From rforno at infowarrior.org Tue Aug 1 09:49:43 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 01 Aug 2006 09:49:43 -0400 Subject: [Infowarrior] - Siggraph: Taking on fair use, privacy and DRM Message-ID: If industry viewed people as 'customers' or 'clients' instead of 'consumers' they would provide more usable products IMO. I mean, 'consumers' are in the business of 'consuming', not 'using' ... Which leads to a very one-sided perception of product utilization needs from business, I think. Semantic whining, I know. Still, the word 'consumer' irks the hell out of me. -rf Siggraph: Taking on fair use, privacy and DRM By Candace Lombardi http://news.com.com/Siggraph+Taking+on+fair+use%2C+privacy+and+DRM/2100-1047 _3-6100680.html Story last modified Tue Aug 01 06:16:31 PDT 2006 BOSTON--"More choice for you" is the argument a Sony executive repeatedly made when questioned about digital rights management during an open-mic panel at Siggraph, a computer graphics industry conference held here this week. The panel let conference attendees question Sony directly about its digital rights management (DRM) policies, and attendees and panelists weren't shy about expressing their views. Given the ease with which music, video and other information is distributed digitally, DRM in some form or fashion is necessary to ensure such material is bought and sold fairly and copyrights are protected, said Mitch Singer, executive vice president of the digital policy group at Sony Pictures Entertainment. "I think fair play protected Steve Jobs' ability to protect his hardware so that he could sell it for a lot more money. To allow consumers to have choice to listen, buy or (participate in) subscription models--there is no way around it unless you have a new system of DRM," Singer said. In addition to Singer, the "Digital Rights, Digital Restrictions" panel discussion featured Karen Sandler, an attorney from the Software Freedom Law Center; Emru Townsend, founding editor of Frames Per Second magazine and a contributor to PC World's Digital World blog; and Robert Ryang, a film student who has created satirical adaptations of copyrighted films for the Independant Film Channel. But it was Singer who got the most questions. "The music industry was successful in shutting down Napster and MP3.com, but you have to ask yourself: Wouldn't they (record companies) have been better off if they had done deals with them? We (the film industry) are not smarter than the music industry; there but for the grace of bandwidth go us," Singer said in his opening remarks. A barrage from the audience Singer repeatedly tried to emphasize that Sony plans to work with the changing dynamic of content and consumers as technology makes content transfer easier. But the audience, familiar with many of the arguments in favor of digital rights management, was well armed with questions and complaints. Many expressed anger over Sony's use of "rootkit" anticopying software as a means of protecting copyright. ""I am not here to talk about rootkit. Symantec had been using it before Sony BMG, and there was not this outcry," said Singer. Questions from Siggraph attendees also concerned their annoyance with regional coding, which prevents people from playing DVDs from one region of the world on a DVD player in another, even though the customer purchased the DVDs legally. "Your industry's argument for coding is to control the release dates of films from one country to the next, but it's still there on a 20- or 30-year-old film," one Siggraph attendee complained. A case for interoperability Singer shared an anecdote of how he, too, had been frustrated by regional coding. He took the question as an opportunity to point out Sony's support of interoperability for content--an approach that would allow movies or music to be played on more than one type of device, according to Singer. He was critical of Apple Computer's iTunes when it came to interoperability, something he said he believed was going to be the key to the future of content. "The problem with DRM now is that we have no interoperability. When iTunes consumers realize that they just spent all this money and then a new gadget comes out from Sony or Microsoft or Samsung . . . I think there is going to be a revolt when they realize they will not be able to transfer that content to that device. Protect content, but make it transferable," said Singer. His main argument for digital rights management was that it allows consumers greater choice in how they consume content. "When I think of DRM I think of enabling new offerings to the consumer. Maybe a consumer wants to watch a movie, and for that the price may be $1.99, for someone who wants to own it the price will be $9.99, or around there, depending on the product," said Singer. But both Townsend and Sandler pointed out to Singer that technological models without DRM already exist to provide that option, and that the Digital Millennium Copyright Act may be overreaching in the ways it protects copyright and the mechanisms designed to do it, even if the mechanisms prevent fair use. "DMCA means that even if a court agreed you can make a copy for personal use, it's illegal to crack the code," said Townsend. "I am deeply suspicious of DRM technology in part because the DRM we see now says that it protects copyright law, but it also prevents legitimate use, for parity, news and education. (It) is overbroad for legitimate use. As the restriction stands now, when public material falls in to the public domain, the DRM tech stays in place and does not fall away. DRM also has the potential to compromise privacy and security," said Sandler. Singer acknowledged that there will always be piracy from "those who have more time than money," such as college students, but that Sony's aim is to make content convenient and reasonably priced and reasonably restricted enough to prevent general working consumers from going to other channels. While most agreed that such an aim would probably work, Townsend warned that Sony should take cultural attitudes into account. While anime fans stopped burning and distributing the Japanese films once they were available in the U.S., said Townsend, it was done in large part because the fan base had a respect for the anime industry. The contempt held by most young digital consumers for large corporate content providers may carry over into their adulthood, he said. "Every year, millions of analog consumers die and millions of digital consumers come into the marketplace, and we have to deal with them," Singer said, noting that it was his job to remind Sony executives of that fact. The discussion went on for almost two hours and didn't often stray from concerns about fair and personal use, privacy and rights protection for digital content. The criticism of Sony and its industry was fierce, considering the audience consisted of computer graphics industry professionals, who themselves benefit from the protections of copyright laws. There was one source of consumer irritation, however, that Singer did not even try to defend. "Why, when I buy a DVD, am I forced to watch commercials?" an audience member asked. "I know. I agree. I'm with you there," Singer said, laughing. From rforno at infowarrior.org Tue Aug 1 10:04:21 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 01 Aug 2006 10:04:21 -0400 Subject: [Infowarrior] - New SSN Card Reissue Guidance Message-ID: SUMMARY: The interim final rules published at 70 FR 74649, on December 16, 2005, are adopted as final with only minor changes. These regulations reflect and implement amendments to the Social Security Act (the Act) made by part of the Intelligence Reform and Terrorism Prevention Act of 2004 (IRTPA), Public Law (Pub. L.) 108-458. Section 7213(a)(1)(A) of Pub. L. 108-458 requires that we limit individuals to three replacement SSN cards per year and ten replacement SSN cards during a lifetime. The provision permits us to allow for reasonable exceptions from these limits on a case-by-case basis in compelling circumstances. This provision also helps us to further strengthen the security and integrity of the SSN issuance process. DATES: These regulations are effective December 16, 2005. < - > http://cryptome.org/ssa073106.htm From rforno at infowarrior.org Tue Aug 1 19:51:37 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 01 Aug 2006 19:51:37 -0400 Subject: [Infowarrior] - ReallyReady.org Message-ID: http://www.fas.org/reallyready/index.html In February of 2003 the United States Department of Homeland Security released Ready.gov, an emergency preparedness web resource for Americans, as a cornerstone of its multi-million dollar Ready Campaign. As of March 2006, Ready.gov has received more than 23 million unique visitors. Unfortunately, Ready.gov contains information that is both inaccurate and incomplete. The Department of Homeland Security has been alerted both publicly and privately of this problem. However, the modifications that have been made to the site over the past three years, including an update in July 2006, have not adequately addressed the errors. A thorough analysis of Ready.gov by the Federation of American Scientists reveals that numerous shortcomings remain. We therefore developed ReallyReady.org, a emergency preparedness web resource with comprehensive and correct information. The Federation of American Scientists hopes to achieve two purposes with ReallyReady.org: 1. To provide clear and correct information to citizens interested in preparing themselves and their families for an emergency 2. To persuade the Department of Homeland Security to take a serious look at Ready.gov and their policy on the accuracy of information and to make important changes that will help Americans to prepare for terrorist attacks or natural disasters. We recommend that the Department of Homeland Security request the assistance of scientific, military, and emergency response experts to make crucial alterations to Ready.gov. Until FAS deems Ready.gov acceptable, we will ensure that the information on ReallyReady.org will remain updated, useful, and correct. We hope this site will demonstrate to the Department of Homeland Security that their multi-million dollar site can be useful and we hope they will update their site as quickly as possible. Acknowledgements ReallyReady.org could not have been created without the assistance of: * Hilary Styron and the National Organization on Disability?s Emergency Preparedness Initiative for their assistance with the content of ReallyReady Disabilities * RAND Corporation for their study on "Individual Preparedness and Response to Chemical, Radiological, Nuclear, and Biological Terrorist Attacks" From rforno at infowarrior.org Tue Aug 1 21:47:12 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 01 Aug 2006 21:47:12 -0400 Subject: [Infowarrior] - How Google Earth Is Changing Science Message-ID: SPIEGEL ONLINE - August 1, 2006, 12:02 PM URL: http://service.spiegel.de/cache/international/spiegel/0,1518,429525,00.html The Mapping Revolution http://service.spiegel.de/cache/international/spiegel/0,1518,druck-429525,0 0.html How Google Earth Is Changing Science By Manfred Dworschak Biologists, epidemiologists and disaster control experts are discovering Google Earth as a powerful tool in their work. The success of the digital globe has reawakened interest in computer mapping models. Erik Born constantly keeps tabs on the whereabouts of his walruses no matter what part of the Arctic Sea they might decide to visit on a given day. Just off Greenland's ice-bound coast last spring, the Danish biologists managed to embed tiny tracking sensors in the animals' blubber. Now, he can follow his subjects through the four seasons, wherever they might migrate. Born doesn't even have to leave his own office. Instead, Google Earth's digital globe rotates on his computer monitor. A position marker on the screen identifies the position of each walrus. Google Earth wasn't really intended for scientists. The Google search engine's extraordinary globe, which is made up of hundreds of thousands of satellite photos and aerial images, was initially meant as a game for virtual hobby pilots. Users discovered that it was fun to fly over their own homes, swing up into space and, within seconds, swoop back down into the depths of the Grand Canyon. But now the scientific community is discovering how useful the software is for their own work. With a single keystroke, biologist Born superimposes colored maps over the Arctic. The maps show him where the ice sheet is getting thinner and the direction in which the pieces of floating ice on which walruses like to catch a ride are drifting. All of the ice data, which comes from satellites and measuring buoys, is available on the Internet. By loading the data into the program, Born can detect how global warming is affecting the migratory behavior of his giant walruses. And it's not just walruses. Google Earth played an unexpectedly useful role in the wake of last summer's disastrous flooding in New Orleans following Hurricane Katrina. Within just a short time after the hurricane struck, Google Earth had already added 8,000 post-disaster aerial photographs of flooded areas taken by the US National Oceanic and Atmospheric Agency (NOAA). The images allowed disaster relief workers to scan areas on the computer and search, for example, for passable roads. (Geo)Graphically depicted information NEWSLETTER> Sign up for Spiegel Online's daily newsletter and get the best of Der Spiegel's and Spiegel Online's international coverage in your In- Box everyday. Epidemiologists, meteorologists and urban planners have also discovered the magic of Google's model of the globe. For them, one of the program's most attractive features is the ability to graphically depict many different types of data on the digital planet. They can set position markers for cases of bird flu or the locations of crimes. The markers have already been used to label hundred of volcanoes. Clicking on the volcano markers opens a window containing images and explanatory text and even a Web camera shot of a smoking crater. Maps, showing data such as population density or ocean temperatures for example, can be layered over the globe. It isn't surprising that the virtual globe, available as a free download in its basic version, has spread like wildfire. After all, it provides a place to put all the hopelessly scattered information we have collected about our world. Namely, on the earth itself. The digital globe finally depicts everything exactly where it belongs. Computers have long been capable of processing geographic data. There are powerful, special programs that can create all kinds of colorful maps. And unlike Google Earth, which can only be used to display data, these programs -- experts call them geo-information systems, or GIS -- are also useful in analysis. But operating the programs is also incredibly cumbersome. Their biggest drawback is that they spit out vast numbers of individual maps without providing a look at the whole picture -- they don't provide a digital globe rotating directly in front of the viewer's eyes. Google Earth's popularity among ordinary users is injecting new life into the entire industry. "Google Earth offers globally available data in a very straightforward manner," says Klaus Greve of the Geographic Institute at the University of Bonn. "It's also very appealing to researchers who were previously intimidated by real GIS software." Species distribution on the Web Greve is working on one of the most ambitious projects in the field of geographic data. He is part of a global effort currently underway to develop a vast species database for everything that wiggles, walks and grows on the earth. Scientists want the database to automatically include information about the habitats of known plants and animals. The data is derived from the enormous collections of natural history museums, where millions of samples -- dried, stuffed or preserved -- are kept in long-term storage. You can even see two different years at once. Here, the Rhine River in 1983 and 1999. FACHHOCHSCHULE MAINZ / Google Earth You can even see two different years at once. Here, the Rhine River in 1983 and 1999. The database will also include the location and time of the find for almost a hundred million objects, data now being scanned and compiled. "For the first time, this will allow us to develop maps showing the global distribution of species," says Greve. "Google Earth can then be used to display their locations." The program, though, can't do everything. Experts need special software to analyze the data more closely and embark, for example, on excursions into biospheres of the past. To study the spread of the grasshopper warbler and purse-web spider before the Industrial Revolution, for example, a data traveler would simply pull up the desired time window. "This allows us to discover how human beings have affected the environment in which they live," says Greve. Some of the most avid users of the new geography programs are epidemiologists, who use them to track the spread of disease, and disaster control experts, who often have to make quick decisions over deployment of personnel and resources. Both groups need to be able to readily combine all kinds of data, something for which Google Earth has only limited capacity. Calculations for entire ecosystems Consistency has also been a problem. "There is currently no open standard that everyone understands," says geo computer scientist Alexander Zipf of Mainz Technical University. But Zipf's team is working on the problem. Their first aim is to develop software that's just as useful for tracking catastrophic floods as reactor accidents. The objective is a constantly updated situation map that includes all of the data rescue and disaster relief teams need. Meteorologists will provide weather data, geologists the data on the flow of ground water in a given area and the Federal Radiation Protection Office the data collected by radioactivity sensors. Only if the data from all sources fit together can the geo-programs utilize their true strength: computing. If necessary, they can even perform calculations for entire ecosystems. A team of researchers armed with all manner of sensory equipment and measuring devices is currently traveling in Inner Mongolia, where desertification threatens to destroy vast areas of pastureland. When sheep and goats eat away all the vegetation, the topsoil becomes hard and brittle and is eventually blown away by the wind. The question scientists want to answer is how many grazing animals the environment can support without being destroyed. To do so, they monitor the movement of dust and measure moisture and methane levels in the soil for different types of vegetation and climate. The computer takes the data derived from smaller areas and performs projections for comparable larger areas, creating models that can be used to simulate the long-term effects of pastural agriculture. But the scientists have to be careful not to become too enthralled with the images themselves. "The software produces these wonderfully colorful maps," says Lutz Breuer, an ecologist in the German city of Giessen who is also involved in the project. "It's tempting to interpret the maps in ways that aren't even supported by the data." Google Earth has become wildly popular. Some have even begun making designs on the ground to greet users -- like this one in Germany. DPA Google Earth has become wildly popular. Some have even begun making designs on the ground to greet users -- like this one in Germany. Google Earth's globe would be far too basic for these types of environmental models. But the company has already announced coming improvements. The company apparently figures that the more the scientific community uses digital maps in its work, the more attractive the tool becomes for the general public. Google Earth, live This kind of thinking has also given new impetus to the established makers of GIS programs. The California-based firm Esri, a market leader in the field, plans to launch a completely revised version of its ArcGIS program in a few weeks. The new version will also feature a virtual globe accessible through the Internet. "It allows you to fly around wherever you wish, just like with Google Earth," says Jack Dangermond, the CEO of Esri. "But we've also built in all kinds of tools for researchers." For example, before embarking on a virtual flight over Seattle, the program can incorporate data, such as regional ground water distribution statistics, into its map images. Skyline, a US firm, has announced a new planet model that's also capable of processing moving images. The model, Skylineglobe, almost seamlessly inserts live video images into its panoramic views from space, offering a novel experience to the cyber traveler. As one flies over a soccer stadium, for example, an aerial view opens up of a match currently underway. A camera mounted on the roof of the stadium delivers the images, while the program automatically adjusts the camera angle. Life gradually begins appearing on the globe, allowing users to observe their own planet in full swing. Although the technology is currently limited to traffic cameras and a few gimmicks, it does show the direction digital globes are taking: The point is not just to display more and more data in refined abstractions. At the same time, the artificial globe is becoming less and less complicated. One day, so goes the prediction, it will be identical with the world it depicts. Translated from the German by Christopher Sultan ? SPIEGEL ONLINE 2006 All Rights Reserved Reproduction only allowed with the permission of SPIEGELnet GmbH From rforno at infowarrior.org Wed Aug 2 08:24:19 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 02 Aug 2006 08:24:19 -0400 Subject: [Infowarrior] - Telecom tax imposed in 1898 finally ends Message-ID: Telecom tax imposed in 1898 finally ends By Marguerite Reardon http://news.com.com/Telecom+tax+imposed+in+1898+finally+ends/2100-1037_3-610 1004.html Story last modified Tue Aug 01 13:59:15 PDT 2006 The Spanish-American War has been over for more than 100 years, and now so is the tax imposed in 1898 to help fund it. As of Tuesday, all phone companies selling long-distance phone service are legally required to eliminate the 3 percent federal excise tax on long-distance service, which had been established in 1898 as a luxury tax on wealthy Americans who owned telephones. Verizon Communications said Tuesday that it has stopped collecting the 3 percent federal excise tax on monthly consumer telephone bills for long-distance and bundled services. After a long legal battle and strong urging from Congress, the Internal Revenue Service and the Department of the Treasury decided in May to discontinue the federal 3 percent excise tax on long-distance telephone service effective Aug. 1. It also decided not to apply the tax to wireless, voice over Internet Protocol service, prepaid telephone cards and other bundled services. The IRS also said it would allow taxpayers to claim a refund in 2007 for taxes collected on those services retroactive to February 2003. The last portion of the tax, pertaining only to local telephone service, remains in effect. But Verizon and other telecom companies are urging Congress to repeal the tax in total this year. "We have been working for years on behalf of our customers to eliminate this outdated and regressive tax," Bob Ingalls, president of Verizon's Retail Markets Group, said in a statement. "This is a good first step in alleviating consumers' telephone tax burden." From rforno at infowarrior.org Wed Aug 2 08:26:41 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 02 Aug 2006 08:26:41 -0400 Subject: [Infowarrior] - Peace and Privacy in the Pacific Message-ID: Peace and Privacy in the Pacific By Jennifer Granick 02:00 AM Aug, 02, 2006 http://www.wired.com/news/columns/1,71511-0.html In 2004, three men distributing leaflets opposing the Iraq war near a Japanese military base were arrested, interrogated, held for 75 days and then convicted and fined for trespassing. Many people believe that the prosecution of these men, who came to be known as the Tachikawa Three, was heavy-handed and discriminatory. The Tachikawa Three have become a rallying point for two movements: Japanese pacifists opposing constitutional changes that would free the nation to join military actions, and a nascent pro-privacy movement that's gaining surprising ground in a country with no native word for "privacy." Last week, I met Toshimaru Ogura, professor of political economy and information economics at Toyama University, in a cafe in Tokyo's Shinjuku Station. Much of Japan's social and professional interaction takes place in cafes, bars, parks and restaurants rather than in homes or offices. Still, the Japanese view these as public areas, subject to government surveillance, rather than private meeting places. The Japanese aren't especially familiar with the concept of privacy, Ogura says, and the country has no longstanding activist organizations dedicated to protecting privacy rights. As a result, grass-roots organizing around privacy has been particularly difficult in Japan. But the recent groundswell of opposition to Japan's proposed "Conspiracy Law" bill -- opposition fueled by the Tachikawa Three case -- may herald a sea change. In 2000, Japan signed the United Nations Convention Against Transnational Organized Crime and its Protocols. (The United States is also a signatory.) The convention requires member nations to make it a crime to participate in groups with an illegal purpose. The proposed Conspiracy Law is Japan's effort to implement the terms of the convention. This impacts privacy because once this participation, or "conspiracy," is illegal, law enforcement can use one of the most invasive tools in its arsenal -- wiretapping -- to investigate the offense. Criminalizing conspiracy has obvious appeal. In principle, stopping crimes before they occur always makes sense. And it makes a lot more sense in the post-9/11 world, where grand terrorist acts, unlike street crimes, aren't just something to be avoided, but are intolerable. On the other hand, who decides what groups are illegal to join? Organizations with unpopular goals must be distinguished from groups with illegal ones. And there's a risk that innocent people will get caught in law enforcement dragnets if illegal activities by one member are imputed to every member. Invasive tools like wiretapping may not be appropriate to combat trivial crimes like the Tachikawa Three's trespassing for the purposes of distributing leaflets, and perhaps should only be used to investigate conspiracies to commit more serious offenses. United States law attempts to address some of these problems by forcing prosecutors to prove that the defendants didn't just talk about committing crimes, but did something in furtherance of their illegal agreement. Other countries require proof that the defendant was actually informed that the organization to which he belonged was criminal, or that the defendant had an illegal intent to commit a crime. In Japan, citizens in coalition with activists, journalists and lawyers strongly objected to the first proposed version of the Conspiracy Law, which didn't have any such safeguards. So far, the coalition has been able to delay passage of the bill and force amendments that give slightly less discretion to police and prosecutors. Many Japanese citizens understand that the surface allure of the Conspiracy Law might be undermined by the reality of its enforcement. Ogura says that the Tachikawa Three case demonstrated that police already were enforcing existing laws discriminatorily against pacifists. In a similar case, a Buddhist priest opposing U.S. military presence in Japan was arrested last year for trespass while leafleting near an American base in Okinawa. Under the Conspiracy Law, the Tachikawa Three and the priest could be wiretapped and arrested before the pamphlets even go out. The public here sees this as an even more frightening threat, not only to the popular ideology of pacifism, but also to freedom of association more generally. By fighting the Conspiracy Law, Japanese activists aren't rejecting the idea that police should be able to stop some crimes before they happen. Rather, they are insisting that Japan's parliament define the crime in a way that doesn't result in surveillance and arrests of journalists, workers for nongovernmental organizations, union members or peace activists. Few expect this coalition to succeed in stopping the Conspiracy Law altogether. It enjoys strong support among the ruling party in the Diet. But if the group has a lasting impact on Japanese citizens' view of privacy and surveillance, it will be a great success nonetheless. According to Ogura, pro-privacy coalitions usually form around specific policy issues and then dissolve when the matter is decided. For example, when the police set up closed-circuit television cameras to monitor the streets of Kabuki-cho near Shinjuku Station, activists held a public meeting to discuss the issue, and the Asahi Shinbun newspaper critiqued the plan. When the cameras went up anyway, the pro-privacy coalition disbanded. Similarly, in 2002 an ad hoc coalition protested the implementation of Juki Net, a resident-registration program that collects identifying information and tracks residents for more efficient electronic government. The Juki Net system is now in place, and the outcry is mostly done with -- though advocates continue to push for improvements to the system. The coalition in opposition to the Conspiracy Law may be a bit different. The coalition is an extension of a past organization formed in opposition to a widening of Japan's wiretap act earlier this decade. It is also in tune with pacifist sympathies. Pacifism is a popular view in Japan -- and pacifists are speaking out as Prime Minister Junichiro Koizumi seeks to amend the post-World War II "peace clause" in Japan's constitution to allow the country to participate in military action abroad. The coalition is also operating at a time when the misapplication of police power is fresh in the public's mind because of the Tachikawa Three case. When privacy issues arise in ways that make sense to ordinary people, people care about privacy. Ogura says that his students don't oppose closed-circuit television cameras in the streets, but they do oppose installing them in the classroom. The Tachikawa Three prosecution makes the failings of the broad Conspiracy Law apparent to many Japanese. The challenge for Japanese privacy advocates is to build on this success, whatever happens with the Conspiracy Law in the next Diet session. The challenge for U.S. advocates is to make privacy issues as salient to Americans as the Tachikawa Three case has done for the Japanese. - - - Jennifer Granick is executive director of the Stanford Law School Center for Internet and Society, and teaches the Cyberlaw Clinic. ? From rforno at infowarrior.org Wed Aug 2 10:20:26 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 02 Aug 2006 10:20:26 -0400 Subject: [Infowarrior] - Interesting Study re: Internet Use Message-ID: Heavy Internet users are different 2006-08-02 09:40:00 OTTAWA (CP) - There's a new study that says heavy Internet users lead a considerably different lifestyle than people who do not surf the web. Statistics Canada says it found that heavy Net users spent less time to socializing with their spouse or partner, or their children and friends. And they tended to stay at home, showing less interest in outdoor activities than non-users." Rest of article: http://money.canoe.ca/News/Sectors/Entertainment/2006/08/02/1715240-cp.html More information about the study can be found here: http://www.statcan.ca/Daily/English/060802/d060802a.htm From rforno at infowarrior.org Wed Aug 2 15:58:16 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 02 Aug 2006 15:58:16 -0400 Subject: [Infowarrior] - Specter Rushing Thursday Vote on Surveillance Bill Message-ID: Call Congress Now - Specter Rushing Thursday Vote on Surveillance Bill August 02, 2006 http://www.eff.org/deeplinks/archives/004862.php Because of phone calls and letters from constituents like you, Senator Arlen Specter is feeling the heat. Having previously delayed a vote on his dangerous surveillance bill, he is now intent on moving it out of committee on Thursday. This sham "compromise" bill will help the government continue to break the law, vastly expanding the president's power to spy on you without any meaningful oversight from Congress or the courts. If you haven't already called and your Senator is on the Judiciary Committee, please use our Action Center and call your Senator immediately to stop this dangerous bill. Your friends and family could be constituents of Judiciary Committee members -- spread the word and urge them to call Congress now. If you're a blogger, post a "Stop the Surveillance Bills" button. From rforno at infowarrior.org Wed Aug 2 23:13:03 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 02 Aug 2006 23:13:03 -0400 Subject: [Infowarrior] - Britain Begins Publicizing Terror Threat Level Message-ID: August 1, 2006 Britain Begins Publicizing Terror Threat Level By ALAN COWELL http://www.nytimes.com/2006/08/01/world/europe/01cnd-britain.html?_r=1&oref= slogin&pagewanted=print LONDON, Aug. 1 ? British security services today publicized their assessment of the probability of a terror attack for the first time, telling Britons they faced a ?severe? threat, meaning that an attack was ?highly likely.? Under a new system introduced as part of an effort to make the intelligence services seem more open, the threat level appeared on several official Web sites, including http://www.intelligence.gov.uk, which is run by the British espionage and counterterrorism establishment, and http://www.mi5.gov.uk, the domestic security service Web site. The level of peril facing Britons has been contentious since last year, when the security services lowered the threat level assessment two months before the July 7 bombings in which four bombers killed 52 passengers on the London transport system. ?Threat levels are designed to give a broad indication of the likelihood of a terrorist attack,? the intelligence.gov.uk website said in a posting. ?They are based on the assessment of a range of factors including current intelligence, recent events and what is known about terrorist intentions and capabilities. This information may well be incomplete and decisions about the appropriate security response are made with this in mind.? Unlike the previous secret grading system offering seven levels of threat, the new system has been simplified to five, starting with ?low,? meaning an attack is unlikely, to ?critical,? meaning an attack is expected imminently. Unlike American threat assessments, the British system is not color-coded. ?Severe? is the second-highest threat level, but the Web site did not say what kind of attack was likely. The assessment is roughly the same as it has been for a year. Britain?s apparent vulnerability relates to assumptions among intelligence experts that its military presence in Iraq as America?s most resolute ally has helped make it a target. ?In recent years, Iraq has become a dominant issue for a range of extremist groups and individuals in the UK and Europe,? The MI5 Web site said today. Assessing the threat from Al Qaeda, the Web site said: ?British and foreign nationals linked to or sympathetic with Al Qaeda are known to be present within the U.K.? It added: ?Some British residents have traveled to Iraq to join the insurgency against the country?s government and multinational coalition forces. In the longer term, it is possible that they may later return to the U.K. and consider mounting attacks here.? The relative openness follows other measures by the intelligence elite to swap its traditional cloak and dagger for a web-and-wired modernity: last October, MI6, the secret intelligence service that once denied its own existence, launched its own Web site to advertise for recruits. But that has not satisfied legislators, at least those pre-occupied with human rights. A cross-party parliamentary panel known as the Joint Committee on Human Rights took umbrage when Dame Eliza Manningham-Buller, the head of MI5, refused to be questioned about recent anti-terror legislation. Her reticence seemed to revive legislators? concerns about the quality of British espionage after intelligence reports used to justify the invasion of Iraq in 2003 proved wrong. Today, the committee published a report calling for greater oversight of both intelligence-gathering and the uses to which intelligence is put. ?There is an increasingly urgent need to devise new mechanisms of independent accountability and oversight of both the security and intelligence agencies and the government?s claims based on intelligence information,? the report said. From rforno at infowarrior.org Thu Aug 3 08:44:57 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 03 Aug 2006 08:44:57 -0400 Subject: [Infowarrior] - Apple makes Trusted Computing cool Message-ID: Apple makes Trusted Computing cool Published: 2006-08-02 http://www.securityfocus.com/brief/270?ref=rss LAS VEGAS--Apple Computer is doing far more to help the adoption of the controversial security technology known as Trusted Computing than other proponents, Mac security researcher Bruce Potter told attendees on Wednesday at the Black Hat Briefings. Through the coolness of the iPod and its iTunes Music Service, the company has already made another controversial technology--digital-rights management--widely accepted by the the company's consumers, Potter argued, pointing to the more than 1 billion songs sold by the company. "More than anything happening on the enterprise side, it's the coolness and the consumers that will get this accepted," said Potter, a member of the Shmoo Group, a collection of security professionals. Among other things, Apple uses the hardware component of Trusted Computing, known as the Trusted Platform Module (TPM), to verify that the company's PowerPC-to-Intel interpreter only works on authentic Apple hardware. While Apple does not ship a tool for checking a Mac's TPM, Potter and the Shmoo Group installed a Linux distribution and specialized tools to analyze the data created by the hardware. The Trusted Computing Platform uses encryption and specialized memory to secure a computer's data, allowing only the application that created a file to access that data and allowing hard drive data to be locked to a specific computer, for example. However, critics worry that, without adequate policy guidelines, the technology could be used by third parties to undermine consumers' rights to their own data. The U.S. Army recently required that all personal computer procured by servicemen use the latest version of the TPM. About 20 million computers, most of them laptops, shipped with the Trusted Platform Module in 2005, according to the Trusted Computing Group. Apple is expected to ship 10 million Macs, the majority of them Intel-based, in 2006. From rforno at infowarrior.org Thu Aug 3 15:33:29 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 03 Aug 2006 15:33:29 -0400 Subject: [Infowarrior] - Hackers Clone E-Passports Message-ID: Hackers Clone E-Passports http://www.wired.com/news/technology/1,71521-0.html By Kim Zetter| Also by this reporter 02:00 AM Aug, 03, 2006 LAS VEGAS -- A German computer security consultant has shown that he can clone the electronic passports that the United States and other countries are beginning to distribute this year. The controversial e-passports contain radio frequency ID, or RFID, chips that the U.S. State Department and others say will help thwart document forgery. But Lukas Grunwald, a security consultant with DN-Systems in Germany and an RFID expert, says the data in the chips is easy to copy. "The whole passport design is totally brain damaged," Grunwald says. "From my point of view all of these RFID passports are a huge waste of money. They're not increasing security at all." Grunwald plans to demonstrate the cloning technique Thursday at the Black Hat security conference in Las Vegas. The United States has led the charge for global e-passports because authorities say the chip, which is digitally signed by the issuing country, will help them distinguish between official documents and forged ones. The United States plans to begin issuing e-passports to U.S. citizens beginning in October. Germany has already started issuing the documents. Although countries have talked about encrypting data that's stored on passport chips, this would require that a complicated infrastructure be built first, so currently the data is not encrypted. "And of course if you can read the data, you can clone the data and put it in a new tag," Grunwald says. The cloning news is confirmation for many e-passport critics that RFID chips won't make the documents more secure. "Either this guy is incredible or this technology is unbelievably stupid," says Gus Hosein, a visiting fellow in information systems at the London School of Economics and Political Science and senior fellow at Privacy International, a U.K.-based group that opposes the use of RFID chips in passports. "I think it's a combination of the two," Hosein says. "Is this what the best and the brightest of the world could come up with? Or is this what happens when you do policy laundering and you get a bunch of bureaucrats making decisions about technologies they don't understand?" Grunwald says it took him only two weeks to figure out how to clone the passport chip. Most of that time he spent reading the standards for e-passports that are posted on a website for the International Civil Aviation Organization, a United Nations body that developed the standard. He tested the attack on a new European Union German passport, but the method would work on any country's e-passport, since all of them will be adhering to the same ICAO standard. In a demonstration for Wired News, Grunwald placed his passport on top of an official passport-inspection RFID reader used for border control. He obtained the reader by ordering it from the maker -- Walluf, Germany-based ACG Identification Technologies -- but says someone could easily make their own for about $200 just by adding an antenna to a standard RFID reader. He then launched a program that border patrol stations use to read the passports -- called Golden Reader Tool and made by secunet Security Networks -- and within four seconds, the data from the passport chip appeared on screen in the Golden Reader template. Grunwald then prepared a sample blank passport page embedded with an RFID tag by placing it on the reader -- which can also act as a writer -- and burning in the ICAO layout, so that the basic structure of the chip matched that of an official passport. As the final step, he used a program that he and a partner designed two years ago, called RFDump, to program the new chip with the copied information. The result was a blank document that looks, to electronic passport readers, like the original passport. Although he can clone the tag, Grunwald says it's not possible, as far as he can tell, to change data on the chip, such as the name or birth date, without being detected. That's because the passport uses cryptographic hashes to authenticate the data. When he was done, he went on to clone the same passport data onto an ordinary smartcard -- such as the kind used by corporations for access keys -- after formatting the card's chip to the ICAO standard. He then showed how he could trick a reader into reading the cloned chip instead of a passport chip by placing the smartcard inside the passport between the reader and the passport chip. Because the reader is designed to read only one chip at a time, it read the chip nearest to it -- in the smartcard -- rather than the one embedded in the passport. The demonstration means a terrorist whose name is on a watch list could carry a passport with his real name and photo printed on the pages, but with an RFID chip that contains different information cloned from someone else's passport. Any border-screening computers that rely on the electronic information -- instead of what's printed on the passport -- would wind up checking the wrong name. Grunwald acknowledges, however, that such a plot could be easily thwarted by a screener who physically examines the passport to make sure the name and picture printed on it match the data read from the chip. Machine-readable OCR text printed at the bottom of the passport would also fail to match the RFID data. Frank Moss, deputy assistant secretary of state for passport services at the State Department, says that designers of the e-passport have long known that the chips can be cloned and that other security safeguards in the passport design -- such as a digital photograph of the passport holder embedded in the data page -- would still prevent someone from using a forged or modified passport to gain entry into the United States and other countries. "What this person has done is neither unexpected nor really all that remarkable," Moss says. "(T)he chip is not in and of itself a silver bullet.... It's an additional means of verifying that the person who is carrying the passport is the person to whom that passport was issued by the relevant government." Moss also said that the United States has no plans to use fully automated inspection systems; therefore, a physical inspection of the passport against the data stored on the RFID chip would catch any discrepancies between the two. There are other countries, however, that are considering taking human inspectors out of the loop. Australia, for one, has talked about using automated passport inspection for selected groups of travelers, Moss says. In addition to the danger of counterfeiting, Grunwald says that the ability to tamper with e-passports opens up the possibility that someone could write corrupt data to the passport RFID tag that would crash an unprepared inspection system, or even introduce malicious code into the backend border-screening computers. This would work, however, only if the backend system suffers from the kind of built-in software vulnerabilities that have made other systems so receptive to viruses and Trojan-horse attacks. "I want to say to people that if you're using RFID passports, then please make it secure," Grunwald says. "This is in your own interest and it's also in my interest. If you think about cyberterrorists and nasty, black-hat type of guys, it's a high risk.... From my point of view, it should not be possible to clone the passport at all." Hosein agrees. "Is this going to be the massive flaw that makes the whole house of cards fall apart? Probably not. But I'm not entirely sure how confident we should feel about these new passports." Grunwald's technique requires a counterfeiter to have physical possession of the original passport for a time. A forger could not surreptitiously clone a passport in a traveler's pocket or purse because of a built-in privacy feature called Basic Access Control that requires officials to unlock a passport's RFID chip before reading it. The chip can only be unlocked with a unique key derived from the machine-readable data printed on the passport's page. To produce a clone, Grunwald has to program his copycat chip to answer to the key printed on the new passport. Alternatively, he can program the clone to dispense with Basic Access Control, which is an optional feature in the specification. Grunwald's isn't the only research on e-passport problems circulating at Black Hat. Kevin Mahaffey and John Hering of Flexilis released a video Wednesday demonstrating that a privacy feature slated for the new passports may not work as designed. As planned, U.S. e-passports will contain a web of metal fiber embedded in the front cover of the documents to shield them from unauthorized readers. Though Basic Access Control would keep the chip from yielding useful information to attackers, it would still announce its presence to anyone with the right equipment. The government added the shielding after privacy activists expressed worries that a terrorist could simply point a reader at a crowd and identify foreign travelers. In theory, with metal fibers in the front cover, nobody can sniff out the presence of an e-passport that's closed. But Mahaffey and Hering demonstrated in their video how even if a passport opens only half an inch -- such as it might if placed in a purse or backpack -- it can reveal itself to a reader at least two feet away. Using a mockup e-passport modeled on the U.S. design, they showed how an attacker could connect a hidden, improvised bomb to a reader such that it triggers an explosion when a passport-holder comes within range. In addition to cloning passport chips, Grunwald has been able to clone RFID ticket cards used by students at universities to buy cafeteria meals and add money to the balance on the cards. He and his partners were also able to crash RFID-enabled alarm systems designed to sound when an intruder breaks a window or door to gain entry. Such systems require workers to pass an RFID card over a reader to turn the system on and off. Grunwald found that by manipulating data on the RFID chip he could crash the system, opening the way for a thief to break into the building through a window or door. And they were able to clone and manipulate RFID tags used in hotel room key cards and corporate access cards and create a master key card to open every room in a hotel, office or other facility. He was able, for example, to clone Mifare, the most commonly used key-access system, designed by Philips Electronics. To create a master key he simply needed two or three key cards for different rooms to determine the structure of the cards. Of the 10 different types of RFID systems he examined that were being used in hotels, none used encryption. Many of the card systems that did use encryption failed to change the default key that manufacturers program into the access card system before shipping, or they used sample keys that the manufacturer includes in instructions sent with the cards. Grunwald and his partners created a dictionary database of all the sample keys they found in such literature (much of which they found accidentally published on purchasers' websites) to conduct what's known as a dictionary attack. When attacking a new access card system, their RFDump program would search the list until it found the key that unlocked a card's encryption. "I was really surprised we were able to open about 75 percent of all the cards we collected," he says. ? From rforno at infowarrior.org Thu Aug 3 15:43:35 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 03 Aug 2006 15:43:35 -0400 Subject: [Infowarrior] - Latest threat to music industry: CDs Message-ID: Report: La La a threat, but labels should hold tongue By Greg Sandoval http://news.com.com/Report+La+La+a+threat%2C+but+labels+should+hold+tongue/2 100-1027_3-6101595.html Story last modified Wed Aug 02 20:30:50 PDT 2006 An analyst report calls La La a savvy new music site for helping people swap CDs via the U.S. Postal Service. But, the report notes, the company is also a highly effective way to pirate music. La La allows music lovers to find used CDs on the company's Web site and then order them from their owners, other La La members. The discs are then mailed from one party to the other. What may alarm some music-label executives is that many CDs lack copy protections, and there's nothing to prevent songs from being converted to MP3 files and spread across the Web, according to a report issued by IDC analyst Susan Kevorkian. The same is true in the case of brick-and-mortar used-CD stores, but "those stores lack the potential scope of La La," Kevorkian said in her report. "This perceived threat will only grow as La La's community does." Calls to La La were not returned. After years of combating piracy, executives from music labels are likely to be wary of any service that promotes sharing, regardless of whether the music is on MP3 or pressed to a CD. People have swapped albums and CDs with friends for decades, but the difference now is that the Internet and PCs make it easy for a host of strangers to locate and trade with people who have similar musical tastes. At La La, those ordering a CD pay $1.75 ($1 goes to La La for brokering the swap, and 75 cents covers postage). Once users ship a CD, they're entitled to order one for themselves, and similar to Netflix, La La provides packing materials. La La's foundation is the company's search and recommendation engine, designed to connect members with similar interests in music, Kevorkian wrote. "La La seeks to re-create online the experience of shopping in a local music store," said the report, "where casual music-information sharing with other music buffs and knowledgeable salespeople drove sales for the retailer." During the dot-com boom days, several companies, including Swaprat and Swap.com attempted to launch bartering services but most didn't survive the Internet meltdown. When it comes to mitigating the illegal copying of music, La La is approaching the problem in a new way. First, the company is offering to pay artists 20 percent of the company's CD-trading revenue through the La La's Z Foundation. This means that La La will be among the first to cut artists in on profits from the sale of used CDs. And La La also sells new music, which could go a long way toward appeasing record companies. Finally, with all the illegal distribution of music on the Web, the threat La La poses is insignificant, Kevorkian said. Kevorkian warns record companies to expect some La La users to make unauthorized copies. But the smart play, she says, is to embrace the service. "The music industry would do better to develop La La as a distribution and marketing channel for new CDs and digital downloads," Kevorkian wrote. Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Thu Aug 3 21:31:25 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 03 Aug 2006 21:31:25 -0400 Subject: [Infowarrior] - Friday Fun Site Message-ID: Creates a MS Office "document" in your browser so you can surf the web and perhaps fool your boss that you're actually doing work. Kind of quirky, and doesn't render complex sites that well (I used Camino on OSX) but it's something geekishly-amusing to help end the week. :) http://www.workfriendly.net/ From rforno at infowarrior.org Thu Aug 3 22:17:14 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 03 Aug 2006 22:17:14 -0400 Subject: [Infowarrior] - USG Proposes Sweeping Exclusive Rights Regime for Internet In-Reply-To: <44D2A7D0.6DDC0D0D@RealMeasures.dyndns.org> Message-ID: http://www.cptech.org/blogs/wipocastingtreaty/ WIPO Casting Treaty Thursday, August 03, 2006 US government proposes sweeping new IPR rules for Internet by James Packard Love Here is the new US submission on the "webcasting" issue, which the US now wants to rename as "netcasting." The US does not offer a restrictive definition of what would be protected. It is broad. It offers a contradictary statement at the end. On the one hand, it claims they only want protection for signal piracy -- an approach that would not create a new intellectual property layer for transmitting information on the Internet. On the other hand, the US says: "the United States continues to believe that the protection for netcasting should be the same as that provided for traditional broadcasters and cablecasters." Anyone who actually knows anything about the negotiations on this topics knows that with 83 countries having already signed the Rome Convention (which the US never signed, and does not follow), and with the European Commission deeply dug in on this issue, any new treaty for traditional broadcasting is expected to expand upon the rights of the Rome convention. The US government will have to decided, which of these two positions will be more important? To protect "netcasting" the same as broadcasting (in Europe), or to only protect netcasting from piracy? It appears as if AT&T has pretty much steered the US government back into the backing of "parity" between traditional broadcasting and netcasting, which will be a disaster for the Internet, if this approach is successful. Completely ignored were any of our recommendations regarding the definitions of protected content. (http://www.cptech.org/blogs/ wipocastingtreaty/2006/07/definition-of-webcasting.html) Here is the US submission: SUBMISSION OF THE UNITED STATES OF AMERICA TO THE WIPO STANDING COMMITTEE ON COPYRIGHT AND RELATED RIGHTS The United States is pleased to make this submission of proposed definitions to cover broadcasting-like activities over computer networks, together with an Explanatory Memorandum. This is the third submission the United States has made to the Standing Committee on Copyright and Related Rights on the protection of the rights of broadcasting, cablecasting and webcasting organizations. In October 2002, the United States submitted its first proposal to this Committee (SCCR/8/7, October 21, 2002) which set forth the initial position of the United States on this issue. In June 2003, based on discussions within the prior Standing Committee meetings, the United States submitted a revised proposal (SCCR/9/4 Rev., May 1, 2003). Both of the proposals submitted by the United States have been widely discussed during subsequent meetings of the Standing Committee. During the Fourteenth Session of the Standing Committee in May 2006, the Chair requested new proposals on the issue of ?webcasting? to be submitted by August 1, 2006. Since the May Standing Committee meeting, in response to concerns and questions raised at prior meetings and after further consideration of the issues and discussions with interested parties, we have amended our proposal to clarify the meaning and scope of the protection for organizations which transmit signals over computer networks in the same manner as broadcasters and cablecasters. We hope these changes stimulate further discussion and facilitate achieving a broader agreement on the objectives to be attained. United States of America Submission to the World Intellectual Property Organization Standing Committee on Copyright and Related Rights August 1, 2006 (a) "netcasting" means the transmission by wire or wireless means over a computer network, such as through Internet protocol or any successor protocol, for simultaneous or near-simultaneous reception by members of the public, at a time determined solely by the netcasting organization, of sounds or of images or of images and sounds or of the representation thereof, (1) that are of a program or programs consisting of pre- recorded, scheduled audio, visual or audiovisual content of the type that can be carried by the program- carrying signal of a broadcast or cablecast; or (2) that are of an organized live event transmitted concurrently where the organizer of such event has granted permission to transmit the event; or (3) that are also being cablecast or broadcast at the same time. If encrypted, such transmissions shall be considered netcasting where the means for decrypting are provided to the public by the netcasting organization or with its consent. (b) "netcasting organization" means the legal entity that takes the initiative and has the responsibility for the assembly and scheduling of the content of netcasts. Agreed statement concerning these definitions: The scope of the definition of "netcasting" is intended to be limited to transmissions over computer networks carrying programs consisting of audio, visual or audio-visual content or representations thereof which are of the type that can be, but are not necessarily, carried by the program carrying signal of a broadcast or cablecast, and which are delivered to the public in a format similar to broadcasting or cablecasting. By its terms, "netcasting" does not include merely providing access to audio or video content that is not pre-recorded for purposes of transmission via broadcast, cablecast or netcast. Explanatory Note of Proposed Definitions In response to the request from the Chair of the 14th Session of the Standing Committee on Copyright and Related Rights, the United States submits these proposed definitions to clarify the scope of the protection for organizations which transmit signals over computer networks in the same manner as broadcasters and cablecasters. In proposing that the treaty cover "webcasting," the United States has never intended that protection be afforded to the ordinary use of the Internet or World Wide Web, such as through e-mail, blogs, websites and the like. We intended only to cover programming and signals which are like traditional broadcasting and cablecasting, i.e. simultaneous transmission of scheduled programming for reception by the public. The proposed definitions are intended to make that narrow scope more clear. The proposed definitions use a new term, "netcasting," to describe computer-based transmission of signals. This is intended to avoid confusion with the old term "webcasting," which unnecessarily implied that ordinary activity on the World Wide Web would be covered by the definition. The substance of the definition modifies the definition in the current draft proposal by drawing from the definition of broadcasting over the Internet as used in United Kingdom law protecting broadcasting organizations. With respect to the scope of protection and other provisions applicable to netcasting, the United States continues to believe that the protection for netcasting should be the same as that provided for traditional broadcasters and cablecasters, and that any such protection should be only what is necessary to protect against signal piracy. To that end, we look forward to discussion of the appropriate level of protection for netcasting with the benefit of the discussions from the next meeting of the Standing Committee that addresses traditional broadcasters. --------------------------------- James Love, CPTech / www.cptech.org / mailto:james.love at cptech.org / tel. +1.202.332.2670 / mobile +1.202.361.3040 "If everyone thinks the same: No one thinks." Bill Walton From rforno at infowarrior.org Fri Aug 4 08:17:04 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 04 Aug 2006 08:17:04 -0400 Subject: [Infowarrior] - Amazon patenting Basic Math and Logic? Absurd. Message-ID: Automatically identifying incongruous item packages Abstract A method, system, and computer-readable medium is described for automatically identifying incongruous item packages, such as to detect incongruities in the items that are included as contents of the item packages and/or to identify incongruities in the packaging used for the item packages. In some situations, the automatic identification of incongruous packages includes initially automatically learning appropriate values for parameters of items (e.g., item weights and/or dimensions) based on automatically measured parameters of packages including those items. Those item values can then be used to estimate corresponding parameter values of sealed packages that contain those items, and to further identify incongruous item packages whose measured parameter values do not correspond to the estimated values for those parameters. < - > http://patft.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PALL&p=1 &u=%2Fnetahtml%2FPTO%2Fsrchnum.htm&r=1&f=G&l=50&s1=7,085,677.PN.&OS=PN/7,085 ,677&RS=PN/7,085,677 From rforno at infowarrior.org Fri Aug 4 12:17:24 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 04 Aug 2006 12:17:24 -0400 Subject: [Infowarrior] - Senate ratifies COE Cybercrime Treaty Message-ID: Senate ratifies cybercrime treaty 1 hour, 6 minutes ago http://news.yahoo.com/s/ap/20060804/ap_on_go_co/congress_cybercrime&printer= 1;_ylt=Ao5RW1Z4B8nvjqfRR_JcfOaMwfIE;_ylu=X3oDMTA3MXN1bHE0BHNlYwN0bWE- The Senate has ratified a treaty under which the United States will join more than 40 other countries, mainly from Europe, in fighting crimes committed via the Internet. The Council of Europe's Convention on Cybercrime, ratified late Thursday, is the first international treaty seeking to address Internet crimes by harmonizing national laws, improving investigative techniques and increasing cooperation among nations. The convention had been signed by 38 European nations plus the United States, Canada, Japan and South Africa, as of the end of 2005. It was opened for signature in 2001. "While balancing civil liberty and privacy concerns, this treaty encourages the sharing of critical electronic evidence among foreign countries so that law enforcement can more effectively investigate and combat these crimes," said Senate Majority Leader Bill Frist, R-Tenn. The convention targets hackers, those spreading destructive computer viruses, those using the Internet for the sexual exploitation of children or the distribution of racist material and terrorists attempting to attack infrastructure facilities or financial institutions. "This treaty provides important tools in the battles against terrorism, attacks on computer networks, and the sexual exploitation of children over the Internet, by strengthening U.S. cooperation with foreign countries in obtaining electronic evidence," Attorney General Alberto Gonzales said. "The Convention is in full accord with all U.S. constitutional protections, such as free speech and other civil liberties, and will require no change to U.S. laws." Copyright ? 2006 The Associated Press. All rights reserved. The information contained in the AP News report may not be published, broadcast, rewritten or redistributed without the prior written authority of The Associated Press. Copyright ? 2006 Yahoo! Inc. All rights reserved. From rforno at infowarrior.org Fri Aug 4 19:11:53 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 04 Aug 2006 19:11:53 -0400 Subject: [Infowarrior] - Vista hacked at Black Hat Message-ID: Vista hacked at Black Hat By Joris Evers http://news.com.com/Vista+hacked+at+Black+Hat/2100-7349_3-6102458.html Story last modified Fri Aug 04 15:26:35 PDT 2006 LAS VEGAS--While Microsoft talked up Windows Vista security at Black Hat, a researcher in another room demonstrated how to hack the operating system. Joanna Rutkowska, a Polish researcher at Singapore-based Coseinc, showed that it is possible to bypass security measures in Vista that should prevent unsigned code from running. And in a second part of her talk, Rutkowska explained how it is possible to use virtualization technology to make malicious code undetectable, in the same way a rootkit does. She code-named this malicious software Blue Pill. "Microsoft is investigating solutions for the final release of Windows Vista to help protect against the attacks demonstrated," a representative for the software maker said. "In addition, we are working with our hardware partners to investigate ways to help prevent the virtualization attack used by the Blue Pill." At Black Hat, Microsoft gave out copies of an early Vista release for attendees to test. The software maker is still soliciting feedback on the successor to Windows XP, which is slated to be broadly available in January. Rutkowska's presentation filled a large ballroom at Caesars Palace to capacity, even though it was during the last time slot on the final day of the annual Black Hat security confab here. She used an early test version of Vista for her research work. As one of the security measures in Vista, Microsoft is adding a mechanism to block unsigned driver software to run on the 64-bit version of the operating system. However, Rutkowska found a way to bypass the shield and get her code to run. Malicious drivers could pose a serious threat because they run at a low level in the operating system, security experts have said. "The fact that this mechanism was bypassed does not mean that Vista is completely insecure. It's just not as secure as advertised," Rutkowska said. "It's very difficult to implement a 100 percent-efficient kernel protection." To stage the attack, however, Vista needs to be running in administrator mode, Rutkowska acknowledged. That means her attack would be foiled by Microsoft's User Account Control, a Vista feature that runs a PC with fewer user privileges. UAC is a key Microsoft effort to prevent malicious code from being able to do as much damage as on a PC running in administrator mode, a typical setting on Windows XP. "I just hit accept," Rutkowska replied to a question from the audience about how she bypassed UAC. Because of the many security pop-ups in Windows, many users will do the same without realizing what they are allowing, she said. Microsoft has touted Vista as its most secure version of Windows yet. It is the first operating system client to go through the company's Security Development Lifecycle, a process to vet code and stamp out flaws before a product ships. "Windows Vista has many layers of defense, including the firewall, running as a standard user, Internet Explorer Protected Mode, /NX support, and ASLR, which help prevent arbitrary code from running with administrative privileges," the Microsoft representative noted. After the presentation on bypassing the driver shield, Rutkowska presented a way to create the stealthy malicious software she code-named Blue Pill. The technique uses Pacifica, a Secure Virtual Machine, from chipmaker Advanced Micro Devices, to go undetected. Blue Pill could serve as a backdoor for attackers, Rutkowska said. While it was developed on Vista and AMD's technology, it should also work on other operating systems and hardware platforms. "Some people suggested that my work is sponsored by Intel, as I focused on AMD virtualization technology only," she said, adding that is untrue. From rforno at infowarrior.org Fri Aug 4 19:13:00 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 04 Aug 2006 19:13:00 -0400 Subject: [Infowarrior] - Music industry sues P2P firm LimeWire Message-ID: Music industry sues P2P firm LimeWire By Greg Sandoval http://news.com.com/Music+industry+sues+P2P+firm+LimeWire/2100-1025_3-610250 9.html Story last modified Fri Aug 04 15:53:36 PDT 2006 After months of issuing warnings, the music industry finally made good on its threat to file suit against peer-to-peer software company LimeWire. A group of music companies, including Sony BMG, Virgin Records and Warner Bros. Records, have accused LimeWire and the company's officers of copyright infringement, according to a federal lawsuit filed Friday in U.S. District Court in New York. LimeWire produces software that's often used to create copies of music recordings and then distribute them over the Web. The recording industry is asking for compensatory and punitive damages, such as $150,000 for every song distributed without permission. LimeWire is "devoted essentially to the Internet piracy of plaintiffs' sound recordings," the record companies charge in their suit. "The scope of infringement caused by defendants is staggering." The recording industry continues to pressure file-sharing companies that refuse to do one of two things: either adopt a business model that compensates record companies, or shut down. Last week, the makers of the Kazaa file-sharing system agreed to pay the record industry $115 million and use a filtering technology to prevent users from distributing files that infringe on copyrights. Other companies that have either gone out of business or altered their business models are Grokster, WinMx and BearShare. "Despite numerous efforts to engage LimeWire, the site's corporate owners have shown insufficient interest in developing a legal business model," the Recording Industry Association of America said in a statement. "While other services have come productively to the table, LimeWire has sat back and continued to reap profits on the backs of the music community. That is unfortunate and has left us no choice but to file a lawsuit to protect the rights and livelihoods of artists, songwriters and record label employees." LimeWire representatives could not be reached for comment. Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Sat Aug 5 00:35:04 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 05 Aug 2006 00:35:04 -0400 Subject: [Infowarrior] - From Black Hat: To disclose or not to disclose? Message-ID: >From Black Hat: To disclose or not to disclose? Ericka Chickowski 4 Aug 2006 14:59 http://www.scmagazine.com/uk/news/article/576032/from-black-hat-disclose-not -disclose/ Though there is still much dissension in the security world over what is the right way to disclose security vulnerability, a panel of researchers, vendors and end users all agreed at Black Hat yesterday that the disclosure environment has improved over the last several years. Some of the biggest points of contention were the perceived impact of paying for vulnerability research, whether or not it is in the interest of end users for vendors to disclose before developing fixes and how long a researcher should wait for a vendor to respond to a reported security hole before going public with the information. While these heady issues cont, it was generally agreed upon that major vendors have improved their response times during pre-disclosure talks with researchers and softening their adversarial view toward the research community. "The top 10 (vendors) pretty much have it figured out," said Paul Proctor of Gartner, who moderated the panel. "Microsoft is in the acceptance phase. Cisco is slowly moving out of the anger stage and into the acceptance stage. Oracle, on the other hand is just coming out of the denial stage and into the anger stage." Panelists attributed the improved relations between researchers and vendors as a result of an acknowledgment by both groups that they are each trying to help users even when philosophies may be at odds. They also said that groups such as U.S. Computer Emergency Readiness Team (US-CERT) have helped to act as a mediator between each camp when at a standstill regarding certain security flaws. This can be particularly beneficial when researchers begin to get frustrated with unresponsive vendors and just want to go public with information they've been sitting on for many months. "I think we've been helpful in applying pressure to keep (vendors) moving along," said Jerry Dixon, deputy director of operations for US-CERT. Of particular interest to audience members was the debate over whether a vendor should disclose a flaw to its customers before a patch is issued. Vendors with representatives on the panel such as Microsoft, Sun and Cisco typically view that kind of disclosure distastefully as they consider the risk of propagating information about the flaw to be higher for users than it would be if customer lacks the information to defend itself. But many audience members, and researchers on the panel advocated for the knowledge of such vulnerabilities as that can affect their decisions. "It depends on the context, but if they were to do that, it could help people with decision making," said Raven Alder, a security researcher on the panel. "For example, if I knew right now that there was an unpatched OS X vulnerability I probably wouldn't connect my computer to the network here at Black Hat." Of a show of hands approximately half of the security experts responsible for enterprise systems would prefer full disclosure to being kept out of the loop. "Everyone's business is different," one audience member said. "You just don't know our risks, so who are you to decide what is and isn't an important flaw to disclose." From rforno at infowarrior.org Sun Aug 6 00:11:43 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 06 Aug 2006 00:11:43 -0400 Subject: [Infowarrior] - U.S. Threatens Suit if Maine Probes Verizon Ties to NSA Message-ID: U.S. Threatens Suit if Maine Probes Verizon Ties to NSA by Kevin Wack http://www.commondreams.org/headlines06/0804-09.htm The Bush administration is threatening to sue if Maine regulators decide to investigate whether Verizon Communications illegally turned over customer information to the National Security Agency. Verizon customers in Maine have asked the state's Public Utilities Commission to investigate whether the telecom giant violated privacy laws by cooperating with a domestic surveillance program. The PUC is expected to decide Monday whether to open such a probe. In a July 28 letter to the PUC, the U.S. Department of Justice cites national security as a key reason for its opposition to a state investigation. The seven-page letter suggests a lawsuit is likely if Maine regulators decide to investigate. "We sincerely hope that, in light of governing law and the national security concerns implicated by the requests for information, you will decline to open an investigation and close these proceedings, thereby avoiding litigation over the matter," the letter reads. The Justice Department and Verizon both declined to comment on the letter Thursday. The Justice Department's stance drew criticism from Maine groups that favor an investigation. They believe that if state secrets are at risk, precautions can be taken to ensure they aren't revealed. "The federal Department of Justice is trying to kill the proceeding even before it begins, and I don't think that's proper," said Wayne Jortner, senior counsel in the Maine Public Advocate's Office, which represents citizens in cases involving public utilities. "Verizon may have broken the law, and the Department of Justice is overstepping its bounds in trying to intimidate the state PUC from investigating the potential violation," said Shenna Bellows, executive director of the Maine Civil Liberties Union. "And I do think it sets an extraordinarily dangerous precedent for the federal government to threaten to sue the state, (which is) merely doing its job." The Maine complaint, filed in May by 22 Verizon customers, is one of several similar cases around the country. The cases were sparked by news reports alleging that phone companies have cooperated with government surveillance efforts by providing the domestic phone call records of millions of Americans. In Vermont, where state officials are considering whether to open an investigation of Verizon and AT&T, the Justice Department has come down against the idea. The department has filed lawsuits to prevent the disclosure of information in New Jersey and Missouri. In Maine, the PUC meets Monday in Augusta to decide whether to investigate Verizon. The phone company has asked that the customer complaint be dismissed, saying that it can't confirm or deny any involvement in the NSA's domestic surveillance program. The Bush administration is making a similar argument. It hopes to convince the commission that a probe would be fruitless because investigators could not get the information they would need from Verizon. "Any document request," Assistant Attorney General Peter Keisler wrote in the letter, ". . . would place Verizon in a position of having to confirm or deny the existence of information that cannot be confirmed or denied without harming national security." But privacy advocates in Maine dispute that conclusion. "I just hope that they give us a chance to make our case with unclassified data," said James Cowie of Portland, the complaint's lead plaintiff. Others questioned the Justice Department's assertion that even a denial of involvement would compromise national security, especially when the NSA program's existence has already been publicly acknowledged. "It's not hard to imagine that there are ways to prosecute the case without disclosing information," Jortner said. Phil Lindley, spokesman for the PUC, declined to comment on the arguments raised by the Justice Department because they involve a pending case. The three-member PUC currently has a vacancy, so Monday's deliberations will be limited to Chairman Kurt Adams and Commissioner Sharon Reishus. Copyright ? 