WikiLeaks founder Julian Assange is driven away in a taxi after leaving his hearing at the Supreme Court in London, Thursday, Feb. 2, 2012. Sweden's public prosecutor was right to demand the return of Julian Assange, a lawyer told Britain's Supreme Court Thursday, saying that failing to hand over the WikiLeaks chief would break with precedent and wreck European extradition rules. Photo: Matt Dunham/AP

WikiLeaks founder Julian Assange lost his Supreme Court extradition appeal on Wednesday, and an order to extradite him to Sweden to face sex crimes allegations was upheld.

But his lawyers were also granted a 14-day stay on the judgment while they consider applying to re-open the case on a technicality. One of his attorneys asserted that the Vienna Convention on Law of Treaties had not been argued by attorneys in the case and therefore should be re-opened. The attorney asked the court for two weeks to prepare an application to re-open the case, which the court granted.

Assange, who has been under house arrest for a year and a half, asked the Supreme Court last February to overturn an order extraditing him to Sweden on grounds that the European arrest warrant issued against him by the Swedish Prosecuting Authority was invalid because the Swedish prosecutor behind it was “working for the executive” and was therefore not a proper judicial authority, as the law requires.

But the seven Supreme Court justices ruled 5-2 that the prosecutor was a valid authority.

Assange lost his initial fight against extradition last year, but appealed it before a High Court. That court rejected his appeal last November.

He then appealed to the Supreme Court earlier this year. In order to do so, his attorneys had to show that his case related to a matter of public importance that went beyond Assange. The case was viewed as significant because if the justices ruled that the Swedish prosecutor was not a valid authority for requesting an arrest warrant, it would have called into question other extradition cases in the United Kingdom and elsewhere in Europe.

Assange will be able to remain in he United Kingdom for the next two weeks while his attorneys work out the details of his application to reopen the case.

Assange has not been charged with any crime in Sweden. He is being sought for questioning in Sweden on rape and coercion allegations stemming from sexual relations he had with two women in that country in August 2010. One woman has claimed that Assange pinned her down to have sex with her and intentionally tore a condom he wore. The second woman claims that he had sex with her while she was initially asleep, failing to wear a condom despite repeated requests for him to do so. Assange has denied any wrongdoing, asserting that the sex in both cases was consensual.

Map showing the number and geographical location of Flame infections detected by Kaspersky Lab on customer machines. Courtesy of Kaspersky

A massive, highly sophisticated piece of malware has been newly found infecting systems in Iran and elsewhere and is believed to be part of a well-coordinated, ongoing, state-run cyberespionage operation.

The malware, discovered by Russia-based antivirus firm Kaspersky Lab, is an espionage toolkit that has been infecting targeted systems in Iran, Lebanon, Syria, Sudan, the Israeli Occupied Territories and other countries in the Middle East and North Africa for at least two years.

Dubbed “Flame” by Kaspersky, the malicious code dwarfs Stuxnet in size — the groundbreaking infrastructure-sabotaging malware that is believed to have wreaked havoc on Iran’s nuclear program in 2009 and 2010. Although Flame has both a different purpose and composition than Stuxnet, and appears to have been written by different programmers, its complexity, the geographic scope of its infections and its behavior indicate strongly that a nation-state is behind Flame, rather than common cyber-criminals — marking it as yet another tool in the growing arsenal of cyberweaponry.

The researchers say that Flame may be part of a parallel project created by contractors who were hired by the same nation-state team that was behind Stuxnet and its sister malware, DuQu.

“Stuxnet and Duqu belonged to a single chain of attacks, which raised cyberwar-related concerns worldwide,” said Eugene Kaspersky, CEO and co-founder of Kaspersky Lab, in a statement. “The Flame malware looks to be another phase in this war, and it’s important to understand that such cyber weapons can easily be used against any country.”

Early analysis of Flame by the Lab indicates that it’s designed primarily to spy on the users of infected computers and steal data from them, including documents, recorded conversations and keystrokes. It also opens a backdoor to infected systems to allow the attackers to tweak the toolkit and add new functionality.

The malware, which is 20 megabytes when all of its modules are installed, contains multiple libraries, SQLite3 databases, various levels of encryption — some strong, some weak — and 20 plug-ins that can be swapped in and out to provide various functionality for the attackers. It even contains some code that is written in the LUA programming language — an uncommon choice for malware.

Kaspersky Lab is calling it “one of the most complex threats ever discovered.”

“It’s pretty fantastic and incredible in complexity,” said Alexander Gostev, chief security expert at Kaspersky Lab.

Flame appears to have been operating in the wild as early as March 2010, though it remained undetected by antivirus companies.

“It’s a very big chunk of code. Because of that, it’s quite interesting that it stayed undetected for at least two years,” Gostev said. He noted that there are clues that the malware may actually date back to as early as 2007, around the same time period when Stuxnet and DuQu are believed to have been created.

Gostev says that because of its size and complexity, complete analysis of the code may take years.

“It took us half a year to analyze Stuxnet,” he said. “This is 20 times more complicated. It will take us 10 years to fully understand everything.”

