Episode: 1055 Title: HPR1055: TGTM Newscast for 2012/8/15 Source: https://hub.hackerpublicradio.org/ccdn.php?filename=/eps/hpr1055/hpr1055.mp3 Transcribed: 2025-10-17 18:01:12 --- You're listening to Talk Geek To Me News, number 72, record for August 15, 2012. You're listening to the Tech Only Hacker Public Radio Edition, to get the full podcast, including political, commentary, and other controversial topics. Please visit www.talkGeekToMe.us. Here are the vials statistics for this program. Your feedback matters to me, please send your comments to dgatdeepgeek.us. The webpage for this program is at www.talkGeekToMe.us. You can subscribe to me on Identica as the username DeepGeek or you could follow me on Twitter. My username there is dgtgtm as in DeepGeek Talk Geek To Me. And now the tech roundup from techdark.com, dated Friday, August 3, 2012, by Glen Moody. Europe already has draft standard for real-time gum and snooping on services like Facebook and Gmail. As the old joke goes, standards are wonderful things, that's why we have so many of them. But who would have thought that ETSI, the European Telecommunication Stance Institute, has already produced a draft standard on how European governments can snoop on cloud-based services like Facebook and Gmail, even when encrypted connections are used. ETSI DTR-101-567, to give it the full title, was pointed out to us by Eric Mukhel, who has written an excellent exploration of its elements, originally in German. Here is the summary from the draft standard that was given to this reporter in Microsoft's Word format. The present document provides an overview on requests for a handover and delivery of real-time information associated with cloud virtual services. The report identifies lawful interception needs and requirements in the converged cloud virtual service environment. And the challenges and obstacles of complying with those requirements, what implementations can be achieved under existing ETSI lawful interception standards, and what new work may be required to achieve need lawful interception capabilities. Cloud services in whichever forms they take, infrastructure, software, platform, or combinations of these are often trans-blowder in nature, and the information required to maintain lawful interception capability or sufficient coverage for lawful interception support may vary in different countries or within platforms of different security assurance levels. This work aims to ensure capabilities can be maintained while allowing business to utilize the advantages and innovations of cloud services and was undertaken cooperatively with the relevant cloud security technical bodies. As it makes clear, this is being presented as maintaining interception capabilities and a world-work cloud computing makes previous approaches unapplicable. The new stance specifically mentions social networking, file sharing, and video conferencing as new areas that need to be addressed. One key section spells out how this is to be achieved. If the traffic is encrypted, the entity responsible for key management must ensure it can be decrypted by the CSP, this communications service provider, or Leah, law enforcement agency, and order to maintain LI coverage, the cloud service provider must implement a cloud lawful interception function. This can be by way of applications programming interface or more likely ensuring presentation of information and a format recognizable to interception mechanisms. Deep packet inspection is likely to be constituent part of this system. As this makes clear along with the intercepted information, the stat and visages encryption keys being handed over routinely, just to make things complete, DPI, deep packet inspection is also regarded as a likely element of the system. Since this is currently a draft, the threat it represents might be seen as purely theoretical, but a recent article in the Guardian confirms that the UK government quietly agreed to measures that could increase the ability of the security services to intercept online communication. A reference to the ETSI draft, the Guardian also provides us with some explanation of why this draft just happens to be available at precisely the moment when the UK government is announcing a plan that seems likely to use it. ETSI has faced criticism in the past for the preemptive inclusion of water taping capabilities, a decision that critics say encouraged European governments to pass their water tapping laws accordingly. According to Ross Anderson, professor in security engineering at the University of Cambridge computer laboratory, the institute has strong links with the intelligence agencies and has a significant British contingent along with a number of US government advisers. It's a classic case of policy laundering. First up, we'll probably work. The British government insists now that it will only gather communications data and not content. At the same time, it will require that ISPs adopt the new ETSI cloud intersection standard once it's been finalized, and the black boxes that they must install under the proposed snooping legislation. That will put in place all the capabilities needed for accessing encrypted streams. Since those providing cloud services will be required to hand over the encryption keys, and hence the content, the UK