Techdirt is off for Martin Luther King Jr. Day! We'll be back with our regular posts tomorrow.Hide

Glyn Moody’s Techdirt Profile

glynmoody

About Glyn MoodyTechdirt Insider




Posted on Techdirt - 12 January 2017 @ 3:23am

Top UK Cop Says Hackers Should Be Punished Not With Prison, But With Jammed WiFi Connections

from the yeah,-that'll-work dept

Here's a story that starts out well. One of the UK's top police officers, Chief Superintendent Gavin Thomas, has said that putting people in prison for offenses like hacking into computers makes no sense. He points out that it costs around $50,000 a year to keep someone in a traditional prison, and that education programs are likely to be a far more cost-effective solution, especially in terms of reducing recidivism. This is absolutely right, and it's great to hear a senior officer admit it. Unfortunately, things go downhill from here. He told the Telegraph:

If you have got a 16-year-old who has hacked into your account and stolen your identity, this is a 21st century crime, so we ought to have a 21st century methodology to address it.
His solution is as follows:
He said convicted criminals could be fitted with electronic jammers around their wrists or ankles which blocked wifi signals and prevented them from going online.
Leaving aside the human rights implications, which to his credit Thomas acknowledges, there is another big problem with the proposal, as Techdirt readers have doubtless already spotted. The people wearing these WiFi jammers would be those who have been found guilty of some computer-related crime. By definition, then, they are likely to be tech-savvy. So they probably have other computers that can use Ethernet connections to access the Internet. In addition, they are unlikely to have any problems using Bluetooth or a USB cable to reverse-tether their mobiles to a system with wired access. The more adventurous might even try to rig up some kind of Faraday shielding to jam the jammer. In other words, this isn't going to work, but would probably cause havoc with everyone else's WiFi connections.

Back in 2015, Thomas was quoted by Computer Business Review on the topic of encryption, and the problems it posed for the police, when he said:

It is utterly essential for detectives and criminal investigators to use data held on smartphones and other devices when they are investigating serious crimes.
Given his belief that jamming bracelets would stop convicted computer criminals from using the Internet, the worry has to be that he shares the mistaken view that tech companies can create a safe system of crypto backdoors or "golden keys" that only the authorities can use. Let's hope he takes some expert advice before offering an opinion on that one.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

46 Comments | Leave a Comment..

Posted on Techdirt - 10 January 2017 @ 3:23am

Turkey Is Building Domestic Replacements For Gmail and Google

from the national-culture-and-values dept

Turkey has a long history of blocking Internet services. It's become such a thing, there's even a site called TurkeyBlocks that is exclusively about this phenomenon. A couple of recent stories on the site suggest the Turkish government is aiming to tighten its local control over the online world even more. First, in order to prevent people circumventing social media shutdowns, the Turkish authorities are going after Tor:

The Turkey Blocks internet censorship watchdog has identified and verified that restrictions on the Tor anonymity network and Tor Browser are now in effect throughout Turkey. Our study indicates that service providers have successfully complied with a government order to ban VPN services.
But even that is not enough it seems. Here's the latest plan:
Turkey is building a domestic search engine and email service compatible with national culture and values, according to statements made by Ahmet Arslan, Minister of Communication, in a television interview on Friday.

Minister Arslan explained the urgency of the plans in the live show on NTV, citing the need to store user data within the country and ensure that communications can be analysed domestically. Details such as the service's name, logo and organisation structure have yet to be announced.
It's interesting to see data localization being invoked here, just as it was in Russia. Fear of surveillance by the US seems to be one reason for the move, but the second part about allowing communications to be "analysed domestically" is also noteworthy. It could be a reflection of the fact that Gmail uses encrypted connections that prevent the Turkish authorities from monitoring who is saying what. One obvious step would be to ban Gmail and Google completely in Turkey in order to force people there to use the new domestic offerings. That would allow the government to monitor its citizens more closely, and to control the flow of online data more strictly.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

31 Comments | Leave a Comment..

Posted on Techdirt - 9 January 2017 @ 5:06pm

Tanzanian Farmers Face 12 Years In Prison For Selling Seeds As They've Done For Generations

from the why-not-adopt-big-ag's-patented-approach-instead? dept

Seeds might not seem to have much to do with digital technology, but the DNA that lies at their heart is in fact digital information, and thus many of the issues that concern Techdirt also apply here. One of the key battlegrounds for seeds and their ownership is Africa, as we discussed back in 2013. The Belgian site Mondiaal Nieuws has an update on what's happening in one of the poorest African countries, Tanzania. Things aren't looking good there following a change in the relevant law:

"If you buy seeds from Syngenta or Monsanto under the new legislation, they will retain the intellectual property rights. If you save seeds from your first harvest, you can use them only on your own piece of land for non-commercial purposes. You're not allowed to share them with your neighbors or with your sister-in-law in a different village, and you cannot sell them for sure. But that's the entire foundation of the seed system in Africa", says Michael Farrelly [from an organic farming movement in Tanzania].

Under the new law, Tanzanian farmers risk a prison sentence of at least 12 years or a fine of over €205,300 [about $213,000], or both, if they sell seeds that are not certified.

