Barrett Lancaster Brown, best known as the so-called former mouthpiece for the hacker collective Anonymous, is sitting in a jail cell in Texas. For the past eight months, Mansfield Law Enforcement Center has been home for the journalist and activist now known as Prisoner 45047177.

Three hots and a cot will continue to be his routine at least until September, when he is scheduled to stand trial on 17 charges, including allegations that he threatened an FBI agent and committed identity theft and credit card fraud.

The slightly built 31-year-old former heroin addict denies the charges. What he does admit is that he used his hacker connections to look under rocks and uncover what he considered evidence that the U.S. government was using private security companies to clip the wings of Internet activists and sympathetic journalists.

Brown: I Wasn't A Hacker

Brown's sometimes questionable behavior and affiliations make him a confusing and polarizing character. He claims he never hacked anything, and we'll probably never know with certainty exactly which details in his story stack up, or what involvement he had with Anonymous' core hackers.

There doesn't seem to be much evidence Brown was involved in any actual hacking, despite his connection to both Anonymous and his obsessive interest in federal security contractors. But his outspokenness, drug history and outlandish claims make him unsympathetic and hard to believe — an unlikely poster child for Internet freedom. And his unbalanced, over-the-top YouTube rants — more on those below — made him an easy target for the feds. 

What we do know is that in early 2011, Anonymous targeted a security contractor called HBGary Federal and its CEO Aaron Barr after Barr publicly claimed he'd infiltrated the hacker collective. When Barr threatened to reveal the identities of Anonymous members, the group hacked straight into HBGary's servers, stealing 70,000 company emails.

Brown, through his affiliation with Anonymous, then posted a link to those hacked company documents on a public website called Project PM and wrote about his findings for the U.K. Guardian. Brown, who seems to have been conducting an obsessive investigation of both HBGary Federal and Stratfor (another security contractor hacked by Anonymous), claimed the material proved that the companies were hired by the government to monitor and shut down various online activist groups. In particular, he alleged that HBGary was working with high-level government agencies to feed fake information to WikiLeaks.

In The Feds' Crosshairs

Brown, one of the few public figures available for authorities to target for the activities of Anonymous, is basically a fall guy for the hacker collective. He faces 100 years behind bars if found guilty on all counts. And right now he's stewing in a cell where he may be getting less than proper care. In a Pastebin message from last September, Brown claimed he did not receive appropriate medical attention for crushed ribs suffered during the FBI's raid of his home.

Between his connection to Anonymous and his obsession with digging up dirt on the national security state, Brown pinged up on the feds' radar pretty quickly. He was first indicted last year after allegedly threatening federal agents. He was arrested, then subsequently indicted a second time for allegedly linking to stolen documents from Stratfor that included credit card data.

The third indictment involves an obstruction charge of concealing evidence, wherein Brown allegedly hid two laptops when federal agents stormed his mother's home in a raid. The laptops were eventually found and confiscated. The alleged threats and credit-card charges led prosecutors to push for a life sentence. 

In some ways, Brown's muckraking wasn't all that different from what many journalists have always done, updated to employ digital tools. Reporting based on leaked documents — which, of course, aren't usually authorized for release — is as old as investigative journalism itself.

But Brown pushed the boundaries, and his drug history and proximity to the hacker community made him more vulnerable than other rabble rousers such as columnist Glenn Greenwald. Brown wasn't a staffer at a major publication, and his own blistering public statements and threats, on both television and YouTube, gave the government all the motivation it needed to take him down.

Barrett Brown's Incendiary Videos

Major news organizations like the New York Times and The Guardian both describe Brown as a victim of persecution. And in many ways he is, although some of his alleged actions are criminal by definition, such as threatening the life of a federal agent. 

Brown's legal troubles began when his mother's Dallas home was first raided in March of 2012. At that time, the feds confiscated his laptop, and by his account terrorized his mother and sent his life into a downward spiral.  

After the raid, Brown took to the Web to tell his side of the story. On Sept. 11, 2012, Brown posted a trio of videos lashing out at perceived enemies:

At around the 12:00 mark of video number 2, Brown says that the FBI views him as a bad guy, and that he's going to prove in the court system just how bad of a guy he is. About a minute later he demands that the FBI return his laptop, notebook and Xbox. 

In the third video, shot and released a day later, Brown brings up his heroin addiction and subsequent move to suboxone, a narcotic used to treat oppiate addiction. At around the 12:00 mark of this video, Brown warns that he is armed and has been trained to shoot, saying if any FBI agents come to his home, particlary one agent that really irked him for allegedly harassing his mother:

I will shoot them and kill them... I have no choice left but to defend my family, myself, my girlfriend, my reputation, my work, my activism, my ideas and the revelation that my friends are going to prison so we can have a chance to get out for other people. So they would matter. And frankly, you know, it was pretty obvious I was going to be dead before I was 40 or so, so I wouldn't mind going out with two FBI sidearms like a f***ing Egyptian pharaoh. Adios.

Hours later, while on a live feed on TinyChat, Brown's home was raided and he was arrested. The whole thing is captured in this almost surreal video: 

Since his arrest, Brown's mother Karen has also been targeted by authorities. She pled guilty to obstructing the execution of a search warrant, and now faces up to a year in jail and a $100,00 fine. Sentencing has not yet been scheduled. 

Brown has gotten some support from the Internet community, but nothing like the outpouring for the recently passed Aaron Swartz. Anonymous created a White House petition to stop his prosecution, but the reprieve didn't come close to getting the required 100,000 signatures by the April 20 deadline. Supporters have built several sites to educate the public about his plight, the timeline of his case and to help raise money for legal representation. 

Hard Times For The Fall Guy

Brown's supporters have raised about $20,000 for legal fees, and Brown has a new team of lawyers replacing his previous public defendants. But the court had up until last week frozen Brown's access to those funds, which meant that Brown's new legal team of Ahmed Ghappour and Charles Swift were essentially working pro bono. But that all changed last Wednesday when the court allowed the transfer of funds to pay for the lawyers' travel expenses and fees.

It's still a long way to Brown's September trial, which could end up conflated in public perception with two other prominent hacker prosecutions. There's the case of Matthew Keys, the journalist facing a $750,000 fine and jail time for allegedly feeding passwords to Anonymous members who then defaced the Los Angeles Times' website. Andrew Auernheimer, the hacker also known as Weev, is also appealing his sentence of more than 41 months in prison for his role in a 2010 hack of AT&T.

(See also Hacker Crackdown: Blame AT&T's Crappy Security, Not Weev.)

All of these cases are related to the much-maligned Computer Fraud and Abuse Act (CFAA) the outdated law that has led to a number of questionable prosecutions — often of activists like Aaron Swartz rather than actual computer criminals. By the time Brown's trial gets going, there could be government movement to reform the poorly constructed law.

(See also 'Aaron's Law' Promises To Reduce Hacker Penalties.)

Prosecuting Brown Won't Stop Hacking

The federal case against Brown, once you understand the details, doesn't pass the laugh test. It turns hyperlinking into a crime akin to breaking into secured computers and casts loose and admittedly unwise Internet soapboxing as criminal conspiracy against federal agents. And it turns one link into 11 separate charges of alleged identity theft.

Arresting hackers and fringe collaborators doesn't seem to be slowing the tide of cyberattacks. The last 12 months have seen some of the biggest cyber attacks on record. Denial of service attacks are up 12% since 2011, according to data from the security firm Arbor Networks. If the government really wants to stop hacking attacks, it needs to focus more on the actual perpetrators and less on show-trial prosecutions of peripheral figures like Brown. 

Which isn't to say that Brown himself deserves to get off scot-free, just that his proposed punishment should fit his alleged crime. No matter what the circumstances, once you threaten the FBI, the feds are pretty much guaranteed to come down on you. And even Barrett Brown should have known that.

Photos courtesy of Shutterstock, Twitter

Investigators in Australia have arrested the self-proclaimed leader of LulzSec, the hacker group and Anonymous offshoot that previously claimed responsibility for a slew of major hacks in 2011 including attacks on Sony Pictures, the UK tabloid The Sun, and the CIA's public website. All "just for the Lulz" — laughs, that is — of it.

