EU copyright reforms pit creative industry against internet activists, consumers

BRUSSELS (Reuters) – Europe’s creative industries are urging EU lawmakers to back a proposed overhaul of the bloc’s copyright rules, putting them at odds with internet activists who oppose a requirement to install filters to block copyright material.

 Image result for EU copyright reforms pit creative industry against internet activists, consumers
People protest against the planned EU copyright reform in Berlin, Germany March 23, 2019. REUTERS/Hannibal Hanschke

The European Commission wants to reform copyright rules to protect Europe’s cultural heritage and ensure fair compensation to publishers, broadcasters and artistes. The European Parliament is due to vote on the Commission’s proposal on Tuesday.

More than a thousand artists have signed an online petition calling on EU lawmakers to endorse the overhaul while others have ran op-eds in newspapers in support of the changes, lobbying group Impala said in a statement.

Artists in favour of the proposed changes include film producers Pedro Almodovar and Michel Hazanavicius, Benny Andersson from Abba and author Ali Smith, as well as independent music labels.

A vote in favour by the European Parliament would pave the way for the reforms to become law.

Google, internet activists and European technology start-ups, however, oppose the overhaul and were joined on Monday by consumer lobbying body BEUC.

A requirement for Google’s YouTube, Facebook’s Instagram and other sharing platforms to install filters to catch copyright violations known as Article 13, but now renumbered to Article 17, has triggered protests, with an online petition www.savetheinternet.info garnering more than 5 million signatures so far.

Google senior vice-president for global affairs Kent Walker has said the article could prompt online platforms to over-block content to limit legal risks.

Critics also say filters are costly and could lead to erroneous blocking.

Publishers, artistes and actors had also originally been vocal critics of the Commission’s proposal to rewrite the copyright rules but reversed their position after successfully lobbying for Google to pay them for using their work online.

BEUC said it opposed the copyright reforms, arguing that consumers may not be able to share pictures and holiday videos with background music if automated filtering becomes the norm.

“This is not the modernised copyright law that creators and consumers need, but rather another attempt to protect an industry that has consistently resisted to deal with the impact of technological change on their business model,” BEUC’s Director General Monique Goyens said in a statement.

The European Parliament’s approval is the final step in a process which the European Commission kicked off two years ago.

[“source=reuters”]

Two smartphone apps for regulating a child’s smartphone and internet use

Family

The Family Link app for Android is shown. (Google)

If you want to supervise the online activity of your kids or teens who were given a smartphone this Christmas, you can install an app to control internet access, filter inappropriate websites and content, and block specific apps. Here’s a selection of some of the most comprehensive parental control apps on the market.

Qustodio

Qustodio’s parental control operates in a similar way, and provides a daily online activity report for each child. Device screen time limits can also be set for each child. With the free version of the app, you can only supervise one child on one device. Otherwise, the cost of the subscription fee depends on the number of kids and devices covered.

Xooloo Parents

This very comprehensive app also monitors kids’ online activity on different mobile devices. As an example, it can block an app after it has been used for a certain period of time, and the child is warned by a virtual coach when they are approaching the fixed limit. While the app itself is free, the cost of subscribing to the service starts at $2.99 a month and rises depending on the number of devices used by the children.

[“Source-ctvnews”]

Top Five Small Business Internet Security Threats

Default-Image-10

Ron Teixeira of the National Cyber Security AllianceEditor’s Note: A key trend coloring the world of small business is how our computers have transformed into critical business systems that we cannot function without. But don’t think your computer systems are safe from attack because it “won’t happen to my business.” In fact, it could. Ron Teixeira, Executive Director of the National Cyber Security Alliance outlines the top five computer threats that small businesses may face and what to do about them, in this guest article.

By Ron Teixeira

Over the past two years, there have been a number of high-profile data breach cases involving major corporations. While this may give the perception that only large corporations are targeted by hackers and thieves, the reality is that hackers are increasingly targeting small businesses because they usually do not have the resources or know-how that large corporations do.

However, that does not mean small businesses need to spend a large sum of money and resources to protect themselves for the latest threats. In fact, according to a recent Symantec Threat Report, 82% of data that was either lost or stolen could have been avoided if the business followed a simple cyber security plan.

In order to begin development of a cyber security plan, you must understand the Internet threats and how protecting your business from those threats directly affects your bottom-line. As a result, the National Cyber Security Alliance, whose partners include the Department of Homeland Security, the Federal Bureau of Investigations, Small Business Administration, National Institute for Standards and Technology, Symantec, Microsoft, CA, McAfee, AOL and RSA, developed top 5 threats your small business may face on the Internet, business cases on how those threats can hurt you and practical measures you can take to avoid these threats.

