Goldman Sachs Code-Theft Conviction Reversed

By David Kravets Email Author February 17, 2012 |  6:46 pm |  Categories: Breaches, Crime  | Edit

Sergey Aleynikov, wearing a baseball cap, leaves Manhattan federal court Friday after his conviction for stealing Goldman Sachs' high-speed trading code was reversed. Photo: AP

A federal appeals court on Friday reversed the conviction of a former Goldman Sachs programmer sentenced to eight years for stealing the bank’s high-speed trading software.

Sergey Aleynikov, 41, was convicted in 2010 of theft of trade secrets under the Economic Espionage Act.

The Russian-born Aleynikov worked for Goldman Sachs until June 2009, when authorities say he siphoned source code for the company’s valuable software on his way out the door to take a new job with another company. The software is used to make sophisticated, high-speed, high-volume stock and commodities trades. It earns the company “many millions of dollars in profits” each year, according to prosecutors.

The 2nd U.S. Circuit Court of Appeals heard his appeal on Thursday, and hours later and without explanation, reversed the 2010 conviction and ordered him acquitted, which usually forbids a retrial. On Friday, however, the court issued an amended order. It reversed the conviction, and ordered him free on $750,000 bond but removed the acquittal language. The appeals court said it would issue an opinion explaining the order in “due course.” (.pdf)

The New York Times summed up the court’s concerns during Thursday’s oral arguments. The paper noted that a critical issue was whether what he did was actually a crime under the Economic Espionage Act, which requires the theft to be from a “product designed for interstate commerce.” Aleynikov’s lawyers took the position that the software wasn’t used in interstate commerce, while the feds argued that it clearly was.

Aleynikov, a naturalized U.S. citizen who emigrated from the disintegrating Soviet Union in 1991, earned nearly $400,000 a year as a vice president with Goldman Sachs. He was arrested in July 2009 at the Newark Airport in New Jersey as he returned from a trip to Chicago.

Authorities alleged he stole “hundreds of thousands of lines” of source code from Goldman Sachs in the days before he left the company. They alleged that he downloaded various software from the Goldman Sachs network and transferred it to a storage website hosted in Germany, before trying to erase his tracks from Goldman Sachs’ network.

Aleynikov allegedly used a script to copy, compress, encrypt and rename files, and then upload them to the server in Germany. Once the data was transferred, the program that was used to encrypt the files was erased, and he allegedly attempted to delete the network’s batch history showing his activity.

Prosecutors said Aleynikov made several copies of the code and had it on his laptop when he flew to Chicago to meet his new employers at Teza Technologies in Chicago. Prosecutors said a search of Teza computers uncovered no copies of Goldman Sachs’ source code.

Tags: high-speed trading, Sergey Aleynikov
Post Comment | Comments (15) |  Permalink
Back to top

Anonymous Promises Regularly Scheduled Friday Attacks

By Quinn Norton Email Author February 17, 2012 |  6:09 pm |  Categories: Anonymous  | Edit

Anonymous, a group not known for discipline, is giving itself a weekly deadline, a new attack every Friday.

Following the Tuesday compromise of the website of tear gas maker Combined Systems, Inc., the Antisec wing of Anonymous struck a Federal Trade Commission webserver which hosts three FTC websites, business.ftc.gov, consumer.gov and ncpw.gov, the National Consumer Protection Week partnership website.

Claiming this hack in opposition of the controversial international copyright treaty known as ACTA, which had been widely protested around the world for its potential to curtail freedom of expression on the internet, Anonymous continued the political messaging that has marked much of its recent high-profile actions.

Anons claiming responsibility for the attack spoke to Wired.com in an online chat just as it happened, freely admitting that there was nothing technically remarkable in this hack. As one remarked, “own & rm and move on.” (rm being a unix command to delete data.)

But this week’s attacks came with a promise, first articulated in the defacement of CSI, and restated on the FTC websites: Every Friday will bring a new attack against government and corporate sites under the theme of #FFF, or Fuck the FBI Friday.