"That's an amount that a Tanzanian farmer cannot even start to imagine. The average wage is still less than 2 US dollars a day", says Janet Maro, head of Sustainable Agriculture Tanzania (SAT).
The article indicates that "certified" in this context means patented. That's obviously a problem for small-scale farmers, since they would be unable to afford to go through the patenting process, even if that were even a realistic option. For multinationals like Syngenta or Monsanto, by contrast, patenting is as natural as breathing, and so the new system will strengthen their hand considerably.
"As a result, the farmers' seed system will collapse, because they can't sell their own seeds", according to Janet Maro. "Multinationals will provide our country with seeds and all the farmers will have to buy them from them. That means that we will lose biodiversity, because it is impossible for them to investigate and patent all the seeds we need. We're going to end up with fewer types of seeds."
Here's why this is all happening:
Tanzania applied the legislation concerning intellectual property rights on seeds as a condition for receiving development assistance through the New Alliance for Food Security and Nutrition (NAFSN). The NAFSN was launched in 2012 by the G8 with the goal to help 50 million people out of poverty and hunger in the ten African partner countries through a public-private partnership. The initiative receives the support of the EU, the US, the UK, the World Bank and the Bill & Melinda Gates Foundation.
What's particularly regrettable here is not just the loss of biodiversity, and the fact that African farmers will be beholden to Western corporations, but that the NAFSN program will achieve the opposite of its stated aims, and end up taking away what little independence Tanzanian farmers enjoyed under the traditional seed system. No wonder, then, that last year Members of the European Parliament called for the NAFSN to "radically alter its mission". Judging by what's happening in Tanzania, there's no sign of that happening.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

139 Comments | Leave a Comment..

Posted on Techdirt - 9 January 2017 @ 11:59am

Bulgarian Public Radio Forbidden To Play 14 Million Pieces Of Music By Copyright Collection Society

from the let-them-listen-to-folk-music dept

As stories from the UK, Kenya, Peru, Slovakia, Canada, Germany, Taiwan, and the US demonstrate, there's really something rather special about copyright collection societies. Back in 2012, Mike discussed a paper on the subject that listed over 90 examples of actions taken by collection societies around the world that have been bad either for artists or for users. Looks like we can add Bulgaria to the list:

The Bulgarian National Radio [BNR] and copyright organization Musicautor remain at loggerheads over music fees, with officials being cautious in their reaction.

Since January 01, the public radio is barred from playing more than 14 000 000 musical pieces from around the world and plays mostly classical music, jazz and folklore music.
As the report on the novinite.com site from Bulgaria's capital Sofia explains, that's because Musicautor is demanding that the present music licensing fee of 1% of BNR's state subsidy should increase to 3%. It tries to justify that massive rise by pointing out that other countries around Europe pay a similarly elevated fee. But as the head of Bulgaria's radio explains:
the demand from Musicautor is a burden on [BNR's] budget and "does not rest on economic realities". He accuses the organization of abusing its monopoly over copyright and warns if the radio were to agree, it would have to take one of its regional programs off air, infringing on the public interest.
Just because copyright collection societies have succeeded in squeezing fat licensing fees out of public broadcasters in other countries doesn't mean that this is some inalienable right everywhere. Rather, it reflects the power -- the monopoly power, in fact -- of a collection society to threaten to stop people listening to millions of the most popular tracks on their national radio stations, however unreasonably, simply because it can.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

20 Comments | Leave a Comment..

Posted on Techdirt - 6 January 2017 @ 7:39pm

Finland Will Give 2000 Unemployed People $590 Every Month, No Strings Attached, Even After They Get A Job

from the money-for-nothing dept

Back in 2015, a Techdirt Podcast explored the fascinating idea of a universal basic income guarantee, something that the Swiss considered, but ultimately rejected in a referendum. The idea of giving money to everyone, regardless of what they do, or how much they earn, is intriguing and attractive for many. But what effect would it have on how people live and work? That's what Finland hopes to find out from an experiment it is conducting in this field, as a story in the Guardian reports:

Finland has become the first country in Europe to pay its unemployed citizens an unconditional monthly sum, in a social experiment that will be watched around the world amid gathering interest in the idea of a universal basic income.

Under the two-year, nationwide pilot scheme, which began on 1 January, 2,000 unemployed Finns aged 25 to 58 will receive a guaranteed sum of €560 (£475).
As that indicates, this isn't a universal basic wage, since it's aimed at just a few of those receiving unemployment benefit, and the money will replace existing financial support. On the other hand, it isn't just some kind of creative accounting, because they will continue to receive the monthly sum even if they find work. There are already plans to roll it out more widely.

As the Guardian notes, other parts of the world, including Canada, Italy, the Netherlands and Scotland, are also looking to try out the idea. At a time when there are fears that automation may well reduce the total number of workers needed in industry, it's great to see these experiments exploring an approach that could help to alleviate social problems arising from this shift.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

70 Comments | Leave a Comment..

Posted on Techdirt - 6 January 2017 @ 3:33am

Belgium Wants EU Nations To Collect And Store Personal Data Of Train, Bus And Boat Passengers

from the what-next?-bicycles? dept

It's become pretty common for the authorities to collect personal information about passengers from airlines, supposedly to ensure security. It's a sensitive area, though, as shown by the many years of fraught US-EU negotiations that were required in order to come up with a legal framework for transferring this data to the US when EU citizens were involved. However, not all EU countries are so concerned about that privacy thing. Belgium, for example, thinks that the current approach doesn't go far enough, and that it should be extended to include all forms of mass transport. As this EurActiv article notes, the Belgian parliament has already voted to bring in a national system for trains, buses and boats by May 2018, and the country is calling for the rest of the EU to follow suit:

In response to a number of terror attacks, Belgium wants greater control over who travels on its trains, buses and boats and will present its plans at the next meeting of EU interior ministers at the end of January.
However, there's a problem. Last year, the EU finally passed the EU Passenger Name Record (EUPNR) directive:
The EU PNR directive will oblige airlines to hand EU countries their passengers' data in order to help the authorities to fight terrorism and serious crime. It would require more systematic collection, use and retention of PNR data on air passengers, and would therefore have an impact on the rights to privacy and data protection.
Despite data protection safeguards that were included, resistance to bringing in this directive was fierce from many quarters. EurActiv says:
According to EU diplomats, the decision on air traffic passenger data was already a "big step" and that measure only applies to travellers going to or from third party destinations.
Against that background, asking the EU to extend the PNR scheme to include trains, buses and boats may be going too far, so to speak. Nonetheless, it's a bad idea that's now out there, and all-too likely to spread.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

18 Comments | Leave a Comment..

Posted on Techdirt - 5 January 2017 @ 1:04pm

Ex-MI6 Boss: When It Comes To Voting, Pencil And Paper Are 'Much More Secure' Than Electronic Systems

from the and-he-should-know dept

Techdirt has been worried by problems of e-voting systems for a long time now. Before, that was just one of our quaint interests, but over the last few months, the issue of e-voting, and how secure it is from hacking, specifically hacking by foreign powers, has become a rather hot topic. It's great that the world has finally caught up with Techdirt, and realized that e-voting is not just some neat technology, and now sees that democracy itself is at play. The downside is that because the stakes are so high, the level of noise is too, and it's really hard to work out how worried we should be about recent allegations, and what's the best thing to do on the e-voting front.