Here is a summary of the top five threats:

  • #1: Malicious Code. A northeast manufacturing firm software bomb destroyed all the company programs and code generators. Subsequently the company lost millions of dollars, was dislodged from its position in the industry and eventually had to lay off 80 workers. To make sure this doesn’t happen to you, install and use anti-virus programs, anti-spyware programs, and firewalls on all computers in your business. Moreover, ensure that all computer software is up-to-date and contains the most recent patches (i.e., operating system, anti-virus, anti-spyware, anti-adware, firewall and office automation software).
  • #2: Stolen/Lost Laptop or Mobile Device. Last year, a Department of Veterans Affairs’ employee’s laptop was stolen from his home. The laptop contained 26.5 million veterans’ medical history. In the end, the laptop was recovered and the data was not used; however, the VA had to notify 26.5 million veterans of the incident, resulting in Congressional hearings and public scrutiny. To make sure this does not happen to you, protect your customers’ data when transporting it anywhere on a portable device by encrypting all data that resides in it. Encryption programs encode data or make it unreadable to outsiders, until you enter a password or encryption key.
  • #3: Spear Phishing. A medium-size bicycle manufacturer relied heavily on email to conduct business. In the normal course of a business day, the company received as many as 50,000 spam and phishing emails. In one case, an employee received a “spear phishing” email that looked like it came from the IT Department, and asked the employee to confirm the “administrator password.” Luckily for the company, when the employee asked the line manager for the “administrator password” he investigated further and realized the email was a scam. To make sure this does not happen to you, instruct all employees to contact their manager, or simply pick up the phone and contact the person who sent the email directly. It’s important to make your employees aware of what a spear phishing attack is and to be on the look out for anything in their in-box that looks suspicious.
  • #4: Unsecured Wireless Internet Networks. According to news reports, hackers pulled off the “biggest data breach ever” through a wireless network. A global retail chain had over 47 million customers’ financial information stolen by hackers who cracked through a wireless network that was secured by the lowest form of encryption available to the company. Currently, this security breach has cost the company $17 million, and in particular $12 million in one quarter alone, or 3 cents per share. To make sure this doesn’t happen to you, hen setting up a wireless network, make sure the default password is changed and make sure you encrypt your wireless network with WPA (Wi-Fi Protected Access).
  • #5: Insider/Disgruntled Employee Threat. A former employee for a company handling flight operations for major automotive companies, deleted critical employment information two weeks after he resigned from his position. The incident caused around $34,000 in damages. To make sure this does not happen to you, divide critical functions and responsibilities among employees within the organization, limiting the possibility that one individual could commit sabotage or fraud without the help of other employees within the organization.

Read on below for more information and detailed advice about how to protect your computer systems —

1. Malicious Code (Spyware/Viruses/Trojan Horse/Worms)

According to a 2006 FBI Computer Crime Study, malicious software programs comprised the largest number of cyber attacks reported, which resulted in an average loss of $69,125 per incident. Malicious software are computer programs secretly installed on your business’s computer and can either cause internal damage to a computer network like deleting critical files, or can be used to steal passwords or unlock security software in place so a hacker can steal customer or employee information. Most of the time, these types of programs are used by criminals for financial gain through either extortion or theft.

Case Study:

A northeast manufacturing firm captured contracts worth several million dollars to make measurement and instrumentation devices for NASA and the US Navy. However, one morning workers found themselves unable to log on to the operating system, instead getting a message that the system was “under repair.” Shortly after, the company’s server crashed, eliminating all the plant’s tooling and manufacturing programs. When the manager went to get back up tapes, he found they were gone and the individual workstations had also been wiped out. The company’s CFO testified that the software bomb had destroyed all the programs and code generators that allowed the firm to customize their products and thus lower costs. The company subsequently lost millions of dollars, was dislodged from its position in the industry, and eventually had to lay off 80 workers. The company can take some solace in the fact that the guilty party was eventually arrested and convicted.

Advice:

  • Install and use anti-virus programs, anti-spyware programs, and firewalls on all computers in your business.
  • Ensure that your computers are protected by a firewall; firewalls can be separate appliances, built into wireless systems, or a software firewall that comes with many commercial security suites.
  • Moreover, ensure that all computer software is up-to-date and contains the most recent patches (i.e., operating system, anti-virus, anti-spyware, anti-adware, firewall and office automation software).

2. Stolen/Lost Laptop or Mobile Device

Believe it or not, stolen or lost laptops are one of the most common ways businesses lose critical data. According to a 2006 FBI Crime Study (PDF), a stolen or lost laptop usually resulted in an average loss of $30,570. However, a high profile incident, or an incident that requires a company to contact all their customers, because their financial or personal data might have been lost or stolen, can result in much higher losses due to loss of consumer confidence, damaged reputation and even legal liability.