On Tuesday night, police in Sydney took into custody Matt Flannery, a 24-year-old Australian IT professional who goes by the online moniker Aush0k. The alleged hacker faces up to 12 years behind bars for two counts of unauthorized modification of data to cause impairment and one count of unauthorized access to a restricted computer system.  

Australian Federal Police say their investigation began only two weeks ago when they discovered a government website had been compromised. Police apparently made the connection between Flannery and the recently targeted website because the multinational Tenable Network Security, where Flannery was allegedly employed, had access to specific Australian government information (a quick search on Google revealed a LinkedIn profile of Flannery claiming employment there).

However, representatives from Tenable contacted ReadWrite and informed us that Flannery was instead employed by Content Security, a security firm that subcontracted for Tenable. Still, it could explain just how he had access to such sensitive material. Tenable's Nessus software is used by clients such as the U.S. Department of Defense, Amazon and the American Red Cross for checking network security vulnerabilities. And determining weaknesses in networks is exactly what allowed LulzSec and similar hackers to pick their targets. 

Following the arrest, Content Security's Phil Kurth described Flannery as a low-level support tech already on 3 month probation, although the reason behind the suspension, and any tie-into these charges, was not specified. Kurth further pointed out that Flannery had no access to any type of customer data apart from support tickets, and that most of the activities Flannery was accused of were conducted on his home PC, and seldom on his work-issued laptop. 

Flannery's work computer has been seized by police.

Authorities claim Flannery asserted his LulzSec leadership in online forums monitored by police and visited by LulzSec members. They also claim Flannery admitted his leading role in the group directly to police. Some discussions in the hacker material stored at the online locker Pastebin also seems to support authorities' claims. 

"This man is known to international law enforcement and police will allege he was in a position of trust within the company with access to information from clients including government agencies," explained Glen McEwen, the AFP's federal police commander. 

Flannery isn't the first alleged member of LulzSec to face the wraith of law enforcement. Another reputed leader, Sabu, aka Hector Xavier Monsegur, turned states evidence and became an FBI informant after his 2011 arrest. Sabu may have been the hacker who ratted out former Reuters social media editor Matthew Keys, who was indicted for his role in the Anonymous infiltration of the Los Angeles Times website. Just 2 weeks ago, another former LulzSec member, Ryan Ackroyd, pleaded guilty to several cyberattacks in the UK. The 26 year-old Ackroyd faces sentencing next month. 

Flannery has already been released on bail, and now faces a May 15 court date. 

Photo courtesy of Twitter  

Anonymous has called for an Internet blackout to protest CISPA, the much maligned cybersecurity bill that threatens your privacy more than it protects it. But without the support of Reddit, which co-sponsored last year's SOPA blackout, the Web isn't listening.

About 200 hundred sites have joined the #CISPABlackout today in protest of CISPA, which last week passed the House of Representatives. That may sound like a big number, but the list mostly consists of small sites within the hacker community. That's a big contrast to the last year's SOPA protests, which drew support from huge organizations like Google and Wikipedia.

Blackout your website: (requires some basic HTML/CSS knowledge): bit.ly/11dtXv6#CISPABlackout

— Anonymous (@YourAnonNews) April 22, 2013

Exceptions include the nonprofit Fight for the Future, which has tweeted solidarity but has not blacked out its site. Another is Stan Lee's Comikaze, the comic book convention backed by the former Marvel Comics head honcho, which has blacked out its site.

A Reddit Divided

Reddit itself appears conflicted over the CISPA blackout. Some Reddit sections, aka subreddits, have switched their background color to black and added a CISPA protest banner and link, but have stopped short of a full blackout that would inconvenience users by obscuring links. As of about 11am PT, subreddits including "pics," "politics," "funny," "askreddit" and "technology") have black backgrounds, although their listed links remain visible in the foreground. Reddit's front page and subreddits such as "news" and "worldnews" remain un-blackened.

It's a clear case of the hacker collective overestimating its influence, as my ReadWrite colleague Dan Rowinski suggested to me in chat earlier today. "Without Reddit, it is just Anonymous proclaiming something into its own echo chamber," he wrote.

It also doesn't help that Internet firms themselves are divided on CISPA. Microsoft and Facebook may have recently walked back their support for the bill — which, by the way, faces a veto threat from President Obama — but Google hasn't taken a position. And a rogue's gallery of telcos, ISPs and other tech firms support CISPA.

CISPA threatens our privacy by essentially giving the government a blank check to monitor all of our online communication, without a warrant. So a sign of solidarity blacking out the Web would be a good thing. But it seems the collective isn't as influential in garnering support as it is when its making cyberattacks. Which is too bad, because this mission would actually be a good thing.

Below is a video from Anonymous explaining more about the blackout:

If you want to contact your local senator or congressperson, check out this list of contact information from Anonymous. Here's some background on Anonymous' plans and how you can further support the blackout.

Lead image via Imgur, although it's circulating across the Internet and its provenance is unknown

The White House doesn't support the amended version of CISPA, the controversial Cyber Intelligence Sharing and Protection Act that would let companies and the feds monitor and share your online communication without a warrant. But while President Obama remains opposed to the bill's latest iteration, he's apparently hedging on whether he'd veto it.

The bill, aimed at data sharing between the public and private sectors, is a security nightmare for its vagueness and privacy oversight. Last year, we heard the same pop shots from Obama, except that back then he promised to veto the law. This year he isn't making any promises, although White House rhetoric suggests that the polarizing bill still comes up short in the area of privacy concerns. 

White House's National Security Council spokeswoman Caitlin Hayden said in a statement:

We continue to believe that information sharing improvements are essential to effective legislation, but they must include privacy and civil liberties protections, reinforce the roles of civilian and intelligence agencies, and include targeted liability protections.... We believe the adopted committee amendments reflect a good-faith effort to incorporate some of the Administration's important substantive concerns, but we do not believe these changes have addressed some outstanding fundamental priorities.

These comments came a day after the House Intelligence Committee passed the bill on an 18-2 vote on Wednesday. New amendments to the bill require government agencies to strip away any private information they receive from companies participating in information sharing, prohibit companies from retaliating against alleged hackers or cyberattackers and backed away from a clause that would have allowed the use of threat information sharing arrangements for vague "national security" reasons. These sound like digital freedom wins, but most other privacy protections didn't make the cut. 

It's unclear which way Obama will tilt, but if this year's slew of major government targeted cyber attacks and the President's cyber mandate mean anything, it looks like he may lean (and be forced politically) towards more regulation, even if it's flawed.

Next week, the new version of the bill is expected to head to the House floor for a vote. If you want to help light a fire under the president and legislators, sign this petition from the privacy advocacy group Fight For The Future and check out this video from Reddit co-founder Alexis Ohanian to see why you should also hold tech companies accountable for their support of this poorly written law. 

Photo courtesy of Shutterstock

Is Twitter moving on to bigger and better things? Maybe louder, more musical ventures? That's what it sounds like as the seven-year-old San Francisco micro blogging site confirmed Thursday that sometime last year it had acquired We Are Hunted, a music discovery service. 

Welcome to Twitter! “@wearehunted: We want to share some news with you. We Are Hunted has joined Twitter. wearehunted.com”

— Twitter Comms (@twittercomms) April 11, 2013

Social music is a huge space,  with social music apps bringing like-minded listeners together and exposing them to new music. This process is known as music discovery. Spotify is one such discovery service, with a freemium streaming music library valued in the $3 billion range. Rhapsody and Pandora are other major players in streaming music and discovery.

In the pure discovery realm, Shazam has become the go-to app to find out just what song is playing whenever you hear a track for which you just have to know the title. There's countless others, with the mobile market becoming a fast-evolving sector for engagement between musicians, brands and listeners. It's a new way to gain loyalty from fans and online exposure for artists. 

Twitter's purchase, We Are Hunted, tracks popular songs on social media, which means Twitter is likely prepping its own music app. This morning All Things D wrote that Twitter Music could launch as early as today, or by this weekend - timed to match the opening of the Coachella music festival. The new service would recommend users music based on who they follow on Twitter.

Ramping up that likely possibility, a landing page aptly titled Music.Twitter.com has gone live to help facilitate the process and get users to sign in to authorize the new music-trending app.