What we really need is someone distant from the current US debate, and yet with a great deal of knowledge of how foreign intelligence services hack into computer systems. Maybe someone like Sir John Sawers, former head of MI6, the UK's CIA. Here's what he said recently to the BBC on the subject of e-voting:

"Bizarrely the stubby pencil and piece of paper that you put your cross on in the ballot box is actually much more secure than anything which is electronic."
And added:
"The more things that go online, the more susceptible you are to cyber attacks."
Since MI6 has probably been involved in quite a few of those attacks, Sir John speaks with a certain authority. He also has a good analysis of why there is this constant push for e-voting, even though security experts are pretty unanimous in their warnings of the dangers:
"The only trouble is, the younger generation of people expect to be able to do things remotely and through electronic devices."
That also goes some way to explaining the naivety of most people when it comes to the Internet of Things. Many people just "expect" everything to be digital and online and linked to its own app, even when it's just a hair brush.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

34 Comments | Leave a Comment..

Posted on Techdirt - 5 January 2017 @ 3:33am

Putin's Adviser Says Russia Must Be Ready To Disconnect Itself From The Global Internet

from the death-of-"death-of-geography" dept

Back in November, we wrote about Russia's surprising move to enforce an older data localization law that requires all Internet companies to store the personal data of Russian citizens on Russian soil. At the time, that seemed to be just another example of Vladimir Putin's desire to keep a close eye on everything that was happening in Russia. But a comment from his Internet adviser, German Klimenko, hints that there could be another motive: to make it easier for Russia to cut itself off from the global Internet during a crisis, as The Washington Post reports:

Klimenko pointed out that Western powers had cut Crimea off from Google and Microsoft services after the peninsula was annexed from Ukraine by Russia (the companies were complying with U.S. sanctions on Crimea imposed after Russia's takeover). He suggested that showed why it was necessary for the Russian Internet to work on its own.

"There is a high probability of 'tectonic shifts' in our relations with the West," said Klimenko. "Therefore, our task is to adjust the Russian segment of the Internet to protect themselves from such scenarios." He added that "critical infrastructure" should be on Russian territory, "so no one could turn it off."
Klimenko's comments were made before the US announced its response to claims of Russian interference in the presidential election process. His analysis of "tectonic shifts" in US-Russia relations now looks rather prescient, although US threats to hack back made it a relatively easy prediction. And even though his call for Russia to ensure its critical infrastructure cannot be "turned off" by anyone -- in particular by the US -- may be grandstanding to a certain extent, it is not infeasible.

The Chinese have consciously made their own segment of the Internet quite independent, with strict controls on how data enters or leaves the country. Techdirt reported earlier that Russia was increasingly looking to China for both inspiration and technological assistance; maybe Klimenko's comments are another sign of an alignment between the two countries in the digital realm.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

16 Comments | Leave a Comment..

Posted on Techdirt - 4 January 2017 @ 11:02pm

Great: Now Wall Street Is Funding Speculative Corporate Sovereignty Claims For A Share Of The Spoils

from the this-is-fine dept

Techdirt first wrote about corporate sovereignty four years ago -- although we only came up with that name about a year later. Since then, a hitherto obscure aspect of trade deals has become one of the most contentious issues in international relations. Indeed, the investor-state dispute settlement (ISDS) measures in both TPP and TTIP played an important part in galvanizing resistance to these so-called "trade" deals, and thus in their defeat, at least for the moment (never say "never".)

Corporate sovereignty may be a tough sell in new trade deals, but it is still lurking in plenty of existing agreements. For example, a post on the Sierra Club blog points out that two countries, Colombia and Romania, are being sued using ISDS clauses because of their refusal to issue mining permits:

Both mines would require huge quantities of cyanide and threaten watersheds used by millions of people for drinking water. One would damage a unique, legally protected ecosystem and the other would destroy an ancient, UNESCO-nominated settlement. Both have been opposed by scientific bodies, protested by tens of thousands of people, and restricted by domestic courts.
The use of corporate sovereignty to trump health and environmental concerns is nothing new. What is noteworthy here is the following:
Both ISDS claims are being funded by the same Wall Street hedge fund -- Tenor Capital Management. Tenor helps cover the companies' legal costs in exchange for a cut of any award. These speculative ISDS bets have already paid off for Tenor. The hedge fund won big in April 2016 when it secured 35 percent of a $1.4 billion ISDS ruling against Venezuela, a return of over 1,000 percent on the $36 million that Tenor had provided for the legal costs of the company that brought the case.
That is, the rewards of winning a corporate sovereignty case are so great that hedge funds are starting to fund them speculatively with no direct connection to the ISDS dispute other than providing money to initiate and pursue the claim. As the Sierra Club points out:
The risks of such arrangements, known as "third-party funding," are clear: When Wall Street speculates on the outcome of ISDS cases, it inflates the number of corporate suits against governments, leading to higher costs for taxpayers and higher risks for policymakers that challenge harmful investments.
Doubtless, defenders of the corporate sovereignty system will claim that the hedge fund's willingness to invest money is actually a good thing, since it means that even impecunious companies can enjoy their "right" to sue a government. But the new interest of Wall Street in ISDS underlines the unfair asymmetry of the system:
Because only corporations, not governments, can launch ISDS cases, governments have no equivalent funding sources, as they have no potential winnings to leverage. In Costa Rica -- which is also on the receiving end of a third-party-funded ISDS case relating to an environmentally destructive gold mine -- the Attorney General's office has an annual budget of only $17 million. In Bolivia -- one of the poorest countries in the Western Hemisphere, which faces a third-party-funded ISDS case relating to a silver mine -- the Attorney General's office has a budget of $12 million.
This is a crucially-important point about corporate sovereignty: governments never win ISDS cases; at best, they just don't lose them. All the upside is with the corporates that bring the claim, and all the downside with nations that are defending their actions and regulations. The new wave of third-party funding will accentuate that skewed nature, and make corporate sovereignty even more of a scourge than it is today, regardless of whether it is ever included again in any new deal.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