Kaspersky discovered the malware about two weeks ago after the United Nations’ International Telecommunications Union asked the Lab to look into reports in April that computers belonging to the Iranian Oil Ministry and the Iranian National Oil Company had been hit with malware that was stealing and deleting information from the systems. The malware was named alternatively in news articles as “Wiper” and “Viper,” a discrepancy that may be due to a translation mixup.

Kaspersky researchers searched through their reporting archive, which contains suspicious filenames sent automatically from customer machines so the names can be checked against whitelists of known malware, and found an MD5 hash and filename that appeared to have been deployed only on machines in Iran and other Middle East countries. As the researchers dug further, they found other components infecting machines in the region, which they pieced together as parts of Flame.

Kaspersky, however, is currently treating Flame as if it is not connected to Wiper/Viper, and believes it is a separate infection entirely. The researchers dubbed the toolkit “Flame” after the name of a module inside it.

Flame is named after one of the main modules inside the toolkit. Courtesy of Kaspersky

Among Flame’s many modules is one that turns on the internal microphone of an infected machine to secretly record conversations that occur either over Skype or in the computer’s near vicinity; a module that turns Bluetooth-enabled computers into a Bluetooth beacon, which scans for other Bluetooth-enabled devices in the vicinity to siphon names and phone numbers from their contacts folder; and a module that grabs and stores frequent screenshots of activity on the machine, such as instant-messaging and e-mail communications, and sends them via a covert SSL channel to the attackers’ command-and-control servers.

The malware also has a sniffer component that can scan all of the traffic on an infected machine’s local network and collect usernames and password hashes that are transmitted across the network. The attackers appear to use this component to hijack administrative accounts and gain high-level privileges to other machines and parts of the network.

Flame does contain a module named Viper, adding more confusion to the Wiper/Viper issue, but this component is used to transfer stolen data from infected machines to command-and-control servers. News reports out of Iran indicated the Wiper/Viper program that infected the oil ministry was designed to delete large swaths of data from infected systems.

Kaspersky’s researchers examined a system that was destroyed by Wiper/Viper and found no traces of that malware on it, preventing them from comparing it to the Flame files. The disk destroyed by Wiper/Viper was filled primarily with random trash, and almost nothing could be recovered from it, Gostev said. “We did not see any sign of Flame on that disk.”

Because Flame is so big, it gets loaded to a system in pieces. The machine first gets hit with a 6-megabyte component, which contains about half a dozen other compressed modules inside. The main component extracts, decompresses and decrypts these modules and writes them to various locations on disk. The number of modules in an infection depends on what the attackers want to do on a particular machine.

Once the modules are unpacked and loaded, the malware connects to one of about 80 command-and-control domains to deliver information about the infected machine to the attackers and await further instruction from them. The malware contains a hardcoded list of about five domains, but also has an updatable list, to which the attackers can add new domains if these others have been taken down or abandoned.

While the malware awaits further instruction, the various modules in it might take screenshots and sniff the network. The screenshot module grabs desktop images every 15 seconds when a high-value communication application is being used, such as instant messaging or Outlook, and once every 60 seconds when other applications are being used.

Although the Flame toolkit does not appear to have been written by the same programmers who wrote Stuxnet and DuQu, it does share a few interesting things with Stuxnet.

Stuxnet is believed to have been written through a partnership between Israel and the United States, and was first launched in June 2009. It is widely believed to have been designed to sabotage centrifuges used in Iran’s uranium enrichment program. DuQu was an espionage tool discovered on machines in Iran, Sudan, and elsewhere in 2011 that was designed to steal documents and other data from machines. Stuxnet and DuQu appeared to have been built on the same framework, using identical parts and using similar techniques.

But Flame doesn’t resemble either of these in framework, design or functionality.

Researchers aren't certain how Flame infects its initial target before spreading to other machines, but this graph suggests possible infection vectors. Courtesy of Kaspersky

Stuxnet and DuQu were made of compact and efficient code that was pared down to its essentials. Flame is 20 megabytes in size, compared to Stuxnet’s 500 kilobytes, and contains a lot of components that are not used by the code by default, but appear to be there to provide the attackers with options to turn on post-installation.

“It was obvious DuQu was from the same source as Stuxnet. But no matter how much we looked for similarities [in Flame], there are zero similarities,” Gostev said. “Everything is completely different, with the exception of two specific things.”

One of these is an interesting export function in both Stuxnet and Flame, which may turn out to link the two pieces of malware upon further analysis, Gostev said. The export function allows the malware to be executed on the system.

Also, like Stuxnet, Flame has the ability to spread by infecting USB sticks using the autorun and .lnk vulnerabilities that Stuxnet used. It also uses the same print spooler vulnerability that Stuxnet used to spread to computers on a local network. This suggests that the authors of Flame may have had access to the same menu of exploits that the creators of Stuxnet used.

Unlike Stuxnet, however, Flame does not replicate automatically. The spreading mechanisms are turned off by default and must be switched on by the attackers before the malware will spread. Once it infects a USB stick inserted into an infected machine, the USB exploit is disabled immediately.