2006 Blethen Maine Newspapers Inc. From rforno at infowarrior.org Sun Aug 6 01:23:15 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 06 Aug 2006 01:23:15 -0400 Subject: [Infowarrior] - FW: NASA loses videotapes of moon landing In-Reply-To: Message-ID: From: D There must be some sort of black (bleak?) irony in an Australian newspaper reporting this straight from Maryland, but I guess the moon landing belongs to the whole world. Richard Macey August 5, 2006 THE heart-stopping moments when Neil Armstrong took his first tentative steps onto another world are defining images of the 20th century: grainy, fuzzy, unforgettable. But just 37 years after Apollo 11, it is feared the magnetic tapes that recorded the first moon walk - beamed to the world via three tracking stations, including Parkes's famous "Dish" - have gone missing at NASA's Goddard Space Centre in Maryland. A desperate search has begun amid concerns the tapes will disintegrate to dust before they can be found. It is not widely known that the Apollo 11 television broadcast from the moon was a high-quality transmission, far sharper than the blurry version relayed instantly to the world on that July day in 1969. Among those battling to unscramble the mystery is John Sarkissian, a CSIRO scientist stationed at Parkes for a decade. "We are working on the assumption they still exist," Mr Sarkissian told the Herald. "Your guess is a good as mine as to where they are." Mr Sarkissian began researching the role of Parkes in Apollo 11's mission in 1997, before the movie The Dish was made. However, when he later contacted NASA colleagues to ask about the tapes, they could not be found. "People may have thought 'we have tapes of the moon walk, we don't need these'," said the scientist who hopes a new, intensive hunt will locate them. If they can be found, he proposes making digitalised copies to treat the world to a very different view of history. But the searchers may be running out of time. The only known equipment on which the original analogue tapes can be decoded is at a Goddard centre set to close in October, raising fears that even if they are found before they deteriorate, copying them may be impossible. "We want the public to see it the way the moon walk was meant to be seen," Mr Sarkissian said. "There will only ever be one first moon walk." Originally stored at Goddard, the tapes were moved in 1970 to the US National Archives. No one knows why, but in 1984 about 700 boxes of space flight tapes there were returned to Goddard. "We have the documents to say they were withdrawn, but no one knows exactly where they went," Mr Sarkissian said. Many people involved had retired or died. Also among tapes feared missing are the original recordings of the other five Apollo moon landings. The format used by the original pictures beamed from the moon was not compatible with commercial technology used by television networks. So the images received at Parkes, and at tracking stations near Canberra and in California, were played on screens mounted in front of conventional television cameras. "The quality of what you saw on TV at home was substantially degraded" in the process, Mr Sarkissian said, creating the ghostly images of Armstrong and Aldrin that strained the eyes of hundreds of millions of people watching around the world. Even Polaroid photographs of the screen that showed the original images received by Parkes are significantly sharper than what the public saw. While the technique looks primitive today, Mr Sarkissian said it was the best solution that 1969 technology offered. Among the few who saw the original high-quality broadcast was David Cooke, a Parkes control room engineer in 1969. "I can still see the screen," Mr Cook, 74, said. "I was amazed, the quality was fairly good." From rforno at infowarrior.org Mon Aug 7 09:49:40 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 07 Aug 2006 09:49:40 -0400 Subject: [Infowarrior] - AOL Releases Search Logs from 500,000 Users Message-ID: (it's floating around on torrent and other mirrors, I've seen, too....rf) AOL Releases Search Logs from 500,000 Users http://www.ugcs.caltech.edu/~dangelo/aol-search-query-logs/ Update 2: The md5 of the file AOL posted (and now removed) is 31cd27ce12c3a3f2df62a38050ce4c0a. I'm posting it so you can make sure you have a valid copy, but so far none of the copies I've seen are fake. Update: Seems like AOL took it down. There are some mirrors of the data in the comments of the digg story, linked below. I estimate about 1000 people have the file, so it's definitely going to be circulated around. The main AOL research page is still up, with some other data collections. The google cache of the download page is still up, but you can't get the data. Here's discussion at other sites: * siliconbeat * techcrunch * digg * reddit * zoli's blog AOL just released the logs of all searches done by 500,000 of their users over the course of three months earlier this year. That means that if you happened to be randomly chosen as one of these users, everything you searched for from March to May (2006) is now public information on the internet. This was not a leak - it was intentional. In their desperation to gain recognition from the research community, AOL decided they would compromise their integrity to provide a data set that might become often-cited in research papers: "Please reference the following publication when using this collection..." is the message before the download. This is a blatant violation of users' privacy. The data is "anonymized", which to AOL means that each screenname was replaced with a unique number. "It is still a research question how much information needs to be anonymized to protect users," says Abdur from AOL. Here are some examples of what you can find in the data: User 491577 searches for "florida cna pca lakeland tampa", "emt school training florida", "low calorie meals", "infant seat", and "fisher price roller blades". Among user 39509's hundreds of searches are: "ford 352", "oklahoma disciplined pastors", "oklahoma disciplined doctors", "home loans", and some other personally identifying and illegal stuff I'm going to leave out of here. Among user 545605's searches are "shore hills park mays landing nj", "frank william sindoni md", "ceramic ashtrays", "transfer money to china", and "capital gains on sale of house". Compared to some of the data, these examples are on the safe side. I'm leaving out the worst of it - searches for names of specific people, addresses, telephone numbers, illegal drugs, and more. There is no question that law enforcement, employers, or friends could figure out who some of these people are. I hope others can find more examples in the data, which is up for download over here. The data set is very large when uncompressed which makes it pretty hard to work with, but someone should set up a web interface so people can browse it (or even 10% of it) without having to download the 400mb file. If you make a mirror or better interface to the data, or find other examples, let me know and I'll put a link up here. This is the same data that the DOJ wanted from Google back in March. This ruling allowed Google to keep all query logs secret. Now any government can just go download the data from AOL. It's unclear if this is the type of data AOL released to the government back when Google refused to comply. If nothing else, this should be a good example of why search history needs strong privacy protection. Thanks to Greg Linden for pointing this out here. From rforno at infowarrior.org Mon Aug 7 10:03:58 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 07 Aug 2006 10:03:58 -0400 Subject: [Infowarrior] - Happy 15th Birthday, WWW! Message-ID: Tim Berners-Lee introduces the WWW to the Internet Community via the usenet post from back in 1991. Wonder how many URLs would fit on the birthday cake? :) -rf (Source URL: http://groups.google.com/group/alt.hypertext/browse_thread/thread/7824e490ea 164c06/8b8cee98522d8ecb?lnk=gst&q=worldwideweb+summary&rnum=2#8b8cee98522d8e cb) From: Tim Berners-Lee Date: Tues, Aug 6 1991 12:00 pm Email: timbl at info .cern.ch (Tim Berners-Lee) Groups: alt.hypertext In article <6... at cernvax.cern.ch> I promised to post a short summary of the WorldWideWeb project. Mail me with any queries. WorldWideWeb - Executive Summary The WWW project merges the techniques of information retrieval and hypertext to make an easy but powerful global information system. The project started with the philosophy that much academic information should be freely available to anyone. It aims to allow information sharing within internationally dispersed teams, and the dissemination of information by support groups. Reader view The WWW world consists of documents, and links. Indexes are special documents which, rather than being read, may be searched. The result of such a search is another ("virtual") document containing links to the documents found. A simple protocol ("HTTP") is used to allow a browser program to request a keyword search by a remote information server. The web contains documents in many formats. Those documents which are hypertext, (real or virtual) contain links to other documents, or places within documents. All documents, whether real, virtual or indexes, look similar to the reader and are contained within the same addressing scheme. To follow a link, a reader clicks with a mouse (or types in a number if he or she has no mouse). To search and index, a reader gives keywords (or other search criteria). These are the only operations necessary to access the entire world of data. Information provider view The WWW browsers can access many existing data systems via existing protocols (FTP, NNTP) or via HTTP and a gateway. In this way, the critical mass of data is quickly exceeded, and the increasing use of the system by readers and information suppliers encourage each other. Making a web is as simple as writing a few SGML files which point to your existing data. Making it public involves running the FTP or HTTP daemon, and making at least one link into your web from another. In fact, any file available by anonymous FTP can be immediately linked into a web. The very small start-up effort is designed to allow small contributions. At the other end of the scale, large information providers may provide an HTTP server with full text or keyword indexing. The WWW model gets over the frustrating incompatibilities of data format between suppliers and reader by allowing negotiation of format between a smart browser and a smart server. This should provide a basis for extension into multimedia, and allow those who share application standards to make full use of them across the web. This summary does not describe the many exciting possibilities opened up by the WWW project, such as efficient document caching. the reduction of redundant out-of-date copies, and the use of knowledge daemons. There is more information in the online project documentation, including some background on hypertext and many technical notes. Try it A prototype (very alpha test) simple line mode browser is currently available in source form from node info.cern.ch [currently 128.141.201.74] as /pub/WWW/WWWLineMode_0.9.tar.Z. Also available is a hypertext editor for the NeXT using the NeXTStep graphical user interface, and a skeleton server daemon. Documentation is readable using www (Plain text of the instalation instructions is included in the tar file!). Document http://info.cern.ch/hypertext/WWW/TheProject.html is as good a place to start as any. Note these coordinates may change with later releases. _________________________________________________________________ Tim Berners-Lee Tel: +41(22)767 3755 WorldWideWeb project Fax: +41(22)767 7155 C.E.R.N. email: t... at cernvax.cern.ch 1211 Geneva 23 Switzerland From rforno at infowarrior.org Mon Aug 7 13:22:14 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 07 Aug 2006 13:22:14 -0400 Subject: [Infowarrior] - AOL apologizes for release of user search data Message-ID: OL apologizes for release of user search data By Dawn Kawamoto http://news.com.com/AOL+apologizes+for+release+of+user+search+data/2100-1030 _3-6102793.html AOL apologized on Monday for releasing search-log data on subscribers that had been intended for use with AOL's newly launched research site. The randomly selected data, which focused on 658,000 subscribers and posted 10 days ago, was among the tools intended for use on the recently launched AOL Research site, according to published reports on various blog sites. But the Internet giant has since removed the search logs from public view. "This was a screw up, and we're angry and upset about it. It was an innocent enough attempt to reach out to the academic community with new research tools, but it was obviously not appropriately vetted, and if it had been, it would have been stopped in an instant," AOL, a unit of Time Warner, said in a statement. "Although there was no personally-identifiable data linked to these accounts, we're absolutely not defending this. It was a mistake, and we apologize. We've launched an internal investigation into what happened, and we are taking steps to ensure that this type of thing never happens again." Although AOL had used identification numbers rather than names or user IDs when listing the search logs, that did not quell concerns of privacy advocates, who said that anyone among the 658,000 could easily be identified based on the searches each individual conducted. "It's reasonably easy for people to see what their neighbors are searching for, since most people usually google themselves," said Rebecca Jeschke, a spokeswoman for the Electronic Frontier Foundation. The release of the search logs runs counter to a court ruling in March, when a federal judge rejected efforts by the Department of Justice to gain access to Google users' search logs. The court, however, determined the Justice Dept. could have limited access to Google's index of Web sites. Google was the only search engine to fight the Justice Dept., with Yahoo, MSN and AOL turning over their users' search data. "All search engines collect this kind of user data and it's valuable to marketers, insurance companies, people involved in divorce and custody battles," Jeschke said. "If this information is available, there is a lot of temptation to release it." The search-log data, culled from March to May, represents approximately 1.5 percent of AOL's search network in May. The data applied to only U.S. searches by AOL subcribers using the company's client software. Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Mon Aug 7 13:43:07 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 07 Aug 2006 13:43:07 -0400 Subject: [Infowarrior] - Data mining and terrorism Message-ID: IT Versus Terror Preventing a terror attack is invaluable. But even invaluable IT projects need realistic business case analysis to succeed. < - > http://www.cio.com/archive/080106/antiterror.html From rforno at infowarrior.org Mon Aug 7 16:38:31 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 07 Aug 2006 16:38:31 -0400 Subject: [Infowarrior] - Good paper...A False Sense of Insecurity? Message-ID: (c/o Boingboing) In this mind-blowing, exhaustively researched Cato institute paper by Ohio State University's John Mueller, the case against being afraid of terrorism is laid out in irrefutable logic, backed with credible, documented statistics about terrorism's risks. From the number of fatalities produced by terrorism to the trends in terrorism death to the fact that almost no one has ever died from a military biological agent to the fact that poison gas and dirty bombs in the field do only minor damage -- this paper is the most reassuring and infuriating piece of analysis I've read since September 11th, 2001. The bottom line is, terrorism doesn't kill many people. Even in Israel, you're four times more likely to die in a car wreck than as a result of a terrorist attack. In the USA, you need to be more worried about lightning strikes than terrorism. The point of terrorism is to create terror, and by cynically convincing us that our very countries are at risk from terrorism, our politicians have delivered utter victory to the terrorists: we are terrified.... < - > http://www.cato.org/pubs/regulation/regv27n3/v27n3-5.pdf < - > Much of the current alarm is generated from the knowledge that many of today's terrorists simply want to kill, and kill more or less randomly, for revenge or as an act of what they take to be The shock and tragedy of September 11 does demand a focused and dedicated program to confront international terrorism and to attempt to prevent a repeat. But it seems sensible to suggest that part of this reaction should include an effort by politicians, officials, and the media to inform the public reasonably and realistically about the terrorist context instead of playing into the hands of terrorists by frightening the public. What is needed, as one statistician suggests, is some sort of convincing, coherent, informed, and nuanced answer to a central question: "How worried should I be?" Instead, the message the nation has received so far is, as a Homeland Security official put (or caricatured) it, "Be scared; be very, very scared -- but go on with your lives." Such messages have led many people to develop what Leif Wenar of the University of Sheffield has aptly labeled "a false sense of insecurity." From rforno at infowarrior.org Tue Aug 8 09:24:24 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 08 Aug 2006 09:24:24 -0400 Subject: [Infowarrior] - US has 30 billion surveillance cams on 'terror' watch Message-ID: Video cameras on the lookout for terrorists Monday, August 7, 2006; Posted: 2:52 p.m. EDT (18:52 GMT) http://www.cnn.com/2006/TECH/08/07/terrorism.technology.ap/index.html NISKAYUNA, New York (AP) -- It sounds like something out of science fiction. Researchers at General Electric Co.'s sprawling research center, are creating new "smart video surveillance" systems that can detect explosives by recognizing the electromagnetic waves given off by objects, even under clothing. Scientist Peter Tu and his team are also developing programs that can recognize faces, pinpoint distress in a crowd by honing in on erratic body movements and synthesize the views of several cameras into one bird's eye view, as part of a growing effort to thwart terrorism. "We're definitely on the cutting edge," said Tu, 39. "If you want to reduce risk, video is the way to do it. The threat is always evolving, so our video is always evolving." Scientists at the GE complex, a landscaped, gated campus of laboratories and offices spread out over 525 acres and home to 1,900 scientists and staff, and others in the industry hope to use various technologies to reduce false alarms, cut manpower used on mundane tasks and give first-responders better tools to assess threats. The country's growing security needs also provide an opportunity to boost business. The United States and its allies now face a new "Iraq generation" of terrorists who have learned how to make explosive devices, assassinate leaders and carry out other mayhem since the U.S. invasion of the country more than three years ago, said Roger Cressey, a former counterterrorism official in the Bush Administration who now runs his own consulting business in Arlington, Virginia. "These people are far more adept and capable in many respects than al-Qaeda before 9-11," he said. "They don't appear in any no-fly list or terrorism data base." Since 2002, GE has spent $4 billion buying smaller businesses to take a bigger share of the $160 billion global security industry, a market that includes everything from building security to narcotics detection. The company expects $2 billion in revenue from its security businesses this year. That should rise to $2.8 billion in 2009, said Louis Parker, chief executive of GE's security unit. Philadelphia-based Acoustech Corp. and Providence-Based FarSounder Inc. received Homeland Security grants to develop systems that can detect underwater threats such as divers with explosives. "Ever since the Department of Homeland Security was put into place, our business has gone up," said James McConnell of Acoustech. The three-person company takes in $500,000 in revenue a year. Systems currently run about $1 million from other vendors so the companies are trying to make systems that would be more affordable for port authorities and other waterfront facilities around the country such as power plants and oil refineries. "We've had a lot of customers calling and asking for a solution to the problem," said FarSounder founder Matthew Zimmerman. Such cost-saving measures could benefit New York City, which in June, had its share of federal anti-terrorism grants from the Department of Homeland Security cut by 40 percent to $124.5 million. Cressey said the country has to find the best ways to protect itself and that includes investing in new technologies for things like ports, airports and mass transit systems. The U.S. government is spending $1.1 billion this year to fund anti-terrorism technology research and has spent about $3 billion over the past three years, said Christopher Kelly, a DHS spokesman. At General Electric, researchers are working on software that allows cameras to separately track people and the items they are carrying to help detect when suspicious packages are left in airports, stadiums and other public places. One such system is already being tested using video from London's Victoria train station, part of the transit system hit by suicide bombers in July 2005 in which 52 people were killed and another 740 wounded. Cressey said there are about 30 million video surveillance cameras in the United States shooting about four billion hours of footage every week. Relying more on computers to go through that footage would allow manpower to be better used elsewhere and perhaps lead to faster recognition of possible threats. Among numerous other projects, GE is working on baggage scanners that use advanced X-ray and CT technologies to detect traces of explosives faster and with greater accuracy and shoe scanners that use quadrupole resonance, similar to magnetic resonance imaging, to improve screening of passengers' shoes while they are still on their feet. Still, many officials warn that technology cannot replace humans entirely. "You can't get too reliant on these things," said state Sen. Michael Balboni, a Long Island Republican and chairman of the Senate's committee that oversees homeland security issues. "If someone finds a way to bypass them, they can use the technology against us. You have to expect that enemies will find ways to get around it." Copyright 2006 The Associated Press. All rights reserved.This material may not be published, broadcast, rewritten, or redistributed. From rforno at infowarrior.org Tue Aug 8 09:24:51 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 08 Aug 2006 09:24:51 -0400 Subject: [Infowarrior] - AOL Takes Down Site With Users' Search Data Message-ID: AOL Takes Down Site With Users' Search Data Personal Details Posted in 'Screw-Up' By Ellen Nakashima http://www.washingtonpost.com/wp-dyn/content/article/2006/08/07/AR2006080701 150_pf.html Washington Post Staff Writer Tuesday, August 8, 2006; D01 AOL issued an apology yesterday for posting on a public Web site 20 million keyword searches conducted by hundreds of thousands of its subscribers from March to May. But the company's admission that it made a mistake did little to quell a barrage of criticism from bloggers and privacy advocates who questioned the company's security practices and said the data breach raised the risk of identity theft. "This was a screw-up and we're angry and upset about it," the company said in a statement. "Although there was no personally-identifiable data linked to these accounts, we're absolutely not defending this. It was a mistake, and we apologize." The posted data were similar to what the U.S. Justice Department had been seeking when it subpoenaed Internet companies, including AOL, last year. AOL complied and handed over search terms that were not linked to individuals. Google Inc. fought the subpoena in court and won. The AOL data was posted at the end of last month on a special AOL Web site designed by the company so researchers could learn more about how people look for information on the Internet. The company removed the data over the weekend when bloggers discovered it. The Washington Post did not review the full 439-megabyte data set but contacted bloggers who had looked at it. For the posted data, each person using AOL's search engine was assigned a unique number to maintain anonymity, the company said. But some privacy experts said scrutinizing a user's searches could reveal information to help deduce the person's identity. Michael Arrington, editor of the blog TechCrunch, said some of the data contained credit card numbers, Social Security numbers, addresses and names. "People put anything they can think of into the search boxes," he said. Based on his analysis so far, out of 20 million queries, the number that contained sensitive personal financial information such as credit card and Social Security numbers is probably "in the hundreds," he said. "Most people aren't stupid enough to type their Social Security numbers in a search engine, but it's definitely enough to make AOL look stupid," he said. Some bloggers said some of the information available included queries on how to kill one's spouse and child pornography. Experts said people search for all sorts of personal data -- including their own names -- with the assumption that it will remain private. "I search on myself," said David H. Holtzman, president of GlobalPOV, a blog and consulting firm on privacy and security and author of the forthcoming book "Privacy Lost." "Now you think you have a disease or you have some emotional issue -- I'm a single parent and I'm always looking for things. All of a sudden there's a correlation between my name and something very private that I don't expect to have dumped all over the Internet." Kevin Bankston, an attorney with the San Francisco-based Electronic Frontier Foundation, said AOL's apology was appreciated but the damage had already been done. "The horse is out of the barn," he said. "The data's out there and been copied. This incident highlights the dangers of these companies storing so much intimate data about their users." The mishap was rooted in an effort by AOL to design a Web site aimed at helping researchers do their jobs more effectively by including AOL open-source data tools, company spokesman Andrew Weinstein said. A technician posted the data to the site without running them past an in-house privacy department, not realizing the implications, Weinstein said. An internal investigation is underway to determine what happened and how to prevent future occurrences, he said. However, Weinstein also noted that identifying an individual by search terms alone is difficult because someone could have typed in a friend's name or address instead of his own. The AOL search network had 42.7 million unique visitors in May, so the total data set covered 1.5 percent of search users that month. The 20 million search records represent about one-third of 1 percent of the total searches conducted on the AOL network in that period, the company said. The data were gleaned from searches conducted by people with AOL user accounts in the United States. ? 2006 The Washington Post Company From rforno at infowarrior.org Tue Aug 8 09:27:54 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 08 Aug 2006 09:27:54 -0400 Subject: [Infowarrior] - Consumer Reports: Viruses, Spyware Cost Users $7.8 Billion Message-ID: Viruses, Spyware Cost Users $7.8 Billion Losses From Phishing Scams Up Fivefold Since the Previous Survey By Kim Hart Washington Post Staff Writer Tuesday, August 8, 2006; Page D05 http://www.washingtonpost.com/wp-dyn/content/article/2006/08/07/AR2006080701 202.html Consumers paid as much $7.8 billion over two years to repair or replace computers that got infected with viruses and spyware, a Consumer Reports survey found. That figure was down from a similar survey a year ago. Still, it suggests that people are paying large sums to cope with the flood of malicious viruses and other programs that can slow computers or render them inoperable. "There is a very high national cost to this," said Jeff Fox, technology editor of the consumer magazine. "People think they're invincible, even when this kind of money is involved." In a nationwide survey, the magazine found that unwanted commercial e-mail, known as spam, is the biggest computer-security problem. But viruses are the most expensive, with people paying $5.2 billion in 2004 and 2005 to repair or replace afflicted machines, the survey found. Infections of spyware, a type of software that can track computer users' habits or collect sensitive information about them, declined slightly in the past six months, the survey found. But such infections caused almost 1 million U.S. households to replace their computers, the survey found. Losses from phishing scams, which are fake e-mails and Web pages that request sensitive data such as bank-account passwords, increased five-fold from the previous survey, with people telling the magazine that such scams cost them $630 million in 2004 and 2005. That's an average loss of $850 per incident. "Phishing scams are worse than they've ever been," Fox said. "The bad guys are getting very sophisticated." Some experts caution, however, that surveys in which people are asked about financial losses can produce overestimates. "The numbers could possibly be inflated by the way the questions are phrased, especially in an area in which most people aren't very articulate," said Robert Lichter, who runs a statistical center at George Mason University. "The people surveyed may have a very vague sense of what these things are." Other organizations that monitor Internet fraud complaints also point to growth in cybercrime. Internet-related complaints made up nearly half of all fraud complaints received by the Federal Trade Commission in 2005, with people claiming losses of $335 million. And financial losses reported to the Internet Crime Complaint Center, a joint effort of the FBI and the National White Collar Crime Center, tripled in 2005, to $183 million, compared with the previous year. "It's hard to tell who's losing the money -- the insurance company, the credit card company or the consumer -- but it's coming out of someone's pockets," said Dan Hubbard, vice president of security and research for Websense Inc. While attacks used to be mostly nuisances, they have become more threatening, said Dave Cole, director of security response at Symantec Corp., a leading computer security company. Many of today's spam and phishing attacks target consumers' personal information with the intention of stealing money or in some cases, identities. "There's a level of invasiveness a lot of people wouldn't expect," he said. The Consumer Reports survey of 2,000 households found that 20 percent of respondents didn't have antivirus software and that 35 percent didn't use spyware-blocking software. As the Internet gains more users, it's important to educate them on the security risks, Cole said. The survey results are to be published in the September issue of Consumer Reports. From rforno at infowarrior.org Tue Aug 8 10:21:24 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 08 Aug 2006 10:21:24 -0400 Subject: [Infowarrior] - New Article: Why Internet Security Continues to Fail Message-ID: Why Internet Security Continues to Fail Richard Forno (c) 2006. (Original: 2006-08-07) http://www.infowarrior.org/articles/2006-01.html In his public farewell to the Internet security community three years ago this month, famed security researcher Rain Forest Puppy (RFP) opined that the Internet security community was allowing commercialism to trump common sense security thinking ? a situation that he believed led to the growing Internet insecurity problem. Indeed, free-market financial interests and an unhealthy complacency from vendors and customers alike continue to overpower sound security logic and practices to establish a technology landscape nearly impossible to protect. While perhaps the security situation is deemed acceptable or ?good enough? given that endeavors to improve it remain an apparent exercise in futility, the argument can be made that its causes are cultural rather than technical in nature -- and subsequently marginalized or overlooked as a result. < - > These issues demonstrate briefly that the major obstacle to significant progress toward sound information security is not technical, but cultural. Assuming that the current state of insecurity is not acceptable and that serious improvements actually are demanded by customers, changes far beyond technology innovations must occur if any truly effective security benefits can be realized. However, technology is only part of the total security solution: if the self-serving business drivers of the information technology industry are not overcome and customer-side management cultures continue facilitating this ongoing exercise in security futility by rejecting a holistic commitment to real risk management, information protection products, policies, and practices that yield tangible benefits aligned toward these noble goals never can be achieved. http://www.infowarrior.org/articles/2006-01.html From rforno at infowarrior.org Tue Aug 8 10:31:04 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 08 Aug 2006 10:31:04 -0400 Subject: [Infowarrior] - TSA follow-on response to Secure Flight hearing Message-ID: Transportation Security Administration?s Office of Intelligence: Responses to Posthearing Questions Regarding Secure Flight http://www.gao.gov/new.items/d061051r.pdf From rforno at infowarrior.org Tue Aug 8 19:57:15 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 08 Aug 2006 19:57:15 -0400 Subject: [Infowarrior] - Your data or your life Message-ID: Your data or your life By Kirk Strauser Online on: 08/08/2006 http://www.freesoftwaremagazine.com/node/1709 Your daughter has just been in a car crash. She falls unconscious on her way to the hospital, but not before she is able to tell the paramedics the name of her doctor. This is vitally important because the emergency room won?t know that she?s an insulin-dependent diabetic with a penicillin allergy, but her doctor will be able to give them her relevant medical history. Or, at least he would be if he?d renewed the tech support contract on his medical records software. He didn?t, though, and now his information?and your daughter?s?is locked away in a proprietary database he can?t access. As unlikely and alarmist as this sounds, it could really happen. Intracare is the publisher of a popular practice management system called Dr. Notes. When some doctors balked at a drastic increase in their annual software lease, they were cut off from accessing their own patients? information. This situation is completely unconscionable. There can be no truly open doctor-patient relationship when an unrelated third party is the de facto owner of and gatekeeper to all related data. In the short term, cases like the example above are all too possible, and simply unacceptable in every way. With today?s large practices built around large numbers of patients, many using multiple prescription medicines, these practice management systems are absolutely critical and can?t be permitted to be held ransom. Additionally, doctors in the United States are saddled with a giant bureaucratic tangle known as HIPAA. Even if a doctor and her software vendor are working happily together, the government may take a dim view of an outside party controlling access to patient records. In the long term, patients could lose their own medical history as doctors migrate from one proprietary system to another by simply starting over rather than paying thousands of dollars for expensive data format conversion. Even if you have an excellent personal relationship with your doctor, a relocation or changes to your insurance could make you need a copy of your records to give to a new doctor?s office. Your old physician may know to monitor that funny looking spot on your shoulder, but might not have entered it into the new system he put in place since your last visit. Finally, practice management software can be extremely expensive. Doctors have to pass these expenses along to their patients, increasing treatment costs for all involved. Fortunately, the situation isn?t entirely bleak. New online communities are developing to build and market free software solutions. LinuxMedNews is a regularly updated online forum for discussing industry news. GPLMedicine is a similar site maintained by Fred Trotter, project manager for the Free software ClearHealth management system. A project by Canada?s McMaster University, OSCAR, became the first IT system certified by OntarioMD. Although these don?t have the name recognition among the medical community of commercial ventures such as Dr. Notes, they?re available for testing and implementation?free of charge and usage restrictions?today. If you are a doctor or other healthcare provider, you owe it to yourself and your patients to take a look at these forums and applications. At the worst, you?ll find them uninteresting and unuseful. However, you could also find ways to protect your patients? and your own best interests?all while saving money. If you are a patient, print a copy of this blog and hand it to your doctor next time you see her. She may not be aware that there are viable alternatives to the expensive, restrictive systems she?s been leasing. If she?s not interested, you?ve lost nothing. If she finds something useful, though, then you may have done a real service to yourself, your doctor, and your fellow patients. Copyright information This blog entry is (C) Copyright, Kirk Strauser, 2004-2006. Unless a different license is specified in the entry's body, the following license applies: "Verbatim copying and distribution of this entire article is permitted in any medium without royalty provided this notice is preserved and appropriate attribution information (author, original site, original URL) is included". From rforno at infowarrior.org Tue Aug 8 20:00:48 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 08 Aug 2006 20:00:48 -0400 Subject: [Infowarrior] - The Black Hat Wi-Fi exploit coverup? Message-ID: The Black Hat Wi-Fi exploit coverup Tuesday August 08, 2006 (05:00 PM GMT) By: Joe Barr http://software.newsforge.com/article.pl?sid=06/08/08/1351256&from=rss Commentary -- You've probably heard of full disclosure, the security philosophy that calls for making public all details of vulnerabilities. It has been the subject of debates among researchers, vendors, and security firms. But the story that grabbed most of the headlines at the Black Hat Briefings in Las Vegas last week was based on a different type of disclosure. For lack of a better name, I'll call it faux disclosure. Here's why. Security researchers Dave Maynor of ISS and Johnny Cache -- a.k.a. Jon Ellch -- demonstrated an exploit that allowed them to install a rootkit on an Apple laptop in less than a minute. Well, sort of; they showed a video of it, and also noted that they'd used a third-party Wi-Fi card in the demo of the exploit, rather than the MacBook's internal Wi-Fi card. But they said that the exploit would work whether the third-party card -- which they declined to identify -- was inserted in a Mac, Windows, or Linux laptop. How is that for murky and non-transparent? The whole world is at risk -- if the exploit is real -- whenever the unidentified card is used. But they won't say which card, although many sources presume the card is based on the Atheros chipset, which Apple employs. It gets worse. Brian Krebs of the Washington Post, who first reported on the exploit, updated his original story and has reported that Maynor said, "Apple had leaned on Maynor and Ellch pretty hard not to make this an issue about the Mac drivers -- mainly because Apple had not fixed the problem yet." That's part of what is meant by full disclosure these days -- giving the vendor a chance fix the vulnerability before letting the whole world know about it. That way, the thinking goes, the only people who get hurt by it are the people who get exploited by it. But damage to the responsible vendor's image is mitigated somewhat, and many in the security business seem to think that damage control is more important than anything that might happen to any of the vendor's customers. Big deal. Publicly traded corporations like Apple and Microsoft and all the rest have been known to ignore ethics, morality, any consideration of right or wrong, or anything at all that might divert them from their ultimate goal: to maximize profits. Because of this, some corporations only speak the truth when it is in their best interest. Otherwise, they lie or maintain silence. I asked Lynn Fox, Apple's director of Mac public relations, two very direct questions. 1. Are Apple MacBook users at risk using their built-in Wi-Fi capability? 2. Is Krebs' Washington Post report about Apple pressuring researchers not to reveal a MacBook Wi-Fi vulnerability/exploit accurate? I've received no response to that query. Nor do I expect one. Why don't the researchers disclose what they know anyway? They are not, as far as we know, on the payroll of Apple or the hardware vendor making the Wi-Fi gear. I got a clue about a possible reason while chatting with "dead addict," one of the original organizers of DEFCON. "dead addict" reminded me of the big blow-up at Black Hat last year, when Cisco was threatening to shut down the conference in its entirety if part of a scheduled presentation on a Cisco exploit wasn't removed. By a strange coincidence, ISS and one of its employees was involved in that situation, too. The researcher, Michael Lynn, resigned from ISS and then gave the presentation anyway. That act threw Cisco and ISS into a stone cold fury. Injunctions were filed, and the FBI was called in. To me it looks like every legal maneuver those bad boys at corporate could dream up were hurled at Lynn and Black Hat. To protect Cisco's customers? I don't think so. Cisco's customers would have been better served with the truth, not a coverup. The point "dead addict" was making is that some researchers can afford to leave their jobs, or be fired, or be arrested, and some can't. Those are pretty good reasons not to speak out. They are also a testament to how corrupt and rotten our system is, when corporate greed and gluttony trump virtue, and the FBI acts as corporate muscle. I tried to query Maynor on the subject, to ask him if Krebs' reporting that pressure from Apple kept him from identifying the MacBook hardware as being vulnerable to the exploit he demoed at Black Hat was correct. He hasn't answered either, and I can't say that I blame him. Not everyone can afford to act like Michael Lynn. At press time, millions of end users may be using Wi-Fi so insecure that an attacker could install a rootkit on their system in less than a minute. Those who know, or at least claim to know -- the researchers, Apple, and perhaps ISS -- are keeping mum, for reasons known only to Baud and their lawyers. So at the moment, Apple's current ad campaign about being more secure than Windows is being kept safe from harm. But what about the users? Who speaks for them? Remember, we are not talking about a matter of a few days. This exploit has been trumpeted in the press at least since June 22, when Robert McMillan first reported on it and the fact that it would be disclosed at Black Hat. Presumably, the researchers, or ISS, would have notified the responsible vendors prior to publication of that story. If any laptops are compromised as a result of the cone of silence that apparently has been slapped down on this issue, their lawyers may choose to call it something other than faux disclosure. Maybe something like depraved indifference. From rforno at infowarrior.org Tue Aug 8 23:20:22 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 08 Aug 2006 23:20:22 -0400 Subject: [Infowarrior] - ABA Approves Resolution Condemning Signing Statement Abuse Message-ID: Lawyers' Group Attacks Bush Revisions By THE ASSOCIATED PRESS http://www.nytimes.com/aponline/us/AP-Lawyers-Bush.html?pagewanted=print Filed at 10:56 p.m. ET HONOLULU (AP) -- The American Bar Association on Tuesday approved a resolution condemning President Bush's practice of writing exceptions to legislation he signs into law. Delegates, representing 410,000 members, at the ABA's annual meeting approved the resolution objecting to any president using bill signing statements as a way of diluting or changing laws rather than using an outright veto. Bush has vetoed only one bill, on stem cell research, but written exceptions to some 800 legislative provisions, more than all previous presidents combined. The Bush statements say the president reserves the right to revise, interpret or disregard measures on national security and constitutional grounds. ''The constitution says the president has two choices: either sign the bill or veto it. And if you sign it, you can't have your hand behind your back with your fingers crossed,'' said Michael Greco, the ABA's outgoing president. A call Tuesday to the White House was not immediately returned. The bar delegates urged Congress to require the president to promptly submit copies of any signing statements, along with a report giving the legal basis for his objections. The resolution also proposes that Congress create a system allowing courts to review any claim by the president that he has the authority to disregard or decline to enforce a law he signs or interpret the law in a different way than Congress had intended. Sen. Arlen Specter, R-Pa., submitted a bill last month seeking to ensure that signing statements aren't used to rewrite legislation or veto parts of bills. From rforno at infowarrior.org Wed Aug 9 08:58:01 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 09 Aug 2006 08:58:01 -0400 Subject: [Infowarrior] - The RIAA vs. John Doe, a layperson's guide to filesharing lawsuits Message-ID: The RIAA vs. John Doe, a layperson's guide to filesharing lawsuits The RIAA vs. John Doe, a layperson's guide to filesharing lawsuitsRay Beckerman of Recording Industry vs. The People put together an article that explains how the RIAA's militant enforcement arm legal team find, obtain records on and sue ISP account holders who may or may not have ever been users of P2P applications. It's a great reference, but (no offense intended to Ray) it's dry like a bread-sandwitch. I decided to take a stab at rewriting it in something closer to English than lawyer. In hopes that it would be more accessible. So, with thanks to Ray Beckerman, let's take a look at The RIAA vs. John Doe, in what I hope serves as a layperson's guide to filesharing lawsuits. < - > http://digitalmusic.weblogsinc.com/2006/08/07/the-riaa-vs-john-doe-a-laypers ons-guide-to-filesharing-lawsui/ From rforno at infowarrior.org Wed Aug 9 09:07:21 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 09 Aug 2006 09:07:21 -0400 Subject: [Infowarrior] - Why Lieberman's site is down Message-ID: CT-Sen: Why Lieberman's site is down Tue Aug 08, 2006 at 12:38:27 PM PDT http://www.dailykos.com/storyonly/2006/8/8/153827/3493 Two posts down it's clear that Lieberman's website isn't suffering from a Denial of Service attack. But now I have the definitive answer as to why Lieberman's site went down. They are paying $15/month for hosting at a place called MyHostCamp, with a bandwidth limit of 10GB. MyHostCamp is currently down, along with all their clients. Here's the deal -- you get what you pay for. My hosting bill is now over $7K per month. A smaller site doesn't need that much bandwidth, but if you're paying $15 because your $12 million campaign is too freakin' cheap to pay for quality hosting, then don't go blaming your opponent when your shitty service goes out. For their part, the Lamont campaign has offered its technical expertise to get Lieberman's site back up (which could be done in an hour by a competent sysadmin), and has added a link to the googlecached version of Lieberman's site at the top of their blog. One side is acting mature, the other is running around making baseless accusations. Update: Dan Gerstein, Lieberman spokesperson, admits they have no evidence Lamont's campaign or his supporters are behind their website woes. I'm telling you, it's down because they were too cheap to pay for quality hosting. That's a lesson to all of you campaigns skimping on hosting. $15 won't cut it. Update II: Joe's site shares one server with 73 other sites. They pay $15/month for an overcrowded server, and then they blame others when it goes down? From rforno at infowarrior.org Wed Aug 9 11:17:44 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 09 Aug 2006 11:17:44 -0400 Subject: [Infowarrior] - AT&T spying lawsuit delayed Message-ID: AT&T spying lawsuit delayed By Reuters http://news.com.com/AT38T+spying+lawsuit+delayed/2100-1028_3-6103656.html Story last modified Wed Aug 09 07:25:06 PDT 2006 advertisement A federal judge has temporarily halted further review of a lawsuit charging that AT&T illegally allowed the U.S. government to monitor phone and e-mail communications. Earlier this year, privacy rights group Electronic Frontier Foundation sued the telecom giant, saying the U.S. program eavesdrops on phone calls and reads e-mails of millions of Americans without warrants. Last month, U.S. District Court Judge Vaughn Walker rejected a request from the head of U.S. intelligence and other officials to dismiss the suit. But on Tuesday Walker said he would stay the case pending an appeal of his earlier decision by the U.S. 9th Circuit Court of Appeals. He said he was also awaiting another court decision that could bundle similar lawsuits across the nation before his or another court. "The issues here are serious indeed," he said. "Prudence requires a stay of some duration?I'm thinking about a stay until some time in late September or October." Walker also said if the case proceeded he was considering asking former CIA director James Woolsey to serve as an expert assisting the court review issues in the case. Story Copyright ? 2006 Reuters Limited. All rights reserved. From rforno at infowarrior.org Wed Aug 9 11:40:14 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 09 Aug 2006 11:40:14 -0400 Subject: [Infowarrior] - DRM Wars: The Next Generation Message-ID: DRM Wars: The Next Generation Wednesday August 9, 2006 by Ed Felten http://www.freedom-to-tinker.com/?p=1051 Last week at the Usenix Security Symposium, I gave an invited talk, with the same title as this post. The gist of the talk was that the debate about DRM (copy protection) technologies, which has been stalemated for years now, will soon enter a new phase. I?ll spend this post, and one or two more, explaining this. Public policy about DRM offers a spectrum of choices. On one end of the spectrum are policies that bolster DRM, by requiring or subsidizing it, or by giving legal advantages to companies that use it. On the other end of the spectrum are policies that hinder DRM, by banning or regulating it. In the middle is the hands-off policy, where the law doesn?t mention DRM, companies are free to develop DRM if they want, and other companies and individuals are free to work around the DRM for lawful purposes. In the U.S. and most other developed countries, the move has been toward DRM-bolstering laws, such as the U.S. DMCA. The usual argument in favor of bolstering DRM is that DRM retards peer-to-peer copyright infringement. This argument has always been bunk ? every worthwhile song, movie, and TV show is available via P2P, and there is no convincing practical or theoretical evidence that DRM can stop P2P infringement. Policymakers have either believed naively that the next generation of DRM would be different, or accepted vague talk about speedbumps and keeping honest people honest. At last, this is starting to change. Policymakers, and music and movie companies, are starting to realize that DRM won?t solve their P2P infringement problems. And so the usual argument for DRM-bolstering laws is losing its force. You might expect the response to be a move away from DRM-bolstering laws. Instead, advocates of DRM-bolstering laws have switched to two new arguments. First, they argue that DRM enables price discrimination ? business models that charge different customers different prices for a product ? and that price discrimination benefits society, at least sometimes. Second, they argue that DRM helps platform developers lock in their customers, as Apple has done with its iPod/iTunes products, and that lock-in increases the incentive to develop platforms. I won?t address the merits or limitations of these arguments here ? I?m just observing that they?re replacing the P2P piracy bogeyman in the rhetoric of DMCA boosters. Interestingly, these new arguments have little or nothing to do with copyright. The maker of almost any product would like to price discriminate, or to lock customers in to its product. Accordingly, we can expect the debate over DRM policy to come unmoored from copyright, with people on both sides making arguments unrelated to copyright and its goals. The implications of this change are pretty interesting. They?ll be the topic of my next post. From rforno at infowarrior.org Wed Aug 9 14:55:13 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 09 Aug 2006 14:55:13 -0400 Subject: [Infowarrior] - AOL Search Mirrors Message-ID: This collection consists of ~20M web queries collected from ~650k users over three months. The data is sorted by anonymous user ID and sequentially arranged. http://www.gregsadetsky.com/aol-data/ From rforno at infowarrior.org Wed Aug 9 15:00:16 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 09 Aug 2006 15:00:16 -0400 Subject: [Infowarrior] - AF will not fund controversial FOIA study Message-ID: (c/o SecrecyNews) AIR FORCE LAB WILL NOT FUND CONTROVERSIAL FOIA STUDY The Air Force Research Laboratory (AFRL) said this week that it will not administer a grant to a San Antonio, Texas law school to study state freedom of information laws. In a story that prompted new concerns about official secrecy, USA Today reported last month that the government was going to pay St. Mary's University School of Law $1 million to reevaluate state freedom of information laws in light of the threat of terrorism. But the proposed freedom of information study "doesn't fit with the information research and development that we do," said Dan Emlin of the AFRL Information Directorate in Rome, New York. That AFRL Directorate focuses on information technology -- including C4I, artificial intelligence, and surveillance technology -- but not information policy. The freedom of information study "was more of a [policy] 'project' than bona fide research," Mr. Emlin told Secrecy News, and "so the [AFRL] Director decided 'We're not going to do it'." Based on news reports and public statements, the proposed freedom of information study seemed oriented towards new limitations on public disclosure of information. So, for example, St. Mary's law school professor Jeffrey Addicott, the lead investigator, told USA Today that "There's the public's right to know, but how much?" "There's too much stuff that's easy to get that shouldn't be," he added. ("And plenty of stuff that should be easy to get that isn't," the Detroit Free Press objected in a July 26 editorial criticizing the program.) See "Tax Dollars to Fund Study on Restricting Public Data" by Richard Willing, July 6: http://www.usatoday.com/news/washington/2006-07-05-foia-research_x.htm But Senator John Cornyn, who sponsored the defense budget earmark of funds for the St. Mary's project, said its purpose was not to increase secrecy. "In fact, the exact opposite is true. The research will make certain that free flow of information is not unnecessarily hindered by security-driven laws approved by states after Sept. 11, 2001," he said in a statement on the St. Mary's web site: http://www.stmarytx.edu/ctl/display.php?go=cornyn "The study is not designed to assist the Department of Defense, Pentagon or individual States to weaken either State or Federal Freedom of Information Act laws," according to another statement from the University. http://www.stmarytx.edu/ctl/ Since the $1 million grant has already been appropriated by Congress in the FY 2006 defense appropriations bill, it is possible that another agency will step forward to administer the award. But with AFRL's refusal to participate it is not immediately clear which agency that might be. From rforno at infowarrior.org Wed Aug 9 22:26:29 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 09 Aug 2006 22:26:29 -0400 Subject: [Infowarrior] - Google to Keep Storing Search Requests Message-ID: Google to Keep Storing Search Requests http://www.salon.com/wire/ap/archive.html?wire=D8JD67480.html - - - - - - - - - - - - By MICHAEL LIEDTKE AP Business Writer August 09,2006 | SAN JOSE, Calif. -- Although he was alarmed by AOL's haphazard release of its subscribers' online search requests, Google Inc. CEO Eric Schmidt said Wednesday the privacy concerns raised by that breach won't change his company's practice of storing the inquiries made by its users. "We are reasonably satisfied ... that this sort of thing would not happen at Google, although you can never say never," Schmidt said during an appearance at a major search engine conference in San Jose. The security breakdown, disclosed earlier this week, publicly exposed about 19 million search requests made by more than 658,000 AOL subscribers during the three months ended in May. Time Warner Inc.'s AOL intended to release the data exclusively to researchers, but the information somehow surfaced on the Internet and was widely copied. The lapse provided a glaring example of how the information that people enter into search engines can provide a window into their embarrassing -- or even potentially incriminating -- wishes and desires. The search requests leaked by AOL included inquiries seeking information about murder techniques and nude teenage girls. AOL's gaffe hits close to home for Google because the two companies have extremely close business ties. Mountain View-based Google owns a 5 percent stake in AOL, which also accounted for about $330 million of the search engine's revenue during the first half of this year. AOL also depends on Google's algorithms for its search results. Schmidt told reporters Wednesday he hadn't had time to contact AOL executives to discuss the problems underlying the release of the search data, but questioned his business partner's judgment. "It's a terrible thing," he said during his conference remarks. "Maybe it wasn't a good idea to release it in the first place." AOL already has publicly apologized for its handling of the search requests, calling it a "screw up." In response to a reporter's question, Schmidt said some good could still emerge from AOL's error by raising public awareness about the issue. "It may be positive because we want people to know what can happen" to online search requests, Schmidt said. Google keeps its users' search requests as part of its efforts to better understand what specific people are looking for on the Internet. But by storing the search requests, Google and its competitors are creating an opportunity for the material to be mistakenly released or stolen, according to privacy advocates. Schmidt said he is less concerned about those possibilities than the governments of countries around the world demanding to review people's search requests. "I have always worried the query stream is a fertile ground for governments to snoop on the people." The U.S. Justice Department last year subpoenaed Google for millions of its users' search requests as part of a court case involving protections against online child pornography. Google refused to comply, resulting in a high-profile court battle earlier this year that culminated in a federal judge ruling that the search engine didn't have to hand over individual search requests to the government. In his meeting with reporters, Schmidt also covered familiar ground, including Google's plans to develop more advertising channels and form more revenue-sharing partnerships with content providers. Toward that end, Google during the past week announced new business alliances with The Associated Press, Viacom Inc.'s MTV Networks and News Corp.'s rapidly growing social networking Web site, MySpace.com. The search engine also plans to start distributing radio ads within the next few months. Google continues to negotiate with other potential partners, although Schmidt indicated nothing is likely to come to fruition during the next few weeks. "The highest priority right now is not (making) more deals, but implementing the ones we have announced," he told reporters. Salon provides breaking news articles from the Associated Press as a service to its readers, but does not edit the AP articles it publishes. From rforno at infowarrior.org Wed Aug 9 22:30:50 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 09 Aug 2006 22:30:50 -0400 Subject: [Infowarrior] - Microsoft to Tighten the Genuine Advantage Screws Message-ID: Microsoft to Tighten the Genuine Advantage Screws By Mary Jo Foley http://www.microsoft-watch.com/article2/0,2180,2001181,00.asp In a further expansion of its anti-piracy program, Microsoft is building more 'Genuine' checks directly into Windows Vista, and is expanding the program to target not just consumers, but PC makers and system builders. To date, with its Genuine Advantage anti-piracy programs, Microsoft has targeted consumers. Windows and Office users have been required to validate their products as "genuine" before being able to obtain many downloads and add-ons. Come this fall, however, the Redmond software maker is planning to turn up the Genuine Advantage heat in two ways: By baking more Genuine Advantage checks directly into Windows Vista, and by taking aim at PC makers, system builders, Internet cafes and other sources of potentially pirated software. Microsoft officials ? whose Genuine Advantage Notification strategy came under fire earlier this summer -- declined to share specifics about its new Genuine Advantage plans. But executives already have been setting the stage for the upcoming changes in recent keynote addresses. "We expect to do more to make Windows more differentiated when it's genuine, and so genuine customers get a truly different experience than non-genuine customers, as well as to make piracy harder, so that our genuine partners can do a better job competing with those that don't play by the rules," Windows Client Marketing Chief Michael Sievert told attendees of Microsoft's Worldwide Partner Conference in July. Microsoft Platforms and Services Co-President Kevin Johnson was more specific about Microsoft's plans, in his remarks to Wall Street analysts at Microsoft's Financial Analyst Meeting in late July. "We built a set of features and a set of functionality that is only available to genuine Windows customers," Johnson said. "Windows Defender, for example, the anti-spyware for Windows XP and Windows Vista, is available to genuine Windows customers. Windows Media Player 11.0, Internet Explorer 7.0, will be available for download for Windows XP customers who are genuine, and of course those are built into Windows Vista. Future updates to Internet Explorer and Windows Media Player for Windows Vista will require them to be genuine. And certainly there's some premium features built into the Windows Vista operating system that will require genuine validation as well. So we're really trying to amplify the fact that being genuine enables the set of benefits and value to access these types of features and capabilities." Johnson did not single out which premium features in Vista will require validation before use. There are a number of new Vista features which Microsoft is making available only to users of its consumer- and small-business-focused "premium" Vista editions -- Vista Home Premium and Vista Ultimate. Examples of premium features which Microsoft potentially could lock down under Genuine Advantage include Windows Photo Gallery; Windows Media Center; Windows DVD Maker; and games like Texas Hold 'Em Poker that are part of the downloadable Vista Ultimate Extras products and services. At the same time as it is baking into Vista more Genuine-Advantage-required features, Microsoft is stepping up elements of its Genuine Advantage program aimed at the reseller channel. "We expect to do much more as a Windows business to help our partners to sell products based on Genuine Windows to compete with pirates. This is a major opportunity both for Microsoft and our partners, " Windows Client Marketing Chief Sievert told channel partners in July. Platforms and Services Co-President Johnson had the same message for financial analysts later that month. "There's a higher level of genuine Windows attached to PC shipments in developed markets than emerging markets, which means, if we want to continue to drive growth of Windows client OEM units faster than PC shipments, we've got to have a great compelling value proposition for the user for genuine Windows software and for the channel," Johnson said. One element of Microsoft's OEM-focused Genuine Advantage strategy could be increasing the number of copies of Microsoft Office that are preloaded on new PCs. Under an internal Microsoft program known as the Unlicensed PC Initiative, the company is working to reduce piracy by curbing the number of new PCs sold without Windows ? and, increasingly, Office -- preloaded on them. Microsoft announced on July 11 that it has decided to allow PC makers/system builders to pre-install Microsoft Office Home and Student 2007 edition on new PCs. Previously that version of Office was sold only are retail. Microsoft officials at the Worldwide partner Conference also announced they will allow system builders to provide customers with a free 60-day trial of Office on new PCs, allowing them to sell the Office license after the PC purchase via a program called "Office-Ready PC." Outside the U.S., Microsoft has begun distributing stickers to partners selling software to Internet Caf? operators that read "This Internet Caf? uses genuine Microsoft software." In order to obtain the stickers, the cafes must validate their software through Genuine Advantage. Roger Kay, president with Endpoint Technologies Associates, said he had no doubts that the channel would be a big Genuine Advantage focus for the Microsoft, going forward. "For the channel, which is in general more complicit than end users, Microsoft will pursue a combination of education, engineering, and enforcement," Kay said. "Education is telling people how to figure out whether they have bogus copies and warn them of the dangers and is aimed at those trying to do right. Engineering covers technologies put into Windows to prevent counterfeiting and alert customers to the fact that they have a bad copy. Enforcement is aimed at the people who know they're wearing black hats and involves working with law enforcement and other measures to bring installations into compliance." << Back to home From rforno at infowarrior.org Wed Aug 9 22:37:56 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 09 Aug 2006 22:37:56 -0400 Subject: [Infowarrior] - Physicist James Van Allen dies Message-ID: Physicist James Van Allen dies Wed Aug 9, 2006 4:27 PM ET http://today.reuters.com/news/articlenews.aspx?type=scienceNews&storyID=2006 -08-09T202704Z_01_N09303362_RTRUKOC_0_US-VANALLEN.xml&WTmodLoc=NewsHome-C3-s cienceNews-3 CHICAGO (Reuters) - American physicist James Van Allen, who helped propel the United States into the space race and discovered the bands of radiation that surround the Earth that were later named for him, died on Wednesday, the University of Iowa said. Van Allen, a longtime professor at the university, died from undisclosed causes. He was 91. He designed numerous instruments carried aboard U.S. space probes beginning with the instrumentation and Geiger counters aboard Explorer 1. The satellite went into Earth orbit January 31, 1958 -- four months after the Soviet Union's launch of Sputnik I triggered unease about America's scientific prowess. The Explorer mission led to the discovery of a doughnut-shaped region of charged-particle radiation encircling the Earth, now called the Van Allen belts. Long a critic of manned space flight, Van Allen called himself "a member of the loyal opposition" in favoring using less expensive remote-controlled spacecraft rather than astronauts to explore space. Born in Mount Pleasant, Iowa, in 1914, Van Allen's early scientific achievements included using rockets carried aloft by balloons to discover electrons in the atmosphere believed to generate the Aurora Borealis, or Northern Lights. He would later place experiments aboard and monitor the progress of several of the Mariner, Pioneer, Voyager, Galileo, and Cassini spacecraft. "James Van Allen was one of the university's most influential and best-regarded scholars of all time. Yet he remained the most unassuming and caring man. We will all miss him deeply," University of Iowa Provost Michael Hogan said. He is survived by his wife, five children, and seven grandchildren. ? Reuters 2006. From rforno at infowarrior.org Wed Aug 9 22:55:50 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 09 Aug 2006 22:55:50 -0400 Subject: [Infowarrior] - Information Assurance: Trends in Vulnerabilities, Threats and Technologies Message-ID: Information Assurance: Trends in Vulnerabilities, Threats and Technologies http://www.ndu.edu/ctnsp/information_assurance_book.htm http://www.ndu.edu/ctnsp/IA_final.pdf Edited by Jacques S. Gansler and Hans Binnendijk This book was inspired by a workshop in which participants discussed information assurance issues as they relate to network centric warfare (NCW). The workshop objective was to gain insight into transformation risks in the following areas: trends in information system threats and vulnerabilities; vulnerabilities introduced by the complexity of the new digitized battlefield; impact of degraded information systems on battlefield operations; and trends in information assurance technologies and system design. This collection documents the proceedings of that workshop. By the very nature of their diverse experiences and concerns, the workshop participants offered unique insight into a multiplicity of issues. On occasion, their findings and conclusions disagree with each other. As such, the following chapters highlight the magnitude of the challenges we face in harnessing the operational and technological aspects of network centric warfare. The authors recommend that a top-down analysis is needed to frame the issues that identify the risks to military operations and national defense be undertaken to guide NWC evolution. This approach is critical to ensuring that NCW meets its goal and does not introduce additional vulnerabilities that jeopardize our military or homeland defense. The opinions, conclusions and recommendations expressed or implied within are those of the contributors and do not necessarily reflect the views of the Department of Defense or any other agency of the Federal Government. This publication is cleared for public release; distribution unlimited. First Printing, January 2005 http://www.ndu.edu/ctnsp/IA_final.pdf From rforno at infowarrior.org Thu Aug 10 08:17:07 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Aug 2006 08:17:07 -0400 Subject: [Infowarrior] - DHS: Threat Level Change for the Aviation Sector Message-ID: Threat Level Change for the Aviation Sector http://www.tsa.gov/press/happenings/threat-change.shtm The U.S. threat level is raised to Severe, or Red, for all commercial flights flying from the United Kingdom to the U.S. The U.S. threat level is raised to High, or Orange for all commercial aviation operating in the U.S., including international flights. Flights from the U.S. to the U.K. are also Orange. All