Case Study:

Last year, a Department of Veterans Affair’s employee took a laptop home that contained 26.5 million veterans’ medical history. While the employee was not home, an intruder broke in and stole the laptop containing the veterans’ data. In the end, the laptop was recovered and the data was not used; however, the VA had to notify 26.5 million veterans of the incident, resulting in Congressional hearings and public scrutiny. This phenomena is not limited to the government, in 2006 there were a number of high profile corporate cases involving lost or stolen laptops that resulted in data breaches. A laptop containing 250,000 Ameriprise customers was stolen from a car. Providential Health Care Hospital System had a laptop stolen, which contained thousands of patients’ medical records.

Advice:

  • Protect your customers’ data when transporting it anywhere on a portable device by encrypting all data that resides in it. Encryption programs encode data or make it unreadable to outsiders, until you enter a password or encryption key. If a laptop with sensitive data is stolen or lost, but the data is encrypted, it is highly unlikely that anyone will be able to read the data. Encryption is your last line of defense if data is lost or stolen. Some encryption programs are built into popular financial and database software. Simply check your software’s owner’s manual to find out if this feature is available and how to turn it on. In some cases you may need an additional program to properly encrypt your sensitive data.

3. Spear Phishing

Spear phishing describes any highly targeted phishing attack. Spear phishers send e-mail that appears genuine to all the employees or members within a certain company, government agency, organization, or group. The message might look like it comes from an employer, or from a colleague who might send an e-mail message to everyone in the company, such as the head of human resources or the person who manages the computer systems, and could include requests for user names or passwords.

The truth is that the e-mail sender information has been faked or “spoofed.” Whereas traditional phishing scams are designed to steal information from individuals, spear phishing scams work to gain access to a company’s entire computer system.

If an employee responds with a user name or password, or if you click links or open attachments in a spear phishing e-mail, pop-up window, or Web site, they might put your business or organization at risk.

Case Study:

A medium size bicycle manufacturer that produced bikes that were used in well known races, relied heavily on email to conduct business. In the normal course of a business day, the company received as many as 50,000 spam and phishing emails. As a result, the company installed numerous spam filters in an attempt to shield employees from fraudulent emails. However, many fraudulent emails still go through to employees. In one case, an employee received a “spear phishing” email that looked like it came from the IT Department, and asked the employee to confirm the “administrator password.” Luckily for the company, when the employee asked the line manager for the “administrator password” he investigated further and realized the email was a scam. While this example didn’t result in a financial loss, it could easily have, and is a common problem for all businesses.

Advice:

  • Employees should never respond to spam or pop-up messages claiming to be from a business or organization that you might deal with for example, an Internet service provider (ISP), bank, online payment service, or even a government agency. Legitimate companies will not ask for sensitive information via email or a link.
  • In addition, if an employee receives an email that looks like it’s from another employee, and asks for password or any type of account information, they shouldn’t respond to it, or provide any sensitive information via email. Instead, instruct the employee to contact their manager, or simply pick up the phone and contact the person who sent the email directly.
  • It’s important to make your employees aware of what a spear phishing attack is and to be on the look out for anything in their in-box that looks suspicious. The best way to avoid becoming a victim of a spear phishing attack is to let everyone know it’s happening before anyone loses any personal information.

4. Unsecured Wireless Internet Networks

Consumers and businesses are quickly adopting and implementing wireless Internet networks. According to an InfoTech Study, wireless Internet networks penetration will reach 80% by 2008. While wireless Internet networks provide businesses an opportunity to streamline their networks and build out a network with very little infrastructure or wires, there are security risks businesses need to address while using wireless Internet networks. Hackers and fraudsters can gain entry to businesses’ computers through an open wireless Internet network, and as a result, could possibly steal customer information, and even proprietary information. Unfortunately, many businesses don’t take the necessary measures to secure their wireless networks. According to a 2005 Symantec/Small Business Technology Institute Study, 60% of small businesses have open wireless networks. In addition, many other small businesses may not use strong enough wireless security to protect their systems. Not properly securing a wireless network is like leaving a business’s door wide open at night.

Case Study:

According to news reports, hackers pulled off the “biggest data breach ever” through a wireless network. A global retail chain had over 47 million customers’ financial information stolen by hackers who cracked through a wireless network that was secured by the lowest form of encryption available to the company. In 2005, two hackers allegedly parked outside a store and used a telescope wireless antenna to decode data between hand-held payment scanners, enabling them to break into parent company database and make off with credit and debit card records of nearly 47 million customers. It is believed the hackers had access to the credit card database for over two years without being detected. Instead of using the most up to date encryption software to secure its wireless network – Wi-Fi Protected Access (WPA), the retail chain used an old form of encryption called Wireless Equivalent Privacy (WEP), which according to some experts can be easily hacked in as little as 60 seconds. Currently, this security breach has cost the company $17 million, and in particular $12 million in one quarter alone, or 3 cents per share.

