July, 2019

Proposed German law aims to send pirates to prison

A proposed German law could result in file sharers getting some hard jail time. Under provisions of the bill, people who download movies and music could face up to two years. Real pirates—those who illegally download movies and music for commercial distribution—could receive five-year prison sentences if converted. The German government do throw consumers a bone in the proposed legislation, as copying DVDs that they own for backup or other personal use would remain legal under the law.HangZhou Night Net

Christian Democratic Party spokesperson Günther Krings likened file-sharing to shoplifting, saying that the proposed law is necessary because "there should be no legal distinction between stealing chewing gum from a shop and performing an illegal download."

Krings’ assertion is debatable, at best. Unlike shoplifting a pack of gum or candy bar, which results in one fewer pack of gum in the store owner’s inventory, downloading music and movies does not automatically equate to a lost sale, and there’s no loss of physical inventory. In fact, the biggest problem facing the music industry is apathy, not file sharing. P2P users actually do buy music, and if consumers liked what they were hearing a bit more, they would buy more albums. It’s the same story for the motion picture industry, which has seen theater attendance drop because the public doesn’t think Hollywood has been making very many good movies lately.

As is the case in other nations, the German music industry is asserting that such legislation is necessary, pointing to a seven-year decline in sales totalling 45 percent since 1998. Oh, and apparently German PTA meetings look quite a bit different than they do in the US:

Many Germans watch the latest Hollywood film at home before it has reached the cinemas; parents’ evenings sometimes end with a showing of an illegally copied film in the school gym.

Man, all we get at my daughter’s school is some store-bought chocolate-chip cookies and some weak decaf in the cafeteria.

Large-scale pirates—the kind that are responsible for the five-dollar DVDs sold on street corners in seedy neighborhoods—definitely could use a dose of jail time. However, criminalizing all illicit download activity is not going to help produce better movies and music. Perhaps a few would-be downloaders will be scared straight by the prospect of jail time. But until both moviemakers and the record labels move to fix their broken business models, no amount of scare tactics will cause movie and music sales to reverse their long decline.

Universal opts not to downscale HD content; ICT dead on arrival?

One of the nastier capabilities of both Blu-ray and HD DVD allows for content holders to force image quality degradation onto users whose TVs aren’t quite up to snuff. The original plan was simple: if a TV lacked a secure HD input (i.e., HDMI or something else supporting HDCP), studios could instruct next-generation disc players to reduce the quality of the video output to something less than 720p. This has been billed as an anti-piracy measure, inasmuch as it is designed to keep the pristine, full digital HD signal away from anything that’s not locked down. Consumer advocates have attacked the plan, however, saying that the only thing it is likely to stop is honest people from enjoying their discs’ full HD potential.HangZhou Night Net

Following on the heels of Sony, Universal has confirmed that they will not be using such capabilities to downgrade video on their offerings, at least for now. This marks what looks to be a major studio to turn away from the so-called image constraint token—the name given to the AACS software functionality that allows for downsampling video to 960×540 (approximately NTSC). Paramount, Disney and Twentieth Century Fox have all backed off of using the ICT, leaving Warner Brothers as the only major studio saying that they will use the it. According to BusinessWeek, sources say that Warner will use the ICT on "at least some" of their initial titles.

The question is, why are they forgoing ICT? For now, it looks like good business sense is driving the discussion. Even today, not all new TV sets support HDCP, and the vitally important "early adopter" crowd contains no small number of people with HD sets that were sold before the HDCP requirements were known. In short, most of the studios understand that launching new, expensive players alongside rather expensive movies could flop if the ICT is used extensively. After all, a Blu-ray player may cost $1,000, but if you can’t get anything much better than existing DVD playback, why bother?

If this is the studios’ motivation, we should expect the ICT to become more prevalent as the penetration of TV sets with HDCP support increases. There’s always a chance that studios will shy away from this functionality entirely, but holding your breath is not advised.

Security company rolls its own IE patch

Last week, two Internet Explorer (IE) vulnerabilities were discovered, leaving Microsoft with a total of three possible IE flaws for the month of March. Of those three, one has been really hitting the hype circuit over the last few days, and that is the "createTextRange()" vulnerability. According to CNET, over 200 websites have exploited the flaw leaving users with a fistful of malware. Microsoft has said that it will be issuing a patch in the near future, but no exact date has been set. Now, instead of waiting on Microsoft to issue a fix, a company known as eEye Digital Security has rolled its own patch. Sound familiar? Yes, it could be the WMF fiasco all over again. HangZhou Night Net

Microsoft claims that one way to prevent the "createTextRange()" exploit from being executed is to turn off Active Scripting. According to eEye's Steve Manzuik, some users may not be able to disable the feature, and that is precisely why the company came up with its own patch.

"Organizations should only install this patch if they are not able to disable Active Scripting as a means of mitigation…This patch is not meant to replace the forthcoming Microsoft patch, rather it is intended as a temporary protection against this flaw."

eEye is currently playing the Good Samaritan by allowing anyone to download the patch from its website. Regardless, Microsoft is telling its users to hold off on using the questionable fix.

"We have not tested this mitigation tool…We can't recommend it because we have not tested it…Customers should weigh the risk of applying something like this to their systems."

CNET is also reporting that security experts aren't standing behind eEye's patch like they did with the unofficial WMF patch. eEye has not supplied its source code, not to mention this flaw doesn't hold the same level of severity as the WMF exploit did. Microsoft has stated that it may release a patch for this exploit outside of its normal release schedule, but nothing has been set in stone

Update: I have been notified that the patch's source code is available for download (*.txt) from eEye's website.