It's still early morning, but expect Twitter to reveal its sing-songy plan later today, or this weekend at the latest. Now it looks like Twitter is stepping into the same arena. Are your ears burning yet? 

Image courtesy of Twitter.

Michigan Wolverines. Louisville Cardinals. Syracuse Orange. Wichita State Shockers. Big name basketball teams with big name social media followings. Well, 3 out of 4 big names, and 2 out of 4 big social media followings.

Welcome to the NCAA Basketball Tournament's Final Four, where these four teams are fighting it out for the National Championship - and social media dominance. According to a new infographic from digital marketing agency Prime Visibility and Salesforce's Radian6, Louisville holds a slight lead over  Michigan, while a storied Syracuse squad is a distant third, faring about the same as the Final Four's biggest Cinderella, Wichita State. 

According to the infographic, more than half a billion Twitter users made some noise about their teams from the start of the tourney through the Elite 8 round. Things are likely to get even crazier this weekend leading up to the Championship game Monday evening.

Infographic Courtesy Of Prime Visibility. Lead image courtesy of Shutterstock.

As the world waits with bated breath to see if Pyongyang will make good on its nuclear threats, the hacker collective Anonymous has made its own move in the increasingly cyber conflict between North Korea and the world. 

On Tuesday, the group claimed to have stolen 15,000 passwords from the communist nation as part of what it calls Operation North Korea. Late Wednesday, as tensions rose in Kaesong over the North's closure and seizure of a industrial park it shares with the South, along with repeated declarations of nuclear launch, Anonymous advanced its own chess pieces. The hackers allegedly seized control of North Korea's official Twitter and Flickr accounts, in the process defacing several related websites, and making the autocratic nation look extremely unprepared for cyber attack.  

Tango Down flickr.com/photos/uriminz…

— uriminzokkiri (@uriminzok) April 4, 2013

The Uriminzokkiri accounts on both the social media networks, which translates to "our nation," looked like anything but North Korea's after the strike. The Twitter account's avatar changed to a couple in Guy Fawkes masks tangoing, while the Flickr account filled up with less-than-flattering images of the supreme leader, Kim Jong Un. 

In addition, several sites hocking propaganda material have been hit by digital graffiti (visit Aindf.com to see a wanted poster of Kim Jong Un). North Korean state-run news site Uriminzokkiri.com has been knocked offline, possibly by related DDoS attack. The Next Web is reporting that a Pastebin note, allegedly from the hacktivists, claims that they have agents on the ground fighting off the North's "cyber army." Below is an excerpt from the latest Pastebin message, supposedly penned by Anonymous members, explaining the group's reasoning and m.o. for the attack:

1. ecause of North Korea's new threats today we are forced to
2. contact you again.
3. Within this release we also take the chance to set some things
4. straight about our goals, because it seems some web citizens
5. didn't really get it right. Here we go:
6.  
7. @ Kim Jong-un
8. You just went full retarded! Never go full retarded.
9. We feel really sorry for your suffering of TDS
10. (aka "tiny dick syndrome") but be assured, threatening the
11. world with your nukes won't make it any better at all.
12. If you had finally opened up your country for the
13. real internet, you would have already seen over 9000 ads for
14. products devoted to solve your problem.

If Kim Jong Un really does have thousands of soldiers in his cyber army, it's likely that this attack will soon be thwarted and things will go back to normal. Normal, of course, being a relative term as the bluffing situation escalates between the peninsula and the rest of the world. 

Will Anonymous' actions (in February it hacked the U.S. State Department) push the conflict over the edge and give the 30-year-old despot reason to hit the launch button and plunge the world into hot war? Who knows what this digital assault will do to the man's ego, since he is already eager to prove himself in the wake of his father's passing.

(See also South Korea Cyber Attack Heightens Tensions In Hair-Trigger Region and World War III Is Already Here - And We're Losing.)

When ex-NBA oddball Dennis "the Worm" Rodman seems to have more on-the-ground knowledge of the leader than every major intelligence agency combined, you know we're in a pickle, no matter how you cut it. Anonymous is pulling on the tail of a tiger. If this is the prelude to the end of the world, let's hope it has a viable plan for when the beast turns around and bares its fangs.

Image courtesy of Uriminzokkiri

Depending on who you believe, the week long Spamhaus-Cyberbunker cyberattack we covered Wednesday was either a threat to the Internet itself or hyped up by an overzealous security vendor. Either way, it was still serious business.

While much of the Internet disruption may have in fact been localized to Europe, and also potentially caused by tampering with underwater telecom cables in the Mediterranean, big DDoS attacks — that is, distributed denial-of-service assaults that aim to knock target computers off the Internet — are real, and have been on the rise since 2010. 

Dan Holden, the director of ASERT, Arbor Networks' security engineering and response team, has been monitoring DDoS attacks for more than 12 years. In 2012 his company released a Worldwide Infrastructure Report that reports attack sizes have been peaking at around 100Gbps (check out this detailed look at the report here). This week's attack was more than 300Gbps — way above the norm, in other words. 

That's because the attackers actually co-opted part of the Internet's basic infrastructure -- the Domain Name System, or DNS -- in such a way as to greatly amplify the firehose stream of data they were directing at target computers.

Here's how they work, according to Carlos Morales, Arbor Networks' vice president of global sales engineering and operations:

Attackers send DNS queries to a [DNS server] on the Internet but use the victim address as the source of the query. When the response goes back, a response that is usually multiple times the size of the initial query, the response goes to the victim. Multiple this by hundreds of thousands of requests from bots on the Internet spoofing the one victim address and you get a very large flood of traffic to the victim machine.

Holden says DNS is becoming an increasingly popular target for DDoS. As many as 27 million DNS servers across the Internet are "open" in a way that allows them to be hijacked this way. 

That means that while this week's attack may not have knocked us Americans off of the Web, the amount of localized disruption overseas was definitely large enough to cause serious reverberations. This may not have been the Web's D-Day, but these could definitely be the opening salvo of a hacker blitzkrieg. Let's hope the ISPs and powers that be don't Neville Chamberlain it. 

Photo courtesy of Shutterstock

The Internet is groaning today under the load of a huge cyberattack — one of the worst on record — that's clogged some of its most vital systems. And while you might be inclined to blame Spamhaus or Cyberbunker, two European outfits at the center of this online dustup, almost no one is talking about the real villains here: the world's Internet service providers.

First, some background on Spamhaus vs. Cyberbunker. Yes, that sounds like the lineup at a punk-rock show, but it's actually a virtual battle that began when the anti-spam group Spamhaus added the Dutch web hosting company Cyberbunker to a blacklist used to fight spam. That apparently stung the outlaws at Cyberbunker, which prides itself on hosting anything but "child porn and anything related to terrorism."

Seemingly insulted, on March 19 Cyberbunker allegedly launched a major distributed denial-of-service (DDoS) attack — that is, one that aims huge streams of data at target Web servers in an attempt to knock them offline — against Spamhaus. When that failed, the attackers pivoted to a much more serious attack, one that exploited a vulnerability in the Internet's Domain Name System (DNS). And in so doing, they almost broke the Internet.

Dissing the DNS

DNS is a core service that translates URLs like readwrite.com into the numerical Internet addresses used by computers (204.9.177.211 in the case of ReadWrite). Without it, traffic on the Internet goes nowhere.

In this case, the attackers targeting Spamhaus turned to what's called a DNS amplification attack — one that basically tricks DNS servers into directing a huge flood of traffic at a target. This is relatively easy because many network providers and ISPs have left DNS servers (also called "resolvers") open and unprotected, meaning that they'll respond to requests from anywhere on the Internet.

All an attacker needs to do is to send a stream of forged DNS requests that appear to come from their target's computers. Open DNS resolvers do the rest, responding with automated messages that are much larger than the initial requests. The security company Cloudfare, which has assisted Spamhaus in its current fight, wrote that attackers can use DNS amplification to boost their initial DDoS data flood by a factor of 50 or more.

Which is exactly what Spamhaus's attackers appear to have done.

Why Your ISP Sucks

The big problem here, as you've probably already figured out, is that so many network operators have left their DNS resolvers open. It's fairly trivial to configure resolvers to filter out and ignore forged requests, but relatively few network operators have done so. The Open DNS Resolver Project, an Internet community initiative aimed at blocking this vulnerability, has catalogued more than 25 million open DNS resolvers around the world.

