From rforno at infowarrior.org Fri Dec 1 07:11:18 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 01 Dec 2006 07:11:18 -0500 Subject: [Infowarrior] - MPAA Kills Anti-Pretexting Bill Message-ID: MPAA Kills Anti-Pretexting Bill http://www.wired.com/news/technology/0,72214-0.html?tw=rss.index By Ryan Singel 02:00 AM Dec, 01, 2006 A tough California bill that would have prohibited companies and individuals from using deceptive "pretexting" ruses to steal private information about consumers was killed after determined lobbying by the motion picture industry, Wired News has learned. The bill, SB1666, was written by state Sen. Debra Bowen, and would have barred investigators from making "false, fictitious or fraudulent" statements or representations to obtain private information about an individual, including telephone calling records, Social Security numbers and financial information. Victims would have had the right to sue for damages. The bill won approval in three committees and sailed through the state Senate with a 30-0 vote. Then, according to Lenny Goldberg, a lobbyist for the Privacy Rights Clearinghouse, the measure encountered unexpected, last-minute resistance from the Motion Picture Association of America. "The MPAA has a tremendous amount of clout and they told legislators, 'We need to pose as someone other than who we are to stop illegal downloading,'" Goldberg said. Consequently, when the bill hit the assembly floor Aug. 23, it was voted down 33-27, just days before revelations about Hewlett-Packard's use of pretexting to spy on journalists and board members put the practice in the national spotlight. Legislature records confirm that the MPAA's paid lobbyists worked on the measure. An aide to Bowen, who was forced out of the legislature by term limits and was elected Secretary of State, said the MPAA made its displeasure with the bill clear to lawmakers. "The MPAA told some members the bill would interfere with piracy investigations," the aide said. The association "doesn't want to hamstring investigators." The MPAA declined to comment for this story. California went on to pass a much more narrow bill that bans the use of deceit to obtain telephone calling records, and nothing else. A similarly tailored bill languished in Congress this year, despite high-profile congressional grillings of senior HP employees. Sean Walsh, past president of the Califonia Association of Licensed Investigators and an investigator for 27 years, said his group opposed SB1666 because it was too vague and would have tied the hands of investigators looking into insurance fraud, child support cases and missing children. "There's a public reason and benefit for some of this information to be available to legitimate licensed investigators," Walsh said. "Should it be available to everyone out there? Probably not. There are people that have legitimate need for getting this information in terms of an investigation, enforcing a court order and helping to return a child. Those are all very legitimate reasons and by excluding that you do grave disservice to the average citizen and to large corporations." Walsh also said groups like the MPAA and the Recording Industry Association of America hire investigators who use pretexting to ferret out copyright infringers, such as vendors on the street who are selling bootleg copies of CDs or DVDs. In that case, investigators may use some ruse to find out where the discs originated. (Records do not indicate that the RIAA had a position on the bill.) Ira Rothken, a prominent technology lawyer defending download search engine TorrentSpy against a movie industry copyright suit, says he didn't know about the lobbying, but can guess why the MPAA got involved. Rothken is suing (.pdf) the MPAA for allegedly paying a hacker $15,000 to hack into TorrentSpy's e-mail accounts. "It doesn't surprise me that the MPAA would be against bills that protect privacy, and the MPAA has shown that they are willing to pay lots of money to intrude on privacy," Rothken said. "I do think there needs to be better laws in place that would deter such conduct and think that it would probably be useful if our elected officials would not be intimidated by the MPAA when trying to pass laws to protect privacy." For his part, private investigator Walsh, whose current firm specializes in protecting the privacy of corporate clients, said he hopes lawmakers in 2007 take their time. "Everyone wants a quick fix, but they don't see the ripple effect until much later," Walsh said. "Our organization has been successful at educating legislators by saying, 'Wait a minute, but look at how it effects X, Y and Z.' They have to see those tangents so that if they are going to go ahead and pass legislation, they do it in a responsible and educated way." From rforno at infowarrior.org Fri Dec 1 09:57:51 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 01 Dec 2006 09:57:51 -0500 Subject: [Infowarrior] - New rules compel firms to track e-mails Message-ID: New rules compel firms to track e-mails Fri Dec 1, 6:25 AM ET http://news.yahoo.com/s/ap/20061201/ap_on_hi_te/storing_e_mails&printer=1 U.S. companies will need to keep track of all the e-mails, instant messages and other electronic documents generated by their employees thanks to new federal rules that go into effect Friday, legal experts say. The rules, approved by the Supreme Court in April, require companies and other entities involved in federal litigation to produce "electronically stored information" as part of the discovery process, when evidence is shared by both sides before a trial. The change makes it more important for companies to know what electronic information they have and where. Under the new rules, an information technology employee who routinely copies over a backup computer tape could be committing the equivalent of "virtual shredding," said Alvin F. Lindsay, a partner at Hogan & Hartson LLP and expert on technology and litigation. James Wright, director of electronic discovery at Halliburton Co., said that large companies are likely to face higher costs from organizing their data to comply with the rules. In addition to e-mail, companies will need to know about things more difficult to track, like digital photos of work sites on employee cell phones and information on removable memory cards, he said. Both federal and state courts have increasingly been requiring the production of relevant electronic documents during discovery, but the new rules codify the practice, legal experts said. The rules also require that lawyers provide information about where their clients' electronic data is stored and how accessible it is much earlier in a lawsuit than was previously the case. There are hundreds of "e-discovery vendors" and these businesses raked in approximately $1.6 billion in 2006, Wright said. That figure could double in 2007, he added. Another expense will likely stem from the additional time lawyers will have to spend reviewing electronic documents before turning them over to the other side. While the amount of data will be narrowed by electronic searches, some high-paid lawyers will still have to sift through casual e-mails about subjects like "office birthday parties in the pantry" in order to find information relevant to a particular case. Martha Dawson, a partner at the Seattle-based law firm of Preston Gates & Ellis LLP who specializes in electronic discovery, said the burden of the new rules won't be that great. Companies will not have to alter how they retain their electronic documents, she said, but will have to do an "inventory of their IT system" in order to know better where the documents are. The new rules also provide better guidance on how electronic evidence is to be handled in federal litigation, including guidelines on how companies can seek exemptions from providing data that isn't "reasonably accessible," she said. This could actually reduce the burden of electronic discovery, she said. From rforno at infowarrior.org Fri Dec 1 13:25:20 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 01 Dec 2006 13:25:20 -0500 Subject: [Infowarrior] - MPAA engages in piracy of Kirby Dick film Message-ID: MPAA engages in piracy of Kirby Dick film http://www.slumdance.com/blogs/brian_flemming/archives/001953.html MPAA: Manufacturing, selling, distributing or making copies of motion pictures without the consent of the copyright owners is illegal. Movie pirates are thieves, plain and simple. ALL forms of piracy are illegal and carry serious legal consequences. Except when we do it: The Motion Picture Assn. of America, the leader in the global fight against movie piracy, is being accused of unlawfully making a bootleg copy of a documentary that takes a critical look at the MPAA's film ratings system. The MPAA admitted Monday that it had duplicated "This Film Is Not Yet Rated" without the filmmaker's permission after director Kirby Dick submitted his movie in November for an MPAA rating. The Hollywood trade organization said that it did not break copyright law, insisting that the dispute is part of a Dick-orchestrated "publicity stunt" to boost the film's profile. Yes, it's a publicity stunt. But the MPAA did copy a movie without authorization. One fact doesn't negate the other. The MPAA puts on publicity stunts all the time as part of its anti-piracy efforts. But that doesn't mean there aren't movie pirates out there. The MPAA needs to explain how an act they consider a great moral crime under any circumstances is not a great moral crime when they do it: Anyone who sells, acquires, copies or distributes copyrighted materials without permission is called a pirate. From rforno at infowarrior.org Fri Dec 1 18:44:31 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 01 Dec 2006 18:44:31 -0500 Subject: [Infowarrior] - FBI taps cell phone mic as eavesdropping tool Message-ID: FBI taps cell phone mic as eavesdropping tool By Declan McCullagh http://news.com.com/FBI+taps+cell+phone+mic+as+eavesdropping+tool/2100-1029_ 3-6140191.html Story last modified Fri Dec 01 15:41:12 PST 2006 The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations. The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him. Nextel cell phones owned by two alleged mobsters, John Ardito and his attorney Peter Peluso, were used by the FBI to listen in on nearby conversations. The FBI views Ardito as one of the most powerful men in the Genovese family, a major part of the national Mafia. The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the "roving bug" was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect's cell phone. Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set. While the Genovese crime family prosecution appears to be the first time a remote-eavesdropping mechanism has been used in a criminal case, the technique has been discussed in security circles for years. The U.S. Commerce Department's security office warns that "a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone." An article in the Financial Times last year said mobile providers can "remotely install a piece of software on to any handset, without the owner's knowledge, which will activate the microphone even when its owner is not making a call." Nextel and Samsung handsets and the Motorola Razr are especially vulnerable to software downloads that activate their microphones, said James Atkinson, a counter-surveillance consultant who has worked closely with government agencies. "They can be remotely accessed and made to transmit room audio all the time," he said. "You can do that without having physical access to the phone." Because modern handsets are miniature computers, downloaded software could modify the usual interface that always displays when a call is in progress. The spyware could then place a call to the FBI and activate the microphone--all without the owner knowing it happened. (The FBI declined to comment on Friday.) "If a phone has in fact been modified to act as a bug, the only way to counteract that is to either have a bugsweeper follow you around 24-7, which is not practical, or to peel the battery off the phone," Atkinson said. Security-conscious corporate executives routinely remove the batteries from their cell phones, he added. FBI's physical bugs discovered The FBI's Joint Organized Crime Task Force, which includes members of the New York police department, had little luck with conventional surveillance of the Genovese family. They did have a confidential source who reported the suspects met at restaurants including Brunello Trattoria in New Rochelle, N.Y., which the FBI then bugged. But in July 2003, Ardito and his crew discovered bugs in three restaurants, and the FBI quietly removed the rest. Conversations recounted in FBI affidavits show the men were also highly suspicious of being tailed by police and avoided conversations on cell phones whenever possible. That led the FBI to resort to "roving bugs," first of Ardito's Nextel handset and then of Peluso's. U.S. District Judge Barbara Jones approved them in a series of orders in 2003 and 2004, and said she expected to "be advised of the locations" of the suspects when their conversations were recorded. Details of how the Nextel bugs worked are sketchy. Court documents, including an affidavit (p1) and (p2) prepared by Assistant U.S. Attorney Jonathan Kolodner in September 2003, refer to them as a "listening device placed in the cellular telephone." That phrase could refer to software or hardware. One private investigator interviewed by CNET News.com, Skipp Porteous of Sherlock Investigations in New York, said he believed the FBI planted a physical bug somewhere in the Nextel handset and did not remotely activate the microphone. "They had to have physical possession of the phone to do it," Porteous said. "There are several ways that they could have gotten physical possession. Then they monitored the bug from fairly near by." But other experts thought microphone activation is the more likely scenario, mostly because the battery in a tiny bug would not have lasted a year and because court documents say the bug works anywhere "within the United States"--in other words, outside the range of a nearby FBI agent armed with a radio receiver. In addition, a paranoid Mafioso likely would be suspicious of any ploy to get him to hand over a cell phone so a bug could be planted. And Kolodner's affidavit seeking a court order lists Ardito's phone number, his 15-digit International Mobile Subscriber Identifier, and lists Nextel Communications as the service provider, all of which would be unnecessary if a physical bug were being planted. A BBC article from 2004 reported that intelligence agencies routinely employ the remote-activiation method. "A mobile sitting on the desk of a politician or businessman can act as a powerful, undetectable bug," the article said, "enabling them to be activated at a later date to pick up sounds even when the receiver is down." For its part, Nextel said through spokesman Travis Sowders: "We're not aware of this investigation, and we weren't asked to participate." Other mobile providers were reluctant to talk about this kind of surveillance. Verizon Wireless said only that it "works closely with law enforcement and public safety officials. When presented with legally authorized orders, we assist law enforcement in every way possible." A Motorola representative said that "your best source in this case would be the FBI itself." Cingular, T-Mobile, and the CTIA trade association did not immediately respond to requests for comment. Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Fri Dec 1 22:11:43 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 01 Dec 2006 22:11:43 -0500 Subject: [Infowarrior] - Announcing psiphon anti-web-censorship availability Message-ID: psiphon is a human rights software project developed by the Citizen Lab at the Munk Centre for International Studies that allows citizens in uncensored countries to provide unfettered access to the Net through their home computers to friends and family members who live behind firewalls of states that censor. http://psiphon.civisec.org/ What is psiphon? psiphon is a censorship circumvention solution that allows users to access blocked sites in countries where the Internet is censored. psiphon turns a regular home computer into a personal, encrypted server capable of retrieving and displaying web pages anywhere How does psiphon work? psiphon acts as a "web proxy" for authenticated psiphonites, retrieving requested web pages and displaying them in a user's browser. psiphon uses a secure, encrypted connection to receive web requests from the psiphonite to the psiphonode who then transports the results back to the psiphonite. There is no connection between the psiphonite and the requested website, as psiphon transparently proxies the request through the psiphonode's computer allowing the psiphonite to browse blocked websites seamlessly. http://psiphon.civisec.org/ From rforno at infowarrior.org Sat Dec 2 10:28:31 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 02 Dec 2006 10:28:31 -0500 Subject: [Infowarrior] - Devices That Tell On You: The Nike+iPod Sport Kit Message-ID: Devices That Tell On You: The Nike+iPod Sport Kit T. Scott Saponas, Jonathan Lester, Carl Hartung, and Tadayoshi Kohno. Department of Computer Science and Engineering, University of Washington. Overview Key industry players are incorporating wireless radio communications capabilities into many new personal consumer products. For example, the new Nike+iPod Sport Kit from Apple consists of two components -- a sensor and a receiver -- that communicate using a wireless radio protocol. Unfortunately, there can be negative side-effects associated with equipping these gadgets with wireless communications capabilities. In the case of the Nike+iPod Sport Kit, our research shows that the wireless capabilities in this new gadget can negatively impact a consumer's personal privacy and safety. As part of our research, we built a number of surveillance tools that malicious individuals could use to track Nike+iPod Sport Kit owners. Our tools can track Nike+iPod Sport Kit owners while they our working out, as well as when they are just casually walking around town, a parking lot, or a college campus. The tracked individuals don't even need to have their iPods with them. Our research also shows that there exist simple cryptographic techniques that the Nike+iPod Sport Kit designers could have used to improve the privacy-preserving properties of the Nike+iPod kit. Our work underscores the need for a broad public discussion about and further research on the privacy-preserving properties of new wireless personal gadgets. We stress, however, that there is no evidence that Apple or Nike intended for these devices to be used in any malicious manner. Additionally, neither Apple nor Nike endorsed this study. < - > http://www.cs.washington.edu/research/systems/privacy.html From rforno at infowarrior.org Sat Dec 2 15:43:18 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 02 Dec 2006 15:43:18 -0500 Subject: [Infowarrior] - Security: Is technology saint or sinner? Message-ID: Original URL: http://www.theregister.co.uk/2006/11/27/database_state_analyses/ Security: Is technology saint or sinner? By Clive Longbottom, Quocirca.com Published Monday 27th November 2006 10:14 GMT Analysis The latest problem to be thrown at us, on top of war, global warming, disease etc, is that we are "sleepwalking into a surveillance society". The worry is that, owing to all the data being collected these days, we no longer have any real privacy. We are covered by cameras, the "powers that be" have oodles of information on every one of us, and the private sector has got in on the act with the likes of loyalty cards. Yet, the vocal groups (and who knows if these are the minority or the majority) want it all ways. They want their privacy, while trying to make sure that all these Johnny Foreigners don't come over uninvited, that the "man next door" doesn't claim sickness benefit while on a mountaineering holiday in Tibet and, that when needed, the emergency services will have everything at their fingertips to know exactly what drugs can and can't be given to you while you're lying in the road, and/or have access to high-definition CCTV footage to identify who it was who kicked seven shades of the proverbial out of you. I think that we need to look at pragmatism and try to put "privacy" into context. What do we mean by privacy here? Do we really think that all of the 13 million CCTV cameras in the UK are being watched by forces which are just waiting for us to inadvertently drop a paper hankie on the street? Do we really believe that hordes of people are sitting in some dusty basement in Cheltenham reading the email that you sent with that particularly non-PC joke in it? Are we worried that we might just get caught after we've mugged some poor unfortunate? Could this be it? We're not really bothered about privacy as such, but we're worried that we might get caught? Speed cameras would seem to be a prime example of this privacy argument. There are many groups and individuals whose worries are more pragmatic: the security, integrity and accuracy of the information being held on us. This has less to do with privacy, and more to do with reality. For example, if I'm the person lying in the middle of the road, I do want the paramedics, police and fire brigade to know that I am allergic to penicillin, that I have epilepsy, and that I am already on a collection of prescription drugs for a range of problems. This knowledge could save my life and, as I am a simple soul, I don't care who knows all of this. Now, let's say that I was the chief executive of a major company that is just going through a sensitive acquisition. My medical records could say that I have only a few months to live. This is very important for the medical profession to know, but probably not what I'd want splashed over the financial pages of the papers. There's also the problem of what the "powers that be" will do with information. All we have to do is look at the likes of Hoover, Beria, Trotsky, and Hitler as to what can happen when too much information is given to someone who is a little on the unstable side. But, the majority of these despots did their dirty work without technology. So is it technology that is to blame? Yes, technology means that we can gather and analyse a lot more information. Yes, technology means that people thousands of miles away are just like the risks of having cleaners in the office 50 years ago: if you don't take careful steps, you're leaving everything available to them. Yes, the black hats (bad hackers) are cleverer than ever and there are relatively more of them. But does this mean that we should ban any database of information held on us? Does it mean that all information should be kept in isolation from other information? If we continue in this way, we'll see more headlines where a child dies owing to information from one group not being available to another, to people who should be being tracked being lost due to insufficient data being available, to the continued billions of pounds being wasted in fraudulent claiming of benefits, of insurance claims, the booming black market economy and so on. ID theft will continue to rise without any means of being able to prove irrevocably who we are, and that ID can be taken from us. And for anyone who has had full ID theft occasioned against them, then all of a sudden, you really wish that you'd backed the implementation of ID cards, at least in a correct way. (Please note that I am not backing the government's half-hearted, half-baked way of providing government-backed false IDs.) To my mind, it's technology which can help us by ensuring sophisticated controls over access to data. We can design, say, a DNA database that is just that: a genetic fingerprint that is held against an identifier. We could do the same for iris recognition and/or fingerprinting. Three different databases, none of which actually provides any information against named people. To get onto these databases, you have to go through three different groups. Why? So that any chance of using insiders to create false IDs is minimised. Any check against these databases would use full auditing. Any access to any field within the database is time stamped and stamped with an access code showing which user or body nominally accessed that field. Security profiles then begin to take over; having verified that the DNA, iris and/or fingerprint are in each of the databases, what else do we need to do? Do we need to be able to carry out another match to ensure that this person is who they are saying they are? Maybe a PIN or something similar? OK, a fourth database, maybe within the private sector. Again, all that this has is the PIN against a unique identifier. We now have up to four pieces of unique data against four unique identifiers. In comes database number five: a correlation database of unique identifiers. If all of these unique identifiers correlate as being from the same person, we can pretty much assume that we have a match. And at no stage have we had to go to a database that has any names or other personally identifiable information held within it. However, if this is the police, ambulance or fire brigade, they may then need to go to a different database where such personal information is held. Again, all fully audited against access type, named ID and, where necessary, correlated against biometric information of the accessing individual. For the highest levels of information being held on us, we need the same sort of approach that we have for nuclear warheads being set off: a dual key system. No single person should be able to access every last item about another without some balance being available. For me, we have to look at data pragmatism. I want to be able to walk the streets without too much fear of aggravated assault against me, I want to be able to see my insurance premiums go down because thieves find it harder to get away with misdemeanours, I'd like to see my tax go down due to fraud being eradicated. This won't happen unless we make the most of technology, but also use appropriate technology as the controls against inappropriate usage. Copyright ? 2006, IT-Analysis.com (http://www.it-analysis.com) From rforno at infowarrior.org Sun Dec 3 12:08:11 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 03 Dec 2006 12:08:11 -0500 Subject: [Infowarrior] - Open-Source Spying Message-ID: December 3, 2006 Open-Source Spying By CLIVE THOMPSON When Matthew Burton arrived at the Defense Intelligence Agency in January 2003, he was excited about getting to his computer. Burton, who was then 22, had long been interested in international relations: he had studied Russian politics and interned at the U.S. consulate in Ukraine, helping to speed refugee applications of politically persecuted Ukrainians. But he was also a big high-tech geek fluent in Web-page engineering, and he spent hours every day chatting online with friends and updating his own blog. When he was hired by the D.I.A., he told me recently, his mind boggled at the futuristic, secret spy technology he would get to play with: search engines that can read minds, he figured. Desktop video conferencing with colleagues around the world. If the everyday Internet was so awesome, just imagine how much better the spy tools would be. But when he got to his cubicle, his high-tech dreams collapsed. ?The reality,? he later wrote ruefully, ?was a colossal letdown.? < - BIG SNIP - > http://www.nytimes.com/2006/12/03/magazine/03intelligence.html?_r=1&oref=slo gin&pagewanted=print From rforno at infowarrior.org Sun Dec 3 18:00:58 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 03 Dec 2006 18:00:58 -0500 Subject: [Infowarrior] - U.N. agency sees risks to privacy, security online Message-ID: U.N. agency sees risks to privacy, security online By Reuters http://news.com.com/U.N.+agency+sees+risks+to+privacy%2C+security+online/210 0-1029_3-6140314.html Story last modified Sun Dec 03 14:53:57 PST 2006 GENEVA--Computer users who type in the same username and password for multiple sites--such as online banks, travel agencies and booksellers--are at serious risk from identity thieves, a United Nations agency said on Sunday. The International Telecommunication Union, a Geneva-based U.N. branch, said businesses and regulators need to find a solution to the spread of personal information on the Internet, possibly by developing more streamlined identification methods. At the moment, the ITU said the sheer number of identifiers and passwords required from computer users made it nearly inevitable that they repeat codes. "This may cause security breaches, and leave them vulnerable to the machinations of identity thieves ever increasing in number and inventiveness," it said in its 2006 Internet report, released ahead of a major meeting of governments and industry officials in Hong Kong. "The lack of coordination in identification systems is a source of growing inconvenience to users and needs to be addressed rapidly," it said. The agency also highlighted risks to privacy from widespread Internet use, especially from marketers tracking the preferences and traffic of browsers across a variety of sites. If people have confidence in the way such information is stored and used, the ITU said there might be no problem from the proliferation of "cookies" and other data-capturing tools, often used for targeted online advertising. But it warned that a breakdown in consumer trust could impede the future expansion of Internet-based commerce. From rforno at infowarrior.org Sun Dec 3 22:26:24 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 03 Dec 2006 22:26:24 -0500 Subject: [Infowarrior] - Health Hazard: Computers Spilling Your History Message-ID: December 3, 2006 Health Hazard: Computers Spilling Your History By MILT FREUDENHEIM and ROBERT PEAR http://www.nytimes.com/2006/12/03/business/yourmoney/03health.html?pagewante d=print BILL CLINTON?S identity was hidden behind a false name when he went to NewYork-Presbyterian Hospital two years ago for heart surgery, but that didn?t stop computer hackers, including people working at the hospital, from trying to get a peek at the electronic records of his medical charts. The same hospital thwarted 1,500 unauthorized attempts by its own employees to look at the patient records of a famous local athlete, said J. David Liss, a vice president at NewYork-Presbyterian. And just last September, the New York City public hospital system said that dozens of workers at one of its Brooklyn medical centers, including doctors and nurses, technicians and clerks, had improperly looked at the computerized medical records of Nixzmary Brown, a 7-year-old who prosecutors say was beaten to death by her stepfather last winter. Powerful forces are lobbying hard for government and private programs that could push the nation?s costly and inefficient health care system into the computer age. President Bush strongly favors more use of health information technology. Health insurance and medical device companies are eager supporters, not to mention technology companies like I.B.M. and Google. Furthermore, Intel and Wal-Mart Stores have both said they intend to announce plans this week to embrace electronic health records for their employees. Others may soon follow. Bills to speed the adoption of information technology by hospitals and doctors have passed both chambers of Congress. But the legislation has bogged down, largely because of differences over how to balance the health care industry?s interest in efficiently collecting, studying and using data with privacy concerns for tens of millions of ordinary Americans ? not just celebrities and victims of crime. Advocates of such legislation, including Representative Joe L. Barton, the Texas Republican who is the chairman of the House Energy and Commerce Committee, said that concern about snooping should not freeze progress on adopting technology that could save money and improve care. ?Privacy is an important issue,? said Mr. Barton, who will lose the chairman?s post when the Democrats take over next year, ?but more important is that we get a health information system in place.? Congress can address privacy later ?if we need to,? he said. Democrats, however, have made it clear that they are determined to address the issue of medical-records privacy once they take command of both houses of Congress next month. ?There is going to be much more emphasis placed upon privacy protections in the next two years than we have seen in the last 12 years,? said Representative Edward J. Markey, Democrat of Massachusetts and a longtime privacy advocate. Mr. Markey, a member of the Energy and Commerce committee, said he supported legislation that would allow individuals to keep their medical records out of electronic databases, and require health care providers to notify patients when health information is ?lost, stolen or used for an unauthorized purpose.? Representative John D. Dingell of Michigan, the ranking Democrat who is expected to become chairman of the Energy and Commerce committee next month, said that expanding electronic health care systems ?clearly has great potential benefit.? But he added that ?it also poses serious threats to patients? privacy by creating greater amounts of personal information susceptible to thieves, rascals, rogues and unauthorized users.? Members of his committee, as well as the House Ways and Means Committee, have been struggling with such issues. Academic medical centers like NewYork-Presbyterian have considerable experience with electronic records. But many other hospitals have been slow to jump on board, as have doctors and patients. Only one in four doctors used electronic health records in 2005, according to a recent study by researchers at Massachusetts General Hospital and George Washington University, and fewer than 1 in 10 doctors used the technology for important tasks like prescribing drugs, ordering tests and making treatment decisions. Cathy Schoen, a senior researcher at the Commonwealth Fund, a nonprofit foundation, said primary-care doctors in the United States were far less likely than doctors in other industrialized countries to use electronic records. In Britain, 89 percent of doctors use them, according to a recent report in the online edition of the journal Health Affairs; in the Netherlands, 98 percent do. Technology experts have many explanations for the slow adoption of the technology in the United States, including the high initial cost of the equipment, difficulties in communicating among competing systems and fear of lawsuits against hospitals and doctors that share data. But the toughest challenge may be a human one: acute public concern about security breaches and identity theft. Even when employers pay workers to set up computerized personal health records, many bridle, fearing private information will fall into the wrong hands and be used against them. ?When I talk to employees, the top concern they have is: ?What happens to my information? What about the Social Security numbers on my employee insurance, as well as the identity threat now appearing in health care?? ? Harriett P. Pearson, I.B.M.?s chief privacy officer, said in a recent interview. ?We have to be proactive about addressing privacy issues.? Dr. J. Brent Pawlecki, associate medical director at Pitney Bowes, the business services company, said that people in the United States are most concerned that they could lose their health insurance, based on something in their health records. Pitney Bowes is weighing the pros and cons of electronic personal health records for its employees. The worries are widely held. Most Americans say they are concerned that an employer might use their health insurance records to limit job opportunities, according to several surveys, including a recent one by the nonprofit Markle Foundation. Some patients are so fearful that they make risky decisions about their health. One in eight respondents in a survey last fall by the California HealthCare Foundation said they had tried to hide a medical problem by using tactics like skipping a prescribed test or asking the doctor to ?fudge a diagnosis.? Dr. Stephen J. Walsh, a psychiatrist and former president of the San Francisco Medical Society, said, ?I see many patients who don?t want any information about their seeing a psychiatrist on a record anywhere.? CONGRESS addressed some of these concerns in 1996, when it passed the Health Insurance Portability and Accountability Act. That made it a federal crime, albeit rarely punished, to disclose private medical information improperly. But critics say that the law has some worrisome loopholes, that infractions are rarely prosecuted, and that violators have almost never been punished. The law, for example, lets company representatives review employees? medical records in order to process health insurance claims. Critics say that it would not be unusual in some companies for the same supervisor to be in charge both of insurance claims and of hiring and firing decisions; this could allow companies to comb their ranks for people with expensive illnesses and find some reason to fire them as a way to keep health costs under control. Easily accessible computerized files would make the job that much easier, the critics say. Joy L. Pritts, a health policy analyst at Georgetown University, said that in developing and promoting health information technology, the government seemed to assume that it could ?tack on privacy protections later.? But she warned: ?That attitude can really backfire. If you don?t have the trust of patients, they will withhold information and won?t take advantage of the new system.? Executives can hire private tutors who specialize in teaching how to stay on the right side of the rules. But based on the experience so far, there is little chance that executives will be punished if they break them. The Office for Civil Rights in the Department of Health and Human Services has received more than 22,000 complaints under the portability law since the federal privacy standards took effect in 2003; allegations of ?impermissible disclosure? have been among the most common complaints. But the civil rights office has filed only three criminal cases and imposed no civil fines. Instead, it said, it has focused on educating violators about the law and encouraging them to obey it in the future. With federal enforcement so weak, privacy advocates say they are also concerned about recent efforts in Congress to pre-empt state consumer protection laws. They often provide stronger privacy rights and remedies, particularly for information on H.I.V. infection, mental illness and other specific conditions. State laws, unlike the federal law, have resulted in some stiff penalties. Last April, a California state appeals court approved a malpractice award of $291,000 to Nicholas Francies, a San Francisco restaurant manager, who lost his job after his doctor disclosed his H.I.V.-positive status in a worker?s compensation notice to Mr. Francies?s employer. He also got $160,000 from his employer in a settlement. Dr. Deborah C. Peel, a psychiatrist and privacy advocate in Austin, Tex., has assembled a broad group called the Patient Privacy Rights Foundation, to lobby in Washington. Members span the political spectrum, from the American Civil Liberties Union and the U.S. Public Interest Research Group to the American Conservative Union and the Family Research Council. Newt Gingrich, the Republican former House speaker, has called for ?a 21st-century intelligent health system? based on electronic records. He also says individuals ?must have the ability to control who can access their personal health information.? ?People do have a legitimate right to control their records,? said Mr. Gingrich, who has worked closely with Senator Hillary Rodham Clinton, Democrat of New York, on the issue of computerized records. On their own, they have also advocated strict rules to protect privacy. Mr. Gingrich noted that the Senate had twice passed bills to prohibit discrimination based on personal genetic information; the House did not vote on them. Democrats say the outlook for such legislation will improve when they take control of Congress. EVEN without new federal laws to guide them, some companies have begun to encourage their employees to embrace electronic medical records. At Pitney Bowes, employees are paid a bonus if they store a copy of their personal health records on WebMD.com, the medical Web site. ?We haven?t pushed that, except to make an offering,? Dr. Pawlecki said. But for those without electronic records, he added, ?any time you go to a different system or a different doctor, the chances are that your records will not be able to follow you.? As a result, there is a risk of ?harmful care,? like drug interactions or side effects, he said, as well as risks of omitting needed care and conducting duplicate tests. Pitney Bowes and WebMD Health are among a group of 25 companies meeting with Ms. Pearson of I.B.M. to develop a set of principles and best practices that she said would help persuade people that their employers really did not look at private information stored online. Ms. Pearson?s group is working with Janlori Goldman, director of the Health Privacy Project in Washington. Employers need to adopt standards for personal health records that address their workers? privacy, confidentiality and security concerns, Ms. Goldman said. WebMD, which manages employees? health records for dozens of companies, had discussions earlier this year with Google, which is developing a Web site called Google Health, according to people familiar with the project. Google has not commented on its plans. But commenting generally on the issues, Adam Bosworth, the vice president for engineering at Google, said that privacy is a hurdle for technology companies addressing health care problems. ?There is a huge potential for technology to improve health care and reduce its cost,? Mr. Bosworth said in a statement. ?But companies that offer products and services must vigorously protect the privacy of users, or adoption of very useful new products and services will fail.? Even before the theft this year of a Veterans Affairs official?s laptop that contained private medical records of 28 million people, a consumer survey found that repeated security breaches were raising concerns about the safety of personal health records. About one in four people were aware of those earlier breaches, according to a national telephone survey of 1,000 adults last year for the California HealthCare Foundation. The margin of error was plus or minus 3 percentage points. The survey, conducted by Forrester Research, also found that 52 percent were ?very concerned? or ?somewhat concerned? that insurance claims information might be used by an employer to limit their job opportunities. The Markle survey, to be published this week, will report even greater worry ? 56 percent were very concerned, 18 percent somewhat concerned ? about abuse by employers. But despite their worries, the Markle respondents were eager to reap the benefits of Internet technology ? for example, having easy access to their own health records. Companies that have tried to use computers to increase the efficiency of medical care say their success has hinged on security. ?The privacy piece was critical,? said Al Rapp, corporate health care manager at United Parcel Service, which recently introduced a health care program built on computerizing the records of 80,000 nonunion employees. U.P.S. offers to add $50 each to workers? flexible spending accounts if they agree to supply information for a personal ?health risk appraisal.? They can receive another $50 if spouses also participate. More than half accepted, Mr. Rapp said, with the understanding that the information would go to data archives at UnitedHealth Group and Aetna. ?We are not involved in any way,? he said, referring to U.P.S.?s managers. Aetna and UnitedHealth combine these appraisals with each person?s history of medical claims and prescription drug purchases. When the software signals a personal potential for costly conditions like diabetes, heart problems and asthma, an insurance company nurse, or health coach, telephones the employee with suggestions for preventive care and reminders for checkups, taking medications and the like. ?The employee can tell the nurse who calls that they don?t want to participate,? Mr. Rapp said. ?Thus far, it has been very well accepted.? Last week, he said, the health coach reached out to the spouse of an employee after noting that her condition and weight suggested a potential risk for a heart attack. ?She asked this person, ?Are you taking your cholesterol medication, Lipitor?? She said, ?I won?t take Lipitor,? ? and went on to mention the side effects she had read about on the Internet, Mr. Rapp said. The nurse informed the woman?s doctor, who changed her prescription to a similar drug, Mr. Rapp said. He added that he was one of ?a very few select people in the human resources department? who are permitted to see personal health records, under the federal privacy rules. ?I can see the names, to see the issues,? Mr. Rapp said. ?I manage the program. I have responsibility for the success of the program.? But he added that he was prohibited under the law from sharing the employee?s data with other U.P.S. managers. ?Generally speaking, U.P.S. would have no knowledge of it,? Mr. Rapp said. Still, worries linger across the health care system. Hospital executives say that private investigators have often tried to bribe hospital employees to obtain medical records that might be useful in court cases, including battles over child custody, divorce, property ownership and inheritance. But computer technology ? the same systems that disseminate data at the click of a mouse ? can also enhance security. Mr. Liss, of NewYork-Presbyterian, said that when unauthorized people tried to gain access to electronic medical records, hospital computers were programmed to ask them to explain why they were seeking the information. Moreover, Mr. Liss said, the computer warns electronic intruders: ?Be aware that your user ID and password have been captured.? From rforno at infowarrior.org Mon Dec 4 12:05:25 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 04 Dec 2006 12:05:25 -0500 Subject: [Infowarrior] - TiVoToGo DRM cracked Message-ID: TiVoToGo DRM cracked The TiVoToGo DRM has been cracked. This is the DRM that locks the files you move from your TiVo to your PC (something that is lawful, even without DRM). The DRM restricts how you use your TV shows, and prevents you from using it at all outside of a Windows system. On this fascinating Wiki, a group of hackers are meticulously reverse-engineering the TiVoToGo DRM and finding ways of subverting it. They've put together a command-line app that breaks the DRM, which means that an easy-to-use graphic tool can't be far behind. < - > http://www.boingboing.net/2006/12/04/tivotogo_drm_cracked.html From rforno at infowarrior.org Mon Dec 4 21:55:59 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 04 Dec 2006 21:55:59 -0500 Subject: [Infowarrior] - Universal, MySpace set for landmark battle Message-ID: Universal, MySpace set for landmark battle By Joshua Chaffin in New York http://www.ft.com/cms/s/f2fcd922-83c7-11db-9e95-0000779e2340.html Published: December 4 2006 19:00 | Last updated: December 4 2006 19:00 The legal battle brewing between Universal Music and MySpace could shape the broader commercial relationship between traditional media companies and a new generation of internet start-ups that rely on them for content. Last month Universal accused MySpace of infringing its copyrights by allowing its customers to post music videos from artists such as Jay-Z on the site without permission. The lawsuit followed similar claims by Universal a few weeks earlier against two other sites that feature user-generated content, Bolt.com and Grouper.com. Yet, as lawyers prepare for battle, they do so on uncertain legal ground. The legislation at the heart of the debate, the Digital Millennium Copyright Act, was written years before social networking sites such as MySpace even existed. That fact has injected considerable uncertainty into the matter, according to copyright experts, and helps explain why lawyers from both sides are proclaiming that the DMCA, as it is known, is on their side. ?There?s a lot of grey area here,? said Lee Bromberg, a partner at Bromberg & Sunstein, a Boston-based law firm that specialises in intellectual property. Mr Brom?berg views the most recent suits as the latest chapter in copyright law?s long history of failing to keep pace with new technology. It is a tension that emerged more than 200 years ago when the printing press made obsolete regulations devised for hand-drawn maps and charts. Kraig Baker, a partner at Davis, Wright, Tremaine in Seattle, agreed. ?It?s part of the continuing struggle between content owners and developers of technology,? he said. ?People are trying to find out where the line is.? The DMCA was passed in 1998 to strengthen intellectual property rights for software, films and other materials. One of its key provisions was a ?safe harbour? lobbied for by telephone companies, who were worried that they might be held liable for copy?right violations on the internet since they supplied the trunks and phone lines that were its basic infrastructure. The safe harbour protec?-ted so-called ?dumb pipes? from prosecution as long as their owners did not have prior know?ledge of infringement and complied expeditiously with requests to remove copyrighted material. Grouper, Bolt and MySpace, owned by News Corp, insist that they meet those conditions. In addition to responding to requests to remove material, they have sought to insulate themselves by installing new filtering technologies that would make it less bur?densome for traditional media companies to monitor their sites. ?We are in full compliance with the Digital Millennium Copyright Act and have no doubt we will prevail in court,? MySpace said. But some lawyers say social networking and user-generated content sites are not the passive carriers ? like an internet service provider ? that the drafters of the law had in mind. For one thing, they tab and index materials to make them easily searched on their sites. ?Services like YouTube and MySpace aren?t dumb pipes,? said Jeffrey Liebenson, a partner at Herrick, Feinstein. ?These may be beyond the scope.? Another debate hinges on how much these services should know about copyright infringement before it occurs. While it is true that they would not know what material individual users are posting on their sites at any moment, a review of their content reveals that much of it is illegal. ?The content people will say, ?Come on, the search term the person entered was ?David Lettermans Show?. Of course they knew it was copy?righted?,? said Jonathan Zittrain, professor of internet governance and regulation at Oxford University. Mr Zittrain said that the DMCA probably favoured the user-generated sites but that their case was hardly airtight. ?If I had to place a bet, I think they would probably pull it off. But there is plenty of room for a judge to rule on the equities,? he said. Content companies could also be bolstered by the Supreme Court?s ruling last year against Grokster, an online file-sharing service. In that case, the court found that software and technology companies could be held liable for copyright infringement when customers use their technology to download films and songs. A key part of their ruling was that Grokster and other companies named in the suit had encouraged copyright violations as part of their business strategy to attract users and then sell advertising based on that traffic. Whether a court would conclude that copyright infringement is part of MySpace and other sites? business model or a mere consequence is an open question. In the meantime, there is a good chance that the sides will settle. After threatening to sue earlier this year, Universal ultimately struck a distribution deal with YouTube, the leading internet video site, in which it receives a share of advertising revenue and a licensing fee for its content. It also received equity in the company worth tens of millions of dollars. But in the longer term, it seems likely that both content companies and the software and technology industries will lobby for revisions to the DMCA as they attempt to strengthen their positions. ?I think there?s a tension between the law as written, and the law as intended,? Mr Liebenson said. ?The DMCA was enacted in a very different era.? Copyright The Financial Times Limited 2006 From rforno at infowarrior.org Tue Dec 5 08:43:54 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Dec 2006 08:43:54 -0500 Subject: [Infowarrior] - A Virtual Chalkboard For Budding NFL Fans Message-ID: A Virtual Chalkboard For Budding NFL Fans http://www.washingtonpost.com/wp-dyn/content/article/2006/12/04/AR2006120401 436_pf.html By Les Carpenter Washington Post Staff Writer Tuesday, December 5, 2006; A01 T.J. Won was not born into football. He did not grow up the son of a coach. He did not play the game in high school. In fact, the sum of his playing experience consists of throwing the ball with friends in his home town of Milpitas, Calif., after watching San Francisco 49ers games on television. But in front of his television now, he notices the kinds of details coaches pick up. "I used to see people lining up and blocking people," said Won, a junior accounting major at Georgetown University. "Now I see players blocking in the flats, helping protection. You know where the quarterbacks want to throw." He arrived at this knowledge not by hanging around coaches' offices or studying game tapes. He learned it all from a video game -- Madden NFL. This is a phenomenon the National Football League never could have anticipated. In a world in which 53 million copies of the game have been sold in the last 17 years -- the latest version sold an unprecedented two million copies in its first weekend of release last summer -- Madden has provided the league a perfect conduit to its next generation of fans. And all because of attention to arcane details that has demystified the complexities of football to a population that never before understood them. "How else would I ever know what Cover-2 was?" Won said, referring to the widely used pass-defense alignment. Professional sports leagues -- concerned that young people were turning to pro wrestling or action sports such as skateboarding or motocross -- have spent millions trying to find the soul of the 15-to-25 year-old fan. They have invested in youth programs, TV shows and even cartoons, figuring one would be the magic elixir that will make their game the next hot thing. Who knew that for the NFL it would be something the league had little to do with creating? There are no statistics that conclusively link Madden to the NFL's next generation of fans. But a poll taken last year for the NFL said 22 percent of 12-to-17 year olds in the United States consider the NFL their favorite sport. The next closest, baseball, was at 13 percent. And given that NFL video games sold 6.2 million copies last year -- almost double that of the next most popular sport -- the NFL is sure there is a solid connection. Kids' "use of technology is different than a generation ago," said Lisa Baird, the NFL's senior vice president for marketing. "They are programmed differently than we are. They are wired differently than we are. We are getting increasingly smarter about the way kids act." But the popularity of the Madden game, named after Hall of Fame coach and NBC Sports analyst John Madden, has done more than broaden the game's reach to younger people. It has achieved something that for years was considered impossible. Because it has managed to replicate the actual offenses and defenses used in the NFL today, it has in essence demystified the game. "There's no question it's the video game that's bringing in teenagers," said Marc Ganis, the president of Sportscorp Ltd., a sports consulting firm based in Chicago. "It's educating young fans on the NFL terminologies and making them more sophisticated about the plays on the field. "But it's also bringing more fans into this very arcane, jargon-driven environment. If you watch the game on TV nowadays, the announcers -- especially the color men -- are using these very technical football terms. They expect the fans to understand it." It was probably only a matter of time before the Madden game got to this point. The technology has improved to the point that the players look almost real, as do the stadiums in the background. The NFL, in an attempt at control and also in response to demands from Electronic Arts, the game's maker, for more authenticity, has provided most of the teams' offenses and defenses that are then programmed into the game. Every year the league sends its officials to Orlando, where EA Sports produces the Madden game. The officials go over every play to see if it would be allowed in a real game, pointing out flaws sure to be penalized on the field, such as excessive celebrations or illegal formations. If a defensive player is particularly fast when chasing down a wide receiver, that will be reflected in the game. "I think the game has made a better-informed fan, a more sophisticated fan," said Leo Kane, the NFL's senior director for consumer products. By giving its players entry to the playbooks and the details of defenses, the Madden game has narrowed what once was a daunting divide between those fans who had played football and those who never did. While baseball and basketball have always been easy games to understand, the barrier football had to regular fans is they often had no idea what really was going on. "It allows you to understand the game of football rather than just throwing the football around the backyard," said Alex Boyce, a junior at Georgetown Day School. While Boyce said he is a casual player of Madden, playing once or twice a week, he can still turn on a Washington Redskins game, glance at the players lined up and immediately tell if the defensive team has its "nickel" defense, in which five players line up in pass coverage, or "dime" defense, which uses six players against the pass, on the field. Rick Conner, the football coach at Linganore High School in Frederick, says his sixth grade son gets up at 8 in the morning to squeeze in a game of Madden before he leaves for school, only to play for several more hours once he gets home. "The fact he is more attuned to schemes and plays is amazing," he said. The sophistication of the kids trying out for high school football has improved so much that the Linganore coaches will often ask a player who is struggling to grasp some concept of offense or defense, "Do you play Madden?" "These kids know what a split formation is. They know how to float a zone because of this game," Conner said, using coach-speak for an offensive formation and a method for beating a zone pass defense. Back in 1986 no one could have imagined this. That's when Electronic Arts approached Madden about putting his name on a new football video game it was developing. The graphics were simplistic, the players, who lined up seven-on-seven, were indistinguishable blobs. At the time it was cutting edge. Madden loved the idea but balked at the watered-down concept. In a meeting that has now become legend around the NFL offices, the old coach and broadcaster said the game had to be 11-on-11 or else it wouldn't be real football. And if it wasn't real football, kids would not want to buy it. He turned out to be right. Originally titled John Madden Football, the game sold quickly in its first year of release in 1989, grew steadily through the 1990s as the graphics improved, then exploded in the last few years. Madden, whose voice narrates the action, still consults with EA Sports on the game. "I can tell you sitting in meetings 13 years ago no one knew it was going to sell 2 million copies," Kane said. No one could have expected that it would come to educate a generation of fans on football the way it has. "I don't want to say it was a surprise," said Chris Erb, director of marketing for EA Sports. "When you have something that authentic you expect it will have success. But it was never an intended effect." From rforno at infowarrior.org Tue Dec 5 09:13:21 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Dec 2006 09:13:21 -0500 Subject: [Infowarrior] - A MySpace for grown-ups Message-ID: A MySpace for grown-ups Social networking has been great for the kids, but not of much use to business - until now. With Reid Hoffman's MySpace-for-grown-ups at a tipping point, these days you're either LinkedIn or left out. Business 2.0 Magazine By Michael V. Copeland, Business 2.0 Magazine senior writer December 4 2006: 3:18 PM EST (Business 2.0 Magazine) -- At a Starbucks in downtown Mountain View, Calif., two 30-something men anxiously await the arrival of Reid Hoffman, one of Silicon Valley's most sought-after angel investors. It's 4:30 on a Sunday afternoon, the day Hoffman fields pitches from entrepreneurs. The coffeehouse is brimming inside and out with laptops jockeyed by students and startup specialists. Hoffman arrives, his cell phone clasped to one ear as he walks toward the table dressed in Birkenstock sandals, khaki shorts, and a black polo shirt with the word "In" embroidered on the chest. That's "In" as in LinkedIn, the company that Hoffman co-founded and that he runs the other six days of the week. LinkedIn is a three-year-old service that takes your personal business network online. People don't use it to discover new bands or track down a date - there's nothing social about this network. LinkedIn is all about business: recruiting, sales, investment. It's not exactly a marketplace or a job site but rather a community of more than 8 million people who rely on one another to get things done. And not just any 8 million people, but leading venture capitalists and entrepreneurs, along with tens of thousands of employees from Google (Charts), Microsoft (Charts), and other tech giants that use LinkedIn to find the best and brightest workers. "For many, it's become irresponsible to not invite business associates into your LinkedIn network," says Mikolaj Jan Piskorski, an assistant professor at Harvard Business School who specializes in sociology and strategy. "When that kind of cultural inflection point occurs, which is what LinkedIn is going through now, that is when things really begin to take off." Either LinkedIn, or left out Indeed, the Palo Alto company is at a tipping point. After a slow start, the service has nearly doubled its membership during the past year. Seeded with Hoffman's own high-powered network, a magnet for tech's movers and shakers, LinkedIn has capitalized on the Web 2.0 boom to attract more dealmaking members and race past its rivals. VC heavyweights Sequoia Capital and Greylock - whose hit parade includes Apple, Cisco (Charts), Google, and Yahoo (Charts) - have pumped nearly $15 million into LinkedIn. The private company says it's profitable and on track to hit $100 million in revenue by 2008. Unlike other networking sites' advertising-driven model that puts them on the treadmill of attracting ever more users, LinkedIn also makes money from services. People - mainly the site's 60,000 recruiters - pay an average of $3,600 a year for premium features such as sending messages to LinkedIn members outside their own networks. Corporate members pony up six-figure fees for access to the network. In recent months, the buzz around the Valley has LinkedIn in acquisition talks with Yahoo. (Neither party will confirm or deny.) But Hoffman is intent on building on the company's growing popularity in a bid for the big payout down the road. In the meantime, LinkedIn has become