travelers on commercial U.S. carriers and on all flights into the U.S., please be advised of the following changes to airport screening procedures: NO LIQUIDS OR GELS OF ANY KIND WILL BE PERMITTED IN CARRY ON BAGGAGE. ITEMS MUST BE IN CHECKED BAGGAGE. This includes all beverages, shampoo, sun tan lotion, creams, tooth paste, hair gel, and other items of similar consistency. Exception: Baby formula and medicines must be presented for inspection at the checkpoint. Beverages purchased in the boarding area (beyond the checkpoint) must be consumed before boarding because they will not be permitted on board the aircraft. Passengers traveling from the U.K. to the U.S. will be subject to a more extensive screening process. These measures will be constantly evaluated and updated when circumstances warrant. How every passenger can assist in security: * Pack lightly, without clutter to facilitate easier screening * Arrive at least two hours early at the airport * Cooperate with TSA personnel at checkpoints and at all gate * Be attentive and vigilant to any suspicious activity and report it to authorities TSA Contact Center Phone 866-289-9673 or E-mail tsa-contactcenter at dhs.gov From rforno at infowarrior.org Thu Aug 10 08:22:50 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Aug 2006 08:22:50 -0400 Subject: [Infowarrior] - Airlines ban hand luggage from UK Message-ID: (Between this and the new TSA prohibition on carryon liquids we're inching closer to the "don hospital gown and take two Valium before boarding" mode of commercial aviation, I think.....but speaking of liquids, does that mean they're shutting down all the concession stands in the sterile areas of airports? .....rf) Airlines ban hand luggage from UK Thu Aug 10, 2006 3:05 AM ET http://today.reuters.com/news/articlenews.aspx?type=topNews&storyid=2006-08- 10T070534Z_01_L10808905_RTRUKOC_0_US-TRANSPORT-BA.xml&src=rss&rpc=22 LONDON (Reuters) - Airlines banned hand luggage on flights out of the United Kingdom on Thursday and warned of massive delays after British police said they had disrupted a plot to blow up aircraft in mid-flight. All carriers, including British Airways, United Airlines and Virgin Atlantic, stepped up security on news of the plot to smuggle bombs on board a flight between Britain and the United States. Passengers were banned from carrying any hand luggage on board flights, including mobile phones and handbags, airlines and airport authorities said. All liquids were banned on board except for essential medicines. Milk for babies would be allowed on board but must be tasted by the accompanying passenger, UK airport operator BAA said in a statement. "British Airways, acting on instruction from the UK Government, wishes to advise passengers that no items of hand baggage can be carried on board any aircraft departing any UK airport," the airline said in a statement. "The UK government has advised that this instruction will apply to all airlines operating from UK airports." The Department of Transport said in a statement on its Web site that security at all UK airports had been increased and additional security measures had been put in place on all flights. BAA Plc, which operates three of London's biggest airports including Heathrow, said all passengers would be hand searched and their footwear and all items they carry would be X-rayed. It added that all passengers on flights to the United States would be subject to a secondary search at the boarding gate. "We are cooperating fully with the authorities," said a spokesman for United Airlines, which is one of just two U.S. airlines, along with American, that have landing rights at London's main Heathrow airport. Carriers not flying on transatlantic routes were also affected. Low-cost airlines Ryanair and easyJet said significant delays should be expected. "Our first-wave flights are currently in the process of taking off. We did not have aircraft in the air when we heard about this first thing this morning," an easyJet spokesman said. Shares in BA were expected to fall about 4 percent in early trade, dealers said. (Additional reporting by Jason Neely) From rforno at infowarrior.org Thu Aug 10 10:20:04 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Aug 2006 10:20:04 -0400 Subject: [Infowarrior] - Schneier: New Airline Security Rules Message-ID: New Airline Security Rules http://www.schneier.com/blog/archives/2006/08/new_airline_sec.html The foiled UK terrorist has no carry-ons are allowed: These measures will prevent passengers from carrying hand luggage into the cabin of an aircraft with the following exceptions (which must be placed in a plastic bag): Pocket size wallets and pocket size purses plus contents (for example money, credit cards, identity cards etc (not handbags); Travel documents essential for the journey (for example passports and travel tickets); Prescription medicines and medical items sufficient and essential for the flight (e.g. diabetic kit), except in liquid form unless verified as authentic; Spectacles and sunglasses, without cases; Contact lens holders, without bottles of solution; For those traveling with an infant: baby food, milk (the contents of each bottle must be tasted by the accompanying passenger); Sanitary items sufficient and essential for the flight (nappies, wipes, creams and nappy disposal bags); Female sanitary items sufficient and essential for the flight, if unboxed (e.g. tampons, pads, towels and wipes) tissues (unboxed) and/or handkerchiefs; Keys (but no electrical key fobs) Across the Atlantic, the TSA has announced new security rules: Passengers are not allowed to have gels or liquids of any kind at screening points or in the cabin of any airplane. They said this includes beverages, food, suntan lotion, creams toothpaste, hair gel, or similar items. Those items must be packed into checked luggage. Beverages bought on the secure side of the checkpoint must be disposed of before boarding the plane. There are several exceptions to the new rule. Baby formula, breast milk, or juice for small children, prescription medications where the name matched the name of a ticked passenger, as well as insulin and other essential health items may be brought onboard the plane. From rforno at infowarrior.org Thu Aug 10 15:50:38 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Aug 2006 15:50:38 -0400 Subject: [Infowarrior] - Vista: ultimate confusing mess edition Message-ID: Vista: ultimate confusing mess edition * 10 August 2006 * James Bannan http://www.apcstart.com/site/jbannan/2006/08/971/vista-ultimate-confusing-me ss-edition Vista?s tag-based file browsing looks great when you use the Microsoft sample files supplied with Vista. But put your own motley files in there and the whole system falls down. So much for getting a ?clearer view? of your files. Vista?s approach to file management is far less interested in what?s in your files than what sort of files they are and what metadata tags you have applied to them. Windows Explorer has new buttons and filters which let you change views, organise files, stack them according to smell and group them according to atomic weight ? but you need to tell it all this stuff about your files first; it doesn?t deduce much for itself. If you add tags to a group of pictures taken on holiday, stating when you took them, what model camera you used, what colour underwear you were wearing and how much you drank the night before, Vista will sort them, shuffle them and turn them into a slideshow. If you just dump them into a folder called ?Holiday Pics?, Vista will grudgingly display them under ?Unspecified?. That is so useful. Not. metadata04_small.PNG The trouble is lots of Vista testers probably haven?t realised this, because Microsoft stacks the beta distribution with lots of sample pictures that have depressingly happy and oh-so-informative tags embedded. Oh yes, if you want to search for a specific Microsoft sample picture within Vista it?s an absolute breeze. The problem starts when you try to find something in your own shabby and unworthy collection. The point is that Microsoft seems to have missed a key learning from computer history: end users are not the least bit interested in putting their own metadata into files. Pictures are pictures, MP3s are MP3s. Some people manually add ID3 tags to their music but the very vast majority rely on automatic systems like CDDB which are queried by CD ripping programs. Vista really doesn?t work around the fact that users never add their own metadata. Without some miraculous educational push to encourage users to tag all their files, all of Vista?s ?innovations? amount to 10 per cent more than nothing much. This is a big deal, because file browsing in Vista is heavily oriented towards specific applications like Media Player and Image Library. Microsoft has had an opportunity to make some real advancements in processing and recognition of files. Take, for example, Riya.com, which allows you to identify a few examples of each person?s face in your photo library and have the rest of your library automatically scanned and identified. riya.jpg Then you can search the library by the name of the person you?re looking for and see all the photos they?re in. Sounds high-tech, but if an online service can make a small Java application that does it all on your garden-variety home desktop, Microsoft could surely have done it too, and then extended that sort of thinking across the various other types of files users typically have on their PC. Instead, we have this ?if you tag it, we?ll sort on those tags? approach. Having said that, Vista does make it relatively straightforward to add tag information to your files. Music, videos and pictures are all treated alike ? click on a single file and you get a readout of what tags are currently applied. Click on any one of them and it?s like filling in a form. Type away and you?re done. You can make multiple selections and the display changes to incorporate tags which are common to all files ? things like album/artist name and so on. Really, it couldn?t be much simpler. metadata03_small.PNG metadata01_small.PNG Having content organised by metadata is useful, but only if the metadata is actually there. Only the very best user interface design can lure people into adding tags to their data, and it?s obvious that Vista is far from the ?very best?. Vista?s ?Search Folders?. Metadata combined with indexing does give you the power to find any file any time. Assuming it has tag information with which to be found, of course. This presents a slight problem though. If you?re using Vista at home then searches are not going to revolutionise the way you work and play. They?re nice, yes, but they do rely on you doing all the leg work to make them worthwhile. Business users on the other hand will absolutely love searches. But if you open the Searches folder in Vista, you?ll see that there are already some pre-defined ones. Searches like Recent Documents, Recent Email and Recently Changed. These are awesomely powerful and useful searches, and +they only rely on file time and date stamping. metadata02_small.PNG Files receive time and date stamp automatically, and have done since the beginning of computing history. No user-applied tags needed. So, Microsoft: we?ve established that home users may or may not care about metadata, business users won?t go anywhere near it unless forced with whip and chair, but we?re all saddled with a default Explorer interface which lives and breathes metadata. Are we all going to be installing and using Windows Vista: ultimate confusing mess edition for the next five years? From rforno at infowarrior.org Thu Aug 10 19:35:51 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Aug 2006 19:35:51 -0400 Subject: [Infowarrior] - Romney: No cellphones/ipods/laptops for Boston Logan passengers Message-ID: (c/o IP) Massachusetts Governor Mitt Romney said that state's National Guard has been activated to increase security at Logan International Airport outside Boston, the first such call-up since the Sept. 11 attacks. Passengers traveling through Logan may no longer bring aboard cell phones, laptop computers or iPods, as well as any liquids, Romney told a news conference in Boston. < - > http://www.bloomberg.com/apps/news?pid=20601087&sid=aei.iEm4Qt0I&refer=home From rforno at infowarrior.org Thu Aug 10 20:46:24 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Aug 2006 20:46:24 -0400 Subject: [Infowarrior] - US plans to expand airport security measures Message-ID: US plans to expand airport security measures Thu Aug 10, 2006 7:51 PM ET http://today.reuters.com/news/articlenews.aspx?type=domesticNews&storyid=200 6-08-10T235039Z_01_N10185380_RTRUKOC_0_US-SECURITY-USA-AIRPORTS.xml&src=rss& rpc=22 WASHINGTON (Reuters) - The government plans to expand airport security measures starting as soon as Friday, adding to those just put in place in response to a foiled overseas plot to blow up U.S.-bound airliners, industry and other officials said. The changes triggered by the discovery of a British-based plot to carry aboard bomb-making ingredients disguised as beverages and other common items mark the most urgent aviation security steps since the September 11, 2001, hijack attacks. Beginning on Friday, security screening of carry-on items will expand significantly from levels imposed at two dozen cities on Thursday, Jim May, chief executive of the Air Transport Association, said at a news conference. The trade group for the biggest airlines said the changes would involve additional checks at boarding gates but offered no details. Transportation security officials would not discuss new screening steps in advance. Authorities have banned travelers from carrying liquids and other gel-based products such as toothpaste and makeup onto planes. Those items are permitted in checked luggage. Additional security steps include: -National Guard forces activated in Massachusetts and California will assist airport screeners. -Certain private air services from Britain must coordinate with U.S. aviation and security authorities for permission to fly. The Federal Aviation Administration order will likely affect business jets and other private aircraft. Big commercial carriers already have security programs in place. -Airlines departing Britain must supply a passenger manifest to U.S. authorities ahead of takeoff, May said. Currently, carriers can give that information for checks against watch lists soon after the plane leaves. Rep. John Mica, a Florida Republican and chairman of the House of Representatives aviation subcommittee, credited security officials with being prepared and for taking quick action on Thursday. But he said the prospect of explosives in luggage remains a chief threat to U.S. aviation even though security officials have focused more closely on it this year. "We still have a challenge," Mica said. (Additional reporting by Susan Heavey in Houston) From rforno at infowarrior.org Fri Aug 11 08:50:32 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Aug 2006 08:50:32 -0400 Subject: [Infowarrior] - FW: [IP] On the implausibility of the explosives plot. In-Reply-To: <2C4A4EBF-3946-42B8-BB8B-F04BC2062F25@farber.net> Message-ID: (via IP) ------ Forwarded Message From: "Perry E. Metzger" First, a note of introduction. Until recently, I was a computer security guy, and as with many in my profession, the application of computer security analysis to non-computer security problems was increasingly interesting to me. Now, for reasons that don't need exploring at this juncture, I'm back at school, studying chemistry, and I'm spending this summer in a lab doing organic synthesis work. Strangely, today I find my interests colliding. So, I'm doing a bunch of reading, and I find the claimed method the "highly sophisticated" attackers came up with for bringing down airliners kind of implausible. I wonder if it could ever work in reality. A disclaimer, I'm working entirely off of news reported by people who don't know the difference between soft drinks and nail polish remover, but the information I've seen has the taste of being real. As near as I can tell, it is claimed that the terrorists planned to make organic peroxides in situ on board an airplane and use them to destroy the plane. This seems, at least given my initial examination of the idea, implausible. Based on the claims in the media, it sounds like the idea was to mix H2O2 (hydrogen peroxide, but not the low test kind you get at the pharmacy), H2SO4 (sulfuric acid, of necessity very concentrated for it to work at all), and acetone (known to people worldwide as nail polish remover), to make acetone peroxides. You first have to mix the H2O2 and H2SO4 to get a powerful oxidizer, and then you use it on acetone to get the peroxides, which are indeed explosive. A mix of H2O2 and H2SO4, commonly called "piranha bath", is used in orgo labs around the world for cleaning the last traces out of organic material out of glassware when you need it *really* clean -- thus, many people who work around organic labs are familiar with it. When you mix it, it heats like mad, which is a common thing when you mix concentrated sulfuric acid with anything. It is very easy to end up with a spattering mess. You don't want to be around the stuff in general. Here, have a look at a typical warning list from a lab about the stuff: http://www.mne.umd.edu/LAMP/Sop/Piranha_SOP.htm Now you may protest "but terrorists who are willing to commit suicide aren't going to be deterred by being injured while mixing their precursor chemicals!" -- but of course, determination isn't the issue here, getting the thing done well enough to make the plane go boom is the issue. There is also the small matter of explaining to the guy next to you what you're doing, or doing it in a tiny airplane bathroom while the plane jitters about. Now, they could of course mix up their oxidizer in advance, but then finding a container to keep the stuff in that isn't going to melt is a bit of an issue. The stuff reacts violently with *everything*. You're not going to keep piranha bath in a shampoo bottle -- not unless the shampoo bottle was engineered by James Bond's Q. Glass would be most appropriate, assuming that you could find a way to seal it that wouldn't be eaten. So, lets say you have your oxidizer mixture and now you are going to mix it with acetone. In a proper lab environment, that's not going to be *too* awful -- your risk of dying horribly is significant but you could probably keep the whole thing reasonably under control -- you can use dry ice to cool a bath to -78C, say, and do the reaction really slowly by adding the last reactant dropwise with an addition funnel. If you're mixing the stuff up in someone's bathtub, like the guys who bombed the London subways a year ago did, you can take some reasonable precautions to make sure that your reaction doesn't go wildly out of control, like using a lot of normal ice and being very, very, very careful and slow. You need to keep the stuff cool, and you need to be insanely meticulous, or you're going to be in a world of hurt. So, we've covered in the lab and in the bathtub. On an airplane? On an airplane, the whole thing is ridiculous. You have nothing to cool the mixture with. You have nothing to control your mixing with. You can't take a day doing the work, either. You are probably locked in the tiny, shaking bathroom with very limited ventilation, and that isn't going to bode well for you living long enough to get your explosives manufactured. In short, it sounds, well, not like a very good idea. If you choke from fumes, or if your explosives go off before you've got enough made to take out the airplane -- say if you only have enough to shatter the mirror in the bathroom and spray yourself with one of the most evil oxidizers around -- you aren't going to be famous as the martyr who killed hundreds of westerners. Your determination and willingness to die doesn't matter -- you still need to get the job done. You also need quite a bit of organic peroxides made by this route in order to be sure of taking down a plane. I doubt that just a few grams is going to do it -- though of course the first couple of grams you are likely to go off before you make any more. The possibility of doing all this in an airplane lav or by some miracle at your seat seems really unlikely. Perhaps I'm just ignorant here -- it is possible that a clever person could do it. I can't see an easy way though. So far as I can tell, for the pragmatic terrorist, the whole thing sounds really impractical. Why not just smuggle pre-made explosives on board? What advantage is this "binary system" idea in the first place? There are also all sorts of ideas a smart person could come up with in a few minutes of thinking -- see below. The news this morning was full of stuff about "ordinary looking devices being used as detonators". Well, if you're using nasty unstable peroxides as your explosive material, you don't really need any -- the stuff goes off if you give it a dirty look. I suspect a good hard rap with a hard heavy object would be more than sufficient. No need to worry about those cell phones secretly being high tech "detonators" if you're going this route. Anyway, from all of this, I conclude that either 1) The terrorists had a brilliant idea for how to combine oxidizer and a ketone or ether to make some sort of nasty organic peroxide explosive in situ that has escaped me so far. Perhaps that's true -- I'm not omniscient and I have to confess that I've never tried making the stuff at all, let alone in an airplane bathroom. 2) The terrorists were smuggling on board pre-made organic peroxide explosives. Clearly, this is not a new threat at all -- organic peroxide explosives have been used by terrorists for decades now. Smuggling them in a bottle is not an interesting new threat either -- clearly if you can smuggle cocaine in a bottle you can smuggle acetone peroxide. I would hope we had means of looking for that already, though, see below for a comment on that. 3) The terrorists were phenomenally ill informed, or hadn't actually tried any of this out yet -- perhaps what we are told was a "sophisticated plot" was a bunch of not very sophisticated people who had not gotten very far in testing their ideas out, or perhaps they were really really dumb and hadn't tried even a small scale experiment before going forward. There are other open questions I have here as well. Assuming this is really what was planned, why are the airport security making people throw away their shampoo? If you open a shampoo bottle and give it a sniff, I assure you that you'll notice concentrated sulfuric acid very fast, not that you would want to have your nose near it for long. No high tech means needed for detection there. Acetone is also pretty distinctive -- the average airport security person will recognize the smell of nail polish remover if told that is what they're sniffing for. Oh, and even if they used a cousin of acetone, say methyl ethyl ketone (aka MEK, aka 2-butanone), you'll still pick up on the smell. And now, on to the fun part of this note. First they came for the nail clippers, but I did not complain for I do not cut my finger nails. Now they've come for the shampoo bottles, but I did not complain for I do not wash my hair. What's next? What will finally stop people in their tracks and make them realize this is all theater and utterly ridiculous? Lets cut the morons off at the pass, and discuss all the other common things you can destroy your favorite aircraft with. Bruce Schneier makes fun of such exercises as "movie plots", and with good reason. Hollywood, here I come! We're stopping people from bringing on board wet things. What about dry things? Is baby powder safe? Well, perhaps it is if you check carefully that it is, in fact, baby powder. What if, though, it is mostly a container of potassium cyanide and a molar equivalent of a dry carboxylic acid? Just add water in the first class bathroom, and LOTS of hydrogen cyanide gas will evolve. If you're particularly crazy, you could do things like impregnating material in your luggage with the needed components. Clearly, we can't let anyone carry on containers of talc, and we have to keep them away from all aqueous liquids. See the elderly gentleman with the cane? Perhaps it is not really an ordinary cane. The metal parts could be filled with (possibly sintered) aluminum and iron oxide. Thermit! Worse still, nothing in a detector will notice thermit, and trying to make a detector to find thermit is impractical. Maybe it is in the hollowed portions of your luggage handles! Maybe it is cleverly mixed into the metal in someone's wheelchair! Who knows? Also, we can never allow people to bring on laptop computers. It is far too easy to fill the interstices of the things with explosives -- there is a lot of space inside them -- or to rig the lithium ion batteries to start a very hot fire (that's pretty trivial), or if you're really clever, you can make a new case for the laptop that's made of 100% explosive material instead of ordinary plastic. Fun! No liquor on board any more, of course. You can open lots of little liquor bottles and set the booze on fire, and besides, see the dangers of letting people have fluids. Even if you let them have fluids, no cans of coke -- you can make a can of coke into a shiv in a few minutes. No full sized bottles of course, since you can break 'em and use them as a sharp weapon, so no more champagne in first class either, let alone whiskey. Then, lets consider books and magazines. Sure, they look innocent, but are they? For 150 years, chemists have known that if you take something with high cellulose content -- cotton, or paper, or lots of other things -- and you nitrate it (usually with a mixture of nitric and sulfuric acids), you get nitrocellulose, which looks vaguely like the original material you nitrated but which goes BOOM nicely. Nitrocellulose is the base of lots of explosives and propellants, including, I believe, modern "smokeless" gunpowder. It is dangerous stuff to work with, but you're a terrorist, so why not. Make a bunch of nitrocellulose paper, print books on it, and take 'em on board. The irony of taking out an airplane with a Tom Clancy novel should make the effort worthwhile. So, naturally, we have to get rid of books and magazines on board. That's probably for the best, as people who read are dangerous. And now for a small side note. It is, of course, commonly claimed that we have nitro explosive detectors at airports, but so far as I can tell they don't work -- students from labs I work in who make nitro and diazo compounds for perfectly legitimate reasons and have trace residues on their clothes have told me the machines never pick up a thing even though this is just what they're supposed to find, possibly because they're tuned all the way down not to scare all the people who take nitroglycerine pills for their angina. Now, books aren't the only things you could nitrate. Pants and shirts? Sure. It might take a lot of effort to get things just so or they will look wrong to the eye, but I bet you can do it. Clearly, we can't allow people on planes wearing clothes. Nudity in the air will doubtless be welcomed by many as an icebreaker, having been deprived of their computers and all reading material for entertainment. Then of course there is the question of people smuggling explosives on board in their body cavities, so in addition to nudity, you need body cavity searches. That will, I'm sure, provide additional airport entertainment. By the way, if you really don't think a terrorist could smuggle enough explosives on board in their rectum to make a difference, you haven't been following how people in prison store their shivs and heroin. However, it isn't entirely clear that even body cavity searches are enough. If we're looking for a movie plot, why not just get a sympathetic surgeon to implant explosives into your abdomen! A small device that looks just like a pace maker could be the detonator, and with modern methods, you could do something like setting it off by rapping "shave and a haircut" on your own chest. You could really do this -- and I'd like to see them catch that one. So can someone tell me where the madness is going to end? My back of the envelope says about as many people die in the US every month in highway accidents than have died in all our domestic terrorist incidents in the last 50 years. Untold numbers of people in the US are eating themselves to death and dying of heart disease, diabetes, etc. -- I think that number is something like 750,000 people a year? Even with all the terrorist bombings of planes over the years, it is still safer to travel by plane than it is to drive to the airport, and it is even safer to fly than to walk! At some point, we're going to have to accept that there is a difference between real security and Potemkin security (or Security Theater as Bruce Schneier likes to call it), and a difference between realistic threats and uninteresting threats. I'm happy that the police caught these folks even if their plot seems very sketchy, but could we please have some sense of proportion? Perry From rforno at infowarrior.org Fri Aug 11 10:07:44 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Aug 2006 10:07:44 -0400 Subject: [Infowarrior] - Microsoft security--no more second chances? Message-ID: Microsoft security--no more second chances? By Charles Cooper http://news.com.com/Microsoft+security-no+more+second+chances/2010-1002_3-61 04512.html Story last modified Fri Aug 11 05:58:02 PDT 2006 As if Homeland Security Secretary Michael Chertoff didn't have enough on his plate. Not only has he had to deal with Katrina and Osama. Now he's also got to whip Steve Ballmer and the crew at Microsoft into shape. If past is prologue, that last task may be the most daunting of all. In a remarkable declaration earlier this week, the Department of Homeland Security--a bureaucracy set up to deal with stuff that generally falls under the category of national emergency--called on all users of Windows software to install a new security patch issued by Microsoft. This wasn't your garden variety flaw. The fear in Washington was a repeat of something like the chaos caused by the MSBlast worm in 2003. By now, Chertoff's people must be thoroughly frustrated that Microsoft still turns out poorly designed products. By now, Chertoff's people must be thoroughly frustrated that Microsoft still turns out poorly designed products. What with terror plots being uncovered overseas and threats of airline bombings, cybersecurity obviously is not the top headline this week. But the threat of a network meltdown has not disappeared--especially when flaws so regularly turn up in Windows, the computer operating system most people in this country use. The Microsoft monoculture is a fact of life in government and corporate circles. And that comes at a price in the coin of vulnerable computer security. Microsoft contends that the situation is improving and that it's doing the maximum to make sure that Windows and the other software products it sells go out the door with as few problems as possible. Each month, the company issues a security update in which it patches problems. And every Microsoft spokesman within earshot can be counted on to solemnly pledge the company's maximum effort. It's a familiar refrain. Ever since Bill Gates announced Microsoft's Trustworthy Computing initiative four and a half years ago, the company says it has reshuffled its development priorities. Cool new features were to take a backseat to improved security and privacy. Yet the problem lingers. In the last three years, Microsoft has issued an increasing number of yearly security bulletins, in which several patches get put online to fix problems in existing applications. The company sees this as evidence that it's on top of things, not an indictment of managerial incompetence. If you want to find someone to blame, Gates says, point a finger at the "malicious people" out there looking to "take advantage of whatever things there are." What did you expect him to say? That it's Microsoft's fault? That would be too hot to handle. Gates and the rest of the brass stick closely to the script but clearly know that Microsoft can't keep turning out finished products that are as porous as Swiss cheese. Defenders will argue that it's unfair to demand perfection from Microsoft; that software is an imperfect art. And besides, they add, is the Mac operating system or Linux bulletproof? Clearly, the answer is no. But the number of security holes turning up in either operating system is a fraction of what turns up in the Windows world. The oddest part is how we've become so accustomed to the status quo when "Patch Tuesday" rolls around. Another few holes get closed with a magic Microsoft download, and we're safe (unless the bad guys first found a way to burrow into our systems). Here's something to consider: If bridge builders or airplane designers applied the same standards to their labors, do you believe that the public would so easily forgive the regularity with which bridges would collapse and airliners fall out of the sky? Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Fri Aug 11 20:41:58 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Aug 2006 20:41:58 -0400 Subject: [Infowarrior] - Chipped US Passports Coming Monday Message-ID: Chipped Passports Coming Monday http://www.wired.com/news/wireservice/1,71583-0.html Associated Press 16:30 PM Aug, 11, 2006 WASHINGTON -- Despite ongoing privacy concerns and legal disputes involving companies bidding on the project, the U.S. State Department plans to begin issuing smart chip-embedded passports to Americans as planned Monday. Not even the foiled terror plot that heightened security checks at airports nationwide threatens to delay the rollout, the agency said. Any hitches in getting the technology to work properly could add even longer waits to travelers already facing lengthy security lines at airports. The new U.S. passports will include a chip that contains all the data contained in the paper version -- name, birth date, gender, for example -- and can be read by electronic scanners at equipped airports. The State Department says they will speed up going through customs and help enhance border security. Privacy groups continue to raise concerns about the security of the electronic information and a German computer security expert earlier this month demonstrated in Las Vegas how personal information stored on the documents could be copied and transferred to another device. But electronic cloning does not constitute a threat because the information on the chips, including the photograph, is encrypted and cannot be changed, according to the Smart Card Alliance, a New Jersey-based nonprofit group made up of government agencies and industry players. "It's no different than someone stealing your passport and trying to use it," Randy Vanderhoof, executive director of the alliance, said in a statement. "No one else can use it because your photo is on the chip and they're not you." Yet the ability to clone the information on the chips may not be the sole threat, privacy advocates argue. A major concern is that hackers could pick up the electronic signal when the passport is being scanned, said Sherwin Siy, staff counsel at the Washington-based Electronic Privacy Information Center, a leading privacy group. "Many of the advantages the industry is touting are eliminated by security concerns," Siy said. After testing the passports in a pilot project over the past year, the government insists they're safe. Numerous companies competed the last two years to provide the technology. One winner was San Jose, California-based Infineon Technologies North America, a subsidiary of Germany's Infineon AG. Another was French firm Gemalto, which earlier this month announced that it had received its first production order from the Government Printing Office. It is producing the passports for the State Department, using the Infineon technology. Another company, On Track Innovations, was notified July 31 that it had been eliminated from consideration and is appealing the decision, a spokeswoman for the Fort Lee, New Jersey, company said this week. On Track previously had been eliminated but appealed that decision in the U.S. Court of Federal Claims in Washington, D.C., which found in favor of the company and ordered it be reinstated. Infineon has been approved for production-quantity orders but hasn't received any because of the unresolved legal dispute, said Veronica Meter, a spokeswoman for the Government Printing Office. The rollout that begins Monday will use technology built up during the pilot project. Neville Pattinson, director of technology and government affairs for Gemalto in Austin, Texas, would not discuss financial terms of the contract. He acknowledged the economic potential is massive, noting that the State Department issued 10 million passports in 2005 and expects that to increase to 13 million this year. Citizens who get new passports can expect to pay a lot more. New ones issued under this program will cost $97, which includes a $12 security surcharge added last year. Not all new passports will contain the technology until it's fully rolled out -- a process expected to take a year. Existing passports without the electronic chips will remain valid until their normal expiration date. American Depository Shares of Infineon fell 12 cents to $10.65 Friday on the New York Stock Exchange. From rforno at infowarrior.org Fri Aug 11 20:46:14 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Aug 2006 20:46:14 -0400 Subject: [Infowarrior] - The New Shape Of Fear Message-ID: The New Shape Of Fear At the Airport, Toiletries Take On Diabolical Meaning By DeNeen L. Brown Washington Post Staff Writer Friday, August 11, 2006; C01 http://www.washingtonpost.com/wp-dyn/content/article/2006/08/10/AR2006081001 666_pf.html Whoever thought it would come to this, when the evils of humanity could be squeezed into a tube of toothpaste? Squeezed into ordinary, everyday items so benign and necessary that common people would not have thought them potential containers of evil. Like, really? Bottles of shampoo? Suntan lotion? Hand cream? Hair gel? Clear vessels of spring water? Dumped like potential tools of criminals at airport security terminals, prohibited from being smuggled in carry-on luggage. Clear containers of suspicion: insulin without a patient's name? Throw it away. Breast milk without the baby? Throw it out. What evil man would carry a bottle of baby formula without a baby? W.H. Auden wrote: "Evil is unspectacular and always human / And shares our bed and eats at our own table." What happens when the ordinary becomes extraordinary, becomes suspicious? What happens when a woman -- or man, perhaps Johnny Depp -- can no longer be trusted carrying a tube of mascara onto a plane? What happens when the unsuspected, tiny products on grocery shelves -- chocolate syrup, jars of jam, grape juice -- gnaw away at security and, thereby, sanity in a world where colors became threats? Where orange no longer means happiness but "High Risk of Terrorist Attacks?" At Reagan National Airport, men in black uniforms are standing at the end of moving sidewalks passing out hastily made fliers: "By Order of the Department of Homeland Security Transportation Security Administration -- PASSENGERS MAY NOT HAVE LIQUIDS OR GELS OF ANY SIZE AT THE SCREENING CHECKPOINT OR IN THE CABIN OF THE AIRCRAFT. . . . Beverages purchased in the sterile area must be consumed before boarding the aircraft." And you think maybe nowhere is safe -- except "the sterile area" -- but you wonder where that is and would they let you go there if you were really in need of a "sterile" place for your own sanity? Again we are back here, in the lap of terror. But cast into a different dimension of terror, into the hall of ordinary things. Threatened by toothpaste, running out of trust and overtaken by skepticism. "Now, I have that fear when I leave the house in the morning, I never know whether I will come back," says Homa Saghafi, who lives in Fairfax County. "I wonder whether you can still put jelly on sandwiches. Isn't that gel? On the plane, they will give you a drink, but you can't be trusted to take it on." And you wonder about all those people who down bottles of water and gulp their coffee because it would be insane to dump a $5 cup. Don't they become the crazy, jittery ones high on caffeine? And you think of all the waste piling up, produced by people who don't have time to pour liquids into their bodies before they get through security, and you wonder about lines in airplanes for those tiny bathrooms with folding doors and signs admonishing the user to wipe the sink as a courtesy for the next passenger. You walk by emergency boxes that look like old-fashioned telephone booths, but they are lit up from inside with red glowing lights: "Press for Help." You would like to press the button but you are not sure what you would say if somebody answered. Perhaps you would pose the question: What is safe anymore? Where is safety? Can't we just all get along? Will my bottle of Prell kill me? You are in search of the "sterile area." You encounter a sign that you are unsure how to read. It is like a relic found on an anthropological dig, a sign of how people once lived long ago. Except the sign is still standing in the lobby of Terminal B. You wonder whether anybody else notices the irony. The sign with a large photo of a steaming cup of coffee says simply: "High Octane." You pass by other signs warning of prohibited items, guns, flammable or explosive materials such as fireworks or lighters, sharp objects, such as knives or pointed scissors, tools such as hammers or screwdrivers, clublike items such as billy clubs, baseball bats and golf clubs, disabling chemicals such as Mace. No one has yet added toothpaste. Another sign that makes you wonder about the age and innocence of the copy writer poses this question: "Exactly Zero percent of passenger jets can be fueled by wind, solar or nuclear energy. So what's the alternative?" The sign is signed "Chevron, Human energy." It is human energy that we have become so afraid of. No computer can match it. No machine can stop its brilliance. Only another human mind could come up with the scenario of assembling bombs on airplanes with liquid hidden in toothpaste. Then you encounter Matt Davenport, 41, of Boston. A staff sergeant in the Air Force. He is sitting with Roger Hardy, 36, a former specialist in the Army. And they are drinking coffee outside the security gate. And they are not alarmed by this latest security threat. They have no problem with officials confiscating toothpaste. "I think they are doing their jobs," Davenport says. "If the public has a problem with it, take a bus." "It's not the toothpaste," Hardy adds, "it's what can be in the toothpaste." They say because of their military experience they have a more profound understanding of the dangers that elude us. "More than the general public who are out doing their every day-to-day life. They are not involved in daily confrontations with bad guys," Davenport says. "We are aware of certain things that ordinary people don't talk about." "Good security," Hardy adds, "is not necessarily convenient." They are on their way home to Boston. They have not yet gone through their carry-on bags to dump the toothpaste. But they seem unafraid. "It's part of life," Hardy says. "It's always there. You don't wake up and say, 'Oh, my God, something bad will happen today.' You just live knowing it's there." "The threat will always be there," Davenport says. "It's been here long before 9/11. It's been around forever. " "A lot of people don't like Americans when you go overseas," Hardy says. And you think as you stand there, this is what those Americans mean when they say, "They serve, so you don't have to." And you thank them for their service. Because their knowledge seems to make you feel a bit more secure. But you have one more question for them, since they are waiting. "Does this mean, then, that man is inherently good or inherently evil?" Because you really want to know. Because the tubes of toothpaste and bottles of shampoo have you thinking evil thoughts. "I think good," Davenport says. "For every whack job, nut case, zealot, there are people who just want to live their lives." So you walk away a bit more secure. Still, you are looking for that sterile place just in case that orange thing is real. And you notice there is so little chaos here, now hours after the news from England broke. And you think how quickly people adapt to threat. The lines are snaking with a certain order. The trash cans are filled with full water bottles and coffee cups and bottles of lotion. And you think about the power of things. And you wander into As Kindred Spirits, a store with pretty things, and you begin to wonder whether pretty things, too, will soon be banned. Like this shiny metal box that is inscribed with the words: "Angels fly because they take themselves lightly." And: "No act of kindness no matter how small is wasted." Just then, Laurie Lemmons, who is on her way to Atlanta, asks the clerk: "Ma'am, would we be able to take this stuff on the airplane today?" "It's metal," the clerk replies. "I think so." Behind the counter hangs a wooden piece of art on which words are painted: "They came to sit and dangle their feet off the edge of the world, and after a while they forgot everything but the good and true things they would do someday." ? 2006 The Washington Post Company From rforno at infowarrior.org Fri Aug 11 22:12:30 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Aug 2006 22:12:30 -0400 Subject: [Infowarrior] - RIAA Asks for Blanket Gag Order Before Attending Depositions Message-ID: "First rule of RIAA Lawsuits is You Don't Talk About RIAA Lawsuits..." RIAA Asks for Blanket Gag Order Before Attending Depositions in UMG v. Lindor; Ms. Lindor's Lawyers Refuse, Ask Judge to Compel Depositions In UMG v. Lindor the RIAA has refused to go forward with letting the defendant's lawyers take plaintiffs' depositions without a blanket confidentiality stipulation making all of the contents of the deposition transcripts confidential. In view of the strong public interest in these cases, Ms. Lindor's lawyers refused to agree to such a stipulation. Instead they have made a motion to compel the plaintiffs to appear for their depositions, without any preconditions. In the alternative, Ms. Lindor's lawyers said they would consent to a limited order that would give the RIAA 10 days after receiving a copy of the transcript to object to specific portions of it being disclosed. < - > http://recordingindustryvspeople.blogspot.com/2006/08/riaa-asks-for-blanket- gag-order-before.html From rforno at infowarrior.org Fri Aug 11 22:16:06 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Aug 2006 22:16:06 -0400 Subject: [Infowarrior] - International CIIP Handbook 2006 (Vol. I) Message-ID: The third edition of the International Critical Information Infrastructure Protection (CIIP) Handbook focuses on key aspects of CIIP related to security policy. The Handbook enjoys a wide readership in governmental circles, business, and industry as well as in the academic world. The first (2002) edition of the CIIP Handbook contained an inventory of protection policies in eight countries (Australia, Canada, Germany, the Netherlands, Norway, Sweden, Switzerland, and the United States) and their methods employed for CII assessment. The second edition (2004) included an update of existing surveys and covered six additional countries (Austria, Finland, France, the United Kingdom, Italy, and New Zealand) as well as international protection efforts. The latest version continues the tradition of the past two editions, while its scope has been extended: not only has the country survey section been further expanded with a specific focus on Asia by including India, Japan, the Republic of Korea, Malaysia, Singapore, and Russia, but it is also accompanied by a second volume with in-depth analysis of key issues related to CIIP. The CIIP Handbook is the product of a joint effort within the CRN partner network. http://www.isn.ethz.ch/crn/publications/publications_crn.cfm?pubid=494 From rforno at infowarrior.org Fri Aug 11 22:17:51 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Aug 2006 22:17:51 -0400 Subject: [Infowarrior] - International CIIP Handbook 2006 (Vol. II) Message-ID: Abstract The third edition of the International Critical Information Infrastructure Protection (CIIP) Handbook focuses on key aspects of CIIP related to security policy. The Handbook enjoys a wide readership in governmental circles, business, and industry as well as in the academic world. The first (2002) edition of the CIIP Handbook contained an inventory of protection policies in eight countries (Australia, Canada, Germany, the Netherlands, Norway, Sweden, Switzerland, and the United States) and their methods employed for CII assessment. The second edition (2004) included an update of existing surveys and covered six additional countries (Austria, Finland, France, the United Kingdom, Italy, and New Zealand) as well as international protection efforts. The latest version continues the tradition of the past two editions, while its scope has been extended: not only has the country survey section been further expanded with a specific focus on Asia by including India, Japan, the Republic of Korea, Malaysia, Singapore, and Russia, but it is also accompanied by a second volume with in-depth analysis of key issues related to CIIP. The CIIP Handbook is the product of a joint effort within the CRN partner network. http://www.isn.ethz.ch/crn/publications/publications_crn.cfm?pubid=497 From rforno at infowarrior.org Sat Aug 12 00:05:59 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 12 Aug 2006 00:05:59 -0400 Subject: [Infowarrior] - OpEd: The 10-Year-Old Terrorist Plot Message-ID: The 10-Year-Old Terrorist Plot Security experts knew of this kind of plan, and have been urging carry-on restrictions, since before 9/11. Why is TSA so late? By Susan Trento and Joseph Trento http://www.latimes.com/news/opinion/commentary/la-oe-trento11aug11,0,5975663 .story?coll=la-opinion-center ONE MONTH short of the fifth anniversary of 9/11, the United States awakened to news that British authorities had broken up a purported plot to use liquid chemical bombs to blow up as many as 10 American-owned planes as they flew across the Atlantic to the U.S. Officials and experts have said the plot had the "hallmarks" of an Al Qaeda/Osama bin Laden plan. The cable networks breathlessly reported new rules: For now, limited carry-on luggage. Passengers may not bring on board any liquids ? water, drinks, lotions. Only liquid prescription medicine or breast milk would be allowed as carry-on aboard planes bound from Britain to the United States, and on all U.S. carriers. As usual when it comes to homeland security, the authorities are way behind the curve. It's infuriating. During the mid-1990s, the U.S. took into custody two Kuwaiti men who had devised the technical plan for Operation Bojinka ? the name for a plan to blow up a large number of jumbo jets over the Pacific. In a test, the perpetrators in 1994 blew up an unsuspecting Japanese businessman in his seat on a Philippine domestic flight by wiring a device using a watch and liquid explosive disguised in a contact-lens case. This proved to the terrorists that they could get explosives aboard undetected. Thanks to Philippine intelligence, the U.S. eventually arrested the two terrorists, Abdul Hakim Murad and Ramzi Ahmed Yousef. The two told the CIA about Bin Laden's plans to knock down big buildings using planes and blow up airliners using small chemical bombs. That was in 1995. (Yousef was later convicted in the U.S. for the 1993 bombing of the World Trade Center.) Thursday, the British arrested 24 people, including one airport employee. Nine of those were allegedly set to board flights carrying mini-bombs disguised as everyday liquids. The liquids were to have been mixed together on board and turned into bombs. Authorities said the terrorist cell was believed to have as many as 50 members. A few hours later, the Bush administration put on a dog-and-pony show, with elevated alert levels and the Department of Homeland Security barring liquids on U.S. flights. The Transportation Security Administration mentioned nothing about screening the 600,000 employees who work in U.S. airports or the airport contractors who service the planes. How hard would it be for one of them to substitute an explosive in a cola can or water bottle, or even in the liquids used to clean the planes? It was business as usual for the TSA: Give passengers and the public the illusion of security but not the reality. One TSA official ? disgusted with the agency's standard practice of putting on a strong show of security at the passenger screening checkpoints while ignoring yawning holes in security elsewhere in the civil aviation system ? has referred to it as "just more eye candy ? feel-good stuff." After spending $20 billion on aviation security, we still have not developed a defense against ideas terrorists had six years before 9/11. It doesn't require a genius to figure out that terrorists might try a version of Operation Bojinka again. There was a sense of absolute panic in the TSA's announcement that liquids would not be permitted on airplanes. Yet security experts have been recommending for years that carry-on baggage be strictly limited. In 2001, the TSA did ban matches, box cutters and small knives. Then, in December, it started allowing them again. Though chastised in the report by the independent 9/11 commission for failing to act on information already in hand, the TSA has never forbidden the types of liquids it is now temporarily banning, even though it was fully aware of the Bojinka effort and Al Qaeda and Bin Laden's penchant for going after targets until he succeeds in bringing them down. We were fortunate this time, but we can't depend that we will be again. From rforno at infowarrior.org Sat Aug 12 00:13:00 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 12 Aug 2006 00:13:00 -0400 Subject: [Infowarrior] - Will AOL Goof Trigger New U.S. Law? Message-ID: Will AOL Goof Trigger New U.S. Law? Will AOL Goof Trigger New U.S. Law? By Frederick Lane August 10, 2006 11:04AM http://www.sci-tech-today.com/story.xhtml?story_id=02300000MCAG The bill would require Internet companies to destroy obsolete electronic data, and particularly data that could be used to individually identify consumers. The bill would also instruct the Federal Trade Commission to set up standards for the maintenance and destruction of data, and enforce the provisions of the law. New browsers are coming that could make or break your online sales. Read ?SSL in High-Security Browsers? to discover the latest best practices for keeping your customers and sales secure. The news that AOL released the search histories of 658,000 of its users is renewing calls for federal legislation to protect consumer privacy online. In the wake of the disclosure, Representative Edward Markey (D-Mass.) urged his colleagues to take action on privacy legislation he proposed in February of this year. "Technology is the engine which will drive our economy into the next century, but the success of this technology balances on the public trust," Markey said. "If 2005 was the year of the data breach, I want to make sure that 2006 is the year of safeguarding the privacy of American citizens by introducing legislation to prevent the stockpiling of private citizens personal data." Mandatory Deletion Markey's bill is H.R. 4731, the Eliminate Warehousing of Consumer Internet Data Act (EWOCID). The bill would require Internet companies to destroy obsolete electronic data, and particularly data that could be used to individually identify consumers. The bill would also instruct the Federal Trade Commission to set up standards for the maintenance and destruction of data, and enforce the provisions of the law. The language of the bill does not define when data should be declared "obsolete," and does allow companies to retain data for "legitimate business purposes" or to satisfy court orders. "In this digital information age, the personal data we hand over to dozens of Web sites are the keys which unlock the personal lives and valuable possessions of millions of Americans," Representative Markey said. "This stored-up data about consumers' Internet use should not be needlessly kept in perpetuity, inviting data thieves or fraudsters, or disclosure through judicial fishing expeditions." Markey's bill has languished in committee since it was introduced, and there is no indication from the Republican leadership in the House as to when any action will be taken on the bill. "It's worth having a debate about what type of protections [those corporations] should have," said Dave McGuire, director of communications for the Center for Democracy and Technology. "It is also reasonable to ask companies about what they're doing and what their plans are for data. Companies should disclose if there are procedures in place to prevent misuse." McGuire also added that there is no government standard regarding data collection and storage. Previous Federal Privacy Laws Congress has typically taken a hands-off approach to privacy, but it has responded in the past to high-profile privacy invasions. During the Senate hearings on Judge Robert Bork's nomination to the Supreme Court, for instance, reporters obtained lists of the movies he had rented (none were particularly salacious). Congress responded by passing the Video Privacy Protection Act, which bars the release of such information. Some years earlier, a stalker obtained the address of actress Rebecca Schaeffer from the California Department of Motor Vehicles and shot her when she answered his knock at the door. That tragic event spurred passage of the federal Drivers Privacy Protection Act. From rforno at infowarrior.org Sat Aug 12 23:47:17 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 12 Aug 2006 23:47:17 -0400 Subject: [Infowarrior] - Your Life as an Open Book Message-ID: August 12, 2006 Your Life as an Open Book By TOM ZELLER Jr. http://www.nytimes.com/2006/08/12/technology/12privacy.html?pagewanted=print Privacy advocates and search industry watchers have long warned that the vast and valuable stores of data collected by search engine companies could be vulnerable to thieves, rogue employees, mishaps or even government subpoenas. Four major search companies were served with government subpoenas for their search data last year, and now once again, privacy advocates can say, ?We told you so.? AOL?s misstep last week in briefly posting some 19 million Internet search queries made by more than 600,000 of its unwitting customers has reminded many Americans that their private searches ? for solutions to debt or bunions or loneliness ? are not entirely their own. So, as one privacy group has asserted, is AOL?s blunder likely to be the search industry?s ?Data Valdez,? like the 1989 Exxon oil spill that became the rallying cry for the environmental movement? Maybe. But in an era when powerful commercial and legal forces ally in favor of holding on to data, and where the surrender of one?s digital soul happens almost imperceptibly, change is not likely to come swiftly. Most of the major search engines like Google, Yahoo and MSN collect and store information on what terms are searched, when they were queried and what computer and browser was used. And to the extent that the information can be used to match historic search behavior emanating from a specific computer, it is a hot commodity. As it stands now, little with regard to search queries is private. No laws clearly place search requests off-limits to advertisers, law enforcement agencies or academic researchers, beyond the terms that companies set themselves. ?This is a discussion that we as a society need to have,? said Kevin Bankston, a lawyer with the Electronic Frontier Foundation, a rights organization based in San Francisco. Mr. Bankston?s group, which is spearheading a class-action lawsuit against AT&T for sharing consumer phone records with the National Security Agency, issued an alert this week calling the AOL incident a ?Data Valdez,? asserting that it may be in violation of the Electronic Communications and Privacy Act, which regulates some forms of online communications. ?I am very skeptical of any claims that the monetary worth of this information to these companies is worth the privacy trade-off to millions of people,? Mr. Bankston said. That is not to say that marketers are not keenly interested in being able to push ads to a particular computer based on the types of searches coming from that address over time. For users who register as members with some search engines, including Yahoo, this is already happening ? although consumers are unlikely to realize it. Which is why privacy advocates question whether such advertising models are appropriate in the first place. ?In many contexts, consumers already have the expectation that information about their cultural consumption will not be sold,? said Chris Jay Hoofnagle, a senior researcher at Boalt Hall School of Law at the University of California, Berkeley. ?They understand that the library items that they check out, the specific television shows that they watch, the videos that they rent are protected information.? Indeed, legislation like the Cable TV Privacy Act of 1984 and the Video Privacy Protection Act of 1988 were tailored to keep the specific choices consumers make in their daily diet of cultural ephemera off limits. There are exceptions: video ?genre preferences,? for instance, may be disclosed for marketing purposes. And of course, such fare as magazine subscription lists and club membership information are bought and sold for marketing purposes all the time. But how to characterize a search engine?s vast catalog, not of what an individual bought, rented or subscribed to, but merely what he or she was curious about ? perhaps only for a moment in time ? for reasons that are impossible to know? That?s one thing that the culture and the law need to address fully, Mr. Hoofnagle suggested. And simply relying on the terms of service posted by Internet companies to sort things out, he said, is not enough. ?The problem with the consent model is that users don?t read the terms and it?s hard to comprehend what the effect of storing the data over time will be,? Mr. Hoofnagle said. ?And there?s a corresponding promise that the company will protect the data,? he added, ?and sometimes, obviously, those promises are broken.? Indeed, AOL?s publication of user search data comes in a social context that is newly sensitive about data leaks. ?Part of this conversation should be about the responsibility of companies to maintain data securely,? said Mr. Hoofnagle, who was among several privacy advocates who were critical of ChoicePoint, the large commercial data broker, in the months before the disclosure in February last year that criminals had foiled its screening protocols and gained access to consumer information. ?The longer companies hold onto information, the greater the risk,? Mr. Hoofnagle said. The ChoicePoint debacle, in fact, was a watershed moment for data security law, at least at the state level, with at least 30 states enacting some form of breach-notification legislation requiring businesses to notify consumers if their information is compromised. Numerous bills have been proposed in Congress as well, but pitched battles between privacy advocates, who seek comprehensive data protections for consumers, and the financial industry, which wants to limit any onerous legislation and pre-empt tougher state laws, have stalled progress. It is not surprising, then, that a bill by Representative Edward J. Markey, Democrat of Massachusetts, that seeks to force Web sites, including search engines, to purge old data, has not moved since its introduction in February. ?Corporate negligence with consumers? personal information shouldn?t be tolerated by average Americans, the financial markets, or the federal government,? Representative Markey said in an e-mail message. The bill was inspired by the Justice Department?s subpoenas for search data held by MSN, Yahoo, AOL and Google this year ? a move aimed at bolstering the government?s efforts to uphold an online child pornography law. Google was alone in resisting the subpoena in federal court, which mostly sided with the company, granting the government access only to information on Web site addresses returned in Google searches, rather than search terms entered by users. And yet the vast data troves held by search engines and Internet companies of all stripes continue to present an irresistible investigatory target, particularly in an era of terrorist plots like the one that seriously disrupted British airports, and much of the rest of global aviation this week. In December, the European Parliament passed sweeping data retention rules aimed at the telecommunications and Internet industries, requiring that fixed-line and cellphone records, e-mail and Internet logs be stored for up to two years. The measure was lauded by law enforcement groups but decried by privacy advocates and even industry, which would have to find space ? and money ? to store it all. Congress, too, has toyed with the idea of drafting data retention legislation, and Attorney General Alberto R. Gonzales has signaled on numerous occasions that he would like to see that happen. Speaking at the Search Engine Strategies 2006 Conference and Expo in San Jose, Calif., on Wednesday, Google?s chief executive, Eric E. Schmidt, suggested that government interest in the sort of information Google archives remains a chief concern for his company. ?I?ve always worried that the query stream was a fertile ground for governments to randomly snoop on people,? he said. In a public forum with Danny Sullivan, the editor of Search Engine Watch, an online news blog, and the San Jose event?s organizer, Mr. Schmidt was asked about the AOL incident. ?It?s obviously a terrible thing, and the data as released was obviously not anonymized enough,? Mr. Schmidt said. Mr. Schmidt also said his company, which stores every query its visitors make, deploys numerous safeguards to protect and keep that data anonymous, and that he was confident that ?this sort of thing would not happen with Google ? although,? he added, ?you can never say never.? That might be the battle cry of privacy advocates, who wonder why any company that doesn?t have to, and that wants to maintain the faith of its customers, would bother to hang onto so much data. ?This AOL breach is just a tiny drop in the giant pool of information that these companies have collected,? Mr. Bankston said. ?The sensitivity of this data cannot be overemphasized.? A similar sentiment was at the heart of an e-mail message sent to employees by AOL?s own chief executive, Jonathan F. Miller, on Wednesday. ?We work so hard to protect this kind of information, and yet it was made public without review by our privacy experts, undermining years of industry leadership in a single act,? Mr. Miller wrote. ?The reaction has been a powerful reminder of how quickly a company such as AOL can forfeit the good will we have worked for years to engender.? From rforno at infowarrior.org Sat Aug 12 23:50:20 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 12 Aug 2006 23:50:20 -0400 Subject: [Infowarrior] - Focused on 9/11, U.S. Is Seen to Lag on New Threats Message-ID: August 12, 2006 Domestic Security Focused on 9/11, U.S. Is Seen to Lag on New Threats By ERIC LIPTON and MATTHEW L. WALD http://www.nytimes.com/2006/08/12/washington/12homeland.html?ei=5088&en=1d8f 380806578498&ex=1313035200&partner=rssnyt&emc=rss&pagewanted=print WASHINGTON, Aug. 11 ? The Department of Homeland Security has taken significant steps since the Sept. 11 terrorist attacks to make it much harder to turn a plane into a flying weapon. But a nearly obsessive focus on the previous attacks may have prevented the federal government from combating new threats effectively, terrorism experts and former agency officials say. The arrests overseas this week of people accused of planning to use an explosive that would be undetectable at airports illustrates the significant security gaps, they said. While the department has hardened cockpit doors and set up screening for guns and knives, it has done far too little to protect against plastic and liquid explosives, bombs in air cargo and shoulder-fired missiles, the experts say. The nation is still at risk from the same ?failure of imagination? cited by the 9/11 commission as having contributed to the success of the 2001 attack, several argued. ?They are reactive, not proactive,? said Randall J. Larsen, a retired colonel in the Air Force who is chairman of the military strategy department at the National War College in Washington. Robert M. Blitzer, who served 26 years in the Federal Bureau of Investigation, including as head of its counterterrorism unit, said the federal government had a serious problem because its personnel today turned over far too quickly. Mr. Blitzer, now an analyst at ICF International, in Fairfax, Va., said: ?They don?t have enough continuity and knowledge to know what they?re up against. Stability is a big thing for identifying trends. It?s not easy to do. Sometimes all you have is just snippets of information.? Justin P. Oberman, a former senior policy official at the Transportation Security Administration, said the problem was not lack of imagination but limited money available to invest in the technologies needed. ?Too much is weighted toward looking for knives and guns on people coming through the checkpoint and screening every checked bag,? Mr. Oberman, who left the agency last year, said. Homeland Security Secretary Michael Chertoff, in a news conference Friday, said the department was trying to stay ahead of terrorists. ?We?ve spent about three-quarters of a billion dollars in research on emerging types of technologies in explosives,? Mr. Chertoff said. ?And we are constantly monitoring the world for developments that occur in the field of improvised explosive devices, precisely so we can start to work on countermeasures.? But even at senior levels of the department, there is recognition that this criticism is somewhat fair. ?D.H.S. has to be nimble in a way most government agencies don?t, and that has to be baked into our very DNA,? said Michael Jackson, the deputy secretary, in an interview. ?I am impatient. I don?t think we have gotten as far as we need to go. We can do more, and we can do better. And we must.? The vulnerabilities are clear. A failed plot in 1995, incubated in the Philippines, to bomb 12 United States commercial jets flying out of Asia, centered on the use of triacetone triperoxide, or TATP, a liquid explosive that may also have been the weapon of choice of the plotters in England. The Department of Homeland Security has evaluated technology that it says will search an individual bottle for liquid explosives, but it cannot search all the bottles in a suitcase. It also cannot reliably detect chemicals that are not explosive but become so when mixed. The department is still evaluating technologies for foiling shoulder-fired missiles, a favored tool of rebel groups against military aircraft. One blinds missiles with an infrared laser; another option would be a ground-based antimissile system near airports. The Transporation Security Administration has the technology to inspect small objects shipped as air cargo, but does not have the capacity to do so uniformly. Given the long list of possible threats, and the limited budget to buy equipment to defend against them, it is essential not just to look for threats, Mr. Larsen said, but also to evaluate each one. Mr. Oberman, the former security agency official, said that part of the problem was the mandates imposed on the agency by Congress ? like hiring government employees to do checkpoint screening and inspecting every checked bag instead of focusing the inspections on those considered the highest risk. This results in inspection programs that are so costly there is little money available to research into new threats. When James Loy took over the security agency in 2002, he created a special unit assigned to think like terrorists. ?It was all part of staying on the edge,? he said. But Mr. Loy, who became Homeland Security?s deputy, was in charge of the security agency when it took money that had been set aside for explosive detection research and put it into the hiring of baggage and checkpoint screeners, so that the agency could comply with the mandates. ?What doesn?t exist yet is a risk management process,? said Penrose C. Albright, a former assistant secretary for science and technology at the Department of Homeland Security. ?In the absence of coherent analysis, there?s no way to prevent the system from getting whipsawed. So it?s not surprising that we end up spending a lot of money fighting the last war and not addressing more modern threats.? Mr. Jackson, the deputy secretary, and Kip Hawley, the current security agency administrator, said they recognized that Homeland Security must constantly adjust its game plan. The security agency, for example, last year lifted the ban on small knives and scissors, after Mr. Hawley said the department determined that the hardening of cockpit doors and the presence of more air marshals on flights reduced the threat. The time airport screeners had taken up looking for these small items can be spent looking for other threats, like explosives. The agency is working on a passenger screening machine that can create an X-ray-like image to look for hidden weapons or plastic or liquid explosives. The agency also has ?Red Teams? that invent challenges to test the agency?s response. Mr. Hawley, in an interview Friday, said that airports were the last line of defense in a system in which the first was intelligence, which had worked well this week. Part of being prepared, he said, was what the department did on Wednesday and Thursday, reacting swiftly to intelligence, and literally overnight instituting major changes in screening protocols at all 765 checkpoints nationwide. But Mr. Jackson, who took over as deputy secretary in 2005, said it was clear that Homeland Security must move more aggressively and quickly to search for new ways to detect explosives. As a result, he said, he is preparing to announce a restructuring of the department?s Science and Technology division that will sharpen its focus on the most urgent threats, like liquid explosives, that war games might identify. William J. Broad contributed reporting to this article. From rforno at infowarrior.org Sun Aug 13 00:40:28 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Aug 2006 00:40:28 -0400 Subject: [Infowarrior] - Aircraft-Security Focus Swings to People Message-ID: (c/o M.S.) Aircraft-Security Focus Swings to People Spotting Dangerous Individuals Gains Supporters, but Remains Beset With Problems By LAURA MECKLER and DANIEL MICHAELS August 12, 2006; Page A4 http://online.wsj.com/public/article_print/SB115535025189634122-1lQ7ZS1_41cJ Uw_KOISyeaP3yhQ_20060912.html Security officials trying to protect America's airliners face a twin battle: stopping bad stuff and stopping bad people. Most of the focus has traditionally been on stopping bad stuff, and that is a big challenge. Distinguishing good water bottles from deadly ones will never be easy. So increasingly, security experts think the nation needs to focus more on stopping bad people. Much of the work to stop potential terrorists must occur before they ever walk into an airport, aviation experts say. "By the time you get to the security checkpoint, chances are you've lost the battle," said Douglas Laird, an aviation consultant who once headed security for Northwest Airlines. But