"If ISPs had fixed those issues, [which are] relatively simple, and [involve] very little cost, this kind of attack would have been impossible," Rodney Joffe, a senior vice president at the Virginia security firm Neustar, told me. 

How To Stop The Suckage

DNS resolvers are becoming an increasingly popular target for hackers. Dan Holden, a security official at Arbor Networks, told me that in a recent Arbor survey, a full quarter of respondents said they'd experienced serious DDoS attacks on their DNS servers in 2012 — double the number who acknowledged similar attacks in the previous year.

Fixing DNS vulnerabilities would be an ideal way to stop these attacks, says security expert Dan Kaminsky, who has helped shore up previous DNS problems. But he's skeptical that this will ever happen.

"If only everyone on the Internet made major changes at the same time, this wouldn't have happened," Kaminsky told me via email. Short of that, he said, the answer may lie in straightforward police work:

We stop DDoS by getting as close as possible to the source and doing something about it there, or by doing nothing and tolerating it. I prefer the former, in this case, by perhaps finding the person almost certainly responsible.

Photo courtesy of Shutterstock

Quick, the new Apple MacBook is out. What do you do? Mortgage next month's paycheck and pre-order it online? Or maybe wait a few months and get a refurbished version? Maybe you type in a school promotional code on the Apple site, and get a measly little discount? Or should you just buy an older model — or just sit on your hands and wait until the price drops? What to do, what to do?

Well, you could try something like this:

So if you can be patient, you stand a much better chance of finding some real deals out there for Apple swag.

Brooklyn-based Dealnews, a deal-hunting site founded in 1997, put together the above graphic to help consumers do just that. The site, which makes its money from advertising and affiliate partnerships, employs about 60 "dealhunters" who scour the web for good buys.

For the above graphic, Dealnews looked at a year's worth of data and calculated how long it takes a new Apple product to generate an actual deal for consumers. For example, the MacBook Pro 15.4" with retina display was released in June 2012 with a starting price of $2,199. The site listed a deal two days after its release for $118 off the initial price. Nine months later, the best deal was $350 off.

In other words, he who hesitates... may walk off with a bargain. (Works for "she who hesitates," too, of course.)

Dealnews offers another tip from its research. If you want the best price for Apple products, don't buy them from Apple! Instead, wait until a new model comes out, then haunt the MacMalls and Best Buys of the world and buy the previous version days or weeks after the new release. You can thank us — and Dealnews — later.

Image courtesy of Shutterstock

Infographic courtesy of dealnews

They almost seem like an afterthought, the comments attached to Internet content. These scribblings may seem like the anonymous musings of the masses, but many corporations are viewing them as a high-powered vehicle to drive lead generation and community building, and funding trends for commenting vendors suggests that this is not afterthought: Comments are a very valuable Web business.

Chances are you've used Livefyre and not known it. After all, their clients include some of the biggest media out there. With huge partnerships with Sports Illustrated, The New York Times, and TechCrunch, Livefyre's business is largely enterprise, and geared towards giving its clients, who boast millions of readers, new outlets to express themselves. Way beyond the typical social login, those options include live chat discussions, comment threads where users can embed YouTube videos, media and pictures, and new second screen experiences geared to drive engagement.

So when Livefyre announced a $15 million funding round last month to ramp up their mobile and moderating features, people took note.

If Livefyre is the new kid on the block flexing its muscles, then the tried and true veteran is Disqus, which has raised more than $10.5 million in VC investment. The six-year-old Y Combinator startup is the other major player in this sector, powering a total of 2.5 million sites, including big names like CNN and — ahem — ReadWrite. Disqus operates on a freemium model, with pro accounts at $99 a month. While it may not be fancy as Livefyre, it's effective, just like other commenting services like IntenseDebate and Echo, other players in this space.

That's a lot of choices for publishers, because there's value in giving customers varied options as to how they interact online. 

Let Them Comment

Users crave both more options from comments and more ways to engage with other readers and writers. As a result, publishers are shelling out dollars to increase that back-and-forth interaction. At the end of the day, people commenting on a page means longer active time spent on a site, and the potential of driving up click rates on adjacent ads. It's also about community building on these comment threads, and leveraging that community for more page views and reader loyalty.

Robyn Peterson, CTO of Mashable, says Livefyre has amped up conversations in three ways. Comment streaming drives up the "organic and lively feel of the conversation, which in turn drove more commenting from other readers. Second, since Mashable is a very social brand, a lot of our reader conversation takes place on Facebook, and Livefyre is able to cull those conversations and mirror them on our article pages, which coalesces the across-the-web comments into a single comment stream."

Lastly, Peterson says, social functions -- like the aforementioned embeddable media -- help readers "add more interesting content to a given article."

Interfaces that fuel user engagement creates maximum return on these comments, says Jordan Kretchmer, Livefyre's founder and chief executive officer. He sees comments as way beyond a linear and threaded tool.

"Our approach of integrating all conversations about an article or topic into one place makes us unique, regardless of the format those comments are displayed in," he said. "The centralization of social content is key to getting users to interact more."

Steve Roy, a Disqus VP for marketing and PR, says his company is not trying to build a better comment mousetrap. Instead, he wants to make it easier for people to participate in discussions and introduce them to communities where they can explore their passions:

Our AudienceSync feature enables users to easily connect their Disqus profile to publisher sites with one or two clicks. It makes it easy to participate in discussions on even more sites while enabling publishers to manage their own registration systems.

Roy explained that these tools are getting people to stay on the site and express themselves, a boon for publishers. "Our data shows more than half of all our page visits include time spent engaged in comment, either reading, sharing or leaving comments. Audiences truly care about this discussion. And as page real estate, it's unharvested revenue territory," to the tune of 15 million organic new clicks to publisher content a month.

A new tool called the discovery box recirculates traffic back to the publisher through promoted articles, providing a "new revenue stream each time a reader clicks on an advertiser's content," Roy said. "It's optimizing their comments section much like they already optimize the headlines and articles for search."

That interaction between commenters and blogs is producing real revenue. "This quarter, we're making revenue share payments to our publishers who have participated in our pilot native advertising launch," Roy said.

Real Value?

Comments are seeing a serious build up of online niches and sub-communities, to the point where some sites like Gawker have even toyed with the idea of charging readers to comment.

A year later, it seems they've given up on this pay-to-play approach, but Gawker has since introduced a new level of comment curation. Users who reply to an existing comment are more likely to get their opinions seen higher on the page than an earlier user who added a reaction directly to the original post. Gawker is attempting to highlight the most-trafficked and replied-to material, doing away with the chronological commenting stream, all in an effort to keep readers on site.

It's difficult to imagine a scenario where charging a fee to comment becomes plausible or scalable. It’s not something that we believe in culturally since speech tends to be viewed as both free as in freedom and free as in beer.

But publishers are investing in comment systems in an effort to generate more indirect revenue. People are commenting more than ever, driving huge consumption and engagement that publishers would lose if they didn't recognize the value of comments. A value that's at least the equal of the material they're commenting upon.

Photo courtesy of Shutterstock

Happy birthday, Twitter! In just seven years, you've evolved from a fringe service dubbed "twttr" to a mainstream phenomenon with more than 500 million registered users and 340 million daily tweets. 

But the Internet is fickle. Will the microblogging service still be around another seven years from now? To make it to 2020, Twitter is going to have to surmount some mighty big challenges.

Ready, Set... Go

Here they are in a nutshell. Sound off on what you consider Twitter's biggest challenges in our poll to the right or in comments:

1. Facebook: Competition from the Zuckerberg brand is huge. Instagram, now part of Facebook, is another giant rival. Both services have copied — and are continuing to copy — Twitter features like the news feed and hashtags. Twitter only stays one step ahead if it keeps rolling out new innovations that its competitors can't own. It's done well so far, but one big slip-up to cause irreparable damage.
2. Stagnation and spam: Detractors say Twitter has already peaked. These same folks are also quick to point out that many of its "registered users" — and, as a result, many followers of real users — are actually bots. It's hard to determine just how many users are actually active, but bots are already a problem for Twitter's business model, since no advertiser wants to pay to reach fake accounts. More insidious forms of advertiser spam surely lie in Twitter's future.
3. Weak Ad Platform. When it comes to making money online, many businesses prefer to funnel dollars to Facebook's fan pages over Twitter's promoted and sponsored tweets. It can be hard to significantly monetize on Twitter, and advertisers can have a hard time tracking their return on investment there. Twitter is great for engaging, solving customer service issues and even funneling traffic to a website. But direct selling often turns users off. And the advertising model has yet to be cracked here.