the go-to place for the tech elite. Increasingly, if you're not LinkedIn, you're left out. Degrees of separation Take those two guys sitting at the table in Starbucks getting ready to pitch their guts out to Hoffman. LinkedIn helped get them this meeting. Here's how: When Flickr co-founder Stewart Butterfield was looking for angel money for his photo-sharing site, he tracked down Hoffman on the site via LinkedIn member Frank Boosman, one of Butterfield's board members. Boosman made the introduction to Hoffman, who ultimately invested in Flickr. Hoffman then included Butterfield as part of his online network of associates. Butterfield knew one of the two entrepreneurs at the table (who are in stealth mode and requested anonymity). Both are LinkedIn members, naturally. Butterfield vouched for these two guys via LinkedIn, and voil?, now they're sipping lattes with Hoffman and hoping he'll write them a check to get their startup off the ground. After some preliminary chitchat, the two men launch into their demo. Hoffman's face, smiling a moment before, gets serious. He puts his fingers in a steeple touching his chin, and closes his eyes while listening to the details of their new consumer Internet business. "The way my investment thesis works is this," Hoffman says after 20 minutes of back-and-forth with the duo. "If I believe you have a chance to get to scale, I'm interested. If you don't, I'm not." Hoffman got his bank account to scale at PayPal, where he was a key player in the $1.5 billion sale of the company to eBay (Charts). As an angel investor, he's betting that he can spot the kinds of people and ideas that have enormous viral potential. He has invested in more than 40 startups, including Digg, Facebook, and Six Apart. But his biggest bet, and the one he also believes will pay off the most, is LinkedIn. "Why do you think I invested in those other companies but chose to spend all my time on LinkedIn?" Hoffman says. "It will piss those guys off for me to say it, but if we can tip successfully, we are massively more valuable than Facebook - and I mean a multibillion-dollar business." Slow start: What's in it for me? The notion for LinkedIn began in 1997, when Hoffman and fellow Stanford graduate Konstantin Guericke began discussing the burgeoning online-community market and how a service for professionals could be built. In 2002 they and three other engineers finally built the first version of LinkedIn, which launched the next year. The five of them germinated the service with about 350 of their own contacts. Perhaps not surprising, given the networks of a former PayPal executive, a tech-startup marketing guy, and a few software engineers, early LinkedIn members tended to be tech entrepreneurs and venture capitalists, chief among them VCs from Sequoia Capital and Greylock. A year after it launched, LinkedIn had 560,000 members. By 2005 there were 4.4 million. At that point the average person with 20 contacts had access to about 40,000 members within four degrees of separation. Clearly the service was growing, but it wasn't exploding the way Hoffman and Guericke had expected. "I thought that one year after we launched, we'd be where we are now," says Hoffman, 39. "If every professional had a profile on LinkedIn, you could find jobs, references, experts, old classmates, whatever you needed to do your work. Think about how rational that is." Rational for someone who invested in Friendster and watched its user numbers blow up (and then the company too). But getting professionals to try and then trust a new service with their business contacts is not like getting teenagers to build a MySpace page. It's a much harder sell. The reason most people join social networks is to hook up with friends who are already there and to make new ones by rallying around a favorite band, school, or TV show. By the time you've hit your 30s, though, you don't need a lot of new friends. What you need are contacts, old and new, who can help your career. "The people who LinkedIn wanted already network quite a lot, and they are pretty busy," says Harvard's Piskorski. "Unless they understand the value proposition instantaneously, they won't sign up." Seeking A-listers Hoffman and Guericke knew that. What they tried to do was make LinkedIn both as easy and as unobtrusive as possible. Your friends may nag you to join Friendster or MySpace, but nagging doesn't work very well in the business world. The mechanism at LinkedIn that overcame that obstacle is very simple: Anyone can join, but to make someone else a part of your network, you have to invite them and they have to accept. And whom would you rather invite to your network, someone who ranks below you in the work world or above? "You are more likely to invite up than down for your own network," says Guericke, LinkedIn's marketing VP. "That's only natural, but what that does is keep the quality high on LinkedIn. We wanted it to be a place where people you think highly of can be found. It might not be Steve Jobs, but it will be other senior people at Apple (Charts) who you might want to know." Still, LinkedIn had the chicken-and-egg dilemma that every online network faces: For it to be useful, it needs to have people; for it to have people, it needs to be useful. And LinkedIn did not provide a massively useful service for very many people during its first two and a half years. Not that there weren't quality people on its network. There just weren't very many of them. That all began to change with the explosion in membership during the past year. Deborah Schultz is a former head of marketing at blogging software company Six Apart and now works as a freelance strategist for social-media software companies. Schultz joined LinkedIn two years ago. "I've been on every freakin' social network from the beginning: SixDegrees, Orkut, Flickr, blogging sites - all of them," Schultz says. "I joined LinkedIn just to check it out, and really I sort of forgot about it. It was always there in the background, but it sort of disappeared for a while." Not anymore. "Recently I started noticing that the people I trust and respect are using LinkedIn," she says. "I started getting more invitations. I have been contacted for consulting work and full-time gigs through LinkedIn. Now it's a tool I use once or twice a week." A doubter turns devotee How did LinkedIn go from lame to, well, linked in? Web 2.0 came along, for one thing. A new wave of dotcom startups drew more entrepreneurs and investors to the service, which already boasted Silicon Valley's A-list. As the network grew, more people began noticing the quality of the links and realized that real deals were getting done. That was Srivats Sampath's experience. The founder and CEO of Silicon Valley online music site Mercora, Sampath had tried the service in its early days. "I put the invitations to LinkedIn in the same category as Friendster invitations," Sampath says. "Annoying crap. I'd mostly just toss them." Less than two months ago, however, Sampath received an invitation from Andy Chen, a mobile-device consultant, through Morten Lund, an associate of a colleague of Sampath's. Chen had seen Sampath give a talk at the Demo Conference about the online music industry. Chen liked what he heard, and contacted Sampath via LinkedIn to talk about mobile devices and music, a nexus that will play a huge part in Mercora's future. "It was this moment where you say, wow, the perfect guy that you would spend months looking for just dropped into your lap," Sampath says. "That's the power of LinkedIn. Now when I go tell my business development guy that we need to line up all these device manufacturers, I'll send him first to Chen, who already knows all of them." Linking to Chen opened up a whole new world of business contacts for Sampath. "I realized this is a service that is all about identifying a task or a business objective, and then finding someone who can help," he adds. Heard through the grapevine Ismael Ghalimi, CEO of Intalio, a software company based in Redwood City, Calif., uses LinkedIn for hiring, for fund-raising, and even to check on the scuba-diving conditions in Cura?ao. He's currently raising his next round of funding. Before any pitch meeting with a venture capitalist, Ghalimi does some scouting on LinkedIn to see if they have any contacts in common, what the VC's interests are outside of work - anything he can dig up that gives them some common ground. After the meeting Ghalimi goes back to those common connections he's unearthed on LinkedIn to get feedback on how the pitch went. "I'll even give information to these indirect contacts that would be a little bit difficult to say face-to-face with the VC," Ghalimi says. "For example, I'll tell them I expect a certain valuation - say, $20 million - and that will get back to the VC." LinkedIn has also paid off for Ghalimi in more personal ways. When a group of French friends and relatives who were set to fly to his wedding in San Francisco got booted from an overbooked United Airlines flight, he located the airline's general manager in France through LinkedIn and then wrangled an introduction through an Israeli contact. Before long, the reservations were reinstated. "United's French general manager sent me an e-mail an hour after the flight departed," Ghalimi says, "indicating that all had boarded." George Hoyem, a VC with Blue Print Ventures in South San Francisco, turned to LinkedIn when he was doing due diligence on an Apple iMac camera. "Through LinkedIn, I got into a part of Apple that I wouldn't have been able to any other way," Hoyem says. "I wanted to make an introduction for my portfolio company into an engineering effort inside Apple. I didn't have a direct connection, but one surfaced through a link one degree removed, and we tracked him down." At Microsoft, finding hidden talent That ability to get things done makes LinkedIn valuable to people like Ghalimi, Hoyem, and Sampath, but members like Glenn Gutmacher are the ones who make LinkedIn profitable. Gutmacher works for Microsoft, identifying the right people to fill jobs at the software giant. Gutmacher and his peers at companies from Google to Salesforce.com (Charts) to VMWare account for 10 percent of the site's membership. They can reach almost anybody they want via their massive networks. Gutmacher has 3,500 people with whom he directly connects. That gives him access within three degrees to about 3.5 million people. At any given time, Gutmacher might have 10 searches going within LinkedIn, looking for the best candidate for a spot in Redmond. "LinkedIn is a very efficient tool when you're trying to target passive candidates, people who aren't actively searching for a job," Gutmacher says. "For the niche that I am recruiting, usually the mid- to senior-level software and development engineers, they're all there." People like Gutmacher are part of a controversial group within LinkedIn called "promiscuous linkers." The person with the most connections is San Jose-based recruiter Ron Bates, who proudly trumpets more than 28,000 direct connections on his profile. Bates has built his recruiting business on the back of LinkedIn, which is a testament to its usefulness but does little to support the high-quality network idea that Hoffman promotes. LinkedIn has tried to discourage "link banking" by showing a maximum of 500 connections on a profile page, but that has done little to stop the practice. For people like Christian Mayaud, who held the top-connected spot for a time, there's no reason to stop. Mayaud, a New York City-based VC, argues that LinkedIn's value doesn't come from your trusted direct connections. "My experience has been that they're more apt to screen you from someone who could be important in business," Mayaud says. "I have found that total strangers are more effective connections than people I know well." A connection to retirement To become a mass phenomenon - and massively valuable in the process--LinkedIn needs the 80 percent of members who visit the site only occasionally to become addicted users. Hoffman knows he needs to find some recipe to give members the epiphany Sampath had, that "aha!" moment when they realize that LinkedIn is as necessary a business tool as a laptop or a cell phone. "Once we get them, we can keep them from the age of 25 to 65, the time when people are most valuable, when they are out changing the world," Hoffman says. "I want to be the service for them." LinkedIn is busy rolling out new features to encourage members to stick around. The most recent is LinkedIn Services, which allows members to recommend a handyman, chef, or real estate agent. "We want LinkedIn to go wherever your business network would go," Guericke says. "If it's social, we'll leave that to Facebook. But if it's about money, then it's LinkedIn." The other big push for the company in the coming year will be to extend its reach globally. There are nearly 4 million LinkedIn members outside the United States. While the service has cemented its lead in North America, it faces competition from sites in Europe and China. Not only would global expansion create new local markets, but the premise of LinkedIn gets very powerful as people connect around the world with customers, suppliers, and investors. If you're looking for a manufacturer in Korea, or a sales lead in France, LinkedIn wants to be the matchmaker. First-mover advantage If the site can do that, it can become the service Hoffman imagines, and he'll be able to command the price he imagines as well. There is competition - Spoke, Ryze, and newcomer Hoover's Connect - but for the moment, it's LinkedIn's market to lose. The company is phenomenally good at understanding how networking happens offline and how it can be improved online. Most members bring their offline business relationships into the service, and they're putting a lot of specific information about themselves into the system. "That builds in a lot of stickiness," says Harvard's Piskorski. "Those bonds are very strong, much stronger than a social site like MySpace. It's not to say that another business network couldn't be developed that had better features, but it would be tough to migrate all those people from one service to another." Back in Mountain View, the meeting at Starbucks ends without Hoffman whipping out his checkbook on the spot. "I'm leaning toward investing, but I will have a definite answer for you in a few days," he says. An investment from Hoffman would be the last piece of angel funding the startup needs. Now the two entrepreneurs must find people to help take their company to the next stage. "We are looking for a set of advisers who really understand the arc that a startup goes through," the CEO says. "We need to identify who in our network can help us." And how will they do that? LinkedIn, of course. Michael V. Copeland is a senior writer at Business 2.0. Top of page To send a letter to the editor about this story, click here. >From the December 1, 2006 issue Find this article at: http://money.cnn.com/magazines/business2/business2_archive/2006/12/01/839496 7/index.htm?postversion=2006120408 From rforno at infowarrior.org Tue Dec 5 16:19:25 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Dec 2006 16:19:25 -0500 Subject: [Infowarrior] - U.S. to create 'risk assessments' of air passengers Message-ID: U.S. to create 'risk assessments' of air passengers Department of Homeland Security implements data-mining system for passengers traveling to the U.S. By Tom Espiner Special to CNET News.com Published: December 5, 2006, 9:00 AM PST http://news.com.com/U.S.+to+create+risk+assessments+of+air+passengers/2100-7 348_3-6140909.html?tag=nefd.top The U.S. Department of Homeland Security has implemented a data-mining system for all passengers traveling to the U.S., including travelers from the European Union. The Automated Targeting System (ATS) is a data-mining system that will let the agency create "risk assessments" of tens of millions of travelers. The information will be held for 40 years, and even U.S. citizens will have no right to view those risk assessments. "With respect to the data that ATS creates, i.e. the risk assessment for an individual, the risk assessment is for official law enforcement use only and is not communicated outside of CBP (Bureau of Customs and Border Protection) staff, nor is it subject to access under the Privacy Act," said a Department of Homeland Security assessment of the system's impact on privacy. Risk assessments will be used to determine whether the subject is deemed a security threat, or is likely to contravene any article of U.S. law. However, the Department of Homeland Security has said that innocent passengers may not even be aware that information on them is being mined or that risk assessments are being formed. "ATS is a system that supports CBP law enforcement activities, as such an individual might not be aware of the reason additional scrutiny is taking place, nor should he or she as this may compromise the means and methods of how CBP came to require further scrutiny," the agency said. The data is initially collected from both government and commercial sources, including airline reservations. So-called Passenger Name Record (PNR) data may include passenger name, address, contact details, flight details, frequent flier details, accommodation details and general remarks. Once collected, the data is fed into the Treasury Enforcement Communications System, an "overarching law enforcement information collection, targeting, and sharing environment," according to a Department of Homeland Security document. Access to the data will be granted to law enforcement bodies, the Secret Service, and also "contractors, grantees, experts, consultants, students, and others performing or working on a contract, service, grant, co-operative agreement, or other assignment for the Federal government," according to the document. No mention is made of the public being able to access the data collected on them. There is a mechanism for redress should incorrect or inaccurate data be collected--but how passengers would know that incorrect data is being held has not been explained by the agency. The data can be corrected through the redress process. Once this happens, risk assessments are reformulated in real time. Electronic rights group the Electronic Frontier Foundation (EFF) called this an "invasive and unprecedented data-mining system," and called for the government to delay implementation of the scheme until there had been informed public debate. ATS was implemented on Monday. "The government is preparing to give millions of law-abiding citizens 'risk assessment' scores that will follow them throughout their lives," said EFF senior counsel David Sobel. "If that wasn't frightening enough, none of us will have the ability to know our own score, or to challenge it. Homeland Security needs to delay the deployment of this system and allow for an informed public debate on this dangerous proposal," he added. Under a deal with the European Union, the Department of Homeland Security can electronically access PNR data from air carriers' reservation and departure control systems within the European Union. Tom Espiner of ZDNet UK reported from London. From rforno at infowarrior.org Tue Dec 5 18:53:12 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Dec 2006 18:53:12 -0500 Subject: [Infowarrior] - Civil liberties board has 1st session Message-ID: (c/o PWR) Posted on Tue, Dec. 05, 2006 Civil liberties board has 1st session HOPE YEN Associated Press http://www.pogowasright.org/article.php?story=20061205134710177 WASHINGTON - Civil liberties advocates urged a White House privacy board Tuesday to aggressively review the government's warrantless surveillance program, even as they questioned whether it has the power to do so. The Privacy and Civil Liberties Board, which was created in late 2004 after a recommendation by the Sept. 11 commission, was holding its first hearing with testimony from nongovernment experts on ways to protect Americans' rights during the war on terror. Its five members, which left the agenda open, at times found themselves under scrutiny. "This board needs to bring a little sunshine," Caroline Frederickson, director of the ACLU's Washington legislative office, said in her prepared testimony. She said she was disappointed that panel members recently praised the safeguards of the surveillance program that a federal judge initially ruled as illegal. "It remains clear that this program was built outside of, and in direct contradiction to, the Foreign Intelligence Surveillance Act and Fourth Amendment guaranteed protections," she said. "This panel's integrity and usefulness will be questioned if it dodges its duty to undertake a full review." Privacy officers from the Office of Director of National Intelligence, Terrorist Screening Center and the departments of Justice and Homeland Security were also scheduled to attend a hearing that the board described as a "listening session." The panel was created as a compromise between Congress and the White House amid growing public concern about the government's tactics in the war on terror, including the eavesdropping program, a financial transactions tracking system and secret CIA prisons where terrorism suspects have been interrogated. Bush appointed Carol Dinkins, a Houston Republican, to chair the board. A longtime friend of the Bush family, she was treasurer of Bush's first campaign for governor of Texas, and a longtime partner in the law firm of Vinson & Elkins, where Attorney General Alberto Gonzales once was a partner. The panel's other GOP members include vice chairman Alan Raul, a Washington attorney, former U.S. Solicitor General Theodore B. Olson and former Ambassador Francis Taylor. Former Clinton White House counsel Lanny Davis is the lone Democrat. The board does not have subpoena power, and its annual reports to Congress can be vetted by the White House. The members serve at the pleasure of Bush, and Gonzales has final say over whether officials must comply with the board's recommendations. After a delay of more than a year, board members last week received classified briefings on the National Security Agency's surveillance program as well as the administration's program to monitor international banking transactions. Raul and Davis have said in interviews that they were impressed by the protections and indicated that Americans might be "more reassured" if they knew all the details. But on Tuesday, privacy advocates said they were worried the board might be missing the point. "We continue to be troubled by the argument that a president has no obligation to follow the law or respect other constitutional guarantees whenever he invokes national security as a justification for his actions," David Keene, chairman of the American Conservative Union, said in his prepared remarks to the panel. Frederickson said she was not confident of the board's ability to get meaningful information from government agencies. Americans might be better off with legislation introduced by Reps. Carolyn Maloney, D-N.Y. and Christopher Shays, R-Conn., that would make the board independent from the president, she said. The board's first report to Congress is due in March. --- Privacy and Civil Liberties Oversight Board: http://www.whitehouse.gov/privacyboard/ From rforno at infowarrior.org Tue Dec 5 19:01:14 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Dec 2006 19:01:14 -0500 Subject: [Infowarrior] - Consumer Use Of Ad Blocking Technology Doubles Message-ID: Consumer Use Of Ad Blocking Technology Doubles In the past two years, the number of consumers using pop-up blockers and spam filters has more than doubled, according to a study from Forrester Research. By Thomas Claburn, InformationWeek Dec. 5, 2006 URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=196601694 Memo to marketers: Consumers still hate you and they've taken to blocking your ads. In the past two years, the number of consumers using pop-up blockers and spam filters has more than doubled, according to a new study, "Consumers Love to Hate Advertising," from Forrester Research. More than half of all American households now report using these ad blocking technologies to block unwanted pitches. Broadband households have become even harder to reach: some 81% of those with high-speed Internet access employ pop-up blockers and spam filters. Consumer attitudes toward marketers have actually improved somewhat, according to the report. However, it's not clear whether this slight thaw in sentiment is the result of successful ad blocking. The report suggests that marketers, media agencies, and publishers should see the stabilization of dislike as a sign of hope. At the same time, it warns that companies "cannot afford to ignore consumer distaste for advertising." And that distaste is strong: "Only 13% of consumers admit that they buy products because of their ads, and a paltry 6% believe that companies generally tell the truth in ads," the report states. The most common ad blocking system is run by the government-run National Do Not Call Registry, which now protects over 107 million U.S. consumers from intrusive telemarketing. Forrester also notes that ad avoidance is becoming more common on television. Today, 15% of consumers acknowledge using their digital video recorders to skip ads, more than three times as many as in 2004. The research firm predicts this behavior spread, based on projections that over half of all U.S. households will have DVRs by 2010. Consumer ire, the report says, is driven by three factors: an excess of ads, the disruptive nature of ads, and the irrelevance of ads. What's a marketer to do, beyond maintaining an unlisted number and pretending to work in a less despised profession, such as a cigarette company executive? Forrester recommends facilitating user experiences instead of disrupting them; focusing on metrics that measure whether a desired action occurred rather than whether a message was seen or heard; and shifting budgets from media to infrastructure to facilitate marketing across mediums from a central store of consumer data. Copyright ? 2006 CMP Media LLC From rforno at infowarrior.org Tue Dec 5 20:47:31 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Dec 2006 20:47:31 -0500 Subject: [Infowarrior] - NLW: Say Hello to the Goodbye Weapon Message-ID: Say Hello to the Goodbye Weapon By David Hambling| Also by this reporter 02:00 AM Dec, 05, 2006 http://www.wired.com/news/technology/1,72134-0.html The crowd is getting ugly. Soldiers roll up in a Hummer. Suddenly, the whole right half of your body is screaming in agony. You feel like you've been dipped in molten lava. You almost faint from shock and pain, but instead you stumble backwards -- and then start running. To your surprise, everyone else is running too. In a few seconds, the street is completely empty. You've just been hit with a new nonlethal weapon that has been certified for use in Iraq -- even though critics argue there may be unforeseen effects. According to documents obtained for Wired News under federal sunshine laws, the Air Force's Active Denial System, or ADS, has been certified safe after lengthy tests by military scientists in the lab and in war games. The ADS shoots a beam of millimeters waves, which are longer in wavelength than x-rays but shorter than microwaves -- 94 GHz (= 3 mm wavelength) compared to 2.45 GHz (= 12 cm wavelength) in a standard microwave oven. The longer waves are thought to limit the effects of the radiation. If used properly, ADS will produce no lasting adverse affects, the military argues. Documents acquired for Wired News using the Freedom of Information Act claim that most of the radiation (83 percent) is instantly absorbed by the top layer of the skin, heating it rapidly. The beam produces what experimenters call the "Goodbye effect," or "prompt and highly motivated escape behavior." In human tests, most subjects reached their pain threshold within 3 seconds, and none of the subjects could endure more than 5 seconds. "It will repel you," one test subject said. "If hit by the beam, you will move out of it -- reflexively and quickly. You for sure will not be eager to experience it again." But while subjects may feel like they have sustained serious burns, the documents claim effects are not long-lasting. At most, "some volunteers who tolerate the heat may experience prolonged redness or even small blisters," the Air Force experiments concluded. The reports describe an elaborate series of investigations involving human subjects. The volunteers were military personnel: active, reserve or retired, who volunteered for the tests. They were unpaid, but the subjects would "benefit from direct knowledge that an effective nonlethal weapon system could soon be in the inventory," said one report. The tests ranged from simple exposure in the laboratory to elaborate war games involving hundreds of participants. The military simulated crowd control situations, rescuing helicopter crews in a Black Hawk Down setting and urban assaults. More unusual tests involved alcohol, attack dogs and maze-like obstacle courses. In more than 10,000 exposures, there were six cases of blistering and one instance of second-degree burns in a laboratory accident, the documents claim. The ADS was developed in complete secrecy for 10 years at a cost of $40 million. Its existence was revealed in 2001 by news reports, but most details of ADS human testing remain classified. There has been no independent checking of the military's claims. The ADS technology is ready to deploy, and the Army requested ADS-armed Strykers for Iraq last year. But the military is well aware that any adverse publicity could finish the program, and it does not want to risk distressed victims wailing about evil new weapons on CNN. This may mean yet more rounds of testing for the ADS. New bombs can be rushed into service in a matter of weeks, but the process is more complex for nonlethal weapons. It may be years before the debates are resolved and the first directed-energy nonlethal weapon is used in action. The development of a truly safe and highly effective nonlethal crowd-control system could raise enormous ethical questions about the state's use of coercive force. If a method such as ADS leads to no lasting injury or harm, authorities may find easier justifications for employing them. Historically, one of the big problems with nonlethal weapons is that they can be misused. Rubber bullets are generally safe when fired at the torso, but head impacts can be dangerous, particularly at close range. Tasers can become dangerous if they are used on subjects who have previously been doused with flammable pepper spray. In the heat of the moment, soldiers or police can forget their safety training. Steve Wright of Praxis, the Center for the Study of Information and Technology in Peace, Conflict Resolution and Human Rights, notes that there are occasions when this has happened in the past. He cites British soldiers, who increased the weight of baton rounds in Northern Ireland. "Soldiers flouted the rules of engagement, doctoring the bullets by inserting batteries (to increase the weight) and firing at closer ranges than allowed," says Wright. There may also be technical issues. Wright cites a recent report on CS gas sprays which turned out to be more dangerous in the field than expected. "No one had bothered to check how the sprays actually performed in practice, and they yielded much more irritant than was calculated in the weapon specification. This underlines the need for independent checking of any manufacturers' specifications. Here secrecy is the enemy of safety." Eye damage is identified as the biggest concern, but the military claims this has been thoroughly studied. Lab testing found subjects reflexively blink or turn away within a quarter of a second of exposure, long before the sensitive cornea can be damaged. Tests on monkeys showed that corneal damage heals within 24 hours, the reports claim. "A speculum was needed to hold the eyes open to produce this type of injury because even under anesthesia, the monkeys blinked, protecting the cornea," the report says. The risk of cancer is also often mentioned in connection with the ADS system, despite the shallow penetration of radiation into the skin. But the Air Force is adamant that after years of study, exposure to MMW has not been demonstrated to promote cancer. During some tests, subjects were exposed to 20 times the permitted dose under the relevant Air Force radiation standard. The Air Force claims the exposure was justified by demonstrating the safety of the ADS system. The beam penetrates clothing, but not stone or metal. Blocking it is harder than you might think. Wearing a tinfoil shirt is not enough -- you would have to be wrapped like a turkey to be completely protected. The experimenters found that even a small exposed area was enough to produce the Goodbye effect, so any gaps would negate protection. Holding up a sheet of metal won't work either, unless it covers your whole body and you can keep the tips of your fingers out of sight. Wet clothing might sound like a good defense, but tests showed that contact with damp cloth actually intensified the effects of the beam. System 1, the operational prototype, is mounted on a Hummer and produces a beam with a 2-meter diameter. Effective range is at least 500 meters, which is further than rubber bullets, tear gas or water cannons. The ammunition supply is effectively unlimited. The military's tests went beyond safety, exploring how well the ADS works in practice. In one war game, an assault team staged a mock raid on a building. The ADS was used to remove civilians from the battlefield, separating what the military calls "tourists from terrorists." It was also used in a Black Hawk Down scenario, and maritime tests, which saw the ADS deployed against small boats. It might also be used on the battlefield. One war game deployed the ADS in support of an assault, suppressing incoming fire and obstructing a counterattack. "ADS has the same compelling nonlethal effect on all targets, regardless of size, age and gender," says Capt. Jay Delarosa, spokesman for the Joint Non-Lethal Weapons Directorate, which decides where and how the ADS might be deployed. "It can be used to deny an area to individuals or groups, to control access, to prevent an individual or individuals from carrying out an undesirable activity, and to delay or disrupt adversary activity." The precise results of the military's war games are classified, but Capt. Delarosa insists that the ADS has proven "both safe and effective in all these roles." The ADS comes in a variety of shapes and sizes. As well as System 1, a smaller version has been fitted to a Stryker armored vehicle -- along with other lethal and nonlethal weapons -- for urban security operations. Sandia National Labs is looking at a small tripod-mounted version for defending nuclear installations, and there is even a portable ADS. And there are bigger versions too. "Key technologies to enable this capability from an airborne platform -- such as a C-130 -- are being developed at several Air Force Research Laboratory technology directorates," says Diana Loree, program manager for the Airborne ADS. The airborne ADS would supplement the formidable firepower of Special Forces AC-130 gunships, which currently includes a 105-mm howitzer and 25-mm Gatling guns. The flying gunboats typically engage targets at a range of two miles or more, which implies an ADS far more powerful than System 1 has been developed. But details of the exact power levels, range and diameter of the beam are classified. From rforno at infowarrior.org Tue Dec 5 22:03:11 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Dec 2006 22:03:11 -0500 Subject: [Infowarrior] - Eeye Zero-Day Tracker Message-ID: Zero-Day Tracker Welcome to eEye Research Team's Zero-Day Tracker. This site was built to serve as an informational archive for zero-day vulnerabilities. Please email any questions regarding this site to skunkworks at eeye.com. Suggestions for additions to this list (past or present zero-day vulnerabilities) are always welcome. Active Zero-Day Vulnerabilities: 7 < - > http://research.eeye.com/html/alerts/zeroday/index.html From rforno at infowarrior.org Tue Dec 5 22:49:33 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Dec 2006 22:49:33 -0500 Subject: [Infowarrior] - Fox TV and blogging content ownership Message-ID: WTTG FOX-5 in DC recently underwent an on-air and on-line facelift -- perhaps as part of an overall effort by Fox to standardize their local news look and feel across the enterprise (check out myfoxny.com, which looks exactly like myfoxdc.com). Anyway, one of their new "features" is a blogging service that -- at least here in DC -- they regularly promote on the nightly news by inviting folks to "blog with us." Yet check out this part of their Blogging ToS: http://www.myfoxdc.myfoxtv.intermix.com/blogs/blogrules.aspx > 4. You agree that any content you post becomes the property of FIM. You > understand and agree that FIM and its parent and affiliated companies may use, > publish, copy, sublicense, adapt, edit, distribute, publicly perform, display > and delete the content you post as they see fit. This right will terminate at > the time you remove such content from the Site. Notwithstanding the foregoing, > a back-up or residual copy of the content posted by you to the Site may remain > on the FIM servers after you have removed such content from the Site, and FIM > retains the rights to those copies. Gee....how many other user-content-hosting sites have tried this in recent years?? 'nuff said. -rick Infowarrior.org From rforno at infowarrior.org Tue Dec 5 22:52:58 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 05 Dec 2006 22:52:58 -0500 Subject: [Infowarrior] - Homeland Security Extends Comment Time for ATS Message-ID: Homeland Security Extends Comment Time http://www.washingtonpost.com/wp-dyn/content/article/2006/12/05/AR2006120501 110_pf.html By MICHAEL J. SNIFFEN The Associated Press Tuesday, December 5, 2006; 7:01 PM WASHINGTON -- Under pressure from Congress and the public, the Homeland Security Department extended the time for people to comment on its computerized risk assessment system for international travelers. The deadline was pushed back from Dec. 4 to Dec. 29, department spokesman Jarrod Agen said Tuesday. By Tuesday, the department had received 59 public comments. All but one either opposed the system outright as a violation of privacy and other laws or called for better means for people to correct any errors in the data. One law firm representing ship owners and importers sought more time for comment. Rep. Bennie Thompson, D-Miss., who will become chairman of the House Homeland Security Committee when Democrats take control of Congress in January, wrote Homeland Security Secretary Michael Chertoff seeking extension of the comment period. Based on a briefing that committee staff received about the system last Friday, Thompson wrote "serious concerns have arisen that, with respect to U.S. citizens and possibly lawful permanent aliens, some elements of ATS as practiced may constitute violations of privacy or civil rights." The Associated Press reported last Thursday that for four years Customs and Border Protection agents have been using the Automatic Targeting System, or ATS, to produce assessments of the risk that any of the millions of people crossing U.S. borders, including Americans, are terrorists or criminals. Almost every traveler entering or leaving the country is evaluated by the ATS computers, but they are not allowed to see the assessment of them or directly challenge its accuracy. The government intends to keep the assessments 40 years and the data on which they are based for up to 40 years. Sen. Patrick Leahy, D-Vt., incoming chair of the Senate Judiciary Committee, promised more congressional scrutiny next year of the government's anti-terrorist databases and called the ATS scheme "simply incredible." The assessments are based on applying so-called rules, which are actually assumptions based on the past behavior of terrorists and criminals, to the person's travel records, including where they are from, how they paid for tickets, their motor vehicle records, past one-way travel, seating preference and what kind of meals they ordered. The government's first acknowledgment that ATS was producing risk assessments of travelers came in a Nov. 2 notice in the Federal Register, a dry daily compendium of rules and regulations. Although that notice said ATS would be implemented Dec. 4 unless negative comments dissuaded officials, ATS has been operational for some time and no changes were planned for Dec. 4, Toby Levin, senior adviser in Homeland Security's privacy office told the AP. The notice was only designed "to give greater transparency" to what Homeland Security was already doing, she said. In fact, Jayson Ahern, assistant commissioner of Customs and Border Protection, said federal agents had used ATS to develop risk assessments of travelers since the late 1990s, but the program had mushroomed in 2002 when legislation spawned by the Sept. 11, 2001, terrorist attacks took effect. That legislation required all air and cruise lines to electronically give Homeland Security advance lists of all their incoming and outgoing passengers and crew members. In addition, Ahern said Amtrak voluntarily provides passenger data on rail travelers between the U.S. and Canada and border agents keep track of many of the people and drivers who enter or leave land border crossings. Ahern said ATS is designed to pick out people who are not already on watch lists or wanted by law enforcement. Homeland Security's Agen said a new notice announcing the extension was sent Tuesday to the Federal Register and would be published in a few days. From rforno at infowarrior.org Wed Dec 6 17:25:18 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 06 Dec 2006 17:25:18 -0500 Subject: [Infowarrior] - TracFone: Cell Phone Unlocking Supports Terrorism Message-ID: (we all need some humor during the work week.......rf) TracFone: Cell Phone Unlocking Supports Terrorism Pre-paid cell phone company TracFone is arguing in court that allowing people to unlock their cell phones and use them with competing carriers will support terrorism. At issue is a recent ruling from the U.S. Copyright Office and the Library of Congress that the DMCA's anti-circumvention provisions, enacted to combat piracy, can't be used to keep people from reprogramming cell phones they've legally purchased. < - > http://blog.wired.com/27bstroke6/2006/12/tracfone_cell_p.html From rforno at infowarrior.org Wed Dec 6 18:42:14 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 06 Dec 2006 18:42:14 -0500 Subject: [Infowarrior] - Bush 'Privacy Board' Just a Gag Message-ID: Bush 'Privacy Board' Just a Gag http://www.wired.com/news/technology/1,72248-0.html By Ryan Singel| Also by this reporter 11:45 AM Dec, 06, 2006 WASHINGTON -- The first public meeting of a Bush administration "civil liberties protection panel" had a surreal quality to it, as the five-member board refused to answer any questions from the press, and stonewalled privacy advocates and academics on key questions about domestic spying. The Privacy and Civil Liberties Oversight Board, which met Tuesday, was created by Congress in 2004 on the recommendation of the 9/11 Commission, but is part of the White House, which handpicked all the members. Though mandated by law in late 2004, the board was not sworn in until March 2006, due to inaction on the part of the White House and Congress. The three-hour meeting, held at Georgetown University, quickly established that the panel would be something less than a fierce watchdog of civil liberties. Instead, members all but said they view their job as helping Americans learn to relax and love warrantless surveillance. "The question is, how much can the board share with the public about the protections incorporated in both the development and implementation of those policies?" said Alan Raul, a Washington D.C. lawyer who serves as vice chairman. "On the public side, I believe the board can help advance national security and the rights of American by helping explain how the government safeguards U.S. personal information." Board members were briefed on the government's NSA-run warrantless wiretapping program last week, and said they were impressed by how the program handled information collected from American citizens' private phone calls and e-mail. But the ACLU's Caroline Fredrickson was quick to ridicule the board's response to the administration's anti-terrorism policies, charging that the panel's private meetings to date largely consisted of phone calls with government insiders and agencies. "When our government is torturing innocent people and spying on Americans without a warrant, the PCLOB should act -- indeed, should have acted long ago," Fredrickson said. "Clearly you've been fiddling while Rome burns. This board needs to bring a little sunshine. So far America is kept in the dark -- and this is the first public meeting you have had." Lisa Graves, the deputy director of the Center for National Security Studies, asked the board two simple questions: Did they know how many Americans had been eavesdropped on by the warrantless wiretapping program, and, if so, how many? Raul acknowledged in a roundabout way that the data existed, but said it was too sensitive to release. Graves then asked if the board had pushed to have that data made public, as the Justice Department is required to do with typical spy wiretaps. Raul declined to say. "It is important for us to retain confidentiality on what recommendations we have and haven't made," he said. Graves tried to push the issue of whether the board was going to be public or private, but chairwoman Carol Dinkins politely cut her off and ended the question-and-answer session. Board member Lanny Davis, who had introduced himself by saying he grew up in a household where the ACLU was considered a "heroic organization," jumped in to explain why the nation's most prominent privacy board won't be transparent about whether it is urging more transparency. "Congress put us in the office of the president, we didn't," Davis said. "Had Congress wanted us to be an incensement agency, it would have made us independent." The sparsely attended meeting shaped up as a mostly one-way conversation, with attendees offering suggestions on how the board could transform itself into an effective organization by building on the work of earlier government privacy panels. Fred Cate, a cybersecurity professor at Indiana University, stressed that anti-terrorism programs that collect and sift through data on Americans -- such as the no-fly list and the recently announced Automated Targeting Center that has been computing terrorism quotients for those flying in and out of the country for more than five years -- need to have a robust way for people to contest the scores and underlying data. "Redress seems to be the foundation of any system," Cate said. "The only certainty in this entire field is that there will be false positives." The committee members largely kept their views to themselves, and the press was barred from posing questions during the two short public question periods. Dinkins, the board's chairwoman, who is a partner at the same law firm where Attorney General Alberto Gonzales once worked, offered little beyond pleasantries. Another board member, Francis Taylor, never spoke. ? From rforno at infowarrior.org Sat Dec 9 21:09:25 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 09 Dec 2006 21:09:25 -0500 Subject: [Infowarrior] - Chertoff: Traveler screening program wasn't a secret Message-ID: (c/o PWR) Chertoff: Traveler screening program wasn't a secret By Shane Harris, National Journal http://www.govexec.com/story_page.cfm?articleid=35639&sid=28 Homeland Security Secretary Michael Chertoff says it should not surprise people that for years his department has searched for terrorists among tens of millions of airline passengers, cross-checking travelers' personal data against terrorist watch lists and analyzing them for potential terrorist activity. "I've talked about the collection of this data and the analysis of this data incessantly," Chertoff said in an interview this week at his office. By "this data," Chertoff means the international passenger name records (PNRs) that airlines give to Homeland Security screeners. Each PNR contains basics such as a passenger's name, address, and seat assignment, but also details how the ticket was paid, whom the person is traveling with, and what telephone number the passenger used to book the reservation. The screeners analyze PNRs, including those of American citizens traveling abroad, as well as passport information, to see if anyone can be connected to a terrorist. But in the past two months, nearly 50 organizations and individuals have contacted the department to express varying degrees of concern and outrage over the computer program that actually performs this analysis: the Automated Targeting System. That's because, in addition to crunching data, ATS tags every international traveler with a "risk assessment," which security officers use when deciding whether to interrogate passengers or to keep them from flying. Once generated, those assessments may stay locked in ATS for as long as 40 years, and it is unlikely that passengers could ever know precisely what their risk rating is and how it was calculated. This is news to just about every major privacy and civil-liberties watchdog in the country; they thought that Homeland Security officials only wanted to use passenger data to target terrorists and assign risk ratings but had refrained from actually doing so. They believed that ATS was being used only to identify risky cargo aboard ships. So, did the watchdogs miss something? "Yeah, they missed about 100 speeches that I gave," an exasperated Chertoff told National Journal on December 5. "I've talked about ... PNR data and biographic data and using it to analyze and connect the dots about people before they come into the country; I have to have given at least 20 speeches about it." Chertoff called ATS "the process by which we collect that information and analyze it to see what are the patterns and the relationships that tell us, for example, that a particular telephone number is associated with a terrorist, or something of that sort." Chertoff acknowledged that he may have failed to use some key abbreviations in his speeches. "I don't know that I said the words 'ATS,' but that's just an analytic description," he said. It appears, however, that people did not become fully aware of how Homeland Security is parsing passenger data until after November 2. On that date, the department's privacy office, with no fanfare, filed a Federal Register notice detailing what ATS collects, how the information is used, and whether passengers could contest their risk assessments. Chertoff said that that public notice wasn't the first about ATS. Privacy experts, however, vehemently dispute that assertion, and a search of the Federal Register since 1995 for the exact phrase "Automated Targeting System" yielded only one notice mentioning airline passengers -- the November notice. Chertoff said the new notice was prompted by the department's desire "to be even more transparent and write, in even clearer English, about what we were going to do," especially after lengthy, and well-publicized, negotiations with European officials over how to use their citizens' PNR data, which is generally more zealously guarded than is similar information on Americans. Chertoff said the notice gave Homeland Security "an opportunity to make completely sure that there was no ambiguity" in how the department would handle European records. But ambiguity and confusion abound. Now the department's critics contend that it has engaged in one of the most massive, widespread data-mining operations ever run on U.S. citizens, and that it has done the deed in secret. The former charge is likely true -- more than 1 million people cross U.S. borders every day, and a former department official said that if any U.S. citizen has traveled internationally, he or she has been targeted by ATS. Just how secret that targeting was is a matter of perspective. ATS has tracked airline passengers for at least the past seven years, but the degree to which its use was expanded after 9/11 isn't clear. In congressional testimony in April 1999, then-U.S. Customs Commissioner Raymond Kelly -- now New York City's police commissioner -- said that in addition to screening cargo, "ATS is also being used in the air-passenger environment." Customs planned to "enhance" ATS's screening power, Kelly said then, and this would "increase the opportunity of locating and positively identifying high-risk travelers involved in drug smuggling, terrorism, and other transnational criminal activity." But opponents of such passenger profiling call ATS an end run on their efforts to halt government's encroachment on personal privacy since the 9/11 attacks. Privacy advocates say that while they were sparring with the Transportation Security Administration over its post-9/11 CAPPS II program, which also would have assigned risk levels to passengers, officials at Homeland Security's Customs and Border Protection were already targeting millions of people with ATS. This week, Rep. Bennie Thompson, D-Miss., the incoming chairman of the House Homeland Security Committee, asked Chertoff to halt further implementation of ATS until his staff can sort out the privacy and civil-liberties implications. The department postponed any decision until at least December 29. Chertoff hardly seemed amused by the public reaction. In the interview, he talked at length about some critics' penchant for placing great demands on the department and then scolding it for missing deadlines or for being ineffective. Of ATS, Chertoff said, "This goes in the no-good-deed-goes-unpunished category." "I've got a new rule," he added. "If I want to keep a secret, I give a speech about it. Because if I make a speech, no one picks it up. But if I put it in a document and I slip it under the table, then it gets the front page." The legal mechanism for notifying the public that a government system is using personal information is a Privacy Act notice, usually through the Federal Register, said David Sobel, senior counsel for the Electronic Frontier Foundation, a watchdog group. Until November 2, there was no such notice for ATS, Sobel said. "Any use of that system prior to that time is illegal." Clark Kent Ervin, who served as the Homeland Security Department's inspector general in 2003 and 2004, concurred. The November notice officials gave for ATS "strikes me as dishonest, and it strikes me as illegal on its face," said Ervin, who now directs the Homeland Security Initiative at the Aspen Institute. Others, however, said that the notice was a stab at greater transparency by Customs and Border Protection. "Customs has been fairly up front in publicizing that they do risk assessments of all incoming passengers," said Stewart Verdery, the Homeland Security Department's former assistant secretary for policy, who is now the president of Monument Policy Group, a consulting firm. Verdery said that Customs historically hasn't published all of its privacy notices but that the Federal Register notice effectively put all of the bureau's cards on the table about passenger targeting. "It baffles me that anyone would think this is some kind of secret," he said. "Now, the particulars of how it's done are secret. But the fact it's being done is not secret at all." Brian Goebel, a former senior policy adviser at Customs, who helped to enhance ATS's capabilities after 9/11, said, "Though the system hasn't been secret, the department didn't do a good job of explaining that this notice is further describing practices that the department has disclosed previously." But both he and Verdery said that ATS is one of the best tools available for tracking potential terrorists. "There's no doubt in my mind whatsoever that the system is effective in dealing with security and other risks," Goebel said. Meanwhile, Chertoff insisted that ATS and its passenger component -- which is also being used to screen people as they cross land borders -- shouldn't surprise anyone. He seemed to feel that if watchdogs have misunderstood his public remarks about a desire to collect passenger information, and to use it, they must have been out to lunch. "Otherwise, why are we collecting the data?" he asked. "Just to have it to sit around? That would actually be a mistake." From rforno at infowarrior.org Sun Dec 10 13:48:14 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 10 Dec 2006 13:48:14 -0500 Subject: [Infowarrior] - Hackers release workaround for Vista's enterprise activation Message-ID: Hackers release workaround for Vista's enterprise activation http://arstechnica.com/journals/microsoft.ars/2006/12/8/6229 Back in September, Ars discussed two ways that Microsoft volume licensing customers could activate Windows Vista. One method, the Multiple Activation Key (MAK), required that machine keys be authenticated against Microsoft's servers either through one centralized machine or individually. The second method, a Key Management Service (KMS), only required a centralized server that clients could activate against every 180 days. The server itself would host the keys, not the client machines. While the KMS is intended to benefit system administrators with several on-site clients, it turns out that the service may also benefit those looking to pirate Windows Vista?at least for now. Reports are circulating around the web claiming that a group of hackers have used a VMWare image and a VBS script to simulate a local KMS which can generate valid Vista product keys. Because Vista's Home and Ultimate editions cannot work with a KMS, they cannot be pirated. On the other hand, both Enterprise and Business editions of Vista can easily be activated with the "Microsoft.Windows.Vista.Local.Activation.Server-MelindaGates" workaround. APC Magazine, who first reported on the hack, explains how it works: The download is a VMWare image, and the idea behind it is that you download and install VMWare Player (a legal free download), boot the image and use some VBS script (supplied with the activation server download) to have the client Vista machine get its activation from the local server. And that's it ? no communication back to Microsoft. Although this hack shows that Vista can be tricked into activating, it is still just a workaround for enterprise activation. Ultimately, I have to believe that Microsoft will find a way to prevent this from happening in the future. Plus, even a system activated with this method must be reactivated every 180 days and cannot go through any sort of Windows Genuine Advantage check without some tampering. Not to downplay the fact that there is now a way to pirate Vista, but in some ways, Microsoft should be happy that someone had to create a KMS in order to fool Vista into activating. Inevitably, Vista's product activation was going to be circumvented. To quote APC's James Bannan, "the fact that it's taken the acquisition of a KMS server shows that Vista activation is still holding strong in its own right." Would you agree? From rforno at infowarrior.org Sun Dec 10 16:51:15 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 10 Dec 2006 16:51:15 -0500 Subject: [Infowarrior] - "Total Travel Information Awareness" Message-ID: (c/o IP) "Total Travel Information Awareness" Travel Data and Privacy by Edward Hasbrouck, "The Practical Nomad" [Note: An earlier version of this article won a 2003 Lowell Thomas Travel Journalism Award for investigative reporting from the Society of American Travel Writers Foundation. This version has been substantially updated to reflect events through September 2003, when I started my blog. For an updated overview of this topic, see my chapter on Travel Privacy in the Privacy and Human Rights 2004 yearbook from Privacy International and the Electronic Privacy Information Center; for more recent news, see the articles in the Privacy and Travel category of my blog.] < - > http://www.hasbrouck.org/articles/travelprivacy.html From rforno at infowarrior.org Sun Dec 10 22:03:29 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 10 Dec 2006 22:03:29 -0500 Subject: [Infowarrior] - How much will Windows security matter? Message-ID: How much will Windows security matter? By BRIAN BERGSTEIN, AP Technology WriterSun Dec 10, 2:33 PM ET http://news.yahoo.com/s/ap/20061210/ap_on_hi_te/microsoft_security_1&printer =1 Microsoft Corp. took great pains to improve security in its newly released computer operating system, Windows Vista, redesigning it to reduce users' exposure to destructive programs from the Internet. Outside researchers commend the retooled approach ? yet they also say the changes won't make online life much safer than it is now. Why not? Partly because of security progress that Microsoft already had made in its last operating system, Windows XP. Also because a complex product like Vista is bound to have holes yet to be discovered. And mainly because of the rapidly changing nature of online threats. Sure, Microsoft appears to have fixed the glitches that used to make it easy for viruses, worms and other problems to wreck PCs. But other avenues for attack are always evolving. "Microsoft has made the core of the operating system more secure, but they've really solved, by and large, yesterday's problems," said Oliver Friedrichs, director of emerging technologies at antivirus vendor Symantec Corp. That claim would not please Microsoft, which touts Vista's improved security as a big reason why companies and consumers will want to upgrade to the new operating system. In fact, Microsoft's effort to tighten security in Vista was one reason the software was delayed past the crucial holiday shopping season. It's now available for businesses and will be available to consumers Jan. 30. "It is an incremental improvement ? it is a reasonably large increment," said Jon Callas, chief technology officer at PGP Corp., a maker of encryption software. "I don't think it's a game-changer." Some of Vista's security enhancements require computers with the latest microprocessors ? which are known as 64-bit chips, in reference to how much data they process at once. That won't improve things on today's standard 32-bit computers, which will stick around for a long time. However, most of the improvements are available in all editions of Vista, including a stronger firewall and a built-in program known as Defender that alerts users if Vista believes spyware is being installed. "Windows is going to talk to you a lot more and make sure you're a lot more aware of what you're doing," said Adrien Robinson, a director in Windows' security technology unit. "It's going to help consumers be more savvy." One of Vista's biggest changes is more control over computer management. With previous versions of Windows, users were given by default great control over the computer's settings ? a situation that opened the door to nefarious manipulation by outsiders. In Vista, users are prompted to supply a password when they make significant changes ? a security feature long available on Apple Computer Inc.'s Macintosh and computers running the Linux operating system. At the same time, the software gives corporate PC administrators new security powers, such as the ability to turn off the USB ports that employees might use to remove data or bring in troublesome programs on flash drives. (Some network administrators had told Microsoft they were so desperate to stop that practice that they were filling the PC ports with glue.) Even with all the changes, Vista does not promise a total cure for security headaches. Microsoft, after all, is also selling security add-ons, competing more