U.S. programs aimed at identifying threatening people have been mired in controversies and setbacks including privacy protections, technology troubles and old-fashioned management fumbles. Secure Flight, the Homeland Security program that is supposed to check passengers against a comprehensive terrorist watch list, is the most troubled. The program has been in development for three years and is nowhere close to being put into practice. On the flip side is the Registered Traveler program to identify the good guys through advanced background checks and speed their trip through security so that screeners can focus on lesser-known travelers. But it, too, has been delayed and derided in some circles as a waste of resources. A third initiative, behavior recognition, tries to identify suspicious people at the airport. But the idea languished for years amid concerns about racial profiling. In recent months, the Transportation Security Administration made progress, developing a screening system it believes can avoid those minefields. The program is still at just a handful of airports. To be sure, no matter how good these techniques get, they are meant to complement physical screenings. After discovery of the plot to mix bombs with liquid explosives, the TSA has barred passengers from carrying on most liquids and gels. Homeland Security Secretary Michael Chertoff said Friday that the policy would be modified, but he didn't specify how. Now that the ban on liquids is in place and the threat has been publicized, relaxing it will be tricky. Several experts say they will not be surprised if it sticks. "I'm quite confident it will lead to a permanent ban on liquids," said Clark Kent Ervin, former inspector general for the Department of Homeland Security who is now at the Aspen Institute. "This is apparently as close to 9/11 as we've come since and I think we're going to see some permanent changes, and we should." [TSA] Passengers placed carry-on items in plastic bins before having them screened by a Transportation Security Administration agent yesterday. Other incidents have led to lasting changes in security. After Richard Reid tried to light a bomb in his shoe on a flight bound for Miami in 2001, the TSA required that travelers remove their shoes for screening. Relaxing the rules is tough. A ban after Sept. 11, 2001, on all kinds of sharp objects was scaled back late last year so that screeners could focus on bigger threats, like explosives, but flight attendants and others fiercely protested the change. Some worry that a permanent ban on liquids could keep passengers away. "It took almost four years before people understood a cuticle scissor is not a weapon," said Capt. Duane Woerth, president of the Air Line Pilots Association. "Until we have a system that tries to get bad people instead of bad things we haven't advanced." Meantime, the effort to improve screening of the travelers moves slowly. Under the system in place since before the 2001 attacks, airlines check passenger names against terror watch lists. The new system would have government take over this screening, but its first effort was abandoned in 2004 amid controversy over plans to use commercial databases to look for indications that someone posed a threat. Secure Flight was the next effort. Though it was more modest, considerable concerns persisted over the protection of data and how passengers wrongly flagged could seek redress. Congress banned the TSA from implementing the program until privacy issues were addressed, and the Government Accountability Office issued some harsh reports. The problems were multiple, said Cathleen Berrick, director of the GAO's Homeland Security and Justice program. TSA never figured out how the program would operate, what data would be needed about passengers from airlines or how to protect privacy. "TSA was trying to squeeze a two to three year program into six months," she said. "They were rushing." As a result, earlier this year, the agency put the program on hold and went back to the beginning. Ms. Berrick is now more optimistic. Still, problems persist. Last year, the Justice Department's inspector general raised concerns about the completeness and accuracy of data in a key terrorist database. And even if it works perfectly, Secure Flight can't guard against identity theft. "It won't protect against stealing someone's identity or creating a false identity," Ms. Berrick said. Some aren't persuaded it will ever be effective. "It's obviously unmanageable and results in a huge number of false positives that distract security personnel from finding the true terrorists," said Gregory T. Nojeim, an expert on the program at the American Civil Liberties Union. Bad people can, theoretically, be identified once they are at the airport. By assessing a person's body language and travel details, screeners can make a quick judgment on the threat level. The TSA has a program in place in a few airports to do that now. Called Spot, or Screening Passengers by Observation Technique, it involves specially trained security officers scrutinizing people in security lines and elsewhere in the airport. Write to Laura Meckler at laura.meckler at wsj.com9 and Daniel Michaels at daniel.michaels at wsj.com10 From rforno at infowarrior.org Sun Aug 13 12:27:06 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Aug 2006 12:27:06 -0400 Subject: [Infowarrior] - All Terrorism All the Time: Fear Becomes Reality Show Message-ID: August 12, 2006 Coverage All Terrorism All the Time: Fear Becomes Reality Show By ALESSANDRA STANLEY http://www.nytimes.com/2006/08/12/arts/television/12tvwatch.html?pagewanted= print By yesterday the morning shows were back to consumer tips ? only the advice was about packing for red alerts, not campgrounds and water parks. An expert on ?Today? instructed Ann Curry on how to ?be a minimalist.? On CBS, Harry Smith performed a cheery show-and-tell about the risks of carrying aboard lip gloss, conditioner and, most of all, nail polish remover. Even ?The Insider,? the syndicated gossip show, found its own way to the foiled terrorist plot: on Thursday night?s edition, it reported on celebrities ? Kim Cattrall and Kevin Spacey ? who were delayed at Heathrow. The averted bombings ? an extensive attack that may have been timed to coincide with the anniversary of Sept. 11 ? does not answer the question of whether the public is safer now than it was five years ago. European and American security forces are more vigilant, but terrorists have also grown more virulent. What the close call did show is how far terrorism has metastasized on television. It?s a fact of life at airports and on news programs, but even entertainment shows feel compelled ? or entitled ? to weigh in. Islamic terrorism is woven into the fabric of prime-time thrillers like ?24? and ?The Unit,? but it also surfaces on police shows and legal dramas. The first season of the Showtime series ?Sleeper Cell,? about an undercover agent who infiltrates a cell of Muslim conspirators in Los Angeles, eerily presaged the London plot ? including terrorists who are Westerners who converted to Islam. Through magnification and repetition, cable news does two opposite things at once: it stokes fear and inures viewers to danger. CNN chose a relatively prosaic rubric for its report, ?Security Alert,? while Fox News chose the more vivid title ?Terror in the Sky.? (MSNBC went for the wordier ?Target America: Terror in the Sky.?) All the cable news programs used music and graphics to hype any new development as a ?breaking news? bulletin so important it would seem to merit interruptions by the Emergency Alert System. (?If this had been an actual emergency, you would have been instructed where to tune in your area for news and official information.?) Yet the fact that the United States raised the security alert level to a limited red for the first time was relayed quite calmly. Yellow alerts have come and gone over the past few years, and this terrorist attack, however elaborate and deadly, was safely defused before the public knew of it. Homeland Security Secretary Michael Chertoff made appearances on almost every news program imaginable to reassure the public that this was just a precaution to match Britain?s security rating, but also, perhaps, to take the victory lap that the British officials who broke up the plot were too busy to make. Comedians felt safe enough to joke about it. On Comedy Central, Stephen Colbert said he had elevated his show?s security level to brown. (?Somebody spilled coffee on the chart.?) CNN and others kept repeating the rules of the liquid ban (no to baby oil, yes to baby formula) long after travelers had caught on and airport delays had abated ? mostly because the piles of discarded shampoos and after-shave provided a way to illustrate a story that fortunately had few vivid images. By late afternoon yesterday, even CNN was making light of the restrictions on lotions and creams, showing a lively montage of passengers tossing out toiletries. (A woman who threw away an $80 tube of foundation winced and said, ?That hurt.?) Television labeled the changes ?the new normal,? a catchphrase that by yesterday had spread throughout the spectrum, from the ?NBC Nightly News? to Tucker Carlson debating, on his MSNBC show, ?Tucker,? whether the administration was right to secretly beef up surveillance measures. These kinds of precautions are not new, and they certainly are not normal. It?s the coverage that has normalized. From rforno at infowarrior.org Sun Aug 13 12:33:04 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Aug 2006 12:33:04 -0400 Subject: [Infowarrior] - OT: Fine Fast Food Is Just 'Gourmeh' Message-ID: (Not tech/security related but just a fun piece to read........rf) Fine Fast Food Is Just 'Gourmeh' http://www.wired.com/news/columns/0,71561-0.html?tw=wn_index_24 By Lore Sj?berg 02:00 AM Aug, 09, 2006 I live in Berkeley, California, a town so dedicated to gourmet food that if you wanted to find artisanal cheese made with milk from a grass-fed goat that received daily shiatsu massage and affirmations from its own spirit coach, you might have to go to two stores to find it. There was a time, before sushi hit strip malls, chai hit Starbucks, and Iron Chef hit the airwaves, that this was considered peculiar. What's an arugula and why does it cost 10 times as much as good old iceberg lettuce? Berkeley prides itself on being peculiar, so all was well. Things have been changing, though, as things do. I don't go to Sizzler that often, but I'm pretty sure they didn't used to have baby spinach and blue cheese crumbles to go along with the iceberg lettuce and shredded cheddar. Pizza chains, once wary of this newfangled pesto substance, are now offering all sorts of psychedelic combinations involving artichoke hearts, Thai peanut sauce, hummus, roasted walnuts and presumably some of that massaged goat cheese if you ask politely. Options are always nice, and I crave novel taste sensations the way panda bears crave bamboo shoots, so initially I thought this was a good thing. And it would be, except that there seems to be some law of food that there's only so much decent flavor in the country, and as more outlets begin to offer it, it starts to taste more and more like something you'd get at a Target snack bar. Croissants become more like dinner rolls. Burger chains talk up their "Angus beef" where "Angus" is apparently Latin for "indistinguishable from the other stuff." You start getting sandwiches where the bread is laced with green speckles and topped with white powder, but these may as well be confetti and sawdust for all they add to the flavor. I have a word for food that tries to look like something you'd get at the queen's birthday dinner but tastes like something you'd poke holes in before you microwave it: gourmeh. I figure there are two reasons there's so much gourmeh food out there these days. First off, the mainstream always prefers it if you take the unknown and make it more, well, known. Rough edges are rounded off. Afrika Bambaataa becomes MC Hammer. Actually torn and worn clothing becomes carefully pre-torn and pre-worn fashion. Secondly, quality food generally costs money. Fresh herbs are expensive, but dry herbs and white flour are cheap, and just changing "cheeseburger" to "gourmet deluxe burger du fromage" on the menu costs next to nothing. My solution, because obviously the world is turning to me as the bellwether of food culture, is to let food be what it is. I love weird cheeses. I have some goat cheese downstairs that may or may not have involved shiatsu, but it is washed-rind. It was made a few miles from here and it's wonderful stuff, but I don't expect that Yum Brands is going to be able to make a gordita out of it without charging more than I'm willing to pay for made-up pseudo-Mexican fast food. There's a lot of great cheap food out there. Hamburgers and ribs can be amazing even at a family style price point, if you know where to go. It's hard to screw up a hot dog as long as you don't try something stupid like making it healthy. And for God's sake, don't try to make your national chain-restaurant sandwiches gourmet, just work a little harder to make them good. - - - Born helpless, nude and unable to provide for himself, Lore Sj?berg eventually overcame these handicaps to become a globe-trotter, a day-tripper and a chicken tractor. From rforno at infowarrior.org Sun Aug 13 19:52:28 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Aug 2006 19:52:28 -0400 Subject: [Infowarrior] - Iranian president's new blog Message-ID: Iranian president lambasts US on new blog Sun Aug 13, 2006 12:21 PM ET http://today.reuters.com/news/articlenews.aspx?type=topNews&storyid=2006-08- 13T162106Z_01_BLA353117_RTRUKOC_0_US-IRAN-PRESIDENT-BLOG.xml&src=rss&rpc=22 TEHRAN (Reuters) - Iran's president has launched a Web log, using his first entry to recount his poor upbringing and ask visitors to the site if they think the United States and Israel want to start a new world war. Mahmoud Ahmadinejad, whose speeches are riddled with anti-U.S. rhetoric, also described how he was angered by American meddling in Iran even when he was at elementary school. Ahmadinejad swept to a surprise victory in last year's presidential race by promising the country's poor a fairer share of Iran's oil wealth and emphasizing his own humble origins that led many to vote for him as an "outsider" to Iran's ruling elite. "During the era that ... living in a city was perfection, I was born in a poor family in a remote village," he wrote in a blog dated Friday, after opening with Islamic greetings. His origins as the son of "a hard-bitten toiler blacksmith" may have been humble, but he says he excelled at school where he said he came 132nd out of 400,000 in exams to enter university. As well as promising a better life to the poor, Ahmadinejad has sought to bolster support by refusing to bow to what he says is Western pressure to stop Iran's civilian nuclear program. The West says Iran is building an atomic bomb. His defiance in the stand-off with the West has often played well in the Muslim world, where many are angered by U.S. foreign policy in the Middle East. Analyst Saeed Laylaz said the site -- available in Persian, Arabic, English and French at www.ahmadinejad.ir -- may be seeking to win support from abroad. "Do you think that the U.S. and Israeli intention and goal by attacking Lebanon is pulling the trigger for another world war?" the president asks visitors to the site, offering them the choice to vote 'yes' or 'no'. Ahmadinejad describes how in the first grade at school -- for those aged about seven -- he read newspapers with the help of adults about how the then shah of Iran gave Americans living in Iran immunity from prosecution under Iranian laws. "I realized that Mohammad Reza (Shah) attempted to add another page to the vicious case history which was the humiliation and indignity of the Iranian people versus Americans," he said. He describes listening ardently to the speeches of Ayatollah Ruhollah Khomeini, the shah's vociferous critic and later leader of the 1979 Islamic revolution that overthrew the monarchy. He also discusses Iran's bloody 1980-1988 war with Iraq, in which Ahmadinejad fought as a Revolutionary Guard. But he admitted his opening blog, which runs to more than 2,300 words in the English version, was too long. "From now onwards, I will try to make it simpler and shorter," he wrote. From rforno at infowarrior.org Sun Aug 13 22:35:00 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Aug 2006 22:35:00 -0400 Subject: [Infowarrior] - Spy cameras fail to focus on street crime Message-ID: Spy cameras fail to focus on street crime By Matthew Cella THE WASHINGTON TIMES Published August 13, 2006 http://www.washtimes.com/functions/print.php?StoryID=20060813-121827-2123r Surveillance cameras like those authorized by the D.C. Council for police investigations and now being put in place have shown limited success in decreasing violent crime in other cities. Baltimore, for example, set up about 80 cameras in May 2005 in high-crime neighborhoods. Volunteers and retired law-enforcement personnel monitor the images in real time, but the cameras have not helped put criminals behind bars. "Generally, the State's Attorney's Office has not found them to be a useful tool to prosecutors," office spokeswoman Margaret Burns said. "They're good for circumstantial evidence, but it definitely isn't evidence we find useful to convict somebody of a crime." Miss Burns said Baltimore prosecutors kept detailed statistics from the first nine months of the camera program. Most of the 500 cases forwarded to prosecutors were quality-of-life crimes, she said, and 40 percent of those cases were dropped by prosecutors or dismissed by the courts. "We have not used any footage to resolve a violent-crime case," she said. Miss Burns said police sometimes misidentify suspects because the cameras produce "grainy" and "blurry" images. "We have had that happen more than once," she said. The D.C. Council, faced with a sharp increase in crime, passed emergency legislation July 19 that allows the Metropolitan Police Department to use surveillance cameras in neighborhoods as part of an emergency plan. D.C. workers on Thursday began installing the first four of an expected 47 cameras throughout the city. Officials said the four cameras are temporary and will be replaced by permanent ones later this month. About 24 cameras will be deployed by the end of August, and 23 more will be added in September, police said. Police Chief Charles H. Ramsey is required to notify only two persons about plans to place a camera in any given neighborhood: an advisory neighborhood commissioner and the appropriate council member. The cameras will operate 24 hours a day, but police will review the images only when a known crime may have been recorded. Chicago deployed a few dozen cameras in neighborhoods in July 2003. Authorities there captured their first drug transaction 19 months later, in February 2005. Police arrested three suspects and confiscated 12 packets of heroin. However, the cameras have not helped in criminal investigations. "From my perspective, I would love it if we had footage of the murderer leaving the house, but that hasn't happened yet," said Kevin Smith, a spokesman for Chicago's Office of Emergency Management and Communications, which administers and monitors the 170-camera network. Police in San Francisco said a camera paid off in an investigation for the first time in June, when they arrested a man in connection with a shooting in April. Nine months after the first cameras were installed in neighborhoods, a camera captured the image of a man getting out of a car. The man subsequently shot at another man and missed, injuring a 13-year-old girl. The image was not recorded, but police said the camera was key to the investigation. Surveillance cameras also have generated headlines for the wrong reasons. In April 2005, a San Francisco police officer was suspended from the department for using surveillance cameras to ogle women at San Francisco International Airport. New York officials say surveillance cameras in public-housing projects have led to substantial decreases in crime. Written policies and random audits help guard the system against abuse, but that proved ineffective when the tape of a 22-year-old man who fatally shot himself in the lobby of a housing project in March 2004 surfaced on a pornographic Web site. Critics argue that cameras only push criminals into unobserved areas. A University of Cincinnati study in 2000 concluded that surveillance cameras have a short-term deterrent effect, which likely would increase when the public is notified about their presence. Cameras in Baltimore, Chicago, New York and San Francisco are labeled as police property. No police department logos are affixed to the D.C. cameras that were in place before the recently crime emergency. D.C. police spokesman Kevin Morison said police are required to post signs indicating that an area is under surveillance. He could not say whether such notification would be required under a clause dealing with "exigent" circumstances. Mr. Morison said several neighborhood leaders have requested cameras. Marc Rotenberg, executive director of the District-based Electronic Privacy Information Center, said he has heard neighborhood leaders express approval of the cameras at hearings but is not sure whether most residents share that support. "It's very difficult to get a clear read on whether this is something that residents really want," Mr. Rotenberg said. "I don't think people understand that if you put these cameras in residential communities, you're talking about a telescopic lens that can zoom in and a 360-degree casing that can look into your bedroom." From rforno at infowarrior.org Mon Aug 14 08:33:12 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Aug 2006 08:33:12 -0400 Subject: [Infowarrior] - Which Travelers Have 'Hostile Intent'? Message-ID: Which Travelers Have 'Hostile Intent'? Biometric Device May Have the Answer By JONATHAN KARP and LAURA MECKLER August 14, 2006; Page B1 http://online.wsj.com/public/article/SB115551793796934752-2hgveyRtDDtssKozVP mg6RAAa_w_20070813.html?mod=tff_main_tff_top At airport security checkpoints in Knoxville, Tenn. this summer, scores of departing passengers were chosen to step behind a curtain, sit in a metallic oval booth and don headphones. With one hand inserted into a sensor that monitors physical responses, the travelers used the other hand to answer questions on a touch screen about their plans. A machine measured biometric responses -- blood pressure, pulse and sweat levels -- that then were analyzed by software. The idea was to ferret out U.S. officials who were carrying out carefully constructed but make-believe terrorist missions. The trial of the Israeli-developed system represents an effort by the U.S. Transportation Security Administration to determine whether technology can spot passengers who have "hostile intent." In effect, the screening system attempts to mechanize Israel's vaunted airport-security process by using algorithms, artificial-intelligence software and polygraph principles. [The Israeli-developed system combines questions and biometric measurements to determine if a passenger should undergo screening by security officials.] The Israeli-developed system combines questions and biometric measurements to determine if a passenger should undergo screening by security officials. Neither the TSA nor Suspect Detection Systems Ltd., the Israeli company, will discuss the Knoxville trial, whose primary goal was to uncover the designated bad guys, not to identify threats among real travelers. They won't even say what questions were asked of travelers, though the system is generally designed to measure physical responses to hot-button questions like "Are you planning to immigrate illegally?" or "Are you smuggling drugs." The test alone signals a push for new ways to combat terrorists using technology. Authorities are convinced that beyond hunting for weapons and dangerous liquids brought on board airliners, the battle for security lies in identifying dangerous passengers. The method isn't intended to catch specific lies, says Shabtai Shoval, chief executive of Suspect Detection Systems, the start-up business behind the technology dubbed Cogito. "What we are looking for are patterns of behavior that indicate something all terrorists have: the fear of being caught," he says. Security specialists say such technology can enhance, but not replace, existing detection machines and procedures. Some independent experts who are familiar with Mr. Shoval's product say that while his technology isn't yet mature, it has potential. "You can't replicate the Israeli system exactly, but if you can incorporate its philosophy, this technology can be one element of a better solution," says Doron Bergerbest-Eilon, chief executive of Asero Worldwide consulting firm and a former senior official in Israel's security service. To date, the TSA has more confidence in people than machines to detect suspicious behavior. A small program now is using screening officers to watch travelers for suspicious behavior. "It may be the only thing I know of that favors the human solution instead of technology," says TSA chief Kip Hawley. The people-based program -- called Screening Passengers by Observation Technique, or SPOT -- began undergoing tests at Boston's Logan Airport after 9/11 and has expanded to about a dozen airports. Trained teams watch travelers in security lines and elsewhere. They look for obvious things like someone wearing a heavy coat on a hot day, but also for subtle signs like vocal timbre, gestures and tiny facial movements that indicate someone is trying to disguise an emotion. TSA officers observe passengers while consulting a list of more than 30 questionable behaviors, each of which has a numerical score. If someone scores high enough, an officer approaches the person and asks a few questions. "All you know is there's an emotion being concealed. You have to find out why the emotion is occurring," says Paul Ekman, a San Francisco psychologist who pioneered work on facial expressions and is informally advising the TSA. "You can find out very quickly." More than 80% of those approached are quickly dismissed, he says. The explanations for hiding emotions often are innocent: A traveler might be stressed out from work, worried about missing a flight or sad because a relative just died. If suspicions remain, the traveler is interviewed at greater length by a screener with more specialized training. SPOT teams have identified about 100 people who were trying to smuggle drugs, use fake IDs and commit other crimes, but not terrorist acts. The TSA says that, because the program is based on human behavior, not attributes, it isn't vulnerable to racial profiling. Critics worry it still could run afoul of civil rights. "Our concern is that giving TSA screeners this kind of responsibility and discretion can result in their making decisions not based on solid criteria but on impermissible characteristics such as race," says Gregory T. Nojeim, associate director of the American Civil Liberties Union's Washington legislative office. Mr. Shoval, the Israeli entrepreneur, believes technology-based screening is the key to rolling out behavior-recognition techniques in the U.S. With experience in counter-terrorism service and the high-technology industry, Mr. Shoval developed his Cogito device with leading former Israeli intelligence officials, polygraph experts and computer-science academics. Here is the Cogito concept: A passenger enters the booth, swipes his passport and responds in his choice of language to 15 to 20 questions generated by factors such as the location, and personal attributes like nationality, gender and age. The process takes as much as five minutes, after which the passenger is either cleared or interviewed further by a security officer. At the heart of the system is proprietary software that draws on Israel's extensive field experience with suicide bombers and security-related interrogations. The system aims to test the responses to words, in many languages, that trigger psycho-physiological responses among people with terrorist intent. The technology isn't geared toward detecting general nervousness: Mr. Shoval says terrorists often are trained to be cool and to conceal stress. Unlike a standard lie detector, the technology analyzes a person's answers not only in relation to his other responses but also those of a broader peer group determined by a range of security considerations. "We can recognize patterns for people with hostile agendas based on research with Palestinians, Israelis, Americans and other nationalities in Israel," Mr. Shoval says. "We haven't tried it with Chinese or Iraqis yet." In theory, the Cogito machine could be customized for specific cultures, and questions could be tailored to intelligence about a specific threat. The biggest challenge in commercializing Cogito is reducing false results that either implicate innocent travelers or let bad guys slip through. Mr. Shoval's company has conducted about 10 trials in Israel, including tests in which control groups were given terrorist missions and tried to beat the system. In the latest Israeli trial, the system caught 85% of the role-acting terrorists, meaning that 15% got through, and incorrectly identified 8% of innocent travelers as potential threats, according to corporate marketing materials. The company's goal is to prove it can catch at least 90% of potential saboteurs -- a 10% false-negative rate -- while inconveniencing just 4% of innocent travelers. Mr. Shoval won a contract for the Knoxville trial in a competitive process. Next year, Israeli authorities plan to test Cogito at the country's main international airport and at checkpoints between Israel and the West Bank, where the goal will be to catch genuine security threats while testing the logistics of using the system more broadly. The latest prototype costs about $200,000 a machine. Even though his expertise is in human observation, U.S. behavior-recognition expert Dr. Ekman says projects like Cogito deserve a shot. He expects technology to advance even further, to devices like lasers that measure people's vital signs from a distance. Within a year, he predicts, such technology will be able to tell whether someone's "blood pressure or heart rate is significantly higher than the last 10 people" who entered an airport. Write to Jonathan Karp at jonathan.karp at wsj.com and Laura Meckler at laura.meckler at wsj.com From rforno at infowarrior.org Mon Aug 14 08:37:06 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Aug 2006 08:37:06 -0400 Subject: [Infowarrior] - Use "POD" in your trademark, get sued. Message-ID: Use "POD" in your trademark, get sued. Has Apple gone too far? Posted by David Berlind @ 3:50 pm Has Apple gone too far? http://blogs.zdnet.com/BTL/?p=3482 Even if the product you make doesn't look, smell, feel, or do anything remotely close to what an iPod does, and even if consumers can't buy it on the shelves in a store, that apparently doesn't mean Apple won't release its legal dogs on you if the name of your product includes the letters P-O-D. That's exactly what's happening to Dave and Carolee Ellison, owners of Mach 5 Products ? a small, family operated business that makes games for arcades ? the kind that either spit out tickets as a reward for your performance or the crane-oriented games where you take your chance at retrieving a stuffed animal or some other toy with a hand-operated crane. Until the Ellisons came along, the only way to figure out how much money an arcade game took in, and how many prizes or tickets it gave out, was to open up the arcade machine and take a reading off a mechanical counter. So, the Ellison's came up with a digital version of the same thing that transmits the accounting information via infra-red technology to a notebook or a PDA in a way that the data can be loaded directly into a spreadsheet. From a productivity point of view, the digital version could be a real boon to arcade operators since all they have to do now is walk by the arcade machine to get a reading. But there's one problem. The Ellisons named the device "Profit Pod." And, when Apple got wind of it by way of the Ellisons' trademark application, it sent a threatening letter to the Ellisons that, amongst other things, says: Apple recently learned that Mach 5 Products filed an ITU trademark application for PROFIT POD (Serial No. 76/589,480), on April 30, 2004, for "infrared data transmission and collection system, namely an infrared data transmission and collection system for amusement games comprised of a meter for counting input signals from switches, a processor for processing the signals so that they may be transmitted by an infrared signal, an infrared signal generator and software for programming hand held computers that can detect and process infrared signals" in Class 09?..As set forth below, Apple is concerned that the application for and use of the PROFIT POD mark infringes its trademark rights and dilutes Apple's famous IPOD brand?.Apple aggressively polices its trademark rights in order to protect itself and its consumers.. ...We believe there is confusing similarity between Apple's IPOD mark and the PROFIT POD mark. PROFIT POD is a POD-formative mark and incorporates a substantial portion of Apple's IPOD mark. The products are likewise related?.We believe there is confusing similarity between Apple's IPOD mark and the PROFIT POD mark. PROFIT POD is a POD-formative mark and incorporates a substantial portion of Apple's IPOD mark. The products are likewise related. Both devices receive and transmit data and are used with computers, both are used in connection with video games, and both have other similar components. Moreover, it has not gone unnoticed that, like Apple's IPOD device, the PROFIT POD product is a small, flat, round corned rectangular device with a display screen. In addition to the likelihood of confusion between the products, because Apple's mark is famous, it is entitled to protection from dilution attributable to the PROFIT POD mark. Accordingly, we must ask that Mach 5 Products immediately abandon the pending application for PROFIT POD, agree to cease all use ofthe PROFIT POD mark and not to use or file any other applications for similar marks in the U.S. or elsewhere. Provided that full cooperation is forthcoming, Apple is willing to provide Mach 5 Products with a reasonable time in which to phase out use of the product. Here's the full text of the letter. "Apple is willing to provide Mach 5 Products with a reasonable time in which to phase out use of the product"? Talk about Goliath coming down on Davey. Wow. So, now, judge for yourself. Pictured below, is a Profit Pod. If you ask me, it looks nothing like an iPod. It doesn't play music. It has nothing to do with digital entertainment. Ordinary consumers will never even see one. It gets built into arcade games and if you look closely at the bottom of the image, it has about six wires hanging out of the bottom of it. I don't see in any way how the "products are likewise related." Mr. Jobs, this is simply over the top. Leave these nice people, who are in no way a threat to you or Apple, alone. From rforno at infowarrior.org Mon Aug 14 08:40:58 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Aug 2006 08:40:58 -0400 Subject: [Infowarrior] - FW: Chertoff wants US to review antiterror laws In-Reply-To: Message-ID: the quest for the "policed state" ? continues.......rf (c/o MS) Chertoff wants US to review antiterror laws More arrest powers eyed http://tinyurl.com/pzr3q By Bryan Bender, Globe Staff | August 14, 2006 WASHINGTON -- Homeland security chief Michael Chertoff called yesterday for a review of domestic antiterrorism laws, saying the United States might benefit from the more aggressive surveillance and arrest powers used by British authorities last week to thwart an alleged plot to bomb airliners. Chertoff said no American links to the London plot have been uncovered, but added that the top priority for US counterterrorism officials is to identify any possible connection between the suspects in Britain and Pakistan and individuals in the United States. He said officials also remained vigilant for other attacks, and cited concern that terrorist groups may ``think we are distracted." Officials in Britain also said yesterday that they believe another terrorism attempt is likely, and travelers there endured a fourth day of airport security delays and cancellations. At a time when Congress is questioning the scope of the Bush administration's executive powers -- including a highly controversial program to listen to domestic phone calls without a warrant -- Chertoff said more powers to track potential terrorists inside the United States may be needed. He cited some of Britain's broader investigative powers that helped foil an alleged plan by British Muslims believed linked to Al Qaeda to smuggle liquid explosives aboard flights bound to the United States from London's Heathrow Airport. British police have the ability to hold suspects without charges for nearly a month and a greater flexibility to eavesdrop on citizens. The British ``have an easier time getting electronic surveillance, and they also can detain people for up to, I think, 28 days without charging them," Chertoff said on ``Fox News Sunday." ``And those are very useful tools when you're trying to intercept an ongoing and very dynamic plot when you may not have collected all the evidence." In a sign of the partisan wrangling to come as fall elections draw near, some Democrats pounced on Chertoff's comments , saying that more security, not more antiterrorism powers, is what is required. ``The Bush administration wants to poke holes in the Constitution instead of plugging holes in our homeland security system," said Representative Edward J. Markey, a Malden Democrat and a member of the House Homeland Security Committee." Yesterday, the administration scaled back the threat alert for flights headed to the United States from the United Kingdom from red (severe) to orange (high). The alert will remain at the orange level for all other flights. The Transportation Security Administration relaxed the flight ban on some liquids yesterday, allowing passengers to bring up to 4 ounces of liquid medicine into the passenger cabin. Insulin and other treatments for low blood sugar are also allowed, according to a bulletin from the TSA. But the agency also made it mandatory for all passengers to put their shoes through X-ray machines before boarding. Still more needs to be done, Thomas Kean , the former governor of New Jersey and cochairman of the 9/11 Commission, told NBC's ``Meet the Press." He said too many security holes remain at the nation's airports. ``When you and I go to the airport, there still is not a unified watch list," Kean said. `` We should know everybody who is getting on that plane -- or if any agency has any problems with them, they shouldn't be allowed to get on the plane." In Britain, where a third of all flights were canceled yesterday, Home Secretary John Reid said authorities were conducting two dozen separate counterterrorism investigations. Unlike in the United States, Scotland Yard and other police in Britain have wide antiterrorism powers and the ability to monitor and detain suspects without evidence or the permission of a court. Britain also has a dedicated domestic intelligence service, MI-5, that has wide latitude to spy on British citizens. After the terrorist attacks of Sept. 11, 2001, Congress passed a series of new statutes, including allowing greater sharing between the CIA and the FBI of foreign and domestic intelligence. But the independent commission that investigated the terrorist attacks ultimately recommended against establishing an American version of MI-5, citing privacy concerns. Chertoff, a former federal prosecutor, said yesterday that the massive crackdown on suspected militants across England was a reminder of the importance of giving law enforcement authorities more effective investigative tools. ``What helped the British in this case is the ability to be nimble, to be fast, to be flexible, to operate based on fast-moving information," Chertoff said on ABC's ``This Week." He added: ``We have to make sure our legal system allows us to do that. " Senator Pat Roberts of Kansas , a Republican and chairman of the Intelligence Committee, agreed yesterday that the British have ``better tools." But, speaking on CBS's ``Face the Nation," he also acknowledged the political opposition in Washington to any further expansion of executive powers. A program established by President Bush after the 2001 attacks bypassed a special intelligence court to allow eavesdropping on Americans suspected of communicating with terrorists overseas. It is now being restructured as a result of pressure from Congress, where lawmakers have said they were not fully informed about the program. Bryan Bender can be reached at bender at globe.com. From rforno at infowarrior.org Mon Aug 14 09:31:58 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Aug 2006 09:31:58 -0400 Subject: [Infowarrior] - Airport Security - more hijinks of hilarity Message-ID: A few comments on recent airport security items: On the Sunday shows yesterday, DHS' Chertoff kept citing how America is emulating Israeli airport security. Rather, what he meant to say is that we're trying to look like Israeli airport security. I understand that most if not all of the folks in Israel doing behavioural profiling are current (and I believe also former) military intelligence professionals, not folks recruited off-the-street tossed into a uniform and issued a cloth badge. As a result, passenger screenings in Israel are based on years of experience and training in the intelligence and anti-terrorism profession supported by prescreening databases that are properly maintained and utilized...not by fancy bloodpressure-monitoring gizmos you sit in (http://tinyurl.com/rebno) and "spot the liquid" video games (http://tinyurl.com/jdv3y) to train screeners with. TSA, despite its proclaimations, is doing nothing more than going through the motions as it proudly presents the appearance of imitating Israeli airport security practices, to include renaming its screeners as "transportation security officers." But for all the hype and long lines, I've yet to find a competent security professional who thinks this agency or its practices are contributing significantly to aviation security. That said, two other items: (1) IIRC, there were some news stories earlier this year about how TSA's "increased training" for screeners to detect explosives (link unavailable) was to ask probing - and leading - questions on their graduation tests like "what part of a bomb is used to detonate it?" (answer: the detonator.) I feel safer already. (2) Additionally, TSA's new evaluation criteria for screeners has gone from "pass/fail" to three criteria -- one gets rated as "achieves standards, exceeds standards, or role model of excellence." While I'm sure folks can and do fail to meet criteria and get sanctioned/fired as appropriate (and others truly are excellent at their jobs and get rewarded) it's amazing that on such an official evaluation criteria there is no formal failing mark! (http://tinyurl.com/namdv) It's a sad irony when you can be graded "pass/fail" for boarding an airplane, but those responsible for making such determinations cannot. TSA isn't "security theater" -- it's just a poorly-produced movie. -rick From rforno at infowarrior.org Mon Aug 14 12:57:25 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Aug 2006 12:57:25 -0400 Subject: [Infowarrior] - To google or not to google? It's a legal question Message-ID: To google or not to google? It's a legal question Search engine's sense of humour crashes as it fires off warning letters over use of name as a verb By Stephen Foley in New York Published: 13 August 2006 http://news.independent.co.uk/business/news/article1218805.ece Search engine giant Google, known for its mantra "don't be evil", has fired off a series of legal letters to media organisations, warning them against using its name as a verb. In June, Google won a place in the Oxford English Dictionary, while "to google", with a lower case "g", was included last month in Merriam-Webster's Collegiate Dictionary, America's leading reference book. The online service WordSpy, meanwhile, defines "google" as: "To search for information on the Web, particularly by using the Google search engine; to search the Web for information related to a new or potential girlfriend or boyfriend." This is also what pops up first if you type "googling" into Google. But the California-based company is becoming concerned about trademark violation. A spokesman confirmed that it had sent the letters. "We think it's important to make the distinction between using the word Google to describe using Google to search the internet, and using the word Google to describe searching the internet. It has some serious trademark issues." But although an attempt to protect the company's trademark, the letters have raised snickers after they were leaked on to the web. Bloggers have been making fun of the examples Google's lawyers deem acceptable. They included: "Appropriate: I ran a Google search to check out that guy from the party. Inappropriate: I googled that hottie." Web veterans have also been taken aback by Google's suddenly humourless approach. The eight-year-old company has previously cultivated an image of youthful non-conformity, from the jeans and T-shirts often worn by its billionaire founders, Sergey Brin and Larry Page, to the scooter lanes and volleyball courts at its Palo Alto headquarters. Eyebrows may be raised, too, in the publishing and media industries, which are worried about Google's encroachment on their intellectual property via itsGoogle News pages and its plan to put every book ever published on to the web. Search engine giant Google, known for its mantra "don't be evil", has fired off a series of legal letters to media organisations, warning them against using its name as a verb. In June, Google won a place in the Oxford English Dictionary, while "to google", with a lower case "g", was included last month in Merriam-Webster's Collegiate Dictionary, America's leading reference book. The online service WordSpy, meanwhile, defines "google" as: "To search for information on the Web, particularly by using the Google search engine; to search the Web for information related to a new or potential girlfriend or boyfriend." This is also what pops up first if you type "googling" into Google. But the California-based company is becoming concerned about trademark violation. A spokesman confirmed that it had sent the letters. "We think it's important to make the distinction between using the word Google to describe using Google to search the internet, and using the word Google to describe searching the internet. It has some serious trademark issues." But although an attempt to protect the company's trademark, the letters have raised snickers after they were leaked on to the web. Bloggers have been making fun of the examples Google's lawyers deem acceptable. They included: "Appropriate: I ran a Google search to check out that guy from the party. Inappropriate: I googled that hottie." Web veterans have also been taken aback by Google's suddenly humourless approach. The eight-year-old company has previously cultivated an image of youthful non-conformity, from the jeans and T-shirts often worn by its billionaire founders, Sergey Brin and Larry Page, to the scooter lanes and volleyball courts at its Palo Alto headquarters. Eyebrows may be raised, too, in the publishing and media industries, which are worried about Google's encroachment on their intellectual property via itsGoogle News pages and its plan to put every book ever published on to the web. From rforno at infowarrior.org Mon Aug 14 22:59:48 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Aug 2006 22:59:48 -0400 Subject: [Infowarrior] - Veterans Affairs to protect data on laptops Message-ID: Veterans Affairs to protect data on laptops By Anne Broache http://news.com.com/Veterans+Affairs+to+protect+data+on+laptops/2100-1029_3- 6105477.html Story last modified Mon Aug 14 14:54:16 PDT 2006 One week after news that another computer from the U.S. Department of Veterans Affairs had gone missing, the agency announced plans to beef up safeguards on all of its machines. In the next week, the agency plans to begin installing data encryption software on its laptop and desktop machines, VA Secretary R. James Nicholson said Monday. Data on portable media such as flash drives and CDs will also be protected. "A system-wide encryption program will be a tremendous step forward in improving the safety and security of sensitive veteran information," Nicholson said in a statement. The planned upgrade is the agency's latest effort to step up vigilance over its computer systems, after the high-profile theft of a laptop and an external hard drive that housed sensitive information on more than 26 million veterans and active military personnel. The equipment was stolen from the Maryland home of a Veterans Affairs Department employee in early May and was ultimately recovered in June--but not before an uproar ensued among politicians and other watchdogs. Police arrested two teenagers in connection with the incident last week. Days later, the agency said it was investigating reports of a new theft--this time of a desktop machine from the Reston, Va., offices of Unisys, a subcontractor hired to assist with insurance collections for Department of Veterans Affairs medical centers in Pennsylvania. The agency estimated that the computer contained information on about 38,000 veterans--2,000 of whom were deceased. The Department of Veterans Affairs' laptop computers will be the first to receive the new encryption software. They will be given products made by GuardianEdge and Trust Digital, which market themselves as mobile security specialists. The agency said it awarded a $3.7 million contract last week to SMS, a Syracuse, N.Y.-based company owned by a "service-disabled" veteran, to carry out the upgrade. Final testing of the products is currently under way, and installation is set to begin on Aug. 18. The agency hopes to have 100 percent of its laptops covered within four weeks of that date, with desktop machines to follow. Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Mon Aug 14 23:00:54 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Aug 2006 23:00:54 -0400 Subject: [Infowarrior] - Dell to recall 4.1M laptop batteries Message-ID: Dell to recall 4.1M laptop batteries http://news.yahoo.com/s/ap/20060815/ap_on_hi_te/dell_battery_recall_10&print er=1 Dell Inc. said Monday it will recall 4.1 million notebook computer batteries made by Sony Corp (NYSE:SNE - news). because they can overheat and catch fire. Round Rock-based Dell negotiated conditions of the recall with the federal Consumer Product Safety Commission, which called it the largest electronics-related recall ever involving the agency. A Dell spokesman said the Sony batteries were placed in notebooks that were shipped between April 1, 2004, and July 18 of this year. "In rare cases, a short-circuit could cause the battery to overheat, causing a risk of smoke and/or fire," said the spokesman, Ira Williams. "It happens in rare cases, but we opted to take this broad action immediately." The battery packs were included in some models of Dell's Latitude, Inspiron, XTS and precision mobile workstation notebooks. Dell planned to launch a Web site overnight that would describe the affected models. Williams said the Web site would tell consumers how to get free replacement batteries from Dell. Dell officials declined to say how much the recall campaign would cost or what portion, if any, Sony would pay. Sony officials did not immediately respond to requests for comment. The larger potential cost for Dell is that such a huge recall could dampen future notebook sales. Dell rival Hewlett-Packard Co. said it does not use Sony batteries and was not affected by the recall. Apple Computer Inc. is investigating whether its notebook batteries meet safety and performance standards, spokeswoman Lynn Fox said. There have been numerous recent news reports about Dell laptops bursting into flames, and pictures of some of the charred machines have circulated on the Internet. Dell, the world's largest maker of personal computers, confirmed that two weeks ago, one of its laptops caught fire in Illinois, and the owner dunked it in water to douse the flames. Other reports have surfaced from as far away as Japan and Singapore. Monday's move was at least the third recall of Dell notebook batteries in the past five years. Dell recalled 22,000 notebook computer batteries last December after symptoms that were similar to those that prompted Monday's recall. The company also recalled 284,000 batteries in 2001. Consumers with affected laptops should only run the machines on a power cord, said Scott Wolfson, a spokesman for the Consumer Product Safety Commission. The safety agency knows of 339 incidents in which lithium batteries used in laptops and cell phones ? not just Dell products ? overheated between 2003 and 2005, Wolfson said. The list of incidents ranges from smoke and minor skin burns to actual injuries and property damage, Wolfson said. Most of the incidents reported to the CPSC occurred around the home, but transportation-safety officials have become increasingly concerned about the threat of a laptop causing a catastrophic fire aboard a commercial jetliner. For Dell, the recall comes as it battles other questions about quality and customer service. Last year, Dell absorbed a charge against earnings of $338 million to repair faulty computer components. Dell's sales have grown this year, but less rapidly, causing shares in the company to lose nearly one-half their value in the past 52 weeks. The shares closed Monday ? before news of the recall ? at $21.24, up 17 cents on the Nasdaq Stock Market. They fell 24 cents in after-hours trading. From rforno at infowarrior.org Mon Aug 14 23:03:22 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Aug 2006 23:03:22 -0400 Subject: [Infowarrior] - How To Prep Laptops For Airport Security Message-ID: #7 is sure helpful if "no electronics of any sort" or "no carry-on" becomes the policy at your local airport.....guess you should FEDEX your thumbdrive AND toothpaste to your destination now.....rf How To Prep Laptops For Airport Security By K.C. Jones http://news.yahoo.com/s/cmp/20060814/tc_cmp/191902125&printer=1 Some companies are beginning to rethink laptop security policies in light of the United Kingdom's ban on electronic devices in airplane cabins. Others are pressuring authorities to ease the restrictions, which prevent business travelers leaving the United Kingdom from keeping close tabs on the machines and the sensitive data they contain. In the meantime, security providers are offering a few tips for travelers flying in and out of the United Kingdom. "Although this greatly impacts international business travelers, this could also foreshadow a broader ban and tighter security restrictions on a global basis," John Livingston, chairperson and CEO of Absolute Software, said in a prepared statement. "These precautions make good business sense at anytime " not just during a period of heightened security. Laptop theft, data security and identity theft are threats that all travelers face on a daily basis. These steps can help mitigate risk, prevent a business disruption and lead to the recovery of lost or stolen laptops." Whether the ban is temporary in the immediate aftermath of the arrest of more than 20 people allegedly planning to use electronics to detonate bombs in mid-flight, or whether it becomes permanent, Absolute Software suggests the following precautions: 1. Use luggage locks approved by the Transportation Security Administration to deter theft. 2. Pack laptops with soft foam or bubble wrap and place laptop bags inside other luggage to protect them from rough handling and to keep them inconspicuous. 3. Use passwords with a combination of numbers and letters, as well as encryption, solutions to prevent unauthorized access to laptops and sensitive data. 4. Back-up valuable data before travel to minimize the risk of data loss or lost productivity in case of theft. Since the information is often more valuable than the computer itself, it is important to protect the data as much as possible. 5. Invest in asset tracking and recovery software. Absolute Software recommends tools like its CompuTrace, which is embedded in the BIOS of computers. 6. Use remote data protection, so sensitive information can be wiped remotely if the laptop is lost or stolen. 7. Carry portable storage devices, like external thumb drives, for easy access to data in case luggage is delayed or lost. 8. Keep accurate records, including receipts and the computer's make, model, and serial number in a safe place for filing claims. 9. Be sure to shut down the laptop, not leave it in standby or hibernate mode, before packing in luggage. Computer Security Products also offers warning stickers, tattoos and other products to deter theft. Secure IT also offers a variety of products like locks, keys and cables. Other steps to take: use a secure operating system; make sure the user name is not stored in the login box; register laptops with manufacturers; and remove and store PCMCIA cards in a separate, secure place. From rforno at infowarrior.org Tue Aug 15 09:22:45 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Aug 2006 09:22:45 -0400 Subject: [Infowarrior] - MSNBC Video: Politics & Terror Message-ID: Keith runs down the timeline from 2002 until the latest UK plot regarding the politicization of terror. There definitely are coincidences! 12 minute video from "Countdown" located at: http://www.crooksandliars.com/posts/2006/08/14/olbermann-the-nexus-of-politi cs-and-terror/ From rforno at infowarrior.org Tue Aug 15 12:32:05 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Aug 2006 12:32:05 -0400 Subject: [Infowarrior] - British police: We need power to seize encryption keys Message-ID: British police: We need power to seize encryption keys By Graeme Wearden http://news.com.com/British+police+We+need+power+to+seize+encryption+keys/21 00-7348_3-6105680.html Story last modified Tue Aug 15 08:47:45 PDT 2006 Because British law enforcement officers don't have the authority to seize encryption keys, an increasing number of criminals are able to evade justice, a senior police officer said. Suspected terrorists, pedophiles and burglars have all walked free because encrypted data couldn't be opened, detective chief inspector Matt Sarti of the Metropolitan Police said Monday during a public meeting in London. "There are more than 200 PCs sitting in property cupboards which contain encrypted data, for which we have considerable evidence that they contain data that relates to a serious crime," Sarti said. "Not one of those suspects has claimed that the files are business-related, and in many cases, the names of the files indicate that they are important to our investigations." Earlier this summer, the British government announced that it plans to activate Part 3 of the Regulations of Investigatory Powers (RIP) Act, which will give the police the power, in some circumstances, to demand an encryption key from a suspect. Part 3 of the RIP Act has been heavily criticized in the past by some security professionals and academics who believe that it is a dangerous and badly written piece of legislation that cannot be properly implemented. Sarti was speaking at an open meeting to discuss the Home Office consultation about the draft code of practice for Part 3 of the RIP Act, which will govern how its powers can be used. The meeting was organized by the Foundation for Information Policy Research. Casper Bowden, a former director of the FIPR who led the fight against the introduction of the RIP Act several years ago, said during the meeting that Part 3 is flawed because defendants could be prosecuted for simply losing an encryption key. "The burden of proof is on the suspect to prove that they don't have the key, and if they fail, they go to prison. But if they can give an explanation for not having the key, then the prosecution must prove beyond reasonable doubt that they are lying," Bowden said. Bowden explained that in circumstances when the police suspected someone had encrypted incriminating data, officers could issue an order under Section 49 of the act, ordering the suspect to hand over the key. Failure to do so could lead to a prosecution under Section 53 of the Act. Richard Clayton, an FIPR trustee and a computer security researcher at the University of Cambridge, said the code of practice also lacks clear powers against officials who were guilty of making "deliberate mistakes" in their use of the RIP Act to obtain private data. Clayton also argued that businesses may take their encryption keys out of U.K. jurisdiction so that they can't be seized. But Simon Watkin of the Home Office, who drafted the code of practice, insisted that the time is right to activate Part 3 of the Act as the police are finding that their investigations are being thwarted by encryption. "The police have come to us and said that they need powers to get hold of encrypted data off suspects," Watkin said. "We've got a law like this on the statute book, and we've been waiting for people like them to come and give us compelling reasons why they need it." One police officer in the audience argued that in the case of alleged child abuse, it was vital to access all the files on a suspect's machine so that the victims could be identified. But Duncan Campbell, an investigative journalist who has served as an expert witness in many computer-related trials, insisted that Part 3 of the RIP Act could not be justified. "A person who rapes and damages a 12-year-old is going to get a bloody long sentence, and bloody good, too. What's the point in the police saying, 'We need a monstrous law so we can get to the rest of the data'?" Campbell asked. The consultation on the draft code of practice will run until Aug. 31, and Watkin indicated that submissions received after that date will still be considered. You can see the code of practice on the Home Office Web site. Graeme Wearden of ZDNet UK reported from London. Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Tue Aug 15 12:53:45 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Aug 2006 12:53:45 -0400 Subject: [Infowarrior] - FW: Music Genome Project Message-ID: (c/o WN) It is really cool tool to discover new music & free (soundcard needed). http://www.pandora.com/ About Pandora? When was the last time you fell in love with a new artist or song? At Pandora Media? (formerly Savage Beast Technologies?), we have a single mission: To help you discover new music you'll love. To understand just how we do this, and why we think we do it really, really well, you need to know about the Music Genome Project ?. For almost six years now, we have been hard at work on the Music Genome Project. It's the most comprehensive analysis of music ever undertaken. Together our team of thirty musician-analysts have been listening to music, one song at a time, studying and collecting literally hundreds of musical details on every song. It takes 20-30 minutes per song to capture all of the little details that give each recording its magical sound - melody, harmony, instrumentation, rhythm, vocals, lyrics ... and more - close to 400 attributes! We continue this work every day to keep up with the incredible flow of great new music coming from studios, stadiums and garages around the country. We've now created an interface to make this available to music lovers so they could use this musical 'connective-tissue' to discover new music based on songs or artists they already know. Pandora? is the doorway to this vast trove of musical information. With Pandora you can explore to your heart's content. Just drop the name of one of your favorite songs or artists into Pandora and let the Genome Project go. It will quickly scan its entire world of analyzed music, almost a century of popular recordings - new and old, well known and completely obscure - to find songs with interesting musical similarities to your choice. Then sit back and enjoy as it creates a listening experience full of current and soon-to-be favorite songs for you. You can create as many "stations" as you want. And you can even refine them. If it's not quite right you can tell it more and it will get better for you. The Music Genome Project was founded by musicians and music-lovers. We believe in the value of music and have a profound respect for those who create it. We like all kinds of music, from the most obtuse bebop, to the most tripped-out drum n bass, to the simplest catchy pop tune. Our mission is to help YOU connect with the music YOU like. We hope you enjoy the experience! From rforno at infowarrior.org Tue Aug 15 22:18:47 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Aug 2006 22:18:47 -0400 Subject: [Infowarrior] - Solar system to welcome three new planets Message-ID: http://www.nzherald.co.nz/section/story.cfm?c_id=5&ObjectID=10396493 Traditional concepts of astronomy are about to be thrown on their head. Solar system to welcome three new planets 12.00pm Wednesday August 16, 2006 By Steve Connor The nine planets of the solar system are about to be transformed into 12. The International Astronomical Union (IAU) is planning to add three new members to the exclusive club of large celestial objects orbiting our Sun. Astronomers are about to vote on an official proposal to extend the definition of a planet to include at least three more objects that are known to be big enough to warrant planetary status. It will mean that astronomy textbooks will have to be rewritten with the names Ceres, Charon and UB313 being added to the more familiar names of the classical planets. At one point it was thought that Pluto - the smallest and most distant of the planets - would be kicked out of the club, but now it appears that it is welcomed as the prototype of a new class of smaller planets known as "plutons". The International Astronomical Union, which has been the arbiter of planetary nomenclature since 1919, has received a new definition of a planet from a special committee of seven experts set up two years ago to adjudicate on the issue. Ron Ekers, the president of the IAU, said the ancient description of a planet as an object that wanders against a backdrop of fixed stars is no longer valid in an age of advanced telescopes. "Modern science provides muchmore knowledge than the simple fact that objects orbiting the Sun appear to move with respect to the background of fixed stars," Dr Ekers said. "Recent new discoveries have been made of objects in the outer regions of our solar system that have sizes comparable to and larger than Pluto. These discoveries have rightfully called into question whether or not they should be considered as new planets." The three new planets are Charon, once considered a moon of Pluto but now described as its double planet; Ceres, formerly known as an asteroid or minor planet; and UB313, an object that has yet to be given a formal name (although it has been nicknamed Xena), and which was only identified last year. There are now eight "classical"planets, three "plutons", those planets that are similar in size to Pluto withextremely wide solar orbits, and theasteroid-like Ceres. Experts sitting on IAU's planet definition committee - composed of astronomers, historians and writers - concluded that in future a planet should be defined as a celestial body that is big enough for its gravity field to form a near-spherical shape. The object must also be in orbit around the Sun - or another star - but not as a satellite of another planet, which rules out the Moon and the larger moons of other planets. "Our goal was to find a scientific basis for a new definition of 'planet', and we chose gravity as the determining factor," said Professor Richard Binzel, a planetary scientist and member of the definition committee. "Nature decides whether or not an object is a planet.". The new definition of a planet means that there are another dozen or two dozen other known objects in the solar system that may one day be included in the planetary club. The seven-member definition committee convened in Paris in late June and early July, and its recommendations will now go to the IAU's general assembly which will vote on the resolution as its meeting in Prague this week. Professor Owen Gingrich, the committee chairman, said the deliberations were long and hard, but in the end a consensus was reached. "In July we had vigorous discussions of both the scientific and the cultural-historical issues and on the second morning several members admitted that they had not slept well, worrying that we would not be able to reach a consensus," Professor Gingrich said. "But by the end of a long day, the miracle had happened - we had reached a unanimous agreement."The issue came to a head after it was discovered that UB313 was bigger than Pluto, which was discovered in 1930 and was only called a planet because it was originally thought to be as big as Earth. - INDEPENDENT From rforno at infowarrior.org Tue Aug 15 22:35:52 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Aug 2006 22:35:52 -0400 Subject: [Infowarrior] - Interesting Essay on Social Isolationism Message-ID: http://www.salon.com/mwt/feature/2006/08/16/fewer_friends/print.html Actually, hell is other people A new study says Americans have fewer friends than ever -- but what if we're enjoying more solitude and intimacy? By Lisa Selin Davis Aug. 16, 2006 | Earlier this summer, I spent a week vacationing with some of my oldest and dearest friends, suffering most of the time from paranoia after one of them pronounced me "addicted to worrying" and another accused me of being relentlessly negative (I responded to her T-shirt, printed with the question "What Would Nature Do?" by asserting that nature is a whole lot more violent than Jesus). I resented being known so thoroughly and longed to be surrounded by intimacy lite: acquaintances and cocktail party banter buddies from whom I'm distant enough to ensure a conflict-free interaction, as opposed to friends who have compiled empirical evidence about my character defects over the years. While I was busy questioning the benefits of intimacy, three sociologists from Duke and the University of Arizona were releasing a study called "Social Isolation in America." The researchers found that Americans have one-third as many close friends as they did 20 years ago, and nearly three times as many said they don't have a single confidante. This, by the way, is how close friends are defined in the study: people with whom one discusses important matters, though one person listed "getting a haircut" as an important matter. I count myself lucky to have more than the study's average number of friends and confidantes. In fact, I am a serial confessor and discuss important matters with anyone who'll listen; by the haircut standard, my postman Ronnie is a close friend. But like many other Americans these days, I find close friendships maddening and admit to the occasional onset of good old-fashioned misanthropy, a subscription to Sartre's observation that hell is other people. The study, a random sampling of 1,467 adults, sparked a short-lived whirlwind of media activity examining the crisis in American camaraderie, pointing the finger at sprawl and technology and work to explain it. But when I went out searching for the friendless, I found that overwhelmingly they blamed no one but themselves. They are what I'd call voluntarily lonely. Some people seemed almost proud to say they could call no one a friend, proud of the fortitude that loneliness requires. My dad once told me that friends are people you can do nothing with, but these days, people seem to prefer doing nothing by themselves. Are they choosing loneliness because friendship is so much work and real friends are hard to find and make and keep? I didn't need to go far to find one of the voluntarily lonely, just down the block where my neighbor Stephen Cohen lives. Cohen had plenty of pals back in 2001, when he worked on Wall Street as a computer consultant, meaning he had disposable income and regular business hours and could spend evenings and weekends partying. "It was always about staying up late and being up on popular culture," he says. Then he got serious. Turned 30. Got his pilot's license. And he found as he outgrew his job that he outgrew his friends, too. "When I started to go to bed early, it was incompatible with that lifestyle." So he distanced himself from them, and, he says, "Eventually the phone just stopped ringing." Cohen used to choose his friends, he says, "by if they listened to New Order or wore Doc Martens. From that quick assessment you knew you had things in common." Forming new friendships requires a certain chemistry, much as romantic relationships do, and the older we get, the more we have to approach friendships the same way, with friend dates and relationships and breakups. Now, Cohen says, "I'm really friendly, but I don't have any friends." By "friends," he means people he sees regularly, people who call to say hello. Cohen doesn't seem to mind the vacuum left by his old friends' departure. "I used my therapist as a surrogate," he says. "We stopped talking about my problems and I ended up just telling her about what I was doing that week." Louise Hawkey, a research scientist in psychology at the University of Chicago, says certain people select what she calls existential loneliness. "They find it a purposeful, meaningful way of living out their lives," she says. Hawkey has been working on a study measuring the genetic predisposition to loneliness -- some people are more prone to it than others, but even for those, there may be a certain amount of self-deception involved in voluntary loneliness. "If people are choosing it, either they're perfectly able to live in those circumstances and aren't inclined to feel lonely," she says, "or they're really good at deceiving themselves that this is acceptable for them: The way to come to terms with a solitary life is to say, 'This is my choice. I like it like this.'" A writer in Albany, N.Y., named Daniel Nester says when he relocated upstate from Brooklyn he chose to bring little of his old life with him beyond his wife and the contents of his apartment -- no one from his former circle of friends. "I'm currently not interviewing for new buddies. I've downsized my circle of friends to almost nil," he says. "I have one friend. I used to have 30." Petty grievances that were once small fissures grew to crevices as he prepared to leave, and instead of courting new friendships, he drew closer to his wife, filling the social absence with books. Nester would rather be friendless than in the companionship of what he calls "fool's gold" friends. "My faith in friendships is pretty low right now," Nester says, but his expectations are high. "It's like a blood bond: We confide in one another; we defend one another," he says -- anything less is not friendship at all. Compared with Nester's single friend, Basya Grinhstein's strange and far-flung circle seems like a veritable in-crowd. Grinhstein, a 20-year-old from Houston, says she has three friends: Two live in other states and one is her 7-year-old brother, who has Down syndrome. "I paint by myself, I watch movies by myself, I go dancing by myself," she says. "With other people, I get irritated or feel uncomfortable. I'm not very trusting of other people." Yet she believes that her utter lack of interest in making friends draws