27 Comments | Leave a Comment..

Posted on Techdirt - 20 December 2016 @ 3:35am

Seeking Open Access Deal, 60 German Academic Institutions Ditch All Subscriptions With Elsevier

from the united-we-stand dept

In the struggle to provide open access to academic research, one company name keeps cropping up as a problem: Elsevier. Techdirt has written numerous stories about efforts to rein in the considerable -- and vastly profitable -- power that Elsevier wields in the world of academic publishing. These include boycotts of various kinds, mass resignations of journal editors, as well as access to millions of publicly-funded papers in ways that bypass Elsevier altogether.

Alongside these grassroots actions, some universities and research institutes have tried taking a different approach. They are making common cause by banding together in order to strengthen their negotiating hand with the global publishing giant. The aim is to get a better deal from Elsevier, particularly in terms of providing open access to papers. Last year, a group of universities in the Netherlands used this strategy with some success, as Science reports:

A standoff between Dutch universities and publishing giant Elsevier is finally over. After more than a year of negotiations -- and a threat to boycott Elsevier's 2500 journals -- a deal has been struck: For no additional charge beyond subscription fees, 30% of research published by Dutch researchers in Elsevier journals will be open access by 2018.
The Science article points out that this win had limited impact, because only about 2% of all academic papers are produced by Dutch authors. That makes the following move by the much larger German academic community of considerable importance:
The DEAL project, headed by HRK (German Rectors' Conference) President Prof Hippler, is negotiating a nationwide license agreement for the entire electronic Elsevier journal portfolio with Elsevier. Its objective is to significantly improve the status quo regarding the provision of and access to content (Open Access) as well as pricing. It aims at relieving the institutions' acquisition budgets and at improving access to scientific literature in a broad and sustainable way.

In order to improve their negotiating power, about 60 major German research institutions including Göttingen University cancelled their contracts with Elsevier as early as October 2016. Others have announced to follow this example.
According to the post, Elsevier made its first offer to the group, but it was considered inadequate, and so the German institutions have ditched all their subscriptions with the publisher. As they say:
All participants in this process are aware of the imminent effects this has on research and teaching. However, they share the firm conviction that, for the present, the pressure built up by the joint action of many research institutions is the only way to to reach an outcome advantageous for the German scientific community.
Let's hope they are able to preserve their united front in order to win open access to the articles their researchers publish. After all, a win for the DEAL project is also a win for the rest of us.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

8 Comments | Leave a Comment..

Posted on Techdirt - 15 December 2016 @ 3:23am

Photographers And Filmmakers Call For Encryption To Be Built Into Cameras As Standard

from the a-picture-is-worth-a-thousand-passwords dept

Encryption has become one of the key issues in the digital world today, as the many posts here on Techdirt attest. And not just in the tech world, but far beyond, too, as governments grapple with the spread of devices and information that cannot easily be accessed just because they demand it. Techdirt readers probably take crypto for granted, as an increasing proportion of Web connections use HTTPS, mobile phones generally offer encryption options, and hugely-popular mainstream programs like WhatsApp deploy end-to-end encryption. But a recently-published open letter points out that there is one domain where this kind of protectively-scrambled data is almost unknown: photography. The letter, signed by over 150 filmmakers and photojournalists, calls on the camera manufacturers Canon, Fuji, Nikon, Olympus and Sony to build encryption features into their still photo and video camera products as a matter of course. Here's why the signatories feel it's necessary:

Without encryption capabilities, photographs and footage that we take can be examined and searched by the police, military, and border agents in countries where we operate and travel, and the consequences can be dire.

We work in some of the most dangerous parts of the world, often attempting to uncover wrongdoing in the interests of justice. On countless occasions, filmmakers and photojournalists have seen their footage seized by authoritarian governments or criminals all over the world. Because the contents of their cameras are not and cannot be encrypted, there is no way to protect any of the footage once it has been taken. This puts ourselves, our sources, and our work at risk.
That's certainly true, and encryption would place an important obstacle in the way of the authorities seizing cameras and accessing the material they hold. However, it is only an obstacle, not real protection. Assuming encryption is widely implemented in cameras, repressive governments will have a number of options open to them for dealing with it.

They might simply pass laws that forbid the use of cameras that encrypt images. By declaring them illegal, governments could seize them at the border or whenever they are found. However, that's a fairly mild response. If the material on a camera seized by the authorities turns out to be encrypted, many would demand the password. If the photographer is lucky, a refusal might mean being thrown out of the country, probably without the camera. In the worst case, government thugs and criminals may try to obtain the necessary passwords the old-fashioned way -- by beating it out of the phtographer.

What is needed is an approach that avoids those risks. Maybe it would be possible to create hidden partitions on the camera's storage so that sensitive images could be stored there, while giving the authorities access to other less controversial shots. That still runs the risk of the camera being impounded and/or destroyed. Other options might be to transfer the sensitive stuff to tiny wifi-enabled SD cards that are hidden in specially-designed objects -- wristwatches, wallets, pens, buttons, etc. -- or to the cloud, if Net connectivity were available.