Photo via Shutterstock

Another hacker bites the dust. This morning, Andrew Auernheimer — aka "Weev" — got handed a sentence of 41 months in prison, 3 years of supervised release and a $36,500 fine. All for basically exposing a major security hole at AT&T and publicly shaming the company that hadn't ever bothered to fix it.

Back in 2010, Auernheimer and his partner Daniel Spitler, part of a team calling itself Goatse Security, hacked into a public server owned by AT&T. That server housed hundreds of thousands of email addresses of customers who owned 3G iPads. Through trial and error and some ingenuity, group members discovered they could randomly guess iPad identification numbers and then use them to extract matching email addresses from that server.

AT&T's Security Loophole, Exposed

This security loophole on AT&T's site returned email addresses associated with ICC IDs, the unique serial numbers used to track and link SIM cards on mobile devices with specific subscribers. A PHP script that automated the process ended up harvesting a whopping 114,000 email addresses. Auernheimer then sent news of the group's work as an exclusive to Gawker.

(See also: U.S. Announces 120,000 iPad Users Had Their Data Stolen)

A day later in a blog post on the Goatse Security site, Auernheimer and company wrote:

I want to summarize this explicitly:

• All data was gathered from a public webserver with no password, accessible by anyone on the Internet. There was no breach, intrusion, or penetration.
• The dataset was not disclosed until we verified the problem was fixed by the vendor.
• The only person to receive the dataset was Gawker journalist Ryan Tate who responsibly redacted it.

[...]

We did this to help you.

By its own account, AT&T responded with "swift action" to prevent additional intrusions: 

Within hours, AT&T disabled the mechanism that automatically populated the email address. Now, the authentication page log-in screen requires the user to enter both their email address and their password.

Problem solved, right? Wrong. A week later Auernheimer was arrested after the FBI raided his house. He was then charged with major computer crimes under the Computer Fraud and Abuse Act (CFAA), the same legal club prosecutors have used to go after Aaron Swartz and, last week, Reuters social editor Matthew Keys.

(See also: Reuters Social Editor Indicted Over Anonymous Hack; Internet's Jaw Drops)

During the trial, AT&T admitted the server was publicly accessible, yet claimed Auernheimer's access was unauthorized. Under the CFAA, unauthorized access is a crime. But the statute's ambiguity on that score has opened the door for egregious prosecutorial overreach in this and other cases.

On Nov. 20, 2012, a jury found Auernheimer guilty of one count each of identity theft and conspiracy to violate the CFAA. Today, Auernheimer was sentenced.

Fair Or Fanning The Flames?

Supporters of Auernheimer say what he did was not a crime. Maybe it wasn't smart to expose a major vulnerability at AT&T and then rub the company's nose, but stupidity shouldn't be a federal offense. Friends and colleagues point out that the point of hacking is to gain something from it — and in this case, there was no money involved and nothing else to gain but besides a measure of celebrity.

Australian journalist and hacktivist Asher Wolf wrote a poignant piece today arguing that's it's insane to publicly tar and feather someone who spurred a company to fix a problem, even if he didn't choose the most orthodox means of doing it:

Putting Weev behind bars is pointless and tragic. Jailing the most outspoken men and women amongst our generation won’t stop the leaks, the hacks, the news revelations, the whistleblowers — and most of all it won’t stop the rage of the malcontent, dispossessed youth from eventually tumbling down upon the heads of the bureaucrats who sold us out and then tried to lock us up when we complained.

Bees To Honey

AT&T's vulnerability was basically low hanging fruit — just too easy a target for hackers to ignore. But the question of whether AT&T was asking for it is more complicated.

Sure, poor security is asking for trouble. But playing with fire will get you burned no matter how righteous and ethical you claim to be. "Our conduct doesn't happen in a vacuum," hacker Adrian Lamo — the guy who allegedly dropped a dime on Bradley Manning — wrote on Twitter today. "I don't think 3+ years is warranted for Weev, but in totality of circumstances, it's understandable."

I respect weev's reasons and even his means for their ethical consistency. But he got exactly what he planned to. He owns his outcome.

— Adrian Lamo (@6) March 18, 2013

Still, this is significant time for essentially not hurting anyone, as the British journalist Laurie Penny pointed out. By comparison, the Steubenville rapists were sentenced to just one year in juvenile jail.

Note that @rabite just got sent down for 3.5 years for computer violations. That's 1.5 years longer than the #steubenville rapists #freeweev

— Laurie Penny (@PennyRed) March 18, 2013

This isn't over. Auernheimer is appealing his conviction. And either another example will be made to hackers everywhere, or the sentence will be reduced.

At the end of the day, Weev and co. were nicer to AT&T than, say, hacker HD Moore — who published unpatched iPhone flaws and exposed another big bug in Apple's WiFi — was to Apple. But that doesn't seem to matter much in the boardrooms and courtrooms of America. In their view, all hackers are criminals.

Even many mainstream journalists think all hacking is a crime. Last night on 60 Minutes, for instance, Lara Logan basically accused Jack Dorsey's early work of bordering on just that. And even with the best of intentions, hackers' attempts to route around the system will likely never gain the benefit of the doubt with the public.

Instead, they'll just keep earning jail sentences, at least unless and until the courts — or Congress, though don't hold your breath — push back against prosecutorial overreach. And that, at least, will give them plenty of time to repent at leisure.

Lead image via Flickr user shane_curcuru, CC 2.0; image of Andrew Auernheimer via Wikimedia Commons

Disbelief and shock. That's what's sweeping across the Web following news that one of its best and brightest social journalists, Reuter's Matthew Keys, has been indicted by the Department of Justice for allegedly helping Anonymous deface the Los Angeles Times website in 2011. (See the full indictment below.)

The 26-year-old deputy social media editor has been charged with providing hackers with server login credentials to access the Tribune Company's site. Keys had previously worked as a web producer for the Tribune-owned KTXL FOX 40, in Sacramento, Calif. The charges are serious, but what he allegedly did... wasn't, really. The site break-in described in the indictment led to a hack that defaced a story.

Keys has been charged with one count each of conspiracy to transmit information to damage a protected computer, transmitting information to damage a protected computer and attempted transmission of information to damage a protected computer. If convicted, he faces up to 10 years in prison, 3 years of supervised release and a fine of up to $250,000 for each count. In addition, he also must forfeit property related to the crime.

Journalists and members of the media are still having trouble wrapping their heads around the news.

wow – this story about Matthew Keys and Anonymous is bizarre: politico.com/blogs/media/20…

— Mathew Ingram (@mathewi) March 14, 2013

"Speechless," NPR's Andy Carvin wrote on Twitter. "Woah," said the Wall Street Journal's Liz Heron.

Even others in the hacker community are shaking their head, like 'Weev,' nee Andrew Auernheimer, who himself faces jail time over his role in exposing the email addresses of thousands of AT&T customers.

Let us pray for @thematthewkeys in his struggle against the beast.

— Andrew Auernheimer (@rabite) March 14, 2013

Say It Ain't So!

Key's alleged involvement with Anonymous, should it prove true, has been under our noses for some time. Keys wrote about Anonymous on multiple occasions, including his first post for Reuters back in Feb. 2012:

My first blog entry at @reuters: "Details in leaked FBI call could prove uncomfortable for Anonymous" - blogs.reuters.com/matthew-keys/2…

— Matthew Keys (@TheMatthewKeys) February 3, 2012

http://tinyurl.com/mattkeysexposed AESCracked/Matt Keys was former producer for Tribune sites. Gave full control of LATimes.com to hackers.

— The Real Sabu (@anonymouSabu) March 22, 2011

Why And What Now?