“We are already sitting on dozens of unreleased targets,” said an Antisec anon, who went on to describe an inventory of already compromised servers that could fill five months or more of #FFF releases.

“Yes, each and every Friday we will be launching attacks… with the specific purpose of wiping as many corrupt corporate and government systems off our internet,” the anon continued.

The choice of the FTC is an odd one, given the independent agency has no role in ACTA negotiations. Instead, it’s tasked with fighting unfair business practices, sanctioning companies like Google and Facebook for privacy violations, and running the Do-Not-Call list – hardly the stuff of Big Brother stomping on online rights forever.

While many attacks are likely to be simple defacements like the FTC website, Antisec claims to also be going through mail spools, SQL databases and password files on dozens of corporate and government servers which are unaware of their presence.

The anon speaking to Wired described the string of hacking as having “no foreseeable end in sight,” going on to say “the more we own, the more we steal credentials to even more targets.”

Consumer.Gov at 1:15am this morning, EST

They’ve decided try to balance between protest defacements like the two this week, and sifting through the data for material that can damage firms and agencies. “It’s more than just delivering a message or speaking truth to power… we are trying to disrupt their ability to operate and do business or exist at all on the internet,” the same anon said.

Jerry Irvine, a member of the National Cyber Security Task Force told the New York Times last week that attacks would become more frequent, describing the amorphous collective as “unstoppable,” because of the poor state of security online.

In an environment of heightened political tensions around protest movements like the Arab Spring and moves to restrict the internet like ACTA, those vulnerabilities are likely to play more of a role in Anonymous’ political dialogue.

“We’ve been saying it for the longest (time),” the Antisec anon explained, “this is war.”

Illustration: Simon Lutrin/Wired

Tags: Anonymous, antisec
Post Comment | Comments (33) |  Permalink
Back to top

Feds Seize $50 Million in Megaupload Assets, Lodge New Charges

By David Kravets Email Author February 17, 2012 |  5:34 pm |  Categories: Crime, politics  | Edit

Kim Dotcom poses beside a car in Hong Kong. Photo: Handout

The authorities said Friday they have seized $50 million in Megaupload-related assets and added additional charges in one of the United States’ largest criminal copyright infringement prosecutions.

Megaupload, the popular file-sharing site, was shuttered last month and its top officials indicted by the Justice Department, just days after online protests scuttled a Congressional proposal to make changes to the internet to reduce online copyright infringement.

Seven individuals connected to the Hong Kong-based site were indicted on a variety of charges, including criminal copyright infringement and conspiracy to commit money laundering. Five of the members of what the authorities called a 5-year-old “racketeering conspiracy” have been arrested in New Zealand, where they are being held pending extradition to the United States.

One of those arrested was Kim Schmitz, aka Kim Dotcom, Megaupload’s high-flying founder, who has been denied bail in New Zealand. Items seized from Dotcom include a large collection of cars, a mansion, bank accounts, jet skis and jewelry.

The government said the site, which generated millions in user fees and advertising, facilitated copyright infringement of movies “often before their theatrical release, music, television programs, electronic books, and business and entertainment software on a massive scale.” The government said Megaupload’s “estimated harm” to copyright holders was “well in excess of $500 million.”

Megaupload was on the recording and movie industries’ most-hated lists, often being accused of facilitating wanton infringement of their members’ copyrights. The indictment claims Megaupload induced users to upload copyrighted works for others to download, and that it often failed to comply with removal notices from rights holders under the Digital Millennium Copyright Act.

New charges (.pdf) levied Friday allege that Megaupload falsely represented to rights holders that it had removed infringing works from its servers.

The superseding indictment in the Eastern District of Virginia also claims that Megaupload paid one of its registered users $3,400 between 2008 and 2009 for uploading 16,960 files that generated 34 million views. The files included motion pictures Ocean’s Thirteen, Ratatouille and Evan Almighty, the government said.