This is likely intended to control the spread of the malware and lessen the likelihood that it will be detected. This may be the attackers’ response to the out-of-control spreading that occurred with Stuxnet and accelerated the discovery of that malware.

It’s possible the exploits were enabled in early versions of the malware to allow the malware to spread automatically, but were then disabled after Stuxnet went public in July 2010 and after the .lnk and print spooler vulnerabilities were patched. Flame was launched prior to Stuxnet’s discovery, and Microsoft patched the .lnk and print spooler vulnerabilities in August and September 2010. Any malware attempting to use the vulnerabilities now would be detected if the infected machines were running updated versions of antivirus programs. Flame, in fact, checks for the presence of updated versions of these programs on a machine and, based on what it finds, determines if the environment is conducive for using the exploits to spread.

The researchers say they don’t know yet how an initial infection of Flame occurs on a machine before it starts spreading. The malware has the ability to infect a fully patched Windows 7 computer, which suggests that there may be a zero-day exploit in the code that the researchers have not yet found.

The earliest sign of Flame that Kaspersky found on customer systems is a filename belonging to Flame that popped up on a customer’s machine in Lebanon on Aug. 23, 2010. An internet search on the file’s name showed that security firm Webroot had reported the same filename appearing on a computer in Iran on Mar. 1, 2010. But online searches for the names of other unique files found in Flame show that it may have been in the wild even earlier than this. At least one component of Flame appears to have popped up on machines in Europe on Dec. 5, 2007 and in Dubai on Apr. 28, 2008.

Kaspersky estimates that Flame has infected about 1,000 machines. The researchers arrived at this figure by calculating the number of its own customers who have been infected and extrapolating that to estimate the number of infected machines belonging to customers of other antivirus firms.

All of the infections of Kaspersky customers appear to have been targeted and show no indication that a specific industry, such as the energy industry, or specific systems, such as industrial control systems, were singled out. Instead, the researchers believe Flame was designed to be an all-purpose tool that so far has infected a wide variety of victims. Among those hit have been individuals, private companies, educational institutions and government-run organizations.

Symantec, which has also begun analyzing Flame (which it calls “Flamer”), says the majority of its customers who have been hit by the malware reside in the Palestinian West Bank, Hungary, Iran and Lebanon. They have received additional reports from customer machines in Austria, Russia, Hong Kong, and the United Arab Emirates.

Researchers say the compilation date of modules in Flame appear to have been manipulated by the attackers, perhaps in an attempt to thwart researchers from determining when they were created.

“Whoever created it was careful to mess up the compilation dates in every single module,” Gostev said. “The modules appear to have been compiled in 1994 and 1995, but they’re using code that was only released in 2010.”

The malware has no kill date, though the operators have the ability to send a kill module to it if needed. The kill module, named browse32, searches for every trace of the malware on the system, including stored files full of screenshots and data stolen by the malware, and eliminates them, picking up any breadcrumbs that might be left behind.

“When the kill module is activated, there’s nothing left whatsoever,” Gostev said.

UPDATE 9 a.m. PDT: Iran’s Computer Emergency Response Team announced on Monday that it had developed a detector to uncover what it calls the “Flamer” malware on infected machines and delivered it to select organizations at the beginning of May. It has also developed a removal tool for the malware. Kaspersky believes the “Flamer” malware is the same as the Flame malware its researchers analyzed.

Broadcasters are claiming in federal lawsuits Thursday that Dish Network’s DVR service, which allows the automatic skipping of commercials, breaches copyright law and retransmission agreements.

The suits by Fox, CBS and NBC are the broadcasters’ latest legal salvos against technological innovations, as those advances bring into question whether broadcasters’ longstanding business model can survive the digital age.

The Dish Network litigation concerns the March introduction of what the satellite company calls PrimeTime Anytime, which allows customers to record and store about a week’s worth of prime-time broadcast television. And two weeks ago, the Colorado company enabled playback of those archives without users seeing commercials.

The networks are labeling it a “bootleg” service that produces unauthorized copies of their shows and say it breaches signed licensing deals. And the consequences are dire, they warn. If the courts don’t block the service, it “will ultimately destroy the advertising-supported ecosystem that provides consumers with the choice to enjoy free over-the-air, varied, high-quality primetime broadcast programming,” the broadcasters told the court.

In the early 1980s, the Supreme Court ruled Americans have the fair use right to time-shift lawfully obtained content for later viewing. But that was using primitive technology like the VCR and Betamax, with limited recording capabilities. The Dish service records a day’s prime time lineup from ABC, CBS, NBC and Fox and stores up to 100 hours of those shows for up to eight days — all without the broadcasters’ consent.

“Fox has not consented to the recording of its copyrighted programs by Dish, or to the distribution by Dish to its subscribers of copies of all of Fox’s prime time programming for subsequent on-demand, commercial-free viewing,” Fox wrote in its suit.

Dish has also lodged its own federal lawsuit, seeking a declaratory judgement that its service is legal.