Advice:

  • When setting up a wireless network, make sure the default password is changed. Most network devices, including wireless access points, are pre-configured with default administrator passwords to simplify setup. These default passwords are easily found online, so they don’t provide any protection. Changing default passwords makes it harder for attackers to take control of the device.
  • Moreover, make sure you encrypt your wireless network with WPA encryption. WEP (Wired Equivalent Privacy) and WPA (Wi-Fi Protected Access) both encrypt information on wireless devices. However, WEP has a number of security issues that make it less effective than WPA, so you should specifically look for gear that supports encryption via WPA. Encrypting the data would prevent anyone who might be able to monitor your network wireless traffic from viewing your data.

5. Insider/Disgruntled Employee Threat

A disgruntled employee or an insider can be more dangerous than the most sophisticated hacker on the Internet. Depending on your business’s security policies and password management, insiders may have direct access to your critical data, and as a result can easily steal it and sell it to your competitor, or even delete all of it, causing irreparable damage. There are steps and measures you can take to prevent an insider or disgruntled employee from getting access to key information and damaging your computer networks.

Case Study:

A former employee for a company handling flight operations for major automotive companies, deleted critical employment information two weeks after he resigned from his position. The incident caused around $34,000 in damages. According to reports, the employee was upset about being released by the company earlier than he had anticipated. Allegedly, the company’s firewall was compromised and the perpetrator broke into the employee data base and deleted all the records. Statements from the company indicate that the disgruntled former employee was one of only three people who knew the log-in and password information for the firewall that protected the employee data base.

Advice:

There are a number of ways your company can protect itself from insider or disgruntled employee threats:

  • Divide critical functions and responsibilities among employees within the organization, limiting the possibility that one individual could commit sabotage or fraud without the help of other employees within the organization.
  • Implement strict password and authentication policies. Make sure every employee uses passwords containing letters and numbers, and do not use names or word.
  • Moreover, be sure to change passwords every 90 days, and most importantly, delete an employee’s account or change the passwords to critical systems, after an employee leaves your company. This makes it harder for disgruntled employees to damage your systems after they have left.
  • Perform due diligence BEFORE you hire someone. Do background checks, educational checks, etc to ensure that you are hiring good people.

* * * * *About the Author: As the executive director of the National Cyber Security Alliance (NCSA), Ron Teixeira is responsible for the overall management of cyber security awareness programs and national education efforts. Teixeira works closely with various government agencies, corporations and non-profits to increase awareness of Internet security issues and to empower home users, small businesses and the education community with tools and best practices designed to ensure a safe and meaningful Internet experience.

[“source-smallbiztrends”]

US Government Cuts Cord on Internet Oversight

US Government Cuts Cord on Internet Oversight

US Government Cuts Cord on Internet Oversight
The US government on Saturday ended its formal oversight role over the internet, handing over management of the online address system to a global non-profit entity.

The US Commerce Department announced that its contract had expired with the Internet Corporation for Assigned Names and Numbers, which manages the internet’s so-called “root zone.”

That leaves Icann as a self-regulating organization that will be operated by the internet’s “stakeholders” – engineers, academics, businesses, non-government and government groups.

The move is part of a decades-old plan by the US to “privatize” the internet, and backers have said it would help maintain its integrity around the world.

US and Icann officials have said the contract had given Washington a symbolic role as overseer or the internet’s “root zone” where new online domains and addresses are created.

But critics, including some US lawmakers, argued that this was a “giveaway” by Washington that could allow authoritarian regimes to seize control.

A last-ditch effort by critics to block the plan – a lawsuit filed by four US states – failed when a Texas federal judge refused to issue an injunction to stop the transition.

Lawrence Strickling, who heads the Commerce Department unit which has managed these functions, issued a brief statement early Saturday confirming the transition of the Internet Assigned Numbers Authority (IANA).
“As of October 1 2016, the IANA functions contract has expired,” he said.

Stephen Crocker, Icann’s board chairman and one of the engineers who developed the early internet protocols, welcomed the end of the contract.

“This transition was envisioned 18 years ago, yet it was the tireless work of the global Internet community, which drafted the final proposal, that made this a reality,” he said in a statement.

“This community validated the multi-stakeholder model of Internet governance. It has shown that a governance model defined by the inclusion of all voices, including business, academics, technical experts, civil society, governments and many others is the best way to assure that the Internet of tomorrow remains as free, open and accessible as the Internet of today.”

The Internet Society, a group formed by internet founders aimed at keeping the system open, said the transition was a positive step.

“The IANA transition is a powerful illustration of the multi-stakeholder model and an affirmation of the principle that the best approach to address challenges is through bottom-up, transparent, and consensus-driven processes,” the group said in a statement.

Tags: Icann, Internet, US

[“Source-Gadgets”]