people to her. "People always say, 'Can I have your number? Can I have a way to keep in touch with you?' and I'll say, no, I'm not really looking for that." Every day on television, friends cross each other, betray each other, infuriate each other, and 22 minutes later, all fractures are repaired. In a media-saturated society that lionizes friendship, it's hard to believe that the voluntarily lonely aren't just playing hard to get. Our electronic culture and methods of keeping in touch -- cellphones, e-mail, instant messaging, text messaging -- are noted in the study as possible grounds for our increased isolation. For all their promise of keeping us connected, they often disconnect us, and the result is that we have more computer-to-computer than face-to-face time; my friends with BlackBerrys send the most perfunctory messages, and even the text "miss U" does not make me feel loved. One author of the study, Lynn Smith-Lovin, pointed out that a distant e-mail correspondent will be of little use when you need someone to pick up your kid at day care in a pinch. But Hawkey points out the Internet's social potential. "Some think that the Internet keeps people closer -- we'd lose touch with certain faraway friends and family if we didn't have e-mail." For many, technology fulfills social needs, and old school pals become practically outdated. It's easy to see how blasting one's innermost secrets to the world at large on MySpace.com would preclude the need for confidantes. And if Doc Martens aren't enough to gel a friendship, one can search out others with a variety of aligned interests with whom to bond, or find a way for technology to replace the usual human interaction. My favorite waiter at the local diner told me that his wife spends a great deal of time on the Foo Fighters chat room, and that she witnesses entire relationships unfold electronically. "People are on there all day," he said. Even if we've increased this virtual intimacy, an architecture of loneliness drives us apart. The researchers explain it this way: There has been "a shift away from ties formed in neighborhood and community contexts." In other words, those who suffer long commutes from the suburbs, work long hours, and come right back to the 3,000-square-foot McPalace, the three-car garage with a door leading directly into the home, never need to lay eyes on a neighbor. Even if we moved to suburbs envisioning utopia, suburban life is, in some form, voluntary loneliness. The study finds that while Americans confide in fewer nonfamilial friends, they've drawn closer to their spouses. It's odd that this is presented as the disintegration of friendship instead of a testament to the strengthening bond of American marriage and faith in romance (though another study revealed that folks live longer surrounded not by family but friends). Six months ago, Cohen found the girl of his dreams and she became No. 1 confidante. "I don't have nearly as much to say to my therapist now that I talk Nicole's ear off." As for my friends, I've been thinking about what we've been through together. One friend had abdominal surgery last year, and the group rallied by her bedside. Another has been struggling through chemotherapy, and we've had a series of celebrations for her, including a bye-bye boobie party before her double mastectomy. A friend flew out for my 30th birthday a few years ago, a miserable evening eating In-N-Out burgers and seeing a Robert Altman movie after some former friends canceled my birthday party. She saved me from, well, who knows what I would have done had she not been there? I may not see that friend every day. I don't discuss all my important matters with her -- or even my haircuts. We have dinner maybe just once a month, but she is my close friend. And, in fact, aren't friends in part there to call you out, alert you to your faults, and offer advice on how to correct them? Friends are there in case of emergency and, also, there to do nothing with. My friends are, it turns out, lie-down-in-traffic-for-you kinds of buddies -- I've had them all along, but never noticed. Hard as I find it to navigate friendship, I'm lucky to have so many people I can call friends. But what about those who don't? What about those with only two confidantes, a couple of close friends? I don't see why that should be an indication that we're more socially isolated -- for some people, voluntary loneliness isn't so lonely after all. As Daniel Nester's mother always told him, "If you find one friend in your life, you're lucky." -- By Lisa Selin Davis From rforno at infowarrior.org Tue Aug 15 23:10:46 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Aug 2006 23:10:46 -0400 Subject: [Infowarrior] - When Hippies Turn to Cyber Terror Message-ID: When Hippies Turn to Cyber Terror http://blog.wired.com/27BStroke6/index.blog?entry_id=1539952 Last February the Department of Homeland Security oversaw a large-scale international cyber terror simulation involving 115 public and private organizations in the U.S., Canada, Britain, Australia, and New Zealand, all testing their ability to coordinate with one another and respond to computer-driven attacks. It was called Cyber Storm. Nobody's said much about the results, or the details of the exercise scenario. But a newly-published DHS PowerPoint presentation on the exercise reveals that the real terrorist threat in cyber space isn't from obvious suspects like al Qaida types or Connecticut voters; it's from anti-globalization radicals and peace activists. The attack scenario detailed in the presentation is a meticulously plotted parade of cyber horribles led by a "well financed" band of leftist radicals who object to U.S. imperialism, aided by sympathetic independent actors. At the top of the pyramid is the Worldwide Anti-Globalization Alliance, which sets things off by calling for cyber sit-ins and denial-of-service attacks against U.S. interests. WAGA's radical arm, the villainous Black Hood Society, ratchets up the tension on day one by probing SCADA computerized control systems and military networks, eventually (spoiler warning) claiming responsibility for a commuter rail outage and the heat going out in government buildings. The Black Hoods are a faction of Freedom Not Bombs, whose name is suspiciously similar to the real Food Not Bombs, which provides vegan meals to the homeless. Another allied lefty-group called the Peoples Pact joins in, crashing portions of the power grid. Things get confusing when the "Tricky Trio," three evil hax0rs who are 50 percent more devious than the Deceptive Duo, hacks the FAA, issues false Amber Alerts, and manipulates the communications system of the U.S. Northern Command. Then someone posts the No-Fly List to a public website (third act shocker: it's all nuns and Massachusetts Democrats), and opportunistic cyber thieves raid a medical database looking for identity theft targets. Logic bombs explode, wireless communications devices are corrupted, DNS caches are poisoned. And on it goes, with over 800 scenario "injects" over four action-packed days. Apparently, no computers were harmed in the making of Cyber Storm. "There were no actual attacks on live networks, no Red Team," the presentation notes. "Players reacted to situation and incident reports according to their regular/normal SOPs." So it was more of a paper exercise. A referee points at someone and yells, "You! Your website is defaced. What do you do?" -- and the organization responds accordingly. According to the presentation, there were over 300 players in the war game, generating more than 21,000 e-mail messages. Among the commonsense lessons learned: "Communication paths, methods, means and protocols must be solidified in advance of crisis/incident response" and "Cooperation must include ability to link into or share info in all streams: e.g., Cyber, Physical, (Law Enforcement), Intelligence." The scenario is nicely laid out, and perhaps technically plausible -- some of the incidents are ripped from the headlines, kind of. And I'm frankly glad to see al Qaida wasn't behind it all, since it seems unlikely that real terrorist groups will ever move to computer attacks, while physical destruction and murder is easier and more terror-producing. But does the administration really see the far left as potential cyber terrorists ready to take down the power grid and air traffic control systems? This might explain why the U.S. keeps getting caught spying on peaceful war-protestors. Marked "For Official Use Only," the PowerPoint deck became public when government transparency purist John Young posted it on his website, Cryptome, this week. I couldn't open it, but I located what appears to be the original on the website of the New York branch of the ISSA, a security organization, from a briefing given them last June 21. From rforno at infowarrior.org Wed Aug 16 09:15:40 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Aug 2006 09:15:40 -0400 Subject: [Infowarrior] - US space commander predicts satellite attacks Message-ID: US space commander predicts satellite attacks Aug 15, 8:05 PM (ET) http://reuters.myway.com/article/20060816/2006-08-16T000528Z_01_N15436217_RT RIDST_0_NEWS-ARMS-SPACE-USA-DC.html By Jim Wolf HUNTSVILLE, Alabama (Reuters) - The Air Force's new top commander for space predicted on Tuesday future attacks on U.S. satellites and called for greatly expanded tracking and identification of payloads launched by other countries. Currently, U.S. efforts are focused on determining if an overseas launch is a ballistic missile or designed to put an object in orbit, then cataloging it over a period that can take weeks, said Air Force Gen. Kevin Chilton, who heads the Air Force Space Command at Peterson Air Force Base, Colorado. "I say those days are over," he told an annual conference here on the fledgling, multibillion-dollar U.S. anti-missile shield. "If it's a space launch, we can't afford to relax." "We need to know what the intent of that launch is," he said, including whether an object could jam or otherwise harm satellites or spread micro-satellites that could do so. Chilton said his goal was to learn all this in the object's first orbit of the Earth so the United States could take unspecified actions "before an adversary can cripple us." The increased "situational awareness" he had in mind could be achieved largely through improved computer work that would present information in easy-to-understand displays, he said. Foes would be foolish not to be thinking of how to deny the United States the advantages of space, on which it relies heavily for military and commercial purposes, said Chilton, who took over the space command a month and a half ago. "And in the future, I'm convinced they'll strike at these capabilities, if nothing else to attempt to level the playing field," he said. Chilton said the United States had a duty to secure "the entire space domain not just for our own military but for our allies and for the benefit of the free world." In other remarks to the missile-defense conference, Gil Nolte of the code-making Information Assurance Directorate at the Pentagon's National Security Agency said his agency believed unspecified foreign intelligence agencies had been behind attacks on U.S. computer networks. He said there had been insufficient investment in cyber security at all levels of the U.S. government while attackers were very well financed and used "a wide range of tradecraft." From rforno at infowarrior.org Wed Aug 16 09:34:21 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Aug 2006 09:34:21 -0400 Subject: [Infowarrior] - Secrets of the Pirate Bay Part I Message-ID: Secrets of the Pirate Bay Part I By Quinn Norton| 02:00 AM Aug, 16, 2006 http://www.wired.com/news/technology/1,71543-0.html MALMO, Sweden -- It's Saturday night and I'm lounging on a living room sofa surrounded by lanky twenty-somethings in shorts and deep tans. Across from me, a wire emerges from a green Xbox -- modified to stream movies from its hard drive -- and snakes past two dusty turntables and into a video projector, which is displaying a menu of movies that would make Blockbuster jealous. Peter, this living room's owner, selects a title, and the text "For Your Consideration" fades onto the screen, marking this movie as a leaked screener from the Academy Awards: Someone in Hollywood ripped their review DVD copy of the film and uploaded it to the internet, where it eventually found its way to this hacked game console. Peter chuckles, others cheer. Special Report: The Pirate Kings of Sweden Secrets of the Pirate Bay Efforts to sink the word's largest BitTorrent tracker have backfired into political scandal, and spurred even more downloading. But the three guys behind the Pirate Bay are facing a national controversy of their own. A Nation Divided over Piracy The Pirate Bay survives, and politicians and entertainment lawyers confront a youth movement that embraces file sharing. Who would have thought Sweden would end up the internet's free content haven? [Coming Aug. 17] Gallery: The Faces of Sweden's Pirate Wars The Evidence (.zip) Did the Motion Picture Association ask Swedish politicians to illegally intercede with law enforcement? Read the docs and decide for yourself. And barely a month after Swedish police raided their server room and carted two administrators and their legal help off in handcuffs, the lanky co-operator of the Pirate Bay -- the most popular and hunted piracy site in the world -- settles back to watch a pirated copy of Spanglish. Harbored by a country where 1.2 million out of 9 million citizens tell the census that they engage in file sharing, the Pirate Bay is as much a national symbol as it is a website. Protected by weak Swedish copyright laws, the Bay survived and grew as movie studio lawyers felled competing BitTorrent trackers one-by-one. Today it boasts an international user base and easily clears 1 million unique visitors a day. New movies sometimes appear at the top of the site's most-popular list before flickering onto a single theater screen. With its worldwide following, many here see the Bay as the devil on Sweden's shoulder, legitimizing contempt for intellectual property rights and threatening to saddle the country with a lasting reputation for international lawlessness. "It's very difficult to make people act legal when they've been doing something for some time," says Marianne Levin, professor of private law and intellectual property at the University of Stockholm. "In Sweden the debate (on file sharing) came very late." So when, on May 31, Swedish police finally arrived with a search warrant and carted off enough servers to fill three rental trucks, the entertainment industry was quick to proclaim victory. The Motion Picture Association of America issued a press release announcing a milestone. "The actions today taken in Sweden serve as a reminder to pirates all over the world that there are no safe harbors for internet copyright thieves," trumpeted MPAA chairman Dan Glickman. But the three stewards of the site -- 27-year-old Peter; Fredrik Neij, 28; and Gottfrid Svartholm, 21 -- were already preparing their response. Coordinating with volunteers around the world in an IRC chat room, the trio scrambled to relaunch the Bay at a new location. Peter -- a slim, dark haired, dark eyed geek -- didn't sleep in those first few days, fielding a stream of phone calls from the press while confronting the technical challenge of resurrecting a high-traffic site with a partial database and all-new hardware. "They stole most of our backups as well," he says. "I managed to get some backups out of the servers while the police were in the building." (Peter wasn't arrested with the others, and remains anonymous.) They took the reconstructed data to temporary hosting in the Netherlands, and three days after the raid, the Pirate Bay reappeared on the internet. So fast was the Bay's rebound that some news articles reporting the site's demise went to print after it was back up, recalls Peter. The resuscitated site had a few glitches, but the resurrection was remarkable in that it had never really happened before; when the major American rights holders take a website down, it stays down. The pirates delivered a victory message to the MPAA, and the Swedish equivalent, APB, through the site's reverse-DNS, which now read: hey.mpaa.and.apb.bite.my.shiny.metal.ass.thepiratebay.org. Thanks to the press generated by the raid, the Pirate Bay instantly became more popular than ever. The Bay's T-shirt vendor alone now has four people working full time to fill orders for apparel sporting the site's pirate ship logo, and a skull-and-crossbones with a cassette tape as the skull. "They are behind something like 2,000," says Neij. "They are working day and night." The pirates have since moved the Bay's hosting back to Sweden, where they've built technological bulwarks against another takedown, law-hardening the Bay's network architecture with a system of redundant servers that spans three nations. Shutting down the site in any single country will only cripple the Pirate Bay for as long as it takes for its fail-over scripts to execute, a gap measurable in minutes. The various servers' locations are obscured behind a load balancer configured to lie, the crew says. Once the failsafe is triggered, a determined adversary with an international team of litigators might be able to track down the servers, but by that time -- according to the plan -- the pirates will have deployed mirrors in even more countries. In theory, the corporate lawyers will eventually tire of this game of international copyright Whack-A-Mole. With all that in place, crew member Fredrik Neij says he welcomes the possibility of another raid. "I really want the pleasure of it being down three minutes, then up again." Next: Made in Mexico The Pirate Bay was born in the late summer of 2003, in a plain motherboard box in Mexico with a slow radio uplink to the net. Founder Gottfrid Svartholm was working as a programmer for a security consultancy on a one-year assignment in Mexico City, when he volunteered to help a Swedish file-sharing advocacy group called Piratbyran set up its own BitTorrent tracker. Svartholm's spare bit of caseless hardware wasn't meant to be extraordinary -- it was just meant to be a specifically Swedish site. He chose the name Pirate Bay to make clear what the site was there for: no shame, no subtlety. These people were pirates. They believed the existing copyright regime was a broken artifact of a pre-digital age, the gristle of a rotting business model that poisoned culture and creativity. The Pirate Bay didn't respect intellectual property law, and they'd say it publicly. It didn't take much for the nascent piracy site to saturate its 512-Kbps pipe, and for Svartholm's employers, the owners of the radio link, to start complaining. Fredrik Neij became involved in 2004 when Svartholm moved the tracker to Sweden and put it on a better connection. Peter joined soon after to help translate and grow the site. For Peter, the project returned him to his formative years. As a child his mother took ill, and the responsibilities of caring for her took over most of his life. After he dropped out of school, he found the only place he could be a kid, and socialize as one, was Sweden's vibrant bulletin board and demo scene. The modem was a lifeline for Peter, and he says he didn't understand for many years that much of what transpired on the boards -- swapping files, talk about hacking, and cracking copy-protected software -- were becoming serious crimes. That his world of sharing and knowledge could be seen as prosecutable wrongdoing was a shock to his system, he says -- one that today informs his certitude that copyright enforcement is an assault on expression itself. "There is not a cause closer to my heart," Peter says. "This is my crusade." As Peter worked to grow the site, Mikael Viborg became the Bay's legal adviser, explaining Swedish IP law to the crew over IRC. It was Viborg's legal advice that lead to the Bay's first defining feature: a gallery of threatening letters sent in by lawyers for movie studios, video-game makers and other rights holders, side-by-side with the crew's mocking replies. For Peter, that's when the Pirate Bay became part of a movement, and Neij is still obviously proud of the effort. "They are rude in a polite way," he says. "We are rude in a rude way back at them." In the meantime, big media's method of polite rude was working in the rest of the world. The U.S. Supreme Court was reviewing the legality of file-sharing networks like Grokster and Morpheus, and would eventually rule against them. Challenges to copyright term extensions failed, the RIAA was suing file sharers by the thousands, and rights holders groups were pushing an aggressive public education campaign, equating file sharing to stealing. Impassioned pleas from movie makers and musical artists greeted a public that was increasingly getting the idea -- even if they didn't stop downloading, they were at least feeling guilty about it. Against this backdrop, the Pirate Bay crested the world of file sharing through attrition. One by one, most of the peer-to-peer networks went away. (LimeWire, one of the few survivors, was sued by the RIAA last week.) BitTorrent tracker search engines fell next -- sites like Suprnova.org and Elite Torrents crumbled under legal threats and raids. The remaining few, including Isohunt and TorrentSpy, now have policies of removing torrents for infringing content upon request. They're being sued anyway. That leaves the Pirate Bay as the lone civil dissenter. It neither operates in a black market nor lays claim to a loophole of international law. Like its progenitor organization, Piratbyran, the administrators of the Pirate Bay believe the law is wrong. Next: Political scandal, and the Pirate Bay's buried treasure But the attention it's garnered as a surviving piracy hub has not always been good for the Pirate Bay or its opponents, and both sides have recently been dogged by scandal in the glare of Sweden's media spotlight, pulling the sympathies of Swedes back and forth. The Pirate Bay's jaunty image was blemished when a July 5 article in the Swedish daily paper Svenska Dagbladet revealed the site's hidden financial life for the first time. Posing as an internet firm seeking advertising on the Bay, the paper phoned Eastpoint Media, which sells banner ads for the Pirate Bay in Scandinavia. Eastpoint revealed to the reporter that they place 600,000 Kr of ads per month -- about $84,000 U.S. Eastpoint takes 50 percent of that off the top, and part of the remainder likely goes to Random Media, a Swiss company that directly manages all the Bay's ad placements. But the implication of the report was clear -- a website ostensibly dedicated to a selfless ideal, and which solicits donations, was turning a tidy profit. "The general perception is that they are doing something good ... they've always had this image, very ideological," says Tobias Brandel, the reporter who broke the story. If the Pirate Bay turns out to be a collection of businessmen profiting off of piracy via porn ads and online poker, it would lose popular support in the moralistic Swedish society. And if the Pirate Bay's crew is eventually convicted of copyright crimes "they will have a much harder punishment," says Brandel. Scandinavia accounts for around 35 percent of Pirate Bay traffic, according to Peter. It's unclear how much additional money the site makes on ads sold elsewhere. And no one is saying where the ad money goes. Donations and profits from T-shirt sales go to Piratbyran, but ad sales do not. Peter declines to say more, on advice of the Pirate Bay's defense counsel. This month Eastpoint released a statement saying it's terminating its relationship with the Bay. The Pirate Bay's enemies might rejoice over the national controversy, if some weren't embroiled in a scandal of their own, centered on U.S.-led lobbying efforts that preceded the Pirate Bay raid. The Swedish constitution erects a legal wall between politicians and law enforcement: The politicians can tell police what issues to emphasize, but not what cases to pursue. So questions emerged in June when leaked documents appeared in the Swedish media that showed entertainment lobbyists with the MPA -- the MPAA's international arm -- had explicitly pushed for political interference. "As we discussed during our meeting, it is certainly not in Sweden's best interests to earn a reputation among other nations and trading partners as a place where utter lawlessness with respect to intellectual property rights is tolerated," MPA's John Malcolm wrote in a letter to Dan Eliasson, state secretary to the minister for justice. "I would urge you once again to exercise your influence to urge law enforcement authorities in Sweden to take much-needed action against The Pirate Bay." The minister's office denies that it acted on the MPA's request, which would constitute the Swedish crime of ministerstyre. Law enforcement officials have agreed that they weren't subject to political pressure. But the timing of the raid is raising eyebrows. The letter from Malcolm is dated March 17. Eliasson replied on April 11, and the Pirate Bay was raided on May 31. Whether politically compelled or not, the raid was undeniably aggressive. Swedish prosecutor Hakan Roswall directed police to seize nearly 200 servers -- everything at three locations of Svartholm's and Neij's ISP business, prq.se. The forensic work required to get through the gigabytes of seized data isn't expected to be complete before December. Once the evidence has been analyzed, the pirates will face an uphill court battle, predicts legal researcher Viveca Still, a faculty member at the Institute of International Economic Law in Helsinki. "Pirate Bay is likely to be held liable for secondary copyright infringement," she says. "A good indication is a recent court decision in Norway, according to which linking to illegal content was contributory infringement." (Swedish courts can site Norwegian precedent.) But as the case unfolds, there is nothing preventing the Pirate Bay from continuing -- the raid was an evidence-gathering mission only, there's no court order against the site. That leaves it far from clear that the courts will shutter the Pirate Bay before the inevitable march of technology does the job itself. Once charges are filed, it could be many months before the trial starts. Appeals in the Swedish legal system aren't likely to be exhausted for three to five years after that. By then, BitTorrent will no longer be the prime mover of pirated content online, says Neij. "The Pirate Bay will outlive its usefulness." Secrets of Pirate Bay, part two: The national movement behind the Pirate Bay, and the copyright enforcers determined to stop them. From rforno at infowarrior.org Wed Aug 16 09:41:34 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Aug 2006 09:41:34 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?FCC_Questions_TV_Stations_on_=8C_F?= =?iso-8859-1?q?ake_News_=B9?= Message-ID: FCC Questions TV Stations on ?Fake News? >From Associated Press, August 16, 2006 http://www.freepress.net/news/17117 The Federal Communications Commission has mailed letters to the owners of 77 television stations inquiring about their use of video news releases, a type of programming critics refer to as ?fake news.? Video news releases are packaged news stories that usually employ actors to portray reporters who are paid by commercial or government groups. The letters were sparked by allegations that television stations have been airing the videos as part of their news programs without telling viewers who paid for them. FCC Commissioner Jonathan Adelstein said Tuesday the letters ask station managers for information regarding agreements between the stations and the creators of the news releases. The FCC also asked whether there was any ?consideration? given to the stations in return for airing the material. ?You can?t tell any more the difference between what?s propaganda and what?s news,? Adelstein said. The probe was sparked by a study of newsroom use of material provided by public relations firms. The study, entitled ?Fake TV News: Widespread and Undisclosed,? was compiled by the Center for Media and Democracy, a Wisconsin-based nonprofit organization that monitors the public relations industry. When stations air video news releases, they are required to disclose to viewers ?the nature, source and sponsorship of the material that they are viewing,? according to the FCC. The rules were prompted by payola scandals of the past, in which broadcasters accepted money from companies to hype their products without labeling the effort as advertising. Diane Farsetta, senior researcher with the Center for Media and Democracy and co-author of the study, said that did not appear to be the case in the study but that ?the main reason is economy. These are free stories that are given to stations that are continually under-resourced.? Farsetta said despite the publicity, stations are continuing to air releases without disclosure. Stations that received the letters have been given 60 days to respond. If the FCC decides they have violated the rules, punishment could include fines or license revocation. From rforno at infowarrior.org Wed Aug 16 12:03:12 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Aug 2006 12:03:12 -0400 Subject: [Infowarrior] - ICANN Renews Contract for DNS administration w/US DOC Message-ID: August 16, 2006 Agency That Supervises Internet Domain Names Renews Contract By VICTORIA SHANNON http://www.nytimes.com/2006/08/16/technology/16cnd-icann.html?pagewanted=pri nt The agency that supervises Internet domain names, Icann, has won a five-year renewal of its contract with the United States Department of Commerce, despite complaints that the relationship politicizes what should be a neutral global computer network. The existing contract for administering the technical infrastructure of the Internet expires Sept. 30, and the United States government has said for years that it wants the the agency, whose full name is the Internet Corporation for Assigned Names and Numbers, to eventually run the system without government oversight. Now, though, that independence will not come at least until 2011. Proponents of the renewal, which was finalized late Tuesday, testified at a hearing in Washington late in July that Icann, with a staff of about 50 and an annual budget of about $25 million, cannot be solely responsible for the Internet?s stability and security. But critics say the lingering government ties will keep American influence preeminent over issues like whether to allow a new class of domain names ending in .xxx, to denote pornography sites. Icann rejected that idea in May after the Commerce Department objected, though both the government and the agency said the decision was not political. Last year, the United Nations convened a meeting in Tunisia aimed at reaching a global consensus on how to run the Internet. At the end of a stormy debate, delegates agreed that Icann had a legitimate and necessary management function, implicitly leaving the United States government as the overseer. But they also condemned efforts to make Internet-name decisions political. The United Nations will sponsor another forum on Internet governance in Greece at the end of October. From rforno at infowarrior.org Wed Aug 16 21:13:40 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Aug 2006 21:13:40 -0400 Subject: [Infowarrior] - How To Keep Your Search History Private Message-ID: How To Keep Your Search History Private August 15, 2006 http://www.eff.org/deeplinks/archives/004868.php How can you help prevent damaging privacy invasions like AOL's data leak? Along with spreading the word about this debacle, you can take steps to protect yourself online. Beneath the fold, we've listed some tips and tools that will help keep your search history private. * Don't put personally-identifying information in your searches, at least not in a way that can be associated with your other searches. You should take the precautions below to avoid giving away your identity to your search engine anyway, but they're especially necessary if you want to do a search to see if your personal information has appeared online or want to do a vanity search for your name. * Don't use a search engine operated by your ISP. Most ISPs inherently know who their users are, at any given time and over the long run. If you use their default search tool, they know who you are and everything you search for. Use someone else's search tool instead. * Don't log in to a search engine account. If you use a web-based e-mail service or other services provided by your search engine -- such as GMail or Yahoo! Mail -- see below on cookies. * Don't accept cookies from your search engine. If you use a service like web-based e-mail that requires you to accept cookies, don't let the personally-identifying information in your e-mail get linked with your searches. For Firefox users, the free CustomizeGoogle extension will allow you to anonymize your search cookie without breaking GMail (see the "Privacy" tab in the CustomizeGoogle options). We're still looking for extensions that provide corresponding functionality for Yahoo!, MSN, and AOL users. You can also use Privoxy, although it's a bit more difficult to configure. * Use a separate browser or browser profile for search and for other activities. * Use an anonymizing proxy, or proxy network like Tor, to prevent search engines from learning your IP address, especially if your ISP gives you the same IP address each time you use the Internet. From rforno at infowarrior.org Wed Aug 16 22:33:42 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Aug 2006 22:33:42 -0400 Subject: [Infowarrior] - Banned musician, aged 12, lays siege to BPI HQ Message-ID: Banned musician, aged 12, lays siege to BPI HQ http://www.theinquirer.net/default.aspx?article=33734 Miffed miss is up in arms By INQUIRER newsdesk: Wednesday 16 August 2006, 16:37 12 YEAR-OLD singer-songwriter Amy Thomas staged a protest outside the headquarters of the British music industry yesterday, following a decision to ban her from a new school kids' music chart because of her views on downloading. Amy and a "flash mob" of 50 children gathered outside of the office of the British Phonographic Industry (BPI) for 15 minutes holding balloons with messages of support for the young singer. Amy had been chosen as one of ten young artists to feature on the My Music chart that launches in October across 1,400 UK schools. But her inclusion was blocked by the BPI after its snoops discovered she is signed to Flowerburger Records, an independent record label which is running an online petition drumming up oposition to the BPI's policy of suing music fans who use p2p websites. Amy gained a following of schoolies after posting details of her plight on kids' networking site Bebo. Its members are now encouraging each other to boycott the My Music chart in favour of Amy?s debut single, Just Smile, which is released the same week as the schools? chart. Holding a balloon with 'Just Smile' emblazoned across it, the publicity-seeking youngster said of the practice of downloading songs from P2P sites: "All my friends do it. It just seems like the natural thing to do." ? From rforno at infowarrior.org Wed Aug 16 22:40:06 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Aug 2006 22:40:06 -0400 Subject: [Infowarrior] - Is airport security futile? Message-ID: http://www.salon.com/opinion/feature/2006/08/17/airport_futility/print.html Is airport security futile? First it was tweezers, now mascara. Every penny spent confiscating makeup is a penny that could go toward law enforcement -- where it really matters. By Patrick Smith Aug. 17, 2006 | "The woman was carrying hand cream and matches but was not a terrorist threat." Those were the words of a Transportation Security Administration (TSA) spokesman after a United Airlines jet en route from London to Washington was diverted to Boston on Aug. 16. A 59-year-old passenger aboard flight 923 suffered a panic attack and became violently disruptive. Never mind that the Boeing 767 was escorted to Boston by fighter jets (what we used to call "air rage" has become a full-blown national emergency); the idea of hand cream and matches -- hand cream and matches -- becoming the focus of a TSA press conference, is clear evidence enough that our security hysteria has become unmanageable. News of last week's foiled London terror plot had finally begun to drop from the headlines, but not before spring-loading us to act like fools, and touching off massive changes in airport security that are destined to serve no real purpose. Liquids, gels and even certain cosmetics are no longer permitted aboard commercial flights in the United States. Prescription medicines and infant formula are exempt, but the list of contraband includes everything from drinking water to hairspray. Among the forbidden materials: mascara and liquid-filled baby teethers. On flights to and from the U.K., hand baggage was banned entirely for several days. Passengers may now bring aboard one small parcel no larger than 17 by 13 by 6 inches -- roughly the dimensions of a laptop case. Computers and music players are allowed, but they must be removed from luggage for separate inspection. It's difficult to tell how long the new prohibitions will last, or to what scope they might be expanded, but the rumblings are ominous. According to officials at TSA, the ban on liquids and gels is set to last indefinitely. Rumors have surfaced that laptop computers and other electronic devices could soon be restricted as well. Is airport security about to experience another, even more powerful paradigm shift than we saw in the aftermath of Sept. 11, resulting in even greater hassle than we're already used to? It's disheartening to think so, but certainly the stars are lining up that way. To properly get our arms around the folly of it all, we need to look back at what happened in 1995. I'm referring to the notorious "Oplan Bojinka" -- which I wrote about last week -- a conspiracy linked to al-Qaida that was broken up by Philippine police only days before 11 U.S. jetliners were targeted for destruction. The parallels between the Bojinka and London operations are truly remarkable, involving similar explosive materials and a strikingly similar modus operandi. Yet on the heels of Bojinka, airports remained calm. Passengers were free to step aboard with their cups of coffee and bottles of shampoo. This forces us to wonder: If it is truly in the interest of air safety to stop passengers from bringing the most basic and commonplace personal items on board, why was it not done the first time? Mostly because authorities then had sense enough to understand such rules would be highly disruptive, tediously work-intensive, and in the end not very useful. Ban what we may, it doesn't take the world's smartest criminal to realize there are an unlimited number of ways to smuggle a potentially dangerous item onto a plane: be it an improvised knife hewn from plastic, or explosives or flammables made from many different substances -- solids, liquids and powders. A person could spend all day concocting nefarious, and ultimately undetectable, instruments of destruction. "We can't keep weapons out of prisons. How can we hope to keep them out of airports?" poses Bruce Schneier, a prominent security expert and the author of "Beyond Fear." Eleven years ago we were sensible enough to accept this -- and it's not as if terrorism was something new, with the Lockerbie bombing and '93 World Trade Center attack still fresh in our minds. Lo and behold, no American planes were bombed with liquid explosives -- or any other kind -- in the interim. The true nuts and bolts of keeping terrorists away from planes, meanwhile, was going on out of view -- the responsibility of law enforcement and intelligence agencies, not part-time screeners at the airport. Numerous intelligence failures were brought to bear on Sept. 11, certainly, but unfortunately our initial reaction was to scapegoat airport security, whose role in the attacks was all but irrelevant. At the time, box cutters were not prohibited items. If they had been, the hijackers would have fashioned some other weapon. The X-ray machine and metal detector are what they are: a serviceable final line of defense, chiefly helpful for keeping obvious weapons -- a handgun, for example -- away from commercial aircraft. They are not, and we should not expect them to be, front-line anti-terror tools. "Terrorism needs to be stopped at the planning stages. That's where our security can do the most good," Schneier says. "By the time the terrorist gets to the airport -- or the shopping mall, or the crowded movie theater -- it's too late." To wit, neither the Bojinka plotters nor the London cabal ever made it to the airport. They were outfoxed ahead of time through the hard work of behind-the-scenes investigators. Real security isn't glamorous. It doesn't result in splashy news stories and footage of stranded travelers sleeping on terminal floors. And every penny spent confiscating mascara is a penny that could be spent elsewhere in the security hierarchy. The key is getting the most bang for your security buck, and you're not getting a whole lot of bang -- and you're losing a whole lot of bucks -- with yet another clampdown on this or that dangerous item du jour. "Exactly two things have improved airplane security since 9/11," Schneier says. "Reinforcing the cockpit door and teaching passengers that they need to fight back. Everything else has largely been a waste of money." I would add the screening of checked luggage to that list of improvements. Not long after Lockerbie (and the tragic bombing of UTA flight 772, I should add, nine months later), Europe began scanning all checked suitcases for explosives. Finally, after Sept. 11, we introduced similar measures. Inspection is not yet comprehensive at all airports, but even partial scanning is better than none at all, and long overdue. An analogous system for carry-ons -- one that searches more exclusively for explosives rather than fussing with scissors and soda bottles -- would be equally beneficial, but thanks in part to a legacy of procrastination and wasting our money elsewhere, it's a long way off. Until that day should come, we have to ask: Is it reasonable that our reaction to a threat, already known about for many years, is to ban drinking water and shaving cream from airplanes? Really, is that reasonable? The bureaucrats in Washington, ultimately responsible for coming up with the latest strictures, seem to think so, even as many airport operators and security personnel sharply disagree. "The levels of incompetence and waste at the TSA and Department of Homeland security are truly frightening," says the manager of a midsize regional airport. The manager, who asks that his name not be revealed, tells a story of comical incompetence as the news from London filtered in. "We were given a security directive with no instructions or guidelines on how to implement it." On a conference call, high-ranking TSA staff in Washington were not aware of even basic definitions pertaining to security zones and screening protocols. At one point, airports were told the ban on liquids even applied to aircraft refueling trucks. "The TSA people did not know the difference between a SIDA [Security Identification Display Area], a Sterile Area, and a Secured Area. You would think in the last five years they would have learned some of this." TSA did not respond to calls or e-mails for this article. Presumably its staff is busy handling fallout from a Department of Homeland Security study claiming the TSA's much vaunted shoe inspections, a security staple for the past four and a half years, aren't really effective. TSA ramped up the X-raying of footwear as part of its post-London pageantry and insists the procedures are valuable. Now, imagine the impact on the airlines should prohibitions be expanded. The industry has already posted $35 billion in losses since Sept. 11, and an unknown number of high-end business travelers, historically the airlines' most valuable customers, have migrated to private aviation, where fractional ownership programs offer a relaxed and increasingly inexpensive alternative to the madness of hub connections and the ransacking of carry-ons. Bring in the sorts of draconian rules some people are talking about, such as banning laptop computers, and you'll likely see a mass exodus of business fliers. Simultaneously, as the hassle factor climbs, flying becomes less and less attractive for the leisure traveler, especially on short-haul routes. Airlines have remained mostly silent thus far. Traditionally, it's not in the industry's best interests to speak out against anything perceived as bettering security. But they can't be pleased. The nation's carriers have been footing the bulk of the airport security bill since 2001, passing along the expense to passengers through unpopular ticket taxes and surcharges. Those costs will be increasing. (In London, on the other hand, British Airways is considering a lawsuit against the British Airports Authority, operator of Heathrow Airport, for security-related cancellations stemming from the new screening policies.) "Aviation security is national security," says a spokesperson from the Air Transport Association. "The burden of paying for that protection should be borne by all. We believe that using an array of procedures offers the best security available. We support continued R&D and are always looking for new technologies. Constantly evolving, layered, intelligent, and random measures are essential components of any effective security program." But for all the scorn we're able to heap on our government overseers, there remains the issue of public complicity. There's a consensus among many travelers that swapping a few minutes of convenience and dignity for an added buffer of security, perceived or real, is a worthwhile exchange. "Better this than being blown up," were the words of one passenger, speaking to a reporter from the Boston Globe. "It's an inconvenience, but it's necessary." This sentiment has been echoed far and wide. Taking the opposite view can get you labeled a criminal sympathizer. "I got into some pretty heated conversations at Heathrow," one flier tells Salon. "My use of the phrase 'shutting the gate after the horse has bolted' got me branded a terrorist in the middle of a crowded pub." The safety vs. convenience tradeoff makes for an effective sound bite, but in truth it's a slippery slope that traps us in an unwinnable shell game: In the aftermath of Sept. 11 our focus on was sharp objects, until a renegade Brit named Richard Reid wore his explosive sneakers past guards at Charles de Gaulle. Now it's sharp objects, sneakers and liquids too. With Bojinka in mind, shouldn't we also outlaw light bulbs, cotton balls, batteries and watches, since those were critical elements in Ramzi Yousef's microbombs? Some would say yes. Some are saying yes. Where to draw the line? Reasoned thinking isn't good enough for a segment of the populace obsessed with safety and the specter of terrorists. We expect that every flicker of our color-coded alert will be met with more and more layers of protection -- even when that protection drives us crazy, and even when it serves no useful purpose. We are following this path deeper and deeper into absurdity. -- By Patrick Smith From rforno at infowarrior.org Wed Aug 16 23:06:46 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Aug 2006 23:06:46 -0400 Subject: [Infowarrior] - Attrition on the AOL query snafu Message-ID: the AOL search history DB snafu and why you should NOT be surprised Wed Aug 16 19:15:24 EDT 2006 < snip > http://attrition.org/news/content/06-08-16.001.html From rforno at infowarrior.org Thu Aug 17 08:47:16 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Aug 2006 08:47:16 -0400 Subject: [Infowarrior] - Flaw finders to software makers: It's payback time Message-ID: Flaw finders to software makers: It's payback time By Joris Evers http://news.com.com/Flaw+finders+to+software+makers+Its+payback+time/2100-10 02_3-6106593.html Story last modified Thu Aug 17 05:02:45 PDT 2006 Bug hunters are turning the tables on software makers in the debate over reporting flaws. In recent years, software companies have hammered out rules with researchers on disclosure, which cover how and when vulnerabilities are made public. Now flaw finders want something in return: more information from software providers on what they are doing to tackle the holes the researchers have reported. "We have gone from the old 'full disclosure' to 'responsible disclosure' debate, to a debate over 'The vendor has the information--what does it do with it?'" said Steven Lipner, senior director for security engineering strategy at Microsoft. Software vendors need to establish protocols for interacting with researchers who share bug information, experts said. If they don't, they could risk losing the progress that has been made towards responsible disclosure of flaws. Many bug hunters now understand and follow the "responsible disclosure" guidelines advocated by software companies. Under this approach, a researcher who uncovers a flaw will, as a first step, contact the maker of the affected software and share details of the vulnerability. In the past, researchers tended to favor full disclosure, in which they would publish details of security flaws they had found on mailing lists or on security Web sites, regardless of whether a fix was available. However, companies want to keep bug details under wraps at least until a patch is ready. They argue that with a patch, users of the flawed software can plug the hole and protect themselves against possible attacks. By contrast, with full disclosure vendors are sent scrambling to fix a flaw, while customers are exposed. "The tension has always been the same," said Gartner analyst Paul Proctor, who moderated a panel discussion on disclosure at the recent Black Hat security conference. "Researchers want the vendors to be more aggressive, and the vendors want the researchers to show more discretion. While they both have the same goal of a more secure Internet, their perspectives are different." Brick wall While many researchers now follow responsible disclosure practice, some feel that their conscientiousness is not being reciprocated. In many cases, the say, they run into a brick wall or get a limited response at the software maker, which pays them little respect for their work. "There is nothing more frustrating then trying to help a vendor secure its product in good faith and not getting decent communication back in return," said Terri Forslof, security response manager at TippingPoint, which sells intrusion prevention systems. Forslof is responsible for sharing flaw details with vendors through TippingPoint's Zero Day Initiative bug bounty program. Others agree: Her comments echo the sentiments expressed by many researchers at the Black Hat panel discussion There is a simple recipe for satisfying flaw finders, Forslof said. A company should acknowledge the issue; provide ongoing information on the status of a fix; and be open with the researcher about the processes involved in producing an update. "An open line of communication is essential," said Michael Sutton, one of the Black Hat panelists and director of VeriSign's iDefense, which deals with software makers and vulnerability researchers. "It is the vendor's responsibility to proactively update the researcher on a regular basis on the progress that is being made in patching the issue." Much progress has been made, and security researchers and software makers are working better together today than ever before, said Proctor. However, many companies need better processes for dealing with bug hunters, he said. "I would like to see the growth of aggressive, formalized programs to work with researchers who find vulnerabilities," Proctor said. Flaw finders who contact software vendors are typically well-intended security professionals, or enthusiasts who like to test the vulnerability of software. Several companies, including TippingPoint and iDefense, pay researchers for flaws they find and use the information in products to protect their clients' systems. Adverse effect? But complying with researchers' request for more information is not that easy, John Stewart, chief security officer at Cisco Systems, said during the Black Hat discussion. Acknowledging a potential flaw might have an adverse effect on security, he said. "We can create undue attention onto something that might hurt our customers," Stewart said. "If we know, to the best of our knowledge, that there is a weakness in our product, we're attempting not to draw further attention to it." Companies all operate differently when it comes to dealing with bug hunters. Microsoft has set a good example, accepting that it needs to work with the security community, Proctor said. "Cisco is moving from anger to acceptance, and Oracle from denial to anger," he said. Cisco has worked hard to get into the good graces of the hacker community. It threw a party at a Las Vegas nightclub for Black Hat attendees and sent senior security staff to the event. That's in contrast to the previous year, when the networking giant sued a security researcher and alienated itself from the community to the extent that T-shirts with anti-Cisco slogans sold well at the Defcon hacker event that follows Black Hat. Oracle appears to be easing up a little on the security front. Its chief security officer is now blogging, and the enterprise software company is talking to the press about security topics. However, it is still often critiqued for its unwillingness to deal openly with researchers. Without communication, vendors risk losing the progress made toward responsible disclosure. Turned off by a cold response, bug hunters increasingly put pressure on software companies and go public with flaws, instead of going the responsible route, said Tom Ferris, an independent security researcher in Cupertino, Calif. "I see more researchers not work closely with vendors and just giving them a 30-day grace period before going public with the flaws," Ferris said. From rforno at infowarrior.org Thu Aug 17 08:48:26 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Aug 2006 08:48:26 -0400 Subject: [Infowarrior] - A Nation Divided Over Piracy Message-ID: A Nation Divided Over Piracy http://www.wired.com/news/technology/1,71544-0.html By Quinn Norton 02:00 AM Aug, 17, 2006 STOCKHOLM, Sweden -- Last Jan. 1, almost on a whim, 35-year-old IT manager Rickard Falkvinge got into politics. Concerned about the reach of copyright and patent law, Falkvinge erected a web page with a sign-up form for a radical new pro-piracy party to compete in Sweden's parliamentary system. He didn't know if anyone would care, but the next day the national media picked it up, and two days later international media started calling. The site was flooded with new members -- enough for the nascent movement to sail past the requirements for participation in the national election. Falkvinge now faced a decision: stay with his nice job and let the whole thing quietly sink, or quit and become a campaigning politician. He chose to become the leader of Sweden's newest and fastest-growing political party: Piratpartiet, or the Pirate Party. Special Report: The Pirate Kings of Sweden Secrets of the Pirate Bay Efforts to sink the word's largest BitTorrent tracker have backfired into political scandal, and spurred even more downloading. But the three guys behind the Pirate Bay are facing a national controversy of their own. A Nation Divided over Piracy The Pirate Bay survives, and politicians and entertainment lawyers confront a youth movement that embraces file sharing. Who would have thought Sweden would end up the internet's free content haven? Did the Motion Picture Association ask Swedish politicians to illegally intercede with law enforcement? Read the docs and decide for yourself. Striding through the narrow, cobbled streets of Gamla Stan, Falkvinge looks nothing like a politician in his "Pirat" baseball cap and polo shirt. "We have a lot in common with the environmental movement," he says. Where environmentalists see destruction of natural resources, the pirates see culture at risk. "(We) saw a lot of hidden costs to society in the way companies maximize their copyright." Falkvinge is interrupted by a passing teenager. She's a young punk, with green dreads and a jacket covered in an indistinguishable combination of angry quips and band names -- in short, exactly the type who once would have spent her disposable income on music. She takes out a piece of notebook paper and asks Falkvinge for an autograph. Lawyers, academics and pirates agree: File sharing is an institution here. Sweden has faster broadband with deeper penetration than just about anywhere in the world. That, combined with the techno-friendly attitude that pervades Scandinavia and a government slow to take any kind of action, allowed file sharing to root deeply in practice and popular culture. In March, game show contestant Petter Nilsson won the politically themed Top Candidates show by delivering speeches supporting file sharing, and committing to donating 20 percent of his $30,000 winning to the Pirate Bay. A cultural minister from a southern Sweden municipality admitted in June to the newspaper Svenska Dagbladet that he downloaded music on a daily basis, and called for more adults to "come out of the file-sharing closet." Last May's raid on the Pirate Bay sparked street protests and cyberattacks on government websites. But it was the spike in the Pirate Party's numbers after the raid that might have the most lasting consequences for Sweden. Membership shot past the nation's Green Party, which holds 17 seats in the Riksdag, Sweden's parliament. There's no guarantee that membership will translate into votes, but the pirates have raised enough funds to print 3 million ballots for next month's election, and they have enough volunteers to get them out to all the polling places. This week, the Pirate Party broke out its own version of a chicken in every pot when it endorsed a low-cost, encrypted anonymizing service offered by a Swedish communications company called Relakks. For 5 euros a month, a portion of which goes to the party, anyone can share files or communicate from a Relakks IP address in Sweden, potentially complicating efforts to track downloaders. The party endorsement generated enough interest to cause performance issues on the new service. Falkvinge may be learning the ropes of glad-handing and political speechmaking, but a guileless fan boy slips out when I introduce him to the founders of Piratbyran -- the pro-piracy group that created the Pirate Bay in 2003, and inspired Falkvinge's foray into renegade politics. He introduces the punk girl that recognized him to co-founder Rasmus Fleischer with a hurried explanation -- "Piratbyran, Piratbryan!" -- and Fleischer soon finds himself autographing another piece of notebook paper, looking confused. Piratbyran, or "Pirate Bureau," is hard to nail down as an organization. It is best described as an ad hoc pro-piracy think tank, but Fleischer's partner in the effort, Marcus Kaarto, won't even go that far. "We're like a gas," Kaarto says, laughing. "You can't get a hold on us." Founded in 2003, Piratbyran is older than the Pirate Bay and the Pirate Party. The group has 58,000 members registered on its website, but its structure is informal, and no one seems to know exactly how much money it has. It gets by on donations, including contributions through the Pirate Bay -- with which it is no longer officially affiliated. Kaarto and Fleischer aren't the typical think tank or political types. Fleischer is a classically trained musician and former leftist journalist; Kaarto plays poker for a living. They are comfortable and funny twenty-somethings in cargo shorts, dark T-shirts and imprecise haircuts -- blending artist and geek in a way that is uniquely European. They walk me around Soder, the island in the middle of Stockholm that went from working class to gentrified bohemian in the '80s. Eventually we land in Medborgarplatsen, a square that hosts Stockholm's large communist May Day demonstration every year, and entertainment/retail the rest of the time. This night it's full of cafe-goers, and posters advertising the new Pirates of the Caribbean movie -- a film destined to break box office records and top the downloading charts at the same time. Over the din, Fleischer says the Piratbyran's message isn't so much about fighting the copyfight as explaining to the other side that they've already lost. "Their business model won't work with digital technology," he says. In Fleischer's world, the Motion Picture Association of America and rights holders are attacking digital technology itself, trying to hang on to an outdated model. "It's an inevitability that digital data will be copied.... The alternative to peer-to-peer piracy is person-to-person piracy," he says. While some online pirates take pains to distinguish themselves from those who sell counterfeit DVDs and CDs, he sees such physical bootlegging as just "a symptom of underdeveloped computer networks." When asked about compensation for artists, both men reject the language itself. No artist sits down to "create content," Fleischer says. "Culture has always been heterogeneous," and money is only one way of rewarding creativity. The idea of a rights holder, like a record label or movie studio, that patronizes and distributes human creativity is, for Fleischer, "a very strange utopia that has never existed." But Piratbyran is not dedicated to copyright or patent abolition -- it has no legislative agenda. It holds a nuanced view of the created work itself: Each work must find its own social and economic niche. "I don't think of this (as) the big battle," says Fleischer, "but thousands of microbattles." Part of the surprise of Sweden is how far this approach has gotten them. Kaarto and Fleischer are quoted in the press frequently, often accorded the same respect a law professor would receive in the United States. Last year the pair co-edited Copy Me, a collection of essays about intellectual properly; the first run of 2,300 sold out, and another is on its way. Their positions find fertile ground in politics and public opinion. Piracy is the subject of serious debate here, rather than crime-busting press releases. And copyright's defenders find themselves in an uphill battle for the soul of the nation. Attorney Monique Wadsted, the MPAA's representative here, has the hardest job in Sweden -- not just to try to enforce copyright under an indifferent and occasionally hostile regime, but to convince the average Swede that file sharing is wrong. She meets me in a corner conference room in her office high above a square full of Scandinavian hipsters and the punky goth kids of Stockholm. With a knit brow, she explains that she never expected Sweden to become a rogue nation. "(It's) become a copyright haven, a territory where you spread everything without fear of prosecution," Wadsted says. Wadsted knows Fleischer -- she recently stood in a public debate with him at the formal opening of Sweden's election campaign season. She was not impressed. "Nobody has ever presented a good argument why this should be free.... They like to talk about music; they have a problem with (talking about) movies, because movies cost a lot to make." Movies are Wadsted's passion, as well as her job, and she seems prepared to throw herself bodily between the medium she loves and the pirates who threaten its financial lifeblood. As a child, "I would see (movies) with my family ... or sneak off to see them on my own, all the time," she says. And if file sharing and the Pirate Bay had existed when she was young? She confesses she doesn't know if she'd have been a downloader herself. "Would I have known any better at 14?" she muses, leaving the question unanswered. What's certain is she'd like to see the Pirate Bay's crew in jail. The copyright fight is getting tense in Sweden. Wadsted speaks emotionally of threats made against her and anti-piracy spokesman Henrik Pontien. She says her address has appeared online, accompanied by talk of firebombing. Ugly suggestions have been made against Pontien and his children. Wadsted says she knew she was opening herself up for criticism by becoming the public face of the MPAA in Sweden, but the experience has clearly frightened and shocked her. The Pirate Bay's crew hasn't been spared much from the other side. They've been called gang members, terrorists and even child pornographers. While they laugh whenever the subject comes up, they too seem incredulous that the debate has come to this point. There's no evidence that extremists on either side will take violent action, but the idea that a previously obscure area of law excites such fanatical rhetoric was unthinkable before file sharing. Sweden stands at a crossroads. "There will be many Pirate Bays if this case doesn't succeed," says Marianne Levin, professor of private law and intellectual property at the University of Stockholm. Everyone -- pirates and lawyers and politicians -- agrees: Sweden probably won't continue to be friendly ground for overt pirates if the Pirate Bay is convicted. That's the point of pursuing its operators. But even with a victory in court, Levin and her doctoral research students acknowledge that Swedish file sharing isn't going to stop. They talk a lot about alternatives: mitigation and compromise. One oft-proposed solution would levy a tax on internet access that would be redistributed to artists -- but as distinctions between professionals and amateurs get more fuzzy, it's harder to make such a system fair. A tax would also mean more payouts to the porn industry than is politically feasible, points out legal researcher Viveca Still, a faculty member at the Institute of International Economic Law in Helsinki, Finland. That's one reason Still joins many academics in advocating a technological solution: digital rights management, or DRM, in which music and movie players -- software or hardware -- would simply refuse to cooperate with pirates. But a strict DRM regime has problems, too: For one, it would require hard-coded limits on digital technology itself. "This would lead to outlawing digital technology ... the Turing machine (itself)," says Piratbyran's Kaarto. This is a price too high for society to pay to protect intellectual property, according to DRM opponents. If piracy's foes offer flawed solutions, Sweden's pirates concede that their own vision isn't utopian. Parting with many copyright minimalists in the United States, Piratbyran acknowledges that file sharing can do real harm to rights holders. When Kaarto and Fleischer discuss this aspect of their movement, their flippancy fades, and their mood becomes reflective. Fleischer tells the story of Swedish jazz in 1962. When pop music came to Sweden, it hit hard enough that in a single summer most of Sweden's jazz artists were left scrambling for a livelihood. Just as silent movies destroyed theater, then talkies left the silent stars unemployed, progress, he hints, always creates losers as well as winners. But progress has to be accommodated anyway, says Kaarto. "You have to change the map, not the world." Later, the Pirate Bay's Peter (who doesn't want his last name revealed, in part for fear it would endanger his day job) is dining with a crew of pirates from all over Europe. Over tabbouleh and sausage, the talk turns to strategy: how to create media events, awareness campaigns, educational programs to let people know that piracy isn't about free movies -- it's about clearing the way for culture to progress. Peter talks about expanding the Pirate Bay beyond the current 25-language translation. He turns to me, with bright eyes: "We want to make a Pirate Bay for kids!" Sebastian Gjerding of Denmark's Piratgruppen warms to the idea, and starts talking about designing a poster to hang in schools, teaching children how to share files. The pirates bandy about names for the campaign and seem, for the moment, to settle on "iCopy." Later, I'm in Peter's old BMW station wagon. "One day, all these cars will run on hydrogen," Peter proclaims, gesturing around Malmo. "How will they make the hydrogen?" I ask. He answers quickly, smiling, "I don't know!" But, he assures me, they will and it isn't his problem to figure out how. It's not the problem of the pirates, he tells me later, to figure out how to compensate artists or encourage invention away from the current intellectual property system -- someone else will figure that out. Their job is just to tear down the flawed system that exists, to force the hand of society to make something better. If the next thing isn't good enough, they will tear that down, too. ? From rforno at infowarrior.org Thu Aug 17 12:36:16 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Aug 2006 12:36:16 -0400 Subject: [Infowarrior] - Federal Judge: Warrantless Wiretaps Illegal Message-ID: Judge Nixes Warrantless Surveillance Aug 17, 12:10 PM (ET) By SARAH KARUSH http://apnews.myway.com/article/20060817/D8JI9A281.html DETROIT (AP) - A federal judge ruled Thursday that the government's warrantless wiretapping program is unconstitutional and ordered an immediate halt to it. U.S. District Judge Anna Diggs Taylor in Detroit became the first judge to strike down the National Security Agency's program, which she says violates the rights to free speech and privacy. The American Civil Liberties Union filed the lawsuit on behalf of journalists, scholars and lawyers who say the program has made it difficult for them to do their jobs. They believe many of their overseas contacts are likely targets of the program, which involves secretly taping conversations between people in the U.S. and people in other countries. The government argued that the program is well within the president's authority, but said proving that would require revealing state secrets. The ACLU said the state-secrets argument was irrelevant because the Bush administration already had publicly revealed enough information about the program for Taylor to rule. From rforno at infowarrior.org Thu Aug 17 12:44:13 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Aug 2006 12:44:13 -0400 Subject: [Infowarrior] - Text of Taylor's Ruling on NSA wiretapping Message-ID: Judge Anna Diggs Taylor?s opinion is online at: http://www.mied.uscourts.gov/eGov/taylorpdf/06%2010204.pdf From rforno at infowarrior.org Fri Aug 18 09:12:40 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Aug 2006 09:12:40 -0400 Subject: [Infowarrior] - The FBI's Upgrade That Wasn't Message-ID: The FBI's Upgrade That Wasn't $170 Million Bought an Unusable Computer System http://www.washingtonpost.com/wp-dyn/content/article/2006/08/17/AR2006081701 485_pf.html By Dan Eggen and Griff Witte Washington Post Staff Writers Friday, August 18, 2006; A01 As far as Zalmai Azmi was concerned, the FBI's technological revolution was only weeks away. It was late 2003, and a contractor, Science Applications International Corp. (SAIC), had spent months writing 730,000 lines of computer code for the Virtual Case File (VCF), a networked system for tracking criminal cases that was designed to replace the bureau's antiquated paper files and, finally, shove J. Edgar Hoover's FBI into the 21st century. It appeared to work beautifully. Until Azmi, now the FBI's technology chief, asked about the error rate. Software problem reports, or SPRs, numbered in the hundreds, Azmi recalled in an interview. The problems were multiplying as engineers continued to run tests. Scores of basic functions had yet to be analyzed. "A month before delivery, you don't have SPRs," Azmi said. "You're making things pretty. . . . You're changing colors." Within a few days, Azmi said, he warned FBI Director Robert S. Mueller III that the $170 million system was in serious trouble. A year later, it was dead. The nation's premier law enforcement and counterterrorism agency, burdened with one of the government's most archaic computer systems, would have to start from scratch. The collapse of the attempt to remake the FBI's filing system stemmed from failures of almost every kind, including poor conception and muddled execution of the steps needed to make the system work, according to outside reviews and interviews with people involved in the project. But the problems were not the FBI's alone. Because of an open-ended contract with few safeguards, SAIC reaped more than $100 million as the project became bigger and more complicated, even though its software never worked properly. The company continued to meet the bureau's requests, accepting payments despite clear signs that the FBI's approach to the project was badly flawed, according to people who were involved in the project or later reviewed it for the government. Lawmakers and experts have faulted the FBI for its part in the failed project. But less attention has been paid to the role that the contractor played in contributing to the problems. A previously unreleased audit -- completed in 2005 and obtained by The Washington Post -- found that the system delivered by SAIC was so incomplete and unusable that it left the FBI with little choice but to scuttle the effort altogether. David Kay, a former SAIC senior vice president who did not work on the program but closely watched its development, said the company knew the FBI's plans were going awry but did not insist on changes because the bureau continued to pay the bills as the work piled up. "SAIC was at fault because of the usual contractor reluctance to tell the customer, 'You're screwed up. You don't know what you're doing. This project is going to fail because you're not managing your side of the equation,' " said Kay, who later became the chief U.S. weapons inspector in Iraq. "There was no one to tell the government that they were asking the impossible. And they weren't going to get the impossible." Mueller's inability to successfully implement VCF marks one of the low points of his nearly five-year tenure as FBI director, and he has accepted some of the blame. "I did not do the things I should have done to make sure that was a success," he told reporters last month. SAIC declined three requests for comment. The company told Congress last year that it tried to warn the FBI that its "trial and error" approach to the project would not work, but it said it may not have been forceful enough with the bureau. Whoever is at fault, five years after the Sept. 11, 2001, terrorist attacks and more than $600 million later, agents still rely largely on the paper reports and file cabinets used since federal agents began chasing gangsters in the 1920s. 1980s Technology Even before the Sept. 11 attacks, the FBI had developed a plan, Trilogy, to address its chronic technology problems. The program was made up of three main components: a new computer network, thousands of new personal computer stations and, at its heart, the software system that would come to be known as VCF. The FBI wanted its agents to work in a largely paperless environment, able to search files, pull up photos and scan for information at their own PCs. The old system was based on fusty mainframe technology, with a text-only "green screen" that had to be searched by keywords and could not store or display graphics, photos or scanned copies of reports. What's more, most employees had no PCs. They relied instead on shared computers for access to the Internet and e-mail. A type of memo called an electronic communication had to be printed out on paper and signed by a supervisor before it was sent. Uploading a single document took 12 steps. The setup was so cumbersome that many agents stopped using it, preferring to rely on paper and secretaries. Technologically, the FBI was trapped in