directly with antivirus companies than in the past. "Rather than having all the doors unlocked, you now have locks on the doors. It doesn't mean it's a silver bullet," Robinson said. "If they really wanted to get in, they could get through. They could throw a rock through the window. But it's harder. Our goal is to make it harder, to raise the bar." Still, when Vista for businesses was launched in New York on Nov. 30, Microsoft CEO Steve Ballmer promised a "dramatic" drop in "the number of vulnerabilities that ever present themselves." If so, that would spare Microsoft from a repeat of the embarrassing series of "critical" security patches it had to release for the previous operating system. But it might not mean much against many threats Web surfers face today. For one thing, the kinds of large-scale, automated worms that Vista purportedly will hinder have been waning anyway, according to security analysts. Symantec's Friedrichs said 2006 hasn't seen any worms as prevalent as the kinds that caused widely publicized PC outages several years ago, with names like Slammer and Blaster. That's partly because of enhancements Microsoft already made in Service Pack 2, a huge set of patches for Windows XP that were released in 2004. "If you're looking at two versions, XP Service Pack 2 versus Vista, I'm going to say to the average user they're both going to offer them good security," said Michael Cherry, an analyst at Directions on Microsoft. "Is Vista better? I don't know if it's that substantially better." Security experts say malicious hackers have largely moved away from outage-causing attacks, motivated by publicity or pride, in favor of more targeted and lucrative thefts of users' data. Those attacks tend to exploit flaws in Web applications or employ "social engineering" ? such as tricking people with phony e-mails into giving up passwords. "From that perspective, Vista is a non-event," said John McCormack, a senior vice president at security vendor Websense Inc. To its credit, Microsoft is fighting such "phishing" attacks by configuring its new Internet Explorer 7 Web browser to alert users if they're visiting a dicey-seeming Web site. Internet Explorer 7 is already available for free download. But IE7's phish-catching method alone is limited: It is based on a "black list" of sites known to be up to no good. Outside security experts say that will not stop the increasingly savvy attackers who constantly morph their tactics, sometimes every few hours. For example, Websense recently tracked a phishing attack that mimicked a customer service message from Amazon.com. It passed through most spam filters, and the phony Web site to which it directed victims changed throughout the day. For at least the first few days, IE7 hadn't caught up to block it, McCormack said. Perhaps one indication that security in the Vista era will be better but far from perfect came in recent research by Sophos PLC. The security software company determined that three of the 10 most prevalent malicious worms circulating on the Internet in November were able to run on Vista. Impressively, the e-mail program that comes with Vista ? Windows Mail, formerly called Outlook Express ? successfully found and blocked the malware. But Web-based e-mail services let it through, said Sophos security analyst Ron O'Brien. For O'Brien, that finding showed that while Microsoft's efforts to upgrade computer security are praiseworthy, there's only so much the company can do. Not only are Microsoft's hands tied when it comes to the security of third-party applications, but the company also is limited in what it can do with its own software. For example, McCormack said Microsoft might have done more to prevent criminals from surreptitiously placing keystroke-monitoring programs on computers to steal data. But the fix likely would have shut out legitimate programs as well, such as those that let people operate their PCs remotely. "You have to find this happy medium between usability and security," McCormack said. Of course, with Vista on a tiny fraction of desktops today, it's way too early to assess how much hackers can mess with it. "I don't know how long Microsoft is going to be able to claim the streets are safe before a criminal decides to challenge that opinion," O'Brien said. "That's going to just be a matter of time." ___ On the Net: Microsoft's page on Vista security: http://www.microsoft.com/security/windowsvista/default.mspx From rforno at infowarrior.org Mon Dec 11 00:25:15 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Dec 2006 00:25:15 -0500 Subject: [Infowarrior] - Seeking Iran Intelligence, U.S. Tries Google Message-ID: Seeking Iran Intelligence, U.S. Tries Google Internet Search Yields Names Cited in U.N. Draft Resolution http://www.washingtonpost.com/wp-dyn/content/article/2006/12/10/AR2006121000 959_pf.html By Dafna Linzer Washington Post Staff Writer Monday, December 11, 2006; A01 When the State Department recently asked the CIA for names of Iranians who could be sanctioned for their involvement in a clandestine nuclear weapons program, the agency refused, citing a large workload and a desire to protect its sources and tradecraft. Frustrated, the State Department assigned a junior Foreign Service officer to find the names another way -- by using Google. Those with the most hits under search terms such as "Iran and nuclear," three officials said, became targets for international rebuke Friday when a sanctions resolution circulated at the United Nations. Policymakers and intelligence officials have always struggled when it comes to deciding how and when to disclose secret information, such as names of Iranians with suspected ties to nuclear weapons. In some internal debates, policymakers win out and intelligence is made public to further political or diplomatic goals. In other cases, such as this one, the intelligence community successfully argues that protecting information outweighs the desires of some to share it with the world. But that argument can also put the U.S. government in the awkward position of relying, in part, on an Internet search to select targets for international sanctions. None of the 12 Iranians that the State Department eventually singled out for potential bans on international travel and business dealings is believed by the CIA to be directly connected to Iran's most suspicious nuclear activities. "There is nothing that proves involvement in a clandestine weapons program, and there is very little out there at all that even connects people to a clandestine weapons program," said one official familiar with the intelligence on Iran. Like others interviewed for this story, the official insisted on anonymity when discussing the use of intelligence. What little information there is has been guarded at CIA headquarters. The agency declined to discuss the case in detail, but a senior intelligence official said: "There were several factors that made it a complicated and time-consuming request, not the least of which were well-founded concerns" about revealing the way the CIA gathers intelligence on Iran. That may be why the junior State Department officer, who has been with the nonproliferation bureau for only a few months, was put in front of a computer. An initial Internet search yielded over 100 names, including dozens of Iranian diplomats who have publicly defended their country's efforts as intended to produce energy, not bombs, the sources said. The list also included names of Iranians who have spoken with U.N. inspectors or have traveled to Vienna to attend International Atomic Energy Agency meetings about Iran. It was submitted to the CIA for approval but the agency refused to look up such a large number of people, according to three government sources. Too time-consuming, the intelligence community said, for the CIA's Iran desk staff of 140 people. The list would need to be pared down. So the State Department cut the list in half and resubmitted the names. In the end, the CIA approved a handful of individuals, though none is believed connected to Project 1-11 -- Iran's secret military effort to design a weapons system capable of carrying a nuclear warhead. The names of Project 1-11 staff members have never been released by any government and doing so may have raised questions that the CIA was not willing or fully able to answer. But the agency had no qualms about approving names already publicly available on the Internet. "Using a piece of intel on project 1-11, which we couldn't justify in open-source reporting, or with whatever the Russians had, would have put us in a difficult position," an intelligence official said. "Inevitably, someone would have asked, 'Why this guy?' and then we would have been back to the old problem of justifying intelligence." A senior administration official acknowledged that the back-and-forth with the CIA had been difficult, especially given the administration's desire to isolate Iran and avoid a repeat of flawed intelligence that preceded the Iraq war. "In this instance, we were the requesters and the CIA was the clearer," the official said. "It's the process we go through on a lot of these things. Both sides don't know a lot of reasons for why either side is requesting or denying things. Sources and methods became their stated rationale and that is what they do. But for policymaking, it can be quite frustrating." Washington's credibility in the U.N. Security Council on weapons intelligence was sharply eroded by the collapse of prewar claims about Iraq. A senior intelligence official said the intelligence community is determined to avoid mistakes of the past when dealing with Iran and other issues. "Once you push intelligence out there, you can't take it back," the official said. U.S., French and British officials came to agree that it was better to stay away from names that would have to be justified with sensitive information from intelligence programs, and instead put forward names of Iranians whose jobs were publicly connected to the country's nuclear energy and missile programs. European officials said their governments did not rely on Google searches but came up with nearly identical lists to the one U.S. officials offered. "We do have concerns about Iranian activities that are overt, and uranium enrichment is a case in point," said a senior administration official who agreed to discuss the process on the condition of anonymity. "We are concerned about what it means for the program, but also because enrichment is in violation of a U.N. Security Council resolution." The U.S.-backed draft resolution, formally offered by Britain and France, would impose a travel ban and freeze the assets of 11 institutions and 12 individuals, including the commander of Iran's Revolutionary Guards, the directors of Iran's chief nuclear energy facilities, and several people involved in the missile program. It would prohibit the sale of nuclear technologies to Iran and urges states to "prevent specialised teaching or training" of Iranian nationals in disciplines that could further Tehran's understanding of banned nuclear activities. The text says the council will be prepared to lift the sanctions if Mohamed ElBaradei, the IAEA's director general, concludes within 60 days that Iran has suspended its enrichment and reprocessing of uranium and has halted efforts to produce a heavy-water nuclear energy reactor. Many Security Council members are uneasy about the sanctions. The Russians and the Chinese -- whose support is essential for the resolution to be approved -- have told the United States, Britain and France they will not support the travel-ban element of the resolution, according to three officials involved in the negotiations. Russia is building a light-water nuclear reactor in Iran and some people on the sanctions list are connected to the project. "The Russians have already told us it would be demeaning for people to ask the Security Council for permission to travel to Russia to discuss an ongoing project," a European diplomat said yesterday. U.S. and European officials said there is room for negotiation with Russia on the names and organizations, but they also said it is possible that by the time the Security Council approves the resolution, the entire list could be removed. "The real scope of debate will be on the number of sanctions," one diplomat said. "Companies and individuals could go off the list or go on." Staff writer Colum Lynch at the United Nations contributed to this report. From rforno at infowarrior.org Mon Dec 11 00:51:32 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Dec 2006 00:51:32 -0500 Subject: [Infowarrior] - Self-Tech: 2006, Brought to You by You Message-ID: December 10, 2006 Music 2006, Brought to You by You By JON PARELES http://www.nytimes.com/2006/12/10/arts/music/10pare.html?_r=1&oref=slogin&p agewanted=print IMAGINE paying $580 million for an ever-expanding heap of personal ads, random photos, private blathering, demo recordings and camcorder video clips. That?s what Rupert Murdoch did when his News Corporation bought MySpace in July. Then imagine paying $1.65 billion for a flood of grainy TV excerpts, snarkily edited film clips, homemade video diaries, amateur music videos and shots of people singing along with their stereos. That?s what Google got when it bought YouTube in October. What these two highly strategic companies spent more than $2 billion on is a couple of empty vessels: brand-named, centralized repositories for whatever their members decide to contribute. All that material is ?user-generated content,? the paramount cultural buzz phrase of 2006. It?s a term that must appeal to the technocratic instincts of investors. I prefer something a little more old-fashioned: self-expression. Terminology aside, this will be remembered as the year that the old-line media mogul, the online media titan and millions of individual Web users agreed: It demands attention. It?s on Web sites like YouTube, MySpace, Dailymotion, PureVolume, GarageBand and Metacafe. It?s homemade art independently distributed and inventively promoted. It?s borrowed art that has been warped, wrecked, mocked and sometimes improved. It?s blogs and open-source software and collaborative wikis and personal Web pages. It?s word of mouth that can reach the entire world. It?s often inept, but every so often it?s inspired, or at least worth a mouse click. It has made stars, at least momentarily, of characters like the video diarist Lonelygirl (who turned out to be a fictional creation) and the power-pop band OK Go (whose treadmill choreography earned far more plays than its albums). And now that Web entrepreneurs have recognized the potential for profit, it?s also a sweet deal: amateurs, and some calculating professionals, supply the raw material free. Private individuals aren?t private anymore; everyone wants to preen. All that free-flowing self-expression presents a grandly promising anarchy, an assault on established notions of professionalism, a legal morass and a technological remix of the processes of folk culture. And simply unleashing it could be the easy part. Now we have to figure out what to do with it: Ignore it? Sort it? Add more of our own? In utopian terms the great abundance of self-expression puts an end to the old, supposedly wrongheaded gatekeeping mechanisms: hit-driven recording companies, hidebound movie studios, timid broadcast radio stations, trend-seeking media coverage. But toss out those old obstacles to creativity and, lo and behold, people begin to crave a new set of filters. TECH oracles predicted long ago that by making worldwide distribution instantaneous, the Web would democratize art as well as other discourse, at least for those who are connected. The virtual painting galleries, the free songs, the video blogs, the comedy clips, the online novels ? all of them followed the rise of the Internet and the spread of broadband as inevitably as water spills through a crack in a dam. Why keep your creativity, or the lack of it, to yourself when you can invite the world to see? Every so often the world notices. British rockers like the Arctic Monkeys and Lily Allen built huge followings at home and abroad by making their music available on MySpace, where bands can post full-length songs and video clips. When the Arctic Monkeys released their first album as 2006 began ? full of songs that fans already had on their computers and iPods ? it drew the highest initial sales of any debut in the history of the British charts. Both of them are exceptions, however; many musicians are still waiting for the first stranger to visit their MySpace page. While some small percentage of the user-generated outpouring is a first glimpse of real talent, much of it is fledgling bands unveiling a song recorded last Thursday in a friend?s basement, or would-be directors showing the world their demo reels. There?s deadpan video v?rit?, raw club recordings, ?gotcha? moments (like Michael Richards?s stand-up meltdown) and wiseguy edits, along with considerably more polished productions. And users generate all sorts of recombinant art: parodies, alternate video clips, mash-ups, juxtapositions, ?Star Trek? scenes accompanied by U2 songs, George W. Bush rapping. User-generated content ? turning the audience into the auteur ? isn?t exactly an online innovation. It?s as old as ?America?s Funniest Home Videos,? or letters to the editor, or community sings, or Talmudic commentary, or graffiti. The difference is that in past eras most self-expression stayed close to home. Users generated traditional cultures and honed regional styles, concentrated by geographical isolation. In the 20th century recording and broadcasting broke down that isolation. Yet those same technologies came to reinforce a different kind of separation: between professional artist and audience. A successful artist needed not only creativity and skill, but also access to the tools of production ? studios, recorders, cameras ? and outlets for mass distribution. As the music and movie businesses grew, they flaunted their economic advantage. They could spend millions of dollars to make and market blockbuster hits, to place them in theaters or get them played on radio and MTV. They owned the factories that could press vinyl albums and make the first CDs, before the days of the home CD burner and MP3s. Independent types could, and did, release their own work, but they couldn?t match the scale of the established entertainment business. They still are at a disadvantage. But they are gaining. Low-budget recording and the Internet have handed production and distribution back to artists, and one-stop collections of user-generated content give audiences a chance to find their works. With gatekeepers out of the way, it?s possible to realize the do-it-yourself dreams of punk and hip-hop, to circle back to the kind of homemade art that existed long before media conglomerates and mass distribution. But that art doesn?t stay close to home. Online it moves breathtakingly fast and far. Folk cultures often work incrementally, adding bits of individuality to a well-established tradition, with time and memory determining what will last. In the user-generated realm, tradition is anything prerecorded, and all existing works seem to be there for the taking, copyrights aside. In the process, another thing users generate is back talk. Surfing YouTube can be a survey of individual reactions to pop culture: movie and television characters transplanted out of their original plots or synched to improbable songs, pop hits revamped as comedy or attached to new, unauthorized imagery. (Try searching for Justin Timberlake on YouTube to see all the variations, loving and snide, on his single ?Sexyback.?) Copyright holders might be incensed; since buying YouTube, Google is paying some of them and fielding lawsuits from others. But a truly shrewd marketer might find some larger value. Those parodies, collages, remakes and mismakes are unvarnished market research: a way to see what people really think of their product. They?re also advertising: a reminder of how enjoyable the official versions were. The amateurs may seem irreverent, disrespectful and even parasitical as they help themselves to someone else?s hooks. But they?re confirming that the pros came up with something durable enough to demand a reply. Without icons, what would iconoclasts mock? Some pros understand that they don?t need to have the last word on their work. Rappers like Jay-Z customarily release a cappella versions of their rhymes, a clear invitation for disc jockeys and producers to work up their own new tracks. Rockers like Nine Inch Nails have placed their raw multitrack recordings online, along with the software to remix them. Filmmakers have not been so forthcoming, but that hasn?t stopped viewers from, for instance, editing ?The Big Lebowski? down to all the moments when its characters use a certain four-letter word. It?s a popular clip on YouTube. Of course the notion of culture as something bestowed by creators and swallowed whole by audiences never had much to do with reality. Now fans can not only tell others about their responses to art ? in the user-generated content of fan sites and discussion forums ? but they can also demonstrate them directly. IN the tsunami of self-expression, audiences have been forced to take on a much bigger job: sifting through the new stuff. For musicians, the Internet has become an incessant public audition. What once was winnowed down by A&R departments, and then culled again by radio stations and other media, is now online in all its hopeful profusion. A listener could spend the rest of her life listening to unreleased songs. Some people do just that to claim bragging rights, or blogging rights, for discovering the next indie sensation. Individually the hopefuls can?t compete with a heavily promoted major-label star. Face it: Song for song, most of them just aren?t as good. But collectively they are stiff competition indeed: for time, for attention and, eventually, for cultural impact. The multiplying choices promise ever more diversity, ever more possibility for innovation and unexpected delight. But they also point toward an increasingly atomized audience, a popular culture composed of a zillion nonintersecting mini-cults. So much available self-expression can only accelerate what narrowing radio and cable formats had already begun: the separation of culture into ever-smaller niches. That fragmentation is a problem for businesses, like recording companies and film studios, that are built on selling a few blockbusters to make up for a lot of flops. The music business in particular is going to have to remake itself with lower and more sustainable expectations, along the lines of how independent labels already work. But let the business take care of itself; it?s the culture that matters. Fragmentation is difficult too for artists with populist intentions, who want to be heard beyond the confines of their core following. That kind of ambition isn?t only a mercenary one. It?s a challenge to preach to the unconverted, and an achievement to unite disparate audiences. Every so often it?s good to break through demographic categories and share some cultural reference. Popular culture has never been entirely monolithic ? someone, somewhere, has no opinion on Michael Jackson or ?Titanic? ? but 21st-century stardom has less clout, less scope. It?s shrinking down to mere celebrity. Yet there is a limit to how splintered a culture can become, one that?s as much psychological as aesthetic. Humans like to congregate and join a crowd, at least up to a point. One thing the Internet does superbly is to tabulate, and it?s no accident that sites featuring user-generated content prominently display their own most-viewed and most-played lists. Even if they take pride in ignoring the mass-market Top 10, users still want a little company, and perhaps they hope that the collective choices add up to some guidance. Humans also like to share what they enjoy; hence all the user-generated playlists at sites like Amazon or eMusic, the inevitable lists of favorite bands and films on social networking sites and the proliferation of music blogs, like fluxblog.org or obscuresound.com, that gather hard-to-find songs for listeners to download directly. The songs on music blogs are chosen not by companies desperate for profit, but by individuals with time to spare, and if the choices often seem a little, well, geeky ? indie rock, with a side of underground hip-hop, seems to be the overwhelming choice of music bloggers ? who but a geek would be spending all that time at a computer? Those geeks make life easier for the media moguls who bought into user-generated content this year. Selection, a time-consuming job, has been outsourced. What?s growing is the plentitude not just of user-generated content, but also of user-filtered content. (There are even sites like elbo.ws that tabulate songs found on music blogs, finding yet another Top 10.) The open question is whether those new, quirky, homemade filters will find better art than the old, crassly commercial ones. The most-played songs from unsigned bands on MySpace ? some played two million or three million times ? tend to be as sappy as anything on the radio; the most-viewed videos on YouTube are novelty bits, and proudly dorky. Mouse-clicking individuals can be as tasteless, in the aggregate, as entertainment professionals. Unlike the old media roadblocks, however, their filtering can easily be ignored. The promise of all the self-expression online is that genius will reach the public with fewer obstacles, bypassing the entrenched media. The reality is that genius has a bigger junk pile to climb out of than ever, one that requires just as much hustle and ingenuity as the old distribution system. The entertainment business is already nostalgic for the days when it made and relied on big stars; parts of the public miss a sense of cultural unity that may never return. Instead both have to face the irrevocable fact of the Internet: There?s always another choice. From rforno at infowarrior.org Mon Dec 11 10:19:36 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Dec 2006 10:19:36 -0500 Subject: [Infowarrior] - Lessig releases "Code v2" Message-ID: >From the Preface: "This is a translation of an old book?indeed, in Internet time, it is a translation of an ancient text." That text is Lessig's "Code and Other Laws of Cyberspace." The second version of that book is "Code v2." The aim of Code v2 is to update the earlier work, making its argument more relevant to the current internet. Code v2 was written in part through a collaborative Wiki. That version is still accessible here. Lessig took the Wiki text as of 12/31/05, and then added his own edits. Code v2 is the result. The Wiki text was licensed under a Creative Commons Attribution-ShareAlike 2.5 License. So too is the derivative. Reflecting the contributions of the community to this new work, all royalties have been dedicated to Creative Commons. You can download the full text in PDF form. The text is also available in a Wiki hosted by SocialText. And obviously, you can also buy the book at the links to the right. (A wise choice, as it is cheaper than printing the book in most contexts.) http://codev2.cc/ From rforno at infowarrior.org Mon Dec 11 21:32:14 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Dec 2006 21:32:14 -0500 Subject: [Infowarrior] - Effective Counterterrorism and the Limited Role of Predictive Data Mining In-Reply-To: Message-ID: (found through www.pogowasright.org) December 11, 2006 Policy Analysis no. 584 http://www.cato.org/pub_display.php?pub_id=6784 Effective Counterterrorism and the Limited Role of Predictive Data Mining by Jeff Jonas and Jim Harper Jeff Jonas is distinguished engineer and chief scientist with IBM's Entity Analytic Solutions Group. Jim Harper is director of information policy studies at the Cato Institute and author of Identity Crisis: How Identification Is Overused and Misunderstood. The terrorist attacks on September 11, 2001, spurred extraordinary efforts intended to protect America from the newly highlighted scourge of international terrorism. Among the efforts was the consideration and possible use of "data mining" as a way to discover planning and preparation for terrorism. Data mining is the process of searching data for previously unknown patterns and using those patterns to predict future outcomes. Information about key members of the 9/11 plot was available to the U.S. government prior to the attacks, and the 9/11 terrorists were closely connected to one another in a multitude of ways. The National Commission on Terrorist Attacks upon the United States concluded that, by pursuing the leads available to it at the time, the government might have derailed the plan. Though data mining has many valuable uses, it is not well suited to the terrorist discovery problem. It would be unfortunate if data mining for terrorism discovery had currency within national security, law enforcement, and technology circles because pursuing this use of data mining would waste taxpayer dollars, needlessly infringe on privacy and civil liberties, and misdirect the valuable time and energy of the men and women in the national security community. What the 9/11 story most clearly calls for is a sharper focus on the part of our national security agencies?their focus had undoubtedly sharpened by the end of the day on September 11, 2001?along with the ability to efficiently locate, access, and aggregate information about specific suspects http://www.cato.org/pub_display.php?pub_id=6784 From rforno at infowarrior.org Mon Dec 11 22:15:30 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Dec 2006 22:15:30 -0500 Subject: [Infowarrior] - FW: Unlocking cell phones does not violate DMCA In-Reply-To: Message-ID: ------ Forwarded Message From: Monty Solomon Excerpt from [Federal Register: November 27, 2006 (Volume 71, Number 227)] [Rules and Regulations] [Page 68472-68480] LIBRARY OF CONGRESS Copyright Office 37 CFR Part 201 Docket No. RM 2005-11 Exemption to Prohibition on Circumvention of Copyright Protection Systems for Access Control Technologies http://www.copyright.gov/fedreg/2006/71fr68472.html 5. Computer programs in the form of firmware that enable wireless telephone handsets to connect to a wireless telephone communication network, when circumvention is accomplished for the sole purpose of lawfully connecting to a wireless telephone communication network. The Wireless Alliance and Robert Pinkerton proposed an exemption for "Computer programs that operate wireless communications handsets." The proponents of this exemption stated that providers of mobile telecommunications (cellphone) networks are using various types of software locks in order to control customer access to the "bootloader" programs on cellphones and the operating system programs embedded inside mobile handsets (cellphones). These software locks prevent customers from using their handsets on a competitor's network (even after all contractual obligations to the original wireless carrier have been satisfied) by controlling access to the software that operates the mobile phones (e.g., the mobile firmware). Many reply comments were submitted in support of this exemption and only one reply comment provided any opposition to the proposal. Only two witnesses testified at the hearing on this issue: a representative of the principal proponent of the exemption and a representative of some copyright owners (none of whom operate wireless telecommunication services, manufacture wireless handsets or make bootloader or operating system programs for cellphones). It was undisputed that mobile handset consumers who desire to use their handsets on a different telecommunications network are often precluded from doing so unless they can obtain access to the bootloader or operating system within the handset in order to direct the phone to a different carrier's network. The evidence demonstrated that most wireless telecommunications network providers do not allow a consumer to obtain such access in order to switch a cell phone from one network to another, and that the consumer could not use the cell phone with another carrier, even after fulfilling his or her contractual obligations with the carrier that sold the phone. In order to switch carriers, the consumer would have to purchase a new phone from a competing mobile telecommunications carrier. The obstacle that prevents customers from using lawfully acquired handsets on different carriers is the software lock. At least one wireless telecommunications service has filed lawsuits alleging that circumvention of the software lock is a violation of section 1201(a)(1)(A) and has obtained a permanent injunction (albeit by stipulation). The Register has concluded that the software locks are access controls that adversely affect the ability of consumers to make noninfringing use of the software on their cellular phones. Moreover, a review of the four factors enumerated in ? 1201(a)(1)(C)(i)-(iv) supports the conclusion that an exemption is warranted. There is nothing in the record that suggests that the availability for use of copyrighted works would be adversely affected by permitting an exemption for software locks. Nor is there any reason to conclude that there would be any impact - positive or negative - on the availability for use of works for nonprofit archival, preservation, and educational purposes or on the ability to engage in criticism, comment, news reporting, teaching, scholarship, or research. Nor would circumvention of software locks to connect to alternative mobile telecommunications networks be likely to have any effect on the market for or value of copyrighted works. The reason that these four factors appears to be neutral is that in this case, the access controls do not appear to actually be deployed in order to protect the interests of the copyright owner or the value or integrity of the copyrighted work; rather, they are used by wireless carriers to limit the ability of subscribers to switch to other carriers, a business decision that has nothing whatsoever to do with the interests protected by copyright. And that, in turn, invokes the additional factor set forth in ? 1201(a)(1)(C)(v): "such other factors as the Librarian considers appropriate." When application of the prohibition on circumvention of access controls would offer no apparent benefit to the author or copyright owner in relation to the work to which access is controlled, but simply offers a benefit to a third party who may use ? 1201 to control the use of hardware which, as is increasingly the case, may be operated in part through the use of computer software or firmware, an exemption may well be warranted. Such appears to be the case with respect to the software locks involved in the current proposal. The copyright owners who did express concern about the proposed exemption are owners of copyrights in music, sound recordings and audiovisual works whose works are offered for downloading onto cellular phones. They expressed concern that the proposed exemption might permit circumvention of access controls that protect their works when those works have been downloaded onto cellular phones. The record on this issue was fairly inconclusive, but in any event the proponents of the exemption provided assurances that there was no intention that the exemption be used to permit unauthorized access to those works. Rather, the exemption is sought for the sole purpose of permitting owners of cellular phone handsets to switch their handsets to a different network. Because the Register has concluded that, in appropriate circumstances, a class of works may be refined by reference to uses made of the works, this issue can best be resolved by modifying the proposed class of works to extend only to "Computer programs in the form of firmware that enable wireless telephone handsets to connect to a wireless telephone communication network, when circumvention is accomplished for the sole purpose of lawfully connecting to a wireless telephone communication network." On September 18, 2006, long after the comments had been submitted and the hearings had been conducted in this rulemaking, the Register received unsolicited submissions from CTIA - The Wireless Association (a nonprofit trade association that promotes the interests of the wireless industry, representing both wireless carriers and manufacturers) and TracFone Wireless, Inc. (which describes itself as "America's largest prepaid wireless company"). The submissions included the submitters' responses to written questions that the Copyright Office had submitted to the two witnesses who had testified at the March 23, 2006, hearing on the proposed exemption - witnesses who had no relationship with Tracfone or CTIA. The submissions also contained arguments opposing the proposed exemption. In the course of his consultation with the Register of Copyrights on this rulemaking, the Acting Assistant Secretary of Commerce for Communications and Information shared his concern that the record on this proposal appeared to be incomplete and stated that he was pleased that the Register had sought additional information (in the form of the written questions to the witnesses) to supplement the record. Subsequently, he expressed to the Register his view that the CTIA and TracFone comments "afford you a complete record in which the views of both users and creators of content are currently represented," and urged the Register to consider those submissions in making her recommendation. The Assistant Secretary's concerns are understandable, and the Register shares his desire that the views of both users and creators of content be represented in the rulemaking. However, complying with the Assistant Secretary's request and accepting the last-minute submissions of CTIA and TracFone would undermine the procedural requirements of this proceeding and of the rulemaking process in general. While it is preferable that all interested parties make their views known in the rulemaking process, they must do so in compliance with the process that is provided for public comment, or offer a compelling justification for their failure to do so. In this case, they have failed to offer such justification. CTIA (which counts TracFone among its members) was aware of this rulemaking proceeding and this request for an exemption as early as January or February, 2006. Yet it remained silent until September 18, long after the opportunities provided for comment and testimony had expired. Nor did it offer any explanation for its silence. If these extremely untimely submissions were accepted, it would be difficult to imagine when it ever would be justified to reject an untimely comment. Such a precedent would be an invitation to chaos in future rulemakings. Therefore, the late submissions of CTIA and TracFone have not been considered. From rforno at infowarrior.org Mon Dec 11 23:13:21 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Dec 2006 23:13:21 -0500 Subject: [Infowarrior] - Protectors, Too, Gather Profits From ID Theft Message-ID: December 12, 2006 Stolen Lives Protectors, Too, Gather Profits From ID Theft By ERIC DASH http://www.nytimes.com/2006/12/12/business/12credit.html?ei=5094&en=8e636059 3425c89a&hp=&ex=1165899600&partner=homepage&pagewanted=print Melody Millett was shocked when her car loan company asked her if she was the wife of Abundio Perez, who had applied for 26 credit cards, financed several cars and taken out a home mortgage using a Social Security number belonging to her actual husband. Beyond her shock, Mrs. Millett was angry. Five months earlier, the Milletts had subscribed to a $79.99-a-year service from Equifax, a big financial data warehouse, that promised to monitor any access to her credit records. But it never reported the credit activity that might have signaled that they were victims of identity theft. ?I feel like the whole thing is a sham,? said Mrs. Millett, a 37-year-old information-technology manager from Overland Park, Kan. ?You feel completely violated because here are the people who know the industry. They hold all the data.? The services, she contends, are oversold. It is not just criminals who are profiting from identity theft; financial institutions are making money, too. Fear of identity theft has helped give rise to a nearly billion-dollar business in credit-monitoring services sold by the major credit bureaus ? companies like Equifax, Experian and TransUnion ? as well as direct marketers and banks. Javelin Strategy and Research, which analyzes the credit-monitoring market, says more than 12 million Americans are now subscribers. The services alert them when lenders have requested their credit files, usually an indication a credit application has been made in their name. Credit monitoring has quickly gained traction with consumers through aggressive advertising that often promotes its value in protecting against identity theft. But its abilities are far more limited than is commonly perceived. In the meantime, measures that could stem fraud from identity theft ? like legislation empowering consumers to block access to their credit records, making it impossible to extend new credit ? have faced stiff resistance from industry groups. ?Identity theft has essentially become a business ? not just for bad guys but for good guys, too,? said Robert Gellman, a privacy consultant in Washington. ?A lot of the people that are involved in profiting legally from identity theft are direct participants in the whole credit system that doesn?t have the protections in place to prevent identity theft in the first place.? Some criticism has been aimed at banks, which tolerate a certain amount of fraud as a cost of doing business. But the biggest beneficiaries from identity theft have been the three credit bureaus. Banks and other lenders have long bought information like a person?s payment history or debt load to assess a loan?s risk. But credit monitoring turned the system on its head and helped create a new, consumer- focused financial data industry. In addition to selling files to lenders in bulk, the bureaus now market largely the same records to individuals, including entries that reflect applications for credit, new accounts or balance changes. While the data is sold to a big financial institution for 20 cents to $1 a report, according to analysts and industry executives, it can be repackaged and sold to consumers in the form of credit monitoring for $3 to $16 a month. Persuading customers to sign up can be costly. But today, Wall Street analysts estimate credit monitoring alone to be a $900 million category, growing 20 percent a year or more. ?It?s a pretty big market considering that 10 years ago it didn?t exist,? said J. Bradford Eichler, a consumer data company analyst at Stephens. Peace of Mind, at a Price Representatives of Equifax, Experian and TransUnion, whose consumer affiliates are being sued by the Milletts, would not comment on the couple?s specific contentions because of the continuing litigation. But they say credit monitoring is a valuable tool. ?Our products give consumers an early warning system so they can limit the damage and take care of the problem right away,? said John Danaher, president of TransUnion?s online consumer services arm. And indeed, many consumers speak glowingly of their experiences with credit monitoring. Wendy Barrington, a 36-year-old Houston woman, recalled the annoyance a friend faced for months after her financial information was stolen. ?I am not about to risk something I have worked so hard on,? said Ms. Barrington, who pays about $15 a month for TransUnion?s credit-monitoring service. ?All it takes is one person stealing your information and you are in a world of hurt.? Still, some consumer advocates caution that people may be overpaying for that peace of mind. For one thing, Americans can essentially create their own credit-monitoring service by taking advantage of a federal law that guarantees access to one free credit report a year from each of the three bureaus. And thanks to so-called zero liability policies, the cost of fraud is generally absorbed by the credit card companies, merchants and banks. At the same time, credit monitoring may fail to detect that a credit request was even made. For example, a fraud artist may use someone else?s personal identification information ? like a Social Security number ? but take out a loan in his or her own name. The data mismatch can cause the bureau?s computer systems to route the loan request to a separate file so that a credit-monitoring service never picks it up. That is what Melody and Steven Millett, the Kansas couple, say happened to them. In late January 2003, Mrs. Millett found something was wrong when a Ford Motor Credit computer system refused to let her set up an online account to pay off an auto loan. When she called the lender, Mrs. Millett said, she was told that an account had already been set up with Mr. Millett?s Social Security number but a different name: Abundio Perez. She later learned of at least 26 cases in which Mr. Millett?s personal information had been used in credit applications by Mr. Perez since 1989, according to a lawsuit filed by the Milletts against the credit bureaus, data providers and several creditors in June 2004 in federal court in Kansas City, Kan. The previous August, Mrs. Millett had bought a credit-monitoring subscription from Equifax. Soon after the Ford Motor Credit incident, she also signed up for credit monitoring with Experian and TransUnion. At least one credit application using Mr. Millett?s Social Security number came after the Milletts obtained their credit-monitoring subscriptions, according to their lawyer, Joyce Yeager. But not once, Mrs. Millett said, did the couple receive notice of unusual access to their credit records or the misuse of Mr. Millett?s data. Quite the contrary, the bureaus sent them a succession of reassuring e-mail messages suggesting that their information was safe and offering congratulations. In their legal claims, which have been separated into several class-action lawsuits, the Milletts say that the bureaus? monitoring services do not work as advertised. ?The core identifier is your Social Security number,? Mrs. Millett said in an interview. ?You use it for work, for taxes. You would think that identifier would be covered by someone advertising they protect you from identity theft. To think that they are not is just flabbergasting.? Donald Girard, an Experian spokesman, acknowledged that his company?s credit-monitoring products could not detect cases in which a credit applicant used someone else?s Social Security number but his or her own name because those records were stored separately. He added, however, that in such cases consumers are ?not harmed? financially. Protection vs. Prevention Initially, the credit bureaus sold monitoring as a way for consumers to understand and manage their credit scores before taking out big loans. But since a wave of data breaches in 2004 heightened consumer fears, a security message appears to have moved toward center stage. ?It is advertised as monitoring for identity-theft protection,? said Michael R. Stanfield, chief executive of Intersections, a direct-marketing company that offers credit monitoring through big banks and card companies. But he said consumers hear protection ?and don?t understand if it is prevention or detection.? ?What is needed in the marketplace are products that are going to help you protect your information, monitor it when it is in the process of getting used in a financial fraud, and catch those financial frauds when they are about to occur,? he added. Privacy advocates have suggested providing more fraud-prevention tools to consumers by allowing them to freeze access to credit records if they think they have been identity-theft victims ? or as a precaution. Beginning with California in 2003, such laws have passed in 26 states, including New York last month. But of roughly 148 million credit-eligible customers in those states, Experian estimates 30,000 have elected to freeze their files. Financial and retailing lobbying groups have generally opposed such legislation at the state and federal levels since it could hinder a retailer in issuing a store-branded credit card ? or a bank in extending a loan ? to a legitimate customer, who must first unfreeze the credit file. It can also restrict the bureaus from selling consumer credit files. The big credit bureaus, after initially opposing tougher legislation, are taking a wait-and-see approach. ?It may be that we evolve to that at some point,? said Maxine Sweet, Experian?s vice president for consumer education. ?We have to make sure that we are not interfering with what is a very important part of the whole consumer credit economy.? Such a freeze might not have helped the Milletts, since the problematic files were kept under another name. Mrs. Millett is still using a credit-monitoring service, but she would not recommend it to a friend. ?I still have credit monitoring because of the simple fact that it is the best tool available at this time,? she said. ?It is not ideal, it is broken, and it is not as advertised.? From rforno at infowarrior.org Tue Dec 12 09:55:30 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Dec 2006 09:55:30 -0500 Subject: [Infowarrior] - =?iso-8859-1?q?A_Cryptologist_Takes_a_Crack_at_De?= =?iso-8859-1?q?ciphering_DNA_=B9_s_Deep_Secrets?= Message-ID: December 12, 2006 Scientist at Work | Nick Patterson A Cryptologist Takes a Crack at Deciphering DNA?s Deep Secrets By INGFEI CHEN http://www.nytimes.com/2006/12/12/science/12prof.html?pagewanted=print Thirty years ago, Nick Patterson worked in the secret halls of the Government Communications Headquarters, the code-breaking British agency that unscrambles intercepted messages and encrypts clandestine communications. He applied his brain to ?the hardest problems the British had,? said Dr. Patterson, a mathematician. Today, at 59, he is tackling perhaps the toughest code of all ? the human genome. Five years ago, Dr. Patterson joined the Broad Institute, a joint research center of Harvard and the Massachusetts Institute of Technology. His dexterity with numbers has already helped uncover startling information about ancient human origins. In a study released in May, scientists at the Broad Institute scanned 20 million ?letters? of genetic sequence from each of the human, chimpanzee, gorilla and macaque monkey genomes. Based on DNA differences, the researchers speculated that millions of years after an initial evolutionary split between human ancestors and chimp ancestors, the two lineages might have interbred again before diverging for good. The controversial theory was built on the strength of rigorous statistical and mathematical modeling calculations on computers running complex algorithms. That is where Dr. Patterson contributed, working with the study?s leader, David Reich, who is a population geneticist, and others. Their findings were published in Nature. Genomics is a third career for Dr. Patterson, who confesses he used to find biology articles in Nature ?largely impenetrable.? After 20 years in cryptography, he was lured to Wall Street to help build mathematical models for predicting the markets. His professional zigzags have a unifying thread, however: ?I?m a data guy,? Dr. Patterson said. ?What I know about is how to analyze big, complicated data sets.? In 2000, he pondered who had the most interesting, most complex data sets and decided ?it had to be the biology people.? Biologists are awash in DNA code. Last year alone, the Broad Institute sequenced nearly 70 billion bases of DNA, or 23 human genomes? worth. Researchers are mining that trove to learn how humans evolved, which mutations cause cancer, and which genes respond to a given drug. Since biology has become an information science, said Eric S. Lander, a mathematician-turned-geneticist who directs the Broad Institute, ?the premium now is on being able to interpret the data.? That is why quantitative-minded geeks from mathematics, physics and computer science have flocked to biology. Scientists who write powerful DNA-sifting algorithms are the engine driving the genomics field, said Edward M. Rubin, a geneticist and director of the federal Joint Genome Institute in Walnut Creek, Calif. Like the Broad, the genome institute is packed with computational people, including ?a bunch of astrophysicists who somehow wandered in and never left,? said Dr. Rubin, originally a physics major himself. Most have never touched a Petri dish. Dr. Patterson belongs to this new breed of biologist. The shelves of his office in Cambridge, Mass., carry arcane math titles, yet he can converse just as deeply about Buddhism or Thucydides, whose writings he has studied in ancient Greek. He is prone to outbursts of boisterous laughter. He was born in London in 1947. When he was 2 his Irish parents learned that he had a congenital bone disease that distorted the left side of his skull; his left eye is blind. He became a child chess prodigy who earned top scores on math exams, and later attended Cambridge, completing a math doctorate in finite group theory. In 1969, he won the Irish chess championship. In 1972, Dr. Patterson began working at the Government Communications Headquarters, where his research remains classified. He absorbed through his mentors the mathematical philosophy of Alan Turing, the genius whose crew at Bletchley Park ? the headquarters? predecessor ? broke Germany?s encryption codes during World War II. The biggest lesson he learned from Dr. Turing?s work, he said, was ?an attitude of how you look at data and do statistics.? In particular, Dr. Turing was an innovator in Bayesian statistics, which regard probability as dependent upon one?s opinion about the odds of something occurring, and which allows for updating that opinion with new data. In the 1970s, cryptographers at the communications headquarters were harnessing this approach, Dr. Patterson said, even while academics considered flexible Bayesian rules heretical. In 1980, Dr. Patterson moved with his wife and children to Princeton, N.J., to join the Center for Communications Research, the cryptography branch of the Institute for Defense Analyses, a nonprofit research center financed by the Department of Defense. His work earned him a name in the cryptography circle. ?You can probably pick out two or three people who?ve really stood out, and he?s one of them,? said Alan Richter, a longtime scientist at the defense institute. In 1993 Dr. Patterson moved to Renaissance Technologies, a $200 million hedge fund, at the invitation of its founder, James H. Simons, a mathematician and former cryptographer at the institute. The fund made trades based on a mathematical model. Dr. Patterson knew little about money, but the statistical methods matched those used in code breaking, Dr. Simons said: analyzing a series of data ? in this case daily stock price changes ? and predicting the next number. Their methods apparently worked. In Dr. Patterson?s time with the hedge fund, its assets reached $4 billion. By 2000, Dr. Patterson was restless. One day, he ran into Jill P. Mesirov, another former defense institute cryptographer, and mentioned his interest in biology. Dr. Mesirov, then director of computational biology at the Whitehead/M.I.T. Center for Genome Research, which later became the Broad Institute, hired him. ?Really, what we do for a living is to decrypt genomes,? Dr. Mesirov said. Cryptographers look at messages encoded as binary strings of zeros and ones, then extract underlying signals they can interpret, Dr. Mesirov said. The job calls for pattern recognition and mathematical modeling to explain the data. The same applies for analyzing DNA sequences, she said. One common genomic analysis tool ? the Hidden Markov Model ? was invented for pattern recognition by defense institute code breakers in the 1960s, and Dr. Patterson is an expert in that technique. It can be used to predict the next letter in a sequence of English text garbled over a communications line, or to predict DNA regions that code for genes, and those that do not. Dr. Patterson said he also has a well-honed instinct about which data is important, after seeing ?a lot of surprising stuff that turned out to be complete nonsense.? Dr. Lander of the Broad Institute describes him as a great skeptic, with the statistical insight to tell whether a signal is ?simply random fluctuation or whether it?s a smoking gun.? Making that distinction is one of the great difficulties of interpreting DNA. In studying the human-chimp species split, the genomics researchers strove to rule out possible errors and biases in the data. Dr. Reich, with Dr. Patterson and Dr. Lander, and two other colleagues, used computer algorithms to compare the primate genomes and count DNA bases that did not match, like the C base in gorillas that had become an A in humans. Because such mutations naturally arise at a set rate, the researchers could estimate how long ago the human and chimp lineages separated from an ancient common ancestor. A DNA base can mutate more than once, however. To correct for that, Dr. Patterson worked out equations estimating how often it occurred; Dr. Reich revised their computer algorithms accordingly. Two strange patterns emerged. Some human DNA regions trace back to a much older common ancestor of humans and chimps than other regions do, with the ages varying by up to four million years. But on the X chromosome, people and chimps share a far younger common ancestor than on other chromosomes. After the researchers tested various evolutionary models, the data appeared best explained if the human and chimp lineages split but later began mating again, producing a hybrid that could be a forebear of humans. The final breakup came as late as 5.4 million years ago, the team calculated. The project was ?our hobby? Dr. Reich said of himself and Dr. Patterson said. Their main work, in medical genetics, includes devising a shortcut to scan the genome for prostate cancer genes. Whether studying disease or evolution, Dr. Patterson noted, genomics differs from code breaking in one key respect: no adversary is deliberately masking DNA?s meaning. Still, given its complexity, the code of life is the most open-ended of cryptographic challenges, Dr. Patterson said. ?It?s a very big message.? From rforno at infowarrior.org Tue Dec 12 10:03:15 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Dec 2006 10:03:15 -0500 Subject: [Infowarrior] - UCLA: 800K people's PII potentially compromised Message-ID: (c/o dano) UCLA Warns of Unauthorized Access to Restricted Database UCLA is alerting approximately 800,000 people that their names and certain personal information are contained in a restricted database that was illegally and fraudulently accessed by a sophisticated computer hacker. This database contains certain personal information about UCLA's current and some former students, faculty and staff, some student applicants and some parents of students or applicants who applied for financial aid. Approximately 3,200 of those being notified are current or former staff and faculty of the University of California, Merced, and current or former employees of the University of California Office of the President, for which UCLA does administrative processing. In a letter being sent to affected individuals, Acting Chancellor Norman Abrams said that personal information about at least some of the individuals was obtained by the hacker but that there is no evidence that any data has been misused. The database includes names, Social Security numbers, dates of birth, home addresses and contact information. It does not include driver's license numbers or credit card or banking information. [...] --end press release-- --begin letter-- From: "Norman Abrams, Acting Chancellor, UCLA" December 12, 2006 Dear Friend, UCLA computer administrators have discovered that a restricted campus database containing certain personal information has been illegally accessed by a sophisticated computer hacker. This database contains certain personal information about UCLA?s current and some former students, faculty and staff, some student applicants and some parents of students or applicants who applied for financial aid. The database also includes current and some former faculty and staff at the University of California, Merced, and current and some former employees of the University of California Office of the President, for which UCLA does administrative processing. I regret having to inform you that your name is in the database. While we are uncertain whether your personal information was actually obtained, we know that the hacker sought and retrieved some Social Security numbers. Therefore, I want to bring this situation to your attention and urge you to take actions to minimize your potential risk of identity theft. I emphasize that we have no evidence that personal information has been misused. The information stored on the affected database includes names and Social Security numbers, dates of birth, home addresses and contact information. It does not include driver?s license numbers or credit card or banking information. Only designated users whose jobs require working with the restricted data are given passwords to access this database. However, an unauthorized person exploited a previously undetected software flaw and fraudulently accessed the database between October 2005 and November 2006. When UCLA discovered this activity on Nov. 21, 2006, computer security staff immediately blocked all access to Social Security numbers and began an emergency investigation. While UCLA currently utilizes sophisticated information security measures to protect this database, several measures that were already under way have been accelerated. In addition, UCLA has notified the FBI, which is conducting its own investigation. We began notifying those individuals in the affected database as soon as possible after determining that personal data was accessed and after we retrieved individual contact information. As a precaution, I recommend that you place a fraud alert on your consumer credit file. By doing so, you let creditors know to watch for unusual or suspicious activity, such as someone attempting to open a new credit card account in your name. You may also wish to consider placing a security freeze on your accounts by writing to the credit bureaus. A security freeze means that your credit history cannot be seen by potential creditors, insurance companies or employers doing background checks unless you give consent. For details on how to take these steps, please visit http://www.identityal ert.ucla.edu/what_you_can_do.htm. Extensive information on steps to protect against personal identity theft and fraud are on the Web site of the California Office of Privacy Protection, a division of the state Department of Consumer Affairs, http://www.privacy.ca.gov. Information also is available on a Web site we have established, http://www.identityalert.ucla.edu. The site includes additional information on this situation, further suggestions for monitoring your credit and links to state and federal resources. If you have questions about this incident and its implications, you may call our toll-free number, (877) 533-8082. Please be aware that dishonest people falsely identifying themselves as UCLA representatives might contact you and offer assistance. I want to assure you that UCLA will not contact you by phone, e-mail or any other method to ask you for personal information. I strongly urge you not to release any personal information in response to inquiries of this nature. We have a responsibility to safeguard personal information, an obligation that we take very seriously. I deeply regret any concern or inconvenience this incident may cause you. Sincerely, Norman Abrams, Acting Chancellor This is an automated message regarding the recent identity alert at UCLA. We're sorry, but we are unable to respond to emails. Please do not reply to this email. If you have questions or concerns and would like to speak with someone, please call (877) 533-8082. For additional information and steps to take, please go to the dedicated website at http://www.identityalert.ucla.edu. --end letter-- From rforno at infowarrior.org Tue Dec 12 10:12:18 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Dec 2006 10:12:18 -0500 Subject: [Infowarrior] - Mozart's entire musical score now free on Net Message-ID: Mozart's entire musical score now free on Net By Reuters http://news.com.com/Mozarts+entire+musical+score+now+free+on+Net/2100-1027_3 -6142845.html Story last modified Tue Dec 12 05:43:25 PST 2006 Wolfgang Amadeus Mozart's year-long 250th birthday party is ending on a high note with the musical scores of his complete works available from Monday for the first time free on the Internet. The International Mozart Foundation in Salzburg, Austria, has put a scholarly edition of the bound volumes of Mozart's more than 600 works on a Web site. The site allows visitors to find specific symphonies, arias or even single lines of text from some 24,000 pages of music. "We had 45,000 hits in the first two hours...we would not have expected that," program director Ulrich Leisinger told Reuters in a telephone interview. CNET News.com was not able to reach the site Tuesday morning, perhaps due to a traffic overload. A user who types in "Pamina" from Mozart's opera "The Magic Flute" will see the music for all five arias she sings, as well as critical texts discussing those passages. The version appearing on the Internet is a digitized copy of the "New Mozart Edition" published by Barenreiter, of Kassel, Germany. It is considered the "gold standard" of Mozart editions, and Leisinger said Barenreiter was paid $400,000 for the digital-publication rights. The financial backing came from the Packard Humanities Institute of Los Altos, Calif. "We hope we will be able to convince other people besides us to present their original materials online as well," Leisinger said. Story Copyright ? 