“Dish’s subscribers, private home viewers sitting in their living rooms, may fairly choose for themselves the content that they do and do not want to watch, and have paid for the right to do so,” Dish said in the filing. (.pdf)

Dish said that its customers, “with one click,” are doing the copying of the broadcasts, and have that right. And the broadcasters are still getting their retransmission fees, the company added.

“Dish subscribers are already paying for their television service. Dish passes along hundreds of millions of dollars collected from its subscriber base to the major television networks in the form of retransmission fees,” Dish said in its filing.

Analysts suspect the ad-skipping feature was just introduced to give Dish leverage in the next round of retransmission-fee negotiations. The Big Four broadcasters’ retransmission fees doubled last year to combined $394 million, and might double again this year, Variety said.

Variety quoted Janney Capital Markets analyst Tony Wible as saying the broadcasters are overstating their case. He suggested the ad-skipping feature might eat into 1 percent of their advertising revenue, about $162 million.

But the feature does point to an interesting possible future of a TiVo without real limitations. Given how storage prices continue to drop and that you can buy a 1Terabyte hard drive for under $100, one could imagine a future where anyone who wanted to could skip all commercials by having every show recorded to disk.

The development comes a week before a New York federal judge is set to hear broadcasters’ arguments that an upstart technology company called Aereo that streams over-the-air broadcasts to New Yorkers should be shut down.

Aereo’s New York customers basically rent two tiny antennas, each about the size of a dime. Tens of thousands of the antennas are housed in a Brooklyn data center. One antenna — unique to a customer — is used when a customer wants to watch a program in real time from a computer, tablet or mobile phone. The other works with a DVR service to record programs for later online viewing.

Federal retransmission licensing agreements are silent when it comes to internet streaming, so Aereo claims it does not have to licensing fees. The broadcasters claim Aereo is practicing “technological gimmickry” to skirt paying them licensing fees.

Each month, Google removes more than 1 million links to infringing content such as movies, video games, music and software from its search results — with about half of those requests for removal last month coming from Microsoft.

The search and advertising giant revealed the data Thursday as it released sortable analytics on the massive number of copyright takedown requests it receives — adding to its already existing data on the number of times governments ask for users’ personal data.

The Mountain View, California-based company removes links to comply with the Digital Millennium Copyright Act. The DMCA requires search engines to remove links to infringing content at a rights holder’s request or else face liability for copyright infringement itself. Google said it complies with about 97 percent of requests, which are submitted via an online form and usually approved via a Google algorithm.

The disclosure marks the first time a major internet search engine divulged its DMCA compliance numbers. The development comes months after some lawmakers blasted Google’s position against the Stop Online Piracy Act, an anti-piracy measure that would have fundamentally altered the DNS system, a core part of the net’s infrastructure in the name of piracy.

Google rejected some of the requests, Fred von Lohmann, Google’s senior copyright attorney said, because “the form is incomplete, the web page doesn’t exist or we look at it and say we don’t think it is infringing.”

The top rights holders demanding removal of links were Microsoft, at 543,000 last month, the British Recorded Music Industry at 162,000 and NBC at 145,000. The top targeted sites hosting allegedly infringing content were filestube.com at more than 43,000, torrents.eu at more than 23,000, and 4shared.com at more than 22,000.

The Pirate Bay, the most notorious online haven for copyrighted content, came in at an unimpressive 13th place, with 10,245 requests for takedowns of links to the site.

Von Lohmann said the data could be useful as lawmakers debate laws aimed at combating online infringement.

“Obviously, we know that policy makers in the U.S. and elsewhere are trying to think of proposed solutions to the online infringement problem,” he said. “In our view, those discussions are benefited by accurate data.”

Overall, Google received 1.24 million requests from 1,296 copyright owners for removal the past month. They targeted 24,129 domains.

The data largely goes back nearly a year, around the time Google began automating its removal procedure and making it easier for rights holders to issue demands via an online link. Sortable data before that time was not readily available, von Lohmann said.  But before the removal process became automated, Google said in a blog post that it removed less than 250,000 links in all of 2009.

Removal of links has become big business, as rights holders often farm out such duties. Marketly, of Redmond, Washington, issued almost 462,000 demands for link removal, earning it the top spot last month. The British Recorded Music Industry came in second last month, with more than 190,000 links.

NBC was apparently the only major organization working on its own behalf, according to Google’s data.

When news outlets recently quoted U.S. Secretary of State Hillary Clinton claiming that State Department operatives hacked the websites of al-Qaida affiliates in Yemen, we didn’t know whether to be proud of the feds’ leet skills or appalled at the administration’s hypocrisy regarding hacking.

Turns out the hacks who wrote the stories got it wrong – though Danger Room’s David Axe, who was on the scene, got the story right the first go-around. And now, with the hyped headlines dialed back, we’re just disappointed.

Turns out the team simply purchased anti-al-Qaida ads on the websites to counter anti-American ads the sites were running.

Call it Operation AdWords, if you like.