Encrypting cameras is certainly a great idea, not least because it helps to make crypto even more mainstream than it already is, and encourages people to expect it everywhere (although Nikon for one doesn't seem too enthusiastic about the proposal). But it's just a first step to address the serious threats faced by photographers in many parts of the world, something that would doubtless benefit from additional kinds of technical ingenuity.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

31 Comments | Leave a Comment..

Posted on Techdirt - 14 December 2016 @ 3:23am

A Nasty New Twist In Ransomware: To Decrypt Your Files Without Paying, Spread The Infection To Others

from the putting-the-mal-in-malware dept

Techdirt first wrote about ransomware back in 2010. Even then, we noted it was nothing new, but that a further twist on the idea had appeared. Well, here we are, nearly in 2017, and ransomware is still with us -- so much for tech progress -- and new twists are still appearing, as the Guardian reported recently:

Any user who finds themselves infected with the Popcorn Time malware (named after, but unrelated to, the bittorrent client) is offered the ability to unlock their files for a cash payment, usually one bitcoin ($772.67/£613.20).

But they also have a second option, described by the developers as "the nasty way": passing on a link to the malware. "If two or more people install this file and pay, we will decrypt your files for free".
This really puts the "mal" in "malware," since it makes a naked appeal to a victim's worst nature. A post on the site BleepingComputer.com offers more details of what seems to be a "work" in progress, including a screenshot of the ransom note, which contains the following information about those who claim to be behind this:
We are a group of computer science students from Syria, as you probably know Syria is having bad time for the last 5 years. Since 2011 we have more than half million people died and over 5 million refugees. Each part of our team has lost a dear member from his family. I personally have lost both my parents and my little sister in 2015. The sad part of this war is that all the parts keep fighting but eventually we the poor and simple people suffer and watching our family and friends die each day. The world remained silent and no one helping us so we decided to take an action.

Be perfectly sure that all the money that we get goes to food, medicine, shelter to our people. We are extremely sorry that we are forcing you to pay but that's the only way that we can keep living.
Well, maybe. But given the ruthlessness of the coders in offering a "nasty way" out of their threats, perhaps this is just another shrewd attempt to manipulate the ransomware victims -- one that is cynically exploiting the very real Syrian tragedy that is unfolding before our eyes.

Until now, malware has been a simple arms race between the authors of harmful code, and the companies making anti-virus products that try to spot the code before it can infect a user's system. The new Popcorn Time ransomware adds a new dimension, and seeks to make the victim an active and complicit vector of infection.

This opens up all kinds of possibilities. For example, we might see ransomware that starts to offer bonuses according to the number of people you infect. You can always claim it was the malware, not you, that sent the program, and nobody will know about your Bitcoin payments. Maybe inventive Techdirt readers can come up with a few more "nasty" ideas that build on this latest twist in ransomware coding.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

30 Comments | Leave a Comment..

Posted on Techdirt - 12 December 2016 @ 5:17pm

Study Shows Risks Of Including Corporate Sovereignty In The 'Other' Huge Asian Trade Deal, RCEP

from the watch-out-US dept

As we've noted, TPP is unlikely to come back from the dead, despite what some seem to think or hope. For example, the Japanese government has decided to go ahead and ratify TPP anyway. That seems foolish, since it has just thrown away most of its bargaining counters for other trade negotiations, in what amounts to an act of political seppuku. As Sean Flynn points out, Japan has form here, since it also ratified the infamous Anti-Counterfeiting Trade Agreement (ACTA), just as pointlessly.

One of the most important trade deals still under active discussion is the Regional Comprehensive Economic Partnership (RCEP). Techdirt first wrote about this 18 months ago, while recently we noted that many of its provisions are even worse than those in TPP. One aspect of RCEP that has received little attention so far is the corporate sovereignty chapter. The Transnational Institute (TNI) has put together a useful document looking at what it calls the "hidden costs" of including investor-state dispute settlement (ISDS) in RCEP. It provides an excellent summary of corporate sovereignty activity in Asia that complements a 2014 study from Friends of the Earth Europe, which looked at the same "hidden costs" of ISDS in Europe. Here are a few of the main findings for RCEP nations (pdf):

50 investment arbitration cases already filed against 11 RCEP (Regional Comprehensive Economic Partnership) countries since 1994, over 50% of which have been filed after 2010.

India alone has been the target of 40% of the cases filed against RCEP countries.

Foreign investors have claimed at least 31 billion USD from RCEP countries. Given the secrecy surrounding investor-state dispute settlement (ISDS) proceedings, this could be much more. This amount is 7 billion USD less than India's entire health budget for 2015.

Of the 31 billion USD claimed by investors, 81% has been claimed from just four countries, India, South Korea, Australia and Vietnam.

The largest known amount paid to a foreign Investor by an RCEP country is 337 million USD as part of the settlement in the Cemex versus Indonesia case.

36% of cases against RCEP countries concern environmentally relevant sectors.

RCEP countries have been sued for measures taken to protect public health, adjust corporate taxes, promote industrialisation, and review contracts acquired through allegations of corruption, among others.
The study brings together much-needed data on corporate sovereignty cases in Asia. It also points outs why RCEP countries would be very unwise to sign up to an ISDS chapter in the deal:
Including the harmful ISDS clause in the RCEP trade agreement under negotiation contributes to cementing investors' rights and expanding the scope of private arbitrators' power. RCEP will lock in place this system of privatised justice. Governments will find it much more difficult to withdraw their commitments to the rights accorded to foreign investors in RCEP than in Bilateral Investment Treaties, because they would need to put an end to the whole agreement and not just the sections on investors' rights.
It's a general problem with ISDS provisions in trade deals: they are almost impossible to cancel, however much harm they end up causing. The bigger the deal, the greater the lock-in. This aspect underlines once more how corporate sovereignty comes at the expense of national sovereignty.