2006 Reuters Limited. All rights reserved. Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Tue Dec 12 23:32:13 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Dec 2006 23:32:13 -0500 Subject: [Infowarrior] - Web Site Hunting Pedophiles Racks Up Arrests Message-ID: December 13, 2006 Web Site Hunting Pedophiles Racks Up Arrests By ALLEN SALKIN http://www.nytimes.com/2006/12/13/technology/13justice.html?ei=5094&en=acd48 03fc0d4d9d3&hp=&ex=1165986000&partner=homepage&pagewanted=print Last month, the Web site Perverted-Justice.com posted news of the conviction of Sean Young, a Wisconsin man sentenced to 10 years in state prison for soliciting sex online from a 14-year-old girl. According to a transcript of an online chat posted on the site, at one point Mr. Young had asked the girl, identified only as Billie, what she was wearing. When she answered ?sweats,? Mr. Young typed back that if she were his daughter, ?i?d make u wear sexy clthes.? Billie turned out to be an adult volunteer for Perverted Justice, an anti-pedophile group, and when Mr. Young drove to a house where he expected to meet the teenager for sex, he was arrested by sheriff?s deputies. The conviction was logged as the 104th that Perverted Justice says it has been responsible for since 2003, a tally that as of yesterday had reached 113. What started as one man?s quest to rid his regional Yahoo chat room of lewd adults has grown into a nationwide force of cyberspace vigilantes, financed by a network television program hungry for ratings. ?It?s a kind of blog that has turned into a crime-fighting resource,? said Robert McCrie, a professor at John Jay College of Criminal Justice in Manhattan. Perverted Justice is best known for putting its online volunteers at the disposal of the television newsmagazine ?Dateline NBC,? which has broadcast 11 highly rated programs in which would-be pedophiles are lured to ?sting houses,? only to be surprised by a camera crew and, usually, the police. Despite that publicity, the inner workings of Perverted Justice and its reclusive founder remain largely a mystery, even as the group has emerged as one of the most effective unofficial law enforcement groups in the country, a kind of Neighborhood Watch of the Net. But the group is also criticized by some legal and law enforcement experts, who accuse it of entrapment, making mistakes that ruin innocent lives and, paradoxically, disseminating its own brand of child pornography. Peter D. Greenspun, a lawyer who defended a rabbi from Rockville, Md., caught in a ?Dateline? sting arranged by Perverted Justice, said that by posting online transcripts of conversations between would-be child molesters and volunteers posing as 12- and 13-year-olds, Perverted Justice was encouraging, rather than deterring, pedophiles. ?They are putting out for unfiltered, unrestricted public consumption the most graphic sexual material that they themselves say is of a perverted nature,? Mr. Greenspun said. Perverted Justice?s founder, Xavier Von Erck, 27, a former tech-support worker, has a dedication to the cause bordering on obsession, his mother and associates said. Mr. Von Erck lives in an apartment in Portland, Ore., but rarely gives out his address, and he would not allow a reporter to visit because he feared retribution from men exposed by his group. In a telephone interview, he said he worked for his group seven days a week, mostly from a laptop in his bedroom. ?Every waking minute he?s on that computer,? said his mother, Mary Erck-Heard, 46, who raised her son after they fled his father, whom she described as alcoholic. Mr. Von Erck legally changed his name from Phillip John Eide, taking his maternal grandfather?s family name, Erck, and adding the Von. In many ways, Mr. Von Erck, who said he and his mother moved 13 times when he was in high school because they were often short of money, continues to live that messy life of deprivation. His meals often consist of ramen noodles, he said; his bed is perpetually unmade. For years, he has been trying unsuccessfully to find his father, who, he says, still owes his mother child support. ?I have a low opinion of men in general,? he said. ?The most heinous crimes in our society are committed by males.? Perverted Justice has 41,000 registered users of its online forums dedicated to the cause of stopping predators, 65 volunteers trained as chat room decoys and three salaried leaders: Mr. Von Erck, a woman who is a liaison with law enforcement and a business manager. Typically, a Perverted Justice volunteer creates a false online profile, posing as, say, a 13-year-old girl on MySpace. The volunteer will wait to receive e-mail messages or will enter a chat room. If an adult contacts the volunteer, the decoy responds and sees if the conversation becomes sexual. The group?s collaboration with ?Dateline? since 2004 has been lucrative. A person familiar with Perverted Justice?s finances who requested anonymity because he is not authorized to discuss the matter publicly said NBC was paying the group roughly $70,000 for each hour of television produced. ?They do a lot a work for us, and they deserve to be reimbursed for that work,? said David Corvo, the executive producer of ?Dateline,? who met with Mr. Von Erck earlier this year in New York to discuss their collaboration. Mr. Von Erck said the NBC money had been used in part to buy computer servers that would not be overwhelmed every time the group was mentioned on television. Ratings for the ?Dateline? broadcasts, a series called ?To Catch a Predator? that has become a network franchise, have averaged 9.1 million viewers, compared with 7 million viewers for other ?Dateline? episodes, according to Nielsen Media Research. Six new episodes are planned for the first half of 2007. Two were shot at a house in Long Beach, Calif.; two in Flagler Beach, Fla.; and two others in Murphy, Tex. The Texas sting drew a burst of publicity in early November, months before the episodes were scheduled to be shown, when a prosecutor implicated as a would-be predator, Louis W. Conradt Jr., shot himself to death as the police approached his home. Supporters of the NBC broadcasts say they have helped increase awareness of online predators, allowing parents to educate children and spurring law enforcement to action. One in seven youths ages 10 to 17 who have gone online at least once a month for six months have received unwanted sexual solicitations, according to a 2005 study by the Crimes Against Children Research Center at the University of New Hampshire. Last month, the ?Dateline? correspondent Chris Hansen, who is featured on the Perverted Justice specials, addressed about 500 students at a school in Rye Brook, N.Y., about the dangers of Internet predators. One of the first questions was why the stings filmed by ?Dateline? were not entrapment. The answer, legal experts say, is that it is hard for a defendant to prove entrapment, in this context or in any other. Some states allow prosecutions as long as there was a ?predisposition? to the conduct. Others require police misconduct for a defendant to claim entrapment. One concern about Perverted Justice?s nonprofessional force of vigilantes, raised by Lt. Joseph Donohue, head of the New York State Internet Crimes Against Children Task Force, is that decoys impersonating teenagers may be too aggressive, not understanding the need to let predators initiate the sexual chat and therefore not gathering chat-log evidence that will stand up in court. Mr. Von Erck responded that so far prosecutors had not dropped charges against any man arrested in an investigation begun by Perverted Justice. Of the 113 convictions Mr. Von Erck?s group claims, some have been for misdemeanors resulting in no jail time, and others have brought stiff sentences, like the one of the Maryland rabbi, David A. Kaye, who on Dec. 1 was sentenced to six and a half years in prison on federal charges of enticement and traveling to meet a minor for illicit sexual contact. Mr. Von Erck?s most vociferous critic is Scott Morrow, a retired Canadian Air Force serviceman who runs a Web site, Corrupted-Justice.com, chronicling what he says are excesses by Perverted Justice. ?These are anonymous, unaccountable Net junkies doing this work,? Mr. Morrow said in an interview. He said that Perverted Justice listed personal information for many men it accused of being sexual predators and had sometimes mistaken their identities and humiliated innocent people. Mr. Von Erck said the criticisms were out-of-date; in its first years the group did post the phone numbers, employers and photographs of men it accused of being predators, and anyone could humiliate the individuals by, say, e-mailing transcripts of a man?s lewd online chats to his friends and colleagues. But since early this year, Perverted Justice has made a policy of not immediately posting the information it gathers in most cases; instead it contacts law enforcement and encourages pursuit of an arrest. ?We are now a conviction machine,? Mr. Von Erck said. Mr. Von Erck, who said he was not molested as a child, prefers not to analyze his own motivation for dedicating himself so fully to the effort. Asked to explain why he did it, he did so with spare emotion. ?It gets tiring,? he said, ?but when you find somebody that?s already been successful doing something harmful to a child and then you get him arrested, you can?t beat that.? Happy Blitt contributed research. From rforno at infowarrior.org Wed Dec 13 09:11:00 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Dec 2006 09:11:00 -0500 Subject: [Infowarrior] - FTC Moves to Unmask Word-of-Mouth Marketing Message-ID: FTC Moves to Unmask Word-of-Mouth Marketing Endorser Must Disclose Link to Seller http://www.washingtonpost.com/wp-dyn/content/article/2006/12/11/AR2006121101 389_pf.html By Annys Shin Washington Post Staff Writer Tuesday, December 12, 2006; D01 The Federal Trade Commission yesterday said that companies engaging in word-of-mouth marketing, in which people are compensated to promote products to their peers, must disclose those relationships. In a staff opinion issued yesterday, the consumer protection agency weighed in for the first time on the practice. Though no accurate figures exist on how much money advertisers spend on such marketing, it is quickly becoming a preferred method for reaching consumers who are skeptical of other forms of advertising. Word-of-mouth marketing can take any form of peer-to-peer communication, such as a post on a Web blog, a MySpace.com page for a movie character, or the comments of a stranger on a bus. As the practice has taken hold over the past several years, however, some advocacy groups have questioned whether marketers are using such tactics to dupe consumers into believing they are getting unbiased information. In October 2005, Commercial Alert, an advertising and marketing watchdog group in Portland, Ore., petitioned the FTC to consider taking action against word-of-mouth marketers. The group called for the FTC to issue guidelines requiring paid agents to disclose their relationship to the company whose product they are promoting, including any compensation. The group cited a 2002 Wall Street Journal article on a marketing campaign by Sony Ericsson Mobile for its T68i mobile phone and digital camera. The initiative, called "Fake Tourist," involved placing 60 actors posing as tourists at attractions in New York and Seattle to demonstrate the camera phone. The actors asked passersby to take their photo, which demonstrated the camera phone's capabilities, but the actors did not identify themselves as representatives for Sony Ericsson. Commercial Alert also singled out Tremor, a marketing division of Procter & Gamble, which has assembled a volunteer force of 250,000 teenagers to promote the company's products to friends and relatives. Procter & Gamble spokesman Terry Loftus said participants in its word-of-mouth campaigns are free to talk negatively or positively about a product or service and do not receive compensation. Volunteers are not required to disclose their relationship with the company, he said. Some participants receive sample products, he said, so they can offer an opinion on a product. Word-of-mouth advertising is already covered under existing FTC regulations that govern commercial endorsements. What the FTC sought to do yesterday in its staff opinion was to note that such marketing could be deceptive if consumers were more likely to trust the product's endorser "based on their assumed independence from the marketer." "The petition to us did raise a question about compliance with the FTC act," said Mary K. Engle, FTC associate director for advertising practices. "We wanted to make clear . . . if you're being paid, you should disclose that." The FTC said it would investigate cases where there is a relationship between the endorser of a product and the seller that is not disclosed and could affect the endorsement. The FTC staff said it would go after violators on a case-by-case basis. Consequences could include a cease-and-desist order, fines and civil penalties ranging from thousands of dollars to millions of dollars. Engle said the agency had not brought any cases against word-of-mouth marketers. Though the staff's opinion fell short of Commercial Alert's original request, the group's executive director, Gary Ruskin, said he was pleased the staff agreed that word-of-mouth marketing could be deceptive. "This letter tells marketers like Procter & Gamble that their 'sponsored consumers' must disclose that they are shilling, or they are probably in violation of the prohibition against deceptive advertising. That's big," he said. "It will change practices in the word-of-mouth marketing industry." Andy Sernovitz, chief executive of the Word of Mouth Marketing Association, said the FTC's decision was an endorsement of the industry's efforts to police itself. The Chicago-based association, which has more than 300 members, last year issued a code of ethics stating that marketers should disclose ties to sponsors. The group has also tried to hold members accountable. Sernovitz said the group is reviewing the membership status of the Edelman public relations firm after Wal-Mart, one of the firm's clients, reportedly gave positive comments to bloggers who then posted the comments without mentioning the source. Edelman later admitted that some of its employees had written the blogs. Procter & Gamble, which is not a member of the association, recruits volunteer marketers online, Loftus said. The company chooses volunteers based on their answers to a survey on the Tremor Web site, which tells participants if they join the Tremor Crew they could "name the next big movie" or "help design a video game." Peter Blackshaw, chief marketing officer for Nielsen BuzzMetrics, which tracks the effectiveness of word-of-mouth marketing, said brands have more than a moral incentive to be upfront with consumers. "There's a high turn-off factor if consumers learn that the person making a recommendation is actually on contract," with an incentive to push a product, he said. A 2005 survey of 800 consumers by market research firm Intelliseek found that 29 percent of participants age 20 to 34 and 41 percent of those age 35 to 49 said they would be unlikely to trust a recommendation again from a friend whom they later learned was compensated for making the suggestion. From rforno at infowarrior.org Wed Dec 13 14:26:01 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Dec 2006 14:26:01 -0500 Subject: [Infowarrior] - U.S. Warns of (Terrorist) Threat to Satellites In-Reply-To: Message-ID: Must be a slow news day outside of Iraq.........rf U.S. Warns of Threat to Satellites Dec 13 1:58 PM US/Eastern By BARRY SCHWEID AP Diplomatic Writer WASHINGTON http://www.breitbart.com/news/2006/12/13/D8M04QT80.html The Bush administration warned Wednesday against threats by terrorist groups and other nations against U.S. commercial and military satellites, and discounted the need for a treaty aimed at preventing an arms race in space. Undersecretary of State Robert G. Joseph also reasserted U.S. policy that it has a right to use force against hostile nations or terror groups that might try to attack American satellites or ground installations that support space programs. President Bush adopted a new U.S. space policy earlier this year. "We reserve the right to defend ourselves against hostile attacks and interference with our space assets," Joseph said in prepared remarks to the George C. Marshall Institute. Joseph, the senior arms control official at the State Department, said nations cannot all be counted on to use space purely for peaceful purposes. "A number of countries are exploring and acquiring capabilities to counter, attack, and defeat U.S. space systems," Joseph said He also said terrorists "understand our vulnerabilities and have targeted our economy in the past, as they did on 9/11." He said terrorists and enemy states might view the U.S. space program as "a highly lucrative target," while sophisticated technologies could improve their ability to interfere with U.S. space systems and services. Joseph did not identify terror groups or nations that might have such motives. An aide to Joseph, who spoke on condition of anonymity because he was not authorized to discuss the matter, said that information was classified. "For our part, we must take all of these threats seriously because space capabilities are essential" to the U.S. economy and government, Joseph said. He said the U.S. is more reliant on space than any other country. "No nation, no state-actor, should be under the illusion that the United States will tolerate a denial of our right to the use of space for peaceful purposes," he said. Wade Boese, a spokesman for the private Arms Control Association, challenged the adminstration's policy. He said rejecting additional international arms controls for space runs counter to U.S. security interests "because the United States has the most to lose from an unregulated space arena." Boese said he believes the administration wants to avoid negotiations in order to preserve the possibility of deploying space-based missile defense systems, such as interceptors. Joseph listed telecommunications, transportation, electrical power, water supply, gas and oil storage, transportation systems, emergency services, banking and finance, and government services as relying heavily on data transmitted by satellites. "The United States views the purposeful interference with its space systems as an infringement on our rights," he said, adding. "If these rights are not respected, the United States has the same full range of options _ from diplomatic to military _ to protect its space assets as it has to protect its other critical assets." Joseph ruled out negotiating a new international space agreement, saying the 1967 Outer Space Treaty established an effective arms control regime. The treaty bans the stationing of weapons of mass destruction in outer space and declares outer space should be used only for peaceful purposes. A new agreement is not necessary, Joseph said. "We should concentrate on real threats," he said, citing Iran and North Korea. "There is no arms race in space and we see no signs of one emerging," he said. Copyright 2006 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Wed Dec 13 21:18:03 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Dec 2006 21:18:03 -0500 Subject: [Infowarrior] - Google Patents Search opens Message-ID: Q. Where does this patent data come from? A. All patents available through Google Patent Search come from the United States Patent and Trademark Office (USPTO). Patents issued in the United States are public domain government information, and images of the entire database of U.S. patents are readily available online via the USPTO website. Q. What types of patents are available? A. Google Patent Search covers the entire collection of patents made available by the USPTO?from patents issued in the 1790s through those issued in the middle of 2006. We don?t currently include patent applications, international patents, or U.S. patents issued over the last few months, but we look forward to expanding our coverage in the future. http://www.google.com/patents From rforno at infowarrior.org Wed Dec 13 21:32:14 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Dec 2006 21:32:14 -0500 Subject: [Infowarrior] - Bush's anti-terrorism law upheld Message-ID: Bush's anti-terrorism law upheld A US court has upheld President George W Bush's new anti-terror law, agreeing that Guantanamo inmates cannot challenge their imprisonment in courts. District Judge James Robertson rejected a challenge by Salim Ahmed Hamdan, a former driver of Osama Bin Laden. Mr Hamdan's case prompted the Supreme Court to strike down the government's policy on detainees last year. But Mr Bush later signed a new law that established military commissions to try enemy combatants. Judge Robertson ruled that the new law - signed by Mr Bush in October - removed federal court jurisdiction to hear cases like Mr Hamden. The verdict is a legal victory for the White House, which has been fending off criticism of the new law from Democrats and civil rights groups. Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/americas/6178057.stm Published: 2006/12/13 22:19:22 GMT From rforno at infowarrior.org Wed Dec 13 21:48:04 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Dec 2006 21:48:04 -0500 Subject: [Infowarrior] - Boeing laptop theft: 161K affected In-Reply-To: <20061214024053.GA5384@gsp.org> Message-ID: (via RSK) http://www.techdirt.com/articles/20061213/100038.shtml Once, Twice, Three Times A Loser... Wait, Make That Four Excerpt: Last November, we wondered exactly why a Boeing employee was carrying around a laptop containing the names, birth dates, Social Security numbers and bank account info of 161,000 thousand current and former employees. That laptop was, of course, stolen. That breach didn't seem to teach the company anything, as five months later, another laptop was stolen, though it had info on "only" 3,600 workers. Another one was stolen from an employee's home last month, containing info on 762 people. But, in a remarkable show of hardheadedness, Boeing says a laptop containing the information of a staggering 382,000 current and former employees was stolen from an employee's car earlier this month. From rforno at infowarrior.org Wed Dec 13 22:29:52 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Dec 2006 22:29:52 -0500 Subject: [Infowarrior] - USGS Scientists Object To Stricter Review Rules Message-ID: USGS Scientists Object To Stricter Review Rules Pre-Publication Policy Seen as Cumbersome http://www.washingtonpost.com/wp-dyn/content/article/2006/12/13/AR2006121301 991.html By Juliet Eilperin Washington Post Staff Writer Thursday, December 14, 2006; Page A29 A new Bush administration policy for reviewing scientific documents before publication has angered some U.S. Geological Survey scientists, who say the elaborate internal review of their work may impede them from conveying information to the public. The new requirements, which were unveiled in July but are still being put into practice, call for staff scientists to submit all reports and prepared talks to managers to determine if they meet the agency's scientific standards. They also require researchers to alert the agency press office of any work involving "potential high visibility products or policy-sensitive issues." P. Patrick Leahy, USGS associate director for geology, said the agency spent more than two years drafting the rules to ensure all of it scientists are subject to the same sort of rigorous scientific review before they send their work to be published. "What we're doing is ensuring the scientific excellence of USGS products," Leahy said in an interview. "Peer review has been the stock and trade of this organization for years and years. How we do that has been different depending on what part of the organization you were in . . . What we want to do is [have] our scientists working together in concert with one another." But James Estes, a marine biologist who has worked for more than 30 years at the USGS's Western Ecological Research Center in Santa Cruz, Calif., said that while he has not encountered problems in the past, he and his colleagues fear their work may be stifled. "I feel as though we've got someone looking over our shoulder at every damn thing we do. And to me that's a very scary thing," Estes said, adding that it will be a cumbersome procedure. "There's been no effort yet other than to intimidate everybody, but to me it's censorship. . . . I think they're afraid of science. Our findings on ecology could be embarrassing to the administration." Leahy acknowledged that some agency scientists are resistant to the idea, even though USGS officials see it as a helpful reform. "It's the old thing, in concept it makes a great deal of sense," he said. "In practice, if you have a change to what you've been doing for a long time, you're not happy with it." Under the policy, a USGS employee must submit any scientific document for a peer review that may involve scientists either inside or outside the agency. A supervisor oversees the process, making sure the reviewers are qualified and looking at how the scientist in question responded to any criticism raised by the reviewers. Rama Kotra, a senior scientist in Leahy's office, said the review might take just one week for a simple document, but in the case of a complex scientific study "it would take much longer than that," possibly six months. USGS spokeswoman Barbara Wainman said the press office would not be conducting the peer reviews and political appointees would not be involved, because the agency director is the only USGS person appointed by the president. USGS researchers have tangled with Bush officials over administration policies. In 2002, the agency published a study suggesting that energy exploration on Alaska's Arctic National Wildlife Refuge could hurt a Porcupine caribou herd; a week later the agency issued a report saying drilling would not damage the herd. The controversy over the peer review process surfaced a day after the Union of Concerned Scientists announced that 10,600 scientists have signed a statement complaining that the Bush administration has undermined the "scientific integrity" of federal policymaking. Michael Halpern, the group's outreach coordinator for scientific integrity, said USGS scientists at this week's annual meeting of the American Geophysical Union in San Francisco had approached him to complain about the new peer review rules. "They perceive it as another hoop to jump through in order to get scientific documents approved," Halpern said, adding that the policy may not be a problem if officials make sure it's a "valid review process." "USGS always puts together policy neutral scientific documents. That's why their reputation is impeccable." From rforno at infowarrior.org Wed Dec 13 23:03:31 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Dec 2006 23:03:31 -0500 Subject: [Infowarrior] - Security cameras raise rights worry in NY: report Message-ID: Security cameras raise rights worry in NY: report Wed Dec 13, 2006 6:20 PM ET http://today.reuters.com/news/articlenews.aspx?type=domesticNews&storyid=200 6-12-13T231656Z_01_N13491988_RTRUKOC_0_US-USA-RIGHTS-CAMERAS.xml&src=rss&rpc =22 NEW YORK (Reuters) - The security cameras are watching, a New York rights group warned on Wednesday. Security cameras have increased fivefold in parts of New York City and have become so pervasive that they threaten the rights of privacy, speech and association, the New York Civil Liberties Union, or NYCLU, said in a report. Moreover, there was no evidence the cameras deterred crime, the group said. In 2005 there were 4,176 cameras in three districts of southern Manhattan, up from 769 cameras in a 1998 survey, the report said. "Unregulated video surveillance technology has already led to abuses in New York City, including the police department's creation of visual dossiers on people engaged in lawful street demonstrations and the voyeuristic videotaping of individuals' private and intimate conduct," the group said. Police did not immediately respond to a request for comment. A 1998 study conducted by the NYCLU found 2,397 video surveillance cameras visible from street level in Manhattan. The report said that same number of cameras can be now found in the neighborhoods of Greenwich Village and Soho alone. ? Reuters 2006. All rights reserved. Republication or redistribution of Reuters content, including by caching, framing or similar means, is expressly prohibited without the prior written consent of Reuters. Reuters and the Reuters sphere logo are registered trademarks and trademarks of the Reuters group of companies around the world. From rforno at infowarrior.org Wed Dec 13 23:20:47 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Dec 2006 23:20:47 -0500 Subject: [Infowarrior] - ACLU: Government seeks document marked `secret' Message-ID: ACLU: Government seeks document marked `secret' By LARRY NEUMEISTER Associated Press Writer http://www.newsday.com/news/local/wire/newyork/ny-bc-ny--secretdocument1213d ec13,0,5424769,print.story?coll=ny-region-apnewyork December 13, 2006, 4:53 PM EST NEW YORK -- The government is demanding that the American Civil Liberties Union turn over a classified document that the civil rights group said Wednesday would be embarrassing to the government and pertains to the war against terrorism. The ACLU filed papers under seal in U.S. District Court this week seeking a judicial order letting it keep the 3 1/2-page document, issued in December 2005, which it said "provides a set of general policy guidelines on a matter of longstanding concern to the ACLU." In the court papers, unsealed Wednesday, the ACLU said release of the document might be "mildly embarrassing" to the government but could not threaten national security and did not concern troop movements, communications methods, intelligence sources or the like. The ACLU said the designation of the generally unremarkable document as classified "appears to be a striking, yet typical, example of overclassification." The civil rights group said that it received a grand jury subpoena from the U.S. attorney's office in Manhattan on Nov. 20, nearly a month after the ACLU received the document unsolicited and soon after it refused to comply with a prosecutor's demands to turn it over. Although it did not reveal the subject matter of the document, the ACLU noted that its issues of longstanding concern include the government's execution of its "war on terror" and its attempts to get documents related to government policies and practices regarding torture and the government's compliance with the Geneva Conventions. It said it also has pressed the government to renounce torture and other forms of cruel, unusual and degrading treatment and hold accountable senior officials who authorized or condoned such activities. ACLU Executive Director Anthony D. Romero said it was the "first time in our 86-year history we've been asked to make a document disappear from our files." Romero said the subpoena served no legitimate investigative purpose and trampled on fundamental First Amendment rights. "The government's attempt to suppress information using the grand jury process is truly chilling and is unprecedented in law and in the ACLU's history," Romero said. "We recognize this maneuver for what it is: a patent attempt to intimidate and impede the work of human rights advocates like the ACLU who seek to expose government wrongdoing." The U.S. attorney's office had no immediate comment, spokeswoman Yusill Scribner said. ACLU Legal Director Steven R. Shapiro said the most significant thing about the case was not the content of the document "but the government's unprecedented effort to suppress it." The ACLU said the subpoena refers to the Espionage Act, but the civil rights group has been told that it is not a target of the investigation. In court documents, the ACLU said its lawyers could not find a single reported judicial ruling that even mentions, much less enforces, a subpoena like the one it received. "The grand jury cannot be used, as it is being used here, for the purpose of suppressing information," the ACLU said. Copyright 2006 Newsday Inc. From rforno at infowarrior.org Thu Dec 14 08:45:01 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Dec 2006 08:45:01 -0500 Subject: [Infowarrior] - MySpace Passwords Aren't So Dumb Message-ID: MySpace Passwords Aren't So Dumb http://www.wired.com/news/columns/1,72300-0.html By Bruce Schneier| Also by this reporter 02:00 AM Dec, 14, 2006 Security Matters columnist Bruce Schneier Security Matters How good are the passwords people are choosing to protect their computers and online accounts? It's a hard question to answer because data is scarce. But recently, a colleague sent me some spoils from a MySpace phishing attack: 34,000 actual user names and passwords. The attack was pretty basic. The attackers created a fake MySpace login page, and collected login information when users thought they were accessing their own account on the site. The data was forwarded to various compromised web servers, where the attackers would harvest it later. MySpace estimates that more than 100,000 people fell for the attack before it was shut down. The data I have is from two different collection points, and was cleaned of the small percentage of people who realized they were responding to a phishing attack. I analyzed the data, and this is what I learned. Password Length: While 65 percent of passwords contain eight characters or less, 17 percent are made up of six characters or less. The average password is eight characters long. Specifically, the length distribution looks like this: 1-4 0.82 percent 5 1.1 percent 6 15 percent 7 23 percent 8 25 percent 9 17 percent 10 13 percent 11 2.7 percent 12 0.93 percent 13-32 0.93 percent Yes, there's a 32-character password: "1ancheste23nite41ancheste23nite4." Other long passwords are "fool2thinkfool2thinkol2think" and "dokitty17darling7g7darling7." Character Mix: While 81 percent of passwords are alphanumeric, 28 percent are just lowercase letters plus a single final digit -- and two-thirds of those have the single digit 1. Only 3.8 percent of passwords are a single dictionary word, and another 12 percent are a single dictionary word plus a final digit -- once again, two-thirds of the time that digit is 1. numbers only 1.3 percent letters only 9.6 percent alphanumeric 81 percent non-alphanumeric 8.3 percent Only 0.34 percent of users have the user name portion of their e-mail address as their password. Common Passwords: The top 20 passwords are (in order): password1, abc123, myspace1, password, blink182, qwerty1, fuckyou, 123abc, baseball1, football1, 123456, soccer, monkey1, liverpool1, princess1, jordan23, slipknot1, superman1, iloveyou1 and monkey. (Different analysis here.) The most common password, "password1," was used in 0.22 percent of all accounts. The frequency drops off pretty fast after that: "abc123" and "myspace1" were only used in 0.11 percent of all accounts, "soccer" in 0.04 percent and "monkey" in 0.02 percent. For those who don't know, Blink 182 is a band. Presumably lots of people use the band's name because it has numbers in its name, and therefore it seems like a good password. The band Slipknot doesn't have any numbers in its name, which explains the 1. The password "jordan23" refers to basketball player Michael Jordan and his number. And, of course, "myspace" and "myspace1" are easy-to-remember passwords for a MySpace account. I don't know what the deal is with monkeys. We used to quip that "password" is the most common password. Now it's "password1." Who said users haven't learned anything about security? But seriously, passwords are getting better. I'm impressed that less than 4 percent were dictionary words and that the great majority were at least alphanumeric. Writing in 1989, Daniel Klein was able to crack (.gz) 24 percent of his sample passwords with a small dictionary of just 63,000 words, and found that the average password was 6.4 characters long. And in 1992 Gene Spafford cracked (.pdf) 20 percent of passwords with his dictionary, and found an average password length of 6.8 characters. (Both studied Unix passwords, with a maximum length at the time of 8 characters.) And they both reported a much greater percentage of all lowercase, and only upper- and lowercase, passwords than emerged in the MySpace data. The concept of choosing good passwords is getting through, at least a little. On the other hand, the MySpace demographic is pretty young. Another password study (.pdf) in November looked at 200 corporate employee passwords: 20 percent letters only, 78 percent alphanumeric, 2.1 percent with non-alphanumeric characters, and a 7.8-character average length. Better than 15 years ago, but not as good as MySpace users. Kids really are the future. None of this changes the reality that passwords have outlived their usefulness as a serious security device. Over the years, password crackers have been getting faster and faster. Current commercial products can test tens -- even hundreds -- of millions of passwords per second. At the same time, there's a maximum complexity to the passwords average people are willing to memorize (.pdf). Those lines crossed years ago, and typical real-world passwords are now software-guessable. AccessData's Password Recovery Toolkit would have been able to crack 23 percent of the MySpace passwords in 30 minutes, 55 percent in 8 hours. Of course, this analysis assumes that the attacker can get his hands on the encrypted password file and work on it offline, at his leisure; i.e., that the same password was used to encrypt an e-mail, file or hard drive. Passwords can still work if you can prevent offline password-guessing attacks, and watch for online guessing. They're also fine in low-value security situations, or if you choose really complicated passwords and use something like Password Safe to store them. But otherwise, security by password alone is pretty risky. - - - Bruce Schneier is the CTO of Counterpane Internet Security and the author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World. You can contact him through his website. From rforno at infowarrior.org Thu Dec 14 08:47:28 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Dec 2006 08:47:28 -0500 Subject: [Infowarrior] - =?iso-8859-1?q?John_McCain_=B9_s_War_On_Blogs?= Message-ID: (Color me surprised -- thought he had a greater clue about the Internet than Ted "Intertube" Stevens.......rf) John McCain?s War On Blogs http://thinkprogress.org/2006/12/13/mccain-war-on-blogs/ John McCain has made clear that he doesn?t like the blogosphere. Now he has introduced legislation that would treat blogs like Internet service providers and hold them responsible for all activity in the comments sections and user profiles. Some highlights of the legislation: ? Commercial websites and personal blogs ?would be required to report illegal images or videos posted by their users or pay fines of up to $300,000.? ? Internet service providers (ISPs) are already required to issue such reports, but under McCain?s legislation, bloggers with comment sections may face ?even stiffer penalties? than ISPs. ? Social networking sites will be forced to take ?effective measures? ? such as deleting user profiles ? to remove any website that is ?associated? with a sex offender. Sites may include not only Facebook and MySpace, but also Amazon.com, which permits author profiles and personal lists, and blogs like DailyKos, which allows users to sign up for personal diaries. Kevin Bankston of the Electronic Frontier Foundation notes that this proposal may be based more ?on fear or political considerations rather than on the facts.? When he introduced his legislation to the Senate, McCain offered no evidence that children are being victimized by people who post comments on blogs. McCain?s legislation could deal a serious blow to the blogosphere. Lacking resources to police their sites, many individual blogs may have to shut down open discussion. From rforno at infowarrior.org Thu Dec 14 08:49:09 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Dec 2006 08:49:09 -0500 Subject: [Infowarrior] - New rules outlaw melting pennies, nickels for profit Message-ID: New rules outlaw melting pennies, nickels for profit Posted 12/14/2006 12:01 AM ET By Barbara Hagenbaugh, USA TODAY WASHINGTON ? People who melt pennies or nickels to profit from the jump in metals prices could face jail time and pay thousands of dollars in fines, according to new rules out Thursday. Soaring metals prices mean that the value of the metal in pennies and nickels exceeds the face value of the coins. Based on current metals prices, the value of the metal in a nickel is now 6.99 cents, while the penny's metal is worth 1.12 cents, according to the U.S. Mint. That has piqued concern among government officials that people will melt the coins to sell the metal, leading to potential shortages of pennies and nickels. "The nation needs its coinage for commerce," U.S. Mint director Ed Moy said in a statement. "We don't want to see our pennies and nickels melted down so a few individuals can take advantage of the American taxpayer. Replacing these coins would be an enormous cost to taxpayers." STORY: Government appeals currency redesign There have been no specific reports of people melting coins for the metal, Mint spokeswoman Becky Bailey says. But the agency has received a number of questions in recent months from the public about the legality of melting the coins, and officials have heard some anecdotal reports of companies considering selling the metal from pennies and nickels, she says. Under the new rules, it is illegal to melt pennies and nickels. It is also illegal to export the coins for melting. Travelers may legally carry up to $5 in 1- and 5-cent coins out of the USA or ship $100 of the coins abroad "for legitimate coinage and numismatic purposes." Violators could spend up to five years in prison and pay as much as $10,000 in fines. Plus, the government will confiscate any coins or metal used in melting schemes. The rules are similar to those enacted in the 1960s and 1970s, when metals prices also rose, the Mint said. Ongoing regulations make it illegal to alter coins with an intent to commit fraud. Before today's new regulations, it was not illegal to melt coins. Metals prices have skyrocketed worldwide in recent years in response to rising demand, particularly in rapidly growing China and India. Prices for zinc, which accounts for nearly all of the metal in the penny, have risen 134% this year, according to the London Metal Exchange. Even accounting for a recent decline, the price of copper is up 50% since the start of 2006. Nickels are produced from 75% copper and 25% nickel. Although the Mint's new rules are immediately going into effect, the Mint will take comments from the public for a month. The government has changed the composition of coins in response to rising metal prices. The penny, which was pure copper when it was introduced in 1793, was last changed in 1982. Find this article at: http://www.usatoday.com/money/2006-12-14-melting-ban-usat_x.htm?csp=34 From rforno at infowarrior.org Thu Dec 14 09:04:14 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Dec 2006 09:04:14 -0500 Subject: [Infowarrior] - Research: U.S. worker interruptions costly Message-ID: (nope, I don't have a Crackberry/Treo.......rf) Research: U.S. worker interruptions costly Byproducts of an "always connected" culture, tech-enabled distractions ding businesses by as much as $588 billion annually. By Reuters Published: December 14, 2006, 4:56 AM PST http://news.com.com/Research+U.S.+worker+interruptions+costly/2100-1022_3-61 43663.html?tag=nefd.top The chances of you finishing this article without getting interrupted or distracted are slim. U.S. office workers get interrupted on the job as often as 11 times an hour, costing as much as $588 billion to U.S. business each year, according to research. Adding the distracting lure of checking e-mails, surfing the Internet and chatting by computer, and workers interrupt themselves nearly as much as they are interrupted by others, experts say. "With instant messaging on your desktop and alerts and e-mail notifications, you set yourself up for it," said John Putzier, founder of FirStep business strategists in Prospect, Pennsylvania. The barrage of interruptions and distractions only worsens at this time of year, experts say. "We have more things pulling at us," said Jonathan Spira, chief executive of Basex, a business consulting firm that researched the cost of interruptions. >From online shopping at work to planning the office holiday party, workers are bombarded with distractions, he said. "These holiday distractions result in more interruptions. It's certainly a recipe for even less work getting done, no question about it," he said. A typical manager is interrupted six times an hour, one recent study showed, while another found the average cubicle worker is interrupted more than 70 times a day. Other research has found office workers getting interrupted every 11 minutes, while another study said nearly half of workplace interruptions are self-imposed. A study by Basex found office distractions take up 2.1 hours of the average day--28 percent--with workers taking an average of five minutes to recover from each interruption and return to their original tasks. Still another study found a group of workers interrupted by e-mail and telephones scored lower on an IQ test than a test group that had smoked marijuana. Employee, interrupted Workers live in a state of "continuous partial attention," said Linda Stone, a Seattle-based writer and lecturer on attention and trends. "The motivation is 'I don't want to miss anything' because being connected makes me feel important," she said. "It's 'There's my BlackBerry. There's my cell phone. What time is it in Europe right now? How many phone calls did I get?' "It's a sense of stimulation and busy-ness," she said. Plenty of people would be lost without the "multitasking" battery of telephones, handheld messaging devices and computer instant messages, said Putzier. "In some cases, people would go into withdrawal if they weren't constantly interrupted," he said. "For some people, interruptions aren't interruptions to their job. Interruptions are their job." Workers tend to be unable to resist the temptation of what Lee Rainie, director of the Washington-based Pew Internet & American Life Project, called "scanning the horizon for any and all new possibilities." "Why don't you just shut off your e-mail? Why don't you shut off your phone or close your door? The answer is because I can never tell where a more important message will fly in," he said. Putzier puts the blame on younger Generation X and Generation Y workers. "They are the big-time abusers. If they need something or want something, they don't pick up the phone and ask for an appointment. They just barge in, and it's all about them," he said. Basex calculated the cost of interruptions in lost working hours to U.S. business is $588 billion a year. "It's a lot of time and productivity wasted," said Bary Sherman, head of the Institute for Business Technology-USA in San Diego that has developed a White Collar Productivity Index. Rainie called the pace of interruptions "a double-edged proposition." "People like the convenience and possibilities that this technology affords them when they want to use it," he said, "but they don't like the intrusions that it creates for them when other people want to express the same rights." The "constantly connected" trend is sowing the seeds of its own destruction, said Stone, who said, "We are overstimulated, overwhelmed and unfulfilled." Story Copyright ? 2006 Reuters Limited. All rights reserved. From rforno at infowarrior.org Thu Dec 14 20:59:44 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Dec 2006 20:59:44 -0500 Subject: [Infowarrior] - Homeland Security chief defends Real ID plan Message-ID: Homeland Security chief defends Real ID plan By Anne Broache http://news.com.com/Homeland+Security+chief+defends+Real+ID+plan/2100-1028_3 -6143862.html Story last modified Thu Dec 14 15:01:43 PST 2006 WASHINGTON--U.S. Department of Homeland Security Secretary Michael Chertoff on Thursday defended forthcoming national ID cards as vital for security and consistent with privacy rights. Chertoff said one of his agency's top goals next year is to forge ahead with recommendations for the controversial documents established by a federal law called the Real ID Act in May 2005. By 2008, Americans may be required to present such federally approved cards--which must be electronically readable--to travel on an airplane, open a bank account or take advantage of myriad government services such as Social Security. "I think this is an example (of) when security and privacy go hand in hand," the Homeland Security chief said in a half-hour speech at George Washington University here. "It is a win-win for both." The importance of such documents was magnified by an announcement Wednesday, Chertoff said. Federal authorities reported that they had made more than 1,200 arrests related to immigration violations and unmasked criminal organizations stealing and trafficking in genuine birth certificates and Social Security cards belonging to U.S. citizens. "Do you think your privacy is better protected if someone can walk around with phony docs with your name and your Social Security number, or is your privacy better protected if you have the confidence that the identification relied upon is in fact reliable and uniquely tied to a single individual?" Chertoff asked rhetorically. The upcoming federally approved IDs are intended to be a secure, tamperproof means of protecting Americans' identities while keeping out terrorists and other wrongdoers, Chertoff said. The Homeland Security chief, who is nearing his two-year mark with the agency, was likely trying to quell rampant skepticism about the IDs voiced by some privacy advocates, immigrants and other groups. Some have said they fear that the IDs are a stepping stone to a veritable police state, complete with ready surveillance of individuals. Some have argued that the idea of creating more tamperproof IDs is only a marginally better way to screen out those intent on committing terrorist acts because ID cards don't even begin to tackle a core crime prevention challenge: determining a person's unspoken intentions. State governments have also been critical of the 2008 deadline and what they have said amounts to an unfunded mandate to switch over their systems. A September study released by the National Governors Association, National Conference of State Legislatures and American Association of Motor Vehicle Administrators estimated that the overhaul of their identification systems (PDF) would cost states more than $11 billion over five years. The New Hampshire state legislature even considered passing a law earlier this year that would prohibit the state from complying with the federal Real ID law. Homeland Security has yet to issue congressionally mandated recommendations for the cards, so it's unclear how, exactly, they would work. The cards must contain, at a minimum, a person's name, birth date, gender, ID number, digital portrait, address, "physical security features" to prevent tampering or counterfeiting and a "common machine-readable technology" specified by Homeland Security. A recent draft report by a DHS advisory committee(PDF) advised against using radio frequency identification technology, or RFID, in tracking humans because of privacy concerns. The purpose of Chertoff's Thursday morning speech was to reflect on the agency's work during the past year and to outline goals for 2007. For the past year, he focused on three major areas: immigration and border security, Hurricane Katrina recovery and a foiled terrorism plot originating from London in August. Conspicuously absent was any mention of the department's cybersecurity plans. After more than a year of delay, Chertoff hired Gregory Garcia, who had been working as a vice president at the Information Technology Association of America lobby group, as the department's first assistant secretary for cybersecurity. That step came after the department had sustained repeated bashing of its efforts in that realm from members of Congress. Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Thu Dec 14 21:03:06 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Dec 2006 21:03:06 -0500 Subject: [Infowarrior] - Turning Sharks into Robotic Sentries Message-ID: Undersea Spies Turning Sharks into Robotic Sentries By Chris Berdik http://www.bu.edu/alumni/buforward/archives/Dec_2006/articles/spies.html It seems like science fiction, but the U.S. military would like to use sharks as underwater spies. The folks at the Defense Advanced Research Projects Agency (DARPA), who dream up the future of weapons and military systems, envision squads of sharks prowling the oceans with sensors that could transmit evidence of explosives or other threats. The military use of marine animals isn?t new. For decades, the navy has used dolphins and sea lions to patrol harbors, salvage expensive hardware, and locate potential sea mines. Indeed, mounting chemical, auditory, or visual sensors on a shark is the easy part. The challenge is finding a way to steer sharks over long distances. Over millions of years, sharks have evolved to pursue one particular target of opportunity ? lunch ? and military commanders would need a way to override that instinct in order to dispatch their shark spies to areas of strategic interest. DARPA turned to Jelle Atema, a College of Arts and Sciences professor of biology at the Boston University Marine Program, who for many years has been researching how marine animals use their sense of smell. Atema proposed that because sharks are expert at tracking odors over very long distances, the key to steering a shark was to follow its nose. With more than a year of DARPA funding, which ended last year, Atema was able to use electrical stimulation of a shark?s brain, mimicking odor, to guide the shark around a large tank. The military has since made the research classified, and it is now run out of the Naval Undersea Warfare Center in Newport, R.I. But Atema is seeking new funding sources to continue his work on sharks, with potential civilian applications in mind ? such as tracking fish populations, changes in ocean temperatures, or chemical spills. From rforno at infowarrior.org Thu Dec 14 23:30:48 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Dec 2006 23:30:48 -0500 Subject: [Infowarrior] - FW: Web site to monitor Internet traffic pulse In-Reply-To: Message-ID: (c/o Cybertelcom-L) http://www.computerworld.com.au/index.php/id;1044057986;fp;4194304;fpid;1 The Minnesota Internet Traffic Studies (MINTS) site (check it out in coming weeks for more details about MINTS) will integrate with more than100 sites around the world -- some academic and others commercial -- that track network traffic, said Andrew Odlyzko , director of the Digital Technology Center at the University of Minnesota and a speaker at Tuesday's Internet Bandwidth Supply & Demand conference at Boston University, which was organized by Information Gatekeepers (IGI). In addition, carriers will share some of their network traffic numbers under nondisclosure agreements, so that traffic loads and patterns can be analyzed and shared, but without revealing individual carrier numbers, he said. From rforno at infowarrior.org Thu Dec 14 23:32:34 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Dec 2006 23:32:34 -0500 Subject: [Infowarrior] - U.S. Is Dropping Effort to Track if Visitors Leave Message-ID: December 15, 2006 U.S. Is Dropping Effort to Track if Visitors Leave By RACHEL L. SWARNS and ERIC LIPTON http://www.nytimes.com/2006/12/15/washington/15exit.html?ei=5094&en=27f5ff9d cbd78759&hp=&ex=1166158800&partner=homepage&pagewanted=print WASHINGTON, Dec. 14 ? In a major blow to the Bush administration?s efforts to secure borders, domestic security officials have for now given up on plans to develop a facial or fingerprint recognition system to determine whether a vast majority of foreign visitors leave the country, officials say. Domestic security officials had described the system, known as U.S. Visit, as critical to security and important in efforts to curb illegal immigration. Similarly, one-third of the overall total of illegal immigrants are believed to have overstayed their visas, a Congressional report says. Tracking visitors took on particular urgency after the Sept. 11 terrorist attacks, when it became clear that some of the hijackers had remained in the country after their visas had expired. But in recent days, officials at the Homeland Security Department have conceded that they lack the financing and technology to meet their deadline to have exit-monitoring systems at the 50 busiest land border crossings by next December. A vast majority of foreign visitors enter and exit by land from Mexico and Canada, and the policy shift means that officials will remain unable to track the departures. A report released on Thursday by the Government Accountability Office, the nonpartisan investigative arm of Congress, restated those findings, reporting that the administration believes that it will take 5 to 10 years to develop technology that might allow for a cost-effective departure system. Domestic security officials, who have allocated $1.7 billion since the 2003 fiscal year to track arrivals and departures, argue that creating the program with the existing technology would be prohibitively expensive. They say it would require additional employees, new buildings and roads at border crossings, and would probably hamper the vital flow of commerce across those borders. Congress ordered the creation of such a system in 1996. In an interview last week, the assistant secretary for homeland security policy, Stewart A. Baker, estimated that an exit system at the land borders would cost ?tens of billions of dollars? and said the department had concluded that such a program was not feasible, at least for the time being. ?It is a pretty daunting set of costs, both for the U.S. government and the economy,? Mr. Stewart said. ?Congress has said, ?We want you to do it.? We are not going to ignore what Congress has said. But the costs here are daunting. ?There are a lot of good ideas and things that would make the country safer. But when you have to sit down and compare all the good ideas people have developed against each other, with a limited budget, you have to make choices that are much harder.? The news sent alarms to Congress, where some Republicans and Democrats warned that suspending the monitoring plan would leave the United States vulnerable. Representative Dana Rohrabacher, a California Republican who is a departing subcommittee chairman on the House International Relations Committee, said the administration could not say it was protecting domestic security without creating a viable exit monitoring system. ?There will not be border security in this country until we have a knowledge of both entry and exit,? Mr. Rohrabacher said. ?We have to make a choice. Do we want to act and control our borders or do we want to have tens of millions of illegals continuing to pour into our country?? Representative Bennie Thompson, the Mississippi Democrat who is set to lead the Homeland Security Committee, also expressed concern. ?It is imperative that Congress work in partnership with the department to develop a comprehensive border security system that ensures we know who is entering and exiting this country and one that cannot be defeated by imposters, criminals and terrorists,? Mr. Thompson said in a statement Thursday. In January 2004, domestic security officials began fingerprint scanning for arriving visitors. The program has screened more than 64 million travelers and prevented more than 1,300 criminals and immigration violators from entering, officials said. Homeland Security Secretary Michael Chertoff and other officials often call the program a singular achievement in making the country safer. U.S. Visit fingerprints and photographs 2 percent of the people entering the country, because Americans and most Canadians and Mexicans are exempt. Efforts to determine whether visitors actually leave have faltered. Departure monitoring would help officials hunt for foreigners who have not left, if necessary. Domestic security officials say, however, it would be too expensive to conduct fingerprint or facial recognition scans for land departures. Officials have experimented with less costly technologies, including a system that would monitor by radio data embedded in a travel form carried by foreigners as they depart by foot or in vehicles. Tests of that technology, Radio Frequency Identification, found a high failure rate. At one border point, the system correctly identified 14 percent of the 166 vehicles carrying the embedded documents, the General Accountability Office reported. The Congressional investigators noted the ?numerous performance and reliability problems? with the technology and said it remained unclear how domestic security officials would be able to meet their legal obligation to create an exit program. Some immigration analysts said stepping away from the program raised questions again about the commitment to enforce border security and immigration laws. A senior policy analyst at the Center for Immigration Studies, Jessica Vaughn, said the government had long been too deferential to big businesses and travel groups that raised concerns that exit technology might disrupt travel and trade. ?I worry that the issue of cost is an excuse for not doing anything,? said Ms. Vaughn, whose group advocates curbing immigration. Domestic security officials said they still hoped to find a way to create an exit system at land borders. ?We would to do more testing,? a spokesman for the department, Jarrod Agen, said. ?We are evaluating the initial tests to determine how to move forward.? From rforno at infowarrior.org Fri Dec 15 09:28:31 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Dec 2006 09:28:31 -0500 Subject: [Infowarrior] - Senators Threaten To Repeal Real ID Act Unless Changes Are Made Message-ID: (c/o pogowasright.org) Senators Threaten To Repeal Real ID Act Unless Changes Are Made If the Department of Homeland Security does not agree to changes that reduce the burden on state governments and increase privacy protections for citizens, two senators say they will try to have the national ID law repealed. By K.C. Jones, InformationWeek Dec. 14, 2006 URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=196604402 Two Senators proposed legislation last week to repeal the Real ID Act of 2005. The lawmakers are likely to take the issue up again during the 110th Congress. Sen. Daniel Akaka, a Hawaii Democrat, and Sen. John Sununu, a New Hampshire Republican, are pushing for individual privacy protections and lower costs for state governments. If the Department of Homeland Security will not agree to changes that reduce the burden on state governments and increase privacy protections for citizens, Akaka said he would try to have the national ID law repealed. Akaka echoed complaints from hundreds of groups -- including the National Rifle Association, the American Civil Liberties Union, and associations representing state lawmakers -- in criticizing the legislation. He noted that the law was attached to defense spending, tsunami relief, and terror prevention. He said the proposal was not subjected to scrutiny, floor debate, or hearings before Congress was "forced" to pass it. The Real ID Act requires state licenses and identification to meet a series of requirements in order to be considered valid for entering federal buildings or boarding planes. He pointed to a study by the National Governors' Association that concluded states would have to spend $1.42 billion to meet the act's requirement that state governments electronically verify all documents people use when obtaining drivers licenses. A re-enrollment requirement would cost about $8 billion in five years, he said. The whole program would cost $11 billion, according to the governors' association. That's because states would have to adopt new electronic systems for verifying documents like birth certificates and would have to link those systems to other states to meet requirements for residents born elsewhere. The act would hinder or entirely stop online and mail order renewals, creating backups at motor vehicle departments, Akaka said. "In addition to the cost imposed on states, Real ID imposes an unrealistic timeframe," he said. "Under the law, states must have Real ID compliant systems in place by May 2008. Yet implementing regulations have not been issued." Once the Homeland Security department issues the regulations, the U.S. Office of Management and Budget has 90 days to review them. By the time that is done, states will have about a year to develop electronic verification systems, redesign drivers' licenses, establish protocols for securing personal data, increase motor vehicle staff and find funding for the overhaul, Akaka pointed out. "It's taken DHS over a year and a half just to issue the regulations," he said. "Expecting the states to execute the new system in even less time is unrealistic. Akaka also criticized requirements for collection and storage of sensitive, personally identifiable information, including Social Security numbers, proof of residence and biometric identifiers. "If the new state databases are compromised, they will provide one-stop access to virtually all information necessary to commit identity theft," he said. Information sharing between agencies could allow millions of people to access the information, he said. Finally, there are no protections to stop the private sector from scanning and sharing information. "Despite these obvious threats to Americans' privacy, the Real ID Act fails to mandate privacy protections for individuals' information nor does it provide states with the means to implement data security and anti-hacking protections that will be required to safeguard the new databases mandated by the Act," Akaka said. Akaka said he plans to review upcoming DHS regulations to see if they address the issues before taking further action on the bill. From rforno at infowarrior.org Fri Dec 15 10:36:59 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Dec 2006 10:36:59 -0500 Subject: [Infowarrior] - FW: [attrition] 100 million... the gloves come off. In-Reply-To: Message-ID: http://attrition.org/dataloss/rant/100million.html Thu Dec 14 20:31:40 EDT 2006 Lyger I'm going to preface this entire rant with one caveat: I have respect for Beth Givens and Privacy Rights Clearinghouse for their efforts to promote awareness regarding data breaches that involve personally identifying information. I have respect for other groups and entities who care enough to report these breaches, analyze them, and provide meaningful and insightful commentary and analysis. However: I really have a hard time respecting journalists who fail to do basic background research regarding this topic, especially when their writings openly praise the "popular kids at school" and fully ignore the hard work of others who make those "kids" so popular. [...] http://attrition.org/dataloss/rant/100million.html From rforno at infowarrior.org Sat Dec 16 01:05:06 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Dec 2006 01:05:06 -0500 Subject: [Infowarrior] - Why cell phone outage reports are secret Message-ID: Why cell phone outage reports are secret Posted: Friday, December 15 at 06:00 am CT by Bob Sullivan http://redtape.msnbc.com/2006/12/why_cell_phone_.html#posts Consumers have no idea how reliable their cell phone service will be when they buy a phone and sign a long-term contract. The Federal Communications Commission could offer some guidance, but it won't. The agency refuses to make public a detailed database of cell phone provider outages that it has maintained since 2004. A federal Freedom of Information Act request for the data, filed in August by MSNBC.com, has been rejected by the agency. The stated reasons: Release of the information could help terrorists plan attacks against the United States, and it would harm the companies involved. Complaints about cell phone service are near the top of every list of consumer gripes. The Illinois attorney general?s office, for example, last year ranked cell phone complaints as the fourth-most-common complaint, trailing only gas prices, credit card firms and home improvement scams. To find out if a cell phone carrier service will be reliable, consumers are forced to buy a phone, then use it at home and on their normal commuting routes. Callers generally get 30 days at most to return a phone if the service doesn?t work well enough. But that test won?t reveal anything about carriers? periodic outages. The Federal Communications Commission does know something about outages, however. It has collected outage reports from telecommunications firms since the early 1990s. Any time a carrier has an outage that affects 900,000 caller minutes ? say a 30-minute outage impacting 30,000 customers ? it must report it to the Network Outage Reporting System. In the beginning, the reports all were from ?wire line? telephone providers and were available to the public. But in 2004, the commission ordered wireless firms to supply outage reports as well. But at the same time, it removed all outage reports from public view and exempted them from the Freedom of Information Act. The FCC took the action at the urging of the Department of Homeland Security, which argued that publication of the reports would ?jeopardize our security efforts.? ?The same outage data that can be so useful ? to identify and remedy critical vulnerabilities and make the network infrastructure stronger can, in hostile hands, be used to exploit those vulnerabilities to undermine or attack networks,? DHS said. 