The government, meanwhile, also said Friday that, despite claims of having 180 million registered users, the site had 66.6 million. The authorities said that 5.86 million of these registered users uploaded files, “demonstrating that more than 90 percent of their registered users only used the defendant’s system to download.”

Still, anyone who used Megaupload as a way to share and store legitimate files is now likely never going to be able to get them back.

Tags: copyright infringement, kim dotcom, Megaupload
Post Comment | Comments (8) |  Permalink
Back to top

Feds Urge Court to Reject Laptop Decryption Appeal

By David Kravets Email Author February 17, 2012 |  3:49 pm |  Categories: Coverups, Crime  | Edit

Photo: MarkyBon/Flickr

The government is urging a federal appeals court not to entertain an appeal from a bank-fraud defendant who has been ordered to decrypt her laptop so its contents can be used in her criminal case.

Colorado federal authorities seized the encrypted Toshiba laptop from defendant Ramona Fricosu in 2010 with valid court warrants while investigating alleged mortgage fraud, and demanded she decrypt it.

Ruling that the woman’s Fifth Amendment rights against compelled self-incrimination would not be breached, U.S. District Judge Robert Blackburn ordered the woman in January to decrypt the laptop by the end of February. The judge refused to stay his decision to allow Fricosu time to appeal.

The Colorado woman’s attorney appealed anyway, and the government on Thursday asked the 10th U.S. Circuit Court of Appeals to reject the petition that asserts the woman’s constitutional rights would be breached by being forced to hand over evidence against herself.

The government argued the same reasons that Judge Blackburn gave when he denied staying his decision: The issue, however novel, was not ripe for appeal.

Generally, appellate courts frown on taking cases until after there’s been a verdict. So the woman, the government said, should unlock the drive and appeal if she gets convicted of the financial fraud charges, which theoretically carry decades in prison.

Fricosu, prosecutor Patricia Davies wrote, “can appeal her conviction — just as defendants do when compelled to produce documents pursuant to subpoena or when denied suppression of evidence or statements pre-trial.”

Davies also said Fricosu’s reasons for appealing are legally baseless.

“Fricosu argues that the order is appealable because of its novelty, and the fact that it is of public interest and importance,” Davies wrote (.pdf) “But courts have properly rejected the claim that otherwise non-final orders should be reviewed on such grounds.”

The decryption case is a complicated one, even if solely analyzed on the underlying Fifth Amendment issue. Such decryption orders are rare, and they have never squarely been addressed by the Supreme Court.

One case involved a child pornography prosecution that ended with a Vermont federal judge ordering the defendant to decrypt the hard drive of his laptop.

While that case never reached the Supreme Court, it differed from the Fricosu matter because U.S. border agents already knew there was child porn on the computer because they saw it while the computer was running during a 2006 routine stop along the Canadian border. The authorities’ belief that Fricosu’s hard drive might contain evidence against her was the result of a recorded jailhouse conversation between her and a co-defendant.

And now the case is even more complicated and raises the question of what might happen if the woman does not comply with the judge’s order. Her attorney, Philip Dubois, suggested in a recent interview that his client might have forgotten the password.

If she does not decrypt the drive by month’s end, as ordered, she could be held in contempt and jailed until she complies. If the case gets to that point, Judge Blackburn would have to make a judgment call and determine whether the woman had forgotten the code or was refusing to comply.

Tags: decryption, Fifth Amendment
Post Comment | Comments (48) |  Permalink
Back to top

Google Busted With Hand in Safari-Browser Cookie Jar

By Ryan Singel Email Author February 17, 2012 |  3:02 pm |  Categories: privacy  | Edit

Photo: bcmom/Flickr

Google intentionally circumvented the default privacy settings of Apple’s Safari browser, using a backdoor to set cookies on browsers set to reject them, in the latest privacy debacle for the search and advertising giant.

