costs are so high today that even Comcast complains about the expense. What of small Internet service providers who lack the negotiating power of the nation’s largest TV and broadband company?

Some of them are dropping channels or exiting the pay-TV business altogether, says a new article in The Wall Street Journal.

“I think the TV model is broken,” BTC Broadband President Scott Floyd told the newspaper. BTC stopped offering TV late last year while continuing to sell Internet and phone service.

“The Oklahoma company, which had been serving about 420 TV subscribers, decided it simply couldn’t afford to keep paying rising fees to carry a basic lineup of channels including ESPN, TNT, and MTV,” the Journal wrote. Floyd “estimated that if the company continued to pass on rising programming costs to consumers and maintained its thin profit margins, by 2016 cable-TV bills would rise to $130 from about $60.”

Small cable companies can increase their bargaining power by negotiating for programming rights in groups such as the National Cable Television Cooperative (NCTC), which negotiates on behalf of 950 companies. But small companies “representing about 53,000 customers have shut off cable-TV services or gone out of business” since 2008, with the trend accelerating in the past three years, the NCTC told the Journal.

Programming disputes are causing mid-size companies to drop channels as well. Suddenlink, a cable company with more than one million subscribers in Arkansas, Louisiana, North Carolina, Oklahoma, Texas, and West Virginia,  dropped Viacom channels this week after claiming that Viacom demanded a nearly 50 percent increase in payments.

Viacom blamed Suddenlink for breaking off negotiations. Viacom told Ars in a statement that its channels, including Nickelodeon, MTV, and Comedy Central, “account for nearly 20 percent of all cable viewing” and “nearly a third of all video on demand viewing by Suddenlink customers.” Suddenlink said viewership of Viacom channels was rapidly declining.

[snip]

Sophisticated iPhone and Android malware is spying on Hong Kong protesters

Sophisticated iPhone and Android malware is spying on Hong Kong protesters
Researchers say all signs point to the Chinese government
By Amar Toor
Oct 1 2014
<http://www.theverge.com/2014/10/1/6877377/sophisticated-iphone-and-android-malware-is-spying-on-hong-kong>

A fake smartphone app is being used to remotely monitor pro-democracy protesters in Hong Kong, according to a report from the New York Times. Researchers from Lacoon Mobile Security say the phishing scam is spreading across the messaging application WhatsApp, through texts that read: “Check out this Android app designed by Code4HK for the coordination of OCCUPY CENTRAL!”, along with a link to download software. Lacoon says the software, once downloaded, can access a user’s personal data, including phone calls, text messages, and the physical location of their smartphone. Code4HK — a developer community that has helped to spread information about the protests — tells the Times it had nothing to do with the texts.

The origin of the scam remains unknown, but Lacoon CEO Michael Shaulov says the Chinese government is likely behind it, given the location of the servers and the sophistication of the operation. The company traced it to a computer that they say is similar to those that the Chinese government allegedly used to launch cyberattacks against US targets last year. The spread of the app remains equally unclear, though Shaulov says it was downloaded by one out of every ten phones that received the fake message, and, notably, that it has affected both Android and iOS users alike.

Phishing scam targets Android and iOS users alike

“This is the first time that we have seen such operationally sophisticated iOS malware operational, which is actually developed by a Chinese-speaking entity,” Shaulov told the Times.

Today’s report comes as thousands of protesters flocked to the streets on China’s National Day, calling for Beijing to allow for free democratic elections in 2017. China had previously said it would allow Hong Kong to choose its own leader by that date, but backtracked on that promise in August, when it announced that all candidates would have to be approved by Beijing.

Protesters in the “Occupy Central” movement have clashed with police since protests escalated over the weekend, and there are fears of further confrontation tonight, during National Day celebrations. The Chinese government has gone to great lengths to censor news of the demonstrations. Most state-run media have not mentioned it, and Chinese web censors have stepped up efforts to block images and videos on social media. On Sunday, the government blocked access to Instagram within mainland China, and posts on the Twitter-like service Sina Weibo have been aggressively deleted, according to the Times. In the past few days, censors have blocked any Weibo posts including the words “Hong Kong,” “barricades,” and “umbrella” — the unofficial symbol of Hong Kong’s movement.

China’s strange support for Apple’s latest security features

Note:  This item comes from reader Randall Head.  DLH]

China’s strange support for Apple’s latest security features
By NATHANIEL MOTT
Sep 30 2014
<http://pando.com/2014/09/30/chinas-strange-support-for-apples-latest-security-features/>

Apple will be allowed to sell its new iPhones in China on October 17, according to a statement released by the country’s Ministry of Industry and Information Technology, which is said to have delayed the smartphones’ launch in China due to concerns about their security features.