'Corporate competition protection' What use would wireless outage reports have to would-be terrorists? Not much, said NBC terrorism analyst Roger Cressey, the former chief of staff of the President?s Critical Infrastructure Protection Board. ?There is nothing mysterious behind it, it is corporate competition protection,? said Cressey, now a partner in Good Harbor Consulting. ?The only reason for the government to not let these records get out is then one telco provider could run a full-page ad saying ?the government says we?re more reliable.?? Cressey added that he couldn?t imagine a scenario where the reports would be valuable to terrorists. In October, MSNBC.com filed an administrative appeal of the FCC?s rejection of its FOIA request. The FCC has not yet responded to the appeal. In its initial answer to MSNBC.com?s FOIA request, FCC officials cited only one reason for the denial: ?competitive harm? to companies involved. ?NORS records are not available to the public,? the rejection letter said. ?Given the competitive nature of many segments of the communications industry and the importance that outage information may have on the selection of a service provider or manufacturer, we conclude that there is a presumptive likelihood of substantial competitive harm from disclosure of information in outage reports.? That?s likely true. A report that revealed which mobile phone company suffered the most outages in a given area would likely impact consumers? choice of provider. Such information would be in the public interest, MSNBC.com believes. ?We believe that this is basic consumer information and we will continue to fight for your right to know it,? said MSNBC.com editor-in-chief Jennifer Sizemore. Explanation doesn't measure up, expert says The explanation also does not meet the bar set by the Freedom of Information Act for an agency to decline a request, according to an analysis by The Reporters Committee for Freedom of the Press. The competitive harm exemption ?requires fairly detailed explanations by the company involved as to how the release of information will put it at a substantial competitive disadvantage,? said analyst Nathan Winegar. In a subsequent response to a reporter?s query, an FCC spokesman pointed toward the second reason for the public record request denial: The 2004 administrative order declaring the outage records off limits to the public. That order cited both competitive harm and national security. Al Tompkins, a Freedom of Information Act expert at the Poynter Institute, a journalism think-tank, said release of the cell phone outage reports would be ?a tremendous consumer tool,? and compared them to the Federal Aviation Administration?s publication of airline on-time records. ?It seems to me that while one could understand it might put one company at a competitive disadvantage, it would put another at a competitive advantage,? he said. ?The airwaves are owned by the public. ? The public has a need to know what?s reliable and what?s not.? Not every mobile phone firm thought the database needed to be hidden from public view when the FCC decided to make it secret in 2004. Sprint argued that the commission could ?scrub? the reports of sensitive material before they were made public and thus serve the ?seemingly divergent needs for public access and protection of confidential information.? The FCC chose the blunt instrument. Another 'national security issue' Tompkins said the blanket removal of the entire outage report system from public view was symptomatic of a larger trend in the Bush administration. ?Every time we turn around something else is a national security issue,? he said. Furthermore, if some larger pattern of cell phone outages could be gleaned from the reports, he said, companies might ?fix it, not bury it.? ?I can?t think of one problem that has gone away because it?s kept a secret,? he said. The Freedom of Information Act, signed into law in 1966, provides specific procedures for U.S. citizens to gain access to government documents, through a procedure known as a FOIA request. The law was amended in the mid-1970s in reaction to the Watergate scandal, with time and fee limits imposed on government agencies to comply with requests. The law was amended again in 1986, but journalists continued to complain that federal agencies were still stonewalling. In response to those complaints, in October 1993 then-President Bill Clinton issued an administrative memo calling for federal agencies to ?renew their commitment? to the spirit of the Freedom of information Act. The law was originally intended to make government paper records available to the public, but gradually has been extended to apply to electronic records as well. Anyone can file a FOIA request, but the procedure is most frequently used by journalists, lawyers and jail inmates seeking more information about their cases. Many agencies, including the FCC, now allow FOIA requests to be filed right from their Web sites. From rforno at infowarrior.org Sat Dec 16 22:46:49 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Dec 2006 22:46:49 -0500 Subject: [Infowarrior] - Talk of Satellite Defense Raises Fears of Space War Message-ID: Talk of Satellite Defense Raises Fears of Space War U.S. Says Attacks on Crucial Systems Are Possible, Warns It Would Respond Forcefully By Marc Kaufman Washington Post Staff Writer Sunday, December 17, 2006; A12 http://www.washingtonpost.com/wp-dyn/content/article/2006/12/16/AR2006121600 791_pf.html For a U.S. military increasingly dependent on sophisticated satellites for communicating, gathering intelligence and guiding missiles, the possibility that those space-based systems could come under attack has become a growing worry -- and the perceived need to defend them ever more urgent. And that, in turn, is reviving fears in some quarters that humanity's conflicts could soon spread beyond Earth's boundaries. In a speech last week, a senior Bush administration official warned that other nations, and possibly terrorist groups, are "acquiring capabilities to counter, attack and defeat U.S. space systems." As a result, he said, the United States must increase its ability to protect vital space equipment with new technologies and policies. Elaborating publicly for the first time since the October release of a new national space policy, Undersecretary of State Robert G. Joseph made clear that the administration would react forcefully to any attempt to interfere with U.S. space technology -- whether used by the military or by businesses ranging from paging services and automated teller machines to radio and television providers. "No nation, no non-state actor, should be under the illusion that the United States will tolerate a denial of our right to the use of space for peaceful purposes," said Joseph, undersecretary for arms control and international security. "We reserve the right to defend ourselves against hostile attacks and interference with our space assets. We will, therefore, oppose others who wish to use their military capabilities to impede or deny our access to and use of space. We will seek the best capabilities to protect our space assets by active or passive means." The administration insists that there is no arms race in space, although the United States is the only nation that opposed a recent United Nations call for talks on keeping weapons out of space. The statement of American resolve in space came against the backdrop of an intensifying debate between those who criticize any push to put weapons in space and others who say the nation cannot afford to let potential adversaries get the upper hand. Some Democrats and representatives of other nations are becoming more vocal in their concern about the administration's rhetoric and possible plans regarding space defense. Although the 1967 U.N. Outer Space Treaty, signed by the United States, allows only peaceful uses of space, some believe that the United States is moving toward some level of weaponization, especially related to a missile defense system. Both the new space policy and Joseph's speech "left a lot of room for weaponization of space, which is something that our members have been very concerned about for a while," said Loren Dealy, spokeswoman for the Democratic majority on the House Armed Services Committee. "It also took a very unilateral approach and did not address the issue of multinational agreements to protect satellites that are there." Sen. Christopher J. Dodd (D-Conn.) earlier criticized the president's new national space policy, saying, "As we deal with the threats to peace and security from the proliferation of land-based weapons, surely we need to think long and hard before creating potential space-based proliferation threats." Theresa Hitchens, director of the nonpartisan Center for Defense Information, said she found the tone and substance of Joseph's comments last week puzzling. "It is somewhat ironic that while he kept saying 'There is no arms race in space' -- which says to me no real threat in space -- his whole pitch was how we have to protect our satellites, including using weapons," she said, citing Joseph's mention of "active means" of defending assets. "The truth of the matter is that the most likely threats are from the ground -- jamming, hacking, blowing up a tracking station -- and anti-satellite weapons and/or space-based weapons do nothing to resolve those threats." The deputy head of the Russian Federal Space Agency, Vitaliy Davydov, was the most blunt. He called the Bush space policy "the first step towards a serious escalation of the military confrontation space," according to the Russian news agency Interfax. He also said that, unlike air and sea weapons, space weapons would be "global and would hang over the entire world." He said, moreover, that Russia has the capability to "also roll out certain military elements into outer space." Some Capitol Hill staffers on military affairs committees said they think the administration's tough talk on space defense may be setting the stage for a future budget request, especially for funds to start a controversial space-based "test bed" of missile interceptors that could be used in a future missile defense system. One staffer, speaking on the condition of anonymity because of committee rules, said the Pentagon has been hinting that it wants to make such a request for 2008, but it is unclear whether it would be in the budget due out in early February. A Pentagon spokesman said it would be inappropriate to discuss possible budget requests because they are in a "pre-decisional position." The recent emphasis on space defense coincides with the release of several Government Accountability Office reports criticizing the Pentagon's management of space programs designed to enhance "situational awareness" -- the essential ability to know what is happening to satellites in space and why. In its most recent report, the GAO said last month that "on a broad scale," Defense Department space programs are behind schedule and over budget. The department "starts more weapon programs than it can afford, creating a competition for funding that encourages low cost estimating, optimistic scheduling, over-promising, suppressing of bad news," the GAO wrote. Nonetheless, Capitol Hill staffers said there is bipartisan agreement that U.S. space assets are vulnerable and need to be better protected, although there is disagreement about how to do that. Joseph's comments were especially well received by the group that sponsored his talk, the George C. Marshall Institute, a nonprofit group that specializes in technical aspects of defense and environmental debates. Institute President Jeff Kueter said Joseph highlighted a major and growing U.S. vulnerability that needs to be addressed. He said China, in particular, is a potential adversary in space and one that appears to be developing its capacities quickly. The publication Defense News reported this fall that the Chinese had succeeded in focusing a ground-based laser on an American satellite in a test of anti-satellite capabilities. Given the nation's reliance on satellites and space technology as well as the vulnerability of the equipment, Kueter said, "the administration and Congress need to think quite seriously about what we do about countering space threats and protecting space assets. Not enough thought is being given to implementing the space policy, to taking those next steps." Kueter said his institute hopes the Pentagon will ask Congress to fund the space-based "test bed" for national security purposes, though not necessarily as part of an immediate space-based missile defense system. His views were captured in the title of a Marshall Institute policy statement he wrote in October: "The War in Space Has Already Begun." From rforno at infowarrior.org Sat Dec 16 22:50:11 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Dec 2006 22:50:11 -0500 Subject: [Infowarrior] - Time Magazine's Person of the Year: You Message-ID: (Congratulations to everyone.........rf) Time Magazine's Person of the Year: You Yes, you. You control the Information Age. Welcome to your world. http://www.time.com/time/magazine/article/0,9171,1569514,00.html > And for seizing the reins of the global media, for founding and framing the > new digital democracy, for working for nothing and beating the pros at their > own game, TIME's Person of the Year for 2006 is you. From rforno at infowarrior.org Sun Dec 17 11:58:38 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 Dec 2006 11:58:38 -0500 Subject: [Infowarrior] - Theater of the Absurd at the T.S.A. Message-ID: December 17, 2006 Digital Domain Theater of the Absurd at the T.S.A. By RANDALL STROSS http://www.nytimes.com/2006/12/17/business/yourmoney/17digi.html?_r=2&oref=s login&pagewanted=print FOR theater on a grand scale, you can?t do better than the audience-participation dramas performed at airports, under the direction of the Transportation Security Administration. As passengers, we tender our boarding passes and IDs when asked. We stand in lines. We empty pockets. We take off shoes. We do whatever is asked of us in these mass rites of purification. We play our assigned parts, comforted in the belief that only those whose motives are good and true will be permitted to pass through. Of course, we never see the actual heart of the security system: the government?s computerized no-fly list, to which our names are compared when we check in for departure. The T.S.A. is much more talented, however, in the theater arts than in the design of secure systems. This becomes all too clear when we see that the agency?s security procedures are unable to withstand the playful testing of a bored computer-science student. In late October, Christopher Soghoian, a Ph.D. student in the School of Informatics at Indiana University, found his attention wandering during a lecture in his Cryptographic Protocols class. While sitting in class, he created a Web site he called ?Chris?s Northwest Airlines Boarding Pass Generator.? A visitor to the site could plug in any name, and Mr. Soghoian?s software would create a page suitable for printing with a facsimile of a boarding pass, identical in appearance to one a passenger who had bought a Northwest Airlines ticket would generate when using the airline?s at-home check-in option. The fake pass could not be used to actually board a plane ? boarding passes are checked at the gate against the roster of ticket buyers in the airline?s database ? but it could come in handy for several other purposes, Mr. Soghoian suggested, such as passing through airport security so you could meet your elderly grandparents at the gate. Or, as he told his site?s visitors, it could ?demonstrate that the T.S.A. Boarding Pass/ID check is useless.? It worked well, indeed. No cryptographic recipe was cracked; no airline computer system was compromised. Without visiting an airport, Mr. Soghoian needed access to nothing other than a public Web site to embarrass those responsible for airport security. To thank Mr. Soghoian for helping the government identify security weaknesses, the T.S.A. sent him a letter warning of possible felony criminal charges and fines, and ordered him to cease operations, which he promptly did. It was too late, however, to spare his apartment from an F.B.I. raid. Richard L. Adams, the T.S.A.?s acting federal security director, said Mr. Soghoian?s generator ?could pose a threat to aviation security.? But Bruce Schneier, chief technology officer at BT Counterpane, a security consulting firm in Mountain View, Calif., emphatically disagreed. Anybody with Photoshop could create a fake boarding pass, he said. Mr. Soghoian?s Web site simply eliminated the need to use Photoshop. The T.S.A.?s profession of outrage is nothing but ?security theater,? Mr. Schneier said, using the phrase he coined in 2003 to describe some of the agency?s procedures. Mr. Schneier is not alone in his view that the T.S.A. vilifies people who point out its flaws. Matthew Blaze, an associate professor of computer science at the University of Pennsylvania, did not regard Mr. Soghoian?s generator as a dangerous breach of national security, either. ?If a grad student can figure it out,? he said, ?we can assume agents of Al Qaeda can do the same.? The root problem, as some experts see it, is the T.S.A.?s reliance on IDs that are so easily obtained under false pretenses. ?It would be wonderful if Osama bin Laden carried a photo ID that listed his occupation of ?Evildoer,? ? permitting the authorities to pluck him from a line, Mr. Schneier said. ?The problem is, we try to pretend that identity maps to intentionality. But it doesn?t.? Woe to him or her who happens to have a name identical to someone else deemed a possible menace to society and who finds, upon check-in, that the no-fly list places one?s own name by Mr. bin Laden?s. When a terror suspect?s alias using the Kennedy name appeared on the list, gate agents blocked Senator Edward M. Kennedy of Massachusetts from boarding in Washington. And Boston. And Palm Beach, Fla. And New York. Each time, supervisors interceded on his behalf, but only because of his status as an elected official. T.S.A. officials have said they think that the effectiveness of the no-fly list, as well as a ?selectee? list ? which permits flying but brings an extra round of physical screening ? will improve if the task of comparing names against the lists is taken out of the airlines? hands and given to the agency. The name of this initiative is ?Secure Flight.? Ostensibly interested in what security specialists and legal authorities on privacy issues thought of its Secure Flight plans, the agency convened an advisory group in January 2005. (Mr. Schneier was a member.) Nine months later, when the advisers turned in their final report, it showed that the T.S.A.?s planners had given little or no thought to basic security issues, such as the problem of stolen identities. Expressing frustration, the T.S.A.?s advisers said in their report that the T.S.A. had been so tight-lipped when talking to them that they never received the information they needed to make a single substantive recommendation. Professor Blaze has a great deal of experience publicly discussing the most sensitive of security vulnerabilities. He acknowledged that disclosure of a security weakness prompts ?a natural and human response: ?Why should we help the bad guys?? ? The answer, he said, is that the bad guys aren?t helped ? because they almost certainly already know a system?s weak points ? and that disclosing the weaknesses brings pressure on government agencies and their suppliers to improve security for the good guys. Last year, when Professor Blaze and his graduate students discovered a host of techniques for thwarting or deceiving government wiretapping systems, he said his group initially felt a spasm of hesitation about publishing academic papers about their findings. But they quickly returned to first principles ? criminals had undoubtedly discovered the techniques; scientific inquiry requires openness ? and prepared to publish their results. Before proceeding, they called in the F.B.I. to explain and braced for an attempt to suppress their work. ?To their credit,? Professor Blaze said, ?they understood and did nothing to try to stop it.? The T.S.A. shows no signs of similar enlightenment. The agency?s investigation of Mr. Soghoian?s short-lived boarding-pass experiment was continuing, a spokesman, Christopher White, said last week. WHEN I asked Mr. Schneier of BT Counterpane what he would do if he were appointed leader of the T.S.A., he said he would return to the basic procedures for passenger screening used before the 2001 terrorist attacks, which was designed to do nothing more ambitious than ?catch the sloppy and the stupid.? He said he would also ensure that passengers? bags fly only if the passenger does, improve emergency response capabilities and do away entirely with ID checks and secret databases and no-fly and selectee lists. He added that he would shift funds into basic investigation and intelligence work, which he believes produces results like the arrests of the London bomb suspects. ?Put smart, trained officers in plainclothes, wandering in airports ? that is by far the best thing the T.S.A. could do,? he said. The issues raised by the discovery of security vulnerabilities are not new. A. C. Hobbs, a locksmith who in 1853 wrote the book on locks and safes (the title: ?Locks and Safes?) knew that ?many well-meaning persons? assume that public exposure of a lock?s insecure design will end up helping criminals. His response to this concern is no less apt today than it was then: ?Rogues are very keen in their profession, and know already much more than we can teach them.? Randall Stross is an author based in Silicon Valley and a professor of business at San Jose State University. E-mail: digitaldomain at nytimes.com. From rforno at infowarrior.org Sun Dec 17 12:00:05 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 Dec 2006 12:00:05 -0500 Subject: [Infowarrior] - Showdown Looms Over Domestic Spying Message-ID: Showdown Looms Over Domestic Spying By David Kravets The Associated Press http://www.truthout.org/docs_2006/121706Y.shtml Sunday 17 December 2006 San Francisco - Federal agents continue to eavesdrop on Americans' electronic communications without warrants a year after President Bush confirmed the practice, and experts say a new Congress' efforts to limit the program could trigger a constitutional showdown. High-ranking Democrats set to take control of both chambers are mulling ways to curb the program Bush secretly authorized a month after the Sept. 11 attacks. The White House argues the Constitution gives the president wartime powers to eavesdrop that he wouldn't have during times of peace. "As a practical matter, the president can do whatever he wants as long as he has the capacity and executive branch officials to do it," said Carl Tobias, a legal scholar at the University of Richmond in Virginia. Lawmakers could impeach or withhold funding, or quash judicial nominations, among other measures. The president, however, can veto legislation, including a law demanding the National Security Agency obtain warrants before monitoring communications. Such a veto would force Congress to muster a two-thirds vote to override. "He could take the position he doesn't have to comply with whatever a new Congress says," said Vikram Amar, a law professor at the University of California, Hastings, and a former Supreme Court clerk. Douglas Kmiec, a former Justice Department official under former presidents Reagan and George H.W. Bush, speculated the younger Bush would assert executive authority to continue eavesdropping in the face of new legislation - perhaps leaving the Supreme Court as the final arbiter. "He has as much a constitutional obligation to assert himself, just as much as Congress does," Kmiec said. "We do need an arbitrator, an interpreter. That's what the courts, the third branch of government, was intended to be." On Dec. 17, 2005, Bush publicly acknowledged for the first time he had authorized the NSA to monitor, without approval from a judge, phone calls and e-mails that come into or originate in the U.S. and involve people the government suspects of having terrorist links. Bush said he had no intention of halting what he called a "vital tool" in the war on terror. When the Republican-controlled Congress adjourned last week, it left the spying program unchecked. The next move falls to the Democrats who take control in January and are considering a proposal to demands Bush get warrants and others lengthening the time between surveillance and when a warrant must be obtained. A spokesman for Sen. Harry Reid, the incoming Senate majority leader from Nevada, said the eavesdropping issue "is something he expects to tackle early next year." "He doesn't believe in giving the president a blank check to listen to the phone conversations of millions of Americans," spokesman Jim Manley said. Jennifer Crider, a spokeswoman for Nancy Pelosi, the San Francisco Democrat who will become House speaker, said eavesdropping legislation was under consideration and hearings on the topic were likely early next year. Decisions are pending in dozens of lawsuits challenging the program. The Cincinnati-based 6th U.S. Circuit Court of Appeals, the highest court squarely confronted with the issue so far, is to hear the American Civil Liberties Union's challenge Jan. 31. One stop short of the Supreme Court, the appeals court will review a Detroit judge's ruling that the program was unconstitutional. The case is American Civil Liberties Union v. National Security Agency, 06-2095. From rforno at infowarrior.org Sun Dec 17 21:17:36 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 Dec 2006 21:17:36 -0500 Subject: [Infowarrior] - NASA Ames Schedules Briefing to Discuss Google Agreement Message-ID: NASA Ames Schedules Briefing to Discuss Google Agreement PRESS RELEASE Date Released: Friday, December 15, 2006 Source: Ames Research Center MOFFETT FIELD, Calif,. - NASA Ames Research Center hosts a media briefing Monday to discuss a major announcement involving Google, Inc. WHAT: Media briefing announcing details of Space Act Agreement with Google, Inc. WHERE: NASA Ames Research Center, Bldg. N-200, upstairs conference room WHO: S. Pete Worden, director, NASA Ames Research Center and Chris Kemp, director of business development, NASA Ames Research Center WHEN: 11:00 a.m. PST, Monday, Dec. 18, 2006. Media call-in: 1-866-758-1669; pass code: 2663262 From rforno at infowarrior.org Mon Dec 18 15:01:39 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Dec 2006 15:01:39 -0500 Subject: [Infowarrior] - Copyright Tool Will Scan Web for Violations Message-ID: Copyright Tool Will Scan Web for Violations http://www.freepress.net/news/19837 >From Wall Street Journal, December 18, 2006 By Kevin J. Delaney To deal with the mounting copyright issues swirling around video and other content online, a start-up founded by some respected Silicon Valley executives is taking a novel approach: combing the entire Web for unauthorized uses. Privately held Attributor Corp. of Redwood City, Calif., has begun testing a system to scan the billions of pages on the Web for clients? audio, video, images and text ? potentially making it easier for owners to request that Web sites take content down or provide payment for its use. The start-up, which was founded last year and has been in ?stealth? mode, is emerging into the public eye today, at a time when some media and entertainment companies? frustration with difficulties identifying infringing uses of their content online is increasing. The problem has intensified with the proliferation and increasing usage of sites such as Google Inc.?s YouTube, which lets consumers post video clips. Media and entertainment companies have so far relied on a combination of technology and their own scanning to protect their content online ? but with mixed results. Media companies have used digital-rights management technology designed to make it hard to copy or transfer files. But such measures have often proved to be clumsy, despised by consumers or quickly thwarted. That?s the case for DRM technology built into DVDs to prevent them from being ripped onto computers, for example. Entertainment and media companies have also relied on their own staff to scan Web sites for infringing content. But even when such content is spotted and taken down, the companies often see the content pop up in the same places or elsewhere soon after. ?We all know that as soon as somebody comes up with a way to secure a piece of property, somebody else will come within days and crack it,? says Lawrence Iser, a partner at law firm Kinsella Weitzman Iser Kump & Aldisert in Santa Monica, Calif., who represents musical artists and other entertainment industry clients. Though its service isn?t out yet, Attributor appears to go further than existing techniques for weeding out unauthorized uses of content online. While companies are tackling parts of the same problem ? Indigo Stream Technologies Ltd., based in Gibraltar, offers a free service called Copyscape that analyzes a Web page and then uses Google?s search engine to see whether the text is duplicated elsewhere on the Web ? Attributor?s approach is seemingly more comprehensive. Its co-founders, former Yahoo Inc. executive Jim Brock, and Jim Pitkow, a Silicon Valley entrepreneur who has sold companies to Google and VeriSign Inc., claim to have cracked the thorny computer-science problem of scouring the entire Web by using undisclosed technology to efficiently process and comb through chunks of content. The company says it will have over 10 billion Web pages in its index before the end of this month. ?If it works, it?s a fantastic invention,? Mr. Iser says. It?s unclear whether such a service will be welcomed by Internet companies that allow users to post content. YouTube, News Corp.?s MySpace and others already face copyright lawsuits. In some cases, they?re building systems to identify pirated materials consumers upload to their sites, and say they?re open to sharing revenue with content owners. Attributor plans to announce today that it has received about $10 million in funding to date from investors including Sigma Partners, Selby Venture Partners, Draper Richards, First Round Capital and Amicus Capital. Attributor analyzes the content of clients, who could range from individuals to big media companies, using a technique known as ?digital fingerprinting,? which determines unique and identifying characteristics of content. It uses these digital fingerprints to search its index of the Web for the content. The company claims to be able to spot a customer?s content based on the appearance of as little as a few sentences of text or a few seconds of audio or video. It will provide customers with alerts and a dashboard of identified uses of their content on the Web and the context in which it is used. The content owners can then try to negotiate revenue from whoever is using it or request that it be taken down. In some cases, they may decide the content is being used fairly or to acceptable promotional ends. Attributor plans to help automate the interaction between content owners and those using their content on the Web, though it declines to specify how. Company executives believe its system will provide transparency and accountability to encourage more owners to put their content online with confidence they?ll be able to police its use, and share in any profits. ?We believe that we can provide an infrastructure that will support all kinds of outcomes and remedies, which will align the interests of content owners, content hosts and search engines around legitimate syndication and monetization,? says Mr. Brock, Attributor?s chief executive. ?We see this as a way to take us out of the course we?ve been on, which is more litigation,? says Mr. Pitkow, who is chief technology officer. Attributor has begun testing the system, and won?t release it officially until the first quarter of next year. The co-founders? track records, however, lend credibility to their claims. As Yahoo?s first outside counsel, Mr. Brock tackled Internet copyright issues for the Internet company as far back as 1994 and later oversaw some of its core businesses as a senior vice president. Mr. Pitkow is a computer science Ph.D. who worked at Xerox?s legendary PARC research facility. In 2001, he helped to sell the intellectual property of Outride Inc., where he was president and chairman, to Google. Last year, he sold Moreover Technologies, where he was CEO and chairman, to VeriSign. ?They?re real guys who have solved hard-core problems,? says Ali Aydar, chief operating officer of Snocap Inc., a digital-music registry start-up. Snocap and Attributor share a backer in Silicon Valley investor Ron Conway. ?Content owners I?ve talked to outside of the music business would love a system which tells them where their content is being utilized,? Mr. Aydar adds. Attributor executives decline to say how frequently they will update their Web index, a key factor in their ability to stay on top of postings. They also say they won?t at least initially monitor peer-to-peer file swapping systems, where large amounts of pirated music, movies, TV shows and software are traded. This article is from Wall Street Journal. If you found it informative and valuable, we strongly encourage you to visit their website and register an account to view all their articles on the web. Support quality journalism. From rforno at infowarrior.org Tue Dec 19 10:48:00 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Dec 2006 10:48:00 -0500 Subject: [Infowarrior] - Overhaul Moves White House Data Center Into Modern Era Message-ID: December 19, 2006 Overhaul Moves White House Data Center Into Modern Era By JIM RUTENBERG and DAVID E. SANGER http://www.nytimes.com/2006/12/19/washington/19bush.html?ei=5094&en=4a7c657a 600fa66b&hp=&ex=1166590800&partner=homepage&pagewanted=print WASHINGTON, Dec. 18 ? Perhaps no corner of the White House has starred in more movies and television shows than the Situation Room, the presidential decision center under the West Wing that Hollywood imagines as a high-tech beehive of activity, where presidents command covert operations around the world. In reality, it was something of a low-tech dungeon. Until it closed for its biggest overhaul since John F. Kennedy settled into its wood-paneled conference room, most of the room?s monitors used ? get this ? picture tubes. Communications were often by fax. The computers and telephones looked like the best technology available, in 1985. There was a small kitchen, but it had no sink. On Dec. 27 the new Situation Room is to open formally, the result of planning that reaches back to before the Sept. 11 attacks but took on added urgency afterward. The White House offered a preview to two reporters on Monday, days before its new data center is pumped full of classified information and its doors are sealed to outsiders. Even in its new incarnation, it is not quite up to the standards of ?24.? But it is getting closer. For starters, Mr. Bush?s new main conference room, just underneath the main floor of the West Wing, has six flat-screen televisions for secure video conferences, and the technology linking them to generals and prime ministers around the globe makes it less likely that the encrypted voices and images will go black. (That happened regularly in connections to Baghdad, an event one former administration official said had been known to ?prompt a presidential outburst.?) The screens also have what Joe Hagin, the deputy White House chief of staff, described in a tour as ?John Madden telestrators,? the ability to perform on-screen drawings. (White House technologists settled on NEC plasma flat-screens for the president?s main conference room and LCD screens, made by LG, in the remainder of the chamber.) The watch officers, who were previously seated so they stared at walls rather than each other, are now arrayed on two tiers of curved computer terminals that can be fed both classified and unclassified data from around the country and the world. That ends a problem that most multi-national companies solved years ago, an inability to merge different kinds of data without effectively having to cut and paste. The Situation Room was largely an outgrowth of the Cuban missile crisis, an event that made President Kennedy and his aides realize that they needed a central hub for information during crises. Since then, it has been the site of critical decisions: Lyndon Johnson spent long nights picking bombing targets there; Bill Clinton used it to handle Bosnia and the Asian financial crisis. Over the years, the technology became a patchwork of fixes, as Wang word processors were replaced by personal computers, and then for portable secure video. The 9/11 commission found that on the day of the 2001 attacks, communications frayed, making it hard for Mr. Bush, flying around on Air Force One, to get a picture of what was going on. Mr. Hagin, a trusted aide who handles much of the behind-the-scenes work of the White House, said officials decided a complete overhaul was desperately needed almost as soon as they saw it. ?We were all underwhelmed the first time we walked into the Situation Room,? he said in an interview at the White House on Monday, an assessment shared by others. But, Mr. Hagin said, after the Sept. 11 attacks the project took on added importance, as officials came to realize that the room, created in the cold war, was not set up to gather both international and domestic information. Among the most important changes, Mr. Hagin said, was the expansion of its use beyond the National Security Council to also include the Homeland Security Council and the White House chief of staff?s office. Officials found the old room?s wood-paneled walls too noisy, making it hard to hear for those listening in via video or telephone. The new room has less mahogany and more of what Mr. Hagin described as 21st century whisper wall. And, where the old Situation Room suite had only two secure video rooms, the new one has five and a direct, secure feed to Air Force One, a better fit for Mr. Bush personally. ?This president wants to look you in the eye while you?re answering his questions,? said Phil Lago, executive secretary of the security council who is also planning the renovation. From rforno at infowarrior.org Tue Dec 19 21:03:23 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Dec 2006 21:03:23 -0500 Subject: [Infowarrior] - RIAA Drops Case Against Patti Santangelo Message-ID: (after she spent like 20K of her own money to defend herself......rf) RIAA Drops Case Against Patti Santangelo http://recordingindustryvspeople.blogspot.com/2006/12/riaa-drops-case-agains t-patti.html After more than a year and a half of litigation, the RIAA has sought to drop the case it brought against Patti Santangelo, Elektra v. Santangelo*. Its motion papers ask that the dismissal be "without prejudice", which would mean that they could sue her again for the same thing: Notice of Motion to Dismiss without Prejudice* Delcaration of Richard L. Gabriel in support of RIAA's Motion to Dismiss without Prejudice* Memorandum of Law in support of RIAA's Motion to Dismiss without Prejudice* * Document published online at Internet Law & Regulation This is the case that garnered so much national press attention last year. See, e.g.: http://recordingindustryvspeople.blogspot.com/2005/12/patricia-santangelo-on -network.html http://recordingindustryvspeople.blogspot.com/2005/12/transcript-of-patricia -santangelo-and.html http://recordingindustryvspeople.blogspot.com/2005/08/links-to-articles-abou t-elektra-v.html From rforno at infowarrior.org Tue Dec 19 21:04:43 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Dec 2006 21:04:43 -0500 Subject: [Infowarrior] - UK ditches single ID database Message-ID: UK ditches single ID database By Lucy Sherriff ? More by this author Published Tuesday 19th December 2006 19:09 GMT http://www.theregister.co.uk/2006/12/19/bigbro_cubed/ The UK government has ditched plans to put all our identities on one big database, saying that sticking with existing systems will help cut fraud and save money. But this is not a U-turn. Home Secretary John Reid was very clear about that. The system will now be built using existing data, with additional information being stored on existing databases. As it is collected, biometric information will be stored on systems that are used to keep record of asylum seekers. Biographical information will be stored on the Department of Work and Pensions' (DWP) Customer Information Service. This is where national insurance information is currently kept. Also, the passport services' computer system will be used to track the issue and use of the identity cards. Reid has already said that as of 2008 all new visitors to the UK will have to register their biometric information with the government. But now this will be extended to all non-EU foreign nationals in the UK. The scheme will start for those reapplying for visas. "We want to count everybody in and count everybody out," said Reid. He also conceded that the system will not prevent people having fake IDs, but argues that it will put a stop to multiple identities, the BBC reports."You can go around claiming the first time you are John Reid, but you can not then come round a second time claiming you are Liam Byrne", he said. We are mystified as to why anyone would want to pass themselves off as either, but that may be beside the point. At first glance, the U-turn, sorry, slight change of tack, might seem a blow to big IT firms smacking their lips at the prospect of building pricey systems to support the cards. However, the government's previous lack of clarity on its ID cards plans has already concerned some vendors. In addition, the government has tightened up its IT contracts, and any vendor involved in the ID card scheme could have come in for a very public slapping should things have gone pear-shaped. A smaller, more manageable scheme might be much more to the IT industry's liking. ? From rforno at infowarrior.org Tue Dec 19 21:38:37 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Dec 2006 21:38:37 -0500 Subject: [Infowarrior] - More on..... RIAA Drops Case Against Patti Santangelo In-Reply-To: <20061220023419.GA16053@gsp.org> Message-ID: C/o RSK. ------ Forwarded Message Ah, but there's more -- as in another very large shoe that dropped. > (after she spent like 20K of her own money to defend herself......rf) Yes. Now they're going after her kids. See: http://www.techdirt.com/articles/20061219/121441.shtml Excerpt: Last summer we wondered if the RIAA would eventually cut their losses in this case and run; instead they began investigating her children, ultimately filing suit against the kids after getting the daughter and a neighbor to admit to using Kazaa under oath. Today the RIAA dropped the lawsuit against Santangelo herself, though Santangelo's first lawyer Ray Beckerman confirms for us the suit against her children now moves forward -- after her first battle drained the family coffers. From rforno at infowarrior.org Tue Dec 19 22:54:24 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Dec 2006 22:54:24 -0500 Subject: [Infowarrior] - Sony BMG Settles Suit Over CDs Message-ID: Sony BMG Settles Suit Over CDs - - - - - - - - - - - - By ALEX VEIGA AP Business Writer December 19,2006 | LOS ANGELES -- Sony BMG Music Entertainment will pay $1.5 million and kick in thousands more in customer refunds to settle lawsuits brought by California and Texas over music CDs that installed a hidden anti-piracy program on consumers' computers. Not only did the program surreptitiously monitor users' behavior, but the method Sony BMG originally recommended for removing the software also damaged computers. The settlements, announced Tuesday, cover lawsuits over CDs loaded with one of two types of copy-protection software -- known as MediaMax or XCP. Under the terms of the separate settlements, each state will receive $750,000 in civil penalties and costs. In addition, Sony BMG agreed to reimburse consumers whose computers were damaged while trying to uninstall the XCP software. Customers in both states can file a claim with Sony BMG to receive between $25 to $175 in refunds. The company had previously settled a class-action case over the episode. "Companies that want to load their CDs with software that limits the ability to copy music should fully inform consumers about it, not hide it, and make sure it doesn't inflict security vulnerabilities on computers," California Attorney General Bill Lockyer said in a statement. --__ On the Net: Sony BMG information on settlement: http://www.sonybmgcdtechsettlement.com From rforno at infowarrior.org Tue Dec 19 23:46:48 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Dec 2006 23:46:48 -0500 Subject: [Infowarrior] - IE7 Software to Spot 'Phishers' Irks Small Biz Concerns Message-ID: Software to Spot 'Phishers' Irks Small Concerns By RIVA RICHMOND December 19, 2006; Page B1 http://online.wsj.com/public/article_print/SB116649577602354120-5U4Afb0JPeyi Oy1H_j3fVTUmfG8_20071218.html Joy Viren Murphy will be getting a lump of coal in her stocking this year. The entrepreneur has been selling handmade Christmas stockings for 12 years, the last eight of them online. Working from the attic of her three-story Rock Island, Ill., Victorian house, Ms. Murphy makes a couple of thousand stockings a year. During the busy months, October through December, her sister and niece come over to help her cut, tack and stitch. But her business, Aunt Joy's Personalized Christmas Stockings, is facing a new, high-tech hurdle, thanks to Microsoft Corp's. new Internet Explorer 7 Web browser. IE7 has a security feature that will turn Web-address bars green and display owners' identities when consumers visit secure sites from businesses verified as legitimate. The color change will be a boon for consumers, who have been barraged in recent years with "phishing" scams designed to lure them to fake versions of popular Web sites, like eBay or their bank, to filch their account numbers. The hope is that the program will help reduce fraud, lift trust and boost e-commerce. But browsers won't turn green when customers visit Ms. Murphy's site. That's because sole proprietorships, general partnerships and individuals won't be eligible for the new, stricter security certificates that Microsoft requires to display the color. There are about 20.6 million sole proprietorships and general partnerships in the U.S., according to 2003 and 2004 tax data from the Internal Revenue Service, though it isn't clear how many are engaged in e-commerce. Ms. Murphy, a sole proprietor, worries what will happen once consumers grow accustomed to the new bars. "Green means go shop with confidence. What does not having the green bar mean?" Ms. Murphy asks. "For that new customer, are they going to pass me by because I don't have a green bar?" She'll know soon enough. Already available to those who have the Windows XP operating system, the browser's use will mushroom when Microsoft rolls out its long-delayed Vista system to consumers next month. And the green bar will go into action shortly after the Vista rollout begins. Microsoft says green shouldn't be considered a seal of approval, but rather a sign that the site owner is a legitimate business. The display of company names in the bar will allow consumers to confirm they're on the site they intended to visit. But Ms. Murphy and others say people will likely think green signals "go," particularly once they start using Microsoft's related Phishing Filter, a free, optional service for online shoppers that turns address bars yellow on suspicious sites and red on confirmed phishing sites. The Phishing Filter was made available Oct. 18 to current XP users with the IE7 browser. When Microsoft has no information about a site, presumably for businesses like Aunt Joy's, the bar will be standard white. Clearly, it will take time before the program infiltrates the consumer consciousness. Many computer users will have to download IE7 and many businesses will have to get the new certificates, which were only introduced last week. But eventually, "are people going to trust the green more than white? Yes, they will," says Avivah Litan, an analyst at Gartner Inc. and an expert on online payments and fraud. "All the business is going to go to the greens, it's kind of obvious." Small businesses are largely unaware of the issue today, but that seems destined to change after Vista reaches the market. "This is a ticking time bomb that is going to explode," says Champ Mitchell, chief executive of Network Solutions LLC, a Herndon, Va., Web-hosting company and certificate authority whose clients include Aunt Joy's. "The Internet has been great for American small business," by giving them wide exposure at a low cost, he says. "Microsoft all by itself is getting ready to tilt that field again at an 80-degree angle toward large business." Microsoft says the number of companies left out will be minimal, noting that limited-liability companies and partnerships, as well as S and C corporations, will be able to get the certificates and thus green bars. In the future it expects certificate authorities to bring more types of businesses into the scheme. (An S corporation meets Internal Revenue Service requirements to be taxed under Subchapter S of the Internal Revenue Code, thereby giving a corporation with 100 shareholders or less the benefit of incorporation while being taxed as a partnership; a C corporation, which is the designation of most major companies, has an unlimited number of shareholders.) And Microsoft argues the green-yellow-red program will do tremendous good by striking a blow against phishing. "This is a great step forward for the Internet," says Markellos Diorinos, a product manager on Microsoft's Internet Explorer team. The new certificates, called extended validation secure-sockets-layer certificates, or EV SSL for short, are affidavits from a certificate authority both that private data are being encrypted and that the business operating the site has been confirmed as real. By contrast, current SSL certificates -- the technology that encrypts data and puts a small lock on visitors' browsers -- can be obtained with little more than a credit card and are considered ripe for abuse by con artists. "SSL is great technology for secure communication, but it says nothing about the identity" of the site's owner, Mr. Diorinos says. Scammers today are creating bogus sites that look highly authentic, which has created a real need for an identity component. Guidelines for obtaining the new certificates were established by the CA/Browser Forum, an industry group, after 18 months of debate. The Forum excluded sole proprietorships, general partnerships and individuals because its members couldn't agree on criteria for validating them effectively, something some members said can be difficult. They decided it was better to move ahead with a plan that would cover many companies, and particularly those large companies most often targeted by phishers, rather than further delay the rollout of the certificates. "We will come forward with a draft that will include these organizations," perhaps within six months, says Spiros Theodossiou, senior product manager for SSL at VeriSign Inc., a certificate authority. "Consumers online are afraid to transact business, and we want to make it safer for online users. We believe the current set of guidelines move us toward that." But the inability of some legitimate companies to get green bars in IE7 soon could rile small companies just as Microsoft is trying to woo them as customers. Last month, the company promoted a new accounting-software product with a search for the "most creative small-business idea in country." The winner, to be chosen by a panel of celebrity judges in March, will get $100,000 in seed money and one free year's rent in Manhattan. Greg Waldron, chief executive officer of Waldron Co. LLC, which sells water fountains online as Visual Water, is miffed even though he'll be able to get a certificate as a limited-liability company. "This is a huge benefit for the Amazons and Overstocks of the world," he says. Small businesses are "a huge part of [Microsoft's] customer base, and they make a lot of money off us, but they don't give us a second thought." Mr. Waldron notes that there are plenty of fly-by-night e-commerce sites that look safe but exist to gather credit-card numbers. "They are making every small unincorporated company look like one of those second type of phishing sites." Ms. Murphy concurs. She made her first online stocking sale to an American living in Japan on Dec. 11, 1998. "The Internet made the world so big for small people like me," she says. But now, having to contend with green bars and the like, Ms. Murphy feels her horizons have shrunk. Her verdict on the stoplight system: "It just seems like an excuse to shut out the small business like myself and make sure we don't take too many of the dollars from the big boys." Write to Riva Richmond at riva.richmond at dowjones.com3 URL for this article: http://online.wsj.com/article/SB116649577602354120.html Hyperlinks in this Article: (1) http://release.theplatform.com/content.select?pid=JLX6emL6B7PJuT0kF6vkP3y8F1 mkROmF (2) http://release.theplatform.com/content.select?pid=JLX6emL6B7PJuT0kF6vkP3y8F1 mkROmF (3) mailto:riva.richmond at dowjones.com From rforno at infowarrior.org Wed Dec 20 09:14:07 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Dec 2006 09:14:07 -0500 Subject: [Infowarrior] - FW: Baby is sent through X-ray machine at LAX In-Reply-To: Message-ID: (c/o WK) http://www.latimes.com/news/la-me-baby20dec20,0,4869996.story By Jennifer Oldham Times Staff Writer December 20, 2006 A woman going through security at Los Angeles International Airport put her month-old grandson into a plastic bin intended for carry-on items and slid it into an X-ray machine. The early Saturday accident - bizarre but not unprecedented - caught airport workers by surprise, even though the security line was not busy at the time, officials said. A screener watching the machine's monitor immediately noticed the outline of a baby and pulled the bin backward on the conveyor belt. The infant was taken to Centinela Hospital, where doctors determined that he had not received a dangerous dose of radiation. Officials, who declined to release the 56-year-old woman's name, said she spoke Spanish and apparently did not understand English. She initially didn't want the baby transported to a hospital, but security officials called paramedics and insisted that the child be examined by a doctor. The grandmother and the child were subsequently allowed to board an Alaska Airlines flight to Mexico City. The rare incident drew attention to whether officials are staffing often-busy security checkpoints enough to prevent such an accident. And it raised questions about the danger of X-rays used to pick out suspicious metal shapes in passenger bags, given the medical community's warnings that even low amounts of radiation can build up over a lifetime. "Rather than focus on the radiation dose, which is a small amount, we need to focus on why this happened, so it doesn't happen again," said Dr. James Borgstede, a diagnostic radiologist at Penrose-St. Francis Health Systems in Colorado Springs, Colo., and president of the American College of Radiology. "Human beings weren't meant to go through those things." In the several seconds the baby spent in the machine, the