Google immediately disabled the practice after the Wall Street Journal disclosed the practice Thursday night, which was discovered by Stanford researcher Jonathan Mayer and confirmed by security consultant Ashkan Soltani.

Safari, which accounts for about 6% of desktop browsing and more than 50% of mobile browsing, is the only major browser to block so-called third-party cookies by default. When you visit a website, all browsers, including Safari, allow that site to put a small tracking file on your computer, which allows the site to identify a unique user, track what they’ve done and remember settings. However, many sites also have Facebook “Like” buttons, ads served by third parties, weather widgets powered by other sites or comment systems run by a third party.

Safari blocks the sites that power those services from setting or reading cookies, so a Facebook widget on a third-party site, for instance, can’t tell if you are logged in, so it can’t load a personalized widget. Google, along with a number of ad servers, were caught by Mayer avoiding this block, using a loophole in Safari that lets third parties set cookies if the browser thinks you are filling out an online form. (See a good technical overview here.)

Google’s rationale seems to be that Apple’s default settings don’t adhere to standard web practices and don’t actually reflect what users want, since the browser never asks users if that’s the privacy setting they want. Facebook even goes so far as to suggest to outside developers that getting around the block is a “best practice,” linking to a developer’s blog post from 2010 that includes sample code on how to circumvent the block.

Google said it used the backdoor so that it could place +1 buttons on ads it places around the web via its Adsense program, so that logged-in Google+ users could press the button to share an ad. Without the work-around, the button wouldn’t be able to tell Google which Google account to link the button to.

Now if Safari weren’t so dominant on mobile to the popularity of the iPhone, it’d hardly be worth the code to get at the 6% of desktop users.

But more to the point, if this is a problem for Google and Facebook, and if the defaults actually do mess with user’s expectations, it would seem that there are better ways to bring attention to the issue than getting busted working around them. It may not be Apple’s first priority to help Facebook and Google, but I likewise doubt that Apple is intentionally trying to ruin user experience in order to hobble Facebook, Google and online ad networks.

As for Google, I would expect a new round of calls for hearings and perhaps even a fine from the FTC, which has already imposed mandatory privacy audits on Google for 20 years. And my new shorthand for how companies should deal with privacy – Don’t be a secretive jerk – applies here as well. Google may or may not have been a jerk in this case – that depends on your perspective, but it’s clear it was sneaky and secretive.

Given that Google announced it is backtracking on its privacy promises to users in order to create the mother of all online profiles by combining the data you give it to nearly all of its services, that secrecy may be more disturbing than the “crime” itself.

Post Comment | Comments (116) |  Permalink
Back to top

McCain: Cybersecurity Bill Ineffective Without NSA Monitoring the Net

By Kim Zetter Email Author February 16, 2012 |  7:21 pm |  Categories: Cybersecurity  | Edit

Photo: StuffEyeSee/Flickr

After three years of haggling to produce bipartisan cybersecurity legislation that addresses the security of the nation’s critical infrastructure systems, the Senate finally got a bill this week that seemed destined to actually pass.

That is, until a hearing on Thursday to discuss the bill in which Sen. John McCain (R-Arizona) sideswiped lawmakers behind the proposed legislation and announced that he, and seven other Senate ranking members, were opposed to the bill and would be introducing a competing bill in two weeks to address failings they see in the legislation.

McCain and his colleagues oppose the current bill on the grounds that it would give the Department of Homeland Security regulatory authority over private businesses that own and operate critical infrastructure systems and that it doesn’t grant the National Security Agency, a branch of the Defense Department, any authority to monitor networks in real-time to thwart cyberattacks.

The bill neglects to give authority “to the only institutions currently capable of [protecting the homeland], U.S. Cybercommand and the National Security Agency (NSA),” McCain said in a written statement presented at the hearing. “According to [General Keith Alexander, the Commander of U.S. Cybercommand and the Director of the NSA] in order to stop a cyber attack you have to see it in real time, and you have to have those authorities…. This legislation does nothing to address this significant concern and I question why we have yet to have a serious discussion about who is best suited to protect our country from this threat we all agree is very real and growing.”