China’s government has grown increasingly wary of Apple’s products in the wake of Edward Snowden’s disclosure of the National Security Agency’s surveillance programs, some of which are said to have direct access to user data managed by Apple and other technology companies. (That concern goes both ways: the United States government has accused Huawei, a telecom-networking equipment provider with close ties to China’s government, of spying on customers.)

Apple claims that it has never provided a backdoor into any of its products to any government. It also says that the latest version of its mobile operating system was designed in such a way that the company wouldn’t be able to provide customer data even if it’s served with a warrant — a feature that’s already led law enforcement to say the new iPhones will become the phones of choice for pedophiles and kidnappers — because of the new encryption standards Apple used.

It makes sense for the Chinese government to be worried about Western tech products being used to gather information for foreign intelligence agencies, but it’s strange that the country is allowing Apple to launch its new iPhones there even though it supposedly means that Chinese citizens will be able to keep their data out of the government’s clutches. Something is just…off.

Many companies avoid storing data in China for just that reason. The government expects to receive any data it requests from companies with servers on its soils, and Apple revealed in August that it stores customer data in China through a partnership with China Telecom, a state-owned wireless service provider. Apple claims that China Telecom can’t access the information on the servers because all of the relevant encryption keys are kept on servers in other countries.

So, to recap: a government known for wanting to control foreign companies as much as possible while also gathering information on its citizens is allowing a company thought to have been compromised by the NSA to sell its products in the country. All this, after being assured that there is no way for any government to get at that data, even though at least some of it will be stored on servers operated by a state-owned telecom company, without even so much as a hint of protest.

Seems a bit suspicious — but let’s all just go ahead and wonder if the iPhone 6 Plus is really as bendy as the media is making it out to be and congratulate Apple for making it into the world’s largest smartphone market. That’s a whole lot easier.

Neighborhood social networking app Nextdoor’s new safety feature makes it a must-use

Neighborhood social networking app Nextdoor’s new safety feature makes it a must-use
By Carmel DeAmicis
Sep 30 2014
<https://gigaom.com/2014/09/30/neighborhood-social-networking-app-nextdoors-new-safety-feature-makes-it-a-must-use/>

SUMMARY:
The police and firefighters that cover your particular neighborhood may be using Nextdoor to warn you about safety concerns.

Nextdoor, the private social network for neighborhoods, never seemed relevant for my millennial age demographic. It was the app version of a community board meeting or tea with your nosy neighbor, a place to learn about upcoming events, get recommendations on a plumber, hear the local chatter about the weird red car that’s been hanging around. Twenty-somethings in urban areas by-and-large don’t have kids, their lives don’t revolve around their home and they know their neighbors hardly, if at all. So even though I covered Nextdoor, I never felt compelled to actually become a user.

That changes today. Nextdoor has introduced a new element to its application that makes it a must-use network, even for the disinterested younger generations. It has started partnering with police and fire departments across the country — in 250 cities initially, with more to come — to use Nextdoor to communicate about emergencies and safety issues with local residents. Want a heads-up on a series of break-ins that have been happening in your area? The police precinct that oversees it can send information blasts, just to the neighborhoods that it impacts. Want to know whether it’s time for you to evacuate during a nearby brushfire — a major issue every fall in Southern California? Your local fire department might be using Nextdoor to get the word out. In fact, after the August earthquake, Napa — which was part of the 250 city test program — used Nextdoor to send out update information to residents.

In other words, the social network that initially connected neighbors to each other is now connecting vital city services to the residents themselves. Social networking has reached local government.

Of course, many local government branches have been using Twitter and Facebook for awhile to communicate with people. But these one size-fits-all platforms don’t work well for conveying detailed information that might only apply to people living on a few street blocks. Nextdoor is a whole different system. In order to join your neighborhood’s network you have to verify that you live there by — old school style — ordering a physical postcard sent to your home address. Various neighborhood newsfeeds are restricted, both for viewing and posting, to people who live there.

To integrate with police and fire departments, Nextdoor had to build an entirely separate application for government bodies to use. It didn’t want to violate the privacy of original Nextdoor neighbors, so it needed a way for these officials to post in the relevant networks without having access to view those networks’ content. Furthermore, it needed a way for government bodies to send targeted messages — specifically to particular Nextdoor neighborhoods, or to particular precincts or battalions or even to specific street coordinates. That way, they wouldn’t spam all Nextdoor users in a city.

