From rforno at infowarrior.org Wed Aug 1 12:05:52 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 01 Aug 2007 08:05:52 -0400 Subject: [Infowarrior] - IP: CCIA goes after the sports league "warnings" Message-ID: Sports leagues accused of deceptive warnings By Greg Sandoval http://news.com.com/Sports+leagues+accused+of+deceptive+warnings/2100-1026_3 -6200055.html Story last modified Tue Jul 31 21:15:46 PDT 2007 A handful of sports leagues and media companies are trying to intimidate the public when issuing inaccurate warnings about making "unauthorized" copies of their work, according to a complaint expected to be filed with the Federal Trade Commission. The complaint, expected to be submitted Wednesday by the Computer & Communications Industry Association (CCIA), a trade group that represents such tech giants as Microsoft, Google and Yahoo, names the National Football League, Major League Baseball, NBC-Universal, Morgan Creek Productions, DreamWorks, Harcourt and Penguin. An example of what CCIA is referring to is the little speech TV or radio announcers make during breaks in games. Most sports fans can recite at least a smidgen of the boilerplate. "Any rebroadcast, reproduction or other use of the pictures and accounts of this game without the express written consent of Major League Baseball is prohibited," is the MLB's copyright warning. While the statements have become a tradition during professional football and baseball broadcasts, the CCIA claims such statements are false and are harmful to consumers and technology companies. Similar warnings can be found in books, CDs and DVDS, according to the CCIA. "These warnings intimidate average people and hinder free expression," the CCIA in a statement. "They depict as illegal many legitimate and beneficial uses made possible by the high-tech industry, and cast a pall over the high-tech marketplace...These ubiquitous statements often include gross misrepresentations of federal law and characterize as unlawful acts that are explicitly permitted by law." CCIA has asked the FTC to put an end to such practices. Mark Litvack, a copyright attorney at the Los Angeles firm of Manatt, Phelps & Phillips, said that he doubts CCIA is going to get anywhere with the complaint. "In most of the warnings, all they are saying is that unauthorized copying is illegal and it almost always is," said Litvack, who has represented such copyright owners as Sony, Time Warner and Disney. "For example, you're allowed to make a backup copy for your own use. I'm not aware of any law that says you are allowed to make a copy to share with a friend. That has never been held to be legal." It's unlikely that many people pay attention to the copyright warnings. But if the issue seems a tad granular, it's only the latest example of how far tech companies and copyright holders are willing to go to defend their turf in the ongoing battle over copyright law. Copyright is one of the burning issues in Silicon Valley and Hollywood, with court cases such as the one between YouTube and Viacom and the motion picture's copyright suit against TorrentSpy, a BitTorrent search engine. From rforno at infowarrior.org Thu Aug 2 03:14:15 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 01 Aug 2007 23:14:15 -0400 Subject: [Infowarrior] - DRM Scorecard: Hackers Batting 1000, Industry Zero Message-ID: DRM Scorecard: Hackers Batting 1000, Industry Zero Posted by Alexander Wolfe, Aug 1, 2007 08:51 AM Forget the moral questions: Whether the millions of kids who load up their iPods from LimeWire are thieves, or whether there's something incongruous about Sheryl Crow, a millionaire many times over, railing against piracy. When you look at the technology, there's no getting around the fact that DRM is an abject failure. I put together a scorecard, which shows that every single significant attempt at consumer-music DRM has been cracked. Here it is: < - > http://www.informationweek.com/blog/main/archives/2007/08/drm_scorecard_h.ht ml From rforno at infowarrior.org Thu Aug 2 14:00:33 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 02 Aug 2007 10:00:33 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?World_=B9_s_First_Conviction_for_R?= =?iso-8859-1?q?emoving_Information_from_DVD?= Message-ID: World?s First Conviction for Removing Information from DVD Written by enigmax on August 01, 2007 A Georgia man is facing the prospect of years in prison and fines of $750,000 after he admitted being involved in the ?camming? of movies and removing ?copyright management information? from DVDs. The cost of removing management information from a DVD in the US? 5 years in prison, 2 more than for camming movies. < - > http://torrentfreak.com/worlds-first-conviction-for-removing-information-fro m-dvd/ From rforno at infowarrior.org Fri Aug 3 12:28:10 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 03 Aug 2007 08:28:10 -0400 Subject: [Infowarrior] - FISA Ruling Limited Spying Efforts Message-ID: Ruling Limited Spying Efforts Move to Amend FISA Sparked by Judge's Decision http://www.washingtonpost.com/wp-dyn/content/article/2007/08/02/AR2007080202 619_pf.html By Carol D. Leonnig and Ellen Nakashima Washington Post Staff Writers Friday, August 3, 2007; A01 A federal intelligence court judge earlier this year secretly declared a key element of the Bush administration's wiretapping efforts illegal, according to a lawmaker and government sources, providing a previously unstated rationale for fevered efforts by congressional lawmakers this week to expand the president's spying powers. House Minority Leader John A. Boehner (R-Ohio) disclosed elements of the court's decision in remarks Tuesday to Fox News as he was promoting the administration-backed wiretapping legislation. Boehner has denied revealing classified information, but two government officials privy to the details confirmed that his remarks concerned classified information. The judge, whose name could not be learned, concluded early this year that the government had overstepped its authority in attempting to broadly surveil communications between two locations overseas that are passed through routing stations in the United States, according to two other government sources familiar with the decision. The decision was both a political and practical blow to the administration, which had long held that all of the National Security Agency's enhanced surveillance efforts since 2001 were legal. The administration for years had declined to subject those efforts to the jurisdiction of the Foreign Intelligence Surveillance Court, and after it finally did so in January the court ruled that the administration's legal judgment was at least partly wrong. The practical effect has been to block the NSA's efforts