doctor added, he was exposed to as much radiation as he would naturally get from cosmic rays - or high energy from outer space - in a day. Security experts said the incident underscored a more widespread concern about the screening process at LAX and other airports. "The screeners are still reporting that they're being pushed," said Brian Sullivan, a retired Federal Aviation Administration security agent. "If a baby can get through, what the hell else can get through?" Nico Melendez, a spokesman for the Transportation Security Administration, which manages LAX screeners, said the agency doesn't have enough workers to constantly stand at tables in front of the screeners to coach passengers on what should or should not be sent through X-ray machines. But in some cases, airlines contract with private companies to staff the tables and assist travelers. The TSA will also occasionally put employees at the tables if extra workers are available. TSA screeners often ask passengers to put their coats, shoes, laptops and other items into the bins, Melendez said. But they cannot observe everything people place there, because they must monitor screening equipment, he added. Still, he said that the TSA works hard to educate passengers about what carry-on objects require screening and that travelers must take responsibility for knowing these rules. "There's an obligation on the traveler to use some common sense," said Larry Fetters, the TSA's federal security director at LAX. "If they don't understand, they should ask somebody. If they ask us, we are generally able to find someone who speaks that language and assist them." On its website, the TSA posts extensive tips for travelers, including a section titled "Traveling With Children." One item reads: "Never leave babies in an infant carrier while it goes through the X-ray machine." There are also signs posted in English and Spanish at ticket counters and near security checkpoints warning passengers that they must put metal objects, such as cellphones, pagers and car keys, into bins that go through X-ray machines. "This was an innocent mistake by an obviously inexperienced traveler," said Paul Haney, deputy executive director of airports and security for the city's airport agency. "This is only the second time in nearly 20 years that anyone can recall a traveler mistakenly putting an infant through an airport X-ray machine. Since then LAX has served more than 1 billion travelers without an incident of this type," he said. In 1988, an infant in a car seat went through an X-ray machine at LAX Terminal 4. Also that year, officials at Winnipeg International Airport in Canada accidentally sent a 2-month-old wrapped in blankets through an X-ray machine. The TSA said it is continuing to review Saturday's incident at LAX. "We're trying to figure out what changes we can make, short of putting up signs saying, 'Don't put your baby through the X-ray machine,' " Melendez said. "We're trying to determine how we can make this not happen again." -=- Radiation doses The baby that went through the airport luggage machine was exposed to less radiation than a passenger on a cross-country flight. Typical radiation exposures*: Luggage screener: 1 Cross-country flight: 5 Chest X-ray: 10 Mammogram: 30 --- * Measured in millirems, which takes into account both the amount of exposure and the biological effect of the type of radiation in question. --- Source: EPA From rforno at infowarrior.org Wed Dec 20 09:38:48 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Dec 2006 09:38:48 -0500 Subject: [Infowarrior] - JSG: The Bush Era Draws to a Close Message-ID: The Bush Era Draws to a Close By Jennifer Granick 02:00 AM Dec, 20, 2006 http://www.wired.com/news/columns/1,72330-0.html 2006 will be remembered as the year in which our government imprisoned journalists, embraced kidnap and torture as a "no-brainer," and moved toward implementing an infrastructure for total surveillance of American citizens. Hopefully, it also will be remembered as the year we started to bring these practices to a halt. In this column, I look back on three civil liberties crises that reached a critical point in 2006. In my next column, my first for 2007, I'll take a more proactive view of what the new year could mean for civil liberty. Legal attacks on journalists This year the U.S. State Department launched the Global Internet Freedom Task Force to challenge other governments that repress online journalism. Perhaps it should start at home. This year, reporters from the The New York Times and Time magazine faced imprisonment for refusing to say who leaked information about the identity of undercover CIA agent Valerie Plame. Today, two San Francisco Chronicle reporters are facing jail time for refusing to reveal who gave them grand jury transcripts detailing the steroids charges against Barry Bonds and other professional athletes. This is a disturbing erosion of press freedom. Historically, courts have punished people who illegally leak information, but have generally kept their hands off the journalists who spoke with those people and published the information. The source privilege is a bedrock of a free press, which is to say, a press that doesn't have to follow the official line. Many states have shield laws that explicitly protect reporters from being forced to disclose the identity of their confidential sources. But the federal government does not, which makes the state laws easily bypassed. In the case of blogger and videographer Josh Wolf, the FBI was able to skirt California's shield law by commencing a federal investigation of the case. In the most recent battle, the Department of Justice is subpoenaing the ACLU to force the group to return a leaked confidential document. The effort threatens to subvert free speech protections established in the Pentagon Papers case, which held that the government could stop journalists from publishing classified information only in the most dire of circumstances. This year, we've also seen companies and law enforcement go directly to the ISP or telephone company for information about sources, rather than subpoenaing the journalist, and giving him or her a chance to raise a legal defense and protect his source. Apple Computer subpoenaed a blogger's e-mail provider in an effort to identify someone who leaked new product information. The San Francisco police department collected phone record information from the press room at the Hall of Justice to find out which police officer leaked information showing that a wayward cop involved in beating a civilian had a long history of disciplinary problems. Changing law enforcement attitudes aren't the only threat to the freedom of the press; technology is too. Condoning torture More information is coming out about the government's "extraordinary rendition" program, an admitted effort to kidnap alleged terrorist operatives and take them to countries without safeguards against torture for "interrogation". The Bush administration has defended the practice, and while it denies that the extra-territorial interrogations amount to torture, no one doubts that the techniques approved by the administration would be illegal here in the United States. Indeed, vice president Dick Cheney has called the use of torture a "no-brainer." To escape responsibility for torture, officials are hiding behind the "state secrets doctrine," and strenuously seeking to avoid all public oversight, judicial review or liability for its actions. Even when they torture the wrong guy. For example, German citizen Khaled El Masri was kidnapped by the CIA in 2003, transported to Afghanistan and tortured -- before the CIA realized it had arrested the wrong person, and, fortunately, released him. El-Masri's lawsuit against the CIA was dismissed on state secrets grounds, but is now on appeal. Since the trial court dismissed the case, there is more public information available about extraordinary rendition, including Cheney's extraordinary admission and more legal decisions on the books rejecting state secrets protection for official law-breaking. El Masri's appeal may be granted. In early January, an Italian court will consider whether to issue indictments against CIA agents accused of kidnapping an Egyptian cleric on the streets of Milan and taking him to Egypt, where he was beaten and given electric shocks. If the Italian case moves forward, we'll learn more about our government's complicity in torture. At that point, we will have to focus on the administration's decision (backed by Congress) to deny detainees access to the courts, and call it what it is: not a streamlining of counter-terrorism efforts, but a massive coverup. Surveillance infrastructure Two thousand and six has seen a peak in government and corporate access to individuals' private information, with little or no legal checks and balances. Litigants and investigators can go directly to phone companies, banks, websites, ISPs and employers for personal information on nearly anyone they want. In January, AmericaBlog showed it could purchase Gen. Wesley Clark's phone records online for $89.95. Then Hewlett-Packard's investigation of leaks from its board shined a light on pretexting, a controversial way to get information from phone companies and the like by pretending to be the subscriber. Congress just passed a statute outlawing pretexting against phone companies, but nobody else. Meanwhile, the government collects communications data directly from the telephone companies. Documents provided to the Electronic Frontier Foundation, as well as news organizations including Wired News, appear to show a domestic spying program that dragnets all U.S. communications, regardless of source or destination, for National Security Agency review without legal process. Combine that data with voting records, criminal histories, credit records, utility usage, library records, internet search histories, closed circuit TV cameras, facial recognition, RFID tags, and we've got a robust surveillance infrastructure. Maybe the government doesn't care about you at the moment -- but someone always cares, whether advertisers, identity thieves, employers, lovers or friends. Everyone has private matters they want, and are entitled to keep, secret. In the past, much of our privacy sprang from the simple fact that data was not readily collected or searched. Now that we live in an information society, we need legal barriers to surveillance. What remains to be seen, in 2007 and beyond, is whether we'll choose to implement new laws to regain the zone of privacy we used to be able to take for granted, or not. Overall, 2006 was not particularly better, nor particularly worse, for civil liberties than other recent years. Many important issues however, from freedom of the press, to the rights of individuals to be free from torture, unreasonable surveillance and invasions of privacy, have moved closer to resolution. Next year will determine whether we continue down a path of increased government power with decreased oversight and transparency, or whether we're able to harness the power of technology and government in a constructive, democratically responsive way. ? From rforno at infowarrior.org Wed Dec 20 19:02:14 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Dec 2006 19:02:14 -0500 Subject: [Infowarrior] - Divided FCC Approves New Cable Rules Message-ID: Divided FCC Approves New Cable Rules http://www.washingtonpost.com/wp-dyn/content/article/2006/12/20/AR2006122000 779.html By JOHN DUNBAR The Associated Press Wednesday, December 20, 2006; 6:29 PM WASHINGTON -- A sharply divided Federal Communications Commission voted 3-2 along partisan lines Wednesday to impose new measures meant to ensure that local governments do not block new competitors from entering the cable television market. The vote came on the same day that FCC Chairman Kevin Martin released a report on cable prices that shows in 2004, average cable rates rose 5.2 percent. The report also shows that from 1995 to 2005 rates increased a total of 93 percent. Wednesday's meeting was unusually rancorous with Democratic Commissioner Jonathan Adelstein challenging FCC staff on the assertion that localities are blocking access and Martin departing from what is usually a carefully scripted meeting to defend the measure. The new rules approved by the commission will require local cable franchising authorities to act on applications from competitors with access to local rights of way within 90 days, and to act within six months on applications from other new competitors. The FCC will also ban local governments from forcing new competitors to build out new systems more quickly than the incumbent carrier and to count certain costs required of new carriers to go toward the 5 percent franchise fee they are required to pay. Adelstein and fellow Democrat Michael Copps harshly criticized the measure, questioning the agency's evidence that there are barriers to entry by competitors. They also expressed concern over the loss of local control by franchise authorities and were unconvinced that the FCC has the legal authority to impose the new rules. The cable pricing survey, the first released in 22 months, showed that competition from direct broadcast satellite competitors like DirecTV has little if any effect on cable prices, while in areas where there are wireline competitors, such as municipal cable providers and overbuilders like RCN Corp., rates were 17 percent lower. Kyle McSlarrow, president and CEO of the National Cable & Telecommunications Association, called the pricing survey "obsolete" because it failed to account for the "favorable impact" of bundling services on pricing and "the greatly increased value of cable services in a digital world. Telecommunications companies Verizon Communications Inc. and AT&T Inc. have been lobbying aggressively to make it easier to obtain local franchises as each company sinks billions of dollars into its networks in order to deliver video programming. Verizon cheered the move. Company senior vice president for regulatory affairs Susanne Guyer said "the FCC is standing up for consumers who are tired of skyrocketing cable bills and want greater choice in service providers and programming." The approval came despite a warning from the incoming chairman of the House Energy and Commerce Committee questioning whether the FCC has the legal authority to issue the new rules. In a letter dated Tuesday, Rep. John Dingell, D-Mich., wrote, "It would be extremely inappropriate for the Federal Communications Commission to take action that would exceed the agency's authority and usurp congressional prerogative to reform the cable television and local franchising process." The vote failed to win the support of Consumers Union, the nonprofit publisher of Consumer Reports magazine. Jeannine Kenney, senior policy analyst with the group, said that unless consumers receive assurances from the FCC and the phone companies that cable rates will decline once the new competitors enter a market, "the FCC's decision may do more harm than good." Critics have also expressed concern that the new entrants may not offer service in lower-income areas. Joining Martin in approving the measure were fellow Republicans Deborah Taylor-Tate and Robert McDowell. __ On the Net: Federal Communications Commission: http://www.fcc.gov From rforno at infowarrior.org Thu Dec 21 08:46:13 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Dec 2006 08:46:13 -0500 Subject: [Infowarrior] - U.S. to Declassify Secrets at Age 25 Message-ID: December 21, 2006 U.S. to Declassify Secrets at Age 25 By SCOTT SHANE http://www.nytimes.com/2006/12/21/washington/21declassify.html?ei=5094&en=28 0ee006d9c2e17d&hp=&ex=1166763600&partner=homepage&pagewanted=print WASHINGTON, Dec. 20 ? It will be a Cinderella moment for the band of researchers who study the hidden history of American government. At midnight on Dec. 31, hundreds of millions of pages of secret documents will be instantly declassified, including many F.B.I. cold war files on investigations of people suspected of being Communist sympathizers. After years of extensions sought by federal agencies behaving like college students facing a term paper, the end of 2006 means the government?s first automatic declassification of records. Secret documents 25 years old or older will lose their classified status without so much as the stroke of a pen, unless agencies have sought exemptions on the ground that the material remains secret. Historians say the deadline, created in the Clinton administration but enforced, to the surprise of some scholars, by the secrecy-prone Bush administration, has had huge effects on public access, despite the large numbers of intelligence documents that have been exempted. And every year from now on, millions of additional documents will be automatically declassified as they reach the 25-year limit, reversing the traditional practice of releasing just what scholars request. Many historians had expected President Bush to scrap the deadline. His administration has overseen the reclassification of many historical files and restricted access to presidential papers of past administrations, as well as contemporary records. Practical considerations, including a growing backlog of records at the National Archives, mean that it could take months before the declassified papers are ready for researchers. ?Deadlines clarify the mind,? said Thomas S. Blanton, director of the private National Security Archive at George Washington University, which obtains and publishes historical government documents. Despite what he called a disappointing volume of exemptions, Mr. Blanton said automatic declassification had ?given advocates of freedom of information a real lever.? Gearing up to review aging records to meet the deadline, agencies have declassified more than one billion pages, shedding light on the Cuban missile crisis, the Vietnam War and the network of Soviet agents in the American government. Several hundred million pages will be declassified at midnight on Dec. 31, including 270 million pages at the Federal Bureau of Investigation, which has lagged most agencies in reviews. J. William Leonard, who oversees declassification as head of the Information Security Oversight Office at the National Archives, said the threat that secret files might be made public without a security review had sent a useful chill through the bureaucracy. ?Unfortunately, you sometimes need a two-by-four to get agencies to pay attention,? Mr. Leonard said. ?Automatic declassification was essentially that two-by-four.? What surprises await in the documents is impossible to predict. ?It is going to take a generation for scholars to go through the material declassified under this process,? said Steven Aftergood, who runs a project on government secrecy for the Federation of American Scientists. ?It represents the classified history of a momentous period, the cold war,? Mr. Aftergood said. ?Almost every current headline has an echo in the declassified past, whether it?s coping with nuclear weapons, understanding the Middle East or dictatorship and democracy in Latin America.? Anna K. Nelson, a historian at American University, said she hoped that the files would shed light on the Central Intelligence Agency role in Iran and deepen the documentation of the Jimmy Carter years, in particular the Camp David accords. ?Americans need to know this history, and the history is in those documents,? Ms. Nelson said. She said the National Archives staff was buried in a 400-million-page backlog that awaits processing and is not publicly available. Also, a budget shortfall has cut back on evening and weekend access to the major research center of the archives, in College Park, Md. ?They can declassify the records, but the archives don?t have the staff to handle them,? Ms. Nelson said. The first deadline was imposed in an executive order that President Bill Clinton signed in 1995, when officials realized that taxpayers were paying billions of dollars to protect a mountain of cold war documents. The order gave agencies five years to declassify documents or show the need for continued secrecy. When agencies protested that they could not meet the 2000 deadline, it was extended to 2003. Mr. Bush then granted another three-year extension, but put out the word that it was the last one, despite the new emphasis on security after the Sept. 11, 2001, attacks and a new war in Iraq. ?The Bush administration could have said, ?This is a Clinton thing,? and abandoned it,? Mr. Aftergood, said. ?To their credit, they did not.? As an enforceable deadline loomed, the intelligence agencies that produce most secret material add workers to plow through files from World War II. The C.I.A. has reviewed more than 100 million pages, released 30 million pages and created a database of documents, Crest, that is accessible from terminals at the National Archives. Although most of the documents are exempt, they can be requested under the Freedom of Information Act. The National Security Agency, the eavesdropping and code-breaking agency, has released 35 million pages, including an extensive collection on the Gulf of Tonkin incident that led to the escalation of the Vietnam War. The agency plans a major release early next year on the Israeli attack on the Liberty, an American eavesdropping ship, in 1967. The F.B.I., by contrast, negotiated an exemption from the 1995 executive order and concluded last year that the 2003 executive order ended its special status. It has rushed to review material, seeking exemption for 50 million pages on intelligence, counterintelligence and terrorism, but leaving 270 million pages to be automatically declassified now. Among those files, said David M. Hardy, the bureau declassification chief, are those on investigations of Americans with suspected ties to the Communist Party. Reviewers will keep working on the exempt material to see what can be released, but it is a slow process, Mr. Hardy said. ?The numbers of documents are staggering,? Mr. Hardy said. The bureau is studying digitizing documents and using computers to search for classified material. Some experts say mass declassification is not the smartest approach. L. Britt Snider, a former intelligence official who heads the Public Interest Declassification Board, which advises the White House, said most government records, even top-secret ones, were pretty boring. ?Rather than take this blunderbuss approach,? Mr. Snider said, ?I?d like to see the agencies concentrate first on what?s interesting and what?s important.? From rforno at infowarrior.org Thu Dec 21 08:54:56 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Dec 2006 08:54:56 -0500 Subject: [Infowarrior] - CPJ Report: Journalists Killed during 2006 Message-ID: CPJ research indicates that the following individuals have been killed in 2006 because of their work as journalists. They either died in the line of duty or were deliberately targeted for assassination because of their reporting or their affiliation with a news organization. See our list of pending investigations into suspicious deaths, called Killed: Motive Unconfirmed. See the list of Journalists Who Disappeared. CONFIRMED TOTAL FOR 2006: 55 < - > http://www.cpj.org/killed/killed06.html From rforno at infowarrior.org Thu Dec 21 09:09:57 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Dec 2006 09:09:57 -0500 Subject: [Infowarrior] - US plans broadband safety network Message-ID: US plans broadband safety network US politicians have proposed a national wireless broadband network for use by emergency services at times of crisis. The system, put forward by the Federal Communications Commission (FCC), would be built with private companies. The proposal is a response to the communication problems highlighted during the 11th September attacks and the aftermath of Hurricane Katrina. At the moment the various US safety agencies use a patchwork of different communication systems to stay in touch. "Earlier this year, I had an opportunity to hear local public safety personnel recount their experiences on the ground during the tragic events of Hurricanes Katrina and Rita," said Deborah Taylor Tate, commissioner at the FCC in a statement. "Their eyewitness accounts underscore how important it is that our nation's first responders have access to reliable and redundant communications in the event of an emergency, and how much remains to be done before those tools are available." Private network The proposed network would take advantage of a chunk of the radio spectrum already allocated to public safety. The spectrum, in the 700MHz band, is particularly useful as it travels over long distances and can easily penetrate walls and buildings. In a bid to make the network state of the art, the FCC has recommended that the system be built in partnership with private companies. "Our country is teeming with entrepreneurs, willing and able to invest and take the risks necessary to accelerate the development and roll-out of advanced services," said Commissioner Robert McDowell. "The same market and technological forces that have made advanced wireless services an everyday part of living for the vast majority of Americans can and should be leveraged by the public safety community," he added. The planned network would use an IP-based infrastructure, the same system that underpin the internet and allows interoperability among many different devices The final network would be the first time that the emergency services and public agencies would have a fully unified interoperable communications system. In the UK, the emergency services already have access to a single system, known as Airwave, provided by mobile operator O2. The secure network, which has been rolled out across almost all safety services, is used for voice calls, but also allows limited data to be shared. Like their US counterparts, the UK emergency services are also considering their broadband needs. Kevin Martin, chairman of the FCC in the US said any decision to implement a new network would fall to the federal government. "If Congress determines that additional spectrum resources in the 700MHz band should be allocated to public safety, the commission would implement that determination." Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/6199449.stm Published: 2006/12/21 10:54:46 GMT ? BBC MMVI From rforno at infowarrior.org Thu Dec 21 14:07:13 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Dec 2006 14:07:13 -0500 Subject: [Infowarrior] - Attention Yahoo subscribers here... Message-ID: For whatever reason, over the past week or so, folks using Yahoo email to contact me are having their messages flagged as spam on my server and deleted. Since I've not done anything to precipitate this situation (eg, enacting any new spamfilters) I can only presume it's a Yahoo-created problem with how they handle outbound mail. So if you send something to me and I don't respond, you know why. If it's important, suggest you use an alternate address and/or complain to Yahoo. And, no -- I am not going to whitelist the entire Yahoo domain. :) We now return you to your regular pre-holiday Thursday. -rf From rforno at infowarrior.org Thu Dec 21 19:45:56 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Dec 2006 19:45:56 -0500 Subject: [Infowarrior] - More on.... IE7 Software to Spot 'Phishers' Irks Small Biz Concerns In-Reply-To: <20061221223213.GB13487@gsp.org> Message-ID: c/o RSK. ------ Forwarded Message Or, a small rant and a possibly-useful technical observation. ;-) What's appalling is that there are STILL people incredibly stupid enough to use IE. [1] Have they not been paying attention? Do they not grasp that using IE is the equivalent of pasting a sign reading "infect my computer, use it as part of a botnet, steal my identity, violate my privacy" sign on their backs? WHAP WHAP WHAP goes the clue-by-four over their pointy little heads. The solution to this isn't to whine about whatever ridiculous thing that M$ has done to IE this time. It's to stop using IE. [1] I've been using passive OS fingerprinting via OpenBSD's "p0f" for several years now on my mail servers. If I slice out the network space known to be owned and operated by spammers, i.e. their Linux server farms in China (where are quite easy to block outright), and look at all the rest of the incoming spam, then almost without exception, ALL spam comes from hijacked Windows boxes. (e.g. out of the last ~500,000 connecting and spam-emitting hosts seen here and not accounted for by reference to known-spammer-run-networks, it looks like 8 probably weren't running Windows.) Thus..."the spam problem" has become almost euqal to "the Microsoft OS insecurity problem". See also: http://www.secureworks.com/analysis/spamthru-stats/ for an interesting graph. From rforno at infowarrior.org Thu Dec 21 19:58:52 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Dec 2006 19:58:52 -0500 Subject: [Infowarrior] - FW: [attrition] Postal makes the news.. In-Reply-To: Message-ID: Congrats to this merry band of rogues........who once again prove that Darwin was right! -rf http://www.networkworld.com/community/?q=node/9999 Congressional aide admits trying to hire hackers -- to boost his college GPA By Paul McNamara on Thu, 12/21/2006 - 6:59pm The communications director for Montana's lone congressman solicited the services of two men he falsely believed to be criminally minded hackers-for-hire -- with the expressed goal of jacking up his college GPA -- during an exchange that spanned 22 e-mails over two weeks this past summer. Todd Shriber, 28-year-old press aide to U.S. Rep. Denny Rehberg, R-Mont., e-mailed the security Web site attrition.org on Aug. 9, writing: "I need to urgently make contact with a hacker that would be interested in doing a one-time job for me. The pay would be good. I'm not sure what exactly the job would entail with respect to computer jargon, but I can go into rough detail upon making contact with a candidate." After initially denying knowledge of the exchange, Shriber told me this afternoon in the final of our three phone conversations: "I did something that's greatly out of character for me and it's a mistake that I regret." Two members of attrition.org, "Lyger" and "Jericho" (a.k.a. "security curmudgeon") corresponded with Shriber and fooled him into believing that they would carry out his wishes, with Jericho warning him at one point: "You are soliciting me to break the law and hack into a computer across state lines. That is a federal offense and multiple felonies." Shriber wanted Lyger and Jericho to break into the computer system at Texas Christian University, from which he graduated in 2000. In the final e-mail on Sunday, Aug. 27, Lyger tells Shriber that his hacking attempts had been detected and "we are SO busted." He urges him to "duck and run if you can" in an exaggerated, obscenity-filled -- and completely fictional -- missive that put an end to their working relationship. While the name Todd Shriber and a Yahoo address appear on the e-mail string that has been posted at attrition.org since September -- the site posts many of the oddball requests it gets, including some seeking illegal services -- it was only today and after a bit of search-engine work here that the person involved was identified as a congressional aide. (Shriber did send Lyger a note in September asking that the e-mails be removed from the site.) Asked why he launched the scheme, Shriber told me, "I would rather not get into that at all. I just got a little too far ahead of myself thinking about things down the road." His college grades "weren't that great," he acknowledged. Shriber contends now that he "got cold feet" toward the culmination of the hack that never happened and wanted out, although there is no indication of second thoughts in any of the e-mail. "A solicitation was made but no action was performed," he told me. "These are people misrepresenting themselves for a laugh." Lyger expresses little sympathy for a man who, after all, was willing to pay others to commit a crime. "You'll notice that we even intentionally redacted his Social Security number and date of birth in one of the e-mails (on the site)," Lyger told me in an e-mail this afternoon. "Pretty ironic that he even sent them since we maintain a data-loss database, Web page, and mailing list." From rforno at infowarrior.org Thu Dec 21 21:45:44 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Dec 2006 21:45:44 -0500 Subject: [Infowarrior] - GPS loggers for the masses Message-ID: (I'm not one to post product announcements, but this has several interesting applications.......rf) GlobalSat DG-100 is a GPS data logger that records track data from the received GPS signal. With a GPS logger and antenna built in a miniature construction, DG-100 features an all-in-one, cost-effective GPS logger solution. The DG-100 records time, date, speed, altitude and GPS location at preset intervals. Based on the SiRF star III chipset, DG-100 offers accurate position tracking capabilities. All recorded GPS information can be downloaded to the computer. It is a convenient, economical way for later review of your recorded histories. Simply connect the DG-100 to your PC or Notebook, and then download the track-log to your PC for use with Windows based software utility. User can easily export the recorded points to Google Earth and Google Map. It is ideal application in fleet management, marine navigational aids, traveling and consumer personal use. You also can use the DG-100 as an USB GPS mouse. It is another good feature for DG-100. < - > http://www.globalsat.co.uk/product_pages/gsat_products_logger_dg100.htm From rforno at infowarrior.org Thu Dec 21 23:12:29 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Dec 2006 23:12:29 -0500 Subject: [Infowarrior] - Judge: Can't link to Webcast if copyright owner objects Message-ID: Judge: Can't link to Webcast if copyright owner objects By Declan McCullagh http://news.com.com/Judge+Cant+link+to+Webcast+if+copyright+owner+objects/21 00-1030_3-6145744.html Story last modified Thu Dec 21 17:44:12 PST 2006 A federal judge in Texas has ruled that it is unlawful to provide a hyperlink to a Webcast if the copyright owner objects to it. U.S. District Judge Sam Lindsay in the northern district of Texas granted a preliminary injunction against Robert Davis, who operated supercrosslive.com and had been providing direct links to the live audiocasts of motorcycle racing events. Lindsay ruled last week that "the link Davis provides on his Web site is not a 'fair use' of copyright material" and ordered him to cease linking directly to streaming audio files. The audio Webcasts are copyrighted by SFX Motor Sports, a Texas company that is one of the largest producers of "Supercross" motorcycle racing events. SFX sued Davis in February, noting that fans who go to its own Web site will see the names and logos of sponsors including wireless company Amp'd Mobile. (Anyone who clicked on the link from Davis' site, however, would not see the logos of companies that paid to be sponsors.) While Lindsay's decision appears to be the first to deal with direct or "deep" links to Webcasts, this is not the first time courts have wrestled with the legality of copyright law and direct links. In 2001, a U.S. federal appeals court ruled that a news organization could be prohibited from linking to software--illegal under the Digital Millennium Copyright Act--that can decrypt DVDs. "The injunction's linking prohibition validly regulates (2600 Magazine's) opportunity instantly to enable anyone anywhere to gain unauthorized access to copyrighted movies on DVDs," the appeals court said. A Dutch court reached a similar conclusion in a suit dealing with someone who had allegedly infringed Scientology's copyright scriptures, as did an Australian court in a case dealing with pirated MP3 files. But in those lawsuits, the file that was the target of the hyperlink actually violated copyright law. What's unusual in the SFX case is that a copyright holder is trying to prohibit a direct link to its own Web site. (There is no evidence that SFX tried technical countermeasures, such as referer logging and blocking anyone coming from Davis' site.) A 2000 dispute between Ticketmaster and Tickets.com suggested that such direct links should be permitted. A California federal judge ruled that "hyperlinking does not itself involve a violation of the Copyright Act" because "no copying is involved." Davis, who was representing himself without an attorney, defended his Web site in legal filings that were full of bluster and accused SFX of acting like Genghis Kahn. He did stress that he merely included a "hyperlink, which launches the visitor's media player" instead of copying the audio file and republishing it. That wasn't enough to convince the judge. Lindsay ruled that: "SFX will likely suffer immediate and irreparable harm when the new racing season begins in mid-December 2006 if Davis is not enjoined from posting links to the live racing Webcasts. The court agrees that if Davis is not enjoined from providing unauthorized Webcast links on his Web site, SFX will lose its ability to sell sponsorships or advertisement on the basis that it is the exclusive source of the Webcasts, and such loss will cause irreparable harm." Copyright ?1995-2006 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Thu Dec 21 23:19:15 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Dec 2006 23:19:15 -0500 Subject: [Infowarrior] - Report Says TSA Violated Privacy Law Message-ID: Report Says TSA Violated Privacy Law Passengers Weren't Told That Brokers Provided Data to Screening Program in '04 By Ellen Nakashima and Del Quentin Wilber Washington Post Staff Writers Friday, December 22, 2006; A07 http://www.washingtonpost.com/wp-dyn/content/article/2006/12/21/AR2006122101 621_pf.html Secure Flight, the U.S. government's stalled program to screen domestic air passengers against terrorism watch lists, violated federal law during a crucial test phase, according to a report to be issued today by the Homeland Security Department's privacy office. The agency found that by gathering passenger data from commercial brokers in 2004 without notifying the passengers, the program violated a 1974 Privacy Act requirement that the public be made aware of any changes in a federal program that affects the privacy of U.S. citizens. "As ultimately implemented, the commercial data test conducted in connection with the Secure Flight program testing did not match [the Transportation Security Administration's] public announcements," the report states. The finding marks the first time that the Homeland Security Department has acknowledged that the problem-plagued Secure Flight program has violated the law. It comes at a time when a separate program to screen international passengers is under attack for officials' failure to disclose until recently that they were creating passenger profiles that would be stored for 40 years. The report on Secure Flight says that "the disparity between what TSA proposed to do and what it actually did in the testing program resulted in significant privacy concerns being raised. . . . Privacy missteps such as these undercut an agency's effort to implement a program effectively, even one that promises to improve security." Congress has halted Secure Flight, except for testing, until it can allay privacy and security concerns. The report notes that TSA eventually revised its public notice about the program to reflect more closely the program itself. But it also suggests that Secure Flight will run afoul of the law again unless it follows a set of recommendations, including being transparent about the program's collection and use of passengers' personal information. TSA Administrator Kip Hawley said that he supports the use of Secure Flight and that his agency is working closely with other government officials to ensure it protects privacy. "We are working in a transparent way," Hawley said, adding that the agency's "challenging" goal is to roll out the program in 2008. In 2004, the TSA published a Federal Register notice on a data-test phase of the program, saying that "strict firewalls" would prevent any commercial data from mixing with government data. However, this was based on the notion that the Secure Flight contractor, EagleForce Associates Inc. of McLean, would ensure that no commercial data were used, the report said. But by the time the EagleForce contract was finalized, "it was clear that TSA would receive commercial data," the report says. If, for instance, TSA data for an individual passenger lacked an address or date of birth, EagleForce would obtain the missing information from commercial data brokers. "The fact that EagleForce had access to the commercial data did not create a firewall," the report says, because under the Privacy Act, in effect, "EagleForce stands in the shoes of TSA." Moreover, commercial databases provided Eagle Force with data for some individuals who were not air passengers. These people were never notified -- a violation of the privacy act, the report says. TSA spokeswoman Ellen Howe said the agency has "already implemented or is in the process of implementing" the recommendations contained in the privacy office report. She said the report's conclusions were not surprising, adding that they were "very similar" to those reached last year by the General Accounting Office, the government's auditing arm. A 2004 probe found that the TSA improperly stored 100 million commercial data records containing personal information on passengers after the agency said no data storage would occur. From rforno at infowarrior.org Fri Dec 22 14:06:34 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Dec 2006 14:06:34 -0500 Subject: [Infowarrior] - Records detail missing TSA badges, uniforms Message-ID: Dec. 22, 2006, 3:40AM Records detail missing TSA badges, uniforms Associated Press http://www.chron.com/disp/story.mpl/metropolitan/4420374.html SAN ANTONIO ? More than 3,700 identification badges and uniform items have been reported lost or stolen from Transportation Security Administration employees since 2003, according to documents obtained by a San Antonio television station. WOAI-TV received the documents under the Freedom of Information Act. Los Angeles International Airport reported the most items with 636 missing uniforms. O'Hare International Airport in Chicago reported 189 missing badges. Bush International Airport in Houston led Texas with 77 missing items. Dallas-Fort Worth International Airport had about 40 items gone. Security experts have said the badges and uniforms could pose a security threat if they end up in the wrong hands. Earl Morris, field operations general manager for TSA, said the missing items don't mean the system is flawed. "We have many different security levels in place to thwart any kind of attempt to breech our security," Morris said. U.S. Rep. Lamar Smith, R-San Antonio, said he will propose legislation to fine TSA employees who lose their badges or uniforms. From rforno at infowarrior.org Fri Dec 22 14:39:43 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Dec 2006 14:39:43 -0500 Subject: [Infowarrior] - A Cost Analysis of Windows Vista Content Protection Message-ID: A Cost Analysis of Windows Vista Content Protection =================================================== Peter Gutmann, pgut001 at cs.auckland.ac.nz http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt Last updated 22 December 2006 Executive Summary ----------------- Windows Vista includes an extensive reworking of core OS elements in order to provide content protection for so-called "premium content", typically HD data from Blu-Ray and HD-DVD sources. Providing this protection incurs considerable costs in terms of system performance, system stability, technical support overhead, and hardware and software cost. These issues affect not only users of Vista but the entire PC industry, since the effects of the protection measures extend to cover all hardware and software that will ever come into contact with Vista, even if it's not used directly with Vista (for example hardware in a Macintosh computer or on a Linux server). This document analyses the cost involved in Vista's content protection, and the collateral damage that this incurs throughout the computer industry. Executive Executive Summary --------------------------- The Vista Content Protection specification could very well constitute the longest suicide note in history. < - > http://www.cs.auckland.ac.nz/~pgut001/pubs/vista_cost.txt From rforno at infowarrior.org Fri Dec 22 16:02:16 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Dec 2006 16:02:16 -0500 Subject: [Infowarrior] - French court favors personal privacy over piracy searches Message-ID: French court favors personal privacy over piracy searches By Thomas Crampton Published: December 21, 2006 http://www.iht.com/articles/2006/12/21/business/privacy.php PARIS: A French court has ruled that music companies and other copyright holders cannot conduct unrestrained Internet monitoring to find pirates. The decision, which could leave record companies open to lawsuits in France for invasion of privacy, pits European Union-sanctioned data protection rules against aggressive tracing tactics used by the music and film industry. "The judge's decision defends the privacy of individuals over the intrusion from record labels," said Aziz Ridouan, president of the Association of Audio Surfers, a group that defends people charged with illegal downloading. "This should send a strong message and hopefully affect every one of the hundreds of people defending themselves." The case involved an Internet user in the Paris suburb of Bobigny whose internet provider address ? a unique computer identifier ? was traced while the user was on the peer-to-peer software Shareaza. "The right-holders found the IP address of my client and reported it to the police," said Olivier Hugot, the defending lawyer, who declined to name his client. "The annulment of the case is important because it has direct impact on the tactics used by record companies in dozens of cases in France." The organization responsible for tracing down Internet users, the Society of Music Authors, Composers and Publishers, played down the impact of the court decision and said that it would appeal. "This is just an isolated decision amid the many cases that we have successfully pursued," said Sophie Duhamel, communications director for the organization. "That said, it is not so good to have the decision in the jurisprudence." The ruling sends a strong message about privacy, said Mathias Moulin, a legal adviser at the French government watchdog that defends privacy on the Internet, the National Commission for Information Technology and Liberty. "The rights-holders should now understand that they cannot set up a system to identify downloaders on the Internet without proper authorization from us," said Moulin, whose organization has the ability to grant such permission. "It is important to have these protections established by a court." Invasion of privacy carries fines of up to ?300,000, or $395,000, and five years in prison, Moulin added. While it is up to the individuals to pursue such legal action, one government-supported organization is considering moves against monitors. "We do not know how many families or individuals were monitored before they chose who to prosecute," said Jean- Pierre Quignaux, a representative of the government-supported National Union of Family Associations. "Given the judge's decision, we are considering action against those invading privacy to catch music downloaders." French privacy law is based on a directive from the European Commission, but the ruling is not likely have an impact beyond France because of national laws. From rforno at infowarrior.org Fri Dec 22 19:30:45 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Dec 2006 19:30:45 -0500 Subject: [Infowarrior] - DOD bars use of HTML e-mail, Outlook Web Access In-Reply-To: Message-ID: (better late than never.....rf) DOD bars use of HTML e-mail, Outlook Web Access BY Bob Brewin Published on Dec. 22, 2006 http://www.fcw.com/article97178-12-22-06-Web Due to an increased network threat condition, the Defense Department is blocking all HTML-based e-mail messages and has banned the use of Outlook Web Access e-mail applications, according to a spokesman for the Joint Task Force for Global Network Operations. An internal message available on the Internet from the Defense Security Service (DSS) states that JTF-GNO raised the network threat condition from Information Condition 5, which indicates normal operating conditions, to Infocon 4 ?in the face of continuing and sophisticated threats? against Defense Department networks. Infocon 4 usually indicates heightened vigilance in preparation for operations or exercises or increased monitoring of networks due to increased risk of attack. The JTF-GNO mandated use of plain text e-mail because HTML messages pose a threat to DOD because HTML text can be infected with spyware and, in some cases, executable code that could enable intruders to gain access to DOD networks, the JTF-GNO spokesman said. In an e-mail to Federal Computer Week, a Navy user said that any HTML messages sent to his account are automatically converted to plain text. The JTF-GNO spokesman declined to say why the command raised the threat level except to say that Infocon levels are adjusted to reflect worldwide social and political events and activities. He said the current threat level does not bar the use of attachments, including Power Point slides used for briefings. He also declined to tell FCW what other restrictions on e-mail that JTF-GNO has imposed. But a December 2006 newsletter of the Colorado National Guard said that under Infocon 4, Guard members receiving e-mails from any unknown source, including ?mail received from unrecognized Department of Defense accounts,? should be viewed as potentially harmful. The Colorado Guard newsletter also alerted personnel to be vigilant against e-mail ?phishing? attempts to gain personal information. The ban on use of Outlook Web mail will hit thousands of users at Robins Air Force Base, Ga., according to an internal message available on the Internet. The ban on the use of Outlook Web Access ?will significantly impact the way we presently conduct business,? due to the fact that that Web mail is the primary means of e-mail access for 4,500 employees at the base, according to the message. Robins has developed a work-around for these users to access Outlook directly by logging on to government computers with their common access cards, the internal message said. JTF-GNO raised the DOD network threat level to Infocon 4 in mid-November after an attack on the networks at the Naval War College (NWC) required NWC to take its systems offline. The JTF-GNO spokesman said at the time that the increase in threat conditions had no relation to the attack against NWC. From rforno at infowarrior.org Fri Dec 22 22:47:00 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Dec 2006 22:47:00 -0500 Subject: [Infowarrior] - Congressional aide punk'd, then fired Message-ID: Congressional aide punk'd, then fired Robert Lemos 2006-12-22 http://www.securityfocus.com/print/brief/391 A member of a Republican Congressman's public relations staff attempted to hire two "hackers" to change a college grade, but instead became the punch line of an online joke, giving up his Social Security number, school ID, and even taking a picture of a squirrel, according to online reports. In transcripts of the e-mail exchange, a person claiming to be Todd Shriber (corrected)--the communications director for U.S. Representative Denny Rehberg (R-Mont.)--asked members of security Web site Attrition.org in August to help him change his college grades. Shriber, when contacted by a reporter at NetworkWorld, eventually admitted yesterday afternoon that he did indeed send the e-mail messages. The Congressman fired the communications director on Thursday, according to media reports. Perhaps the oddest piece of the exchange was the ability of the two Attrition.org members--security professional Brian Martin, also known as "Jericho," and another member using the name "Lyger"--to convince Scriber that he needed to provide them with a picture of a squirrel or pigeon. "I can supply all that," Shriber allegedly wrote when Jericho asked for Scriber's personal information and whether or not there were pigeons on campus. "Forgive what I assume is dumb question, but what are pigeons? I know you're not talking about the bird." To which "Jericho" responded: "Actually I am." When the duo assured him that a picture of a squirrel would work fine, Shriber sent a picture a week later. Politicians and business leaders have not been above dabbling in cybercrime. In 2004, two Republican staffers repeatedly took Democratic memos that had mistakenly been left accessible on the U.S. Senate's network and leaked them to the press. This year, a staff member to Phil Angelides, the Democratic rival to California Governor Arnold Schwarzenegger, took audio files that had also apparently been left accessible on the Schwarzenegger's campaign site. And, in 2005, a number of prospective business students hired a hacker who had access to business school networks to find out whether they had been accepted. Rep. Rehberg's office could not immediately provide a comment on the issue. CORRECTION: The original news brief had misspelled Todd Shriber's name. The article was also updated at 10:30 am PT with the news that Rep. Rehberg's office fired the communications director on Thursday. From rforno at infowarrior.org Sat Dec 23 13:34:23 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Dec 2006 13:34:23 -0500 Subject: [Infowarrior] - Published DHS Privacy Impact Assessments on the Web Message-ID: http://cryptome.org/dhs122006.htm 23 December 2006 Two notices. [Federal Register: December 20, 2006 (Volume 71, Number 244)] [Notices] [Page 76354] >From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr20de06-116] ----------------------------------------------------------------------- DEPARTMENT OF HOMELAND SECURITY Published Privacy Impact Assessments on the Web AGENCY: Privacy Office, Office of the Secretary, Department of Homeland Security. ACTION: Notice of Publication of Privacy Impact Assessments. ----------------------------------------------------------------------- SUMMARY: The Privacy Office of the Department of Homeland Security is making available five Privacy Impact Assessments on various programs and systems in the Department. These assessments were approved and published on the Privacy Office's Web site between October 1, 2006 and October 31, 2006. Dates: The Privacy Impact Assessment will be available on the DHS Web site until February 20, 2007, after which it may be obtained by contacting the DHS Privacy Office (contact information below). FOR FURTHER INFORMATION CONTACT: Hugo Teufel III, Chief Privacy Officer, Department of Homeland Security, Washington, DC 20528; by telephone (571) 227-3813, facsimile (866) 466-5370, or e-mail: pia at dhs.gov. SUPPLEMENTARY INFORMATION: Between October 1, 2006 and October 31, 2006, the Chief Privacy Officer of the Department of Homeland Security (DHS) approved and published five Privacy Impact Assessments (PIAs) on the DHS Privacy Office Web site, http: //http://www.dhs.gov/privacy, under the link for ``Privacy Impact Assessments.'' These PIAs cover five separate DHS programs. Below is a short summary of each of those programs, indicating the DHS component responsible for the system, and the date on which the PIA was approved. Additional information can be found on the Web site or by contacting the Privacy Office. 1. Background Check Service Citizenship and Immigration Services October 31, 2006: The United States Citizenship and Immigration Services (USCIS) is developing the Background Check Service (BCS) to help streamline the established USCIS background check process. As part of the adjudication process, USCIS conducts three different background checks on applicants/petitioners applying for USCIS benefits. These include (1) a Federal Bureau of Investigation (FBI) Fingerprint Check, (2) a FBI Name Check and (3) a Customs and Border Protection (CBP) Treasury Enforcement Communication System/Interagency Border Inspection System (TECS/IBIS) Name Check. Prior to BCS, information relating to the FBI Fingerprint Checks and the FBI Name Checks was stored in two different systems. Information relating to the TECS/IBIS Name Checks was not stored in any system. BCS will be the central repository for all activity related to these background checks. 2. MAXHR Solution Component ePerformance System Update Management October 13, 3006: The update is to acknowledge a new version due to a new DHS-specific System of Records Notice, MaxHR ePerformance Management System DHS/OCHCO-001, that is being published in the Federal Register in order to provide additional transparency to DHS employees regarding the program. 3. Electronic Travel Document Immigration and Customs Enforcement October 17, 2006: The Electronic Travel Document System (eTD) will maintain personal information regarding aliens who have been ordered removed or have been removed from the United States. The eTD will also maintain information on U.S. government employees and foreign consular officials required to access the system. The eTD system will present and share alien information with the foreign consular officials and associated governments for their use in the expedited issuance of travel documents. 4. Personal Identity Verification (PIV) HSPD 12 Management October 13, 2006: Homeland Security Presidential Directive 12 (HSPD-12), issued on August 27, 2004, required the establishment of a standard for identification of Federal Government employees and contractors. HSPD-12 directs the use of a common identification credential for both logical and physical access to federally controlled facilities and information systems. This initiative is intended to enhance security, increase efficiency, reduce identity fraud, and protect personal privacy. 5. Natural Disaster Medical System Federal Emergency Management Agency October 13, 2006: The National Disaster Medical System Medical Professional Credentials (NDMS) provides health services, health- related social services, other appropriate human services, and appropriate auxiliary services including mortuary and veterinary medical services in times of national emergency. NDMS also allows providers to respond to the needs of victims of a public health emergency or other public emergency, as defined in 42 U.S.C. 300hh- 11(b)(3)(A). The NDMS program collects and maintains personally identifiable information in order to hire and retain qualified medical professionals and other professionals that can be activated and deployed in times of emergency. Dated: December 12, 2006. Hugo Teufel III, Chief Privacy Officer. [FR Doc. E6-21751 Filed 12-19-06; 8:45 am] BILLING CODE 4410-10-P ----------------------------------------------------------------------- [Federal Register: December 20, 2006 (Volume 71, Number 244)] [Notices] [Page 76354-76355] >From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr20de06-117] ----------------------------------------------------------------------- DEPARTMENT OF HOMELAND SECURITY Published Privacy Impact Assessments on the Web AGENCY: Privacy Office, Office of the Secretary, Department of Homeland Security. ACTION: Notice of Publication of Privacy Impact Assessments. ----------------------------------------------------------------------- SUMMARY: The Privacy Office of the Department of Homeland Security is making available three Privacy Impact Assessments on various programs and [[Page 76355]] systems in the Department. These assessments were approved and published on the Privacy Office's Web site between November 1, 2006 and November 30, 2006. DATES: The Privacy Impact Assessments will be available on the DHS Web site until February 20, 2007, after which they may be obtained by contacting the DHS Privacy Office (contact information below). FOR FURTHER INFORMATION CONTACT: Hugo Teufel III, Chief Privacy Officer, Department of Homeland Security, Washington, DC 20528; by telephone (571) 227-3813, facsimile (866) 466-5370, or e-mail: pia at dhs.gov. SUPPLEMENTARY INFORMATION: Between November 1, 2006 and November 30, 2006, the Chief Privacy Officer of the Department of Homeland Security (DHS) approved and published three Privacy Impact Assessments (PIAs) on the DHS Privacy Office Web site, http://www.dhs.gov/privacy, under the link for ``Privacy Impact Assessments.'' These PIAs cover three separate DHS programs. Below is a short summary of those programs, indicating the DHS component responsible for the system, and the date on which the PIA was approved. Additional information can be found on the Web site or by contacting the Privacy Office. 1. CBP Automatic Targeting System Customs and Border Protection November 22, 2006: Department of Homeland Security, Customs and Border Protection (CBP), has developed the Automated Targeting System (ATS). ATS is one of the most advanced targeting systems in the world. Using a common approach for data management, analysis, rules-based risk management, and user interfaces, ATS supports all CBP mission areas and the data and rules specific to those areas. This PIA was prepared in conjunction with the System of Records Notice that was published on November 2, 2006 in the Federal Register. 2. Global Enrollment System Customs and Border Protection November 1, 2006: This is an update to the previous Global Enrollment System PIA, dated April 20, 2006. It was prepared in order to include a description and analysis of the Global On-Line Enrollment System, which is the new online application process for enrollment in Customs and Border Protection trusted traveler programs. With the new system, CBP will be able to offer an on-line enrollment process to prospective and existing members of GES programs. 