the 1980s, if not earlier. "Getting information into or out of the system is a challenge," said Greg Gandolfo, who spent most of his 18-year FBI career investigating financial crimes and public corruption cases in Chicago, Little Rock and Los Angeles. "It's not like 'Here it is, click' and it's in there. It takes a whole series of steps and screens to go through." Gandolfo, who now heads a unit at FBI headquarters that fields computer complaints, said the biggest drawback is the amount of time it takes to handle paperwork and input data. "From the case agent's point of view, you want to be freed up to do the casework, to do the investigations, to do the intelligence," he said. At the start, the software project had relatively modest goals -- and much lower costs. When SAIC beat out four competitors to win the contract in June 2001, the company said it would be earning $14 million in the first year of a three-year deal to update the FBI's case-management system. For SAIC, the contract was relatively minor. The firm, owned by 40,000 employee shareholders, is one of the nation's largest government contractors. The 2001 attacks were a boon to its fortunes, helping to boost its annual revenue, now more than $7 billion. At the FBI, the impact of the attacks was equally significant but certainly less auspicious. As revelations emerged that the bureau had missed clues that could have revealed the plot, its image suffered. Its long-outdated information technology systems drew particular scrutiny. "Prior to 9/11, the FBI did not have an adequate ability to know what it knew," a report by the staff of the Sept. 11 commission concluded. "The FBI's primary information management system, designed using 1980s technology already obsolete when installed in 1995, limited the Bureau's ability to share its information internally and externally." The problems continued to hamper the bureau after the attacks as well: To transmit photographs of the 19 Sept. 11 hijackers and other suspects to field offices, headquarters had to fax copies or send compact discs by mail, because the system would not allow them to e-mail a photo securely. In the months after the terrorist attacks, overhauling the case-management system became one of the bureau's top priorities. Deadlines were moved up, requirements grew, and costs ballooned. Along the way, the FBI made a fateful choice: It wanted SAIC to build the new software system from scratch rather than modifying commercially available, off-the-shelf software. Later, the company would say the FBI made that decision independently; FBI officials countered that SAIC pushed them into it. More than two years after Sept. 11, when a team of researchers from the National Research Council showed up to review the status of Trilogy, FBI officials assured them that the bureau had made great strides. That was true in part: By early 2004, two of the three main pillars of the program -- thousands of new PCs and an integrated hardware network -- were well on the way to being delivered and installed. But, as the researchers soon learned, the heart of the makeover, VCF, remained badly off track. In its final report, in May 2004, the NRC team warned that the program was "currently not on a path to success." The review team from the NRC, which is affiliated with the National Academy of Sciences, was made up of more than a dozen scientists and engineers from top universities and leading technology companies, all of them independent of the FBI and its contractors. The report observed that the rollout of the new case-management software had been poorly planned nearly from the beginning. Months after the program was supposed to be complete, it remained riddled with shortcomings: ? Agents would not be able to take copies of their cases into the field for reference. ? The program lacked common features, such as bookmarking or histories, that would help agents navigate through millions of files. ? The system could not properly sort data. ? Most important, the FBI planned to launch the new software all at once, with minimal testing beforehand. Doing so, the NRC team concluded, could cause "mission-disruptive failures" if the software did not work, because the FBI had no backup plan. "That was a little bit horrifying," said Matt Blaze, a professor of computer science at the University of Pennsylvania and a member of the review team. "A bunch of us were planning on committing a crime spree the day they switched over. If the new system didn't work, it would have just put the FBI out of business." The NRC team found plenty of blame to go around, starting with the FBI itself. Like many government agencies, the bureau had been drained of much of its top talent as skilled managers left for the higher salaries and reduced bureaucracy of the private sector. By 2001, when the VCF program was born, the FBI had few people in house with the expertise to develop the kind of sophisticated information technology systems that it would need. As a result, the agency had been turning increasingly to private contractors for help, a process that only hastened the flow of talent out the door at FBI headquarters. "In essence, the FBI has left the task of defining and identifying its essential operational processes and its IT concept of operations to outsiders," the NRC researchers concluded. "The FBI lacks experienced IT program managers and contract managers, which has made it unable to deal aggressively or effectively with its contractors." Daniel Guttman, a fellow at Johns Hopkins University who specializes in government contracting law, said: "This case just shows the government doesn't have a clue. Yet the legal fiction is that the government knows what it's doing and is capable of taking charge. The contractors are taking advantage of that legal fiction." In the end, the FBI's failure to police the contractors would lead to disastrous results. After the disappointing preview of VCF in late 2003 by Azmi, who was then an adviser to Mueller tasked with reviewing the system, the FBI scrambled to rescue the project. The Aerospace Corp., a federally funded research-and-development firm in El Segundo, Calif., was hired for $2 million in June 2004 to review the program and come up with a "corrective action plan." The conclusion: SAIC had so badly bungled the project that it should be abandoned. In a 318-page report, completed in January 2005 and obtained by The Post under the Freedom of Information Act, Aerospace said the SAIC software was incomplete, inadequate and so poorly designed that it would be essentially unusable under real-world conditions. Even in rudimentary tests, the system did not comply with basic requirements, the report said. It did not include network-management or archiving systems -- a failing that would put crucial law enforcement and national security data at risk, according to the report. "From the documents that define the system at the highest level, down through the software design and into the source code itself, Aerospace discovered evidence of incompleteness, lack of follow-through, failure to optimize and missing documentation," the report said. Others joined Aerospace in highlighting SAIC's role in the failure. The NRC report complains that the contractor dealt with Trilogy as a "business as usual" program, without regard to its importance to national security. Matthew Patton, a programmer who worked on the contract for SAIC, said the company seemed to make no attempts to control costs. It kept 200 programmers on staff doing "make work," he said, when a couple of dozen would have been enough. The company's attitude was that "it's other people's money, so they'll burn it every which way they want to," he said. Patton, a specialist in IT security, became nervous at one point that the project did not have sufficient safeguards. But he said his bosses had little interest. "Would the product actually work? Would it help agents do their jobs? I don't think anyone on the SAIC side cared about that," said Patton, who was removed from the project after three months when he posted his concerns online. Azmi said that "in terms of having a lot of money, we were just coming out of 9/11, and at that time there was a lot of pressure on the FBI to develop capabilities for storing information and actually, for lack of better words, connecting the dots. If SAIC took advantage of that, I would say shame on them." Mueller has also criticized SAIC, telling Congress that the software it produced "was not what it should be in order to make it the effective tool for the FBI, and it requires us now to go a different route." One FBI manager estimated that the scope of the Trilogy project as a whole expanded by 80 percent since it began, according to a February 2005 report by Justice Department Inspector General Glenn A. Fine. SAIC has consistently said that it was trying to meet the FBI's needs but that its efforts were undermined by the bureau's chronic indecision. Executive Vice President Arnold Punaro submitted testimony to Congress in February 2005 citing 19 government personnel changes in three years that kept the program's direction in flux. FBI officials, he said, took a "trial and error, 'we will know it when we see it' approach to development." Punaro said the company warned bureau officials that such a method would not work, but he acknowledged that SAIC did not do enough to get the FBI's attention. "We clearly failed to get the cumulative effect of these changes across to the FBI consumer," he said. Punaro also faulted Aerospace, saying that its study was based on an earlier version of VCF software and that the firm "did not bring a sufficient understanding of the uniqueness, complexity and scope of the FBI undertaking to evaluate our product." Starting Over, Again By 2004, even as the news grew worse behind the scenes, FBI officials struggled to put an optimistic spin on their software upgrade. In March, testifying before a House subcommittee, Mueller said that the FBI had experienced "a delay with the contractor" but that the problem had been "righted." He said he expected that "the last piece of Virtual Case File would be in by this summer." Two months later, Azmi -- who had been named the bureau's chief information officer -- pushed back the estimate further, predicting that SAIC would deliver the product in December. But the problems continued to mount. The FBI and SAIC feuded over change orders, system requirements and other issues, according to an investigative report later prepared for the House Appropriations Committee. The FBI also went ahead with a $17 million testing program for the system, one of many missed opportunities to cut its losses, according to the House report. Azmi defends the attempt to save VCF and calls the decision to abandon it in early 2005 "probably the toughest" of his career. The decision to kill VCF meant that the FBI's 30,000-plus employees, including more than 12,000 special agents, had to continue to rely on an "obsolete" information system that put them at "a severe disadvantage in performing their duties," according to the report by Fine, of the Justice Department. "The urgent need within the FBI to create, organize, share and analyze investigative leads and case files on an ongoing basis remains unmet," Fine's office concluded. Maureen Baginski, the FBI's former executive assistant director of intelligence, said the lack of a modern case-management system could hurt the bureau when time is of the essence. Agents and analysts need the new system, she said, to quickly make connections across cases -- especially when they are tackling complex challenges such as unraveling a terrorist plot. Last year, FBI officials announced a replacement for VCF, named Sentinel, that is projected to cost $425 million and will not be fully operational until 2009. A temporary overlay version of the software, however, is planned for launch next year. The project's main contractor, Lockheed Martin Corp., will be paid $305 million and will be required to meet benchmarks as the project proceeds. FBI officials say Sentinel has survived three review sessions and is on budget and on schedule. SAIC is not involved. FBI officials say they are awaiting an audit by a federal contracting agency before deciding whether to attempt to recoup costs from the company. In a follow-up to its reviews, Fine's office warned in March that the FBI is at risk of repeating its mistakes with Sentinel because of management turnover and weak financial controls. But Azmi and other FBI officials say Sentinel is designed to be everything VCF was not, with specific requirements, regular milestones and aggressive oversight. Randolph Hite, who is reviewing the program for the Government Accountability Office, said: "When you do a program like this, you need to apply a level of rigor and discipline that's very high. That wasn't inherent in VCF. My sense is that it is inherent in Sentinel." But no one really knows how much longer the bureau can afford to wait. "We had information that could have stopped 9/11," said Sen. Patrick J. Leahy (Vt.), the ranking Democrat on the Senate Judiciary Committee. "It was sitting there and was not acted upon. . . . I haven't seen them correct the problems. . . . We might be in the 22nd century before we get the 21st-century technology." ? 2006 The Washington Post Company From rforno at infowarrior.org Sat Aug 19 10:45:05 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 19 Aug 2006 10:45:05 -0400 Subject: [Infowarrior] - RIAA takes on "schoolyard piracy" (and a great Baiinwol soundbyte) Message-ID: I wonder when playgrounds and song-swapping between classmates becomes linked to terrorism and child pron. These folks -- the RIAA and MPAA -- obviously NEED someone to go after, otherwise they'll go out of business.....they NEED an enemy....or at least, a boogeyman.... < - > Those figures are a big problem for the Recording Industry Association of America and the Motion Picture Association of America, both of which have spent millions of dollars to deter copying of any kind. The music industry now considers so-called "schoolyard" piracy -- copies of physical discs given to friends and classmates -- a greater threat than illegal peer-to-peer downloading, according to the RIAA. Similarly, an MPAA spokesperson said that in the U.S. copying and reproducing DVDs is a bigger problem than illegal downloading of movies. < - > http://www.orlandosentinel.com/features/lifestyle/orl-pollmusic0906aug09,0,3 450772.story?coll=orl-living-headlines ...but this one takes the cake for blatant misrepresentation....."We've made substantial progress educating people that downloading copyrighted music for free is illegal," says Mitch Bainwol, RIAA chairman. Ummm --- you can copyright music and make it available for free and LEGAL downloading, you know. While I have copyrighted all my articles, they are free for all to use/republish/redistribute...I make no money from them. Yet again, we see industry association cluebats equtating "downloading copyrighted music for free" with illegality. Idiots. -rf From rforno at infowarrior.org Sat Aug 19 23:57:26 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 19 Aug 2006 23:57:26 -0400 Subject: [Infowarrior] - LA opens JRIC fusion center Message-ID: Sleek snoop center still leans on human factor By Joris Evers http://news.com.com/Sleek+snoop+center+still+leans+on+human+factor/2100-7350 _3-6107464.html Story last modified Sat Aug 19 17:20:50 PDT 2006 NORWALK, Calif.--A new law enforcement center--quite possibly the best real-world likeness of the fictitious high-tech "Counter Terrorist Unit" in the popular show "24"--relies on a surprisingly low-tech feature: low cubicle walls. Located in the Los Angeles suburb of Norwalk, the first-of-its-kind Joint Regional Intelligence Center joins federal, state and local law enforcement in one facility as part of a post-9/11 effort to improve law enforcement collaboration. Analysts and investigators at the center handle intelligence from the various agencies on potential threats to national security, in particular terrorism, and correlate the data. JRIC "We are connecting the dots," Michael Chertoff, secretary of the U.S. Department of Homeland Security, said on Friday after touring the recently opened center. The facility--housed in a nondescript office building in suburbia, near fast-food restaurants and bland government offices--is equipped with some $2 million worth of technology, including numerous projectors that display onto walls maps, information on terrorists, and other data from public and nonpublic sources. Yet despite all the high-tech eye candy, JRIC relies on people for data-sharing. "Technology enables us to analyze a lot of information quickly and get access quickly," Chertoff said. "But the human element is important here." JRIC is the first of 38 such centers meant to prevent potentially valuable intelligence from going unnoticed, Chertoff said. Intelligence agencies have worked together in the past, but not at this scale, JRIC participants said. At JRIC, pronounced "jay-rick," data such as tips and field reports from a multitude of agencies is analyzed to identify patterns and trends. Agencies that are part of JRIC include the U.S. Federal Bureau of Investigation, Los Angeles Police Department, Los Angeles Sherriff's Department and the Department of Homeland Security. Recently, JRIC staffers worked long hours after a suspected terror plot to blow up transatlantic airliners was unraveled. The center operated extended hours, from 5 a.m. Pacific until midnight, some JRIC employees said. It will become a 24/7 operation in the future. Currently some 30 analysts and investigators are in place at JRIC. Eventually, the center will house around 60 people from about 15 agencies. Click here to Play Video: Behind the scenes at JRIC CNET News.com's Joris Evers gets inside the first Joint Regional Intelligence Center, whose workforce is drawn from the FBI, Homeland Security and regional agencies. "For law enforcement this is cutting-edge," Stanley Salas, a section chief at JRIC and a detective with the Los Angeles Police Department, said in an interview. "We're cops, we're used to arresting people, not building places like this." Individuals at the center represent their own agencies and are tapped into their own data sources. There is no universal access to multiple data sources. People have to make the information-sharing happen, so everyone is put together in an open bullpen instead of cloistered cubicles. There is a vision for JRIC to unify all data from the various agencies in a single database and offer broad access to personnel, but that doesn't exist today. That's not because of technical limitations, but because of red tape and access restrictions, said Mario Cruz, technology director at JRIC. "Today we do not have a logical connection (between different agency databases); right now it is the people," he said. The various agencies involved need to agree on protocols for sharing their data, and that may take a while. "We always have the tech answers and solutions in place before the actual agreements have been hammered out," Cruz said. As a result, Gregory Hisel, a battalion chief for the Los Angeles County Fire Department stationed at JRIC, has access to his department's dispatch system, but others at JRIC don't. "Technology has not eliminated the need for physical contact," he said. "It is more important that we've come together under one roof." As another example, the FBI has access to its classified network of information at JRIC, but only in a separate room off the main floor that requires special clearance. "Kiefer Sutherland runs through here all the time," joked one JRIC analyst, referring to the actor who plays agent Jack Bauer on "24." The "multimedia boards" that display on walls crucial information are also used to present and share information, Hisel said. "We use them on a daily basis," he said. A collection of flat-panel TVs hanging from the ceiling shows news channels, including the Arab network Aljazeera. Each workstation has a high-end Windows PC, two flat-panel screens and a voice over Internet Protocol phone. A terabyte of storage capacity is available for intelligence data. New systems should make the gathering of intelligence, analysis and case management easier. One of those was designed by Memex, a company Cruz worked for prior to joining JRIC. Memex has also helped Scotland Yard in England and sells tools for intelligence management and analysis. The network has multiple layers of security and also utilizes encryption, Cruz said. The building has backup power to keep it up and running should there be a power failure. A backup facility that mirrors JRIC has been set up at the Los Angeles Police Department, should the entire building go down, Salas said. Chertoff made a quick pitch for more intelligence analysts, especially those with language skills. To fuel cooperation between the different agencies, representatives at JRIC might be managed by somebody from another agency. For example, a Los Angeles Police Department staffer could report to an FBI agent, a JRIC representative said. JRIC aims to prevent terrorist strikes and combat crime in a 44,000-square mile territory surrounding Los Angeles, a region that spans seven counties and encompasses 18 million people. Some potential high-profile terror targets in the area include Los Angeles International Airport and the Long Beach port. "This area is a very significant target of opportunity for terrorists," said Los Angeles Mayor Antonio Villaraigosa, who also visited the JRIC on Friday. Besides the goal of improved intelligence analysis, the facility is meant to help eliminate duplication in effort and speed information flow. It all comes down to old-fashioned police work, Salas said. "Technology is fun, but we could do this on index cards, if we had to do it and had the right information." Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Sun Aug 20 00:46:42 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Aug 2006 00:46:42 -0400 Subject: [Infowarrior] - Quasi-OT: Writing Off Reading In-Reply-To: Message-ID: (xposted to Questor and infowarrior-l) Somewhat off topic, but I think there are enough folks present on this list who might find this article interesting, if not also a bit disturbing. -rf Writing Off Reading By Michael Skube Sunday, August 20, 2006; B03 http://www.washingtonpost.com/wp-dyn/content/article/2006/08/18/AR2006081800 976_pf.html We were talking informally in class not long ago, 17 college sophomores and I, and on a whim I asked who some of their favorite writers are. The question hung in uneasy silence. At length, a voice in the rear hesitantly volunteered the name of . . . Dan Brown. No other names were offered. The author of "The DaVinci Code" was not just the best writer they could think of; he was the only writer they could think of. In our better private universities and flagship state schools today, it's hard to find a student who graduated from high school with much lower than a 3.5 GPA, and not uncommon to find students whose GPAs were 4.0 or higher. They somehow got these suspect grades without having read much. Or if they did read, they've given it up. And it shows -- in their writing and even in their conversation. A few years ago, I began keeping a list of everyday words that may as well have been potholes in exchanges with college students. It began with a fellow who was two months away from graduating from a well-respected Midwestern university. "And what was the impetus for that?" I asked as he finished a presentation. At the word "impetus" his head snapped sideways, as if by reflex. "The what?" he asked. "The impetus. What gave rise to it? What prompted it?" I wouldn't have guessed that impetus was a 25-cent word. But I also wouldn't have guessed that "ramshackle" and "lucid" were exactly recondite, either. I've had to explain both. You can be dead certain that today's college students carry a weekly planner. But they may or may not own a dictionary, and if they do own one, it doesn't get much use. ("Why do you need a dictionary when you can just go online?" more than one student has asked me.) You may be surprised -- and dismayed -- by some of the words on my list. "Advocate," for example. Neither the verb nor the noun was immediately clear to students who had graduated from high school with GPAs above 3.5. A few others: "Derelict," as in neglectful. "Satire," as in a literary form. "Pith," as in the heart of the matter. "Brevity," as in the quality of being succinct. And my favorite: "Novel," as in new and as a literary form. College students nowadays call any book, fact or fiction, a novel. I have no idea why this is, but I first became acquainted with the peculiarity when a senior at one of the country's better state universities wrote a paper in which she referred to "The Prince" as "Machiavelli's novel." As freshmen start showing up for classes this month, colleges will have a new influx of high school graduates with gilded GPAs, and it won't be long before one professor whispers to another: Did no one teach these kids basic English? The unhappy truth is that many students are hard-pressed to string together coherent sentences, to tell a pronoun from a preposition, even to distinguish between "then" and "than." Yet they got A's. How does one explain the inability of college students to read or write at even a high school level? One explanation, which owes as much to the culture as to the schools, is that kids don't read for pleasure. And because they don't read, they are less able to navigate the language. If words are the coin of their thought, they're working with little more than pocket change. Say this -- but no more -- for the Bush administration's No Child Left Behind Act: It at least recognizes the problem. What we're graduating from our high schools isn't college material. Sometimes it isn't even good high school material. When students with A averages can't write simple English, it shouldn't be surprising that people ask what a high school diploma is really worth. In California this year, hundreds of high school students, many with good grades, faced the prospect of not graduating because they could not pass a state-mandated exit exam. Although a judge overturned the effort, legislators (not always so literate themselves) in other states have also called for exit exams. It's hardly unreasonable to ask that students demonstrate a minimum competency in basic subjects, especially English. Exit exams have become almost a necessity because the GPA is not to be trusted. In my experience, a high SAT score is far more reliable than a high GPA -- more indicative of quickness and acuity, and more reflective of familiarity with language and ideas. College admissions specialists are of a different view and are apt to label the student with high SAT scores but mediocre grades unmotivated, even lazy. I'll take that student any day. I've known such students. They may have been bored in high school but they read widely and without prodding from a parent. And they could have nominated a few favorite writers besides Dan Brown -- even if they thoroughly enjoyed "The DaVinci Code." I suspect they would have understood the point I tried unsuccessfully to make once when I quoted Joseph Pulitzer to my students. It is journalism's job, he said, to comfort the afflicted and afflict the comfortable. Too obvious, you think? I might have thought so myself -- if the words "afflicted" and "afflict" hadn't stumped the whole class. mskube at elon.edu Michael Skube teaches journalism at Elon University in Elon, N.C. From rforno at infowarrior.org Sun Aug 20 00:59:14 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Aug 2006 00:59:14 -0400 Subject: [Infowarrior] - As Virtual Universes Grow, So Do Ranks of the Game-Obsessed Message-ID: Lost in an Online Fantasy World As Virtual Universes Grow, So Do Ranks of the Game-Obsessed http://www.washingtonpost.com/wp-dyn/content/article/2006/08/17/AR2006081700 625_pf.html By Olga Khazan Special to washingtonpost.com Friday, August 18, 2006; 3:52 PM They are war heroes, leading legions into battle through intricately designed realms. They can be sorcerers or space pilots, their identities woven into a world so captivating, it is too incredible to ever leave. Unfortunately, some of them don't. Video games have often been portrayed as violence-ridden vehicles for teen angst. But after 10 people in South Korea -- mostly teenagers and young adults -- died last year from game-addiction causes, including one man who collapsed in an Internet cafe after playing an online game for 50 hours with few breaks, some began to see a new technological threat. Participation in massively multiplayer online role-playing games, also called MMORPGs or MMOs, has skyrocketed from less than a million subscribers in the late 1990s to more than 13 million worldwide in 2006. With each new game boasting even more spectacular and immersive adventures, new ranks of gamers are drawn to their riveting story lines. Like gambling, pornography or any other psychological stimulant, these games have the potential to thrill, engross and completely overwhelm. The most widely played MMO, Blizzard Entertainment's World of Warcraft, has 6.5 million players worldwide, most of whom play 20 to 22 hours per week. Thousands can be logged in simultaneously to four different WoW servers (each its own self-contained "realm"), interacting with players across the globe in a vast virtual fantasy setting full of pitched battles and other violent adventures. Brady Mapes, a 24-year-old computer programmer from Gaithersburg, Md., and an avid WoW fan, calls it a "highly addictive game -- it sucks the life out of you." An MMO differs from an offline game in that the game world evolves constantly as each players' actions directly or indirectly influence the lives of other players' characters. In WoW, players can simply attack one another, interact with the environment, or role-play in more complex relationships. More time playing means greater virtual wealth and status, as well as access to higher game levels and more-exciting content. In addition, online gamers can join teams or groups (called "guilds" in WoW) that tackle game challenges cooperatively. Fellow team members see membership as a commitment and expect participation in virtual raids and other joint activities. The constant interaction with other players can lead to friendships and personal connections. 'All I Could Think About Was Playing' "The main reason people are playing is because there are other people out there," said Dmitri Williams, an assistant professor at the University of Illinois at Urbana-Champaign, who has researched the social impacts of MMOs. "People know your name, they share your interests, they miss you when you leave." As MMO fan sites filled with raving gamers proliferate, so have online-addiction help blogs, where desperate recluses and gamers' neglected spouses search for a way out. "I don't want to do everything with [my husband], but it would be nice to have a meaningful conversation once in awhile," writes one pregnant wife on Everquest Daily Grind, a blog for those affected by excessive use of another popular fantasy MMO. "He does not have much interest in the baby so far, and I am worried that after it is born, he will remain the same while I am struggling to work and take care of the baby." Another gamer writes that she was angry at her boyfriend for introducing her to online gaming, which began consuming her life at the expense of her personal and academic well-being. "But I think deleting [your] character doesn't work, because the game haunts you," she said. "All I could think about was playing." Kimberly Young, who has treated porn and chat-room addicts since 1994 at her Center for Internet Addiction Recovery, said that in the past year video game fixation has grown more than anything else. "In MMOs, people lead wars and receive a lot of recognition," Young said. "It's hard to stop and go clean your room. Real life is much less interesting." The trend echoes across the continents, with game-addiction treatment centers cropping up in China in 2005 and this summer in Amsterdam. In South Korea, where 70 percent of the population has broadband Internet access, the Korea Agency for Digital Opportunity offers government-funded counseling for the game-hooked. 'The Real World Gets Worse' The games are set up to be lengthy, with a quest taking six hours or more to complete. The organization of players into cooperative teams creates a middle-school-esque atmosphere of constant peer pressure. "You're letting other people down if you quit," Young said. "If you are good, the respect becomes directly reinforcing." According to research performed by Nick Yee, a Stanford graduate student and creator of the Daedalus Project, an online survey of more than 40,000 MMO players, the average player is 26 years old; most hold full-time jobs. Seventy percent have played for 10 hours straight at some point, and about 45 percent would describe themselves as "addicted." Yee believes escapism to be the best predictor of excessive gaming. A person who plays MMOs in order to avoid real-life problems, rather than simply for entertainment or socialization, is more likely to experience what he calls "problematic usage." "People feel like they lack control in real life, and the game gives them a social status and value that they are less and less able to achieve in the real world," Yee said. "As a result, the real world gets worse and the virtual world gets better in comparison." Liz Woolley, a Wisconsin software analyst and veteran of Alcoholics Anonymous, founded Online Gamers Anonymous in May 2002 by adapting AA's 12-step addiction recovery model to help gamers quit cold-turkey. Woolley recommends getting professional help for underlying issues and finding other hobbies and real-world activities to replace gaming. "Addicts want to live in a fantasy life because you can't do a 'do-over' in real life," she said. "It can be hard to accept. You have to let them know, 'Hey, this is real life. Learn to deal with it.'" 'Every Player Has a Choice' "People are reluctant to point a finger at themselves," said Jason Della Rocca, executive director of the International Game Developers Association. Excessive use "is a reflection of friction in that person's life. They shouldn't use the game as a scapegoat." Casual gamers may find it difficult to advance to the game's highest levels in the face of more dedicated rivals, such as Mapes, the Gaithersburg WoW fan, whose highest-level warrior character is a force to be reckoned with. "If I go up against someone who only plays for one to two hours, I'll decimate them," he said. "There are other games out there if you only want to play a couple hours at a time." That dedication sometimes pushes Mapes to see the game as more of a chore than a pastime. "Sometimes I realize that I'm not having any fun, but I just can't stop," he said. Several of the MMO researchers interviewed for this story pointed out that many game companies employ psychologists who analyze the games and suggest ways to make them easier to play over long stretches of time. Della Rocca argues that because online games' monthly subscription rates remain constant regardless of how many hours a subscriber spends on the network, developers profit less when gamers play more intensively. The psychologists "monitor subjects playing the games in order to eliminate flaws and points of frustration," Della Rocca said. "The notion that we are trying to seduce gamers is a fabrication of people who don't understand how games are developed." Since Blizzard Entertainment released WoW in 2004, calls to Online Gamers Anonymous have more than tripled, according to Woolley, who said the industry is directly at fault for the suffering of the people she tries to help. "I think the game companies are nothing more than drug pushers," she said. "If I was a parent, I wouldn't let them in my house. It's like dropping your kids off at a bar and leaving them there." The signs of excessive MMO use are similar to those of alcoholism or any other dependency -- tolerance, withdrawal, lying or covering up, to name a few. However, many in the industry are hesitant to call it an addiction because, in the case of MMOs, the nature of the problem is based on how it affects the user's life, not the amount of time spent playing. According to tvturnoff.org, Americans spend an average of 28 hours a week watching television, a fact that has yet to spawn a bevy of dependence clinics. "If a person was reading novels excessively, we'd be less likely to call that 'addiction' because we value reading as culture," said the University of Illinois's Williams. "We see game play as frivolous due to our Protestant work ethic. There's plenty of anecdotal evidence out there to suggest this is a problem, but it's not the role of science to guess or bet." Mapes, who has played other engrossing titles such as Medal of Honor and Diablo and eventually set them aside, said the decision to control excessive gaming is one any player can make. "Ultimately, every player has a choice to stop," he said. "I've stopped before, and I've seen other people stop if they get burned out." 'No One Was Talking About It' Woolley disagrees, especially after witnessing the bitter outcome of her son's Everquest obsession. Shawn had played online games before, so she didn't suspect anything different when he picked up the newest MMO from Sony. Within months, Woolley said, Shawn withdrew from society, losing his job and apartment and moving back home to live a virtual life he found more fulfilling. After a number of game-induced grand mal seizures sent Shawn, who was epileptic, to the emergency room repeatedly, he chose to pay ambulance bills rather than stop playing. The medical professionals he saw treated his external symptoms but dismissed his gaming condition. "They told me, 'Be glad he's not addicted to something worse, like drugs,' and sent him home," Woolley said. On Thanksgiving Day 2001, Woolley found 21-year-old Shawn dead in front of his computer after having committed suicide. Everquest was on the screen. Readers' responses to an article written about the incident in a local Wisconsin paper poured in, and the national attention Shawn's story subsequently received prompted Woolley to start up a self-help Web site. In the four years since its launch, Online Gamers Anonymous (http://www.olganon.org/) has had 125 million hits and registered more than 2,000 members, Woolley said. "I realized that gaming addiction was an underground epidemic affecting thousands of people, but no one was talking about it," she said. "I wasn't worried about pressure from the gaming industry. I thought, 'You already took my kid, you can't take anything else.'" From rforno at infowarrior.org Sun Aug 20 13:10:55 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Aug 2006 13:10:55 -0400 Subject: [Infowarrior] - Experts Fault Reasoning in Surveillance Decision In-Reply-To: Message-ID: From: Monty http://www.nytimes.com/2006/08/19/washington/19ruling.html Experts Fault Reasoning in Surveillance Decision By ADAM LIPTAK The New York Times August 19, 2006 Even legal experts who agreed with a federal judge's conclusion on Thursday that a National Security Agency surveillance program is unlawful were distancing themselves from the decision's reasoning and rhetoric yesterday. They said the opinion overlooked important precedents, failed to engage the government's major arguments, used circular reasoning, substituted passion for analysis and did not even offer the best reasons for its own conclusions. Discomfort with the quality of the decision is almost universal, said Howard J. Bashman, a Pennsylvania lawyer whose Web log provides comprehensive and nonpartisan reports on legal developments. "It does appear," Mr. Bashman said, "that folks on all sides of the spectrum, both those who support it and those who oppose it, say the decision is not strongly grounded in legal authority." The main problems, scholars sympathetic to the decision's bottom line said, is that the judge, Anna Diggs Taylor, relied on novel and questionable constitutional arguments when more straightforward statutory ones were available. She ruled, for instance, that the program, which eavesdrops without court permission on international communications of people in the United States, violated the First Amendment because it might have chilled the speech of people who feared they might have been monitored. That ruling is "rather innovative" and "not a particularly good argument," Jack Balkin, a law professor at Yale who believes the program is illegal, wrote on his Web log. Judge Taylor also ruled that the program violated the Fourth Amendment's ban on unreasonable searches and seizures. But scholars said she failed to take account of the so-called "special needs" exception to the amendment's requirement that the government obtain a warrant before engaging in some surveillance unrelated to routine law enforcement. "It's just a few pages of general ruminations about the Fourth Amendment, much of it incomplete and some of it simply incorrect," Orin S. Kerr, a law professor at George Washington University who believes the administration's legal justifications for the program are weak, said of Judge Taylor's Fourth Amendment analysis on a Web log called the Volokh Conspiracy. Judge Taylor gave less attention to the more modest statutory argument that has been widely advanced by critics of the program. They say that it violates a 1978 law requiring warrants from a secret court and that neither a 2001 Congressional authorization to use military force against Al Qaeda nor the president's constitutional authority allowed the administration to ignore the law. A recent Supreme Court decision strengthened that argument. Judge Taylor did not cite it. Some scholars speculated that Judge Taylor, of the Federal District Court in Detroit, may have rushed her decision lest the case be consolidated with several others now pending in federal court in San Francisco or moved to a specialized court in Washington as contemplated by pending legislation. Judge Taylor heard the last set of arguments in the case a little more than a month ago. The decision has been appealed, and legal scholars said Judge Taylor had done the American Civil Liberties Union, which represents the plaintiffs, few favors beyond handing it a victory. On the other hand, they added, the appeals court is bound to examine the legal arguments in the case afresh in any event. Indeed, Cass R. Sunstein, a law professor at the University of Chicago, predicted that the plaintiffs would win the case on appeal, but not for the reasons Judge Taylor gave. "The chances that the Bush program will be upheld are not none, but slim," Professor Sunstein said. "The chances that this judge's analysis will be adopted are also slim." Eugene Volokh, a law professor at the University of California, Los Angeles, who presides over the Volokh Conspiracy Web log and says he is skeptical of the legality of the wiretapping program, called the decision "not just ill-reasoned, but rhetorically ill-conceived." "If I were the A.C.L.U.," Professor Volokh said, "I would rather have a decision that came across as more-in-sorrow-than-in-anger and that was as deliberate, meticulous, thoughtful and studiously impartial as possible." Anthony Romero, the executive director of the A.C.L.U., said Judge Taylor's decision represented vindication of established limits on the scope of executive authority. "Ultimately," Mr. Romero said, "any doubts about the decision will be taken up on appeal by sitting federal judges rather than pundits or commentators." Judge Taylor, a longtime trial court judge who was appointed by President Jimmy Carter, enjoys a good reputation among lawyers who have appeared before her, according to anonymous comments collected by the Almanac of the Federal Judiciary. "Lawyers interviewed rated Taylor high in legal ability," the almanac concluded. The eight quoted comments ranged from enthusiastic ("She is smart as hell") to lukewarm ("She is competent"). Supporters of the program, disclosed by The New York Times in December, suggested that Judge Taylor's opinion was as good a way to lose as any. "It's hard to exaggerate how bad it is," said John R. Schmidt, a Justice Department official in the Clinton administration who says the program is legal. He pointed to Judge Taylor's failure to cite what he called several pertinent decisions, including one from the Foreign Intelligence Surveillance Court of Review in 2002 that said it took for granted that Congress "could not encroach on the president's constitutional power" to conduct warrantless surveillance to obtain foreign intelligence. The decision also failed to cite a Supreme Court decision in June helpful to the plaintiffs, a group of journalists, scholars, lawyers and nonprofit organizations. The decision, Hamdan v. Rumsfeld, struck down the administration's plans to try prisoners at Guant?namo Bay, Cuba, as war criminals. It was widely interpreted as a rebuke to the administration's expansive conception of executive power. "After Hamdan," Professor Sunstein said, "this program is not easy to defend." Professor Balkin said there was a rushed quality to Judge Taylor's decision, but he added that her reason for moving fast may have been the laudable one of assuring that more than one appeals court would have the opportunity to pass on the legality of the program. Martin S. Lederman, a former Justice Department official who believes the program is illegal, said he found the contrast between Justice John Paul Stevens's approach in Hamdan and Judge Taylor's in the wiretapping case telling. "Justice Stevens was criticized for not including sound bites and sweeping constitutional interpretation," Mr. Lederman said. Judge Taylor's decision, by contrast, he said, "was meant for headlines." Copyright 2006 The New York Times Company From rforno at infowarrior.org Sun Aug 20 13:33:42 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Aug 2006 13:33:42 -0400 Subject: [Infowarrior] - "Mid Air Dinner Menu" is "Breaking News?" - idiocy!! Message-ID: This is the onscreen graphic for MSNBC at the moment, and the funniest thing I've seen on television in a long time: "BREAKING NEWS: Ramsey suspect's mid-air dinner included pate and fried prawns." Truly, no detail is unimportant in the world of the 24-hour cable news networks. Please pardon my impertinence for saying this, but SO WHAT? (FYI, he'll be landing at about 9PM tonight -- I'm sure MSNBC and others will comment on how smoothly the plane hit the runway and what it might mean for the case if there is a prolonged taxi to the gate.) That said, for more astute insight into the developing MSM fiasco known a "Jon Benet" check out Arianna's latest piece at: http://www.huffingtonpost.com/arianna-huffington/its-news-right_b_27571.html But I think John Stewart said it best the other night: War and terrorist threats are all less important than a break in a 10 year old murder case. And that's just sad. -rf From rforno at infowarrior.org Sun Aug 20 21:32:32 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Aug 2006 21:32:32 -0400 Subject: [Infowarrior] - Cold War Missiles Target of New USG Blackout Message-ID: Cold War Missiles Target of Blackout Documents Altered To Conceal Data http://www.washingtonpost.com/wp-dyn/content/article/2006/08/20/AR2006082000 625_pf.html By Christopher Lee Washington Post Staff Writer Monday, August 21, 2006; A01 The Bush administration has begun designating as secret some information that the government long provided even to its enemy the former Soviet Union: the numbers of strategic weapons in the U.S. nuclear arsenal during the Cold War. The Pentagon and the Department of Energy are treating as national security secrets the historical totals of Minuteman, Titan II and other missiles, blacking out the information on previously public documents, according to a new report by the National Security Archive. The archive is a nonprofit research library housed at George Washington University. "It would be difficult to find more dramatic examples of unjustifiable secrecy than these decisions to classify the numbers of U.S. strategic weapons," wrote William Burr, a senior analyst at the archive who compiled the report. " . . . The Pentagon is now trying to keep secret numbers of strategic weapons that have never been classified before." The report comes at a time when the Bush administration's penchant for government secrecy has troubled researchers and bred controversy over agency efforts to withhold even seemingly innocuous information. The National Archives was embroiled in scandal during the spring when it was disclosed that the agency had for years kept secret a reclassification program under which the CIA, the Air Force and other agencies removed thousands of records from public shelves. One month after the Sept. 11, 2001, terrorist attacks, then-Attorney General John D. Ashcroft instructed federal agencies to be more mindful of national security when deciding whether to publicly release documents under the Freedom of Information Act. Last year, in a study of FOIA requests at 22 agencies from 2000 to 2004, the nonpartisan Coalition of Journalists for Open Government found that agencies cited reasons to withhold unclassified information 22 percent more often than before Ashcroft's directive. The administration's affinity for secrecy also was exemplified in its legal battle to withhold the names of oil company executives and others who attended meetings of a White House task force in 2001 that helped draft a national energy policy. More recently, President Bush has made clear his administration's willingness to prosecute individuals it believes unlawfully possess classified material. Maj. Patrick Ryder, a Pentagon spokesman, said officials strive to properly apply rules governing what should be classified and are researching why the missile information cited in the archive report was blacked out. The report was released Friday. "The Department of Defense takes the responsibility of classifying information seriously," Ryder said. "This includes classifying information at the lowest level possible." Bryan Wilkes, a spokesman for the National Nuclear Security Administration, a part of the Energy Department, said the Pentagon excised the missile numbers. Under a 1998 law, Wilkes's agency focuses on scrubbing declassified documents for sensitive U.S. nuclear weapons information that, in the wrong hands, could be used to harm Americans, he said. "It's not our call to do missile data," Wilkes said. "There's no question that current classified nuclear weapons data was out there that we had to take back," he added. "And in today's environment, where there is a great deal of concern about rogue nations or terrorist groups getting access to nuclear weapons, this makes a lot of sense." Archive officials say the Pentagon was using guidelines developed by the Energy Department in blacking out the missile data. During the Cold War, the United States devoted substantial manpower and money to counting Soviet missiles, experts said. At the same time, U.S. officials sometimes were quite open about the number of American missiles, using the data to illustrate the deterrent power of the U.S. nuclear arsenal and to make the case for more defense spending. Indeed, such numbers were routinely disclosed in annual reports to Capitol Hill by secretaries of defense dating to at least the 1960s, according to Burr. In a 1971 appearance before the House Armed Services Committee, for instance, Defense Secretary Melvin R. Laird offered a toaster-shaped chart showing, among other things, that the United States had 30 strategic bomber squadrons, 54 Titan intercontinental ballistic missiles and 1,000 Minuteman missiles. Those numbers, made public on March 9, 1971, are redacted in a copy of the chart obtained by the archive's researchers in January as part of a declassified government history of the U.S. air and missile defense system, according to archive officials. "It's yet another example of silly secrecy," said Thomas Blanton, the archive's director. In another case, Burr cited two declassified copies of a 75-page memo on military policy issues that Defense Secretary Robert S. McNamara sent to President Lyndon Johnson in 1964, one obtained from the National Archives in 1999 and the other from the Pentagon this year. In the 2006 copy, Pentagon reviewers blacked out numbers that were left untouched in the earlier version, including the number of ballistic missile launchers and the number of heavy bombers the United States expected to have in 1965, 1967 and 1970. (Comparative numbers for the Soviet Union were left alone.) Burr also compared two copies of a memo that Secretary of State Henry Kissinger wrote for President Gerald R. Ford for a 1974 National Security Council meeting on arms control negotiations. One copy, obtained from the NSC through a Freedom of Information Act request in 1999, has visible references to "200 older B-52 bombers" and 240 Trident missiles, among other weapons data. In the second copy, released by the Gerald R. Ford Library in May 2006, such information is blacked out -- as is similar data for the Soviet Union. Experts say there is no national security reason for the administration to keep such historical information under wraps -- especially when it has been publicly available for years. Robert S. Norris, a senior research associate at the Natural Resources Defense Council, said U.S. officials handed more detailed accounts of the U.S. nuclear arsenal over to the Soviets as part of the two Strategic Arms Reduction Treaties (START) and the two Strategic Arms Limitation Talks (SALT) agreements in the 1970s, 1980s and early 1990s. "Is that now going to be reclassified?" asked Norris. "I would say that the horse is out of the barn and they are only making themselves look ridiculous. At someone's direction, declassification reviewers have gotten carried away and are applying the rather vague and open-ended guidelines to the point of absurdity." Steven Aftergood, director of the Federation of American Scientists' Project on Government Secrecy, said the report illustrates how arbitrary the classification system is. "Information is classified not because it's sensitive, but because somebody says it is classified," he said. "Several years into the 21st century, we still haven't figured out how to do classification policy right, and the government is still botching the matter." ? 2006 The Washington Post Company From rforno at infowarrior.org Sun Aug 20 21:35:00 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Aug 2006 21:35:00 -0400 Subject: [Infowarrior] - More on....Cold War Blackout (link to source documents) Message-ID: http://www.gwu.edu/~nsarchiv/NSAEBB/NSAEBB197/index.htm What the U.S. Government No Longer Wants You to Know about Nuclear Weapons During the Cold War National Security Archive Electronic Briefing Book No. 197 Edited by William Burr Posted - August 18, 2006 For more information: Dr. William Burr, Thomas Blanton, 202/994-7000 Washington, D.C., August 18, 2006 - The Pentagon and the Energy Department have now stamped as national security secrets the long-public numbers of U.S. nuclear missiles during the Cold War, including data from the public reports of the Secretaries of Defense in 1967 and 1971, according to government documents posted today on the Web by the National Security Archive (www.nsarchive.org). Pentagon and Energy officials have now blacked out from previously public charts the numbers of Minuteman missiles (1,000), Titan II missiles (54), and submarine-launched ballistic missiles (656) in the historic U.S. Cold War arsenal, even though four Secretaries of Defense (McNamara, Laird, Richardson, Schlesinger) reported strategic force levels publicly in the 1960s and 1970s. The security censors also have blacked out deployment information about U.S nuclear weapons in Great Britain and Germany that was declassified in 1999, as well as nuclear deployment arrangements with Canada, even though the Canadian government has declassified its side of the arrangement. The reclassifications come in an environment of wide-ranging review of archival documents with nuclear weapons data that Congress authorized in the 1998 Kyl-Lott amendments. Under Kyl-Lott, the Energy Department has spent $22 million while surveying more than 200 million pages of released documents. Energy has reported to Congress that 6,640 pages have been withdrawn from public access (at a cost of $3,313 per page), but that the majority involves Formerly Restricted Data, which would include historic numbers and locations of weapons, rather than weapon systems design information (Restricted Data). Documents posted today by the National Security Archive include: * Recently released Defense Department, NSC, and State Department reports with excisions of numbers of nuclear missiles and bombers in the U.S. arsenals during the 1960s and70s. * Unclassified tables published in a report to Congress by Secretary of Defense Melvin Laird as excised by Pentagon reviewers. * A "Compendium of Nuclear Weapons Arrangements" between the United States and foreign governments that was prepared in 1968 and recently released in a massively excised version under Defense Department and DOE guidelines. * Canadian and U.S. government documents illustrating the public record nature of some information withheld from the 1968 "Compendium." "It would be difficult to find better candidates for unjustifiable secrecy than decisions to classify the numbers of U.S. strategic weapons," remarked Archive senior analyst Dr. William Burr, who compiled today's posting. "This problem, as well as the excessive secrecy for historical nuclear deployments, is unlikely to go away as long as security reviewers follow unrealistic guidelines." "The government is reclassifying public data at the same time that government prosecutors are claiming the power to go after anybody who has 'unauthorized possession" of classified information," said Archive director Thomas Blanton. "What's really at risk is accountability in government." From rforno at infowarrior.org Mon Aug 21 09:04:37 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Aug 2006 09:04:37 -0400 Subject: [Infowarrior] - Red storm rising Message-ID: http://www.gcn.com/print/25_25/41716-1.html Red storm rising 08/21/06 By Dawn S. Onley and Patience Wait, DOD?s efforts to stave off nation-state cyberattacks begin with China A growing band of civilian units inside China are writing malicous code and training to launch cyberstrikes into enemy systems. And for many these units, the first enemy is the U.S. Defense Department. Pentagon officials say there are more than three million daily scans of the Global Information Grid, the Defense Department?s main network artery, and that the United States and China are the top two originating countries. ?China has downloaded 10 to 20 terabytes of data from the NIPRNet (DOD?s Non-Classified IP Router Network),? said Maj. Gen. William Lord, director of information, services and integration in the Air Force?s Office of Warfighting Integration and Chief Information Officer, during the recent Air Force IT Conference in Montgomery, Ala. ?They?re looking for your identity so they can get into the network as you,? said Lord, adding that Chinese hackers had yet to penetrate DOD?s secret, classified network. ?There is a nation-state threat by the Chinese.? People?s Liberation Army writings in recent years have called for the use of all means necessary, including?or particularly?information warfare, to support or advance their nation?s interests. To China?s PLA, attacks against DOD systems would be the first salvo in a long-term strategy to cripple the U.S. military?s ability to communicate and deliver precision weapons. A big part of the strategy is the PLA?s civilian units?IT engineers drawn from universities, institutes and corporations. The PLA views these militias as its trump card and a way of asserting virtual dominance to paralyze the United States and other potential adversaries. The U.S. military is familiar with China?s approach. In fact, its own strategy in cyberspace is similar to the PLA?s?the countries? doctrines and strategies almost mirror one another. It is unclear how aggressive a posture the United States is taking when it comes to defending against cyberattacks. But DOD certainly is paying attention to China?s offensive aggression, and even considering offensive actions of its own, Lord said. ?But the rules of engagement have to change before we?re fully engaged in cyberspace.? Taking advantage The Pentagon has made net-centricity the core of its transformation into a modern military force, and it seeks ways to create a vast web of information accessible at every level of the warfighting operation, from ground troops to pilots, command staffs to logistics operations. China, recognizing America?s dominance in C4?command, control, communications and computers?wants to disrupt or even remove that advantage, experts have said. If the armies of bygone days traveled on their stomachs, future armies will travel on invisible threads of data. But the concern should not be limited to DOD. All federal agencies have to be aware of the Chinese view of information warfare. Chinese military writings make it clear that in cyberspace there are no boundaries between military and civilian targets. If crashing a country?s financial system through computer attack will paralyze the foe, that?s all part of the new face of war. If DOD?the most security-conscious of all federal agencies?can be attacked, can have information stolen, then other agencies must seem like low-hanging fruit by comparison. China is not the only country targeting DOD systems. John Thompson, chairman and chief executive officer of Symantec Corp. of Cupertino, Calif., told the audience at the Air Force conference: ?There are at least 20 nations that have their own cyberattack programs.? He said there is no way to know how many terrorist organizations have launched similar efforts. But China?the largest country by population at 1.3 billion, third in area, and among the fastest-growing economically?gets the most attention, in part because it is the single largest source of cheap goods sold in the United States, including technology. While Defense and Homeland Security department officials are reluctant to make pointed accusations, events in cyberspace show how the two countries are jockeying for position in preparation for ?virtual? conflict. >From at least 2003 to 2005, a series of coordinated cyberattacks hit U.S. military, government and contractor Web sites with abandon. The systematic intrusions, collectively dubbed Titan Rain, attacked hundreds of government computers. Time magazine reported last year that the incursions originated on a local network that connected to three routers in Guangdong Province, though U.S. officials still offer only generic comments about this and other published reports about Titan Rain. ?What I can say about this is [that] we have seen some attempts at access to our network. We?ve seen some of that from China,? said Air Force Lt. Gen. Robert Kehler, deputy commander of the U.S. Strategic Command. ?We are seeing attacks that traversed through China. I can?t say with any real assurance that that?s where they start,? added Navy Rear Adm. Elizabeth Hight, deputy director of DOD?s Joint Task Force for Global Network Operations. A military attache at the Chinese Embassy in Washington insisted that, to his knowledge, Beijing ?does not want? to use hackers to attack the United States. ?The official answer is, I have no idea about this,? said Sr. Col. Wang in a brief telephone interview. The fallout from this cybercampaign continues among other agencies. In June, the Energy Department revealed that names and other personal information on more than 1,500 employees of the National Nuclear Security Administration had been stolen in a network incursion that took place more than two years ago. NNSA didn?t discover the breach for more than a year after it happened. Officials would not confirm for the record that the data breach was part of Titan Rain, but Alan Paller, research director for the SANS Institute of Bethesda, Md., called it ?an example of the kind of attack and extraction that [has been] going on for the last 2 1?2 years.? Also in June, hackers broke into State Department unclassified networks. In this incident, investigators believe the hackers, who they say launched the attacks from East Asia, stole sensitive information and passwords and planted back doors in unclassified government computers to allow them to return at will, according to a CNN story. ?Tip of the iceberg? ?Any average computer geek knows about spyware, viruses and the countless other hardware and software devices and capabilities that could jeopardize the security of our networks and the information they contain,? Michael Wessel, a commissioner with the U.S.-China Economic and Security Review Commission, said in May. ?These, of course, are only the tip of the iceberg.? And DOD is not alone in trying to keep out hackers from China and other nation states. ?On the commercial side, Internet usage and broadband adoption from China has grown,? said Betsy Appleby, vice president of the public sector at Akamai Technologies of Cambridge, Mass., and former Net-Centric Enterprise Services program director at the Defense Information Systems Agency. ?Specifically considering that the Chinese government is pretty much in control, you can do the math and figure it out.? China has existed as an identifiable society for more than 6,000 years. Its name for itself, in Chinese, is Jhongguo, or Middle Kingdom, sometimes characterized as the land below heaven but above the rest of the world. The country has been under Communist rule for less than 60 years. The millennia-old expectation that China rules, or should rule, ?all under heaven? is a permanent subtext in the country?s psyche, many Sinologists believe. This gives the Chinese great patience; its leaders may take a decades-long view of a problem and its possible solutions. So what the United States characterizes as attacks on its military networks could, to the Chinese, be in-depth reconnaissance. ?If you were an adversary, and you wanted to assess somebody?s strengths and weaknesses, one of the ways to do it would be to probe their defenses, so you would want to take a look at their computer situation,? said John Stack, enterprise architecture and security solutions manager for Northrop Grumman Information Technology?s Defense Group of McLean, Va. For more than a decade, the Chinese military has observed how DOD is modernizing its troops and tactics. The first Gulf War was considered ?a watershed event? in terms of how the Chinese viewed future warfare, according to the Defense Department?s 2004 Annual Report on The Military Power of the People?s Republic of China. ?The PLA noted that the rapid defeat of Iraqi forces?which resembled the PLA at that time in many ways?revealed how backward and vulnerable China would be in a modern war,? the report said. ?The Gulf War also spurred internal PLA debate on the implications of an emergent revolution in military affairs, in which the conflict became a point of reference for efforts to build capabilities in command, control, communications, computers, intelligence, surveillance and reconnaissance, information warfare, air defense, precision strike and logistics.? ?There have been Chinese writings for over a decade regarding the People?s Liberation Army studying cyberwarfare and evolving concepts toward development of information warfare doctrine,? said a Defense Intelligence Agency spokesman. Perhaps one of the most important milestones was the 1999 publication in China of Unrestricted Warfare, a book authored by two colonels in the PLA, that was generated by the PLA?s observations on Desert Storm. The CIA?s Foreign Broadcast Information Service obtained and translated it, and it can now be found on the Internet. ?The new principles of war are no longer ?using armed force to compel the enemy to submit to one?s will,? but rather are ?using all means, including armed force or nonarmed force, military and nonmilitary, and lethal and nonlethal means to compel the enemy to accept one?s interests,? ? the colonels wrote. The book argues that the spread of IT and access to the Internet has removed traditional boundaries and expanded the arena beyond traditional warfighters. ?[T]his kind of war means that all means will be in readiness, that information will be omnipresent, and the battlefield will be everywhere,? the colonels wrote. It ?also means that many of the current principles of combat will be modified, and even that the rules of war may need to be rewritten.? The DIA spokesman said a Chinese major general recently described information warfare ?as containing six elements in its application: operational security, military deception, psychological warfare, electronic warfare, computer network warfare and physical destruction.? Getting the edge The PLA?s new information warfare focus illustrates a growing recognition that cyberattacks launched against the U.S. military could give China a decisive advantage in the event of a crisis. One such crisis scenario, according to people who have studied the issue, would be the prospect of American intervention to aid Taiwan in the event of an attack from China. A 1979 law requires the United States to defend the island nation from attack. Chinese leaders have a conundrum of their own?how the People?s Liberation Army can move against Taiwan but forestall U.S. action long enough to make it a fait accompli. ?For the PLA, using [information warfare] against U.S. information systems to degrade or even delay a deployment of forces to Taiwan offers an attractive asymetric strategy,? wrote James Mulvenon in 1998. Mulvenon is deputy director for advanced analysis at the Defense Group Inc.?s Center for Intelligence Research and Analysis in Washington, and widely regarded as one of the foremost authorities on the Chinese military?s use of IT. ?American forces are highly information-dependent and rely heavily on precisely coordinated logistics networks,? he wrote. ?If PLA information operators ... were able to hack or crash these systems, thereby delaying the arrival of a U.S. carrier battle group to the theater, while simultaneously carrying out a coordinated campaign of short-range ballistic missile attacks, ?fifth column? and [information warfare] attacks against Taiwanese critical infrastructure, then Taipei might be quickly brought to its knees and forced to capitulate to Beijing.? This is the role of information warfare, many experts now believe: Cyberattacks on military C4 systems will amplify the effects of kinetic weapons, to bring matters to a swift conclusion with a minimum of bloodshed. Rear Adm. Hight, of JTF-GNO, said DOD is taking note of the incursions and data extractions, and looking at the department?s defensive measures. ?Our daily efforts are all about assessing and mitigating risks. We are students of Sun Tzu and other philosophical thinkers who have a wonderful way of capturing warfighting concepts,? Hight said. ?The key to this type of warfare is just what you might think of as traditional warfare. You can?t forget the foundations. You can?t forget the basics. The cyberworld relies, in many cases, on foundational concepts in terms of how you protect it.? America?s standing as the current sole superpower is a source of internal conflict for Chinese policies, said James Gilmore III, former governor of Virginia and now with Kelley Drye Collier Shannon?s Homeland Security Practice Group, a Washington law firm. He was chairman of the Advisory Panel to Access Domestic Response Capabilities for Terrorism Involving Weapons of Mass Destruction, created by the Clinton administration in 1999. ?An adversary or partner of the U.S. ... They are prepared to be either one,? Gilmore said. [IMGCAP(4)] Should its leaders feel it is in their interests, China would seek to ?disrupt the DOD?s capacity to communicate overseas and maneuver their people,? he added. Cortez Cooper III, director of East Asia Studies with Hicks and Associates Inc., a defense and national security consulting company in McLean, Va., told the U.S.- China Commission that the Chinese understand their military focus must use niche capabilities to counter the moves of a technologically superior adversary that might challenge their interests. Rehearsing both roles To address the cybersecurity threat, DOD and intelligence officials are playing both offensive and defensive roles. Pentagon officials acknowledge DOD is developing capabilities to deny an adversary the use of its own computer systems to attack U.S. computer networks. JTF-GNO is tasked with operating and defending the GIG, while the National Security Agency has the responsibility for the ?nondefensive parts of operations in cyberspace,? according to Army Maj. Gen. Dennis Moran, vice director for command, control, communications and computer systems for the Joint Chiefs of Staff. As ?part of a good defense, and I don?t care if you?re defending a forward operating base in a country, or no matter what it is physically, you do a very good analysis of what your vulnerabilities are. And there have been analyses within the department to determine what we need to protect and how should we prioritize our resources,? Moran said. ?The resources required to provide that defense are being allocated against those priorities,? Moran said. ?Now, I?m certainly not going to talk about those in detail, because that would certainly be an opportunity to tell someone these are what we are concerned about.? But Moran did talk about the protocols DOD has been working on to improve its network security posture. ?If you look at the whole net-centric strategy that we have in the DOD, the focus is, first of all, identify your data, then appropriately tag that data so it can be made available to other people who are authorized users,? Moran said. ?We are putting in place a service-oriented architecture across the GIG which is able to find, locate and securely move that data to an application. Security is a critical tenet to this whole architecture, because if you?re doing business one way and (another agency) is doing business another way, we are creating seams that an intruder can take advantage of.? Kehler said DOD officials also are mandating full public-key infrastructure implementation for user authentication, requiring automated patch management and looking in the mirror to increase the department?s defensive position. ?We?re looking at ourselves pretty hard to understand where our vulnerabilities are,? Kehler said. ?Sometimes we find that our worst enemy in protecting our information is ourselves. In order to make things better faster, sometimes our people leave doorways open into our network.? The key to closing those doorways is a layered defense-in-depth strategy, Hight said. ?We don?t have a single approach. We?re trying to protect the house by locking the doors, locking the windows, making sure wires that come in and out of the house are protected,? Hight said. ?Our organization is very transient, so as we get systems administrators moving around the world, we want to make sure they know they have a consistent and well-defined set of procedures that they adhere to and provide consistent protections for the network.? To accomplish this, JTF-GNO is looking at the best way to train Defense employees on cybersecurity mechanisms, what types of protective software to employ and how to standardize processes. Additionally, Hight said, the organization soon will release a Network Operations Concept of Operations (Netops/Conops) document, which will detail for military personnel how to secure their systems. Hight said the document describes three basic concepts that make up the department?s larger doctrinal view: * Ensuring systems and networks that deliver information are available * Ensuring information can move freely from one point to another * Ensuring information is protected at the right level. ?When you go to Amazon.com, you can see what Amazon chooses for you to see, their book titles and other information. You can?t see Amazon?s financial information, because they mask that from you,? Hight said. ?So the protection of information might be something as simple as where you put that information and [whom] you make that available to.? The exploitation of network weaknesses doesn?t mean that more traditional forms of espionage targeting cyberassets can be overlooked. For instance, in August 2001, U.S. Customs officers arrested two men for trying to export military encryption technology to China. What?s a real threat? Four months earlier, enraged Chinese hackers had defaced dozens of U.S. military Web sites following the collision of a U.S. surveillance plane and a Chinese fighter plane. The Chinese pilot died as a result of the accident. Is that kind of threat, whether from China or another country, real? John Hamre, president and chief executive officer of the Center for Strategic and International Studies, believes so. He served in the 1990s as comptroller, then deputy secretary of Defense. ?I was so deeply involved in cybersecurity issues when I was the deputy secretary, but have not been involved in these issues since,? he said. ?I continue to believe that cyberthreats will overwhelmingly be from competent national state security elements, and that intelligence is the higher goal, not disruption.? Still, Donavan Lewis, chief of the Defense Intelligence Agency?s threat analysis division, wants the United States to think more about long-term trends. ?China has shifted its dependence away from the United States to [countries such as Malaysia and South Korea], while our dependence on them has grown,? he said during a Defense conference in Salt Lake City in May. ?We?ve got to adjust our thinking, our calculus about how we put together a system of systems.? He admits to being worried about the possibility that ?subversive functionality could be embedded? in technology. ?The Defense acquisition community is not used to thinking of itself as part of computer security,? he said. ? 