And lastly, in order for this system to scale without massive manpower from Nextdoor, the site needed city onboarding to be an automatic process. Enter: Nextdoor for public agencies. It’s a self-serve site where police and fire chiefs can set up their department, determine who has access to messaging what neighborhoods, and send notifications to users in different areas of the city. Nextdoor built various prototypes over the span of 18 months with the 250 initial test cities. Now, it’s releasing its self-serve technology to the rest of the nation, so that even small provinces can use it.

[snip]

76 of 79 deceased NFL players’ brains had evidence of degenerative disease

76 of 79 deceased NFL players’ brains had evidence of degenerative disease
Majority of football players who submitted their brains to Department of Veterans Affairs’ study had chronic traumatic encephalopathy
By Rich McCormick
Sep 30 2014
<http://www.theverge.com/2014/9/30/6876131/majority-of-nfl-player-brains-in-study-had-cte>

New data from the United States’ largest repository of human brain samples has shown that an overwhelming majority of NFL players who submitted their brains for analysis after their death suffered from chronic traumatic encephalopathy (CTE). The Department of Veterans Affairs’ brain repository, based in Massachusetts, found that 76 of 79 former pro players had evidence of the condition, which can be caused by repeated head trauma.

The brains were submitted for study after death

The findings came as part of a wider study in which the department examined the brains of 128 deceased football players who had played the game at professional, semi-professional, college, or high school level. It found that even in the brains of those that had played at lower standards, the rate of CTE was high — of the 128 players, 101 tested positive for the disease. The brain condition is caused when blows to the head cause the production of tau, a protein that manifests as dense tangles around the brain’s normal cells and blood vessels. The degenerative condition can cause depression and fits of rage among its sufferers, and confusion, memory loss, and dementia later in life.

The Department of Veterans Affairs’ findings come from a weighted testing group — the experiments were conducted on brains donated to the brain repository by players and families who suspected the presence of the condition — but neuropathologist Dr. Ann McKee, who directs the brain bank, says that there’s a correlation between playing football and developing CTE. “Playing football, and the higher the level you play football and the longer you play football, the higher your risk.”

CTE can cause depression, fits of rage, and dementia

The NFL is currently responding to a lawsuit brought against it by more than 4,500 ex-players. The new Department of Veterans Affairs’ report comes two weeks before an October 14th deadline at which thousands of NFL retirees have to decide whether to agree to the league’s proposed settlement. Frontlinesays the ex-players have accused the league of hiding links between football and CTE, but these findings could help address “a key sticking point” in negotiations now that the league has acknowledged long-term concussion effects. Data filed in a federal court this month shows the NFL actually “expects nearly a third of all retired players to develop a long-term cognitive problem, such as Alzheimer’s disease or dementia, as a result of football.”

[snip]

Demonstrators and Censors Tangle on the Web

Demonstrators and Censors Tangle on the Web
Chinese Web Censors Struggle With Hong Kong Protest
By ANDREW JACOBS
Sep 30 2014
<http://www.nytimes.com/2014/10/01/world/asia/chinese-web-censors-struggle-with-hong-kong-protest.html>

BEIJING — Can Chinese censors vanquish the umbrella?

As protesters in Hong Kong continue to defy authorities with their demands for greater democracy, mainland China’s politically minded web users have been trying to outmaneuver the invisible army of Internet guardians working to scour social media of photos and news about the continuing demonstrations.

They have been posting pro-democracy remarks on nonpolitical websites and uploading selfies of their shaved heads to express solidarity with the protesters. On Tuesday, some social media users shared stock images of President Xi Jinping carrying an umbrella, a not-so-subtle nod to that essential protester accessory for staving off sun, rain and pepper spray. Other users simply changed their profile photo to that of an umbrella.

Charlie Smith, co-founder of Greatfire.org, a group that tracks Internet censorship in China, said authorities were not likely to relax.. “They are going to be on top of this situation 24/7.”

But there were signs Tuesday that China’s formidable censorship machine was struggling to keep up with savvy commenters who found ways to thumb their noses at the authorities.

On one popular mainland music-sharing site, hundreds of people left supportive comments under a Cantonese ballad, “Under the Vast Sky,” that has become something of an anthem for protesters. “Without resistance there is no freedom,” read a typical entry. “Go Hong Kong!”

Fu King-wa, a professor of media studies at Hong Kong University, said the rate of deletions on Sina Weibo, the country’s most popular microblog service, had jumped in recent days, a testament to the flood of protest-related content and the Communist Party’s fears that the demonstrations might prove contagious.

Many analysts said the in-house censors employed by Chinese Internet companies like Sina had become more adept at culling material.

On Tuesday, words such as “Hong Kong,” “barricades” and “Occupy Central,” the putative name for the civil disobedience campaign, were either blocked or yielded few results on weibo. Sina had also neutralized the word “umbrella.”

[snip]