It's not entirely clear why the Justice Department choose to indict Keys now, in 2013, two years after the hacking/defacing incident. It's possible it took the government that long to gather evidence. Or maybe the feds tried, but failed, to turn Keys -- pardon the pun -- to nab bigger figures within Anonymous.

Either way, it certainly looks like the Justice Department wants to make an example of Keys, which would make him the latest of several high-profile Web figures so treated (think Aaron Swartz, Bradley Manning and even Kim Dotcom for starters).

According to The Atlantic Wire, Benjamin Wagner, the same federal prosecutor in the Keys case, took down Sabu. So did Sabu rat out Keys for a shorter sentence? At the moment, there's no way to know.

Personally, I'm saddened by this. I know Keys. Although we've never met in real life, our paths have crossed many times online. We follow each other on Twitter and are Facebook friends, and we direct message and Facebook message each other regularly. When I heard about the charges, I called Keys' phone. It rang and rang and went to voicemail. I left a message. I still haven't heard back.

His arraignment is April 12 in Sacramento, and according to some reports, it looks like he may be fired at Reuters. So was Keys a covert agent for Anonymous? A guy supportive of some deviant hijinks? Or actually an innocent bystander? We can't really say. If there's any truth to the indictment, my money is on him being a reporter who got too close to the fire and got burned.

Which could, of course, still ruin his career. But what I really hope is that Keys doesn't end up wasting his talents behind bars.

Here's the federal indictment:

Lede image via Matthew Keys' Facebook page

Copyright. Innovation. Free speech. These firestarting issues and the relationship between creation, law and technology were the topics in a Sunday panel that just may have been the sleeper hit of SXSW.

Speakers included Andrew Bridges, partner at Fenwick & West LLP, Margot Kaminski, the executive director at the Information Society Project at Yale Law School, Wendy Seltzer, policy counsel at the World Wide Web Consortium (W3C), Derek Khanna, a former Republican Study Committee staffer, and surprise guest Ben Huh, the chief executive of Cheezburger. All have been influential in speaking out against and litigating civil liberty cases pertaining to ACTA, SOPA and PIPA.

After the panel, ReadWrite spoke one-on-one with Bridges, whose 30-year career has included representing clients like Google and MasterCard in cases involving copyright, trademark and unfair competition. Bridges spoke on the lessons stemming from the hour-long panel:

ReadWrite: You have lots of criticisms of the copyright system. Can you explain your objections?

Andrew Bridges: Copyright is elevated to a level of importance in our society and our politics that it does not seem to deserve. If you actually took some copyright policies and extended them into other arenas, the consequences would seem absurd. Let's say we decided to apply the Six Strikes principal. Say you send out one of those mailers for a subscription to Time Magazine. And you check the box that says bill me later. Let's say that they start sending you Time Magazine, and after 2 or 3 issues they send you the bill, and you never pay. But in the meantime you have 6 or 8 issues before they cut you off for not paying. My proposal is let's adopt Six Strikes and knock somebody off the postal system. You don't pay for it, you don't get to use the postal service any longer. Or let's say somebody blows through a toll plaza 6 times, does that mean you don't ever use the highways anymore? In the world of DMCA take-down notices, the copyright holder sends 6 wrongful take down notices, maybe they should lose access to the copyright system itself. Why is this limited to occasional, or amateur or individual persons who induce copyright infringement and why are they subjected to these type of penalties?

ReadWrite: How is copyright disruptive to technology?

Andrew Bridges: New technologies do disrupt existing business models. They do disrupt current expectations of profits and revenues. Actually copyright law itself has its own disruptive function. The function of copyright law as it has evolved is indeed to disrupt innovation and to disrupt new technologies that threaten the interest of copyright holders. Frankly all copyright legislation has been in reaction to new technologies that are developed. And copyright law has sought as its purpose, interfering with, limiting, pampering and indeed disrupting innovation of technology, business plans, even disruption of consumer choice.

ReadWrite: For example?

Andrew Bridges: It's illegal to operate a business where you rent CDs out. Under copyright law, it's illegal to watch on your DVD player, a DVD that a Greek friend of mine brings over as a present, because it has region coding. That's a disruption of a user experience, by copyright law. We talk about disruptive technologies, but I think we're talking about both disruptive technologies and disruptive law. I think if we have to look at rival disruptions,  on the one hand [disruption] of business models and our expectations, and the other side [disruption] of technological developments and innovations and consumer choice, then I tend to cast my allegiance on the side of those who are disrupting older business models. That is how an economy grows, by creative disruption. That's exactly how innovation enriches our culture and gives us the progress of science and the useful arts.

If other laws were proportional to copyright law, the fine to jump a NY subw turnstile ($2) would be $370K. Thx @andrewbridges! @sxsw #ftmsx

— Flip The Media (@flipthemedia) March 10, 2013

ReadWrite: How out of whack are the penalties for copyright violation?

Andrew Bridges: A woman in Minnesota got hit with a jury verdict of $1.5 million for downloads without any evidence that she actually shared anything with anybody else. That law allows statutory damages, which I call fictional damages because they [are] divorced from any proof whatsoever. The law allows fictional damages of $150,000 per work infringed. And that includes $0.99 downloads. So the ratio between penalty and loss revenue is excessive... 150,000 to 1. Let's put copyright in the broader context. If I jump the turnstile of the New York City subway, If the copyright proportionality damages applies, it would be OK for that penalty fare to be $370,000. It's as ridiculous in copyright law as it is in subway law.

ReadWrite: So who's at fault here?

Andrew Bridges: People are focusing on Congress, [but] that's misplaced... after SOPA. Because things don't have to happen in Congress for bad things to go off. Even though SOPA failed, SOPA is now in some respects the law of the land. Because we now have Soft SOPA. We have the government putting pressure on advertising networks and putting pressure on payment processors, unofficially, to take the same measures that SOPA was going to require them to [do]. But now it's a sort of 'if you know what's good for you, could you pretty please, wink-wink' method.

ReadWrite: Can you give an example of that pressure?

Andrew Bridges: There are payment processors notifying companies that they are no longer willing to process payments for them. It's happening. It happened with three of my clients. It's part of what the administration calls its 'voluntary cooperation initiative,' which the Intellectual Property Enforcement Coordinator Victoria Espinel describes in her annual report. And we have advertisers blacklisting certain sites, and telling sites. 'We're not going to place advertising on your site because people tell us you're not a good site.' So that's happening. And it's being done as "Oh it's just a private decision." But it's no secret that the government is encouraging these private decisions. So that's why I call it Soft SOPA.

Photo courtesy of Wendy Seltzer.

The new Six Strikes anti-piracy program major ISPs rolled out last week — officially known as the Copyright Alert System — is geared toward catching those allegedly pirating copyrighted movies and games and, well, inconveniencing them until they stop. It's framed as an educational tool, but given that the participating Internet service providers are bound by no unifying or mandatory rules, there's a degree of uncertainty as to exactly what you can expect should you pop up on your ISP's anti-piracy radar.

Wonder no more. Here's a handy graphic that outlines exactly what we know about how the five major ISPs in the U.S. plan to use the system and how it will affect your Internet use. (Let us know what you think in comments.) Also, following the graphic: How Six Strikes may get you hacked.

What Could Possibly Go Wrong?

There's a lot of ambiguity about what happens after six strikes, and neither the ISPs nor the Center for Copyright Information (CCI) have clarified what consequences await customers who get that far. Daniel Nazer, a staff attorney at the Electronic Frontier Foundation, told me that "Strike Seven" might simply amount to Big Copyright hauling alleged infringers into court.

But there are other big problems. Nazer, for instance, argues that the system's pop-ups and alerts could easily provide cover for hackers to impersonate ISPs in order to seed malware and launch phishing attacks. "Given the scale of this and the kind of ways they're looking to contact their customers with emails and browser locks, it may be a particularly attractive target for malware," Nazer told me.

The open-source development blog FunnyMonkey calls Six Strikes "the best phishing opportunity ever" and "a gift to people looking to steal credit card information and other personal information." Too bad the CCI's Web site is silent on the risk of would-be phishers impersonating or hijacking its alerts.