1996-2006 Post-Newsweek Media, Inc. All Rights Reserved. From rforno at infowarrior.org Mon Aug 21 09:11:21 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Aug 2006 09:11:21 -0400 Subject: [Infowarrior] - Securing data by scattering the pieces Message-ID: Securing data by scattering the pieces By John Markoff http://news.com.com/Securing+data+by+scattering+the+pieces/2100-7355_3-61075 57.html Story last modified Sun Aug 20 21:51:12 PDT 2006 Chris Gladwin, a software designer and businessman in Chicago, had time on his hands after selling his company, the online music store Music Now, in 2004. So he decided to digitize all of the music, photos and paper detritus that he had been meaning to organize for years. After he was finished, he discovered that he had 27 gigabytes of data--equivalent to a library of 22,000 books--that he was eager to protect. "I wondered, 'what are my options?'" he said, "and I realized that none of them were that good." But he had been reading histories of early encryption research, and he saw a gem of an idea in the work of cryptographers who kept information secure by dividing it into pieces and dispersing it. So what began as a home improvement project culminated in a system called Cleversafe, with potential applications far beyond Gladwin's memorabilia. For companies and government agencies trying to secure networked data, it offers a simple way to store digital documents and other files in slices that can be reassembled only by the computers that originally created the files. The idea of distributed data storage is not new. But Cleversafe is significant because it is an open-source project--that is, the technology will be freely licensed, enabling others to adopt the design to build commercial products. That approach may contribute to Cleversafe's potential to lower the cost of reliably storing data on the Internet. "If we distributed data around the world this way, it would be a pretty resilient way to store data," said David Patterson, a computer scientist at the University of California, Berkeley, who is a pioneer in designing distributed data storage techniques. Gladwin contends that Cleversafe can store data at a lower cost and make it more secure than current Internet services. The group is counting on a continuing explosion of consumer digital data of all types, including new generations of high-definition still and video cameras that will create demand for secure and private backup capabilities. Computer scientists argue that projects like Cleversafe are an indication that the broadband Internet will soon have the same impact on data storage that it has had on computing and communications technologies. Dozens of commercial Web storage services are already used to back up data safely. In addition, Amazon's S3 and other services are intended to enable an array of digital Internet services to operate without any local storage capacity. But the current design of such services generally involves making as many as five or more complete copies of the original data and storing them at multiple locations to ensure that information is not lost through a drive failure or other catastrophe. The Cleversafe design will cut the amount of storage space needed for secure backup by more than half. Gladwin, 42, said he was deeply influenced by a seminal paper, "How to Share a Secret," written in 1979 by Adi Shamir, a designer of the encryption algorithm known as public-key cryptography. The paper describes how a message can be broken into pieces and then reassembled from a subset of those pieces without revealing the message. Gladwin developed a set of software routines that would copy the data stored on his PC into a large number of fragments, or slices. The mathematics of his solution had an additional benefit: the original data could be reconstructed from a majority of the slices. The design made it possible to retrieve a complete set of his original data even if some of the disks that held portions of the data failed or went offline. The design of such "distributed file systems" is already a rich area of computer science research, and commercial systems are widely available in the software and data-storage markets. But Gladwin argues that his new standard offers security and efficiency features not easily available either to information technology managers or to individual computer users. The experimental Cleversafe research grid is located at 11 storage sites around the world, but Gladwin is hoping that a commercial network will evolve, composed of tens of thousands or hundreds of thousands of storage sites that will be accessible at low cost. The Cleversafe design could lead to a communal Internet storage system that Patterson called "hippie storage." The idea is similar to SETI at Home, the shared computing system that allows PC users to contribute idle time on their machines to create a distributed supercomputer. Today most distributed storage systems work by making multiple copies of data at multiple locations and then using various mechanisms to keep the copies synchronized. Examples include distributed file systems from Microsoft and Google as well as a system designed by software developers at Stanford known as Lockss--Lots of Copies Keep Stuff Safe--that is used to preserve the digital versions of academic journals. The Cleversafe project uses a different approach based on dispersing data in encrypted slices rather than copying it. That approach shares some design similarities with a Berkeley research project known as OceanStore, which is also intended to create a globally distributed computer storage system. "They're not making a commercially implemented solution," Gladwin said of the Berkeley project. "Our focus is something that people can use." A storage industry analyst said that such an approach had significant potential. "The great thing about storage is that it's always a moving target," said Michael Dortch, principal business analyst at the Robert Frances Group, an industry consulting organization. "The I.T. industry is littered with the bodies of people who have said solution X will never fly." The Cleversafe project, with 25 employees, is housed on the campus of the Illinois Institute of Technology in Chicago. Gladwin said the school had been an ideal technology incubator because of the ready availability of student technical talent. One company considering the Cleversafe software is Univa, a developer of grid computing software and systems. "The potential to be able to geographically distribute data over the Internet has very nice properties," said Steve Tuecke, a founder and chief technology officer of Univa, in Lisle, Ill. An early financial backer of the project, Stewart Alsop, argues that Cleversafe is an indication that the open-source software movement is shifting from merely reusing existing designs to becoming a force for innovation. "Data storage on the Internet is one of the most brutally competitive markets in the world," he said. "But nobody is using this architecture, and the logical benefits of this are remarkable." Entire contents, Copyright ? 2006 The New York Times. All rights reserved. From rforno at infowarrior.org Mon Aug 21 09:20:23 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Aug 2006 09:20:23 -0400 Subject: [Infowarrior] - Department of Defense study urges open source adoption Message-ID: Department of Defense study urges open source adoption http://arstechnica.com/news.ars/post/20060820-7545.html 8/20/2006 6:50:40 PM, by Ryan Paul The Open Technology Development road map, a recently authored government report, advises deputy undersecretary of Defense Sue Payton to integrate a comprehensive open source strategy into defense department procurement and development policies. Written by consultants for Advanced Systems & Concepts in collaboration with major technology companies and the Open Source Software Institute, the 79-page report advocates adoption of open technologies, support for and adherence to open standards, and discusses topics like licensing and software project governance. The report argues that the standard practices associated with purchasing of physical goods are not adequate or fully applicable to software. According to the report, the DoD is "limiting and restricting the ability of the market to compete for the provision of new and innovative solutions and capabilities" by "treating DoD-developed software code as a physical good." The report also points out that utilizing open source technology will force the commercial software industry to respond with greater agility and competitiveness. In addition to promoting open technology, the authors of the report feel that the DoD can improve interoperability while increasing efficiency and productivity by creating standard policies for internal redistribution of code developed by contractors. The report states that "by not enabling internal distribution, DoD creates an arbitrary scarcity of its own software code, which increases the development and maintenance costs of information technology across the Department." The report strongly cautions against proprietary vendor lock-in and discusses at length how open standards can facilitate interoperability between open source and proprietary systems, explaining that the DoD "needs to evaluate the impact that locking into one set of proprietary standards or products may have to its ability to react and respond to adversaries and more importantly, to technological change that is accelerating regardless of military conflict." That theme is particularly prevalent, and the report heavily emphasizes the need for technological agility in modern warfare, articulating various ways that open technology can help the United States military "remain competitive in a rapidly shifting technological landscape" and adequately defend against "the disruptive technologies leveraged by our adversaries." The report is a positive sign of technological progress within the department of defense, but can the plan be implemented? There are sure to be stumbling blocks along the way, particularly in contexts where legacy proprietary systems have to be adapted to interface with modern, open systems. The report attempts to address some of these problems, but such things are more easily said than done. The plan certainly looks realistic, and it includes what appear to be well=reasoned deployment goals that are both clear and general. The DoD study is also consistent with the results of other recent studies conducted by independent organizations in private industry. Market research group IDC has determined that open source software is gaining "enormous momentum" and constitutes the "most significant all-encompassing and long-term trend that the software industry has seen since the early 1980's." IDC's recent study determined that open source software is used by over 70 percent of all developers worldwide, and IDC senior vice president of global software research Anthony Picardi claims that "the real impact of open source is to sustain innovations in mature software markets, thus extending the useful life of software assets and saving customers money." Open source software clearly has an important place in the future of software development in both the private and public sectors. In light of the FBI's costly repeated failures to modernize its own internal technology infrastructure, law enforcement agencies should take note of the advantages of open technology as described by Advanced Systems & Concepts in its report for the Department of Defense, and consider pursuing similar strategies. From rforno at infowarrior.org Mon Aug 21 10:36:29 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Aug 2006 10:36:29 -0400 Subject: [Infowarrior] - Federal Appeals Court: Driving With Money is a Crime Message-ID: Federal Appeals Court: Driving With Money is a Crime Eighth Circuit Appeals Court ruling says police may seize cash from motorists even in the absence of any evidence that a crime has been committed. http://www.thenewspaper.com/news/12/1296.asp US Court of Appeals, Eighth CircuitA federal appeals court ruled yesterday that if a motorist is carrying large sums of money, it is automatically subject to confiscation. In the case entitled, "United States of America v. $124,700 in U.S. Currency," the U.S. Court of Appeals for the Eighth Circuit took that amount of cash away from Emiliano Gomez Gonzolez, a man with a "lack of significant criminal history" neither accused nor convicted of any crime. On May 28, 2003, a Nebraska state trooper signaled Gonzolez to pull over his rented Ford Taurus on Interstate 80. The trooper intended to issue a speeding ticket, but noticed the Gonzolez's name was not on the rental contract. The trooper then proceeded to question Gonzolez -- who did not speak English well -- and search the car. The trooper found a cooler containing $124,700 in cash, which he confiscated. A trained drug sniffing dog barked at the rental car and the cash. For the police, this was all the evidence needed to establish a drug crime that allows the force to keep the seized money. Associates of Gonzolez testified in court that they had pooled their life savings to purchase a refrigerated truck to start a produce business. Gonzolez flew on a one-way ticket to Chicago to buy a truck, but it had sold by the time he had arrived. Without a credit card of his own, he had a third-party rent one for him. Gonzolez hid the money in a cooler to keep it from being noticed and stolen. He was scared when the troopers began questioning him about it. There was no evidence disputing Gonzolez's story. Yesterday the Eighth Circuit summarily dismissed Gonzolez's story. It overturned a lower court ruling that had found no evidence of drug activity, stating, "We respectfully disagree and reach a different conclusion... Possession of a large sum of cash is 'strong evidence' of a connection to drug activity." Judge Donald Lay found the majority's reasoning faulty and issued a strong dissent. "Notwithstanding the fact that claimants seemingly suspicious activities were reasoned away with plausible, and thus presumptively trustworthy, explanations which the government failed to contradict or rebut, I note that no drugs, drug paraphernalia, or drug records were recovered in connection with the seized money," Judge Lay wrote. "There is no evidence claimants were ever convicted of any drug-related crime, nor is there any indication the manner in which the currency was bundled was indicative of drug use or distribution." "Finally, the mere fact that the canine alerted officers to the presence of drug residue in a rental car, no doubt driven by dozens, perhaps scores, of patrons during the course of a given year, coupled with the fact that the alert came from the same location where the currency was discovered, does little to connect the money to a controlled substance offense," Judge Lay Concluded. The full text of the ruling is available in a 36k PDF file at the source link below. Source: PDF File US v. $124,700 (US Court of Appeals, Eighth Circuit, 8/19/2006) From rforno at infowarrior.org Mon Aug 21 22:21:03 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Aug 2006 22:21:03 -0400 Subject: [Infowarrior] - TSA's Vigilant Effective Puppy Propaganda Message-ID: TSA's Vigilant Effective Puppy Propaganda The Transportation Security Administration has a fancy new website and a fancy new image. Its new tag line: Vigilant, Effective, Efficient. < - > http://blog.wired.com/27BStroke6/index.blog?entry_id=1543233 From rforno at infowarrior.org Mon Aug 21 23:42:27 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Aug 2006 23:42:27 -0400 Subject: [Infowarrior] - Cityscape of fear Message-ID: http://www.salon.com/news/feature/2006/08/22/architecture/print.html Cityscape of fear American architecture is still reeling from the 9/11 attacks. Critics and architects say that security now trumps design, as barricades and mall-like plazas are sucking the soul out of urban life. By Farhad Manjoo Aug. 22, 2006 | Within a week after the 9/11 terrorist attacks, officials at New York's Lincoln Center for the Performing Arts set up a half dozen massive concrete freeway separators in a stately line across Josie Robertson Plaza, the complex's main outdoor entryway. The security barricades, unsightly white slabs known as Jersey barriers, were intended to protect the center's performance halls from a speeding truck bomb. Perhaps only the most unusually cultured of terrorists would want to hit Lincoln Center, which sits five miles north of ground zero on the Upper West Side of Manhattan -- but in the tense aftermath of the attacks, no precaution seemed too much. Lincoln Center groundskeepers thoughtfully topped the Jersey barriers with colorful potted plants, a rehabilitation technique along the lines of pinning a tiara on Medusa. Almost five years have passed since the attacks. The barriers remain in place. To appreciate how America has changed since 9/11, walk slowly through any major city. What you'll see dotting the landscape is the physical embodiment of fear. Security installations put up after the attacks continue to block public access and wrangle pedestrian traffic. Outside Manhattan's Port Authority Bus Terminal, garish purple planters menace rush-hour pedestrian traffic. The gigantic planters have abandoned all horticultural ambition, many of them blooming with nothing more than trash and untilled dirt. "French barriers," steel-grate barricades meant for controlling crowds, ring many landmark sites -- including San Francisco's Transamerica Building -- like beefy bodyguards protecting starlets. Then there are the bollards, the cylindrical vehicle-blocking posts that are so pervasive you wonder if they've mastered asexual reproduction. In Washington, bollards surround everything. Not since Confederate Gen. Jubal Early attacked the city in 1864 has the nation's capital felt so under siege. It's not just the barriers, it's also the buildings. Since 9/11, risk consultants working for police departments, federal agencies and insurance companies have wrested control over many new construction plans. "There's a sense that security experts are acting as the associate architects on every project built today," says Paul Goldberger, the architecture critic of the New Yorker. Consultants tend to encourage architectural bulk at the expense of grace. As a prime example, Goldberger points to the Freedom Tower, the skyscraper at the center of the proposed new Trade Center site. After the New York Police Department determined that an early design was vulnerable to truck bombs, the building's architect, David Childs, of the firm Skidmore, Owings and Merrill, was forced to move the structure far back from the street, and to turn its lower 20 stories into a windowless reinforced concrete pedestal covered in glass. "It's a pretty grim piece of architecture," Goldberger says of the tower. "It doesn't advertise freedom to the world, it advertises fear." Goldberger's assessment jibes with designers' larger worry over what we're losing in cities changed by 9/11. Security measures, they say, are undoing the many pleasures and functions of urban life. You don't need to have studied Jane Jacobs to understand that what's best about a city is often to be found on or just off sidewalks, in the dense, chaotic and free interplay between people and buildings. This may sound high-minded and theoretical. But by pushing people tightly together in small spaces, cities naturally increase the possibility of social intercourse. Merely strolling down a sidewalk in New York requires and instills more tolerance for other people than you're likely to need or learn during a year of life in an Atlanta exurb. Cultural theorist Marshall Berman, author of "On the Town," and other books on New York, adds that after 9/11, "the bonds of civil society were strenghthened in New York." He believes that now, in an era of low crime, New York feels more united than at any time in the recent past. But others fear that security measures may be inhibiting urban connections. Setting buildings far back from the street, placing them atop concrete blast shields, crowding sidewalks with barricades, constantly screening people as they enter or exit buildings, electronically surveilling them at every waking moment -- these measures push us apart and foster our fears and suspicions. The effect is physical as well as psychic. Goldberger points out that you used to be able to walk around Manhattan, both on the sidewalks and through the lobbies of large buildings, without showing any credentials. Today that's nearly impossible because entering nearly every building requires passing through a security checkpoint. The checkpoint culture weighs on the soul, reminding us at every point that we live in a dangerous time, and that anyone we see might seek to do us harm. Many progressive architects argue that this is not how it has to be, and they've come up with thoughtful designs that accommodate legitimate security concerns without giving in to our worst nightmares. "Architecture has always elevated our society in times of distress, and always spoken to a sense of great social optimism," says Tim Christ, an architect at the Santa Monica firm Morphosis, which has won acclaim for the way it has balanced safety and beauty in its public projects, including the enormous new federal building in San Francisco. In New York, in particular, select firms are striving to incorporate the new security mandates into their designs in innovative ways. But conquering fear is difficult, and architects, whose creations will remain on the planet for decades to come, are divided on whether they can succeed. The 9/11 attacks put our cities on the front lines of a new war. Can we keep them from looking like battlefields? Jersey barriers have no natural business on city sidewalks. That's not just because they're ugly -- they also do nothing to halt attacks. The barriers, which were designed as lane separators by New Jersey's state Highway Authority in 1955, are intended to be placed on roads parallel to the direction in which cars are traveling. A vehicle that nudges too close to the barrier will ride up its tapered edge and slide back onto the road, suffering minimal damage. But placed the opposite way -- in front of a building to protect against oncoming attack -- a Jersey barrier is no match for a fast car or truck. In crash tests, speeding vehicles that hit the barriers at obtuse angles simply knock them over or vault over them straight at the target. In their rush to beef up security after 9/11, however, few building operators thought much about the aesthetic or practical shortcomings of such barriers. There was no time for such high-minded introspection -- buildings needed to install something quickly, and Jersey barriers were all they had. Betsy Vorce, a spokeswoman for Lincoln Center, says that no one at Lincoln Center considers the plant-topped barriers to be a statement of the center's design sensibility. As part of an overall renovation, the complex is currently looking for a permanent replacement for the Jersey barriers, but it hadn't given much thought to design of the barricades until recently. In an emergency, Vorce points out, "security is the paramount consideration." But in a never-ending war, it's never quite clear when the emergency is over. After the 9/11 attacks, especially in New York and Washington, there wasn't exactly a moment in time when people could decide that the situation was now finally safe and that the barriers could come down. So they stayed up, and not just at Lincoln Center. In the days after 9/11, the New York Stock Exchange, about a half-mile south of the World Trade Center, decided to limit vehicular traffic on the streets that run past the building. Officials blocked off the seven intersections surrounding the Exchange using a jury-rigged combination of Jersey barriers, traffic cones, bright fences and sandbag-laden pickup trucks. The barricade system looked ad hoc and temporary, like checkpoints you might see in war-torn cities in the Middle East. But the system wasn't temporary at all. It stayed in place for four years. Living and working in a militarized cityscape is a toxic affair. The blocked-off intersections surrounding the Stock Exchange suggested a city that had barricaded itself inside its own worst fears. In 2004, business tenants in the Financial District began threatening to leave because their employees had grown weary of the indignity of spending time in such a dreary wasteland. "It wasn't just the perception but the reality that this place was a target that had everbody on edge," says Noah Pfefferblit, president of Wall Street Rising, a nonprofit neighborhood group in lower Manhattan. Residents no longer wanted to be constantly reminded of the dangers they faced "by seeing a visually overwhelming security presence." City planning authorities finally stepped in to save the Financial District; they selected a TriBeCa firm called Rogers Marvel to come up with a new way to protect the area. I took a walk through the district on a recent sweltering weekday afternoon. The Stock Exchange continues to block vehicles at its surrounding intersections, but instead of idling pickups, the streets are now populated with giant sculptural boulders called NoGos. The NoGos, designed by Rogers Marvel, are blocks of heavy concrete covered in multifaceted boxes of shimmering bronze. They resemble a comic-book artist's take on a barricade, a playful and handsome gem whose actual purpose -- keeping a speeding truck laden with explosives from getting anywhere near the Stock Exchange -- is invisible to the public. In fact, people have found many uses for the barricades. At 2-and-a-half feet tall, a NoGo makes an ideal seat. Suited Wall Street types crowd about the NoGos at lunchtime and kids climb and stretch on them as if they were a downtown jungle gym. Like other architects who've been working to design better ways of securing public sites, Jonathan Marvel is wary of providing many details about his firm's projects. But he is keen to discuss why, after 9/11, he became interested in working on security infrastructure. He says that as he looked out on the streets of New York in the months after the attacks, he began to sense that architects weren't being consulted about this newly crucial aspect to urban design. "Everybody within the design community is distressed by what's happening," Marvel says. "To navigate public space you have to meet a new threshold that wasn't there before. Everywhere is like the airport now -- the barriers, the lining up, the undressing. At the airport all that is an unfortunate necessity, but when you have to do it in a building, that's when -- as a designer and as a citizen -- I find it unacceptable." Marvel describes today's increasingly barricaded streetscape as "a throwback to the Middle Ages, where there was a mote and drawbridge separating one side of society from the other." If Marvel was in business back then, he might have turned the mote into a fountain. His philosophy entails creating security devices whose true function isn't clear from their form, devices that, like those NoGos, also fill some other public purpose. In Battery Park City, just across West Street from ground zero, and home to the World Financial Center, Marvel's firm reduced the threat of truck bombs simply by redesigning the streets surrounding the targeted buildings. On North End Avenue, the main thoroughfare leading to the WFC buildings, the firm proposed subtly raising parts of the roadbed and inserting sharp turns at strategic locations on the road. Not only did the new configuration force vehicles approaching the buildings to slow down -- which is important because a fast truck bomb can cause a lot more damage than a slow one -- reshaping the street also created a pedestrian walkway and a small park in the area. Just outside the World Financial Center buildings, Rogers Marvel designed what the firm calls a Tiger Trap, a sidewalk plaza built on top of the kind of collapsible concrete used to stop runaway planes at airports. The concrete is strong enough for pedestrians to walk on but it crumbles under the weight of a truck. In tests, a Tiger Trap has stopped a 15,000 pound vehicle going at 50 miles per hour. But that capacity will remain completely invisible to people who visit the site. In design circles, such innovative security efforts have gained prominence, and public agencies that wield the greatest influence in urban design -- such as the planning authorities in New York and Washington and the General Services Administration, which builds federal office buildings -- have begun to encourage permanent and elegant architectural responses to security threats. In 2001, the National Capital Planning Commission rejected several bulky plans to protect the Washington Monument, including one proposal to surround the site with a ring of almost 400 bollards. Instead, the commission -- which had thrown up Jersey barriers at the monument after the Oklahoma City bombing in 1995, another temporary measure that had become permanent -- chose a brilliantly invisible plan by the Philadelphia landscape architecture firm Olin Partnership. Olin proposed using an 18th century fortification called a ha-ha, a long, low wall sunken inside a trench used by European gardeners to keep animals corralled without visible fencing. Olin designed a series of granite ha-has along the pathways leading to the monument; the simple system, which keeps the site safe from vehicles in a way that's friendly to people, was installed in 2005. "If we are going to remain a social culture, we have to allow people to live in an environment that is physically safe but isn't replete with physical barriers," says David Rubin, a partner at Olin. "There's a growing demand for that sophistication." Others aren't so sanguine. Vishaan Chakrabarti, former director of the Manhattan office of New York Department of City Planning, says one problem with invisible security installations is that they often don't satisfy security consultants. "A lot of security folks are trained to believe that a place needs to look secure," Chakrabarti says. Indeed, one of the paradoxes of security infrastructure is that sometimes appearance can be more important than actual strength. A Tiger Trap is more effective at blocking a truck bomber than a Jersey barrier -- but a Jersey barrier looks more menacing. "Especially if you're a private entity, what you're trying to do is make your place look secure so the bad guys go next door," Chakrabarti explains. "The problem is the design and planning community is trying to make the stuff invisible -- they're trying to say, 'Let's make the NoGos as small as possible.' The security people might say, 'All right, technically, scientifically, that smaller thing may protect against the same level of threat as something bigger -- but it doesn't look as defensive.'" Even sites that have been designed to cleverly address security, Chakrabarti says, are victims of security creep, a culture in which security officials keep putting up more NoGos, or increasing the perimeters around buildings, long after the designers have had their say. "What's difficult is that these things sort of require constant monitoring," Chakrabarti says. New emergencies throw any design asunder. In New York, "there was a big push for Jersey barriers during the Republican Convention," says Rick Adler, the founder of RSA Protective Technologies, a firm that designs perimeter security systems. "It was like half of the push after 9/11. People just put up anything they could." For those who argue that security experts now trump architects in urban design decisions, the plans for the Freedom Tower constitute Exhibit A. Critics have long derided the design as too bland for the charged site, an uninspired mingling of the visions of two very different architects -- Skidmore's David Childs, whom the developer Larry Silverstein selected to work on the site, and Daniel Libeskind, who won a competition to become the master planer for ground zero. But it was in June 2005, when Childs unveiled a plan to satisfy the New York Police Department's assessment that a previous design was too vulnerable to truck bombs, that the critical clamor rose to fever pitch. To minimize the building's vulnerability to street-side explosion, Childs moved it away from its surrounding roads and sidewalks. The building will be set back an average of about 90 feet from West Street, the busiest thoroughfare running past the site. Childs also changed the manner in which the tower meets the ground, converting the previous designs' inviting entryway into a 200-foot-tall podium constructed of reinforced concrete. The concrete base would serve as a blast shield surrounding the lobby; there would be some openings to let in light at its higher edges, but it would primarily be unadorned of windows. Tenants would work high up above the lobby, far out of a truck bomber's way. Nicolai Ouroussoff, the New York Times' architecture critic, wrote that the plan represented "exactly the kind of nightmare that government officials repeatedly asserted would never happen here: an impregnable tower braced against the outside world." Carl Galioto, a partner at Skidmore, told me that he thinks much of the criticism was premature. The concrete base the firm unveiled in 2005 was never supposed to be the final plan; architects had always meant to dress the Freedom Tower's pedestal in something more attractive. A few months ago, they did just that, proposing to clad the building in panels of glass prisms that would shimmer in sunlight. The laminated glass would also be safe for occupants -- in the event of a blast, it would shatter into tiny harmless pieces, much like a car's windshield. Galioto believes the new glass-clad base will make the Freedom Tower both exceedingly safe and habitable. He says the design shows that the terrorist attacks haven't changed architecture so much as they changed "the practice of architecture." The best architects, he says, will find ways to create beauty within the new constraints. As an example, he points to the new Seven World Trade Center, also designed by his colleague David Childs. Tower 7 does seem to stand as a monument to the possibility of realizing grace in a grim world. The original 47-story granite-and-glass building that stood across Vesey Street from the Trade Towers disappeared into the ground at 5:21 p.m. on 9/11. The new tower, which opened in May, is an elegant glass parallelogram that now dominates ground zero. Like the Freedom Tower, 7 also sits atop an enormous concrete vault (it's not there for blast resistance but because it houses a Con Edison substation that powers much of Lower Manhattan). But from the street, the concrete isn't visible. Childs has covered the base with handsome stainless steel panels designed by the celebrated TriBeCa designer James Carpenter. Carpenter also designed the tower's exterior glass cladding, which surrounds its office space from the eighth story to the top. He chose glass that's low in iron and coated with an anti-reflective material that keeps out radiant heat; the glass is so transparent that at certain hours, when the sun hangs low on the horizon, Tower 7's walls seem to disappear, and you can see through entire floors of the building. But what's most striking about 7, considering its location, is its pronounced ordinariness. Inside, the building has been outfitted with a thick concrete core to protect its elevators and stairwells in the case of attack. Compared to the previous WTC towers, it's got wider stairwells for emergency egress, and its floors are protected by a much thicker layer of fireproofing. Its designers call it the "safest office building in America." But from the outside, you can't tell any of this. "One of the best things about it is that it looks like many other elegant, sophisticated glass office buildings rather than like something different," says Goldberger. "I think it's a very nice building." But Tower 7 doesn't eliminate all of Goldberger's concerns about the site, or about the way urban design has been corrupted by security. He concedes that Childs' new plan to surround the Freedom Tower's base in glass mitigates the harshness of the concrete pedestal, but he points out that it "doesn't deal with one of the key problems of all those designs, which is that they're set back so far from the street that the whole nature of a civilized street life is all wiped away." Many designers and planners agree that the practice of setting new buildings back from the street is one of the most troubling security impositions. In "The Death and Life of Great American Cities," Jane Jacobs told of the "intricate sidewalk ballet" that characterized the stretch of Hudson Street in Greenwich Village, where she lived in the 1960s. The ballet involved locksmiths, shopkeepers, butchers, longshoremen, teenagers, tailors, toddlers -- people of all stripes whose everyday interactions on the packed street, she argued, provoked a sense of "casual public trust" in the community. Today's security installations reduce our chance encounters on the street and risk breaking our casual public bonds. "Cities basically operate off their street life, and if buildings become just big blank walls because people are afraid of the street, it's fundamentally contradictory to what cities are all about," Chakrabarti says. He adds: "You look at the charts that a lot of security people use and they'll say, 'The building has to be X-hundred feet from the street.' You start thinking about that en masse and what you're talking about is the suburbs. That kind of thinking, when it starts becoming cumulative, could really endanger something that we really want and need, which is a dense urban environment." Architects, like many artists, are by nature a contemplative and slightly anxious lot, and some are given to exaggeration over the actual practical difficulties imposed by post-9/11 security measures; where you or I might see only a line of ugly Jersey barriers or buildings inhospitably far away from the street, a designer will see the seeds of civic destruction. It is, in other words, possible to get carried away in this analysis, and Chakrabarti, for one, understands that setting back some new buildings in the city isn't going to turn New York into a suburb. Moreover, in the case of the World Trade Center site, setbacks won't be anything new. As Goldberger has pointed out, 16 acres of lower Manhattan in 1968 were destroyed to create the "superblock" upon which the original World Trade Center was set. Ground zero's new design will restore the streets eliminated then -- therefore we might see more street-side interaction in the new design because it adds streets to the map. A few designers even point out that moving buildings away from streets can make for a nice addition to cities. Barbara Nadel, a New York architect who edited a volume called "Building Security: Handbook for Architectural Planning and Design," says that if they're designed cleverly, plazas built in the spaces created by set-back buildings might become useful open areas in otherwise too densely packed metropolises. Right now in many cities, she says, "there's not enough open space where you can sit down and have a lunch or take in the sun." When you push a building away from the sidewalk, you create precisely such an area. In renderings showing a street view of the future Freedom Tower, the building's concrete base is surrounded by a large plaza topped with trees, steps and a fountain. If you're working in downtown New York one day 10 years from now, the steps might be a nice place to stop and have a burrito. On the other hand, you can see in this picture the cause of architects' fears. The plaza is surrounded by a line of vehicle-blocking posts that resemble tombstones, and you've got to climb a mountain of stairs to get to the building, barricaded against the street. And this illustrates the main flaw in using architecture as a tool to fight terrorism -- we're building structures that may last forever but are frozen around our present-day fears. Architecture is an art form of anticipation, the challenge of building structures that will continue to be meaningful and useful in the decades and centuries to come. Truck bombs, on the other hand, are an acutely modern phenomenon. "There's a tendency right now to design out of fear of the last generation of terrorism," Goldberger argues. "The reality is terrorists are very smart, they're way ahead of us. And yet we're still worrying about truck bombs and giving up so much of what is important to us." Certainly we can make buildings that are easier to escape from during disaster, or that are less vulnerable to total collapse, Chakrabarti says. But architecture is ultimately a weak defense against terrorism. "As soon as you get into the notion of people flying planes into buildings," he says, "you're talking about a scale of madness against which architecture should not be the line of defense." -- By Farhad Manjoo From rforno at infowarrior.org Mon Aug 21 23:45:50 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Aug 2006 23:45:50 -0400 Subject: [Infowarrior] - Officials Seek Broader Access to Airline Data Message-ID: August 22, 2006 Officials Seek Broader Access to Airline Data By ERIC LIPTON http://www.nytimes.com/2006/08/22/washington/22data.html?ei=5094&en=b7c196fd 8e030330&hp=&ex=1156219200&partner=homepage&pagewanted=print WASHINGTON, Aug. 21 ? United States and European authorities, looking for more tools to detect terrorist plots, want to expand the screening of international airline passengers by digging deep into a vast repository of airline itineraries, personal information and payment data. A proposal by Homeland Security Secretary Michael Chertoff would allow the United States government not only to look for known terrorists on watch lists, but also to search broadly through the passenger itinerary data to identify people who may be linked to terrorists, he said in a recent interview. Similarly, European leaders are considering seeking access to this same database, which contains not only names and addresses of travelers, but often their credit card information, e-mail addresses, telephone numbers and related hotel or car reservations. ?It forms part of an arsenal of tools which should be at least at the disposal of law enforcement authorities,? Friso Roscam Abbing, a spokesman for Franco Frattini, vice president of the European Commission and the European commissioner responsible for justice and security, said Monday. The proposals, prompted by the recent British bomb-plot allegations, have inspired a new round of protests from civil libertarians and privacy experts, who had objected to earlier efforts to plumb those repositories for clues. ?This is a confirmation of our warnings that once you let the camel?s nose under the tent, it takes 10 minutes for them to want to start expanding these programs in all different directions,? said Jay Stanley, a privacy expert at the American Civil Liberties Union. The United States already has rules in place, and European states will have rules by this fall, allowing them to obtain basic passenger information commonly found in a passport, like name, nationality and date of birth. American officials are pressing to get this information, from a database called the Advance Passenger Information System, transmitted to them even before a plane takes off for the United States. But a second, more comprehensive database known as the Passenger Name Record is created by global travel reservation services like Sabre, Galileo and Amadeus, companies that handle reservations for most airlines as well as for Internet sites like Travelocity. Each time someone makes a reservation, a file is created, including the name of the person who reserved the flight and any others traveling in the party. The electronic file often also contains details on rental cars or hotels, credit card information relating to travel, contact information for the passenger and next of kin, and at times even personal preferences, like a request for a king-size bed in a hotel. European authorities currently have no system in place to routinely gain access to this Passenger Name Record data. Mr. Frattini, his spokesman said, intends to propose that governments across Europe establish policies that allow them to tap into this data so they can quickly check the background of individuals boarding flights to Europe. ?It is not going to solve all our problems,? Mr. Abbing said. ?It is not going to stop terrorism. But you need a very comprehensive policy.? American authorities, under an agreement reached with European authorities in 2004, are already allowed to pull most of this information from the reservation company databases for flights to the United States to help look for people on watch lists. Members of the European Parliament successfully challenged the legality of this agreement, resulting in a ruling in May by Europe?s highest court prohibiting the use of the data after Sept. 30, unless the accord is renegotiated. European and American officials expect to reach a new agreement by the end of September. But Mr. Chertoff said that in addition to simply reinstating the existing agreement, he would like to see it eventually revised so American law enforcement officials had greater ability to search the data for links to terrorists. Under the current agreement, for example, the United States government can maintain Passenger Name Record data on European flights for three and a half years. But it is limited in its ability to give the data to law enforcement agencies to conduct computerized searches. Those searches could include comparing the passenger data to addresses, telephone numbers or credit card records on file for known or suspected terrorists, Mr. Chertoff said. ?Ideally, I would like to know, did Mohamed Atta get his ticket paid on the same credit card,? Mr. Chertoff said, citing the lead hijacker of the 2001 plots. ?That would be a huge thing. And I really would like to know that in advance, because that would allow us to identify an unknown terrorist.? Paul Rosenzweig, a senior policy adviser at the Homeland Security department, said the use of the passenger data would be negotiated with European authorities. ?We are handcuffed in what we can do with it now,? he said. ?It would be a big step forward if we could identify ways in which we can use this information to enhance our ability to detect and prevent terrorism while at the same time remaining respectful and responsive to European concerns regarding privacy.? But the proposals to expand access to this data will be likely to spur objections. Graham Watson, the leader of the Liberal Democrat group in the European Parliament, said that given the previous opposition to the American use of the passenger record data, he expects the plan by Mr. Frattini will draw protests. ?I think that is unlikely to fly,? he said in an interview on Monday. The problem, Mr. Watson said, is not a lack of information, but the unwillingness of individual European states to share with other countries data on possible terrorists so that it can be effectively used to block their movement internationally. Mr. Stanley of the civil liberties union said that if Mr. Chertoff and Mr. Frattini continued in the direction they are headed, the government would soon be maintaining and routinely searching giant databases loaded with personal information on tens of millions of law-abiding Americans and foreigners. But Stephen A. Luckey, a retired Northwest Airlines pilot and aviation security consultant, said those efforts were an essential ingredient in a robust aviation security system. ?Even with the best technology in the world, we will never be able to separate the individual from the tools he needs to attack us,? said Mr. Luckey, who helped airlines in the United States develop a screening system for domestic passengers. ?You are not going to find them all. You have to look for the person with hostile intent.? From rforno at infowarrior.org Mon Aug 21 23:47:33 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Aug 2006 23:47:33 -0400 Subject: [Infowarrior] - A spy in your CD? Message-ID: A spy in your CD? http://www.newscientisttech.com/article.ns?id=dn9728&print=true 09:00 12 August 2006 A patent filed by Sony last week suggests it may once again be considering preventing consumers making "too many" back-up copies of its CDs. Such a move would be controversial. In November 2005 Sony was forced to withdraw anti-piracy software it had placed on its CDs to restrict the number of copies a buyer could make because it introduced security vulnerabilities to Windows operating systems. Sony's latest idea is to place a piece of monitoring hardware inside the CD. Its patent suggests embedding a radio-frequency ID chip that could be interrogated wirelessly by a PC or CD player. The chip would record the number of times the disc was copied and prevent further recordings once it reached the limit. The device could also be fitted to DVDs. Whether Sony will turn the patent idea into reality remains to be seen. From rforno at infowarrior.org Tue Aug 22 10:11:49 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Aug 2006 10:11:49 -0400 Subject: [Infowarrior] - Highway regulators: Car 'black boxes' can't be secret Message-ID: Highway regulators: Car 'black boxes' can't be secret By Reuters http://news.com.com/Highway+regulators+Car+black+boxes+cant+be+secret/2100-1 1389_3-6108126.html Story last modified Tue Aug 22 07:09:58 PDT 2006 The government will not require recorders in autos but said on Monday that carmakers must tell consumers when technology that tracks speed, braking and other measurements is in the new vehicles they buy. The National Highway Traffic Safety Administration regulation standardizes recorder content and sets guidelines for how the information should be disclosed. It also requires recorders to be more durable. Watched at the wheel Privacy experts complained that consumer interests are not fully protected and that information captured by recorders can be exploited. Safety experts, consumer groups and insurance companies have long pressed the agency to mandate recorders in cars, but industry has responded voluntarily in recent years. About two-thirds of the new vehicles now produced each year contain the device that is connected to air bag systems. General Motors equips all its vehicles with recorders, a company spokesman said. Regulators sought on Monday to set basic standards for their use, saying uniform safety data will help make future auto safety regulation more precise. Automakers have until Sept. 1, 2010, to comply with the notification and other requirements in the new regulation, if they choose to equip their vehicles with recorders. The rules governing auto recorders, which are similar to the "black boxes" that store information about mechanical flight systems on commercial airliners, are intended to give law enforcement, emergency medical personnel, auto companies and safety regulators a minimum set of mechanical measurements in the seconds leading up to and during a crash. Under the new rules, auto recorders must track vehicle speed, acceleration and deceleration, braking, steering and some air bag functions. In some cases, data on vehicle roll angle, steering inputs and passenger safety belt usage will be recorded. Privacy experts criticized the decision to use the owners' manual to notify consumers that the vehicle contains a recorder, arguing that many people do not look at it. They also raised concerns that data could be misused for legal or insurance purposes. "They basically punted on the privacy issues," Jay Stanley, a privacy expert at the American Civil Liberties Union, said of the NHTSA regulation. "This is a technology that is powerful and rapidly advancing, and we need to bring our laws up-to-date." Rae Tyson, a NHTSA spokesman, said the owner's manual is suitable for notifying consumers and stressed that recorder information is private property that cannot be downloaded without permission of the vehicle owner. Tyson said most privacy concerns should be addressed by the courts and Congress, not by NHTSA. Story Copyright ? 2006 Reuters Limited. All rights reserved. From rforno at infowarrior.org Tue Aug 22 17:30:14 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Aug 2006 17:30:14 -0400 Subject: [Infowarrior] - Qwest calls for mandatory data retention laws Message-ID: Qwest calls for mandatory data retention laws By Declan McCullagh http://news.com.com/Qwest+calls+for+mandatory+data+retention+laws/2100-1028_ 3-6108279.html Story last modified Tue Aug 22 13:46:11 PDT 2006 advertisement ASPEN, Colo.--Broadband company Qwest Communications International on Tuesday strongly endorsed federal legislation requiring Internet providers to keep records of their customers' behavior, a move that could accelerate efforts in Congress to enact new laws. Jennifer Mardosz, Qwest's corporate counsel and chief privacy officer, applauded efforts by politicians to force broadband providers to engage in so-called "data retention," which Attorney General Alberto Gonzales said will aid in investigations into terrorism and child exploitation. This appears to be the first time a broadband provider has called for data retention laws. "We support legislation related to data retention," Mardosz said at the Progress and Freedom Foundation's annual summit here. Mardosz said Qwest "absolutely" endorses a measure (click for PDF) proposed in April by Rep. Diana DeGette, a Colorado Democrat. In a public flip-flop, the Bush administration now is lobbying for data retention laws, even though it previously expressed "serious reservations about broad mandatory data retention regimes." Rep. Joe Barton, the influential chairman of the House Energy and Commerce Committee, has endorsed data retention and is expected to introduce a bill after the panel completes a series of hearings on child exploitation. "We support legislation," Mardosz said Tuesday. "We want to be at the table. We want to have these discussions. The main thing is what's reasonable and balancing the interests of privacy and law enforcement." Qwest already keeps logs for more than 99 percent of its services for one year, she said. This is an unusual stand for Qwest, which defended its customers' privacy rights when requiring the National Security Agency to obtain a court order to conduct electronic surveillance, according to a USA Today article in May. The Denver-based company has a market capitalization of $16.5 billion and says it has 784,000 wireless customers and 1.7 million DSL (digital subscriber line) customers. Privacy groups have strongly opposed mandatory data retention, and many Internet providers have been skeptical of new laws. The U.S. Internet Industry Association has said current proposals aren't "going about this the right way," and the Information Technology Association of America has raised "real reservations" about legislation. "Imposing broad data retention would be a significant change to U.S. law, especially when it has not been shown that a narrower data preservation approach will not work just as well," said Kate Dean, director of the U.S. Internet Service Provider Association. "The proposal to store enormous amounts of data on subscribers and keep it live for a lengthy period of time raises serious technical, legal and security concerns." (The association's members include AOL, AT&T, BellSouth, EarthLink and Verizon Communications.) Qwest's enthusiastic endorsement of mandatory data retention could make it politically easier for members of Congress to enact new laws even if other companies remain staunchly opposed. Details about the Bush administration's call for data retention remain ambiguous. At the very least, administration officials want to compel Internet providers to keep records of which Internet Protocol address a customer is assigned. But during private meetings with industry officials, FBI and Justice Department officials have cited the desirability of also forcing search engines to keep logs--a proposal that could gain additional law enforcement support after AOL showed how useful such records could be in investigations. Mardosz said that keeping records of what Web pages are visited (another possible option) would go too far. "If you get along the lines of content, there's going to be a lot pushback (and privacy concerns)," she said. "We don't want to go there." DeGette's proposed legislation says any Internet service that "enables users to access content" must permanently retain records that would permit police to identify each user. The records could only be discarded at least one year after the user's account was closed. Critics of DeGette's proposal have said that while the justification for Internet surveillance might be protecting children, the data would be accessible to any local or state law enforcement official investigating anything from drug possession to tax evasion. In addition, the one-year retention is a minimum; the Federal Communications Commission would receive the authority to require Internet companies to keep records "for not less than one year after a subscriber ceases to subscribe to such services." At the moment, Internet service providers typically discard any log file that's no longer required for business reasons such as network monitoring, fraud prevention or billing disputes. Companies do, however, alter that general rule when contacted by police performing an investigation--a practice called data preservation. Because Internet addresses remain a relatively scarce commodity, ISPs tend to allocate them to customers from a pool based on whether a computer is in use at the time. (Two standard techniques used are the Dynamic Host Configuration Protocol and Point-to-Point Protocol over Ethernet.) In addition, Internet providers are required by another federal law to report child pornography sightings to the National Center for Missing and Exploited Children, which is in turn charged with forwarding that report to the appropriate police agency. When adopting its data retention rules, the European Parliament approved U.K.-backed requirements saying that communications providers in its 25 member countries--several of which had enacted their own data retention laws already--must retain customer data for a minimum of six months and a maximum of two years. The Europe-wide requirement applies to a wide variety of "traffic" and "location" data, including the identities of the customers' correspondents; the date, time and duration of phone calls, voice over Internet Protocol calls or e-mail messages; and the location of the device used for the communications. But the "content" of the communications is not supposed to be retained. The rules are expected to take effect in 2008. Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Tue Aug 22 23:31:53 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Aug 2006 23:31:53 -0400 Subject: [Infowarrior] - Privacy Working Group RFP In-Reply-To: Message-ID: Lauren is one of those folks who is a thought leader in the realm of IT, security, policy, and related matters. Dare I say someone I respect and look up to myself. -rf http://lauren.vortex.com/archive/000188.html < - > The observant reader will note that despite the rising tide of concerns regarding search query privacy, the industry as a whole is still pretty much in a state of denial, made all the more confusing by various signals from the U.S. Department of Justice. This is turning into such a mess that it's becoming difficult to even keep the various participants and their positions completely clear. There is every reason to believe that without heroic action by the players involved, we may be heading toward a privacy, legislative, and judicial nightmare. But maybe there's a way out. < - > Therefore, I propose the formation of a high-level Internet working group/consortium dedicated specifically to the cooperative discussion of these issues and the formulation of possible policy and technology constructs that can be applied toward their amelioration. Such a working group would be as open as possible, though proprietary concerns would likely necessitate some closed aspects if progress is to be accelerated as much as possible. < - > http://lauren.vortex.com/archive/000188.html From rforno at infowarrior.org Wed Aug 23 22:21:28 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Aug 2006 22:21:28 -0400 Subject: [Infowarrior] - Qwest on data retention laws: Oops Message-ID: Qwest on data retention laws: Oops By Declan McCullagh http://news.com.com/Qwest+on+data+retention+laws+Oops/2100-1028_3-6108926.ht ml Story last modified Wed Aug 23 16:18:56 PDT 2006 Broadband provider Qwest Communications International said Wednesday that it made a mistake when one of its lawyers endorsed federal legislation requiring Internet providers to keep records of customers' behavior. Jennifer Mardosz, Qwest's corporate counsel and chief privacy officer, said in an interview with CNET News.com that she misspoke during a panel discussion organized by the Progress and Freedom Foundation in Aspen, Colo., the day before. "I just completely misspoke there," Mardosz said. During the panel discussion, she said Qwest "absolutely" supports House of Representatives legislation sponsored by Rep. Diana DeGette mandating data retention--a requirement that Attorney General Alberto Gonzales said will aid in terrorism and child exploitation investigations. "I associated (DeGette's) name with the female Colorado legislator that introduced the state legislation," Mardosz said. "That was just a pure and honest mistake that I made." Mardosz said that instead of embracing data retention legislation, Qwest was skeptical of mandates from Congress. "There is no need for it, because companies are already doing the right thing," she said. On Tuesday she said during the panel discussion: "We support legislation related to data retention." One industry source, who spoke on condition of anonymity because he was not authorized to speak to the press, said Qwest had backed the Colorado legislation earlier this year. The original version of the Colorado bill (click for PDF) required Internet providers to "maintain, for at least 180 days after assignment, a record of the Internet Protocol address" assigned to each customer. Violations could be punished by fines of up to $10,000 per incident. The language was subsequently changed. Qwest's revised position brings it in line with other telecommunications companies, which say they are already required by law to cooperate with criminal investigations and have been generally skeptical of broad, new mandates. The Denver-based company has a market capitalization of $16.5 billion and says it has 784,000 wireless customers and 1.7 million DSL (digital subscriber line) customers. DeGette's proposed legislation (click for PDF) says any Internet service that "enables users to access content" must permanently retain records that would permit police to identify each user. The records could not be discarded until at least one year after the user's account was closed. Rep. Joe Barton, the influential Republican chairman of the House Energy and Commerce Committee, has endorsed the concept of data retention and is expected to introduce a bill after the panel completes a series of hearings on child exploitation. From rforno at infowarrior.org Thu Aug 24 08:29:19 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Aug 2006 08:29:19 -0400 Subject: [Infowarrior] - Schneier on Terrorism (GOOD read) Message-ID: Refuse to be Terrorized http://www.wired.com/news/columns/1,71642-0.html By Bruce Schneier 02:00 AM Aug, 24, 2006 On Aug. 16, two men were escorted off a plane headed for Manchester, England, because some passengers thought they looked either Asian or Middle Eastern, might have been talking Arabic, wore leather jackets, and looked at their watches -- and the passengers refused to fly with them on board. The men were questioned for several hours and then released. On Aug. 15, an entire airport terminal was evacuated because someone's cosmetics triggered a false positive for explosives. The same day, a Muslim man was removed from an airplane in Denver for reciting prayers. The Transportation Security Administration decided that the flight crew overreacted, but he still had to spend the night in Denver before flying home the next day. The next day, a Port of Seattle terminal was evacuated because a couple of dogs gave a false alarm for explosives. On Aug. 19, a plane made an emergency landing in Tampa, Florida, after the crew became suspicious because two of the lavatory doors were locked. The plane was searched, but nothing was found. Meanwhile, a man who tampered with a bathroom smoke detector on a flight to San Antonio was cleared of terrorism, but only after having his house searched. On Aug. 16, a woman suffered a panic attack and became violent on a flight from London to Washington, so the plane was escorted to the Boston airport by fighter jets. "The woman was carrying hand cream and matches but was not a terrorist threat," said the TSA spokesman after the incident. And on Aug. 18, a plane flying from London to Egypt made an emergency landing in Italy when someone found a bomb threat scrawled on an air sickness bag. Nothing was found on the plane, and no one knows how long the note was on board. I'd like everyone to take a deep breath and listen for a minute. The point of terrorism is to cause terror, sometimes to further a political goal and sometimes out of sheer hatred. The people terrorists kill are not the targets; they are collateral damage. And blowing up planes, trains, markets or buses is not the goal; those are just tactics. The real targets of terrorism are the rest of us: the billions of us who are not killed but are terrorized because of the killing. The real point of terrorism is not the act itself, but our reaction to the act. And we're doing exactly what the terrorists want. We're all a little jumpy after the recent arrest of 23 terror suspects in Great Britain. The men were reportedly plotting a liquid-explosive attack on airplanes, and both the press and politicians have been trumpeting the story ever since. In truth, it's doubtful that their plan would have succeeded; chemists have been debunking the idea since it became public. Certainly the suspects were a long way off from trying: None had bought airline tickets, and some didn't even have passports. Regardless of the threat, from the would-be bombers' perspective, the explosives and planes were merely tactics. Their goal was to cause terror, and in that they've succeeded. Imagine for a moment what would have happened if they had blown up 10 planes. There would be canceled flights, chaos at airports, bans on carry-on luggage, world leaders talking tough new security measures, political posturing and all sorts of false alarms as jittery people panicked. To a lesser degree, that's basically what's happening right now. Our politicians help the terrorists every time they use fear as a campaign tactic. The press helps every time it writes scare stories about the plot and the threat. And if we're terrified, and we share that fear, we help. All of these actions intensify and repeat the terrorists' actions, and increase the effects of their terror. (I am not saying that the politicians and press are terrorists, or that they share any of the blame for terrorist attacks. I'm not that stupid. But the subject of terrorism is more complex than it appears, and understanding its various causes and effects are vital for understanding how to best deal with it.) The implausible plots and false alarms actually hurt us in two ways. Not only do they increase the level of fear, but they also waste time and resources that could be better spent fighting the real threats and increasing actual security. I'll bet the terrorists are laughing at us. Another thought experiment: Imagine for a moment that the British government arrested the 23 suspects without fanfare. Imagine that the TSA and its European counterparts didn't engage in pointless airline-security measures like banning liquids. And imagine that the press didn't write about it endlessly, and that the politicians didn't use the event to remind us all how scared we should be. If we'd reacted that way, then the terrorists would have truly failed. It's time we calm down and fight terror with antiterror. This does not mean that we simply roll over and accept terrorism. There are things our government can and should do to fight terrorism, most of them involving intelligence and investigation -- and not focusing on specific plots. But our job is to remain steadfast in the face of terror, to refuse to be terrorized. Our job is to not panic every time two Muslims stand together checking their watches. There are approximately 1 billion Muslims in the world, a large percentage of them not Arab, and about 320 million Arabs in the Middle East, the overwhelming majority of them not terrorists. Our job is to think critically and rationally, and to ignore the cacophony of other interests trying to use terrorism to advance political careers or increase a television show's viewership. The surest defense against terrorism is to refuse to be terrorized. Our job is to recognize that terrorism is just one of the risks we face, and not a particularly common one at that. And our job is to fight those politicians who use fear as an excuse to take away our liberties and promote security theater that wastes money and doesn't make us any safer. - - - Bruce Schneier is the CTO of Counterpane Internet Security and the author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World. From rforno at infowarrior.org Thu Aug 24 09:43:30 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Aug 2006 09:43:30 -0400 Subject: [Infowarrior] - OT: FDA Eases Limits on Plan B Sales Message-ID: FDA Eases Limits on Plan B Sales Aug 24, 9:15 AM (ET) By ANDREW BRIDGES WASHINGTON (AP) - Women may buy the morning-after pill without a prescription - but only with proof they're 18 or older, federal health officials ruled Thursday, capping a contentious 3-year effort to ease access to the emergency contraceptive. Girls 17 and younger still will need a doctor's note to buy the pills, called Plan B, the Food and Drug Administration told manufacturer Barr Pharmaceuticals Inc. (BRL) The compromise decision is a partial victory for women's advocacy and medical groups that say eliminating sales restrictions could cut in half the nation's 3 million annual unplanned pregnancies. < - > http://apnews.myway.com/article/20060824/D8JMQCPO0.html From rforno at infowarrior.org Thu Aug 24 10:43:40 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Aug 2006 10:43:40 -0400 Subject: [Infowarrior] - IAU: Pluto downgraded Message-ID: Pluto downgraded By Candace Lombardi http://news.com.com/Pluto+downgraded/2100-11397_3-6109092.html Story last modified Thu Aug 24 07:39:32 PDT 2006 Pluto has just been demoted. The 2006 International Astronomical Union (IAU) General Assembly voted Thursday in Prague that Pluto, formerly known as a planet, will now be considered a "dwarf planet." The eight planets of Mercury, Venus, Earth, Mars, Jupiter, Saturn, Uranus, and Neptune will be grouped as "classical planets." Pluto Members of the IAU, a community of astronomers from around the world, have been meeting since late last week to debate and vote on a series of resolutions that include definitions of solar system bodies. The IAU General Assembly is held every three years. This session, four terrestrial bodies in particular have been the focus of the debate, the most prominent being Pluto. Varying proposals from IAU members included referring to these smaller terrestrial bodies in different areas of the solar system as "planetoids" and "trans-Neptunian objects." Resolution 6A proposed referring to the smaller objects as "plutonian objects." Another resolution proposed the idea of a hierarchy of "planets," "dwarf planets," and "small solar system bodies," according to the IAU. Still others wanted to keep Pluto as a planet, but come up with alternatives for the other three. IUA President Ron Ekers and other members of the IUA board are expected to hold a press conference Thursday on the final outcome of all the resolution votes in Prague. From rforno at infowarrior.org Thu Aug 24 16:18:31 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Aug 2006 16:18:31 -0400 Subject: [Infowarrior] - Apple recalls 1.8m notebook batteries Message-ID: (the Apple website is WAY overloaded.....this MacNN piece has more info to tide us over for a while.......rf) Apple recalls 1.8m notebook batteries http://www.macnn.com/articles/06/08/24/apple.recalls.batteries/ Apple today in cooperation with the U.S. Consumer Product Safety Commission announced a voluntary recall of its rechargeable lithium-ion batteries with cells manufactured by Sony for certain iBook G4 and PowerBook G4 notebooks. The recalled batteries can overheat, according to Apple, posing a fire hazard to consumers. Apple said it has received nine reports of batteries overheating, including two reports of minor burns from handling overheated computers and other reports of minor property damage. Affected models include the 12-inch iBook G4, 12-inch PowerBook G4, and 15-inch PowerBook G4. Apple is instructing owners of these notebooks to remove the battery from the computer to view the model and serial numbers labeled on the bottom of the unit. Batteries that shipped with 12-inch iBook G4 laptops eligible for a free replacement under the recall display a model number of A1061, with serial numbers: ZZ338 through ZZ427, 3K429 through 3K611, and 6C510 through 6C626. 