US telecommunications law rewrite a mixed bag

The US House of Representatives Committee on Energy and Commerce released the final draft (PDF) of the Communications Opportunity, Promotion and Enhancement Act, sorely needed legislation that would modify earlier telecommunications legislation to account for changes in technology. HangZhou Night Net

Network neutrality

Those hoping network neutrality would be enshrined as the law of the land will be disappointed, as the bill omitted a requirement in the original proposal that would have barred "Broadband Internet Transmission Services" (BITS) providers from blocking or hindering "lawful content." In its place is a provision that would amend the Communications Act of 1934 to give the Federal Communications Commission the ability to "adjudicate any complaint alleging a violation of the broadband policy statement or the principles incorporated there-in."

The broadband policy statement (PDF) referred to in the legislation calls for the US "’to preserve the vibrant and competitive free market that presently exists for the Internet’ and ‘to promote the continued development of the Internet.’" One implication is that consumers should be able to access any Internet content that they desire.

Cable TV

Other aspects of the legislation deal with cable television and appear to be aimed at satisfying the desires of erstwhile phone companies like AT&T and Verizon to offer cable television over fiber. The bill would create a new "national franchise" category for cable operators and allow them to offer service throughout the US without having to negotiate franchise agreements with local municipalities. However, the franchise could be revoked in specific geographic areas if a national franchise becomes the only local service provider.


VoIP providers will also have to provide full 911 and E-911 access to all of their customers, according to the bill. Owners of the E-911 networks (e.g., the local phone companies) will have to provide VoIP companies with access to their networks at "just and reasonable, nondiscriminatory rates, terms, and conditions." Exactly what constitutes "reasonable and nondiscriminatory" would be determined by the FCC.

Municipal broadband

Finally, a provision in the original draft of the legislation that would allow municipalities to deploy and operate their own broadband networks remained largely intact. So-called "public provider[s] of telecommunications service, information service, or cable service" would be able to operate free of state restriction. If the legislation passes as written, state laws in Arkansas, Florida, Missouri, and Texas would be superseded and cities and towns in those states would be able offer broadband and other communications services if they so desired.

Although absent from the bill, the issue of network neutrality is not dead yet. In the face of intense criticism, AT&T and Verizon have both backed off on the tiered Internet talk, saying last week that they do not have plans to hinder third-party traffic on their networks. Sen. Ron Wyden (D-OR) proposed legislation earlier this month that would enforce the principles of network neutrality, and that bill is still alive.

When I covered the initial draft of the legislation back last September, I found myself pleasantly surprised by some of its aspects. The lack of guaranteed network neutrality in the bill’s apparently final form have put a bit of a damper on that, but there is still something for consumers here. State politicians lobbied by big ISPs such as AT&T and Comcast will no longer be able to halt the development and deployment of municipal broadband networks. VoIP customers should be happy as well, as dialing 911 will no longer be a crapshoot in some instances, meaning that stories like this one will hopefully disappear.

Lenovo laptop deal draws scrutiny from government agency

Last year IBM sold its PC manufacturing division to the Chinese computer maker Lenovo in a nearly US$2 billion deal. Despite that, ThinkPads are still arguably the most-coveted x86 laptop with the geek crowd, and the ThinkPad love apparently extends all the way into the US government. A recent decision by the US State Department to buy 15,000 ThinkPads and desktop PCs from Lenovo is raising concerns within other parts of the US government.HangZhou Night Net

The US-China Economic Security Review Commission (USCC) wants an official probe into the purchase, fearing that the PCs and laptops could come complete with bugging devices enabling the laptops to phone home to their Chinese overlords. Larry Wortzel, chairman of the USCC, spells out the rationale behind the review:

"If you’re a foreign intelligence service and you know that a [US] federal agency is buying 15,000 computers from [a Chinese] company, wouldn’t you look into the possibility that you could do something about that?"

With the recent ruckus over the Dubai World Ports deal still fresh in the minds of politicians, it is almost inevitable that the State Department’s purchasing computers from a Chinese-owned company would raise eyebrows. What the USCC apparently does not realize is that many laptops sold in the US by US vendors (e.g., HP, Dell, and Apple) are assembled in China. So if the Chinese intelligence service wanted to implant bugging devices into PCs or laptops, they have had plenty of opportunities to do so already.

When the Lenovo-IBM deal went down, the Committee on Foreign Investments in the United States reviewed the deal for possible national security implications. Security issues were raised then, but primarily over corporate espionage and the transfer of US intellectual property to China. After its review, CFIUS found that those fears were largely unwarranted when it signed off on the deal last March.

Lenovo is critical of another probe, with Lenovo’s vice president for government relations Jeff Carlisle, saying the company has "nothing to hide." The company is also worried that future government deals would result in additional, unwarranted scrutiny.

History is rife with governments attempting to conduct espionage through novel means. Most notable perhaps, is the construction of a new US embassy in Moscow. Begun in 1979 during the days of the "evil empire" Soviet Union, the embassy was to be built by Soviet construction workers using Soviet-made construction materials. The KGB seized the opportunity, planting bugs inside the walls and tweaking the building’s steel skeleton so it could be used as a giant antenna. The US government finally caught on in 1985, and a costly reconstruction effort followed.

Is there a parallel here? It’s theoretically possible that a Lenovo motherboard could be modified to communicate surreptitiously with an outside intelligence agency. In reality, it would be very difficult to pull it off. Perhaps most importantly, doing so and getting caught would put a severe damper on Lenovo’s future ambitions in the US market.

Powered by WordPress. Design: Supermodne.