Lead image modified from this image via Flickr user patersor, CC 2.0

Infographic courtesy of Neo Mammalian Studios

Last year, the South Pacific Island of Tokelau, a tropical atoll governed by New Zealand, became the first completely solar powered territory on Earth. Having invested $7.2 million on the project, the island of 1500 souls is now redirecting money it would have spent on oil to education, irrigation, and health care.

Could Tokelau's experience be a harbinger for the rest of the world? Maybe, maybe not. It is worth remembering, after all, that most of the island's inhabitants are subsistence farmers, and that thousands of their countrymen have emigrated to New Zealand and Samoa. An advanced economy it is not.

But let's take a moment to dream big and to consider just what it might take for solar to catch on in the same way across the industrialized world as well.

Sunny Scenarios

1. Swanson's Law. This rule, a play on Moore's law, posits that the cost of the photovoltaic solar cells used to generate solar power will fall by about 20% each time global manufacturing capacity doubles. Spin that forward a few generations and you have the prospect of solar power plants that are reasonably cheap to build... and nearly free to operate.
2. Better electricity storage and transmission. The sun doesn't always shine, of course. But new types of industrial-scale battery storage -- whether using liquid-electrolyte "flow" cells or something else -- could make it possible to save energy produced while the sun beams down for, well, a rainy day. And then transmit it to where it can do the most good.
3. New photovoltaic technologies. Forget Solyndra. Yes, its failure was a cause celebre for a while, but quite a lot has been going on outside that spotlight. In December, for instance, San Jose, Calif.-based Solar Junction hit a world record 44% solar conversion efficiency with a new type of photovoltaic cell. Many other startups continue to win federal funding for promising photovoltaic manufacturing processes that will keep Swanson's Law in business.
4. Climate change and high fossil-fuel prices. Should global temperatures continue to rise, or should oil prices remain high due to "peak oil" -- or both -- that would go a long way toward creating the economic incentives necessary to push solar technologies into mainstream energy production.

The U.S. and the rest of the industrialized world won't make the jump to solar overnight, especially given their continuing addiction to oil. Give these trends enough time to play out, though, and we may look back at Tokelau as a framework for solar.

Photo via Shutterstock

What if all of your online communication could be monitored and shared without a warrant? That's what's at stake if the latest version of CISPA, the controversial Cyber Intelligence Sharing and Protection Act, is approved by Congress.

After CISPA was shot down in 2012, a revised bill has been introduced that would let private companies and the government monitor Americans under the auspices of sharing intelligence about cyber threats. The intentions behind the bill may be noble, but the bill's language is packed with privacy problems and vague notions that give the government big loopholes through which to watch what people say and do online.

(See also Obama, Cybersecurity And The Return Of CISPA)

In the wake of a spate of hacking attacks and talks between House Intelligence Committee Chairman (and CISPA co-author) Mike Rogers (R-Mich.) and the White House, the bill is seeing forward movement. Talks are centering on whether or not companies will be allowed to share peoples' identities with the government. Those results, plus an upcoming special cybersecurity hearing by the House Committee on Homeland Security, will likely influence the bill, which is expected to make its way back to the House in April.

For or against, the lines in the sand are being drawn. Supporters include a slew of technology companies and interest groups. Dissenters comprise an equally deep set of advocacy organizations and Web heavyweights.

Here's a quick breakdown of who is on which side:.

CISPA Supporters

1. AT&T: Interprets the bill as promoting "private sector innovation, and protects fundamental American values."
2. Facebook: Supports enhancing "the ability of companies like Facebook to address cyber threats" and feels the bill would not make the company share any more of its own data than is currently required.
3. Comcast: "Preventing, detecting, deterring, and responding to cybersecurity threats are therefore fundamental requirements for our continued business success," David L. Cohen, the company's executive vice president wrote on February 13.
4. IBM: CISPA "would greatly improve the government and private sector's ability to mitigate cyber threats by enabling better information sharing," Christopher Padilla, vice president, IBM Governmental Programs, wrote on February 13.
5. Intel: Combating online threats requires "cooperative efforts of government and NGO stakeholders working together to improve cybersecurity in a way that promotes innovation and protects citizens' privacy and civil liberties," said Peter M. Cleveland, the company's director of global policy.
6. Time Warner Cable: The telecom giant supports the bill because it wants to protect its 15 million plus customers and feels CISPA enables a "shared responsibility born in partnership by the public and private sectors."
7. Verizon: Echoing other support sentiments, the company is pushing for the bill to bridge the private-public sectors and be able to share data to "secure private networks" and protect customers.
8. Oracle: Supported last year's version of the bill, stating that CISPA would remove the legal obstacles inherent in sharing data with the government.
9. Symantec: Defending information sharing, the company wrote in 2012 that this tactic is "not an end goal, but rather a situational tool to provide awareness."
10. Microsoft: Previously vocal in its support that the bill would "eliminate barriers and disincentives that currently prevent effective information sharing to guard against cyber attacks." Since then, Microsoft has clarified its position to say that it would move to "ensure the final legislation helps to tackle the real threat of cybercrime while protecting consumer privacy."
11. Google: The Mountain View company tried to steer away from taking a public stand, but last year, lawmakers in Washington alluded to having Google's support.

Other notable supporters include the U.S. Chamber of Commerce, USTelecom, the Broadband Association, Edison Electric Institute, Financial Joint Trades, Financial Services Roundtable, Internet Security Alliance, Juniper Networks, National Cable & Telecommunications Association and TechAmerica.

CISPA Opponents

1. American Civil Liberties Union: "The bill would create a loophole in all existing privacy laws, allowing companies to share Internet users' data with the National Security Agency, part of the Department of Defense, and the biggest spy agency in the world—without any legal oversight," the ACLU warned in 2012. With the new version still failing to addressing these concerns, the organization is asking supporters to sign its petition calling for the President to veto the bill.
2. Electronic Frontier Foundation: When CISPA was reintroduced in February 2013, the EFF joined the ACLU and Fight for the Future in combat. The Internet advocacy group is vehemently against the bill for a slew of reasons, including that it gives companies the right to monitor users and share that data with the government without a warrant. Transparency and accountability are also undefined by the bill, which creates a "broad immunity from legal liability for monitoring, acquiring, or sharing" communication and overriding "privacy laws like the Wiretap Act and the Stored Communications Act.
3. Center For Democracy And Technology: The Center's serious concerns include an "unlimited definition of the information that can be shared with government agencies notwithstanding privacy and other laws," which the CDT says will likely "shift control of government cybersecurity efforts from civilian agencies to the military."
4. Cato Institute: The public policy institute raises issues of hype and misinformation related to cybercrime causing a skewed perception of the problem. "Among dozens of surveys, from security vendors, industry analysts and government agencies, we have not found one that appears free of this upward bias."
5. Fight For The Future: The non-profit has setup a site to inform and protest the bill, calling CISPA "the end of meaningful privacy for anyone with personal data on U.S. based services."
6. Free Press: The media reform group acknowledges the need for protection, but warns> "CISPA could lead all too easily to governmental and corporate violations of our privacy and attacks on our right to speak freely via the Internet."
7. Mozilla: In a 2012 interview with Forbes, Mozilla’s privacy and public policy office called the language of the bill broad and alarming and said it "infringes against our privacy."
8. Cheezburger Inc.: Chief Executive Ben Huh told ProPublica in 2012 that CISPA is "SOPA's cousin who works for the CIA."
9. Reddit: Although previously undecided, on Friday at SXSW, Reddit founder Alexis Ohanian called his local congressman to protest CISPA. He says he won't invest in Facebook because of the company's support.
10. The White House: Last year, the President voiced his strong opposition to the bill, saying it failed to bridge the gap between privacy concerns and limiting sharing of personal information. "Citizens have a right to know that corporations will be held legally accountable for failing to safeguard personal information adequately. The government, rather than establishing a new antitrust exemption under this bill, should ensure that information is not shared for anti-competitive purposes." However, with Obama's new cybersecurity mandate and renewed talks and pressure from the House Intelligence Committee, that position could change.

Other individuals and organizations opposed to CISPA include Tim Berners-Lee, Bruce Schneier, Ron Paul,  Demand Progress, Entertainment Consumers Association, Free Market Coalition, Reporters Without Borders, Access Now, Sunlight Foundation and the American Library Association.   