The current cybersecurity bill proposes to do what nothing else has succeeded in doing to date – that is, improve the security of critical infrastructure systems. It would do this by giving the government regulatory power over companies that operate such systems to force them to do due diligence.

Sen. Joe Lieberman (I-Conn.) introduced the legislation on Tuesday along with Sen. Susan Collins (R-Maine) and Sen. Jay Rockefeller (D-W.Va.).

The Cybersecurity Act of 2012 (.pdf) requires the government to assess which sectors of critical infrastructure pose the greatest immediate risk and gives the Department of Homeland Security regulatory authority over the private companies that control designated critical infrastructure systems — such as telecommunications networks and electric grids and any other network “whose disruption from a cyber attack would cause mass death, evacuation, or major damage to the economy, national security, or daily life.”

The bill keeps the authority for critical infrastructure security oversight in the hands of DHS, a civilian agency, as opposed to McCain’s preference for the NSA, which protects the military’s networks and the government’s classified networks.

But Homeland Security head Janet Napolitano testified in support of enhanced authority for DHS, noting that the government’s expanding efforts in this area include a 2013 budget request of a whopping $769 million for cybersecurity efforts – 74 percent higher than 2012′s budget request.

The legislation would require owners and operators of critical infrastructure to meet security standards established by the National Institute of Standards and Technology, the National Security Agency and other designated entities, or face unspecified civil penalties. Critical infrastructure entities would be allowed to determine how best to meet the standards based on the nature of their business sector, but they would be required to certify annually that they do meet them.

The bill would protect entities that adhere to the standards from being sued in civil court for punitive damages should they experience a cyber-attack, though the bill says nothing about protecting them from suits for actual damages.

Critical infrastructure owners and operators can “self-certify” that they are compliant or obtain an audit from a third-party, similar to the way that companies that process credit and debit card payments currently obtain third-party audits certifying that they adhere to standards set by the payment card industry.

This raises questions, however, about how effective such certifications will be for securing critical infrastructure.

Certifications in the payment card industry have been widely criticized as ineffective since third-party auditors that certify systems against a checklist of requirements are paid to do so and have an incentive to pass a system less they not be invited back to conduct subsequent assessments. A number of the most high-profile and expensive credit card data breaches have occurred at companies that were certified compliant at the time they were breached, highlighting the unreliability of such measurements.

Chris Wysopal, chief technology officer for computer security firm VeraCode, expressed doubts that the proposed legislation would improve security unless it included some tangible way to verify that the standards, as implemented by companies, are actually tested to ensure that they secure critical facilities.

“There has to be some reality-based testing of whether the stuff is actually effective,” Wysopal told Wired. “That’s what the U.S. government does when they want real assurance – they have a Red Team at the NSA test to see if what they’re doing is really working.”

He suggested the government might take a random sampling of critical infrastructure companies each year to conduct penetration tests to verify that the standards – and the ways that companies are implementing them – are doing what they’re meant to do.

Wysopal also says that for the standards to be effective they have to be re-assessed each year and altered to adapt to new threats.

“We’re dealing with a very evolving tech landscape and threat landscape,” he said. “Attackers change their attacks all the time, and anything that’s a standard has to be a totally living standard that people realize they will have to re-address each year.”

Post Comment | Comments (185) |  Permalink
Back to top

Secret Service Seizes JotForm.com, Nuking Millions of Online Forms (Updated)

By David Kravets Email Author February 16, 2012 |  6:03 pm |  Categories: Censorship, Crime  | Edit

[ http://www.youtube.com/embed/JqxrCV3bSqM ]
Jotform.com, the domain name of a business providing hosting for online forms, has been seized by the Secret Service, essentially gutting the company’s business.