Clinton was delivering a keynote speech at the Special Operations Command gala dinner in Tampa, Florida, when, as the Associated Press reported, she described how State Department specialists attacked sites tied to al-Qaida, which were trying to recruit new members by “bragging about killing Americans.”

“Within 48 hours, our team plastered the same sites with altered versions of the ads that showed the toll al-Qaida attacks have taken on the Yemeni people,” Clinton said, according to the AP. “We can tell our efforts are starting to have an impact because extremists are publicly venting their frustration and asking supporters not to believe everything they read on the internet.”

The AP rushed out a story with the headline “Hillary Clinton: U.S. Hacked Yemen al-Qaida Sites,” only to revise the story with a more demure headline later, reading “Clinton: US wars with al-Qaida on the web.”

The latter story included new quotes from a State Department official clarifying that the specialist didn’t actually hack the sites. Instead, he said, they challenged extremists in open forums.

“We parody and poke holes in what they do,” the unnamed official said. He also explained that after al-Qaida supporters launched a new series of banner ads focusing on fighting Americans that depicted U.S.-flag-draped coffins, the State Department team countered the ads with their own.

They essentially launched a counterterrorism-by-AdWords campaign by purchasing anti-al-Qaida ads on the same site, featuring the coffins of Yemeni civilians killed in terrorist attacks.

Smart diplomacy in the internet era, but at best it’s a clever hack, not clever hacking.

UPDATE 2:40pm: A State Department spokeswoman has muddied the waters even further by now indicating that the ads weren’t even ads. She refers to them as “posts” and says they were free. No government funds were paid out to the web site in question. Below is an exchange the State Dept. spokeswoman had with reporters:

MS. NULAND: … So the specific case that the Secretary mentioned was a case where there was a nasty piece of al-Qaida propaganda, and we did our own counter-spoof of that as an effort to try to get our own message across. Whenever we do this, we make clear that we identify ourselves clearly as part of the State Department’s digital outreach team, so it’s always clear who the sponsors of the alternative posts are.

And let me also just make clear that we don’t hack. We don’t engage in covert activities. All of the work is attributed, as I said. In general, we usually do it on free sites and we do it in a free manner. Obviously, if we use YouTube, everybody pays on YouTube, so we do that, too.

QUESTION: So this was not hacking as such?

MS. NULAND: Correct. It was not. It was an alternative.

…

QUESTION: And can you describe a little bit more, I mean, what – in the timeframe, when this was happening? Was it only Yemen or are there other places?

MS. NULAND: No, the center operates anywhere that – in cyberspaces in particular, where we see propaganda that is put up by al-Qaida, by its affiliates. It posts on any sites where it finds this stuff. In this case, it was countering a site that was based or affiliated with Yemeni terrorists. But it does that anywhere in the world where it finds this kind of thing.

QUESTION: Can you just describe a little bit about what kind of – what your posts look like, what they said, versus what people were reading there?

MS. NULAND: My understanding of this particular post that the Secretary shouted out, the Yemeni site had put up pictures of coffins draped in American flags. We put up a counter-post of coffins draped in Yemeni flags to indicate that it is Yemenis who are dying at the hands of al-Qaida terrorists in Yemen.

QUESTION: Is that in good taste?

QUESTION: Okay. I just want to –

MS. NULAND: This is a matter of countering propaganda that is in the absolute worst taste.

QUESTION: But that’s – but my question is: Why is putting up what you described as a spoof with flags of – with Yemeni flags on top of coffins to try to make the point that it is Yemenis who are dying? You could easily look at that and think, well god, we’re – they’re just talking about killing Yemenis for example. So –

MS. NULAND: No, I appreciate your question, Arshad. The original post took pride in the killing of Americans. The point that we were trying to make in parallel was that, in fact, through this kind of activity, through this kind of propagation of violent extremism, through the kind of violent acts that groups like this are engaged in, it is actually more Yemenis who are meeting their death.

QUESTION: And do you regard it as a tasteful and proper use of U.S. Government funds to – just because somebody else puts out an image that you find offensive doesn’t necessarily mean that you should put up an image to make a point that others may find or may interpret offensively. And I just wonder if a lot of thought was given to the appropriateness and tastefulness for the U.S. Government to be putting up a photograph of coffins with Yemeni flags up.

MS. NULAND: Again Arshad, this is a site that is endeavoring to incite violence. We are simply making the point that the violence that they are inciting is ricocheting back against the local population and is not in service to a strong, stable, peaceful Yemen, but in fact is having the opposite effect.

So we are countering propaganda with a counter-narrative that we believe is closer to the truth of the situation.

Please.

QUESTION: I want to clarify: So in this instance, these – posting of these alternative ads was free and you could just post them up on the website, or was this an instance where they were paid for to be posted?

MS. NULAND: The information that I have at the moment is that particular one was one that was – that we did not have to – that was not paid for.

QUESTION: Okay.

MS. NULAND: There are instances where we do have to pay for it.

QUESTION: Okay. And then, in those instances where you do have to pay for them, what kind of vetting goes into these websites in terms of where those funds for the ads would go?