Finally, there's one other interesting nugget that Techdirt readers may find of note. According to the RCEP report, over two-thirds of all ISDS cases against RCEP nations have come from Europe. At the moment, there are only a few minor trade deals that allow European companies to sue the US in ISDS tribunals, in theory at least. But if some kind of post-Trump TTIP 2.0 were agreed -- always a possibility despite the anti-trade deal rhetoric -- and it included a corporate sovereignty chapter, the US might find itself on the receiving end of a similar barrage of costly lawsuits that will reduce its sovereignty at both a national and local level.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

13 Comments | Leave a Comment..

Posted on Techdirt - 9 December 2016 @ 9:39am

Why It's Pointless For Trump To Renegotiate TPP, Even If He Wanted To, And Even If He Could

from the those-that-live-by-the-tweet,-die-by-the-tweet dept

Last month, we pointed out that that pretty much everyone agrees that TPP is dead... except that some still cling to the hope that Trump might be persuaded to carry out another swift U-turn and revivify the zombie deal. As Mike noted, Trump doesn't seem to be against these kinds of mega-trade deals in principle, it's just that he says the US generally concedes too much in them. That means he'd need some kind of high-profile win to make TPP 2.0 compatible with his earlier condemnation of TPP 1.0's terms.

The hope amongst true TPP believers seems to be that Trump could reopen the negotiations, talk tough, and strike a deal that is far more favorable to the US, which he could then ratify, holding it up as another Trump triumph. But in an article on the Cobram Courier site, the Australian ambassador to the US, Joe Hockey, says it would be "fanciful" to think the other TPP nations would happily reopen negotiations so that Trump could rewrite it in his favor. Leaving aside the fact that as one of Australia's top diplomats, Hockey doubtless knows exactly what his government's views are on this and thus speaks with authority, his logic is simple and pretty inarguable:

If the US gets a better deal out of the TPP then the other 11 countries have to make sacrifices and those other countries are going to find it politically impossible to sell it domestically that they are making more sacrifices than President Trump.
Hockey said that governments in the other nations had already come under intense domestic pressure over the current TPP, and the concessions they had needed to make in order to secure a deal. A new agreement would be even worse, because there's an extra factor exacerbating the situation:
Those pressures wouldn't get easier if in a very celebrated way the president of the United States says 'We got a better deal' because that means we got a lesser deal.
Despite the prayers of some die-hard supporters, it seems unlikely that Trump could manage to get the other TPP nations to agree to reopen the deal after eight years of fraught negotiations, and then persuade them to sign up to amendments that gave the US more and the others less. But even if he did, it would take only one triumphant @realDonaldTrump tweet boasting hyperbolically of his success -- naturally RT'd ten thousand times around the world -- for the President to make the new deal irremediably toxic for the other TPP governments, and thus impossible to ratify.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

29 Comments | Leave a Comment..

Posted on Techdirt - 8 December 2016 @ 3:25am

TPP, TTIP And CETA Are Disasters For The Public: Are There Better Ways To Do Trade Deals?

from the Paul-Magnette-says-there-are dept

Techdirt has been covering so-called trade deals like TPP, TTIP, TISA and CETA for many years, and we've reported on the deep problems that people have discerned in their proposals. A legitimate criticism might be that pointing out difficulties is all very well, but what are the alternatives? One was offered back in 2013, from something called the Alternative Trade Mandate Alliance:

an alliance of development and farmers' groups, Fair Trade activists, trade unionists, migrant workers, environmentalists, women's, human rights, faith and consumer groups from all over Europe, developing an alternative vision of European trade policy that puts people and planet before big business.
That sank without trace, and things have been pretty quiet since then on the alternative trade deals front. But now we have the grandly-named Namur Declaration. The name is significant: it's the capital of the Belgian region of Wallonia that came close to derailing the EU-Canada trade deal (and may still do so). The 29 signatories (pdf) are all European academics, and they include the well-known economist Thomas Piketty, and a former political science professor at the Université Libre de Bruxelles, called Paul Magnette. He's better known as the Minister-President of Wallonia, and the person who led the resistance to CETA, which adds an extra piquancy to the Declaration. Here's the basic intent:
The propositions in this Declaration aim to meet the legitimate concerns of a growing number of European citizens. Inspired by the values of solidarity, democracy and progress that constitute the European Union, these propositions must, according to the signatories, become the standard in every negotiation of trade and economic treaties in which the EU and its Member States are stakeholders.
It then goes on to make the interesting comment:
This means that the EU is not in a position today to negotiate a balanced agreement with the United States, given the asymmetry between the partners, especially in terms of the degree of completion of their respective domestic markets and the unresolved extraterritorial issues of US law.
The main Declaration consists of three sections. The first, "Respect for democratic procedures," calls for a bunch of sensible things. For example, it says:
Public analyses and contestation of the potential effects of a new economic and commercial treaty should take place before establishing a negotiating mandate.
Similarly:
The interim results of the negotiations should be made public and accessible in due course, so that civil society is ensured full knowledge and a parliamentary debate can take place before closing the negotiations
The second section calls for "Compliance with socio-economic, sanitary and environmental legislation," and includes the following novel idea:
Standstill clauses should be included to prevent the Parties from lowering their social, sanitary and environmental norms to promote exports and attract investment. These clauses shall be matched with sanction mechanisms, and Parties' compliance with their obligations may in no case substantiate a claim for compensation by investors or other private economic operators
That's a neat subversion of the traditional standstill clause -- for example in TISA -- which is designed to ensure that parties cannot ever reduce their concessions to business, and must always move in the direction of increasing liberalization and deregulation. In the last section, the Namur Declaration addresses the thorny issue of corporate sovereignty:
The recourse to national and European competent courts should be favoured. International dispute settlement mechanisms should be established only insofar as they have certain advantages (in terms of the uniform application of treaties, speed and qualification of judges), include transparency guarantees and an appeal mechanism ensuring the consistency of decisions
As well as calling for truly independent and impartial judges, the Declaration also wants any dispute resolution mechanism to be available to small companies and even members of the public.