The Wednesday seizure of JotForm.com, with the assistance of the domain name’s registrar, GoDaddy, disabled about 2 million JotForm.com forms, said Aytekin Tank, the site’s founder. The embeddable forms are hosted by the company and let sites quickly put up contact and sign-up forms online.

GoDaddy told Wired it took the site down at the request of law enforcement.

Tank has informed its “hundreds of thousands of users” in a blog post to alter their form URLs to jotform.net, which should revive a customer’s hosted forms.

“They have disabled the DNS without any prior notice or request,” Tank said of GoDaddy. “They have told us the domain name was suspended as part of an ongoing law enforcement investigation.”

Update: JotForm seems to have gotten its domain name returned late Thursday afternoon Pacific time, according to Tank, who said DNS records were slowly reverting. “They have not notified us but it looks like they might have lifted the suspension,” Tank said in an e-mail. “We will probably never find out the reason for the suspension. It has been a very difficult 2 days for both our users and for us. So, I hope this is the end.”

In a Wednesday e-mail to Tank from GoDaddy’s Spam and Abuse Department, which Tank forwarded to Wired on Thursday, GoDaddy referred Tank to the Secret Service.

The agency did not immediately respond to Wired’s request for comment.

GoDaddy’s director of network abuse Ben Butler said in an e-mail to Wired that the registrar’s privacy policy prevents him from directly addressing the case, and did not specify if the company received a subpoena or simply gave the domain to the Secret Service based on a request.

“But, we can tell you in general terms, at the specific request of law enforcement, GoDaddy sometimes takes action to prevent further harm being caused by a website hosted on our servers,” Butler wrote. “This would include things like sites engaged in phishing, malware installation, securities fraud, and so on.”

The seizure came two weeks after Immigration and Customs Enforcement announced it had seized 307 domains allegedly engaged in unauthorized live sports streaming and for selling fake professional sports merchandise.

Tank speculated in a Hacker News forum that the investigation surrounds an e-mail phishing program being run by a customer using a hosted JotForm form.

“Our guess is that this is probably about a phishing form. We take phishing very seriously. Our Bayesian phishing filter … suspended 65,000 accounts last year,” he said.

On the New York company’s blog, he said, “We have 2 million user-generated forms. It is not possible for us to manually review all forms. This can happen to any website that allows user-generated content.”

JotForm is hardly alone in the business of online forms. Google Docs allows sites to embed forms, and SurveyMonkey recently bought Jotform competitor WuFoo last April for $35 million.

Techdirt’s Mike Masnick adequately sums up the concerns about this seizure.

“Even if the forms were being used for some illegal purpose,” Masnick said, “I still can’t fathom a reason why it should lead to everyone else getting censored and an internet startup facing a massive hardship wherein tons of users have had their service disrupted with millions of useful forms being suddenly disappeared.”

Tags: Domain Seizure, Secret Service
Post Comment | Comments (23) |  Permalink
Back to top

Lawmaker Demands DHS Cease Monitoring of Blogs, Social Media

By David Kravets Email Author February 16, 2012 |  3:15 pm |  Categories: politics, privacy  | Edit

Rep. Jackie Speier (D-California) has demanded an end to DHS online monitoring. Photo: Courtesy Rep. Speier

Rep. Jackie Speier (D-California) said Thursday she wants the Department of Homeland Security to cease its social-media and news-monitoring operation.

Speaking at a Homeland Security subcommittee hearing, the California lawmaker said she was “outraged” that the agency has hired a contractor to review a variety of social networking sites, including Facebook and Twitter, and that General Dynamics is being tasked with reviewing news sources, blogs and their bylines for all types of articles, including those containing anti-American sentiment and reaction to policy proposals.

“This should not be a political operation,” she said.

Speier said she found it particularly egregious that the department was analyzing the authors behind the online words.

“I find that outrageous,” she said during the 90-minute hearing of the Subcommittee on Counterterrorism and Intelligence. She said the agency should amend its $11 million contract with General Dynamics “to prevent that type of information from being collected.”