One major online player missing-in-action stance wise is Twitter. While the microblogging platform is a hotbed of activism and campaigns for both sides, the company itself has not taken a public stand.

Tell us in comments: Where do you stand?

Photos courtesy of DonkeyHotey and Paul Swansen.

In an effort to chase patent trolls back under their bridges, two congressmen last week reintroduced a bill they call SHIELD — a laborious acronym that stands for Saving High-Tech Innovators from Egregious Legal Disputes. While the bill went nowhere in the last Congress, the timing seems pretty good now, particularly since President Obama recently urged Congress to take on patent trolls in a recent Google+ hangout. (Watch that portion of the hangout below.)

But while the pending legislation could help turn trolls to stone in court, SHIELD fails to address the real problem of patent abuse. If passed, the bill would most likely reduce the value of patents as weapons for litigation. But it would do nothing to protect companies from the practices that keep forcing them into court.

What Patent Trolls Really Cost

Patent trolls — who prefer to be known as "non-practicing entities," meaning they hold patents but don't use them to provide actual goods or services — effectively use patents to chisel money out of companies that actually do make things or provide services.

They've proliferated over the past few decades, and now the tech industry is throwing good money after bad in court cases instead of on innovation. In a 2011 study, Boston University found that businesses spend $29 billion fighting patent trolls every year, or about $1.7 million per case.

Predatory patent enforcement has stifled growth to the point where research and development budgets now include money earmarked to fight these legal battles. Shelling out dollars for lawyers is a major problem for companies big and small, and can be a kill shot for early stage startups, which may be forced into costly settlements even if a troll's case is weak.

Where SHIELD Succeeds

The SHIELD bill's main change would be to force patent trolls who lose their cases to to pay the defendant's legal fees. This change would protect legitimate companies and could break patent trolls who are abusing the legal system.

Another major plus: A requirement that patent trolls post bonds to cover the cost of legal fees they might owe if they lose. This provision basically allows a company being sued to tell the court early on in the case that they think trolls have no assets.

"The bond requirement will make it hard for thinly capitalized trolls to sue," says Colleen Chien, a patent expert and assistant law professor at Santa Clara University. Chien, who has testified on patent issues before Congress, the Department of Justice and the Federal Trade Commissions, says that fee shifting can work to help curb frivolous litigation by scaring off trolls.

This fee shifting provides a disincentive for trolls to file suit in the first place, says Ed Goodmann, a tech analyst at the San Francisco public policy group Engine Advocacy. In other words, it creates a role reversal in which the hunter becomes the hunted. But that's only in the courtroom, and that's where the problem lies.

Where SHIELD Fails

What SHIELD doesn't solve is the mess at the patent office. SHIELD is essentially a back-end solution to a front-end problem. It deals with what happens after a patent is granted instead of attacking the real issue, which is the way patents are granted in the first place.

Here's one example. Imagine mailing a letter to yourself with a stamped date on it. This becomes proof that you came up with an idea at that specific time. But what if you could unseal the letter, muck with it and add new info, and then reseal it while keeping the original date intact?

That's the basic idea exploited by many patent trolls, who legally cheat through a loophole in the patent system called the continuation application process. Trolls have swarmed the continuation process by taking old, previously filed applications and editing them with added documentation. This pushes the claim to the top of the patent office pile. Then trolls can say their claims predate those of competitors, giving them the legal fodder they need to challenge more legitimate companies.

"They sit around and wait and use new technology, and write their claims and claim priority back to years ago," explains Daniel Nazer, a staff attorney and policy analyst at the Electronic Frontier Foundation. SHIELD, he says, is "a big reform in terms of dealing with the patent troll threat, but it doesn't deal with problems of the Patent and Trademark Office. If you want to buy a patent just for the sole purpose of suing people, that business model is going to be less attractive. But it's not a silver bullet. You have to win a case, which is expensive before you get attorneys' fees."

All the positives of the bill are in the courtroom, not the patent office, Nazer says. He characterizes the bill as helpful in spurring the discussion towards patent reform, but a failure when it comes to addressing bigger outstanding issues.

What's Next

So SHIELD is only a piece of the patent puzzle. And an incomplete one, at that.

For starters, it's too soon to say if the bill will even pass, although it's certainly making waves in online circles. In a sign of solidarity, a coalition of more than 60 entrepreneurs and advocacy groups, including big names like Mark Cuban, Reddit co-founder Alexis Ohanian, the EFF, and Engine Advocacy, sent an open letter to Congress last week asking legislators to schedule hearings and support SHIELD.

There are other forces in motion as well. In January, the U.S. Patent and Trademark Office began a "software partnership" geared to get public input on how to improve software-related patents. The Federal Trade Commission also created a patent workshop in December to improve the process.

While these forums were geared more towards examining the way the system works as opposed to seeking legislative reforms, their very existence suggests that the agencies themselves recognize the patent system's shortcomings. That's a step people like the EFF's Nazer say is a good sign.

Will it be more than that? We can only hope, because otherwise piecemeal efforts like SHIELD will only address the tail of the problem, not its heart. 

Lead image via Flickr user tellumo, CC 2.0

What if every time you shared an illegally downloaded file a copyright alert went off and notified your Internet service provider? Well, that day is pretty much here.

It's the new "six strikes" plan against alleged pirates, formally known as the Copyright Alert System. It's been slow to get off the ground, having first been scheduled for launch last July, and then again last November. It may amount to little more than a wrist slap for copyright violators. But it is exactly what the Center for Copyright Information (CCI) and five major ISPS – Verizon, Comcast, AT&T, Cablevision, and Time Warner Cable – are apparently finally launching this week to try to scare you out of sharing pirated material.

The plan, backed by ISPs and Hollywood studios, has been a running joke in some quarters due to the internal tensions of its backing coalition and the general toothlessness of its sanctions. The CCI itself insists its system is intended to educate consumers, not punish them. Online chatter about this new system depicts it as less "big brother" and more as a big bother.

But we should care about Six Strikes, because it's likely to slow down the Web for some, subject others to burdens such as "mandatory" online educational courses, and widely violate the privacy of Web users – whether they're really pirating movies and music or not.

Bark Or Bite?

Back in November, leaked documents reported by TorrentFreak revealed that Verizon would monitor BitTorrent users and respond to alleged copyright violators in a staged fashion, starting with two email warnings. Should users continue their alleged infringing activity, Verizon will push out third and fourth warnings in the form of intrusive popups that force users to confirm receipt. If that doesn't do the trick, the ISP would slow down Internet connections to roughly dialup speed for 14 days.

But that's just Verizon – every ISP will be free to tailor restrictions. Last October, TorrentFreak likewise reported that AT&T will block users until they complete a copyright course, and in November relayed that Time Warner will temporarily disrupt service.

Here's the service in action, in a soothing video produced by the CCI:

What To Expect

Major ISPs actively monitoring and "trolling" our usage remains a major privacy issue, even if so far the modus operandi isn't as nefarious as it might sound. The simple fact that third-party outfits can identify the IP address of someone sharing or distributing copyrighted material and then report them to the ISPs is likely to alarm many users once these alerts start going out.

The new system doesn't force ISPs to shut off Web service to repeat offenders, but you can probably count on ISPs sharing the identities of alleged violators with copyright owners to pursue legal action. In the above video, the CCI says it won't give out customer information, but if the backers of the program – many of them the creators themselves – lean hard enough, ISPs will probably cave.

As it stands now, Six Strikes won't stop piracy. On the one hand, it's just too easy to get around – widely available VPNs, proxies and similar measures all bypass the kind of monitoring that's central to the system. Committed users can also just ignore the notifications, since there are apparently no sanctions past the sixth warning at ISPs like Verizon.

Still, this is interference, big time, from ISPs of a sort that Americans haven't previously experienced. Even in attenuated form, Six Strikes could have unexpected consequences, such as killing public Wi-Fi. (Though the CCI denies that coffeehouse hotspots are in any danger.) And it's not at all unreasonable to think that the sanctions could get more Draconian, given Hollywood's well-known history of pushing for ever-stronger restrictions once the camel's nose is under the tent.

So mind your bits and torrents, folks. This could get nasty.

Photo courtesy of Shutterstock