12-inch PowerBook G4 notebook owners eligible for a free replacement under the recall must possess a battery with model number A1079, displaying a serial number falling within ZZ411 through ZZ427 or 3K428 through 3K611. Batteries that shipped with 15-inch PowerBook G4 notebooks eligible for a free replacement under the recall display model numbers of A1078 and A1148, with serial numbers: 3K425 through 3K601, 6N530 through 6N551, and 6N601. Apple estimates roughly 1.1 million faulty battery packs were sold in the U.S., with another 700,000 sold outside the country. Recalled batteries were sold through Apple's online store, Apple retail stores nationwide, and Apple Authorized Resellers from October 2003 through August 2006 for between $900 and $2,300. Faulty batteries were also sold separately for about $130. Apple is suggesting users remove the recalled batteries and contact the company to arrange for a free replacement, free of charge. Users requiring the use of their systems are advised to plug their laptops into the AC adapter until a replacement battery arrives. Sony today announced that it supports Apple's decision to recall batteries manufactured by the company, and said it anticipates no further recalls of batteries using the particular battery cells currently responsible for Apple's recall. From rforno at infowarrior.org Fri Aug 25 15:21:11 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Aug 2006 15:21:11 -0400 Subject: [Infowarrior] - NTIA COOP Summit Message-ID: http://cryptome.org/ntia082506.htm 25 August 2006 ----------------------------------------------------------------------- [Federal Register: August 25, 2006 (Volume 71, Number 165)] [Notices] [Page 50390] >From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr25au06-38] ----------------------------------------------------------------------- DEPARTMENT OF COMMERCE National Telecommunications and Information Administration Notice: Continuity of Business (via satellite) Summit AGENCY: National Telecommunications and Information Administration (NTIA), U.S. Department of Commerce. ACTION: Notice of Public Meeting. ----------------------------------------------------------------------- SUMMARY: NTIA will co-sponsor a conference entitled ``Continuity of Business (via satellite) Summit: Acquiring Robust Communications Capability to Prepare for Natural and Man-Made Disasters'' with the Satellite Industry Association and the U.S. Chamber of Commerce. The agenda will focus on the importance of satellite communications for the continuity of business which may be interrupted during a natural disaster, cyber attack, or other terrorist action. DATES: The Continuity of Business (via satellite) Summit will take place Thursday, September 21, 2006, 9:00 AM to noon. ADDRESSES: The public meeting will be held at the U.S. Chamber of Commerce, 1615 H Street, N.W., Washington, DC 20062-2000. FOR FURTHER INFORMATION CONTACT: Persons interested in attending the Continuity of Business (via Satellite) Summit should contact Helen Shaw, Critical Infrastructure Protection Program, Office of the Assistant Secretary, National Telecommunications and Information Administration, 1401 Constitution Avenue, N.W., Room 7846, Washington, DC, 20230; by facsimile transmission to (202) 482-1189; or by electronic mail to hshaw at ntia.doc.gov. Information for the Summit is also available through the U.S. Chamber of Commerce at http://www.uschamber.com. SUPPLEMENTARY INFORMATION: Background. Recent world events, such as the massive hurricanes in the Southern United States, and terrorist actions, such as the bombing of the World Trade Centers, and the potentiality of such events occurring in the future, such as cyber attacks, have demonstrated the need for additional communications channels to prevent communications outages among our nation's businesses and industry. Each of these events, both natural and man- caused, has the potential to interrupt communications costing businesses millions of dollars in lost sales and productivity. For these reasons, a national level discussion addressing additional communications channels is both timely and essential to our nation's economic security and viability. The Department of Commerce has the lead responsibility for the ``economic security'' component of critical infrastructure protection, and coordinates these efforts with the Department of Homeland Security (DHS), Department of the Treasury and the Federal Trade Commission (FTC). Acting on behalf of the Department of Commerce, NTIA addresses continuity-of-business/disaster recovery efforts of companies that complement critical infrastructure companies, which are vital to the economy and orderly functioning of society. The focus on continuity of business and disaster recovery communications is based on the premise that wireline, wireless and Internet (including Virtual Private Network (VPN)) capabilities might fail or become saturated as a result of a physical or cyber attack. In such emergency situations, it will be necessary to make use of additional communications capability (e.g., satellite links or HF point-to-point and broadcast transmissions). The Summit will provide a forum primarily for industry representatives to discuss issues related to continuity of business and disaster recovery - such as estimates of current/projected ``take-up'' costs and the ``business case'' for investing in additional communications, incentives, identification of leaders (e.g., companies and associations), and approaches to education and awareness. The government's role will support education and awareness rather than fund this private sector-led effort. Public Participation: The meeting will be open to the public and press on a first-come, first- served basis. Space is limited. The public meeting is physically accessible to people with disabilities. Individuals requiring special services, such as sign language interpretation or other ancillary aids are asked to indicate this to Ms. Shaw at least five (5) days prior to the meeting. The Summit will be webcast. Webcast information and the meeting agenda and a list of speakers will be posted on NTIA's website, http://www.ntia.doc.gov, the U.S. Chamber of Commerce's website, http://www.uschamber.com, and the Satellite Industry Association's website, http://www.sia.org, one week prior to the meeting. Dated: August 22, 2006. Kathy D. Smith, Chief Counsel, National Telecommunications and Information Administration. [FR Doc. E6-14121 Filed 8-24-06; 8:45 am] BILLING CODE 3510-60-S From rforno at infowarrior.org Fri Aug 25 22:49:25 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Aug 2006 22:49:25 -0400 Subject: [Infowarrior] - Windows Media DRM Apparently Cracked, And No One Cares Message-ID: (Obviously, if you Google the file you can find it pretty quickly ......duh! -rf) Windows Media DRM Apparently Cracked, And No One Cares http://blogs.law.harvard.edu/cmusings/2006/08/25#a1889 Windows Media DRM has apparently been compromised. Reader Frank Payne pointed me towards a program called FairUse4WM that decrypts Windows Media files. I had heard of a similar program recently called drmdbg. I cannot confirm how and the extent to which these function, including incompatibilities with certain software setups. I also can't tell how new these tools are -- I found posts about drmdbg from over a year ago, but only news in the last few months about FairUse4WM. Regardless, the tools apparently are ways around the DRM for WMA and WMV, including Janus DRM. While interesting news, it's rather irrelevant to online media services using WM DRM. Most users won't care about these decryption tools, not because the DRM is "consumer-friendly," but rather because there are already readily-accessible alternatives to acquire unencrypted copies and thus get around the DRM's unfriendly limits. About a year ago, I reported on the development of a work-around for pre-Janus WMA DRM. To my knowledge, this development never produced a working crack, and, given how readily other DRM systems like CSS have been circumvented, that may be surprising to some. One might wonder why it took so long for a decryption utility to become widely-available. The most plausible answer is that the online music DRM is so easy to get around that essentially no one gives a damn about actually circumventing it. If iTunes or Napster Light users want to make a use that the DRM prohibits, he or she can burn the song to CD and rip, use the analog hole, or get on a P2P network. All three are trivially easy ways to get an unencrypted copy and make circumvention practically unnecessary. The subset of users unable or unwilling to perform these steps is, I suspect, an incredibly low percentage of the whole userbase. (Which is not to say that the DRM causes no outrage or damage among users. That small subset of users is unfortunately prevented from making many non-infringing uses of purchased music, while the DRM does nothing to prevent "Internet piracy.") This answer is a lot more compelling, I think, than believing that the online music DRM was particularly well-designed and difficult to beat in the face of the DMCA. But my answer prompts another question: why would these WM tools come out at all, and why now? I can think of two main responses. First, people might still have wanted to create these tools for fun. Sure, few would have a practical use for them, but that discourage everyone. The alternative avenues for DRM evasion merely meant there was less incentive to work on a decryption tool and thus less people developing one -- less, but not zero. Second, the recent though meager growth of Movielink, Cinemanow, Rhapsody Unlimited, Rhapsody-to-Go, and similar services created a matching recent though proportionately meager increase in incentives to create decryption tools. All the content on those services remains readily-accessible on P2P. But burning and re-ripping is not possible, and, for movies, using the analog hole is a little bit more difficult. So, with those alternative avenues slightly cut off, that was enough to kickstart a little renewed interest in creating an actual decryption tool. That's my speculation. Again, this doesn't really affect the argument over whether DRM+DMCA can achieve their intended purpose of stopping "Internet piracy" -- they don't and can't, as I addressed at length in recent posts. But that would have been true had these tools never been created. Update, 11:23 AM Friday: Endadget has screenshots and apparently successfully tried this tool. See: http://www.engadget.com/2006/08/25/fairuse4wm-strips-windows-media-drm/ From rforno at infowarrior.org Sat Aug 26 11:32:25 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Aug 2006 11:32:25 -0400 Subject: [Infowarrior] - FW: Checked luggage strains security In-Reply-To: Message-ID: (c/o MS) Checked luggage strains security Updated 8/24/2006 10:44 AM ET By Thomas Frank, USA TODAY Air travelers are checking an unprecedented amount of luggage after the recent disclosure of an alleged terrorist plot, an onslaught that threatens to overwhelm bomb detectors and create security gaps, the nation's aviation-security chief said Wednesday. In an interview with USA TODAY, Transportation Security Administration head Kip Hawley said there has been a 20% surge in checked luggage at U.S. airports since liquids were banned from carry-on bags Aug. 10. Domestic passengers usually check almost 1 billion bags each year, according to the Air Transport Association, an airline trade group. The increase means that the nation's security screeners are handling more than half a million additional checked bags each day. The sudden increase "puts on a strain that could result in some vulnerabilities," Hawley said. The system that screens all checked luggage for bombs "is being stressed," he said. ... http://www.usatoday.com/news/nation/2006-08-23-checked-baggage_x.htm ------ End of Forwarded Message From rforno at infowarrior.org Sat Aug 26 11:36:43 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Aug 2006 11:36:43 -0400 Subject: [Infowarrior] - Windows Vista the last of its kind Message-ID: 25 August 2006 Windows Vista the last of its kind By Matthew Broersma, Techworld http://www.techworld.com/news/index.cfm?RSS&NewsID=6718 Vista will be the last version of Windows that exists in its current, monolithic form, according to Gartner. Instead, the research firm predicts, Microsoft will be forced to migrate Windows to a modular architecture tied together through hardware-supported virtualisation. "The current, integrated architecture of Microsoft Windows is unsustainable - for enterprises and for Microsoft," wrote Gartner analysts Brian Gammage, Michael Silver and David Mitchell Smith. The problem is that the operating system's increasing complexity is making it ever more difficult for enterprises to implement migrations, and impossible for Microsoft to release regular updates. This, in turn, stands in the way of Microsoft's efforts to push companies to subscription licensing. The answer, according to Gartner, is virtualisation, which is built into newer chips from Intel and AMD, and has become mainstream for x86 servers through the efforts of VMware. "Once Windows includes virtualisation at its core, we expect OS development to change direction from integration to modularisation," the analysts wrote. Virtualisation is best known as a way of running multiple server instances on a single hardware platform, but it can also be used to run individual operating system functions or applications. The technique isolates the various components from one another, making them easier to manage. Gartner believes Microsoft will use virtualisation to divide the Windows client into a "service partition", controlling system functions such as management and security, and one or more application partitions. Such a path is already being followed in the x86 server world, Gartner said. "The combination of the service partition and the ability to deliver horizontal functions in software appliances provides the key for unbundling the Windows OS," the analysts wrote. Such an architecture would allow Microsoft to make major development changes to Windows without worrying about disrupting dependencies across the entire operating system. This, in turn, would mean the company could release regular updates, and would make backward compatibility easier. Next-generation Windows-based partitions "could run in parallel to partitions running kernels with the Vista/NT code base," wrote Gammage, Silver and Smith. They said Microsoft doesn't agree with this vision, saying it's identified problems with integrating data across partitions and creating a consistent user experience. "However, we regard these concerns as only partially founded, and anticipate a key role for virtualisation in the required unbundling of the Windows OS," the analysts said. Gartner expects a significant update to Vista in late 2008 or 2009 that will add virtualisation (in the form of a component called a hypervisor) and a service partition. The hypervisor will allow more frequent updates, and will make the Software Assurance subscription scheme effectively mandatory for Windows from around 2010, Gartner said. To date, Microsoft's main effort to simplify Windows development, in 2004, was to rebuild Windows into a stack of more than 50 layers, Gartner said. "Upper layers could have dependencies on lower layers, but lower layers could not be dependent on upper ones," the analysts wrote. "This would allow it to lockdown lower layers when complete and worry less about compatibility changes as it worked up the stack." But this redesign is not enough to ease Microsoft's ongoing development and delivery problems, or the deployment difficulties of enterprises, Gartner said. From rforno at infowarrior.org Sat Aug 26 11:41:15 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Aug 2006 11:41:15 -0400 Subject: [Infowarrior] - Airline may restrict use of Apple notebooks Message-ID: Airline may restrict use of Apple notebooks By AppleInsider Staff Published: 04:45 PM EST http://www.appleinsider.com/article.php?id=1994 The world's leading long distance airline is seeking advice on whether it should place restrictions on the use of Apple notebooks on its aircraft, following the Mac maker's a recall of 1.8 million notebook batteries on Thursday. A spokesperson for Australia-based Qantas airline told APC that the company was seeking further information on the precise risk posed by the batteries in Apple PowerBooks and iBooks, and whether they posed the same risk as Dell's recently recalled 4.1 million batteries. "We have put limitations on Dell computers and at this stage we are awaiting further information from Apple," said the spokesman. Apple's product recall affects only batteries that are compatible with discontinued notebook models, specifically the iBook G4 and PowerBook G4. However, as noted by APC, owners of the company?s new MacBook Pro notebooks may face opposition from Qantas flight attendants if restrictions are passed; the MacBook Pro looks almost identical to the PowerBook G4. Yesterday, Qantas said that Dell notebook users could only use their laptop on a plane on battery power, or with the battery removed and the unit plugged into the power outlet. Apple's recall of 1.8 million notebook batteries is the second largest in consumer electronics history, behind only Dell's. From rforno at infowarrior.org Sat Aug 26 16:50:44 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Aug 2006 16:50:44 -0400 Subject: [Infowarrior] - FW: Wear the wrong t-shirt, be prevented from flying In-Reply-To: <20060826162211.GA5784@gsp.org> Message-ID: ------ Forwarded Message From: Rich K Democracy Now! Iraqi Peace Activist Forced to Change T-Shirt http://www.democracynow.org/article.pl?sid=06/08/21/1348224#transcript and one observer's response, the "I Am Not A Terrorist" t-shirt: I Am Not A Terrorist http://itsnotallbad.com/iamnotaterrorist/ From rforno at infowarrior.org Sun Aug 27 11:05:29 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Aug 2006 11:05:29 -0400 Subject: [Infowarrior] - Activist's Remark Starts FBI Probe Message-ID: (c/o GR) Activist's Remark Starts FBI Probe By JIM SUHR The Associated Press Saturday, August 26, 2006; 9:39 PM ST. LOUIS -- Jim Bensman thought his suggestion during a public hearing was harmless enough: Instead of building a channel so migratory fish could go around a dam on the Mississippi River, just get rid of the dam. Instead, the environmental activist found himself in hot water, drawing FBI scrutiny to see whether he had any terrorist intentions. The case "shows just how easy it is to be labeled a suspected terrorist," he says. < - > http://www.washingtonpost.com/wp-dyn/content/article/2006/08/26/AR2006082600 370_pf.html From rforno at infowarrior.org Sun Aug 27 11:29:14 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Aug 2006 11:29:14 -0400 Subject: [Infowarrior] - FW: Man gets 3 years for 'botnet' attack In-Reply-To: <3.0.5.32.20060827000807.00c26ca8@pop.fuse.net> Message-ID: (c/o DK) http://news.yahoo.com/s/ap/20060826/ap_on_hi_te/hospital_computer_attack Man gets 3 years for 'botnet' attack Sat Aug 26, 1:40 AM ET SEATTLE - A man was sentenced to three years in prison Friday for launching a computer attack that hit tens of thousands of computers, including some belonging to the Department of Defense, a Seattle hospital and a California school district. Christopher Maxwell, 21, of Vacaville, Calif., was also sentenced to three years of supervised release. He pleaded guilty in May to federal charges of conspiracy to intentionally cause damage to a protected computer and conspiracy to commit computer fraud. U.S. District Judge Marsha J. Pechman said the crime showed "incredible self-centeredness" with little regard for the impact on others. She said the prison time was needed as "deterrence for all those youth out there who are squirreled away in their basements hacking." Defense attorney Steve Bauer had sought probation and community service, noting his client had no prior criminal record and saying Maxwell did not intend his robot virus program to spread as far as it did. Maxwell and two juvenile co-conspirators were accused of using "botnet" attacks ? programs that let hackers infect and control a computer network ? to install unwanted Internet advertising software, a job that earned them about $100,000. Three victims testified at Maxwell's sentencing: a representative of Seattle's Northwest Hospital, damaged in February 2005; a representative of the U.S. Defense Department, which reported damage to hundreds of computers worldwide in 2004 and 2005; and a former system administrator for the Colton Unified School District in California, where more than 1,000 computers were damaged over several months in 2005. ------ End of Forwarded Message From rforno at infowarrior.org Sun Aug 27 14:21:50 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Aug 2006 14:21:50 -0400 Subject: [Infowarrior] - TPRC Conference, September 29-October 1, Arlington, VA In-Reply-To: <7.0.1.0.0.20060826083850.02364148@scottmarcus.com> Message-ID: 34th Annual Research Conference on Communication, Information and Internet Policy (TPRC) September 29, 30 and October 1 George Mason University School of Law, Arlington, Virginia Industry, government and academia gather to participate in over 100 paper sessions presented by experts in various areas of the industry. Six provocative panels and keynote addresses by Commissioner Tate, FCC, David Farber, CMU, and David Clark, MIT add to the program offering as well as significant networking time. Early bird registration ends August 31st. View the entire program and registration information on our web site, www.tprc.org ; or contact info at tprc.org for further information From rforno at infowarrior.org Sun Aug 27 23:51:51 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Aug 2006 23:51:51 -0400 Subject: [Infowarrior] - Jaguar Supercomputer Surpasses 50 Teraflops Message-ID: Jaguar Supercomputer Surpasses 50 Teraflops Avatar03:25 PM, August 26th 2006 http://tinyurl.com/jwqr3 An upgrade to the Cray XT3 supercomputer at Oak Ridge National Laboratory has increased the system?s computing power to 54 teraflops, or 54 trillion mathematical calculations per second, making the Cray among the most powerful open scientific systems in the world. The computer, dubbed Jaguar, is the largest in the Department of Energy?s Office of Science and is the major computing resource for DOE?s Innovative and Novel Computational Impact on Theory and Experiment, or INCITE, program. The system is available to all scientific researchers and research organizations, including industry, through an annual call for proposals. Three of the four companies -- Boeing, DreamWorks Animation and General Atomics -- awarded INCITE grants for 2006 are doing their work at ORNL. "With the expansion of the leadership computing resources at Oak Ridge, the Department of Energy is continuing to deliver state-of-the-art computational platforms for open, high-impact scientific research," said Michael Strayer, director of DOE's Office of Advanced Scientific Computing Research. "The expanded system will be instrumental in addressing some of the most challenging scientific problems in areas such as climate modeling, materials science, fusion energy and combustion." The upgrade involved replacing all 5,212 processors with Cray?s latest dual-core processors, doubling the memory and adding additional interconnect cables to double the bisection bandwidth. The Jaguar now features more than 10,400 processing cores and 21 terabytes of memory. The upgraded Cray XT3 has passed ORNL?s acceptance tests. ?The XT3 is a remarkable system for scientific calculations, and the upgrade of all system components maintains the balance of the machine while doubling the performance,? said ORNL?s Thomas Zacharia, associate laboratory director. ORNL?s Buddy Bland, project director for the Leadership Computing Facility, noted that the upgrade went smoothly and on schedule, ?continuing Cray?s record of delivering major systems on time.? DOE?s Leadership Computing Facility is on a path to exceed 100 teraflops by the end of this year and to reach a petaflop, or 1 quadrillion mathematical calculations per second, by 2009. ?This represents a key milestone in our adaptive supercomputing vision as well as a demonstration of our partnership with Oak Ridge National Lab aimed at delivering a series of increasingly powerful productive supercomputers, including a system that crosses the petaflop barrier,? said Peter Ungaro, Cray chief executive officer and president. ?The powerful combination of Cray supercomputers and the technical expertise at ORNL is destined to result in significant breakthroughs in real-world scientific and engineering problems that will ultimately have a major impact on society.? From rforno at infowarrior.org Mon Aug 28 09:20:20 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Aug 2006 09:20:20 -0400 Subject: [Infowarrior] - 2006 Stupid Security Competition Message-ID: PI announces the 2006 Stupid Security Competition 21/08/2006 STUPID SECURITY AWARDS http://www.privacyinternational.org/article.shtml?cmd[347]=x-347-541996 We've all been there. Standing for ages in a security line at an inconsequential office building only to be given a security pass that a high school student could have faked. Or being forced to produce photo ID for even the most innocent activity. If you thought after Enron that the accountancy profession was bad news, just wait till you hear how terrible the security industry has become. Even before the recent "liquid bomb" scare a whole army of bumbling amateurs has taken it upon themselves to figure out pointless, annoying, intrusive, illusory and just plain stupid measures to "protect" our security. Stupid security has become a global menace. From the airport that this month emptied out a full plane because a passenger was drinking from a lemonade bottle, to the British schools that fingerprint their children to ?stop? the theft of library books, to the airline company that refused to allow passengers to bring books or magazines onto the plane, the world has become infested with bumptious administrators competing to hinder or harass us - and often for no good reason whatever. The sensitive and sensible folk at Privacy International have endured enough of this treatment. So we are running an international competition to discover the world's most pointless, intrusive, stupid and self-serving security measures. The "Stupid Security Awards" aim to highlight the absurdities of the security industry. Privacy International?s director, Simon Davies, said his group had taken the initiative because of ?innumerable? security initiatives around the world that had absolutely no genuine security benefit. The awards were first staged in 2003 and attracted over 5,000 nominations. This will be the second competition in the series. "The situation has become ridiculous" said Mr Davies. "Security has become the smokescreen for incompetent and robotic managers the world over". Unworkable security practices and illusory security measures do nothing to help issues of real public concern. They only hinder the public, intrude unnecessary into our private lives and often reduce us to the status of cattle. The airline industry is the most prominent offender, but it is not alone. Consider the UK rail company that banned train-spotters on the grounds of security (e.g. see this article(external). Or the security desk of a US office building that complained because paramedics rushing to attend a heart-attack victim had failed to sign-in. Or the metro company that installed a $20,000 biological weapons/gas detector and placed it openly next to a power plug so terrorists could conveniently unplug the device. Privacy International is calling for nominations to name and shame the worst offenders. The competition closes on October 31st 2006. The award categories are: * Most Egregiously Stupid Award * Most Inexplicably Stupid Award * Most Annoyingly Stupid Award * Most Flagrantly Intrusive Award * Most Stupidly Counter Productive Award The competition will be judged by an international panel of well-known security experts, public policy specialists, privacy advocates and journalists. The competition is open to anyone from any country. Nominations can be sent to stupidsecurity at privacy.org. Details of previous award winners can be found below, or at http://www.privacyinternational.org/ssa2003winners. From rforno at infowarrior.org Mon Aug 28 12:17:00 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Aug 2006 12:17:00 -0400 Subject: [Infowarrior] - Flying the paranoid skies Message-ID: Flying the paranoid skies When an iPod fell into a toilet on my flight to Ottawa this week, authorities took no chances with such a perilous situation http://www.canada.com/ottawacitizen/news/opinion/story.html?id=1c0072fe-4d9 8-44e4-8414-652f83e27868 Amy Knight Citizen Special Friday, August 18, 2006 When the pilot on my Ottawa-bound United flight from Chicago last Tuesday came on the intercom to report a problem, I felt a trickle of panic, even though he assured us that there was no cause for alarm. They had discovered, he said awkwardly, an object on the plane that should not be there. He had notified the authorities at Ottawa airport, and they would handle the problem upon our arrival. A few nervous minutes later, at around 4 p.m., we landed and taxied to a desolate spot far from the terminal. I and my fellow passengers (close to 50 of us) expected to see emergency vehicles waiting and a crew of people to rush us off the plane before this "object" exploded. No such luck. We were greeted by an eerie silence, a silence that lasted almost 40 minutes until a bus finally pulled up near our plane. Perplexed and confused, we were ordered to disembark and told that we could bring nothing with us, not even our passports. (Apparently this order was a mistake because we were expected later to have our identifying documents with us.) Grim-faced police officers with guns stared at us with accusing glances as we staggered down the steps. I felt the impulse to put my hands up. What had we done wrong? Were we suspected of terrorism? We were transported to a large garage, filled with armed police, on the airport complex and told that we had a long wait ahead of us. This turned out to be true. It would be four hours from our arrival at Ottawa before we were finally released. Meanwhile, the word had gotten out. The "object" that had caused all this panic was an iPod that slipped off the belt of a young man (who looked to be about 18) when he was using the bathroom. It landed in the toilet. Knowing that his iPod was ruined and apparently reluctant to put his hands in the toilet, the young man tried unsuccessfully to flush it away and returned to his seat. When another passenger saw the iPod and mentioned it to the flight attendant, she immediately told the captain, who then notified Ottawa airport authorities. Once the young man realized that his unflushed iPod was causing such concern he went up to the attendant and told her what had happened. But it was too late. The call to Ottawa airport had set a process in motion that could not be stopped. The Ottawa police, who were in charge of Operation iPod, had a protocol to follow and they were not to be deterred. We were ordered to stand in line to be questioned by police and immigration officers, a process that, complicated by the lack of identifying documents, seemed endless. When a few us of grumbled, a policeman shouted out to us that ours was a serious situation and might somehow be connected to an explosives scare that had just occurred on a Los Angeles-bound plane. As in our case, the cause of the Los Angeles airport scare turned out to be a completely harmless item -- a toy found by a flight attendant on an Alaska Airlines plane that none of the passengers claimed. But, in contrast to our situation, the passengers at LAX were evacuated from the airplane immediately upon landing. It was a good thing that the object of concern at Ottawa airport was only a drenched iPod and not an explosive that could have blown up the plane on the tarmac. The suspicious item apparently remained on board until after the police had finished interrogating the hapless iPod owner and various other passengers who had in some way implicated themselves in the incident. Meanwhile, we were ordered, one by one, back on the bus to await our fate. The stress started to take its toll. One young woman, pregnant with her first child, burst into tears. She had travelled a long way for a family reunion and now she was missing the whole thing. A two-year-old girl, who had been delightfully cheerful and well behaved throughout the ordeal, fell from her seat and hit her head so badly she had to be examined by paramedics. People who had missed flights going out of Ottawa were wondering where they were going to spend the night. Others worried about family and friends who had been waiting for them at the terminal for hours. Finally, at 8 p.m., after being given our belongings from the plane's cabin, we were bussed, exhausted and shaken, to the terminal to collect our baggage and proceed through customs. Someone on the bus muttered "Well, I guess they had no choice but to play it safe." I found myself wondering whether "playing it safe" in dealing with airplane incidents is not being taken too far. And if, in the end, such responses to inevitable lapses on the part of the passengers (a dropped iPod, a forgotten toy or cellphone) are not doing us more harm than good. Even if we forget about the stress and discomfort caused to passengers, inflexible overreactions to airplane "incidents" are a drain of money and resources, which might better be spent on figuring out ways to deal more effectively and consistently with real threats to our security. Judging from my experience last Tuesday, there is a lot of room for improvement in the system of airport emergency response. Former Carleton professor Amy Knight is the author of How the Cold War Began. She now lives in Switzerland. ? The Ottawa Citizen 2006 From rforno at infowarrior.org Mon Aug 28 12:18:32 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Aug 2006 12:18:32 -0400 Subject: [Infowarrior] - DHS hits parody site for "trademark" infringement Message-ID: I recently received a letter from the Department of Homeland Security at work asking us to change the graphics on our website ReallyReady.org. They believe we have infringed on their ?intellectual property? because we used logos and graphics that were similar to those used on their site. (That was part of the point we were making) Their complaint was specifically that we were using the grey word ?ready? with a green checkmark over it. I am totally serious. That is what they spend their time on. One year after Katrina and they still don?t have a quality emergency preparedness website for the public, but have time to quibble over who used their check mark and the word ?ready.? < - > http://sexdrugsanddna.com/blog/?p=90 From rforno at infowarrior.org Tue Aug 29 08:40:35 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Aug 2006 08:40:35 -0400 Subject: [Infowarrior] - NYT Withholds Web Article in Britain Message-ID: Times Withholds Web Article in Britain By TOM ZELLER Jr. http://www.nytimes.com/2006/08/29/business/media/29times.html?ei=5090&en=d2e b8d24ef801b5f&ex=1314504000&partner=rssuserland&emc=rss&pagewanted=print If Web readers in Britain were intrigued by the headline ?Details Emerge in British Terror Case,? which sat on top of The New York Times?s home page much of yesterday, they would have been disappointed with a click. ?On advice of legal counsel, this article is unavailable to readers of nytimes.com in Britain,? is the message they would have seen. ?This arises from the requirement in British law that prohibits publication of prejudicial information about the defendants prior to trial.? In adapting technology intended for targeted advertising to keep the article out of Britain, The Times addressed one of the concerns of news organizations publishing online: how to avoid running afoul of local publishing laws. ?I think we have to take every case on its own facts,? said George Freeman, vice president and assistant general counsel of The New York Times Company. ?But we?re dealing with a country that, while it doesn?t have a First Amendment, it does have a free press, and it?s our position it that we ought to respect that country?s laws.? Jonathan Zittrain, a professor of Internet governance and regulation at Oxford University, said restricting information fit with trends across the Internet. ?There?s a been a sense that technology can create a form of geographic zoning on the Internet for many years now ? that they might not be 100 percent effective, but effective enough,? Mr. Zittrain said. ?And there?s even a sense that international courts might be willing to take into account these efforts. Plans were made at The Times over the weekend to withhold print versions of the article in Britain, as well as news agency and archived versions. But the issue of the Web was more complicated. Richard J. Meislin, the paper?s associate managing editor for Internet publishing, said the technological hurdle was surmounted by using some of The Times?s Web advertising technology. The paper could already discern the Internet address of users connecting to the site to deliver targeted marketing, and could therefore deliver targeted editorial content as well. That took several hours of programming. ?It?s never a happy choice to deny any reader a story,? said Jill Abramson, a managing editor at The Times. ?But this was preferable to not having it on the Web at all.? From rforno at infowarrior.org Tue Aug 29 10:09:27 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Aug 2006 10:09:27 -0400 Subject: [Infowarrior] - Rumsfeld: Terrorists Manipulating Media Message-ID: Earth to Rumsfeld, like it or not, information operations works both ways.........rf Rumsfeld: Terrorists Manipulating Media FALLON NAVAL AIR STATION, Nev. (AP) -- Defense Secretary Donald H. Rumsfeld said Monday he is deeply troubled by the success of terrorist groups in "manipulating the media" to influence Westerners. < - > http://tinyurl.com/lywrq From rforno at infowarrior.org Tue Aug 29 13:06:48 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Aug 2006 13:06:48 -0400 Subject: [Infowarrior] - Workshop on War & Terrorism, Church Center United Nations In-Reply-To: <000e01c6cb8d$0cde99a0$6500a8c0@cousy> Message-ID: INTERNATIONAL SCHOOL FOR MENTAL HEALTH PRACTITIONERS Presents A Workshop with Richard A. Koenigsberg, PhD SOMETHING TO KILL AND DIE FOR: The Psychology of War and Terrorism Date: Thursday, November 9, 2006 Time: 10 am - 2 pm (recess: 12 - 1 pm) Location: Church Center for the United Nations 777 United Nations Plaza (44th St. & First Avenue-across the street from the United Nations) 12th Floor New York, NY 10017 Cost: $70 CE Credits: 3.0 Contact: Orion Anderson: 718-393-1104 Registration: Please click here for further information. Seating is limited. Please register now. Sponsored by: INTERNATIONAL SCHOOL FOR MENTAL HEALTH PRACTITIONERS. ISMHP is approved by the American Psychological Association to offer continuing education for psychologists. ISMHP maintains responsibility for the program: His Excellency, Ambassador Anthony DeLuca, Ph.D., Dean ISMHP. Under the auspices of Syrian Orthodox Church in America, associated with the Department of Public Information of the United Nations. Please CLICK HERE for further information and to register for the Presentation and Workshop "Something to Kill and Die For" with Richard A. Koenigsberg, PhD _____ Workshop Description: What are the causes of collective political violence? What events or motivations bring religious and political leaders-and the people they represent-to give over lives and resources to armed conflict? What justifies the sacrifices made in war and terrorism? In 1994, Dick Cheney appeared on "Meet the Press" and stated that Haiti was "not worth American lives." Senator Glenn suggested that the case for intervention could not pass the "Dover Test"-the televised return of body bags. In the twenty years since Viet Nam, only about 400 U. S. soldiers had been killed in action. For a time, it seemed that the grand narrative of warfare had lost its appeal. Then, the events of September 11th, 2001 changed everything. The United States responded-not only to the actions of the terrorists, but to the taunting words of Bin Laden, who addressed Americans declaring: "Your most disgraceful case was in Somalia. When tens of your soldiers were killed in minor battles and one American pilot was dragged through in the streets of Mogadishu you left the area carrying disappointment, humiliation, defeat and your dead with you. The extent of your impotence and weaknesses became very clear." The subsequent American response to Bin Laden's provocation served to demonstrate-in no uncertain terms-that the United States was not weak; that Americans too possessed ideals and strength of conviction for which they were willing to kill and die. We now find ourselves-again-in the midst of a world of political violence-a world that we seemed to be on the verge of leaving behind. Were the events of September 11, 2001 responsible for the world-wide struggle in which we now find ourselves? Or is a deeper psychology at work, driving people on all sides of the conflict to seek out "something to kill and die for?" John Lennon asked people to imagine a world with "nothing to kill or die for." Post-modernism proposed the "death of grand narratives," while multiculturalism and globalization articulated the desire to abandon rigid boundaries. Now we seem to have returned to the bipolar, cold-war narrative of a global clash between antagonistic ideologies. Using case studies from history-as well as contemporary examples-this workshop will explore the dynamics of collective forms of violence such as terrorism and war; the motives that generate killing and dying in the name of religious and national ideals. Please CLICK HERE for further information and to register for the Presentation and Workshop "Something to Kill and Die For" with Richard A. Koenigsberg, PhD _____ Who Should Attend: Teachers, students and practitioners from the disciplines of psychology, psychiatry, psychoanalysis, anthropology, sociology, political science, international relations and diplomacy. Scholars and students focusing on the topics of conflict resolution, peace and war studies, militarism, nationalism, ethnic conflict, political psychology, and terrorism; journalists wishing to explore the deeper roots of today's conflicts; and the educated layperson seeking to comprehend the sources of collective forms of violence in the Twntieth and Twenty-First Centuries. _____ Learning Objectives: Through presentation and discussion, participants will explore: * The nature of attachment to "sacred objects" that transforms violence into a form of virtue * The human tendency to bifurcate the world into categories of "good" and "evil." * The need for and symbolic meaning of enemies. * The relationship between martyrdom and sacrifice * Why wars are difficult to end. _____ About the Presenter: Richard A. Koenigsberg received his PhD in Social Psychology from the Graduate Faculty of the New School for Social Research in New York City. His highly acclaimed books-Hitler's Ideology, The Psychoanalysis of Racism, Revolution and Nationalism, Symbiosis and Separation: Towards a Psychology of Culture, and Dying for One's Country: War as Sacrifice-established a method and theory for the psychological analysis of political ideology. _____ The Church Center for the United Nations is located across the street from United Nations headquarters. Tours are available at the Visitors' Lobby of the General Assembly seven days a week from 9am to 5pm. Please CLICK HERE for further information and to register for the Presentation and Workshop "Something to Kill and Die For" with Richard A. Koenigsberg, PhD Orion Anderson (718) 393-1104 oanderson at ideologiesofwar.com From rforno at infowarrior.org Wed Aug 30 11:23:10 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Aug 2006 11:23:10 -0400 Subject: [Infowarrior] - JSG: What's Next, Ramen Noodles? Message-ID: What's Next, Ramen Noodles? http://www.wired.com/news/columns/0,71688-0.html?tw=wn_index_6 By Jennifer Granick| Also by this reporter 02:00 AM Aug, 30, 2006 What if making ramen were like playing guitars? Last weekend I was sitting on a stool in Sapporo's famous "ramen alley" trying to decide what type of ramen dish to order for breakfast. I had just read an article in The New York Times reporting that the Recording Industry Association of America was threatening to sue websites that publish guitar music tablature, or tabs, alleging copyright infringement. The article said that the RIAA considers tabs copyright-protected information. According to the recording industry, even incorrect tabs and tabs developed by users from listening to songs are its property as "derivative works." I started thinking about what it would be like if there were an RIAA for ramen. The connection seemed obvious, because there are so many varieties of ramen available in so many little restaurants and street stalls here. Ramen is Japan's pizza -- derived from the cuisine of another country (China), popular because it's both delicious and inexpensive, and available in gourmet versions. Ramen is culturally important in Japan, and, like music, there is an infinite number of ramen styles, all of which have their committed adherents, copycats and detractors. Different regions of the country specialize in different styles of ramen, and cab drivers, students and gourmands all have their favorite stands. But Sapporo is Japan's noodly ground zero. The top floor of the city's Este department store is a ramen theme park, complete with a train ride for kids and 10 restaurants serving different regional styles of ramen. The English-language tourist brochure for Sapporo informs visitors that miso broth ramen is traditional in Sapporo, but today many competing types are vying for supremacy and "Sapporo is in the midst of a civil war over ramen." Imagine what that "civil war" would look like if the entrenched ramen interests had the mind-set and legal muscle of the U.S. recording industry. People play guitar in all sorts of styles, riffing on notes the way the Japanese riff on the basic concept of Chinese noodles in soup. What if the original ramen chefs tried to stop others from developing their own ramen recipes and making differently flavored ramen broth? They'd form an association -- say, the Ramen Industrial Alliance of Asia, or RIAA -- and announce a clampdown on the proliferation of infringing noodle shops. Their arguments would echo the music industry's. "The chefs who created ramen deserve to get paid for their creation," they'd say. "These noodle shops are taking profits away from the creators, while peddling an often-inferior product to an unsuspecting public that believes they are getting real ramen." Just as the music industry claims that tab sites are publishing "derivative works" related to the original musical compositions, the ramen industry lawyers would argue that ramen varieties are derivations of the original product. Kyushu's tonkatsu (pork) ramen, Sapporo's miso ramen or Hakodate's shio (salt) ramen divert customers and take ramen sales away from the original chefs. The ramen shops would counter that they are merely providing flavorful options for a hungry public looking for a delicious but inexpensive meal, and that their existence increases the overall public interest in, and demand for, ramen. Each side would point to the vibrant communities of ramen maniacs, who rate restaurants, and trade tips, recipes and commentary. The ramen industry would call them thieves, responsible for the plummeting cost of noodles, as well as the promulgation of an inferior, and possibly dangerous, product. If newfangled ramen flavors are what people want, then it's up to the original ramen specialists to provide them, not some two-bit stall in a dirty alley under the train station. When people get sick from this stuff, people blame ramen. Of course the ramen industry couldn't stand by and let that happen. There's a reason that intellectual property laws don't cover recipes, so for now, ramen may be safe. But with copyright laws that let the music industry shut down sites for teaching people how to play guitar, intellectual property claims against the making of noodles can't be far behind. - - - Jennifer Granick is executive director of the Stanford Law School Center for Internet and Society, and teaches the Cyberlaw Clinic. From rforno at infowarrior.org Wed Aug 30 11:12:08 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Aug 2006 11:12:08 -0400 Subject: [Infowarrior] - DOD Personnel Security streamlining (rule) Message-ID: Department of Defense Personnel Security Program Regulation AGENCY: Office of the Secretary, DoD. ACTION: Interim final rule. ----------------------------------------------------------------------- SUMMARY: This rule is published to streamline personnel security clearance procedures and make the process more efficient within the Department of Defense. This will simplify security processing and allow the deserving public to obtain a security clearance in a more efficient manner. DATES: This rule is effective September 1, 2006. Written comments received at the address indicated below by October 30, 2006 will be Accepted. < - > http://cryptome.org/dod083006.htm From rforno at infowarrior.org Tue Aug 29 23:54:50 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Aug 2006 23:54:50 -0400 Subject: [Infowarrior] - Hacking the Cable Modem (book) Message-ID: http://www.nostarch.com/frameset.php?startat=cablemodem_toc In the beginning there was dial-up, and it was slow; then came broadband in the form of cable, which redefined how we access the internet, share information, and communicate with each other online. Hacking the Cable Modem goes inside the device that makes Internet via cable possible and, along the way, reveals secrets of many popular cable modems, including products from Motorola, RCA, WebSTAR, D-Link and more. Inside Hacking The Cable Modem, you?ll learn: ? the history of cable modem hacking ? how a cable modem works ? the importance of firmware (including multiple ways to install new firmware) ? how to unblock network ports and unlock hidden features ? how to hack and modify your cable modem ? what uncapping is and how it makes cable modems upload and download faster Written for people at all skill levels, the book features step-by-step tutorials with easy to follow diagrams, source code examples, hardware schematics, links to software (exclusive to this book!), and previously unreleased cable modem hacks. From rforno at infowarrior.org Tue Aug 29 22:08:57 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Aug 2006 22:08:57 -0400 Subject: [Infowarrior] - Senate moves to give Bush more power to wiretap Message-ID: Senate moves to give Bush more power to wiretap 08/29/2006 @ 12:32 pm Filed by Brian Beutler http://www.rawstory.com/printstory.php?story=3077 A bill that expands President Bush's ability to wiretap American phones and conduct other forms of domestic surveillance will likely appear before the Senate Judiciary Committee next Thursday, RAW STORY has learned. Advertisement The bill, which was written by judiciary chairman Senator Arlen Specter (R-PA), and which has been widely and publicly excoriated by Democratic members of the committee, contains provisions?such as the institution of program-wide warrants, and warrants that do not expire for a year?that would weaken the strict limits that currently govern the FISA courts. The Foreign Intelligence Surveillance Act (FISA) was written nearly 20 years ago and offers guidelines about the legal use of wiretaps on phones inside the United States. It includes provisions for the use of courts to issue warrants if the government?s case against a suspect meets legal scrutiny. The judiciary committee originally sought to bring the NSA wiretapping program into compliance with FISA, but in practice, critics claim, Specter?s FISA amendments actually give the president freedom to expand his wiretapping activities. A statement released by the office of Senator Russ Feingold (D-WI) states that Specter?s bill ?gives him even more power than he has asserted under his illegal NSA wiretapping program.? A different bill, written by Senator Dianne Feinstein (D-CA) and cosponsored by Specter will also appear before the committee Thursday. Its provisions would do more to limit the NSA program than Specter?s, and would even mandate that the program face judicial review. But a Senate aide who works closely with Specter tells RAW STORY that, ?The White House said they would veto any bill that includes a provision for judicial review.? ?I can?t say that the bills work hand in hand,? an aide told RAW STORY adding that, though Specter?s bill does not make judicial review mandatory, ?it makes it optional.? Specter?s bill, written as a result of that threat, makes concessions to the White House that go beyond Feinstein?s legislation, which itself represents a diminution of the 1978 FISA statutes. FISA, for instance, allows 15 days of warrantless surveillance in the event of a declaration of war. Senator Feinstein?s bill extends that allowance to include the 15 days after a Congressional authorization of the use of force. Senator Specter?s bill deletes the exception altogether. ?Basically," one aide told RAW STORY, "the White House said, ?you can trust us, you have our word that we will submit the program for judicial review. Just don?t make it mandatory for us.?? Senator Feinstein has come out against the new legislation, intimating that it would legalize the NSA program that was recently declared unconstitutional by a federal judge in Michigan. If passed by Congress, Specter's bill could potentially influence the outcome of White House appeals that may ultimately put the program before the Supreme Court. In an op-ed cowritten with Senator Feingold in the San Francisco Chronicle, Senator Feinstein said, ?every time the Supreme Court has confronted a statute limiting the commander-in-chief's authority, it has upheld the statute." Feinstein continued: "Congress explicitly banned wiretapping individuals in the United States without a court order, except in limited circumstances such as emergencies, when it passed FISA in 1978. That means the president's power to wiretap Americans without a warrant would be viewed very skeptically by the Supreme Court. If Congress were to pass Specter's bill, however, the legal analysis would be much more deferential to the president. By repealing the ban on wiretapping without a warrant? Congress would help the president make his case.? Senator Specter, who unlike Senators Feingold and Feinstein does not sit on the Intelligence committee, and who therefore is privy to less information about the NSA program, had been critical of its apparent violation of FISA in the past. When asked at a press conference recently if it was frustrating to now be in a position to write legislation for the courts without knowing the details of the wiretapping program, he responded, ?Is it frustrating? Yes, but I'm used to that? From the very start, I said, I don't have to know what the program is, but the court has to know what the program is. There has to be judicial review before you can wiretap. That's been the tradition.? From rforno at infowarrior.org Wed Aug 30 13:48:11 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Aug 2006 13:48:11 -0400 Subject: [Infowarrior] - EPA ENFORCEMENT THREATENED BY LIBRARY CLOSURES Message-ID: For Immediate Release: August 28, 2006 Contact: Carol Goldberg (202) 265-7337 http://www.peer.org/news/news_id.php?row_id=735 EPA ENFORCEMENT THREATENED BY LIBRARY CLOSURES ? Prosecutions at Risk from Loss of Timely Access to Key Documents Washington, DC ? Prosecution of polluters by the U.S. Environmental Protection Agency ?will be compromised? due to the loss of ?timely, correct and accessible? information from the agency?s closure of its network of technical libraries, according to an internal memo released today by Public Employees for Environmental Responsibility (PEER). EPA enforcement staff currently rely upon the libraries to obtain technical information to support pollution prosecutions and to track the business histories of regulated industries. In a memo prepared last week by the enforcement arm of EPA, called the Office of Enforcement and Compliance (OECA), agency staff detailed concerns about the effects of EPA?s plans to close many of its libraries, box up the collections and eliminate or sharply reduce library services. Each year, EPA?s libraries handle more than 134,000 research requests from its own scientific and enforcement staff. The memo states: ?If OECA is involved in a civil or criminal litigation and the judge asks for documentation, we can currently rely upon a library to locate the information and have it produced to a court house in a timely manner. Under the cuts called for in the plan, timeliness for such services is not addressed.? In addition, the memo raises negative side effects relating to ? * Forensics. ?The NEIC (National Enforcement Investigations Center) Library is the only specialized environmental forensic library in the Agency. The NEIC library supports enforcement in the regions when there is a need for NEIC?s expertise or unique materials?Loss of support for enforcement within the regions may cause an overwhelming demand on the small NEIC library by requiring the NEIC library to provide not only unique materials, but also items that the regional libraries currently provide. There is no budget available to expand NEIC?s library capacity should this increased demand for NEIC library services occur.? * Lost Collections. ?OECA is seriously concerned that these documents may be distributed without adequate documentation and cataloging and may become virtually lost within the system.? * Institutional Memory. ?OECA is concerned that the loss of institutional memory as well as the loss of expertise from professional librarians in the regions will hamper OECA?s enforcement program.? ?Cutting $2 million in library services in an EPA budget totaling nearly $8 billion is the epitome of a penny wise-pound foolish economy,? stated PEER Executive Director Jeff Ruch. ?From research to regulation to enforcement, EPA is an information-dependent operation which needs libraries and librarians to function properly.? ### Read the EPA Office of Enforcement and Compliance Assurance ?Position Paper on the 2007 EPA Library Plan? Look at the Bush administration plan to close EPA?s technical research libraries From rforno at infowarrior.org Wed Aug 30 18:46:43 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Aug 2006 18:46:43 -0400 Subject: [Infowarrior] - Introducing the Data Loss Database - Open Source In-Reply-To: Message-ID: http://attrition.org/dataloss/dldos.html Wed Aug 30 18:27:24 EDT 2006 Since July of 2005, attrition.org has been tracking data loss and data theft incidents not just from the United States, but across the world. Our archives go back to the year 2000, and with over 142 MILLION records compromised in over 300 incidents across six years, we would finally like to introduce a very basic and rudimentiary database that will assist others in tracking these incidents. DLDOS (Data Loss Database - Open Source) is a simple flat comma seperated value file that can be imported into your database of choice, whether it be MySQL, Microsoft Access, or Oracle (good luck). We provide the date, the company that reported the breach, the type of data impacted, the number of records impacted, third party companies involved, and a few other sortable items that may be of interest. At this point, attrition.org is not hosting an actual database itself, but the raw data is free and available for use as long as attrition.org is credited for the use of said data. Really, we're not trying to be jerks, but if you're going to use our data in your research, be it a web site or paper written for a commercial entity, just give us a shout out please. Attrition.org's main data loss page can be found here: http://attrition.org/dataloss/ Attrition.org's Data Loss Mail List information: http://attrition.org/security/dataloss.html Please feel free to use this information, build on it, grow on it, and share it. Updates to the raw data will be provided by attrition.org weekly, if not daily. Share and share alike; distribute and learn. From rforno at infowarrior.org Wed Aug 30 18:50:49 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Aug 2006 18:50:49 -0400 Subject: [Infowarrior] - RIAA copyright education is contradictory, critics say Message-ID: RIAA copyright education is contradictory, critics say By Greg Sandoval http://news.com.com/RIAA+copyright+education+is+contradictory%2C+critics+say /2100-1027_3-6111118.html Story last modified Wed Aug 30 15:37:40 PDT 2006 The music industry's educational video about copyright law has been declared full of "baloney," according to several trade and public interest groups. The Consumer Electronics Association and Public Knowledge are among the groups to issue a joint statement condemning some statements on the Recording Industry Association of America's video, which the RIAA has plans to distribute to the nation's universities. The RIAA's video, a copy of which can be found on its Web site, suggests that students should be skeptical of free content and that its always illegal to make a copy of a song, even if its just to introduce a friend to a new band, said Robert Schwartz, general counsel for the Home Recording Rights Coalition, one of the groups opposed to the video. The RIAA has feuded often with groups representing companies, such as CD-burner manufacturers, that have a stake in music sharing. They claim the music industry tramples over the rights of individuals as it fights music piracy. The RIAA has aggressively litigated against people who share music files on the Web for the past several years. The RIAA's strategy now is to launch a campaign to educate young people of the consequences they face when they download music illegally. "First, we were told we should not enforce our rights," said an RIAA representative responding to critics of the video. "Now we are told education is wrong, too. We won't accept such a do-nothing approach. We'll continue to work with respected higher-education groups to engage students to think critically about these issues." The RIAA says that more than 350 universities have expressed interest in the video. In the RIAA's seven-minute video, the narrator attempts to explain copyright law and some of the other hazards with downloading music from the Web, such as being sued or arrested. At one point, the narrator tells viewers it's okay for them to make a copy for themselves "as long as it's for you." "Making copies for your friends, or giving it to them to copy, or e-mailing it to anyone is just as illegal as free downloading," the video narrator says. This appears to contradict a statement made in the Frequently Asked Question section that accompanies the video, Schwartz claims. An FAQ-section question asks whether someone who has bought music has the right to ever upload or download music. The RIAA's answer says that it's okay for productive or scholarly works. The video's critics say the response makes no mention of allowable uses for home recordings, even for individual use, which the law allows. "The RIAA seems to be making up the rules instead of citing any consistent interpretation or precedent as to the law," Schwartz said. Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Wed Aug 30 22:47:22 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Aug 2006 22:47:22 -0400 Subject: [Infowarrior] - NYT move to block Web to Britons raises questions Message-ID: NYT move to block Web to Britons raises questions Wed Aug 30, 2006 4:56 PM ET http://today.reuters.com/news/articlenews.aspx?type=internetNews&storyid=200 6-08-30T205559Z_01_L30604113_RTRUKOC_0_US-MEDIA-NYTIMES.xml&src=rss&rpc=22 By Daniel Trotta NEW YORK (Reuters) - A New York Times decision to block British online readers from seeing a story about London terrorism suspects raises new questions on restricting the flow of information in the Internet age, legal and media experts say. The New York Times said on Tuesday it had blocked British Internet readers from seeing a story detailing elements of the investigation into a suspected plot to blow up airliners between Britain and the United States. The story was published in Monday's paper. Under British laws, courts will punish media organizations that publish material that judges feel may influence jurors and prevent suspects receiving a fair trial. "There has not been a prosecution for contempt over anybody publishing outside this jurisdiction (Britain), but logically there is no reason why there should not be," said Caroline Kean, partner at UK media law firm Wiggin. While restricting what British media can report has been effective in the past, the Internet has made it far harder to stop information published by foreign outlets, which may breach Britain's laws, from being seen by UK readers. The New York Times article cited unnamed investigators providing information not given publicly by British police. It detailed the content of martyrdom videos and bomb-making equipment found by police and said an attempt to blow up the airliners was not as imminent as authorities had suggested. The same article appeared on the paper's Web site, http://www.nytimes.com, but readers in Britain who clicked on the headline received the notice "This Article Is Unavailable." "On advice of legal counsel, this article is unavailable to readers of nytimes.com in Britain. This arises from the requirement in British law that prohibits publication of prejudicial information about the defendants prior to trial," the notice said. PUBLISHED IN BRITAIN However British newspapers the Times and the Daily Mail also published details from the New York Times article this week. A government source said no injunctions had been taken out against the British papers, but action could not be ruled out if details were in any future publications, closer to a trial date. "We're keeping it under careful, constant review," he said. Because British courts may impose heavy fines and jail editors, foreign newspapers sometimes hold potentially sensitive stories out of their British print editions. Media lawyer Mark Stephens of Finer, Stephens, Innocent said he could not see anything wrong with the blocked New York Times article and the decision by British papers to print similar details showed the contempt of court law may be the problem. "It's probably unhelpful to have an area of law which is so uncertain where one set of lawyers is saying censor everything while another says there's nothing wrong with it," he said. "Even by blocking you don't have the desired effect. You actually create an enhanced interest as the blocking becomes a story in itself, which fans the flames of curiosity," he said. This was the first time the New York Times had targeted a readership and blocked it from seeing a story on the Web, as far as a spokeswoman and a lawyer from the paper could recall. "The British take this very seriously and tend to attack publications for contempt even if the arguments that we would have made sounded fairly reasonable," George Freeman, a lawyer with the New York Times Freeman said it was no guarantee that someone in Britain could not find the story. "But our position is that we did what we could to prevent publication in Britain. If someone carries in on a jet plane a New York Times from New York, that's not our doing and we can't prevent that," Freeman said. (Additional reporting by David Clarke and Michael Holden in London) From rforno at infowarrior.org Wed Aug 30 22:50:02 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Aug 2006 22:50:02 -0400 Subject: [Infowarrior] - Culver City Forces Users to Waive Free Speech Rights Message-ID: Culver City Forces Users to Waive Free Speech Rights Courtesy of Dave Weinberger, I came across this item from First Amendment attorney John Mitchell that seems too bad to be true, but it is. Culver City, CA is offering its citizens free Wi-Fi service, but there?s one big hitch: users formally agree to give up their First Amendment rights before using the network. < - > http://www.ipdemocracy.com/archives/001897print.html From rforno at infowarrior.org Wed Aug 30 22:56:19 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Aug 2006 22:56:19 -0400 Subject: [Infowarrior] - FBI Shows Off Counterterrorism Database Message-ID: FBI Shows Off Counterterrorism Database By Ellen Nakashima Washington Post Staff Writer Wednesday, August 30, 2006; A06 The FBI has built a database with more than 659 million records -- including terrorist watch lists, intelligence cables and financial transactions -- culled from more than 50 FBI and other government agency sources. The system is one of the most powerful data analysis tools available to law enforcement and counterterrorism agents, FBI officials said yesterday. The FBI demonstrated the database to reporters yesterday in part to address criticism that its technology was failing and outdated as the fifth anniversary of the Sept. 11, 2001, terrorist attacks nears. Privacy advocates said the Investigative Data Warehouse, launched in January 2004, raises concerns about how long the government stores such information and about the right of citizens to know what records are kept and correct information that is wrong. The data warehouse is an effort to "connect the dots" that the FBI was accused of missing in the months before the 2001 attacks, bureau officials said. About a quarter of the information comes from the FBI's records and criminal case files. The rest -- including suspicious financial activity reports, no-fly lists, and lost and stolen passport data -- comes from the Treasury, State and Homeland Security departments and the Federal Bureau of Prisons. < - > http://www.washingtonpost.com/wp-dyn/content/article/2006/08/29/AR2006082901 520_pf.html From rforno at infowarrior.org Wed Aug 30 23:12:14 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Aug 2006 23:12:14 -0400 Subject: [Infowarrior] - Olbermann Commentary on fascism-- WORTH watching! Message-ID: (c/o C&L) < - > Keith had some very choice words about Rumsfeld?s "fascism" comments tonight. Olbermann delivered this commentary with fire and passion while highlighting how Rumsfeld?s comments echoes other times in our world?s history when anyone who questioned the administration was coined as a traitor, unpatriotic, communist or any other colorful term. Luckily we pulled out of those times and we will pull out of these times. Remember - Rumsfeld did not just call the Democrats out yesterday, he called out a majority of this country. This wasn?t only a partisan attack, but more so an attack against the majority of Americans. < - > http://tinyurl.com/q4cdk From rforno at infowarrior.org Wed Aug 30 23:58:17 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Aug 2006 23:58:17 -0400 Subject: [Infowarrior] - "This Movie Is Not Yet Rated" Message-ID: http://www.salon.com/ent/movies/feature/2006/08/31/this_film_is/print.html "This Movie Is Not Yet Rated" pulls back the curtain on the secretive MPAA movie ratings board, moral "experts" determined to protect little Johnny from pubic hair and bad language. < - > The ratings board, conceived in 1968 by Valenti, is a group of 10 to 12 individuals employed full-time by the MPAA, each of whom serves for a term of several years. The identity of these individuals is kept secret, "to protect them from influence," Valenti has said. But according to MPAA rules, they are always parents, or people who have raised children. In stock footage used in the film, Valenti intones that they're "neither gods nor fools," although they throw their weight around like the former and collectively < - > s if her ferreting out of the ratings board members weren't enough, Becky also uncovered the makeup of the MPAA appeals board, a separate group whose identities are also kept secret. The appeals board is the group a filmmaker must submit a film to if unhappy with the rating granted by the ratings board. And as Dick shows us, the appeals guys are an even more insidious bunch of operators than the ratings crew: They include a buyer for Regal Cinemas, a vice-president of sales for Sony Pictures, the CEO of Fox Searchlight, and vice-presidents from both Landmark Theaters and Loews, as well as two representatives of religious groups, one Catholic and one Episcopalian. That means if your film doesn't survive the MPAA's moms and pops, those self-appointed guardians of our moral standards, you're really in trouble, because then you have to go up against the suits and the cassocks. In other words, this is a case of big business and organized religion putting their heads together to render a moral judgment on a filmmaker's work -- a judgment that could affect how much money a movie makes, or whether it even gets released at all. That's a nightmare at worst, and at best the punch line to a very bad joke. From rforno at infowarrior.org Thu Aug 31 09:39:28 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Aug 2006 09:39:28 -0400 Subject: [Infowarrior] - The Dial-Up BBS Revisited Message-ID: The Dial-Up BBS Revisited August 30th, 2006 by RedWolf BBS enthusiasts know that the last outpost for BBSes has been, for some time now, through telnet on the Internet. There was a time, however, when when dial-up BBSes over analog phone lines were the rule, not the exception. And believe it or not, there are still a handful of BBSes out there that have not modernized and switched over to the ?Net. The only way you can get to them, though, is through an old fashioned analog phone modem, regular ole Ma Bell lines, and a little patience. Visiting such old BBSes is incredible ? it?s like traveling back in time to the early-mid 1990s. Each BBS is a unique a time capsule, stocked with trinkets and ephemera from the period. On message boards, you?ll find posts from 1994 about the O.J. Simpson trial and which player-made Doom levels are best. In file transfer sections you?ll run across large archives of long-forgotten Windows 3.1 screen savers. In door sections (online games), you?ll find abandoned TradeWars 2002 games, still in progress, that haven?t been touched in eight years. And of course, the Ferrengi have completely taken over. < - > http://www.vintagecomputing.com/index.php/archives/161 From rforno at infowarrior.org Thu Aug 31 21:22:26 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Aug 2006 21:22:26 -0400 Subject: [Infowarrior] - The Pentagon's Secret Agents in Cyber Space In-Reply-To: Message-ID: (c/o LV) The Pentagon's Secret Agents in Cyber Space What if you could send a computer program to do the job of a spy, or a bomber, or drone? It sounds like science fiction -- and it'll probably stay that way, for a long, long time. But Air Force researchers think there's enough to the idea to start funding a trio of companies for initial work into these attacking, snooping "Cyber Craft." Using the Cyber Domain to conduct military operations... has significant potential," an Air Force paper announces. Examples include long-term intelligence activities, like "being to monitor a military barracks, accumulate financial information on a potentially hostile nation, or provide status on the political climate of a South American country." < - > http://www.defensetech.org/archives/002724.html