The monitoring largely came to light in January after the Electronic Privacy Information Center sued the DHS to obtain information about the little-known program. Some of the sites on its watchlist included Wikileaks, Drudge Report and, among others, Wired’s Threat Level and Danger Room blogs.

Mary Ellen Callahan, the DHS chief privacy officer, said, “We are just focusing on the event, the situation that is going on, and not worrying about the individual.”

But Callahan also said that the agency, indeed, does analyze who the author is of a particular work to determine if the report is “relevant and adds credibility to the report itself.”

Speier countered, saying: “I’m suggesting to you that it is irrelevant and you don’t need it and you should suspend that part of the contract.”

Callahan said, “We don’t collect information on individuals. We don’t monitor them in regards to First Amendment activity.”

Ginger McCall, an EPIC attorney, said in a telephone interview that the privacy group wants DHS to abandon the program (.pdf), which dates to at least 2006.

“We have asked for the program to be suspended,” she said. She added that EPIC wants DHS to “suspend the collection of public reaction and reports to policy proposals that reflect adversely on DHS or the government.”

Speier, during the hearing, said: “I for one wholeheartedly agree with their recommendations.”

Rep. Patrick Meehan (R-Pennsylvania), the subcommittee’s chairman, suggested the program had a “chilling effect” leading to a “forfeit” of “an expectation right of privacy.” Neither he nor anybody else in the 12-member committee went as far as Speier to suggest that the DHS abandon the “Social Networking/Media Capability” program.

According to the records EPIC obtained, the program involves the monitoring of “publicly available online forums, blogs, public websites and message boards.”

The documents showed that, in 2009, the DHS monitored residents’ reaction to an Obama administration proposal, now scuttled, to transfer detainees from Guantanamo Bay, Cuba, to a prison in Standish, Michigan.

Richard Chavez, the DHS director of office operations, was asked by the subcommittee why the government even needed to contract with General Dynamics to monitor the internet, and instead perform that mission with government staff.

Chavez said the contractor employed “skilled technicians in surfing the web.”

Tags: Department of Homeland Security, facebook, spying, Twitter
Post Comment | Comments (57) |  Permalink
Back to top

TSA Denies it Targets Attractive Female Passengers for Body Scans

By Kim Zetter Email Author February 15, 2012 |  8:09 pm |  Categories: privacy  | Edit

Responding to complaints from female airline passengers that they were singled out for body scans by airport security agents for their looks, the Transportation Security Administration has denied that its agents target women who are attractive.

In a blog post published late Wednesday, a TSA worker known as “Blogger Bob,” said that all milimeter wave body scanners currently used in airports around the country have been equipped “for quite some time” with an upgrade that protect the privacy of passengers. Instead of displaying anatomically correct images that are viewed by a TSA agent in a separate room, upgraded scanners show only the equivalent of a chalk outline of a body, and then only if the scanner has found something suspicious on the person. If the person has nothing suspicious, the monitor simply shows a green screen with the word “OK” on it.

What’s more, Blogger Bob noted that the monitors showing this image are now on the scanners themselves, visible to both passengers and agents.

He noted, however, that another type of body scanner used at some airports, known as backscatter scanners, have not been upgraded and still require a remote viewing room for an agent to see the image of passengers in the scanner.

The blog post was published in response to a recent story out of Dallas, where a female passenger told the local CBS affiliate that she had been forced to walk through a body scanner three times. The woman said she believed TSA agents wanted to examine her body. The agent who directed her to pass through the scanner told her the image was blurry.

The woman never filed a formal complaint, because she didn’t know there was any process for doing so. Although other woman did file complaints that CBS obtained, indicating that female passengers seemed to be singled out for screening at Dallas airports.

Blogger Bob indicated that the alleged incident was six months old but had it been reported at the time, the TSA would have reviewed surveillance cameras and interviewed the agents in question. He didn’t indicate when exactly the TSA had upgraded the millimeter wave machines in Dallas to add the privacy feature to them, and TSA could not be reached immediately for questioning.