The Namur Declaration is mostly of interest because it grew out of Magnette's personal experience with CETA (article in French). The fact that a few dozen leading academics have lent their names to it adds weight, but is unlikely to bring about major changes to the way that trade negotiations are conducted. However, seismic political developments on both sides of the Atlantic are already doing that; let's hope these provide an opportunity to debate and maybe even adopt some of the Declaration's bold ideas.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

29 Comments | Leave a Comment..

Posted on Techdirt - 2 December 2016 @ 1:11pm

Antigua Says It Will Certainly, Absolutely, Definitely Use WTO Permission To Ignore US Copyright And Set Up A Pirate Site, Maybe

from the don't-make-us-do-this dept

One of the longest-running, and most extraordinary, sagas on Techdirt concerns the island of Antigua. Over 13 years ago, the country filed a complaint at the World Trade Organization (WTO) over the US ban on online gambling, which Antigua said violated a trade agreement between the two countries. Long story short, the WTO not only agreed, but said that the Caribbean country could ignore US copyrights, and set up a WTO-authorized pirate site to obtain the $21 million in WTO sanctions that the US was refusing to pay as compensation for blocking Antigua's online gambling sites. In 2013, Antigua was still saying it was definitely going to do this if it couldn't come to some agreement with the US on the matter, and the US was still refusing to settle.

Three years later, Antigua -- officially known as Antigua and Barbuda -- has just told a meeting of the WTO's Dispute Settlement Body (DSB) the following:

Antigua and Barbuda now informs the DSB that, if an appropriate and beneficial settlement is not reached with the US by year-end, the government will be compelled to take action to enforce the suspension of copyright on the sale of US intellectual property, consistent with the award of the DSB.
That's from a copy of Antigua's statement (pdf), obtained by IP Watch. The spokesperson claims the country has suffered serious losses as a result of the US gambling ban:
Over that entire 12-year period, my small country with a Gross Domestic Product of just $1 billion has been deprived of trade revenues which now exceed $250 million.
The statement points out that for the US, $250 million represents just 0.0003% of its annual GDP, and that over the last 12 years, the US has enjoyed a trade surplus of $1 billion with Antigua. Moreover:
While the US continues to act in contradiction of the rulings and recommendations stipulated by DSB concerning my country, it remains the most active user of the institution's Dispute Settlement System.
As a result of the continuing US intransigence, Antigua feels it has no choice but to take the momentous step of absolutely definitely setting up that WTO-authorized piracy site -- just like the last time it said that.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

Read More | 20 Comments | Leave a Comment..

Posted on Techdirt - 1 December 2016 @ 9:39am

China Files A Million Patents In A Year, As Government Plans To Increase Patentability Of Software

from the those-who-cannot-remember-the-past-are-condemned-to-repeat-it dept

Techdirt has been following for some years China's embrace of patents, loudly applauded by Western companies who believe this will give them more power there. The country has just passed a notable milestone in this area:

China is driving Asian-led growth in innovation worldwide, becoming the first country to file 1 million patent applications in a single year, the World Intellectual Property Organization (WIPO) said on Wednesday.

Chinese innovators filed most of their 2015 applications in electrical engineering, which includes telecoms, followed by computer technology and semiconductors, and measurement instruments, including medical technology, the U.N. agency said.
Reuters gives its story the headline "China top innovator with one million patent requests in year: U.N." But as Techdirt has pointed out again and again and again, more patents do not lead to more innovation, just to more patents. And it seems that is precisely what China wants. A report on Bloomberg notes that China is planning to make it even easier to get patents for both software and business methods:
[Proposed patent examination guidelines] seek to address concerns that some examiners have been too cautious in treating all references to business models or computers as red flags that signal unpatentability. A sentence in the draft explains that claims relating to a business method are not excluded from patentability if they contain sufficient technical features.

Meanwhile, another change clarifies that apparatus claims relating to software can contain both hardware and "program" components. And the draft changed language that some examiners have interpreted as barring nearly all computer program references. The guidelines clarify that inventions relating to "computer programs per se" are not patentable because those are rules and methods for mental activities.
China's move to embrace software patents and business methods comes at a time when both have become less patentable in the US thanks to the Alice decision, which is well on the way to killing software patents in the US. Of course, patent maximalists are drawing exactly the wrong conclusion here:
Critics in the U.S. have long argued that the U.S. Supreme Court's decision in Alice Corp. v. CLS Bank International has made many genuine software-related inventions unpatentable. At the same time, they say an improving environment in China means that patent holders should consider going there to enforce and monetize their IP.
Good luck with that. As the book "Patent Failure: How Judges, Bureaucrats, and Lawyers Put Innovators at Risk" by James Bessen and Michael J. Meurer chronicles, software patents and their associated lawsuits have imposed a huge net cost on the US technology ecosystem. It's mostly patent trolls and lawyers who have benefited from the thicket of intellectual monopolies that has threatened to strangle innovation. The same is likely to happen in China as it foolishly follows the US down the path of allowing patents on everything under the sun.

That may be good news for the West in the long term, as the Chinese tech industry descends into an orgy of patent infringement suits that saps its resources and energy. But in the short term, many of the Western companies that are operating in China are likely to get caught up in this expensive, pointless mess too.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

23 Comments | Leave a Comment..

Posted on Techdirt - 30 November 2016 @ 11:42am

Ahead Of President Trump, The Web's One And Only Backup Wants To Make A Backup Of Itself (In Canada)

from the you-know,-just-in-case dept

The Internet Archive is probably the most important site that most people have never heard of, much less used. It is an amazing thing: not just a huge collection of freely-available digitized materials, but a backup copy of much of today's Web, available through something known as the Wayback Machine. It gets its name from the fact that it lets visitors view snapshots of vast numbers of Web pages as they have changed over the last two decades since the Internet Archive was founded -- some 279 billion pages currently. That feature makes it an indispensable -- and generally unique -- record of pages and information that have since disappeared, sometimes because somebody powerful found them inconvenient.

Given the way the world is going at the moment, that's a problem that is likely to get worse, not better. The founder of the Internet Archive, Brewster Kahle, is worried about that prospect, as he makes clear in a blog post:

On November 9th in America, we woke up to a new administration promising radical change. It was a firm reminder that institutions like ours, built for the long-term, need to design for change.