MS. NULAND: Well again, you are talking about putting up a counter-ad in – on a paid site like YouTube. So something has been paid for by the extremists, and we are paying for the counter.

QUESTION: Okay. So you wouldn’t put it up on the extremist site, I guess is what my question is. Is there like a conscious thought process?

MS. NULAND: There is a full vetting; there is a whole team that does these things. We’re not, sort of, out there.

Photo courtesy U.S. State Dept.

Tens of thousands of these tiny antennas are housed in a Brooklyn data center. They capture over-the-air TV broadcasts, which are then streamed over the internet to Aereo customers in New York. Photo: Aereo

Two digital rights groups urged a federal court Wednesday not to shut down an upstart technology company that streams over-the-air broadcasts to New Yorkers.

Public Knowledge and the Electronic Frontier Foundation, in a friend-of-the-court brief, said the courts should not shutter Aereo, as broadcasters are asking, simply because there is no federal licensing scheme yet for internet streaming of over-the-air broadcasts (one exists for cable companies).

Aereo’s New York customers basically rent two tiny antennas, each about the size of a dime. Tens of thousands of the antennas are housed in a Brooklyn data center. One antenna — unique to a customer — is used when a customer wants to watch a program in real time from a computer, tablet or mobile phone. The other works with a DVR service to record programs for later online viewing.

Aereo, which offers the service free but plans to charge about $12 monthly, does not divulge the number of its customers.

The broadcasters said Aereo is practicing “technological gimmickry” to skirt paying them licensing fees. Aereo’s business model, they said, “usurps their right to decide how and on what terms to make available and license content over new internet distribution media.”

But just because there’s no licensing mechanism doesn’t mean the unique service Aereo offers amounts to copyright infringement, the rights groups countered.

“Plaintiffs list particular examples of harms allegedly brought about by Aereo’s conduct, and claim them as being irreparable and substantial. However, the only cognizable harms amount to Aereo’s failing to pay licensing fees plaintiffs presume that they are entitled to,” the groups wrote the New York judge presiding over the case.

Shuttering the service, which the groups contend does not infringe the copyrights of ABC, CBS, NBC, Fox and other local broadcasters, “would deny to the public the benefit of advances in technology, contrary to the purpose of the Copyright Act.”

A hearing on whether the upstart, backed by financier Barry Diller, should be shut down is set to be heard in a New York federal courtroom next week.

In our earlier analysis of the case, we noted that, if Aereo were a cable or satellite company, it could transmit publicly available broadcast signals to its customers — under a complicated licensing-fee structure. Copyright holders in the programs being re-broadcasted have no say in the matter, under what is known as compulsory licensing. Congress adopted the licensing structure for cable and satellite following Supreme Court decisions in the ’60s and ’70s that allowed cable companies to hijack over-the-air broadcasts and include them in their primitive television packages.

And herein lies a 21st Century anomaly: The federally mandated licensing structure put into place is silent when it comes to internet streaming of over-the-air broadcasts that are carried over public airwaves. That’s why Aereo claims that, because of its proprietary technology that captures broadcasts and streams them to paying customers, it doesn’t need anyone’s permission to supply freely available television signals.

One of two GPS trackers found last year on the vehicle of a young man in California. Photo: Jon Snyder/Wired.com

A federal judge in Kentucky has ruled that 150 pounds of marijuana collected from a drug suspect’s car is not admissible evidence in court because investigators illegally used a GPS tracker without a warrant to uncover it.

U.S. District Judge Amul R. Thapar has barred prosecutors from using the marijuana stash, allegedly found in the car of 49-year-old Robert Dale Lee last year, because they had not obtained a warrant authorizing the use of the GPS tracker they placed on his vehicle as part of a multi-state drug investigation, according to the Associated Press.

A Kentucky State Police trooper allegedly found the pot when he stopped Lee’s vehicle in September 2011 after Drug Enforcement Agency investigators had tracked it from Chicago to Lexington, Kentucky. The DEA agents had reportedly placed the tracker on Lee’s car after a cooperating witness told investigators that Lee, who had prior convictions around the possession of a gun and drugs, had been transporting marijuana from Illinois to Kentucky.

“In this case, the DEA agents had their fishing poles out to catch Lee,” Judge Thapar wrote in his ruling. “Admittedly, the agents did not intend to break the law. But, they installed a GPS device on Lee’s car without a warrant in the hope that something might turn up.”

The ruling contravenes recent ones in other states, where federal judges in California, Hawaii and Iowa have found that evidence gathered through the warrantless use of covert GPS vehicle trackers can be used to prosecute suspects.

The patchwork rulings underscore a nationwide problem that has arisen in the wake of a Supreme Court decision earlier this year, which found that the use of GPS trackers on a person’s vehicle constituted a search under the Constitution, which would require, in nearly all cases, a warrant.

Because three U.S. District courts ruled prior to the Supreme Court decision that the use of GPS trackers without a warrant was lawful, federal judges in those districts — which cover 19 states as well as Guam and the Mariana Islands — have found that law enforcement agents and prosecutors in their regions can use a so-called “good faith exception” to support warrantless GPS surveillance in pending cases where data was gathered prior to the Supreme Court ruling.