Post Comment | Comments (29) |  Permalink
Back to top

MP3 Reseller Accuses Capitol Records of Sabotage

By David Kravets Email Author February 15, 2012 |  6:36 pm |  Categories: Copyrights and Patents, The Courts  | Edit

Album artwork on MP3 reseller ReDigi.com is noticeably absent after Rdio cut the site off.

A one-of-a-kind startup enabling the online sale of pre-owned digital-music files is accusing Capitol Records of trying to sabotage its business, records obtained by Wired show.

Capitol Records and ReDigi — a months-old startup which claims to be a modern-day used record store providing the public with a platform to buy and sell used MP3s — are embroiled in a nasty copyright infringement suit in New York federal court. U.S. District Judge Richard Sullivan declined to issue an injunction that would have effectively shuttered ReDigi last week at Capitol’s request, and on Wednesday set an August trial date.

Massachusetts-based ReDigi now claims that Capitol muscled another startup, San Francisco-based music-streaming service Rdio, to promptly pull the plug on providing album art and 30-second playable song snippets for ReDigi’s site. Rdio licenses content from record labels including Capitol Records and charges users $10 a month to stream unlimited music to smartphones and computers.

ReDigi now does not display album art in its digital-music flea market, and has begun pulling in sound snippets from YouTube instead of Rdio.

“Apparently, having been denied an injunction, they have sought to use extrajudicial tactics to accomplish what they were unable to obtain in a court of law,” Ray Beckerman, ReDigi’s attorney, wrote (.pdf) Judge Sullivan last week in a letter that was not lodged in the public record but was provided to Wired.

Beckerman declined comment, as did ReDigi. Neither Capitol’s big brother, EMI, nor its attorney returned calls seeking comment. Rdio was not immediately prepared to comment.

Album artwork appearing last week on ReDigi

The legal flap is even more complicated because, as part of its defense to claims of copyright infringement, ReDigi pointed its fingers at Rdio. In a court filing, ReDigi argued that it was not liable for infringement for allowing its customers to listen to 30-second spots of MP3s that were for sale. ReDigi said the same thing (.pdf) when it came to allegations that ReDigi allowed for the unauthorized public display of album artwork.

Instead, ReDigi said it had licensing agreements with Rdio for such services, which Rdio abruptly halted Friday without notice.

On the larger infringement issue, the case weighs the so-called first-sale doctrine, the legal theory that people in lawful possession of copyrighted material have the right to sell it.

A federal judge sided with that principle in 2008, when it debunked UMG Recordings’ claim that it retained perpetual ownership of promotional CDs it releases before an album’s debut. Last year, however, a different court ruled against now-defunct online service Zediva, which streamed movies to customers via DVDs that Zediva had purchased.

In the ReDigi case, Capitol Records claims ReDigi was liable for contributing to copyright infringement (.pdf) and was demanding Judge Sullivan immediately order ReDigi to remove Capitol-owned material, and to also award damages of up to $150,000 per track against the startup — which would have gone under had Sullivan immediately sided with Capitol.

ReDigi says it is not contributing to infringement at all. Instead, it says ReDigi account holders have a right to upload their purchased iTunes files into ReDigi’s cloud. And when a file is sold to another ReDigi account holder, no copy is made. What’s more, because of ReDigi’s technology, the original uploaded file that is sold cannot be accessed by the seller any more through ReDigi or via the seller.

Prices for songs vary on ReDigi, with some files having asking prices as high as 87 cents. The company, which earns up to 15 percent per sale, also offers cloud-storage music streaming.

Tags: copyright infringement, first-sale doctrine
Post Comment | Comments (29) |  Permalink
Back to top
« OLDER POSTS
periodico-display-1
calibre-1
periodico-text-1

You are viewing a mobilized version of this site...
View original page here

Mobilized by Mowser Mowser