For us, it means keeping our cultural materials safe, private and perpetually accessible. It means preparing for a Web that may face greater restrictions.

It means serving patrons in a world in which government surveillance is not going away; indeed it looks like it will increase.

Throughout history, libraries have fought against terrible violations of privacy -- where people have been rounded up simply for what they read. At the Internet Archive, we are fighting to protect our readers' privacy in the digital world.
Ever the visionary, Kahle has come up with a bold plan to minimize possible damage from the incoming US administration, and any new laws harming the Internet that it might introduce:
So this year, we have set a new goal: to create a copy of Internet Archive's digital collections in another country. We are building the Internet Archive of Canada because, to quote our friends at LOCKSS, "lots of copies keep stuff safe." This project will cost millions.
Creating a backup of the Web's backup in this way would have been a great idea under any circumstances -- it's rather foolish to depend upon a single site to preserve humanity's collective digital memory. But it becomes even more prudent given the "radical change" that may be coming. And locating outside the US jurisdiction, in Canada, is a wise move.

As Kahle says, the project will cost millions, and he's asking for donations to help him realize his plan. As anyone who has used the Internet Archive knows, he deserves our support for what he has already achieved and made freely available through this invaluable resource. But supporting the next stage of his great project with a donation takes on an additional importance: it is not just a nice thing to do, it's a wonderful way to help the Web become more resilient to whatever 2017 may start throwing at it.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

96 Comments | Leave a Comment..

Posted on Techdirt - 30 November 2016 @ 3:24am

Russia Draws On Chinese Expertise And Technology To Clamp Down On Internet Users Even More

from the this-could-be-the-start-of-something-big-but-not-so-beautiful dept

There seems to be some kind of unspoken competition between Russia and China to see who can clamp down on the Internet the most. Techdirt readers might like to offer their own views in the comments as to who is winning that unlovely race. But the days of repressive rivalry are drawing to a close; according to this article in the Guardian, Russia has decided that it would be much simpler to borrow some of China's ideas:

Russia has been working on incorporating elements of China's Great Firewall into the "Red Web", the country's system of internet filtering and control, after unprecedented cyber collaboration between the countries.
Just as important as the ideas is the actual technology:
The Russians apparently see no other option than to invite Chinese heavyweights into the heart of its IT strategy. "China remains our only serious 'ally', including in the IT sector," said a source in the Russian information technology industry, adding that despite hopes that Russian manufacturers would fill the void created by sanctions "we are in fact actively switching to Chinese".
That Russian source is clearly trying to suggest that this new partnership is all the fault of the West for imposing those silly economic sanctions, and that this could have been avoided if everybody had stayed friends. But the coziness between Russia and China has been coming for a while, as their geopolitical ambitions align increasingly, so the collaboration over surveillance and censorship technologies would probably have happened anyway. The interesting question is how the new alliance might blossom if the future Trump administration starts to reduce its engagement with the international scene to concentrate on domestic matters. The new Sino-Russian digital partnership could be just the start of something much bigger, but probably not more beautiful.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

10 Comments | Leave a Comment..

Posted on Techdirt - 29 November 2016 @ 1:12pm

Cameroonian Government Calls Social Media A 'New Form Of Terrorism'

from the dangerous-as-a-missile dept

As Techdirt readers know, there's a bit of a debate going on currently about the influence that social media exerts on politics and society. If you are still a little undecided as to where you stand on this vexed subject, Cavaye Djibril, Speaker of the National Assembly in Cameroon, has a few thoughts on the subject (pdf):

I would like at this juncture to deplore what is developing into a new form of terrorism -- the social malaise now affecting the cyberspace, that is, the insidious effects of the social media.

The social media, which was initially perceived as a medium for online communication and information sharing, is now being used for misinformation, and even intoxication and manipulation of consciences thereby instilling fear in the general public. In fact, it has become as dangerous as a missile.
A fascinating post on Global Voices explains that Djibril's diatribe is part of a much larger government attack on social media. Television, radio and newspaper outlets controlled by the government have all piled in. Here's what the Cameroon Tribune wrote:
A careful analysis of the situation tells of a phenomenon that is proving to be dangerous for society if no measures are taken to scale it down. This is important especially as elections are approaching. People with political ambitions may dive into it and use it to fight their opponents.
Well, that's certainly true, but here's why the Cameroonian government really hates social media:
The immediate cause of the government's outrage was the deadly train derailment in Eseka, some 74 miles west of Cameroon’s capital, Yaounde, which resulted in the death of at least 80 people and injured over 600 on October 21, 2016. While social media users were nimble in sharing information about the disaster in real time, government officials and government-owned traditional media were slow to respond to, and inform the public about, the accident. In fact, pictures and videos of the tragedy were already being posted on Facebook, Twitter and other social media platforms when the government and Camrail (a subsidiary of the French conglomerate Bolloré that manages the railway system in Cameroon) were still denying that an accident occurred.
But it didn't stop there. As the Global Voices post notes, when government officials finally admitted that there had been an accident, social media continued to challenge the government version, which tried to play down the number of dead, and to lay the blame on allegedly-defective Chinese-made carriages. However, what really seems to have riled the Cameroon government is the following:
Most significantly, many Cameroonians criticized President Paul Biya on social media for what they perceived as his lukewarm attitude towards the tragedy -- not only did the president send a message of condolence to the victims from Switzerland (incidentally via social media), he did not return home immediately after the accident.
The flood of criticism and mockery that social media users directed towards the country's President seem to have been the last straw. As well as coordinated attacks by officials and government-controlled media, there are now rumors that the authorities are drafting a social media bill to stifle these kinds of posts.

The Cameroonian saga confirms just how powerful social media can be in holding those in power to account, and exposes the risk that thin-skinned rulers might take offense and abuse their powers to strike back. Luckily, this kind of thing could never happen in the US.

Follow me @glynmoody on Twitter or identi.ca, and +glynmoody on Google+

30 Comments | Leave a Comment..

More posts from Glyn Moody >>