Circuit courts in the 7th (covering Illinois, Wisconsin and Indiana), 8th (covering Arkansas, Iowa, Minnesota, Missouri, Nebraska, North Dakota and South Dakota) and 9th (covering Alaska, Arizona, California, Guam, Hawaii, Idaho, the Mariana Islands, Montana, Nevada, Oregon and Washington) all ruled prior to the Supreme Court case that warrantless GPS tracking was legal.

Last month, U.S. District Judge Mark Bennett in Iowa ruled (.pdf) that the GPS tracking evidence gathered by DEA agents against a suspected local drug trafficker prior to the Supreme Court ruling could be submitted in court. He made the ruling under a so-called “good faith” exception, because the agents were relying on what was then a binding 8th U.S. Circuit Court of Appeals precedent that authorized the use of warrantless GPS trackers for surveillance in Iowa.

Judges in two other GPS cases in California and Hawaii, both in the 9th Circuit where a precedent ruling exists, asserted the same “good faith” exception in March.

The exception comes from a 2011 Supreme Court case, Davis v. United States (.pdf), which allows a good-faith exception for searches that reasonably relied on binding precedents that were later found to be faulty.

But luckily for Lee, Kentucky, where he is being prosecuted, falls in the 6th circuit (.pdf), which had no such ruling on GPS prior to the Supreme Court case.

According to court documents, a DEA task force officer placed the GPS tracker on Lee’s car on Sept. 2, 2011 while the suspect was meeting with his federal probation officer in London, Kentucky. Three days later, DEA agents noticed that Lee had driven to Chicago and were tracking him as he returned to Kentucky. The officer tipped off a state trooper that Lee was likely transporting marijuana.

The trooper stationed himself with a drug-sniffing dog along the highway Lee was traveling, and pulled the suspect over under the premise that he was driving without a seat belt. When Lee consented to a search of the car, the drug-sniffing dog honed in on the drug stash.

Judge Thapar wrote that the DEA’s use of the GPS tracker was unlawful because the investigator had no binding court precedent he was relying on to use the device.

“Without GPS tracking data, the DEA agents would not have known that Lee traveled to Chicago (to pick up the drugs), that he was returning to Kentucky along I-75, or his exact position,” Thapur wrote.

Law enforcement’s use of GPS vehicle trackers came under increased scrutiny last year when the U.S. Supreme Court took up the case of United States v. Jones, which also involved the use of GPS trackers in a drug investigation.

Antoine Jones was given a life sentence by a lower court for drug trafficking, based in part on evidence gathered with a GPS vehicle tacker placed on his Jeep. A federal appeals court in Washington, D.C., later ruled that collecting data from the GPS device amounted to a search, and therefore required a warrant. Prosecutors argued that the device only collected the same information that anyone on a public street could glean from physically following the suspect. But the appellate court judge wrote in his ruling that the persistent, nonstop surveillance afforded by a GPS tracker was much different from physically tracking a suspect on a single trip.

The Obama administration called the appellate decision “vague and unworkable,” and petitioned the Supreme Court to rule that authorities did not need to obtain a warrant to use the devices. The Supreme Court justices ruled earlier this year in January that GPS tracking of a suspect’s vehicle qualified as a search under the U.S. Constitution, but stopped short of ruling that authorities needed to obtain a warrant every time they used a tracker.

The justices said that law enforcement authorities might need a probable-cause warrant from a judge, but did not say definitively whether such a search was unreasonable and required a warrant. Most legal experts, however, say the implication is that the use of such devices would require a warrant on any investigations going forward.

A district court sentenced 27-year-old Georgy Avanesov, a Russian citizen of Armenian descent, to four years in prison on charges of creating and spreading the Bredolab virus that infected an estimated 30 million computers around the world. The malware siphoned bank account passwords and other confidential information from infected computers.

According to prosecutors, Avanesov developed Bredolab in Armenia around March 2009 and used computer servers in Holland and France to spread the virus. They say he earned about $125,000 a month renting out access to compromised computers in his botnet so that criminals could use them to spread other malware, send out spam, or use them to conduct distributed denial-of-service attacks.

Avanesov reportedly confessed to investigators that he had written Bredolab, but denied having any knowledge of its criminal usage. He simply made it available to others, he argued, without foreknowledge of how they planned to use it.

He was arrested in 2010 after Dutch authorities seized control of about 143 infected computer servers that were servicing the botnet.

Although Armenia is not a leading haven for cybercriminals, the arrest and conviction of Avanesov there can be viewed as part of an encouraging trend to law enforcement agencies in the west, since it shows a willingness in some East European countries to begin clamping down on cyber criminals in a region that has long turned a blind eye to such activity.

Image courtesy FBI

After months of anticipation, WikiLeaks founder Julian Assange will get a final ruling from a British court next Wednesday on his appeal of an extradition order to Sweden to face sex crimes allegations.