government may not intend accessing content today, but thanks to the wonders of function creep when it decides to do it tomorrow, the facility will be there waiting for it. Meanwhile, European government will be able to point to the UK's adoption of the ETSI standard as just good practice. They will ask their own ISPs to implement it, while insisting that they too have no intention of accessing the contents of people's internet streams either. Until that is the day comes, probably in the wake of some terrorist attack or pedophiles scandal, when the government will note that since the capability is available, it would be irresponsible not to use it to tackle these terrible crimes. The US government will then be mowing the fact that Europe is taking better care of citizens than it can, and will therefore pass laws requiring US ISPs to install similar real-time access to their systems. And for cloud-based services to hand over the encryption keys, luckily there will be a well-tried European standard that can serve as a model. From EFF.org, date August 2, 2012 by Rainey Wrightman, victory over cyber-spying. This morning, the US Senate defeated Cybersecurity Act of 2012, a bill that would give companies new rights to monitor our private communications and pass that data to the government. The bill's sponsors were 8 votes short of the 60 votes necessary to end the bill. This is a victory for internet freedom advocates everywhere. Hundreds of thousands of individuals emailed tweeted cold and sent Facebook messages to senators asking them to defend privacy in the cyber security debate. Those voices were heard loud and clear in the halls of Congress today. EFF extends a heartfelt thanks to everyone who fought with us on this issue. We can all be proud of today that there was no law enacted on our watch that would have compromised the online privacy rights of internet users in the name of cybersecurity. Pressure from civil liberties groups and internet users didn't just defeat the bill, it changed the conversation around cybersecurity in fundamental ways. Looking together, we convinced the bill's sponsors to put privacy protections into the final versions of the Cybersecurity Act, which made its period to any of the other cybersecurity bills being considered by Congress. While the bill still had big problems, there were new privacy protections such as limitations that prevent data collected for cybersecurity purposes from being used to prosecute unrelated crimes. Those privacy protections will create as a direct result of pressure from the net roots. Internet users also found they had powerful friends in the Senate. Senators Al Franken, Richard Durbin, Chris Coons, Bernie Sanders, Daniel Akeka, Ron Wyden, and Richard Blumenthal, championed civil liberties fixes to the bill. Senator Wyden, in particular, opposed the bill on privacy grounds stating, quote, today's vote was one in which centers were asked to sacrifice internet users' privacy and civil liberties for weak proposals to improve cybersecurity. I voted no, and Senators Al Franken and Rand Paul sponsored an amendment that would have removed the most privacy-invasive provisions of the bill. These champions of online rights helped us in the cybersecurity fight, and will hopefully stand with us again in defending civil liberties the next time this issue arises. To read the rest of this article, follow links in the show notes. Remove democracy now that org did 8 3 2012, US to oppose UN regulation of internet. The Obama administration has confirmed that will oppose any proposal to hand regulatory control of the internet to the United Nations. Proposals have circulated to bring the internet under UN auspicious at the conference of the international telecommunications regulations in Dubai later this year, but in a new position paper the United States said it would reject UN authority and continue with its current system of oversight by the Department of Commerce. From allgov.com, did August 4, 2012. There's a good chance your friends or phonies. Facebook has nearly 1 billion profiles. It also has tens of millions of phony ones too. The social media giant has admitted that nearly 9% of all users on Facebook are not real. That translates into 83 million fake profiles out of 955 million total. Of the 83 million nearly 46 million duplicate profiles that users maintain in addition to their regular account. Another 23 million or misclassified profiles which include those created on behalf of non-persons, such as pets. The remaining 14 million undesirable profiles created by spammers to spread unwanted messages and content. From torrentfreak.com, dated August 3, 2012 by Ernesto. Has your ISP joined the six strikes anti-piracy scheme? Later this year, the Center for Copyright Information will start to track down pirates as part of an agreement all major US internet providers struck with the MPAA RIA. The boys agreed on a system food which copyright infringers are warned that they are breaking the law after six warnings ISPs may then take a variety of repressive measures. Which includes slowing down offense connections and temporary disconnections. While we've written a fair number of articles on the topic, many people assume that all ISPs are part of the agreement. However, this is certainly not the case. In fact, only