3. United States Coast Guard ``Biometrics at Sea'' Mona Passage Proof of Concept U.S. Coast Guard November 3, 2006: This PIA describes the U.S. Coast Guard (USCG) and U.S. Visitor and Immigrant Status Indicator Technology (US-VISIT) Program partnership. The partnership is in furtherance of the broader objective to develop mobile biometric capabilities for the Department of Homeland Security (DHS). The findings from this proof of concept will be used to develop and refine technologies needed for mobile biometrics collection and analysis capability at sea, along with other remote areas where DHS operates. The technologies developed through this proof of concept will assist in the apprehension and prosecution of illegal migrants and migrant smugglers. They will also deter unsafe and illegal maritime migration, which will help preserve life at sea. The USCG deployed the at-sea biometric capability during the operational Proof of Concept (POC) in November 2006. Dated: December 12, 2006. Hugo Teufel III, Chief Privacy Officer. [FR Doc. E6-21752 Filed 12-19-06; 8:45 am] BILLING CODE 4410-10-P ----------------------------------------------------------------------- From rforno at infowarrior.org Sat Dec 23 13:37:15 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Dec 2006 13:37:15 -0500 Subject: [Infowarrior] - Cybersecurity Researcher Takes On Internet Fear Factor Message-ID: (c/o pogowasright.org) Cybersecurity Researcher Takes On Internet Fear Factor http://www.law.com/jsp/legaltechnology/pubArticleLT.jsp?id=1166782004301 The Privacy and Data Protection Legal Reporter December 26, 2006 The Privacy and Data Protection Legal Reporter spoke recently with professor Fred H. Cate, distinguished professor of law and adjunct professor of informatics at Indiana University, in Bloomington, Ind., about what he sees as the hyperbole that, at times, overtakes the public discussion about ID theft and electronic security. As the director of Indiana University's Center for Applied Cybersecurity Research, Cate is a leading researcher and consultant on issues such as phishing, consumers' use of passwords and cybersecurity. Privacy Reporter: In The Washington Post in October, you wrote that the general public and lawmakers are developing an overblown and misplaced fear about security breaches. Can you explain what you mean? Cate: "Misplaced" is a very good word to reflect what is going on today. This is not to say that the threat of identity theft isn't real, nor that the impact for the people who really suffer from having their identities stolen isn't terrible. But identity theft is not occurring with the frequency we often hear about in the press; in fact, studies suggest it is actually declining. Look at the high-profile case of the theft of the laptop computer from the Veterans Administration with information on 26.5 million veterans. Nobody suffered identity theft. The laptop has been recovered with the data untouched -- but only after weeks of hand-wringing, promise of impending doom and a request to Congress to provide $160.5 million to cover the cost of one year of credit monitoring for the veterans. Privacy Reporter: Why are we hearing more about these types of theft if they really are rare? Cate: Some people have pretty obvious motives to jump on the issue, such as if they are selling electronic security services. But others have motivations, too. Politicians like the issue because it's fairly simple to explain and to use to generate attention; then they can pass legislation to "solve" the problem. The press likes the idea of millions of records and billions of dollars of potential harm from runaway ID theft because that's more exciting than run-of-the-mill fraud or the subtleties of changing fraud patterns. Privacy Reporter: You mentioned Congress. What do you think about the need for a national privacy breach notification law? What about the state laws now in place? Cate: State notification laws have served some useful purposes by embarrassing companies that now have to admit publicly when their systems have been breached. To put it crassly, previously many companies did not internalize the value of personal data that they are holding. When they lost personal data, the companies were not hurt. Yet most companies did a far better job of internalizing the value of the confidential corporate information they are holding, and so they took stronger steps to protect that data. So the notification laws have created an incentive to improve data protection and housekeeping for consumer and employee information. But these state notification laws have caused problems too. The public has been inundated with notices where frankly little risk was presented and where there was little they could do in any event. Moreover, some state legislatures think they have solved the ID theft problem by passing these laws, and that's all they have to do. To the extent that these laws are leaving other problems unaddressed, this is a major concern. Privacy Reporter: Well, what are those unaddressed concerns? Cate: I see three issues: One that is here now, one that is clearly emerging and one that is starting to emerge. First, all the data we have now tell us that the biggest threat to our personal information security is the people we know. It's the same with many violent crimes. Most ID theft is committed by people you know. So laws that focus on strangers -- such as notification laws -- actually misfocus our attention. It would be better to tell people to lock up their checkbooks, look at the balances on their bank statements and to look out for themselves rather than to tell them to fear outsiders. Politically it's unfeasible to say that, but there is a lot that individuals can and should be doing to protect ourselves. Second, I see a problem that's starting to emerge, and has arrived in some sectors. This is phishing. But this problem is a lot broader than just the fraud that gets people to expose some information about themselves. The bigger problem is that there is little that industry can do right now to stop it. This is dangerous because people are giving personal information that can be used in so many damaging ways, and as people realize this, they stop trusting the Internet and e-mail. When I get an e-mail from eBay now, I just delete it, because I have no way of knowing if it's genuine. And more and more people are starting to act the same way. The result is that this very cheap, fast way to communicate is being undermined -- and that will cost all of us a great deal of money and convenience if it's not solved. The third thing is just starting to become a problem, but it's growing. This is very organized fraud that uses "synthetic identities." ID Analytics reported recently that it is seeing more of this, and chief security officers at banks are reporting increased incidences. The idea is: Why should a thief steal my identity to commit financial fraud? He doesn't know if I have good credit. It is more profitable to just create a totally new, "synthetic" identity and give it good credit and use it to perpetrate fraud. And what's worse, this fraud can be perpetrated much longer because there's no one whose identity was actually stolen -- so no one is filing a complaint or report. This is a good example of where current legislation is not helping to solve the problem. The FACT Act, through which we all can get a free credit report once a year, won't catch synthetic identities. Privacy Reporter: Given these many issues of concern, where do you see the primary vulnerabilities? Cate: It might sound obvious, but everyone is vulnerable. One interesting question is to look at where the law places liability. Individuals are almost never held liable for ID theft perpetrated against them, and that is good. Congress has basically said that you won't be held liable personally. Yet the vulnerability goes right to the heart of our digital economy. Congress and the states have no idea how to address the problem. Because as we move to faster and faster electronic commerce, fraud can move faster and faster. Meanwhile, the law is always behind. Think about getting a mortgage two decades ago, when you might have to visit the bank three times and then wait for weeks for approval; but the [delays in the] system made it arguably harder to commit fraud. Compare that to getting a loan to buy a new car in 10 minutes at a dealership today, but fraud is easier. So if fear of phishing causes even a 3 percent or 5 percent reduction in people's willingness to work online, that is huge as it is multiplied across the economy. If we combine that impact with the more draconian scenarios for false identifications, fake driver's licenses and so on, that can enable a person to get onto an airplane or into a secure building, then we see an impact that goes beyond financial. Privacy Reporter: What's the solution to the problems you outline? Cate: What worries me is that I don't see Congress appropriating money to study and research these issues, and to fund others to study them. You might expect the academic community to help, too, by advancing research. But this has been inadequate. Industry is struggling, too. In some situations, the problem is beyond their control. For example, you can open a bank account by showing your driver's license. But since driver's licenses can be easily faked, the bank can't protect itself perfectly from fraud. Companies also face numerous other financial priorities, and they also have the problem that they are competitors in many arenas, but this is one where they need to cooperate. I think there is potentially the need to re-engineer the Internet to address some of these problems. We need to find ways for messages and packets of data to be linked to specific send-ers or other sources. Similarly, we probably have to rethink forms of identification so that they are more reliable than drivers' licenses and more useful online. Privacy Reporter: Tell us about your research and the work of the Indiana University Center for Applied Cybersecurity Research. How are you tackling these types of problems? Cate: The Center addresses these issues in a number of ways. We conduct research on fraud, such as phishing, to understand the problem today, anticipate new types of attacks tomorrow and develop countermeasures. We study how people use computers and how security tools, such as passwords, can be designed to be more useful and reliable; it isn't just a question of designing better mousetraps, but of making sure those mousetraps can be used by real people. We do research on viruses and other forms of malicious code and how they spread through networks. We examine threats to handheld devices, computers in cars, home medical monitoring equipment and other less traditional technologies. The Center also does a lot of work helping to educate policymakers, journalists, industry leaders and the public about identity theft and its causes, steps we can take to protect ourselves and future threats. And we help train the next generation of cutting-edge computer scientists, business leaders, policymakers and others who will have to deal with cybersecurity threats in the future. Subscribe to The Privacy and Data Protection Legal Reporter. From rforno at infowarrior.org Sat Dec 23 22:19:02 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Dec 2006 22:19:02 -0500 Subject: [Infowarrior] - A Holiday Greeting to infowarrior-l Message-ID: (Ganked from one of my favorite sitcom series of the 1980s that ran on BBC --- "Yes (Prime) Minister.") (c/o http://video-limboland.blogspot.com/2006/08/christmas-at-ministry.html) Bernard: Before you go home for the holidays, Minister, Sir Humphrey has something to say to you. Sir Humphrey: Minister, Just one thing. I wonder if I might crave your momentary indulgence in order to discharge a, by-no-means disagreeable obligation, which is over the years become more-or-less, an established practice within government circles, as we approach the terminal period of the year, calendar of-course not financial. In fact not to put a too fine a point on it, week 51, and submit to you, with all appropriate deference for your consideration at a convenient juncture, a sincere and sanguine expectation and indeed confidence. Indeed one might go so far to say, hope, that the aforementioned period may be, at the end of the day, when all relevant factors have been taken into consideration, susceptible of being deemed to be such as, to merit the final verdict of having been, by-no-means unsatisfactory in it?s overall outcome and in the final analysis to give grounds for being judged, on mature reflection to have been conducive to generating a degree of gratification, which will be seen in retrospect to have been significantly higher than the general average. Jim Hacker: Humphrey, are you saying Happy Christmas? Sir Humphrey: Yes Minister! < - > Happy Holidays to the subscribers of infowarrior-l! -rick From rforno at infowarrior.org Sat Dec 23 23:58:35 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Dec 2006 23:58:35 -0500 Subject: [Infowarrior] - Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis Message-ID: Comparing Insider IT Sabotage and Espionage: A Model-Based Analysis The purpose of this study is to examine psychological, technical, organizational, and contextual factors we believe contribute to at least two forms of insider trust betrayal: insider sabotage against critical information technology (IT) systems, and espionage. http://www.cert.org/archive/pdf/06tr026.pdf From rforno at infowarrior.org Mon Dec 25 10:59:29 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Dec 2006 10:59:29 -0500 Subject: [Infowarrior] - Cable News: Who's shouting now? Message-ID: http://www.baltimoresun.com/news/opinion/ideas/bal-id.cable24dec24,0,694639. story?coll=bal-ideas-headlines Who's shouting now? The opinionated Fox News Channel is giving ground to increasingly noisy competitors By Nick Madigan Sun Staff December 24, 2006 Ever since Fox News Channel, founded in 1996, proved that news delivered with attitude, opinion and even belligerence could wipe the clock of just about any competitor, CNN - once the undisputed leader of the cable news pack - and a handful of smaller channels have been struggling to find a formula that brings in the same kind of numbers. Now, CNN and the others appear to have found an answer. Virtually all the competitors are slashing at the Fox ratings lead by offering their own versions of noisy and opinionated news. CNN has been closing on Fox and the others, including MSNBC and CNBC, have on occasion closed on CNN. They're all doing it by delivering the news with a strong personal flair. The most salient examples of the trend are Headline News's Glenn Beck, who is showing the fastest-rising ratings of anyone on cable news; Keith Olbermann, MSNBC's pugnacious but cerebral resident lefty; his colleague Chris Matthews, long an opponent of the Iraq war who was recently off the air because of illness but who remains very much in the mix; Nancy Grace, whose acerbic, finger-wagging style on Headline News is aimed primarily at miscreants and their lawyers; and, on CNBC, the manic money maven Jim Cramer, whose flailing arms and booming delivery is sheer entertainment for stock-market players who don't mind being shouted at. The shift toward all-opinion, all-the-time is also working on CNN for Lou Dobbs, who never tires of pushing protectionist views that have won him fans as well as critics. The somewhat stodgy Dobbs unabashedly labels his show "news, debate and opinion." The shakeout among the main cable news networks is all the more notable for the audience losses at Fox News Channel, which has suffered a 21 percent decline in total viewers when compared to the fourth quarter of 2005. Its biggest star, Bill O'Reilly, virtually invincible for much of the Bush administration's tenure, has also lost a significant number of viewers in the past year as the administration's fortunes have waned, its Iraq policy in shambles and its midterm electoral defeats conclusive. Overall, though, O'Reilly remains the king of cable, ahead of CNN's Larry King and the target of almost relentless invective from MSNBC's Olbermann, who cheerfully describes O'Reilly as "the worst person in the world." O'Reilly, quick to take offense from any challenge to his bedrock conservative views, is equally dismissive of Olbermann. Watching the two go after each other is a spectator sport. A spokeswoman for Fox, Irena Briganti, refused to make available for comment any of the network's executives or on-air personalities, writing in an e-mail message that there was "no reason" for Fox to contribute to a story that would include CNN and MSNBC. She wrote also that both networks remain "in a death struggle for second place" behind Fox. "Fox is still No. 1 thanks to O'Reilly," said Brian Stelter, who covers the industry on his TVNewser.com blog. "Without him, it would still be very competitive between CNN and Fox. Maybe the upstarts are starting to act a little more like Fox did, when Fox was David to CNN's Goliath. But now that Fox is Goliath, MSNBC and Headline News are starting to throw stones - or pebbles, at least." Stelter was particularly impressed with the rise of Dobbs on CNN, "to the point where he occasionally beats Brit Hume on Fox." On Dec. 11, Stelter said, Dobbs even came in ahead of his CNN colleague Larry King, who normally trounces everyone on cable news except O'Reilly. "I'd be worried if I were Fox," said Stelter about the surge by Dobbs, Olbermann, Beck and others whose numbers have been showing signs of momentum. For the past decade, since Fox News Channel began broadcasting, there was always a ratings formula that seemed to describe the war between CNN, FNC and their distant challengers. "It was 1 Fox equals 2 CNN, and 1 CNN equals 2 MSNBC," Stelter said. "Now it's not so simple any more. About half the time, MSNBC is beating CNN in the demo." By "the demo," Stelter means the 25-to-54 age demographic that advertisers covet, and whose viewing habits are therefore the most studied. Those are some of the same people who tend to watch Comedy Central's fake-news king, Jon Stewart - along with his late-night cohort, Stephen Colbert - and consider them the oracles of what's wrong and hypocritical in both media and government. Martin Kaplan, associate dean of the Annenberg School for Communication at the University of Southern California, said MSNBC's recent rise in audience numbers, largely because of Olbermann, is propelled by what he called "the Jon Stewart audience." Olbermann's show, Countdown, is "informative, edgy and funny, and it respects its audience," said Kaplan, who found it remarkable that "Jon Stewart and Stephen Colbert set a standard now." Kaplan is distressed at the changes at Headline News, which, in the evenings, has become the op-ed page to CNN's hard-news shows. "They used to be like the best AM radio news stations, in that you could turn them on at any time and get a fill of the headlines and hard news," Kaplan said of Headline News. "But now it's the same talking heads and ideologues and bullies as all the rest." Kaplan was no kinder to CNN, where he appreciates only the midday feed from CNN International in London. "It's an hour of competently done international news done by professionals," he said. Kaplan may have been on the mark with his criticism of the gravitas-free CNN anchor Tony Harris, who sometimes snickers his way through interviews. Kaplan said the network's morning shows "suffer from the same happy-talk disease that the broadcast networks have discovered is the key to ratings." On the other hand, CNN's curmudgeonly Jack Cafferty is appealing because, Kaplan said, "he's become the truth teller, the guy who says, 'How dumb do they think we are?' "It used to be more of a crank act," Kaplan said, referring to Cafferty. "But you get the sense now that there's more depth, a greater stake in the outcome. He's not just cynical. He's rooting for change." On election night, CNN won the ratings race, concurrent with the Democratic gains in Congress. "Fox did not do well in the elections," said Diedtra Henderson, a reporter in the Washington bureau of The Boston Globe and an avid election-watcher. "CNN's numbers were huge. CNN even took out full-page ads in The New York Times saying they were No. 1. Fox couldn't deal with the reality of the news, and CNN benefited because it was seen as bipartisan. CNN called races faster, while Fox anchors were arguing with guests." Jonathan Klein, president of CNN's U.S. operations, said it was "clear that Fox has lost the pulse of the country." Klein, who ditched the amiable anchor Aaron Brown a year ago in favor of the hustle-and-bustle Anderson Cooper, said Fox finds itself a victim of its almost unwavering support for the Bush administration, no matter what the reality in Iraq or elsewhere. "The war is going badly and it's made people turn away from flag-waving, sloganeering and spin and it's made the audience seek out answers," Klein said. "They want insight. The audience is increasingly on to the fact that Fox is giving people the administration party line." Klein cited as an example FNC's use of the slogan "New Way Forward" to identify Bush administration policy in Iraq. The slogan, Klein said, happens to be the administration's own title for its policy. Klein said there other kinks in Fox's armor. A year ago, he said, Greta Van Susteren's On the Record had a 52 share in the ratings, against Aaron Brown's anemic 17-share on CNN. Now, Van Susteren is down to a still-appreciable 39 share while Brown's replacement, Anderson Cooper, is at 31, and catching up. At MSNBC, Dan Abrams, who was appointed general manager six months ago, said he was thrilled that the network has found its focus and has become "regularly competitive" with CNN. "There's no question that in a competitive landscape we are the story of cable news right now," said Abrams, a former legal correspondent for NBC News. "We have shot up to a place where we are competitive. There's no question that Keith Olbermann is on fire; he's beating Paula Zahn on CNN in the key demo almost every night. From Imus to dayside programming to Chris Matthews to Keith Olbermann to Joe Scarborough - everything is on fire now. CNN has a lot to be worried about. CNN is in real danger of becoming the news dinosaur." Not necessarily. Although growing, MSNBC's numbers remain mostly in the shadows of the larger channels. Wolf Blitzer, whose daily Situation Room has come to define CNN's new, high-tech approach to breaking news, would not be drawn into comparisons with Fox, MSNBC or anyone else. "I welcome the competition," he said. "It makes us all better. If I play tennis with someone whose game is better than mine, I play better. Bring it on - the more the merrier. "My attitude is, if I give our viewers serious, important hard news, they will come. We've got a news environment now that's dominated by two subjects - Iraq and politics, and they're related. And they're two subjects I know well. They play to my strengths, and I think that's why viewers are watching us." The viewers of CNN, Blitzer said, are "news junkies" who "want some value" and "don't want junk." Beck, a longtime radio host who was brought into the Headline News fold only in May, has seen his ratings increase since then by 84 percent among the most-coveted viewers. "Crazy, isn't it?" asked Beck. "It just goes to show you how low our standards are. Who thought cable news would be fun?" Then, turning serious, Beck said audiences "are hungry for news in a different way." "Wherever you get your news during the day - CNN.com or Drudge Report, say - it's usually on the Internet," he said. "By the time you get home at night, you're already up to speed. Now what you're looking for is, what does this mean? You're not necessarily looking for outrageous opinion; you're looking for perspective." Beck, who had over a million viewers for a special on militant Islam in November, said he was trying to avoid the "self-righteous, pompous shtick" common to some of his competitors, as well as the tendency to "put people in little boxes, yelling at each other." "That's pretty much the cable news formula that makes you want to blow your head off nightly." Trying to explain his on-air appeal, the conservative Beck said it is "not a left versus right thing," but rather "right versus wrong." "It's the attitude that you don't take yourself too seriously," he went on. "If you think I'm wrong, please stand in line. I'm serving number 46 right now." Referring to a new French all-news channel, Beck could not resist taking a dig. "I hear," he said, "that they'll show the white flag 24 hours a day." nick.madigan at baltsun.com From rforno at infowarrior.org Mon Dec 25 23:50:26 2006 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Dec 2006 23:50:26 -0500 Subject: [Infowarrior] - Justice Dept. Database Stirs Privacy Fears Message-ID: Justice Dept. Database Stirs Privacy Fears Size and Scope of the Interagency Investigative Tool Worry Civil Libertarians http://www.washingtonpost.com/wp-dyn/content/article/2006/12/25/AR2006122500 483_pf.html By Dan Eggen Washington Post Staff Writer Tuesday, December 26, 2006; A07 The Justice Department is building a massive database that allows state and local police officers around the country to search millions of case files from the FBI, Drug Enforcement Administration and other federal law enforcement agencies, according to Justice officials. The system, known as "OneDOJ," already holds approximately 1 million case records and is projected to triple in size over the next three years, Justice officials said. The files include investigative reports, criminal-history information, details of offenses, and the names, addresses and other information of criminal suspects or targets, officials said. The database is billed by its supporters as a much-needed step toward better information-sharing with local law enforcement agencies, which have long complained about a lack of cooperation from the federal government. But civil-liberties and privacy advocates say the scale and contents of such a database raise immediate privacy and civil rights concerns, in part because tens of thousands of local police officers could gain access to personal details about people who have not been arrested or charged with crimes. The little-noticed program has been coming together over the past year and a half. It already is in use in pilot projects with local police in Seattle, San Diego and a handful of other areas, officials said. About 150 separate police agencies have access, officials said. But in a memorandum sent last week to the FBI, U.S. attorneys and other senior Justice officials, Deputy Attorney General Paul J. McNulty announced that the program will be expanded immediately to 15 additional regions and that federal authorities will "accelerate . . . efforts to share information from both open and closed cases." Eventually, the department hopes, the database will be a central mechanism for sharing federal law enforcement information with local and state investigators, who now run checks individually, and often manually, with Justice's five main law enforcement agencies: the FBI, the DEA, the U.S. Marshals Service, the Bureau of Prisons and the Bureau of Alcohol, Tobacco, Firearms and Explosives. Within three years, officials said, about 750 law enforcement agencies nationwide will have access. In an interview last week, McNulty said the goal is to broaden the pool of data available to local and state investigators beyond systems such as the National Crime Information Center, the FBI-run repository of basic criminal records used by police and sheriff's deputies around the country. By tapping into the details available in incident reports, interrogation summaries and other documents, investigators will dramatically improve their chances of closing cases, he said. "The goal is that all of U.S. law enforcement will be able to look at each other's records to solve cases and protect U.S. citizens," McNulty said. "With OneDOJ, we will essentially hook them up to a pipe that will take them into its records." McNulty and other Justice officials emphasize that the information available in the database already is held individually by the FBI and other federal agencies. Much information will be kept out of the system, including data about public corruption cases, classified or sensitive topics, confidential informants, administrative cases and civil rights probes involving allegations of wrongdoing by police, officials said. But civil-liberties and privacy advocates -- many of whom are already alarmed by the proliferation of federal databases -- warn that granting broad access to such a system is almost certain to invite abuse and lead to police mistakes. Barry Steinhardt, director of the Technology and Liberty Project at the American Civil Liberties Union, said the main problem is one of "garbage in, garbage out," because case files frequently include erroneous or unproved allegations. "Raw police files or FBI reports can never be verified and can never be corrected," Steinhardt said. "That is a problem with even more formal and controlled systems. The idea that they're creating another whole system that is going to be full of inaccurate information is just chilling." Steinhardt noted that in 2003, the FBI announced that it would no longer meet the Privacy Act's accuracy requirements for the National Crime Information Center, its main criminal-background-check database, which is used by 80,000 law enforcement agencies across the country. "I look at this system and imagine it will raise many of the same questions that the whole information-sharing approach is raising across the government," said Marc Rotenberg, executive director of the Electronic Privacy Information Center, a Washington-based group that has criticized many of the government's data-gathering policies. "Information that's collected in the law enforcement realm can find [its way] into other arenas and be abused very easily," Rotenberg said. McNulty and other officials said the data compiled under OneDOJ would be subject to the same civil-liberties and privacy oversight as any other Justice Department database. A coordinating committee within Justice will oversee the database and other information-sharing initiatives, according to McNulty's memo. Gene Voegtlin, legislative counsel for the Arlington-based International Association of Chiefs of Police, said his group welcomes any initiatives to share more data with local law enforcement agencies. "The working partnership between the states and the feds has gotten much better than the pre-9/11 era," Voegtlin said. "But we're still overcoming a lot of issues, both functional and organizational . . . so we're happy to see DOJ taking positive steps in that area." From rforno at infowarrior.org Tue Dec 26 00:00:54 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Dec 2006 00:00:54 -0500 Subject: [Infowarrior] - U.S. looks to Disney for welcome for visitors Message-ID: > With security much tightened since the attacks of September 11, 2001, the visa > and entry processes are so unpopular that the country was ranked as the > world's most unfriendly to visitors in a survey last month of travelers from > 16 nations. I find this deeply-embarrassing.........rf U.S. looks to Disney for welcome for visitors Wed Dec 6, 2006 12:17 PM ET http://today.reuters.com/news/articlenews.aspx?type=inDepthNews&storyid=2006 -12-06T171558Z_01_N05421059_RTRUKOC_0_US-USA-AIRPORTS-FRIENDLY.xml By Bernd Debusmann, Special Correspondent WASHINGTON (Reuters) - Faced with a decline in the number of overseas visitors and unpopular entry requirements, the U.S. government is turning to the Walt Disney Co. and other theme park operators to brighten the country's battered image. With security much tightened since the attacks of September 11, 2001, the visa and entry processes are so unpopular that the country was ranked as the world's most unfriendly to visitors in a survey last month of travelers from 16 nations. Last January, the government promised to work with the private sector to create a more welcoming environment without compromising security. But the "Rice-Chertoff Joint Vision" announced by Secretary of State Condoleezza Rice and then Homeland Security Secretary Michael Chertoff has yet to become reality. So far, applying for American visas still involves standing for hours in long lines at fortress-like embassies. Stern immigration officials at American airports often inspire fear, according to the survey. Enter the U.S. travel industry, which has watched with concern the parallel trends of rising anti-American feeling around the world and declining visitor numbers. Since September 11, 2001, industry leaders say, the government has tended to see foreign visitors as potential threats, and the screening process reflects that view. "We have missed an opportunity to make people feel welcome," said Jay Rasulo, chairman of Walt Disney Parks and Resorts. "The whole process must be friendlier and more efficient. We must invest in creating a first impression of hospitality and friendliness at our borders." From rforno at infowarrior.org Tue Dec 26 00:12:37 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Dec 2006 00:12:37 -0500 Subject: [Infowarrior] - Scrooge and intellectual property rights In-Reply-To: Message-ID: (The esteemed Michael Crichton said pretty much the same thing at the press club last month........rf) BMJ 2006;333:1279-1280 (23 December), doi:10.1136/bmj.39048.428380.80 Scrooge and intellectual property rights A medical prize fund could improve the financing of drug innovations http://www.bmj.com/cgi/content/full/333/7582/1279 At Christmas, we traditionally retell Dickens's story of Scrooge, who cared more for money than for his fellow human beings. What would we think of a Scrooge who could cure diseases that blighted thousands of people's lives but did not do so? Clearly, we would be horrified. But this has increasingly been happening in the name of economics, under the innocent sounding guise of "intellectual property rights." Intellectual property differs from other property?restricting its use is inefficient as it costs nothing for another person to use it. Thomas Jefferson, America's third president, put it more poetically than modern economists (who refer to "zero marginal costs" and "non-rivalrous consumption") when he said that knowledge is like a candle, when one candle lights another it does not diminish from the light of the first. Using knowledge to help someone does not prevent that knowledge from helping others. Intellectual property rights, however, enable one person or company to have exclusive control of the use of a particular piece of knowledge, thereby creating monopoly power. Monopolies distort the economy. Restricting the use of medical knowledge not only affects economic efficiency, but also life itself. We tolerate such restrictions in the belief that they might spur innovation, balancing costs against benefits. But the costs of restrictions can outweigh the benefits. It is hard to see how the patent issued by the US government for the healing properties of turmeric, which had been known for hundreds of years, stimulated research. Had the patent been enforced in India, poor people who wanted to use this compound would have had to pay royalties to the United States. In 1995 the Uruguay round trade negotiations concluded in the establishment of the World Trade Organization, which imposed US style intellectual property rights around the world. These rights were intended to reduce access to generic medicines and they succeeded. As generic medicines cost a fraction of their brand name counterparts, billions could no longer afford the drugs they needed. For example, a year's treatment with a generic cocktail of AIDS drugs might cost $130 (?65; {euro}170) compared with $10 000 for the brand name version.1 Billions of people living on $2-3 a day cannot afford $10 000, though they might be able to scrape together enough for the generic drugs. And matters are getting worse. New drug regimens recommended by the World Health Organization and second line defences that need to be used as resistance to standard treatments develops can cost much more. Developing countries paid a high price for this agreement. But what have they received in return? Drug companies spend more on advertising and marketing than on research, more on research on lifestyle drugs than on life saving drugs, and almost nothing on diseases that affect developing countries only. This is not surprising. Poor people cannot afford drugs, and drug companies make investments that yield the highest returns. The chief executive of Novartis, a drug company with a history of social responsibility, said "We have no model which would [meet] the need for new drugs in a sustainable way ... You can't expect for-profit organizations to do this on a large scale."2 Research needs money, but the current system results in limited funds being spent in the wrong way. For instance, the human genome project decoded the human genome within the target timeframe, but a few scientists managed to beat the project so they could patent genes related to breast cancer. The social value of gaining this knowledge slightly earlier was small, but the cost was enormous. Consequently the cost of testing for breast cancer vulnerability genes is high. In countries with no national health service many women with these genes will fail to be tested. In counties where governments will pay for these tests less money will be available for other public health needs. A medical prize fund provides an alternative. Such a fund would give large rewards for cures or vaccines for diseases like malaria that affect millions, and smaller rewards for drugs that are similar to existing ones, with perhaps slightly different side effects. The intellectual property would be available to generic drug companies. The power of competitive markets would ensure a wide distribution at the lowest possible price, unlike the current system, which uses monopoly power, with its high prices and limited usage. The prizes could be funded by governments in advanced industrial countries. For diseases that affect the developed world, governments are already paying as part of the health care they provide for their citizens. For diseases that affect developing countries, the funding could be part of development assistance. Money spent in this way might do as much to improve the wellbeing of people in the developing world?and even their productivity?as any other that they are given. The medical prize fund could be one of several ways to promote innovation in crucial diseases. The most important ideas that emerge from basic science have never been protected by patents and never should be. Most researchers are motivated by the desire to enhance understanding and help humankind. Of course money is needed, and governments must continue to provide money through research grants along with support for government research laboratories and research universities. The patent system would continue to play a part for applications for which no one offers a prize . The prize fund should complement these other methods of funding; it at least holds the promise that in the future more money will be spent on research than on advertising and marketing of drugs, and that research concentrates on diseases that matter. Importantly, the medical prize fund would ensure that we make the best possible use of whatever knowledge we acquire, rather than hoarding it and limiting usage to those who can afford it, as Scrooge might have done. It is a thought we should keep in mind this Christmas.3 4 5 6 Joseph E Stiglitz, professor 1 Columbia University, New York, NY 10025, USA jb2632 at columbia.edu Competing interests: JES was chief economist of the World Bank from 1997 to 2000 and a member and then chairman of President Clinton's Council of Economic Advisers from 1993 to 1997. He won the Nobel Prize for economics in 2001. References 1. M?decins Sans Fronti?res. People not getting the treatment they need to stay alive. Newer AIDS drugs unaffordable and unavailable. Geneva: MSF, 29 November 2006. 2. Andrew J. Novartis chief in warning on cheap drugs. Financial Times 29 September 2006. 3. Stiglitz JE. Making globalization work. New York: WW Norton, 2006. 4. Hollis A. Optional rewards for new drugs for developing countries. Geneva: World Health Organization, 5 April 2005. www.who.int/entity/intellectualproperty/submissions/Submissions.AidanHollis. pdf. 5. Pogge T. Human rights and global health: a research program. Metaphilosophy 2005;1/2(36). 6. Love J. Submission of CPTech to IGWG. 15 November 2006. www.who.int/entity/public_hearing_phi/summary/15Nov06JamesLoveCPTech.pdf From rforno at infowarrior.org Tue Dec 26 01:29:22 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Dec 2006 01:29:22 -0500 Subject: [Infowarrior] - OpEd: HD disk format wars are over Message-ID: http://www.theinquirer.net/default.aspx?article=36574 HD disk format wars are over A clear victor emerges By Charlie Demerjian: Tuesday 26 December 2006, 01:22 THE NEXT GENERATION disk format has been settled once and for all. Thanks to the due diligence, hard work and unprecedented cooperation between the media companies, the hardware vendors and the OS vendor, we finally have a solution. It is quite easy, Piracy, the better choice(TM). Yes, in a year where Sony rootkitted it's customers, lied to my face about their actions (hi John, still have your number, kisses), and fell flat with anything related to Blu-Ray, things couldn't get worse right? Well, the other camp, HD-DVD is only slightly less nasty, but still unacceptable. Standing shoulder to shoulder, they both failed in the market. MS and the media companies sold you out hoping to reap more and more profits. Let me just say I held out no hope that they would behave in anything less than a socially irresponsible fashion, but the depths of their depravity did end up shocking me. Then came the PC makers, the dumb sheep that they are. There seems to be a race to see who can pass the buck quickest in this camp. From my dealing with them last CES where they said 'we have to screw our customers, we were asked nicely to', to the blaming of people up and down the food chain from them, it is a comic scenario. Pathetic. Then comes the chipmakers, AMD and Intel, and the respective platforms, Live and VIIV. What laughable efforts those are. A year and a half ago, I said that Intel sold you out, and they did. The DRM infested nightmares of consumer rights removal that are the media platforms have one thing in common, the content mafia is quite adamant that they are still too insecure. The strategy from Intel was to start at a middle ground and push to the consumer side of things as time went on. Instead, they started out as MS's bitch and were beaten into submission like a redheaded stepchild. Now they have the glorious job of jumping at the every whim of the media companies, way to hold your head high Intel! I would say the same for AMD, but to this day, I am not sure what Live does, if it really exists. Both companies will tout absolutely huge sales figures, and MS will point to incredible Media Center sales, up thousands of percent this year alone. Let me clue you in on something, MCE used to mean that you needed a tuner, you had to meet certain requirements for power, speed and functionality. These boxes flopped so badly it was laughable, selling more restrictions for more money is not a bright marketing strategy. Now, MCE is sold instead of XP home. The requirements? None really, so basically all sales that were home are now MCE. I defy you to find any retail customer who actually uses it in that fashion, maybe 1% do. With the proliferation of MCE, both Live and VIIV stickers moved out into mainstream boxes. Damn those things sell like hotcakes, umm, what do they get me besides DRM infections again? No, really, I mean it, WTF do they do? Anyone? So, both Intel and AMD are jumping up and down over the 'successes' of their respective DRM for manufacturer kickback programs. Be still my beating heart. Basically, what we have is a series of anti-consumer DRM infections masquerading as nothing in particular. They bring only net negatives to anyone dumb enough to pay money for them, and everything is better than these offerings. They sell in spite of the features they tout, not because of them. The manufacturers still have the balls to look you in the eye and say that they are selling because of the programs/features/DRM. Marketers, what a laugh riot. In the end, every step in this chain of consumer woe that is Blu-Ray, HD-DVD, Live, VIIV, HDCP, MCE and Vista is flopping. And that is where the better choice comes in. The consumers have voted with their dollars, and are staying away in droves. All the walls of the walled gardens are being built higher and higher, with the occasional brick landing on the head of someone who pulls out a credit card. Buy now, there is a brick with your name on it whistling down, operators are standing by. In the mean time, Piracy, the better choice (tm) flourishes. If you take 10 minutes to look around, you will see that every HD movie is now available on P2P networks. I haven't bothered to get one, so I can't comment on the quality, but it sure looks like availability is there. What was an underground clique in the 1980s and 1990s has become mainstream and so vastly much easier to do that it is laughable. Before the technology hits 1% market penetration it is comprehensively cracked and better for the consumer than the legit versions. The lawsuits, threats, purchased governance and stern speeches could not prevent the children of Warner Music from pirating, the less moneyed masses are a lost cause. (Funny how he wasn't sued though, kind of makes you wonder...) As of right now, anyone can get any music or movie they want, for free, much more easily than they can through legal DRM infected channels. Piracy, the better choice (tm). If you try and purchase any of this content, you descend into a DRM nightmare of incompatibility and legal mires. Your monitor will not work with your Blu-Ray drive because your PC decided that a wobble bit was set wrong. You just pissed away $6K on a player, media center PC and HD TV for nothing, you lose. The Warner CEOs kids have a nice new car to play their pirated CDs in though. On the other hand, if you downloaded that content, in HD no less, you save the $1000 on the Blu-Ray player, $30 on the movie, and it works seamlessly out of the box. The available content is much higher with piracy, and it is quite on-demand. You don't need to sign up, give them your details to be sold to marketers who call during dinner and spam you, you just get the content you want, when you want, how you want. There is no iTunes/Plays for (not) Sure incompatibility, it just works. Piracy, the better choice(tm). On the down side, the RIAA/MPAA/PATSY/TOOLBOY have sued probably 10,000 people now, and each 'settlement' is, well lets just use $5000 for the sake of round numbers. Now, the conservative estimates of P2P usage was around 30 million people, but I am pretty damn sure that is far lower than the actual usage. Last time I saw anything serious, it was 35M and growing fast. Lets just assume that it is now 50M users. 10,000 * $5,000 = $50,000,000. The net cost to each P2P user, assuming everyone out there settles is $1. To look at it another way, if you look at it in the worst case light, you have a 1 in 5000 chance of getting nailed. A lot of people buy lottery tickets with far far worse odds than that, and spend more than $5000 doing so every few years. To be even more cynical, hands up everyone who personally knows someone who got sued by the RIAA. Now, hands up everyone who knows someone who downloaded music or movies. Any guesses which one is bigger? Piracy, the better choice (tm). What do we end up with? A year or more where the CE industry pushed, pulled, legislated and litigated their way to obscurity. Along the way, they killed yet another promising consumer technology, well 5 or 6 actually, and made Intel and AMD their bitches. We all were on the verge of losing this format and DRM infection war until a dark horse champion emerged to snatch victory from the jaws of evil. Piracy, the better choice(tm). ? From rforno at infowarrior.org Tue Dec 26 10:04:59 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Dec 2006 10:04:59 -0500 Subject: [Infowarrior] - What's with the squeaky voices in tv commercials? Message-ID: What is it about the recent trend towards using irritating little girls and their squeaky voices in television advertising? Three current commercials come to mind: 1) Texas Instruments DLP. The girl who, at the end of the commercial, tells you "it's the MEERS." (it should be "mirrors" - learn to speak English!) This has been especially-annoying during American fooball season. 2. Cisco's "human network" girl --- annoying high-pitched squeaky narration that goes on and on and on and on.... 3. I think it's AIG financial; a precocious little girl telling her father about all the things he should be worried about in life. ....and of course, speaking of TV commercials, a pox on BMW for their "screaming kids" commercial that ran during the holidays. Talk about an abrasive noise during the workday to interrupt your workflow. Good job, BMW -- you've turned me off from your brand for life. *growl* -rf From rforno at infowarrior.org Tue Dec 26 10:11:49 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Dec 2006 10:11:49 -0500 Subject: [Infowarrior] - Pelosi says no to C-SPAN request on floor proceedings Message-ID: Pelosi says no to C-SPAN request on floor proceedings Associated Press Article Launched: 12/22/2006 04:38:28 PM MST http://www.elpasotimes.com/election/ci_4887745 WASHINGTON -- Speaker-to-be Nancy Pelosi cited the need to preserve the ''dignity and decorum'' of the House as she rejected a request Friday that C-SPAN operate its own cameras in covering the chamber. The public service network has provided gavel-to-gavel television coverage of House proceedings since 1979. But the House leader has kept control of the cameras, with coverage generally limited to tight shots of the speaker or the podium. The situation is similar in the Senate, which C-SPAN has televised since 1986. C-SPAN's chairman and chief executive told Pelosi, D-Calif., that under this arrangement, cameras are prevented ''from taking individual reaction shots or from panning the chamber, leaving viewers with an incomplete picture of what's happening in the House of Representatives.'' Brian Lamb wrote Pelosi on Dec. 14 that media cameras long have been permitted to cover committee hearings and that for a dozen years or more independent cameras have been allowed into the chamber for joint sessions Advertisement and joint meetings in the House. He said C-SPAN would cover floor proceedings in the same manner it covers hearings _ ''fully, accurately and with the unbiased production style on which we've built our reputation for the past 28 years.'' Pelosi said in her response Friday, ''I believe the dignity and decorum of the United States House of Representatives are best preserved by maintaining the current system of televised proceedings.'' Lamb said in an interview he was ''very disappointed'' by Pelosi's decision. He said he tried unsuccessfully to change the policy when Republicans gained control of the House in 1995 and thought this would be another good opportunity because Pelosi has stressed that this will be the most open and ethical Congress in history. From rforno at infowarrior.org Tue Dec 26 19:13:52 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Dec 2006 19:13:52 -0500 Subject: [Infowarrior] - Scrape this, Kemcom! (AIA #2007-01) Message-ID: They say imitation is the sincerest form of flattery. Over the holiday weekend, I learned that an Australian company called Kemcom has conducted a near-total scrape of my website for its own commercial use. The current infowarrior.org site design, including many elements and even my "slogan", was shamelessly-ganked (and slightly-modified) by Dean and Susan Kempe of Kemcom back in (at least) 2005. Most of you know I am all for open sharing and learning, and often have granted free permission to use stuff from my website in other ventures over the years provided that credit is given where credit is due. In Kemcom's case, no credit was given, and no permission ever was requested. Granted, my present website is long overdue for a facelift, but still -- shame on Kemcom for such blatant and inconsiderate pilferage. Screencaps and add'l info: http://www.infowarrior.org/aia/kemcom-rip/ So I'm flattered and humbled at the imitation. But also incensed by it. -rick Infowarrior.org From rforno at infowarrior.org Tue Dec 26 21:27:25 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Dec 2006 21:27:25 -0500 Subject: [Infowarrior] - Microsoft Vista: ready for a new 0day Message-ID: (can't say I disagree here.......rf) http://attrition.org/news/content/06-12-26.001.html Sent from an anonymous visitor, we now see how Microsoft should have packaged Vista: http://attrition.org/images/vista2.jpg If Vista isn't even secured against malware from 2004, can you imagine what 2007 will bring? From rforno at infowarrior.org Tue Dec 26 22:17:34 2006 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Dec 2006 22:17:34 -0500 Subject: [Infowarrior] - Wikipedia Founder Plans Search Engine Message-ID: Wikipedia Founder Plans Search Engine The search engine, code-named Wikiasari, would combine open source technology and human intervention to deliver more relevant results than the algorithm-based systems used today. By Antone Gonsalves, InformationWeek Dec. 26, 2006 URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=196701966 Jimmy Wales, founder of online encyclopedia Wikipedia, is planning to build an online commercial search engine that would compete with Google and Yahoo. The search engine, code-named Wikiasari, would combine open source technology and human intervention to deliver more relevant results than the algorithm-based systems used today, Wales said Tuesday. "Human intelligence is still the best thing we have, so let's let humans do what they do best, and computers do what they do best." Wikiasari combines the Hawaiian word for quick, "wiki," with the Japanese word "asari," which means "rummaging search." Relevance remains a challenge in online search, since machines can only take a roundabout approach in determining the ranking of results delivered to people's queries. For example, Google's automated system considers the number of links to a Web site in determining whether it's closer to the top or bottom of results. Wales plans to combine the user-based technology behind nonprofit Wikipedia with open source Web-search software called Nutch, which is part of the Apache Lucene project. The latter has developed a full-featured text search engine written in Java. Wales doesn't know how his search engine would combine human intelligence and technology. "We really haven't determined how all of this is going to work," he said. However, Wales believes the time is right, given the availability of what he considers solid open-source technology. "The time is right, because we actually have some tools available to start building something interesting," he said. Wikipedia depends on user contributions in building an online encyclopedia. Registered users can add any item or edit items already posted. The site works on the idea that the collective knowledge of the masses is better than a system run by editors and expert contributors. Wikipedia, however, has had its problems with erroneous postings, which are corrected as soon as site operators are notified. Wales hopes to launch his search engine within two years. Development would be funded by his for-profit company Wikia Inc. Its investors include Bessemer Venture Partners and Amazon.com. Wales hopes to make money with his search engine through online advertising. Text ads related to search queries and delivered with results have become a multibillion-dollar market, with Google the clear leader. However, whether Wales can capture even a thin slice of the market against tech leaders like Google, Yahoo, and Microsoft, or even smaller search engines like Ask.com, remains to be seen. From rforno at infowarrior.org Wed Dec 27 00:12:52 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Dec 2006 00:12:52 -0500 Subject: [Infowarrior] - Nostalgia: To Send a Page, Press #, and Hope It Still Works Message-ID: (Remember the Motorola Bravos? They were the geek equivalent of Jordache Jeans and Members-Only jackets......everybody HAD to have one! -rf) December 27, 2006 To Send a Page, Press #, and Hope It Still Works By JAMES BARRON http://www.nytimes.com/2006/12/27/nyregion/27beeper.html?pagewanted=print Arkadiy Shats was gentle, examining the old patient and deciding he had no choice but to operate. The surgery went fast: no more than 10 seconds of juggling a screwdriver and a pair of tweezers. The patient was a pager. Remember pagers? They were the razzle-dazzle innovation that kept doctors tethered to patients, drug dealers tethered to customers, government officials tethered to underlings, reporters tethered to editors. In the 1980s and early 1990s, everybody carried them. They beeped. They chirped. Or, in what their manufacturers called their ?silent? mode, they vibrated in pockets and purses, or clipped to belts. Now try to find someone who has one. Beepers have become technological fossils, on the way to extinction in the world?s rush to cellphones and all-in-one devices that can handle e-mail messages and browse the Web. Beepers are a leftover from the days when a cellphone was a novelty the size of a brick with a battery that lasted minutes, not days. Cellphones were geeky, not glamorous. Mr. Shats, 52, rode the wave of pager technology up, and now he is riding it down. He has spent the last 19 years in a cluttered room with a meat-locker door and shiny metal walls that are covered in takeout menus and schematic circuit diagrams. His job is to repair pagers, to bring these relics of the early digital age back to life for the few who cling to them. He works for a company in Prospect Heights, Brooklyn, called CPR Technology. The three letters once stood for Certified Pager Repair. Now the pager business is all but on life support, and the company makes more money retailing accessories for Nextel phones online and importing equipment that manufacturers can use to test electronics products before shipping them from the factory. But CPR Technology still repairs pagers, one of only a few companies in the New York metropolitan region to still do so. ?There are a lot of people who will be using this until the end of time,? said the president of CPR Technology, Charlie Tepper, 46. Still, the numbers show that the end of time may not be far off. About 45 million pagers were in use nationwide in 1999. Now the total is 7.4 million, down from 8.2 million a year ago, according to Brad Dye, a wireless messaging consultant who is editor and publisher of three newsletters including The Paging Information Resource. He says the average monthly paging bill is about $9, while CTIA ? the Wireless Association, a trade group that represents cellular companies, says the comparable figure for a cellphone is $49.30. CTIA says there are 219.4 million cellphone subscribers. ?It isn?t that people didn?t like pagers,? Mr. Dye said. ?It?s just that it was hard for the paging industry to compete with cellphones.? Once, pagers were a status symbol that demanded attention, their little screens displaying strings of numerals (although some pagers could also transmit letters). Was that a telephone number, or the primitive slang from the days before text messaging? Only the recipient knew whether a message was the code for ?I love you? from a girlfriend or ?the cops are coming? from a drug dealer?s lookout. Now pagers are a punch line on the NBC sitcom ?30 Rock,? which featured a character who described himself as the ?beeper king? after working his way to the top of a pager business. Another character said he could not give up his beeper because he was expecting a call from 1985. It is enough to make real-life beeper kings wince. But Robert G. Daigle, a vice president of Evalueserve, a research company that tracks communications trends, has a word for what has happened to pagers. ?They?ve been disintermediated,? he said. ?It?s a big fancy business term you use to talk about people who are no longer needed in business.? Nowadays the nation?s largest pager company is USA Mobility, which was born in 2004 in the merger of two smaller companies that had filed for Chapter 11 bankruptcy protection in 2001. A spokesman said USA Mobility now provides service to 4.2 million pagers nationwide. Hospitals continue to use pagers, in part because, unlike cellphones, pager signals reach into buildings without causing concern about interfering with medical equipment. Mount Sinai Medical Center in Manhattan, for example, provides more than 3,000 pagers to doctors, residents and interns. But Mount Sinai knows it will have to come up with an alternative before too long. ?I think they will be a thing of the past in a couple of years,? said Eunice Davis, assistant director of telecommunications for Mount Sinai. ?Not many companies make pagers.? Motorola, which dominated the market for pagers in its heyday, stopped making them in 2001. But that created opportunities for technicians like Mr. Shats and engineering entrepreneurs like Mr. Tepper. As Mr. Dye of The Paging Information Resource said: ?The 40 million pagers that people quit using, they didn?t throw them all in the trash. A lot of those have been refurbished.? Which is what happens inside Mr. Shats?s little room, where patterns dance across his oscilloscope as he connects probes to troubleshoot an ailing pager. The metal walls keep out electronic interference, including pager signals, Mr. Shats explained. How old was the patient he was working on? His boss, Mr. Tepper, reached into a file and pulled out the manual for that model. ?Copyright 1989,? he read. Some of the equipment Mr. Shats uses is older than that. Outside the room are computers that can be used to reconfigure the electronic code that gives a pager its identity. The computers are so old that they run MS-DOS, not Windows. Mr. Tepper talked about the days when he ran a company, MetroPage, which marketed Nynex paging equipment through retail stores. ?The main clients were doctors, drug dealers and businessmen,? Mr. Tepper said. ?We were behind a thick piece of plexiglass and had two dogs, a Rottweiler and a German shepherd.? There were threats, which Mr. Tepper remembers as ?if my pager isn?t on by the end of today, something?s going to happen.? Since then, he has diversified. ?We would not be able to survive if we were only repairing pagers,? Mr. Tepper said. ?Wouldn?t be possible. In our heyday, we had around eight or nine people working on double shifts,? Mr. Tepper said. ?At one point, we had three delivery cars, drivers with two-way radios. We?d be running around, picking up pagers to be repaired and connected. We?d be here till midnight, making sure these things were fixed and out the door the next day.? In the ?90s, Mr. Tepper and Mr. Shats took pagers apart and ?reverse-engineered? their liquid-crystal displays, the windows that display the messages, so they could produce their own. Then Mr. Tepper found a factory in China to manufacture them. For several years, CPR Technology sold 300,000 to 400,000 such displays to other pager repairers, Mr. Tepper said. That branch of his business has fallen by 90 percent in the last couple of years, he said. But he became an importer for a South Korean company that makes equipment used to test new devices like Treo 650 cellphones. These days he mostly leaves the repairs to Mr. Shats, who is not living the lonely life of a Maytag repairman. But things are not as exciting as, say, the time he opened a pager and discovered that it had become home to dozens of cockroaches. ?I closed very fast,? he said, ?and put tape around it to keep them from getting out.? From rforno at infowarrior.org Wed Dec 27 09:36:09 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Dec 2006 09:36:09 -0500 Subject: [Infowarrior] - Quake cuts off much of Asia Internet Message-ID: (c/o JF) Quake cuts off much of Asia Internet Dec 27 5:04 AM US/Eastern http://www.breitbart.com/news/2006/12/27/061227100430.q1satn81.html Internet and phone services have been disrupted across much of Asia after an earthquake damaged undersea cables, leaving one of the world's most tech-savvy regions in a virtual blackout. >From frustrated traders seeking in vain for stock quotes to anxious newshounds accustomed to round-the-clock updates on world events, millions of people from China to Japan to Australia were believed to have been affected. There was no chaos on the stock exchanges or any of the other doomsday scenarios of science fiction, but reports that services could be down for weeks were dramatic enough. "It is not a matter of days," said Hong Seoung-Yong, an official with South Korea's information and communication ministry. "It will take longer than that to repair the damaged lines." A 7.1-magnitude earthquake off the coast of Taiwan on Tuesday night, which was followed by several smaller quakes in the region, apparently damaged the vast network of underwater cables that enables modern communication. "The Internet capacity in Taiwan is about 40 percent now, so the service is jammed," said a spokesman for Chunghwa Telecom, Taiwan's largest phone company on Tuesday. The disruption was widespread, hitting China, Japan, South Korea, Taiwan, Singapore, Hong Kong and elsewhere, with knock-on effects as far away as Australia