Assange, who has been under house arrest for a year and a half, asked the Supreme Court last February to overturn an order extraditing him to Sweden on grounds that the European arrest warrant issued against him was invalid because the Swedish prosecutor behind it was “working for the executive” and was therefore not a proper judicial authority, as the law requires.

Swedish authorities have maintained that the arrest warrant was proper and valid because in the early stages of an investigation when an arrest is first being sought, judicial authorities do not have to be independent or impartial.

Should the seven justices of the Supreme Court agree with Sweden and uphold the extradition ruling, Assange will have one last chance to appeal to the European Court of Human Rights in Strasbourg, France.

Assange lost his initial fight against extradition last year, but appealed it before a High Court. That court rejected his appeal last November.

The Supreme Court agreed to hear his appeal of that verdict earlier this year. The case is significant because it could throw into question other extradition cases in the U.K. and elsewhere in Europe if the justices rule that the Swedish prosecutor was not a valid authority for requesting an arrest warrant.

Assange has not been charged with any crime in Sweden, and used that fact as his primary defense in his earlier appeal to the High Court.

The High Court rejected this argument, as well as the argument questioning the validity of the warrant, and ordered that Assange must be returned to Sweden.

Assange then sought permission from the High Court to appeal to the Supreme Court. In order to do so, his attorneys had to show the High Court that his case related to a matter of public importance that went beyond Assange. The High Court refrained from asserting that his case met this criteria, but nonetheless gave him permission to ask the Supreme Court directly to hear his appeal, though a High Court judge asserted that Assange’s chance of succeeding in the Supreme Court was “extraordinarily slim.”

Assange is being sought for questioning in Sweden on rape and coercion allegations stemming from sexual relations he had with two women in that country in August 2010. One woman has claimed that Assange pinned her down to have sex with her and intentionally tore a condom he wore. The second woman claims that he had sex with her while she was initially asleep, failing to wear a condom despite repeated requests for him to do so. Assange has disputed their claims.

Assange has denied any wrongdoing, asserting that the sex in both cases was consensual.

Photo: Julian Assange (center) speaks to the media, flanked by his lawyers Mark Stephens (left) and Jennifer Robinson after making an appearance at Belmarsh Magistrates’ Court in London, Jan. 11, 2011. Matt Dunham/AP

Photo: Marco Fieber/Flickr

Facebook is agreeing in “principle” to settle allegations that its “Sponsored Stories” advertising platform breached its users’ privacy.

Terms of the deal (.pdf) were not immediately disclosed. The suit, (.pdf) filed in April 2011, claimed that the social-networking site did not adequately provide a way to opt out of the advertising program that began in January 2011.

Sponsored stories work like this: If a Facebook user “likes” an advertiser, that user’s profile and picture may appear on some of their friends’ Facebook pages — in ads — stating that the person, indeed, “likes” that advertiser. Facebook also reserves the right to do this on ads that appear on sites other than Facebook, though it has not done that.

Facebook and class-action attorneys were set to hold oral arguments Thursday in a San Jose, California, federal courtroom on whether the case could proceed as a class action representing perhaps millions of Facebook users. The lawyers wrote U.S. District Judge Lucy Koh on Tuesday that they have executed “a term sheet memorializing their settlement in principle.”

The development comes on the third trading day following Facebook’s IPO. It closed at $31, down from the original $38 asking price on Friday. The settlement agreement will eventually become public and requires Koh’s signature.

In November, the Federal Trade Commission slapped Facebook’s hand and settled government charges it “deceived” users that their information would be kept private, although it was “repeatedly” shared with the public.

The FTC deal, among other things, required Facebook to submit to a privacy audit every two years for the next two decades. The accord, which carried no financial penalties, demands that the social-networking site obtain “express consent” of its 850 million users before their information “is shared beyond the privacy settings they have established.”

Regarding Tuesday’s settlement, the ad settings at issue are not contained in Facebook’s privacy settings, and instead are in a section called Facebook Ads under the main profile settings.

While terms of Tuesday’s settlement were not lodged with Judge Koh, we suspect they will be similar to a 2010 settlement in a different Facebook privacy flap.

In that case, a  federal judge approved a $9.5 million settlement to a class-action lawsuit challenging Facebook’s so-called “Beacon” program that monitored and published what users of the site were buying or renting from Blockbuster, Overstock and other locations without users’ permission.

The lawyers in that case were awarded about $3 million of the pot, and the remainder was earmarked for grants to study online privacy.

Facebook, without admitting wrongdoing, terminated the Beacon program, though much of it has resurfaced under the guise of Facebook’s so-called “frictionless sharing.”

Under the latest deal, Facebook users likely would have to opt in to participate in the “Sponsored Stories” program or be provided a clear mechanism to opt out. It was not immediately known whether Facebook would kill the “Sponsored Stories” program.

The five named plaintiffs in the case will likely receive several thousand dollars each, while Facebook likely will admit no wrongdoing.

The plaintiffs’ lawyers, who likely will reap millions in the latest case, did not immediately respond for comment. Facebook declined comment.