five internet providers have agreed to send warnings to their customers. And alphabetical order, these are AT&T, cable vision, Comcast, Time Warner, cable and Verizon. In total, the ISPs above cover roughly 75% of all US broadband internet customers. This is significant, but nonetheless begs the question, why are the rest of the providers not involved? Quite a few prominent names are not listed. Century link, charter, and cocks all have millions of subscribers, but are not taking part in the six-track scheme. Not to forget the 100-plus smaller providers across the United States who are also missing an action. Torrent-free contacted several of the larger internet providers above to find out why, but they were reluctant to comment on their motivations. A cocks spokesperson was most vocal and said that they have decided not to participate for internal reasons. Luckily, Dane Jasper, CEO of the much smallestsonc.net, was willing to comment on the efforts to make ISPs responsible for online privacy. He told Torrent Freak that ISPs are not set up to police the internet and that the entertainment industries should look for a solution closer to home. Quote, ISPs provide an essential utility, connection. We are not equipped to police the actions of individuals. End of quote. Jasper says, I think history has shown that you cannot self-piracy by force, but that industries need to adapt around it with business models that allow consumers to access the content. They want easily and at a not unreasonable cost. However, the above is not the reason why signed a net isn't taking part in the six-track scheme, as it turns out, the RIA and MPAA never bought to ASSONIC and many other smaller internet providers to join in. It isn't because we refused, but because we were not asked. I know at least 100 small to mean ISPs through my trade association memberships and have heard of no independent ISPs being approached at all, Jasper says. It's not clear why they were left out, but it's likely that it would have been too much trouble to reach consensus with so many powers involved. When it comes to finding a solution to online privacy, signed that net CEO is clear, the entertainment industries should ensure their legal offering is superior in terms of convenience and availability compared to that offered by pirates. Jasper believes that taking away people's incentive to pirate is key, and he mentions Pandori and Spotify as good examples of services that are able to deflate piracy. The point is that the music business has had to evolve to survive, moving away from albums and record stores to more innovative methods of distribution that consumers have responded to rather than turning to piracy out of an unwillingness to participate in the old model, he says. I suspect that Apple TV, Roku and Netflix have similar beneficial effects on video, but a lack of uniform availability plus rather high prices and restrictive viewing terms hold back this solution. Jasper concludes. The MPA and RAA would not directly disagree that innovation is an important factor to curb piracy, but nonetheless they hope that warning emails will also help. That people can bypass the scheme by using a VPN cyber lockers or even switching ISPs doesn't change a thing. At this point it is still unknown when the first warning letters will be sent, is expected that the ISPs will start later this year and each will roll out their participation at their own pace. News from techdirt.com have had times at a log and allgov.com used under a range permission. News from torrentfreak.com and eff.log used under permission of the creative commons by attribution license. News from democracynow.log and peoplesworld.log used under permission of the creative commons by attribution non-commercial, no-dervous license, news sources retain their respective copyrights. Thank you for listening to this episode of Talk Geek To Me. Here are the vials statistics for this program. Your feedback matters to me, please send your comments to dgatdeepgeek.us. The web page for this program is at www.talkgeektoMe.us. You can subscribe to me on identica as the username deepgeek or you could follow me on Twitter. My username there is dggtm as in deepgeek talk geek to me. This episode of talk geek to me is licensed under the creative commons attribution share like 3.0 on port license. This license allows commercial reuse of the work as well as allowing you to modify the work so long as you share alike the same rights you have received under this license. Thank you for listening to this episode of Talk Geek To Me. You have been listening to Hacker Public Radio or Hacker Public Radio those are. We are a community podcast network that releases shows every weekday Monday through Friday. Today's show, like all our shows, was contributed by a HBR listener by yourself. If you ever consider recording a podcast, then visit our website to find out how easy it really is. Hacker Public Radio was founded by the digital dog pound and the infonomicum computer cloud. HBR is funded by the binary revolution at binref.com. All binref projects are crowd-responsive by linear pages. From shared hosting to custom private clouds, go to lunarpages.com for all your hosting needs. Unless otherwise stasis, today's show is released under a creative commons attribution share