for companies whose Internet is routed through affected areas. Phone services in some countries were also disrupted, in particular for calls to the United States. "Several undersea data cables were damaged," said a spokesman for PCCW, Hong Kong's biggest telecoms company. Service providers quickly tried to redirect customers to the cables that had not been affected but the reduced capacity was no match for the normal workload of users, leaving Internet service that was painfully slow or non-existent. "It's a nightmare, basically, because we have no idea what is going on in the markets today," said Steve Rowles, an analyst with CFC Seymour in Hong Kong, who echoed others in saying that damage was limited due to year's end. "It has happened on the right day as a lot of people are away for holidays, so there's low trading volumes," he said. The Tokyo Stock Exchange, the world's largest bourse outside of New York, was functioning without problems, a spokesman said. The Hong Kong stock exchange also said it was also working without problems, but after-hours crude trading in Singapore was affected as traders reported they could not access the New York Mercantile Exchange (Nymex). NTT Communications, the long-distance call business of Japan's largest telecom firm Nippon Telegraph and Telephone Corp., said 1,400 toll-free phone lines and 84 international lines used internally by companies were affected. Internet disruptions were felt across China, with web-users in cities as far apart as Beijing in the north and Chengdu in the southwest reporting difficulties accessing overseas websites, state media reported. The crux of the trouble seemed to be in the underseas routes near Taiwan, which providers would try to bypass in favour of other routes through Europe, said a spokesman for Japanese telecoms firm KDDI Corp, Satoru Ito. "If there is too much traffic on that route, it might get blocked up and further slow down Internet connections," Ito said. From rforno at infowarrior.org Wed Dec 27 09:54:54 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Dec 2006 09:54:54 -0500 Subject: [Infowarrior] - US creates terrorist fingerprint database Message-ID: US creates terrorist fingerprint database By Warren Richey | Staff writer of The Christian Science Monitor http://www.csmonitor.com/2006/1227/p01s03-usfp.html The US government is building a massive database designed to identify individual terror suspects from fingerprints on objects such as a tea glass in an Iraqi apartment or a shell casing in an abandoned Al Qaeda training camp. The database is being created in part by forensic specialists searching for and preserving evidence overseas. They are collecting unidentified latent fingerprints in places once occupied by Al Qaeda and other suspected terrorists. The information is feeding into a computerized system designed to match a name with an unidentified fingerprint. Homeland Security Secretary Michael Chertoff calls the program "a quantum step forward in security." "(It) gives us the ability to identify the unknown, unidentified terrorist," he said in a recent speech. "It also creates a powerful deterrent for anybody who has ever spent time sitting in a training camp, or building a bomb in a safe house, or carrying out a terrorist mission on a battlefield." Not everyone sees the creation of such a database as progress. Privacy advocates and civil libertarians say it could lead to a dangerous erosion of American rights. Privacy advocates voice concern "Our assessment of these systems is that many that are undertaken with a goal of identifying terrorists eventually become systems of mass surveillance directed toward the American public," says Marc Rotenberg, president of the Electronic Privacy Information Center in Washington. "When Secretary Chertoff says we are trying to identify people who were in safe houses in Iraq with terrorists, that is a very small part of the story," Mr. Rotenberg says. "The technology used to identify a terrorist in a safe house in Iraq is the exact same technology that can be used to identify a war protester in a Quaker meeting house in southern Florida." Last year, the Department of Homeland Security (DHS) announced the completion of a database system that collects electronic fingerprints of both the index and middle fingers of every noncitizen entering the US. The system now documents 64 million travelers. The Homeland Security database is being linked with the FBI's database of more than 40 million subjects. The effort prevented 1,300 convicted criminals and immigration law violators from entering the US, and blocked 1,000 others from gaining visas, according to Mr. Chertoff. Now, Homeland Security is upgrading from a two-finger to a 10-finger system. In effect, it requires foreign visitors to submit to the kind of extensive fingerprinting usually reserved for criminals. But officials say that collecting all 10 prints ensures compatibility with the FBI database, and increases the investigative utility of the computerized system. "Ten prints allows us to run not only against the database of known felons or known terrorists where we have fingerprints linked to a particular name, it lets us run against the databases we are collecting for latent fingerprints that are picked up in battlefields or safe houses or training camps all over the world," Chertoff said. An unidentified latent print from a known terror safe house could provide an early warning by triggering an investigation if it matches someone trying to gain entry into the US, officials say. Privacy advocates say the system is being presented to the American public and Congress as an antiterrorism tool. But they warn it could vastly increase the government's ability to track and investigate US citizens. "It makes it sound as though this will have a limited purpose - terrorism, and a limited scope - non-Americans, but the reality is that the system is not going to be so limited," says Lee Tien of the Electronic Frontier Foundation based in San Francisco. "They will be using it for every kind of law enforcement there is. They will be collecting fingerprints on Americans, and it will be used for every general purpose." Fingerprinting part of ID science Fingerprinting is a subset of a rapidly developing area of identification science called biometrics. Researchers are studying how to identify individuals in a crowd by using computers to match unique facial characteristics to those same characteristics on a driver's license photo. The federal and state governments are assembling databases preserving the DNA of convicted criminals. And studies are underway to use eye scans to identify individuals. But by far the government's largest identifying database relates to fingerprints, and it may soon grow larger. In 2005, Congress passed the Real ID Act, which instructs DHS to develop a single standard for all state-issued driver's licenses and identification cards. The ID is expected to include a biometric identifier. Many experts say the most likely candidate will be a fingerprint. If adopted, that action would create for the first time a government database of fingerprints of virtually every adult American citizen. "This could come home to Americans very, very quickly," Rotenberg says. Privacy advocates say they are hopeful that the new Democratic Congress will exert an aggressive oversight posture and study the implications of the fingerprint program before it is in place. An Oregon lawyer and his fingerprints They point to the case of Oregon lawyer Brandon Mayfield. The case began in mid-March 2004, shortly after terrorist bombs ripped through commuter trains in Madrid, Spain, killing 191 people and injuring 1,400. After the attacks, Spanish authorities found fingerprints on a plastic bag with detonators. The FBI ran the prints through its computer system and found no matches, but identified several close nonmatches. Mr. Mayfield was the fourth of 20 close nonmatches. Three FBI fingerprint examiners studied the Madrid fingerprint, and concluded that it had been made by Mayfield. Mayfield's print was in the FBI's database because he had served in the armed forces and had earlier been charged with a crime. FBI investigators learned that Mayfield had converted to Islam and had married an Egyptian immigrant. He also had served as the attorney in a custody case for a man who was convicted of conspiring to aid the Taliban and Al Qaeda. Justice Department officials say this information was unknown to the three examiners when they matched Mayfield's print to the Madrid bombing. Spanish officials had their doubts about the match. They rejected the FBI's conclusion and continued to investigate. The FBI dismissed the skepticism of Spanish authorities. One official in the investigation wrote: "I spoke with the lab this morning and they are absolutely confident that they have a match on the print. No doubt about it!!!! They will testify in any court you swear them into." The FBI began surveilling Mayfield and his family, including covertly entering his home and office. Mayfield was arrested and held in prison for two weeks. Concerned about the possibility of a mistake, a federal judge ordered an independent analysis of the fingerprint. That analyst also concluded that the print belonged to Mayfield. Two million dollar settlement That same day, Spanish authorities identified an Algerian man as the real source of the fingerprint. Eventually, the FBI retracted its earlier conclusion. Last month the Justice Department agreed to pay Mayfield a $2 million settlement and issued a formal apology. The Justice Department Inspector General's review of the case earlier this year warned about using a large database like the FBI's. "The enormous size of the (FBI) database and the power of the ... program can find a confusingly similar candidate print," the report says. Mayfield says he was singled out because of his Muslim faith. The Justice Department concluded that the fingerprint examiners were not aware that Mayfield was a Muslim with a connection to a convicted Al Qaeda supporter when they made the initial match. But later the examiners became aware of those facts, contributing to the FBI's reluctance to investigate whether they had fingered an innocent man, according to the Justice Department review. Asked about the Mayfield case after his Nov. 30 speech, Chertoff acknowledged that mistakes had been made. But he added that mistakes are made in the criminal justice system, and no one suggests repealing the criminal code. "We should make our techniques better but we shouldn't throw the whole process out because there are inevitable mistakes," he said. From rforno at infowarrior.org Wed Dec 27 13:40:28 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Dec 2006 13:40:28 -0500 Subject: [Infowarrior] - Sprint v Verizon wireless broadband Message-ID: Anyone have any experience with Sprint Mobile Broadband? I've been using Verizon's EVDO for 3 years, but if Sprint's coverage is good and the speed comparable -- but for $20 less per month, I'd make the switch. Comments invited......thx in advance -rf From rforno at infowarrior.org Wed Dec 27 21:51:29 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Dec 2006 21:51:29 -0500 Subject: [Infowarrior] - Fatal teen car crash? Blame PS, Xboxes Message-ID: So how can we explain fatal car accidents before Playstations and X-Boxes were invented? I thought "feeling bulletproof" was a genetic predisposition for human beings as they reached puberty.... -rf http://www.nzherald.co.nz/section/1/story.cfm?c_id=1&objectid=10416824 < - > "Three Auckland teenagers were killed when the vehicle they were in crashed off the Northwestern Motorway in Auckland during a high-speed police pursuit on Christmas Eve. National's transport spokesman Maurice Williamson says today's young people think they are bullet-proof. He blames Playstations and X-boxes for making teens think they can drive stupidly and just push the reset button if anything goes wrong." From rforno at infowarrior.org Wed Dec 27 22:12:51 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Dec 2006 22:12:51 -0500 Subject: [Infowarrior] - Contractor's Handguns Missing From Homeland Security Vault Message-ID: Contractor's Handguns Missing From Homeland Security Vault Wednesday, December 27, 2006; A02 http://www.washingtonpost.com/wp-dyn/content/article/2006/12/26/AR2006122600 844_pf.html The Department of Homeland Security said yesterday that it is investigating how four handguns recently went missing from its headquarters in Northwest Washington. Jarrod Agen, a department spokesman, said the guns belonged to Paragon Systems of Chantilly, which provides security for the department's facility on Nebraska Avenue NW. "DHS is investigating the report," Agen said. "Paragon guns do not belong to DHS nor are they under the control of DHS." A person familiar with the investigation and who requested anonymity while the probe is underway said four .40-caliber handguns vanished about two weeks ago from a vault where Paragon security officers store their weapons. Attempts to reach Paragon officials for comment yesterday afternoon and evening were unsuccessful. -- Allan Lengel From rforno at infowarrior.org Wed Dec 27 22:17:05 2006 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Dec 2006 22:17:05 -0500 Subject: [Infowarrior] - 2006 Foot-in-Mouth Awards Message-ID: 2006 Foot-in-Mouth Awards >From Wired, December 26, 2006 By Tony Long Welcome to Wired News? 2006 Foot-in-Mouth Awards program. You, the readers, have sent us your picks for the lamest quotes from or about the world of technology during this eventful year. We have selected the ?best? of those and present them to you now. < - > http://www.wired.com/news/technology/0,72320-0.html From rforno at infowarrior.org Thu Dec 28 14:01:16 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Dec 2006 14:01:16 -0500 Subject: [Infowarrior] - USG to deploy full-disk encryption on all computers Message-ID: Federal Government to deploy Full Disk Encryption on all government owned computers. http://www.full-disk-encryption.net/fde_govt.html By Saqib Ali December 28,2006 To address the issue of data leaks from stolen or missing laptops, US Government is planning to use Full Disk Encryption (FDE) on all of the Government owned computers. On June 23, 2006 a Presidential Mandate was put in place requiring all agency laptops to fully encrypt data on the HDD. The US Government is currently conducting the largest single side-by-side comparison and competition for the selection of a Full Disk Encryption product. This implementation will end up being the largest single implementation ever, and all of the information regarding the competition is in the public domain. The selected product will be deployed on Millions of computers in the US federal government space. The evaluation will come to a end in 90 days. The list of vendors partipicating in this contest, requirements, and other related documents are available at: http://www.fbo.gov/spg/USAF/AFMC/ESC/FA8771-07-R-0001/Attachments.html Some of the popular FDE vendors participating in the Contest include Seagate, Mobile Armor, Pointsec, SafeNet, and Credant As with any other encryption product being used by Federal Government, the selected FDE product must have FIP 140-2 certification. Currently Pointsec and Utimaco hold this certification for the software based FDE solutions. Full disk encryption (or whole disk encryption) is a kind of disk encryption (software or hardware) which encrypts every bit of data that goes on a disk. The term "full disk encryption" is often used to signify that everything on a disk including the operating system is encrypted. There are also programs capable of encrypting an entire disk fully but cannot directly encrypt the system partition or boot partition of the operating system (e.g. TrueCrypt, which can fully encrypt, for example, an entire secondary hard disk). Full disk encryption has several benefits compared to regular file or folder encryption, or encrypted vaults. The following are some benefits of full disk encryption: 1. Everything including the swap space and the temporary files are encrypted. Encrypting these files is important, as they can reveal important confidential data. 2. With full disk encryption, the decision of which files to encrypt is not left up to users. 3. Support for pre-boot authentication. In the light of recent laptops theft and data security breaches, large corporations and government institutions are looking at various Full Disc Encryption (FDE) solution to protect their confidential data on mobile devices. From rforno at infowarrior.org Thu Dec 28 14:17:19 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Dec 2006 14:17:19 -0500 Subject: [Infowarrior] - Poll: Pre-teens own Congress on Net expertise Message-ID: Poll: Pre-teens own Congress on Net expertise 12/28/2006 11:42:27 AM, by Ken Fisher http://arstechnica.com/news.ars/post/20061228-8512.html A new poll by Zogby International and 463 Communications examines how Americans feel about the Internet and its place in American life. The results simultaneously underscore the importance ascribed to the Internet while also highlighting how little faith Americans have in the government's technical acumen. The nationwide poll was conducted via telephone with 1,203 adults at the beginning of this month, and carries a margin of error of +/- 2.9 percentage points. On the importance of the Internet, one-third of respondents said that they believe that the Internet is a greater invention than the printing press, and two thirds said that within 10 years, there will not be a location on earth from which it will be impossible to access it. They've obviously never been to West Virginia! Perhaps more interesting, a whopping 83 percent of respondents said that they believe that the average 12 year old knows more about the Internet than do members of Congress. The view is apparently non-partisan, with 86 percent of Democrats and 85 percent of Republicans placing their bets on the kids. The only groups with a significant difference of opinion were those of retirement age (75 percent backed the kids?a slight dip), and "Asians." The latter group said that members of Congress have the know-how, to the tune of 67 percent. Notably, the study attempted to replicate the ethnic make-up of the United States, and as such, there were not enough Asian respondents in the total group to make that category statistically sound, according to Zogby. The poll also found that many Americans are expecting the "next Bill Gates" to hail from somewhere other than the United States. 21 percent of respondents thought that the US would be home to the next technology leader, with 22 percent choosing Japan and 27 percent choosing China. Countries placing below the United States were India (13 percent) and Russia (2 percent), with 14 percent unsure. I can't help but think of my high school years, when the advice du jour was to learn Russian. These days it's Chinese getting all the love, but I digress. Citizen news video warming, but not hot Despite all of this forward-looking thinking, respondents were mostly pleased with traditional news coverage, with 70 percent saying that they would rather watch an evening news report than a "citizen video of a news event" (that news, news "vlogging"), which was picked by only 20 percent. Curiously, these numbers showed interesting fluctuations among different groups. Clearly the young exhibit more interest than the old in "vlogging," and this isn't that surprising. One of four people aged 18-49 indicated that they would rather watch citizen video, while one-in-six aged 50-64 chose that same option. One in ten retirement-age respondents said they would opt for citizen video. When looked at through the lens of education, it appears that the more education one has, the more likely they are to be open to citizen video. Respondents having completed college picked citizen video 27 percent of the time, compared to 14 percent for those with high school diplomas. Even those with "some college" were markedly more interested, at 24%. What's it all mean? I must say that I find it surprising how doubtful all Americans seem to be regarding their leadership's technical acumen. Among technologists, of course, this is to be expected, but if Joe Americana also feels this way, then it's quite distressing considering that Joe and pals are also helping to re-elect these people. The only logical conclusion is that Joe and friends consider the Internet (and other technical matters) to be rather minor compared to other issues, but then doesn't this really urge us to consider how we can get enough technical expertise on the Hill to properly evaluate technology issues? Clearly if one-third of respondents believe that the Internet is as great an invention as the printing press, then it's an issue that should be important to the populace. Early next week Nate will have a report on 2007's technology leadership in Congress, and the results are quite alarming, really. Stay tuned. From rforno at infowarrior.org Thu Dec 28 14:47:00 2006 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Dec 2006 14:47:00 -0500 Subject: [Infowarrior] - Spam Works: Evidence from Stock Touts and Corresponding Market Activity Message-ID: (c/o DG) Spam Works: Evidence from Stock Touts and Corresponding Market Activity LAURA FRIEDER Purdue University - Krannert School of Management JONATHAN ZITTRAIN University of Oxford - Oxford Internet Institute; Harvard Law School; University of Oxford - Faculty of Law December 16, 2006 Harvard Public Law Working Paper No. 135 Oxford Legal Studies Research Paper No. 43/2006 Berkman Center Research Publication No. 2006-11 http://papers.ssrn.com/sol3/papers.cfm?abstract_id=920553 Abstract: We assess the impact of spam that touts stocks upon the trading activity of those stocks and sketch how profitable such spamming might be for spammers and how harmful it is to those who heed advice in stock-touting e-mails. We suggest that the effectiveness of spammed stock touting calls into question prevailing models of securities regulation that rely principally on the proper labeling of information and disclosure of conflicts of interest to protect consumers, and we propose several regulatory and industry interventions. Based on a large sample of touted stocks listed on the Pink Sheets quotation system, we find that stocks experience a significantly positive return on days prior to heavy touting via spam. Volume of trading responds positively and significantly to heavy touting. For a stock that is touted at some point during our sample period, the probability of it being the most actively traded stock in our sample jumps from 4% on a day when there is no touting activity to 70% on a day when there is touting activity. Returns in the days following touting are significantly negative. The evidence accords with a hypothesis that spammers ?buy low and spam high,? purchasing penny stocks with comparatively low liquidity, then touting them - perhaps immediately after an independently occurring upward tick in price, or after having caused the uptick themselves by engaging in preparatory purchasing - in order to increase or maintain trading activity and price enough to unload their positions at a profit. Selling by the spammer then results in negative returns following touting. Before brokerage fees, the average investor who buys a stock on the day it is most heavily touted and sells it 2 days after the touting ends will lose approximately 5.5%. For the top half of most thoroughly touted stocks, a spammer who buys at the ask price on the day before unleashing touts and sells at the bid price on the day his or her touting is the heaviest will, on average, earn 5.79%. Keywords: spam, stock, tout, markets, e-mail, Internet, cyberlaw, SEC, unsolicited, commercial, manipulation, timing, consumer protection JEL Classifications: C80, C81, D18, D52, D8, G1, G12, G14, G18, G28, L1 Working Paper Series http://papers.ssrn.com/sol3/papers.cfm?abstract_id=920553 From rforno at infowarrior.org Fri Dec 29 09:05:02 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Dec 2006 09:05:02 -0500 Subject: [Infowarrior] - Companies probe possible high-def DVD hack Message-ID: Companies probe possible high-def DVD hack Hacker posts details of how he unlocked the encryption that prevents high-definition discs from illegal copying. By Reuters Published: December 28, 2006, 7:55 PM PST http://news.com.com/Companies+probe+possible+high-def+DVD+hack/2100-1029_3-6 146267.html?tag=nefd.top The companies behind an encryption system for high-definition DVDs are looking into a hacker's claim that he has cracked the code protecting the new discs from piracy, a spokesman for one of the companies said Thursday. A hacker known as Muslix64 posted on the Internet details of how he unlocked the encryption, known as the Advanced Access Content System, which prevents high-definition discs from illegal copying by restricting which devices can play them. The AACS system was developed by companies including Walt Disney, Intel, Microsoft, Toshiba and Sony to protect high-definition formats, including Toshiba's HD DVD and Sony's Blu-ray. Muslix64 posted a video and decryption codes showing how to copy several films, including Warner Bros' Full Metal Jacket and Universal Studios' Van Helsing, on a popular hacker Internet blog and a video-sharing site. The hacker also promised to post more source code on Tuesday that will allow users to copy a wider range of titles. A spokesman for one of the AACS companies, who declined to have the company identified, said they were aware of it and were looking into the claims, but would not elaborate. The vulnerability could pose a threat to movie studios looking for ways to boost revenue as sales of standard-format DVDs flatten. In 2005, U.S. DVD sales generated some $24 billion for the movie industry. If the encryption code has been cracked, then any high-definition DVD released up to now can be illegally copied using the Muslix64 "key," according to technology experts. Jeff Moss, organizer of Defcon, the world's largest hacking convention, said in an interview that Muslix64 appears to have found a real breach in the encryption system. "Everybody is talking like it worked, and apparently it's not that hard," said Moss, whose annual convention draws thousands of security researchers, government workers and hackers. "This will be the first trial run of how this (AACS) is going to work whenever a compromised player comes out." Adrian Kingsley-Hughes, a U.K.-based technology expert and author of Internet blog PC Doctor, wrote in a Thursday posting on technology site ZDNet.com that Muslix64's source code "seems genuine enough." He said the hack would not necessarily make much of a difference in the battle for supremacy between the new HD DVD and Blu-ray formats. "What's interesting here is that while this hack might give HD DVD a temporary advantage amongst enthusiasts who want to backup discs...in the long run it won't give either format an advantage because both HD DVD and Blu-ray use the now cracked AACS," he wrote. Story Copyright ? 2006 Reuters Limited. All rights reserved. From rforno at infowarrior.org Fri Dec 29 22:45:35 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Dec 2006 22:45:35 -0500 Subject: [Infowarrior] - AT&T Completes BellSouth Takeover After 4-0 FCC Vote (Update2) Message-ID: AT&T Completes BellSouth Takeover After 4-0 FCC Vote (Update2) http://www.bloomberg.com/apps/news?pid=20601087&sid=a6kTkXvAtGqY&refer=home By Christopher Stern and Molly Peterson Dec. 29 (Bloomberg) -- AT&T completed its $86 billion purchase of BellSouth Corp. after federal regulators cleared the way for the U.S. telephone industry's biggest takeover ever. The 4-0 vote today by the U.S. Federal Communications Commission followed AT&T's offer of concessions to appease the agency's two Democrats, who held up the deal. Those included a pledge to offer low-cost Internet service and a promise to provide companies such as Google Inc. equal network access. The acquisition cements AT&T's position as the dominant U.S. supplier of local, long-distance and wireless phone service, as well as the second-largest provider of fast Internet access. San Antonio-based AT&T will serve more than 35 million residential customers in 22 states and gain full ownership of Cingular Wireless LLC. ``You're reassembling the old AT&T in 22 states,'' said Earl Comstock, chief executive officer of Comptel, a Washington- based group that represents competing phone companies. While praising the commissioners who pushed for concessions, he questioned whether they go far enough. Shares of AT&T advanced 25 cents to $35.75 at 4 p.m. in New York Stock Exchange composite trading to their highest level in more than four years. Atlanta-based BellSouth rose 31 cents to $47.11 and have gained 74 percent this year. FCC approval came less than 24 hours after AT&T agreed to conditions including price cuts for large businesses and the divestiture of airwaves that can be used for wireless broadband Internet service. The conditions expire in two to four years. `Historic Merger' ``We got more concessions to protect consumers than anybody thought possible when this got started,'' FCC Commissioner Jonathan Adelstein, one of the agency's two Democrats, said today in an interview. ``It's a historic merger, and it needed the historic conditions that we were able to attach.'' FCC Chairman Kevin Martin, along with his Republican colleague Deborah Taylor Tate, issued their own statement after the vote, highlighting the differences on the commission. ``Some of the conditions impose burdens that have nothing to do with the transaction, are discriminatory, and run contrary to commission policy and precedent,'' Martin and Tate wrote. The concessions ended a three-month stalemate between Martin, Tate and the panel's Democrats, Adelstein and Michael Copps, who demanded price controls and the other restrictions. New Proposals AT&T's proposals went beyond ones offered in October and underscored the company's drive to extend its dominance in traditional and wireless phone service. AT&T also promised to repatriate 3,000 BellSouth jobs now outside the U.S. and pledged 200 jobs for New Orleans. BellSouth is the dominant local phone company in nine southern states, providing AT&T with broader reach not only for its wireline and wireless phone businesses but also for the fledgling U-verse television service that is designed to compete with cable TV companies. AT&T said today advertising to adopt the AT&T name for BellSouth would begin in days and the company plans a similar transition for Cingular next year. Adelstein and Copps gained leverage in seeking tougher conditions after the fifth commissioner, Republican Robert McDowell, said he would abstain from voting because of his past work as a lobbyist for smaller phone companies. Under terms of the deal, AT&T agreed to cap prices on large capacity telecommunications lines that provide phone and data services for large businesses for four years. In addition, the company agreed to cut prices on some lines that had been deregulated during the late 1990s. Divestitures AT&T also will divest some wireless licenses in BellSouth's nine-state region. The licenses cover airwaves suitable for high-speed Internet access. Atlanta-based Cingular, co-owned by AT&T and BellSouth, is the biggest U.S. mobile services company. The purchase caps a 17-year spending spree that led AT&T Chief Executive Officer Ed Whitacre, 65, to the top of the U.S. telephone industry. As head of the former SBC Communications, Whitacre ran the smallest of the seven local-phone companies or Baby Bells created from the 1984 breakup of AT&T. Along the way, SBC purchased Pacific Telesis Group for $16.5 billion in 1997, and a year ago acquired AT&T Corp., the largest U.S. long-distance service, also for $16.5 billion. Whitacre renamed his company AT&T Inc. With today's takeover, three of the seven local phone companies remain: AT&T, Verizon Communications Inc. and Qwest Communications International Inc. `Network Neutrality' In a bow to backers of ``network neutrality,'' AT&T agreed to refrain from charging companies such as Google premium fees for faster subscriber access. Neutrality supporters have urged Congress not to let phone companies charge higher fees for faster service, which they liken to tolls on the Internet. The transaction won unconditional approval from the Justice Department and 18 states. AT&T's 5.1 percent notes maturing in September 2014 fell 0.67 cent to 96.70 cents on the dollar today to yield 5.63 percent, according to Trace, the bond reporting system of the NASD. BellSouth's 5.2 percent notes due in September 2014 rose 2.09 cents to 99.30 cents to yield 5.31 percent. The cost of credit-default swaps based on $10 million of AT&T debt was little changed at $8,280 today, according to prices compiled by Bloomberg. The price is down from as high as $40,000 in January. The contracts are financial instruments based on corporate bonds and loans that are used to speculate on a company's ability to repay debt. A decrease indicates improving credit quality. BellSouth investors will get 1.325 AT&T shares for each they now own, representing an 18 percent premium based on the companies' stock prices on March 3, the last trading day before the deal was announced. While that put the value of the acquisition at about $67 billion, AT&T shares have risen 28 percent since then. To contact the reporters on this story: Christopher Stern in Washington at Cstern3 at bloomberg.net ; Molly Peterson in Washington at mpeterson9 at bloomberg.net Last Updated: December 29, 2006 19:34 EST From rforno at infowarrior.org Fri Dec 29 22:48:04 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Dec 2006 22:48:04 -0500 Subject: [Infowarrior] - Dave Zweifel: New book reveals censorship's perils Message-ID: Dave Zweifel: New book reveals censorship's perils By Dave Zweifel, Dec. 27, 2006 http://www.madison.com/tct/opinion/column/index.php?ntid=112653&ntpid=1 An edition of the Chicago Sun-Times last week had a story tucked away inside the paper that underscored just how damaging secrecy in a democratic society can be. The story was about the late George Weller, a Pulitzer Prize-winning reporter for the old Chicago Daily News, who sneaked into Nagasaki, Japan, about a month after we dropped the second atomic bomb on that country in August 1945. Weller posed as an Army colonel to get into the ruined city, where he interviewed U.S. and other Allied soldiers who had been liberated from POW camps. He then wrote a series of articles about the strange and devastating disease known as "Disease X," which was actually radiation sickness afflicting those who had survived the bomb. But none of Weller's stories made print. In the name of national security, Gen. Douglas MacArthur's staff censored every one of the articles he had written. Weller, however, saved copies of the series, and after he died in 2002 at the age of 95, his son Anthony found them in an old mildewed wooden crate. He is now publishing them in a book called "First Into Nagasaki," due out this week. A researcher at Cornell University told the paper that had the articles gotten past MacArthur's censors, they would have helped alert the American public early on to the horrors of the atomic bomb and perhaps slowed the rush to build the nuclear arsenals that plague the world today. Instead, people throughout the world lived under the delusion that they could actually survive an atomic bomb. As a kid who grew up after the war, I remember how we'd have periodic drills jumping under our school desks to practice what we'd do if the Soviet Union was on its way with atomic bombs. During the '50s, Americans everywhere built extensive bomb shelters in their back yards as if they could emerge and resume a normal life. Weller's accounts 61 years too late showed that not only does an atomic bomb create unfathomable destruction, the radiation it spills in the atmosphere causes horrific sickness and a slow death to those exposed to it long after it has exploded. We know that now, but now atomic bombs are virtually everywhere. The world could have known this soon after the first bombs were dropped and maybe just maybe it might have led to saner decisions in the development of atomic, then nuclear, weaponry. But government censorship, by the freest country in the world, stopped that from happening. Dave Zweifel is the editor of The Capital Times. E-mail: dzweifel at madison.com Published: December 27, 2006 From rforno at infowarrior.org Fri Dec 29 23:02:50 2006 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Dec 2006 23:02:50 -0500 Subject: [Infowarrior] - 'Iris scan' database of children forms Message-ID: Safety project focuses on Isle eyes Technology can identify missing children, elderly By HARVEY RICE Copyright 2006 Houston Chronicle http://chron.com/disp/story.mpl/front/4432083.html GALVESTON ? Technology developed to keep track of prisoners by scanning their irises became available Thursday to identify missing children or elderly people afflicted with Alzheimer's disease in Galveston County. The Galveston County Sheriff's Department is the first sheriff's department in Texas and the 47th nationwide to join the Children's Identification Database, or CHILD Project. The addition of Galveston County is part of an effort to image the irises of 5 million children into a nationwide database over the next few years, said Robert Melley, vice president and CEO of Biometric Intelligence & Identification. "We have 1,800 sheriff's departments representing 46 states who have committed to participating," Melley said. So far, the CHILD Project is in 26 states after more than 18 months, said Biometric President Sean Mullin. Children with an iris scan in the national database cannot be identified unless they are in a county that has the CHILD Project equipment, he said. The system can scan an eye and match an iris in 3 to 5 seconds after comparing it with stored images in a national database, Mullin said. Mullin and Galveston County Sheriff Gean Leonard appeared together at a news conference at the Galveston County Justice Center to explain how the technology will assist in identifying missing children. "We hope others will follow our lead in Texas," Leonard said in announcing the department's participation. The National Center for Missing and Exploited Children estimates that, on average, more than 2,000 children are reported missing every day across the nation. Leonard said he hopes eventually to scan the irises of all 71,000 in the county. He hoped that groups such as parent-teacher organizations, churches and senior care centers would invite his officers to events where scans can be made. To be scanned, a child sits in front of a portable scanner. The portable system is in a black plastic box about the size of a briefcase. When opened, a spherical camera sits on top of the lid and a second camera with a wide, horizontal lens pops up to eye level. The box is connected to a laptop computer where a name, phone number and address are entered. A voice from the machine directs the child to move his or her head forward, back or to the side, as needed. The lower camera senses when the head is in the proper position and automatically takes four photos of the iris while the upper camera takes one of the face. A missing child who is found sits in front of the camera, which scans the iris and flashes the face shot and contact information on screen in seconds if it is matched to the database. Mullin said an iris has 235 identifying characteristics ? flecks and spots ? that are unchanging after the age of 1. Kevin O'Reilly, spokesman for Mullin's company, said there was one chance in about 200 million of an incorrect match. Biometric chose Galveston County after interviewing officials in several other Texas sheriff's departments, including Harris County, because of Leonard's enthusiasm and the county's demographics, Mullin said As a tourist center, the county is a destination for runaways and has a large population of senior citizens, he said. "I'd like to make sure that Sheriff Leonard is doing a great job, then we'll talk to Harris County," Mullin said. Leonard said the $35,000 cost of two imaging machines would come from private donations. He said a Texas City company has donated $5,000 and he met with several other potential donors at lunch. The first machine cost $25,000 and each new machine costs an additional $10,000, Leonard said. He said he hoped that the police departments in the county eventually would acquire their own equipment. Eventually, Leonard wants to buy a separate system for the county jail to use during bookings. The system would prevent the wrong prisoner from being released, he said. Mullin said a similar system has been used in prisons for about seven years. He adapted it for use in the CHILD Project at the request of sheriffs in Massachusetts and Las Vegas, he said. Leonard acknowledged that some parents might see the iris scans as an invasion of privacy but said he is certain doubters could be won over. O'Reilly said the CHILD Project overcame privacy objections by programming the database to remove an iris scan automatically once a child turns 18, unless he or she is still listed as missing. He also said that only enough information to find the parents, or the family in the case of an elderly person, would be entered. Personal information, such as Social Security numbers, would not be used, he said. harvey.rice at chron.com From rforno at infowarrior.org Sun Dec 31 11:15:02 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 31 Dec 2006 11:15:02 -0500 Subject: [Infowarrior] - The 10 most outrageous civil liberties violations of 2006. Message-ID: The Bill of Wrongs The 10 most outrageous civil liberties violations of 2006. By Dahlia Lithwick Posted Saturday, Dec. 30, 2006, at 6:30 AM ET http://www.slate.com/id/2156397/ I love those year-end roundups?ubiquitous annual lists of greatest films and albums and lip glosses and tractors. It's reassuring that all human information can be wrestled into bundles of 10. In that spirit, Slate proudly presents, the top 10 civil liberties nightmares of the year: 10. Attempt to Get Death Penalty for Zacarias Moussaoui Long after it was clear the hapless Frenchman was neither the "20th hijacker" nor a key plotter in the attacks of 9/11, the government pressed to execute him as a "conspirator" in those attacks. Moussaoui's alleged participation? By failing to confess to what he may have known about the plot, which may have led the government to disrupt it, Moussaoui directly caused the deaths of thousands of people. This massive overreading of the federal conspiracy laws would be laughable were the stakes not so high. Thankfully, a jury rejected the notion that Moussaoui could be executed for the crime of merely wishing there had been a real connection between himself and 9/11. 9. Guantanamo Bay It takes a licking but it keeps on ticking. After the Supreme Court struck down the military tribunals planned to try hundreds of detainees moldering on the base, and after the president agreed that it might be a good idea to close it down, the worst public relations fiasco since the Japanese internment camps lives on. Prisoners once deemed "among the most dangerous, best-trained, vicious killers on the face of the earth" are either quietly released (and usually set free) or still awaiting trial. The lucky 75 to be tried there will be cheered to hear that the Pentagon has just unveiled plans to build a $125 million legal complex for the hearings. The government has now officially put more thought into the design of Guantanamo's court bathrooms than the charges against its prisoners. 8. Slagging the Media Whether the Bush administration is reclassifying previously declassified documents, sidestepping the FOIA, threatening journalists for leaks on dubious legal grounds, or, most recently, using its subpoena power to try to wring secret documents from the ACLU, the administration has continued its "secrets at any price" campaign. Is this a constitutional crisis? Probably not. Annoying as hell? Definitely. 7. Slagging the Courts It starts with the president's complaints about "activist judges," and evolves to Congressional threats to appoint an inspector general to oversee federal judges. As public distrust of the bench is fueled, the stripping of courts' authority to hear whole classes of cases?most recently any habeas corpus claims from Guantanamo detainees?almost seems reasonable. Each tiny incursion into the independence of the judiciary seems justified. Until you realize that the courts are often the only places that will defend our shrinking civil liberties. This leads to ... 6. The State-Secrets Doctrine The Bush administration's insane argument in court is that judges should dismiss entire lawsuits over many of the outrages detailed on this very list. Why? Because the outrageously illegal things are themselves matters of top-secret national security. The administration has raised this claim in relation to its adventures in secret wiretapping and its fun with extraordinary rendition. A government privilege once used to sidestep civil claims has mushroomed into sweeping immunity for the administration's sometimes criminal behavior. 5. Government Snooping Take your pick. There's the NSA warrantless eavesdropping program wherein the president breezily authorized spying on the phone calls of innocent citizens, in violation of the Foreign Intelligence Surveillance Act. The FBI's TALON database shows the government has been spying on nonterrorist groups, including Quakers, People for the Ethical Treatment of Animals, and Veterans for Peace. The Patriot Act lives on. And that's just the stuff we know about. 4. Extraordinary Rendition So, when does it start to become ordinary rendition? This government program has us FedEx-ing unindicted terror suspects abroad for interrogation/torture. Khalid El-Masri, a German citizen, was shipped off to Afghanistan for such treatment and then released without charges, based on some government confusion about his name. Heh heh. Canadian citizen Maher Arar claims he was tortured in Syria for a year, released without charges, and cleared by a Canadian commission. Attempts to vindicate the rights of such men? You'd need to circle back to the state-secrets doctrine, above. 3. Abuse of Jose Padilla First, he was, according to then-Attorney General John Ashcroft, "exploring a plan to build and explode a radiological dispersion device, or 'dirty bomb,' in the United States." Then, he was planning to blow up apartments. Then he was just part of a vague terror conspiracy to commit jihad in Bosnia and Chechnya. Always, he was a U.S. citizen. After three and a half years, in which he was denied the most basic legal rights, it has now emerged that Padilla was either outright tortured or near-tortured. According to a recent motion, during Padilla's years of almost complete isolation, he was treated by the U.S. government to sensory and sleep deprivation, extreme cold, stress positions, threats of execution, and drugging with truth serum. Experts say he is too mentally damaged to stand trial. The Bush administration supported his motion for a mental competency assessment, in hopes that will help prevent his torture claims from ever coming to trial, or, as Yale Law School's inimitable Jack Balkin put it: "You can't believe Padilla when he says we tortured him because he's crazy from all the things we did to him." 2. The Military Commissions Act of 2006 This was the so-called compromise legislation that gave President Bush even more power than he initially had to detain and try so-called enemy combatants. He was generously handed the authority to define for himself the parameters of interrogation and torture and the responsibility to report upon it, since he'd been so good at that. What we allegedly did to Jose Padilla was once a dirty national secret. The MCA made it the law. 1. Hubris Whenever the courts push back against the administration's unsupportable constitutional ideas?ideas about "inherent powers" and a "unitary executive" or the silliness of the Geneva Conventions or the limitless sweep of presidential powers during wartime?the Bush response is to repeat the same chorus louder: Every detainee is the worst of the worst; every action taken is legal, necessary, and secret. No mistakes, no apologies. No nuance, no regrets. This legal and intellectual intractability can create the illusion that we are standing on the same constitutional ground we stood upon in 2001, even as that ground is sliding away under our feet. What outrage did I forget? Send mail to Dahlia.Lithwick at hotmail.com. (E-mail may be quoted by name unless otherwise stipulated.) Wishing you and yours a happy, and freer, New Year. A version of this piece appears in the Washington Post Outlook section. Dahlia Lithwick is a Slate senior editor. Article URL: http://www.slate.com/id/2156397/ Copyright 2006 Washingtonpost.Newsweek Interactive Co. LLC From rforno at infowarrior.org Sun Dec 31 11:20:47 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 31 Dec 2006 11:20:47 -0500 Subject: [Infowarrior] - Localities Operate Intelligence Centers To Pool Terror Data Message-ID: Localities Operate Intelligence Centers To Pool Terror Data 'Fusion' Facilities Raise Privacy Worries As Wide Range of Information Is Collected http://www.washingtonpost.com/wp-dyn/content/article/2006/12/30/AR2006123000 238_pf.html By Mary Beth Sheridan and Spencer S. Hsu Washington Post Staff Writers Sunday, December 31, 2006; A03 Frustrated by poor federal cooperation, U.S. states and cities are building their own network of intelligence centers led by police to help detect and disrupt terrorist plots. The new "fusion centers" are now operating in 37 states, including Virginia and Maryland, and another covers the Washington area, according to the Department of Homeland Security. The centers, which have received $380 million in federal support since the 2001 terrorist attacks, pool and analyze information from local, state and federal law enforcement officials. The emerging "network of networks" marks a new era of opportunity for law enforcement, according to U.S. officials and homeland security experts. Police are hungry for federal intelligence in an age of homegrown terrorism and more sophisticated crime. For their part, federal law enforcement officials could benefit from a potential army of tipsters -- the 700,000 local and state police officers across the country, as well as private security guards and others being courted by the centers. But the emerging model of "intelligence-led policing" faces risks on all sides. The centers are popping up with little federal leadership and training, raising fears of overzealousness such as that associated with police "red squads" that spied on civil rights and peace activists decades ago. The centers also face practical obstacles that could limit their effectiveness, including a shortage of money, skilled analysts, and proven relationships with the FBI and Homeland Security. Still, the centers are emerging as a key element in a sometimes chaotic new domestic intelligence infrastructure, which also includes homeland security units in local police forces and 103 FBI-led terrorism task forces, triple the number that existed before the Sept. 11 attacks. Fusion centers are becoming "part of the landscape for local government," said the incoming D.C. police chief, Cathy Lanier. But she warned that police are navigating a new patchwork of state and federal privacy laws that govern the sharing, collection and storage of information. "We're in a very precarious position right now," she said. "If we lose community support, that is going to be a big deal for local law enforcement." Traditionally, police had little to do with counterterrorism. But after the 2001 attacks, it became obvious that al-Qaeda members had been preparing not only in far-off Afghan training camps but also in places such as a Gold's Gym in Greenbelt and flight schools in Florida. An unwitting Maryland state trooper stopped one of the future hijackers for speeding on Interstate 95. "Police officers, deputies and troopers . . . they're going to be the ones that encounter a lot of these [suspicious] things on the road," said Virginia State Police Sgt. Lee Miller, who oversees the state's year-old fusion center in Richmond. "What we're trying to do is provide them the information they need to identify these different things." The fusion centers range from small conference facilities to high-tech nerve centers with expensive communications networks. Some do investigations, while others focus on information-sharing -- passing tips to the FBI and scanning federal intelligence for developments of interest to local departments. Some have explored the use of controversial data-mining software in keeping with their respective state laws. Maryland's three-year-old fusion center outside Baltimore offers a glimpse of the new intelligence world. Hidden behind a bolted door with no nameplate in a quiet office park, the Maryland Coordination and Analysis Center houses members of 23 local, state and federal agencies. Harvey Eisenberg, an assistant U.S. attorney who helps oversee the center, said police and other government employees are being trained to phone its 24-hour "watch section" when they spot suspicious activity. Calls to the terrorism hotline advertised on the Capital Beltway (800-492-TIPS) are also answered by officers in the watch section. "You need to educate cops, firefighters, health officials, transportation officials, sanitation workers, to understand the nature of the threat," Eisenberg said. "And not to become super-spies. . . . Constitutionally, they see something, they can report it." Officials say an incident on the Chesapeake Bay Bridge in 2004 shows the center's effectiveness. State transportation police stopped an SUV after a veiled passenger was seen videotaping the bridge in a suspicious manner. The officers called the fusion center, which discovered that the driver was an unindicted co-conspirator in a Chicago case involving Hamas, a U.S.-designated terrorist group. Eisenberg contacted a prosecutor in Chicago, who quickly obtained an arrest warrant for the driver as a material witness in the Hamas case. "The 9/11 commission's major criticism was that people didn't talk to each other," said Dennis R. Schrader, Maryland's director of homeland security. "Well, this is an example of how you had state, local and federal all working together. . . . It's really pretty unbelievable." To some, though, the incident raised questions about what constitutes dangerous behavior. The driver, Ismail Elbarasse, a U.S. citizen of Palestinian origin living in Annandale, was quickly released on bond, and the material-witness warrant eventually expired. He was not charged with a crime. His family said the veiled woman, Elbarasse's wife, was simply taping the bay while returning from the beach. "It was regarded in the community as just a case of overreaction to seeing somebody in a head scarf videotaping," said Ibrahim Hooper of the Council on American-Islamic Relations. Civil liberties advocates worry that the fledgling fusion centers could stray into monitoring people engaged in lawful activities, as some members of new police homeland security units have done. A Georgia homeland security officer, for example, was discovered photographing a protest by vegans at a HoneyBaked Ham store in 2003. Privacy advocates are also concerned about the vast amount of information some fusion centers collect -- and the sometimes vague limits on its use and storage. "In Phoenix, we're talking about something like 250,000 police reports a year: names, addresses, contact information, business cards, tickets, all the kinds of information that is gathered and that can be of tremendous value at a national analytical level," said John L. Buchanan, Phoenix assistant police chief. He added, however, that "we've really got to be cognizant of the risk" of abuse. "Fusion center" is a military coinage embraced by civilian homeland security authorities after Sept. 11, 2001. But turf fights involving the FBI, the Department of Homeland Security and national intelligence agencies, as well as local jurisdictions, have delayed the centers' development two years after Congress passed laws to change intelligence. To streamline the unwieldy domestic intelligence structure, White House homeland security adviser Frances Fragos Townsend laid out a new U.S. road map for intelligence collection on Nov. 27. It urges that fusion centers be incorporated in a national Information Sharing Environment (ISE). To support the centers' growing role, and to address complaints from states that they cannot pay for them alone, the White House is debating whether to increase funding for them in 2008 and to lift a ban on paying for personnel. Federal officials emphasize that the centers will be led from the grass roots. Charles E. Allen, chief intelligence officer for the Homeland Security Department, said the centers will be "all hazards, all crime, all threats," targeted not just at terrorism but also at transnational gangs, immigrant smuggling and other threats. Thomas E. McNamara, ISE manager under the director of national intelligence, said the centers will be state-driven and "primarily analytical." Amid such assurances, it remains unclear just how much fusing of information is going on day to day. Existing efforts are insufficient and to blame for "mixed and at times competing messages" from U.S. officials and limited contributions from state and local leaders, Townsend wrote. For example, New York City leaders warned of "a specific threat" to the city's transit systems in October 2005, which federal officials simultaneously deemed "noncredible." Meanwhile, U.S. officials say information flowing from local and state agencies is often of limited use. An April report by the National Governors Association found that dissatisfaction with federal information-sharing was growing among state homeland security directors, with 60 percent unhappy about the specificity of intelligence. In congressional hearings, state officials have complained about a lack of federal security clearances and about overlapping, outdated intelligence databases. In response, U.S. officials are vowing to speed background checks and to send Homeland Security intelligence officers to work at 18 state and local fusion centers in 2007 and 35 by 2008. Rep. Bennie Thompson (D-Miss.), incoming chairman of the House Homeland Security Committee, would go further. He proposed a new law enforcement assistance program to make intelligence-led policing the 21st-century version of community-oriented policing, into which the federal government has poured $11.3 billion since 1994 to pay for 120,000 local officers. "The federal government is not reaching out well enough to the intelligence needs of the cop on the beat," Thompson said. "We shouldn't need more blood spilled before we take action necessary to make Americans safer." Staff researcher Julie Tate contributed to this report. From rforno at infowarrior.org Sun Dec 31 20:47:22 2006 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 31 Dec 2006 20:47:22 -0500 Subject: [Infowarrior] - US 'licence to snoop' on British air travellers Message-ID: US 'licence to snoop' on British air travellers By David Millward, Transport Correspondent Last Updated: 1:35am GMT 01/01/2007 http://www.telegraph.co.uk/news/main.jhtml;jsessionid=VL4HVZGOUZETRQFIQMFCFF OAVCBQYIV0?xml=/news/2007/01/01/nusnoop01.xml Britons flying to America could have their credit card and email accounts inspected by the United States authorities following a deal struck by Brussels and Washington. By using a credit card to book a flight, passengers face having other transactions on the card inspected by the American authorities. Providing an email address to an airline could also lead to scrutiny of other messages sent or received on that account. The extent of the demands were disclosed in "undertakings" given by the US Department of Homeland Security to the European Union and published by the Department for Transport after a Freedom of Information request. About four million Britons travel to America each year and the released document shows that the US has demanded access to far more data than previously realised. Not only will such material be available when combating terrorism but the Americans have asserted the right to the same information when dealing with other serious crimes. Shami Chakrabarti, the director of the human rights group Liberty, expressed horror at the extent of the information made available. "It is a complete handover of the rights of people travelling to the United States," she said. As the Americans tightened security after the September 11 attacks, they demanded that airlines provide comprehensive information about passengers before allowing them to land. But this triggered a dispute that came to a head last year in a Catch 22 situation. On one hand they were told they must provide the information, on the other they were threatened with heavy fines by EU governments for breaching European data protection legislation. In October, Brussels agreed to sweep away the "bureaucratic hurdles" preventing airlines handing over this material after European carriers were threatened with exclusion from the US. The newly-released document sets out the rules underpinning that deal. As a result the Americans are entitled to 34 separate pieces of Passenger Name Record (PNR) data ? all of which must be provided by airlines from their computers. Much of it is routine but some elements will prove more contentious, such as a passenger's email address, whether they have a previous history of not turning up for flights and any religious dietary requirements. While insisting that "additional information" would only be sought from lawful channels, the US made clear that it would use PNR data as a trigger for further inquiries. Anyone seeking such material would normally have to apply for a court order or subpoena, although this would depend on what information was wanted. Doubts were raised last night about the effectiveness of the safeguards. "There is no guarantee that a bank or internet provider would tell an individual that material about them was being subpoenaed," an American lawyer said. "Then there are problems, such as where the case would take place and whether an individual has time to hire a lawyer, even if they wanted to challenge it." Initially, such material could be inspected for seven days but a reduced number of US officials could view it for three and a half years. Should any record be inspected during this period, the file could remain open for eight years. Material compiled by the border authorities can be shared with domestic agencies. It can also be on a "case by case" basis with foreign governments. Washington promised to "encourage" US airlines to make similar information available to EU governments ? rather than compel them to do so. "It is pretty horrendous, particularly when you couple it with our one-sided extradition arrangements with the US," said Miss Chakrabarti. "It is making the act of buying a ticket a gateway to a host of personal email and financial information. While there are safeguards, it appears you would have to go to a US court to assert your rights." Chris Grayling, the shadow transport secretary, said: "Our government and the EU have handed over very substantial powers to gain access to private information belonging to British citizens." A Department for Transport spokesman said: "Every airline is obliged to conform with these rules if they wish to continue flying As part of the terms of carriage, it is made clear to passengers what these requirements are. The US government has given undertakings on how this data will be used and who will see it."