to collect information from a large volume of foreign calls and e-mails that passes through U.S. communications nodes clustered around New York and California. Both Democrats and Republicans have signaled they are eager to fix that problem through amendments to the Foreign Intelligence Surveillance Act (FISA). "There's been a ruling, over the last four or five months, that prohibits the ability of our intelligence services and our counterintelligence people from listening in to two terrorists in other parts of the world where the communication could come through the United States," Boehner told Fox News anchor Neil Cavuto in a Tuesday interview. "This means that our intelligence agencies are missing a wide swath of potential information that could help protect the American people," he said. Boehner added that some Democrats are aware of the problems caused by the judge's restrictive ruling and the problems it has caused for the administration's surveillance of terrorism suspects. "The Democrats have known about this for months," Boehner said. "We have had private conversations, we have had public conversations that this needs to be fixed. And Republicans are not going to leave this week until this problem is addressed." Commenting on Boehner's remarks, Rep. Rahm Emanuel (Ill.), the House Democratic Caucus chairman, said yesterday that "John should remember the old adage: Loose lips very much sink ships." But Kevin Smith, Boehner's spokesman, denied that the House Republican leader had disclosed classified information. Any assertion that Boehner spilled secrets "is just plain wrong and distracts from the critical task at hand -- fixing FISA to close the serious intelligence gaps that are jeopardizing our national security," Smith said. Smith said that Boehner's comments were based on a public, Jan. 17 letter to Congress by Attorney General Alberto R. Gonzales, in which the administration announced that it would allow the NSA program to be reviewed by the intelligence court. That letter said that an intelligence court judge had issued orders "authorizing the Government to target for collection into or out of the United States where there is probable cause to believe" one of the parties is a terrorist. But the letter referred only to "approval" of a government surveillance request and did not refer, as Boehner did, to the court's rejection of surveillance of specific foreign communications routed through the United States. The NSA surveillance at issue is part of a broader program authorized by President Bush shortly after the Sept. 11, 2001, attacks. Director of National Intelligence Mike McConnell said this week in a public letter that the order covered "various intelligence activities" that he did not describe. "The details of the activities changed in certain respects over time," he said. Since the existence of the warrantless wiretapping program was leaked to the public in late 2005, civil libertarians and legal experts have accused the administration of violating FISA and engaging in illegally broad data mining of telephone and e-mail records. The effect of the judge's decision to curtail some of that surveillance was to limit the flow of information about possible terrorism suspects, according to congressional staffers briefed on the ruling. Last week, McConnell told the Center for Strategic and International Studies that the government faces "this huge backlog trying to get warrants for things that are totally foreign that are threatening to this country." Gaining access to the foreign communications at issue would allow the NSA to tap into the huge volume of calls, faxes and e-mails that pass from one foreign country to another by way of fiber-optic connections in the United States. "If you're calling from Germany to Japan or China, it's very possible that the call gets routed through the United States, despite the fact that there are geographically much more direct routes to Asia," said Stephan Beckert of Telegeography Inc. That was not true when Congress passed the Foreign Intelligence Surveillance Act in 1978. The law established much stricter limits on intercepting communications involving people or facilities in the United States. If those limits apply now, for example, to calls from Pakistan to Yemen that pass through U.S. switches, the NSA could lose access to a substantial portion of global communications traffic. Since March, the administration has quickly tried to build a case for the legislation, while concealing from the public and many in Congress a key event that appears to have driven the effort. "It clearly shows that Congress has been playing with half a deck," said Jim Dempsey, policy director for the Center for Democracy and Technology. "The administration is asking lawmakers to vote on a very important piece of legislation based upon selective declassification of intelligence." In April, McConnell proposed a much broader revision of FISA than what the administration is pressing Congress to approve this week. Under the new plan, the attorney general would have sole authority to authorize the warrantless surveillance of people "reasonably believed to be outside the United States" and to compel telecommunications carriers to turn over the information in real time or after it has been stored. An unstated facet of the program is that anyone the foreigner is calling inside the United States, as long as that person is not the primary target, would also be wiretapped. On Saturday, Bush in his radio address argued more narrowly that "one of the most important ways we can gather that information is by monitoring terrorist communications." FISA, he said, "provides a critical legal foundation" in allowing the government to collect that information while protecting Americans' civil liberties. Testifying on the Hill in May, McConnell argued that the law needed to be updated to accommodate technology's advance. "Today a single communication can transit the world, even if the two people communicating are only a few miles apart," he said, alluding to the fact that a significant volume of e-mails and phone calls are routed through the United States. Democrats announced this week a proposal that would also expand the government's wiretapping authority but would keep it under FISA court supervision. The authority would expire in six months. This week, McConnell spent hours on the Hill briefing lawmakers. On Tuesday, he gave about 50 senators a classified briefing making the case for the legislation. That briefing included the change in the threat environment, as well as a description of the court development, according to a government source who requested anonymity because the briefing was classified. "He was not complaining about one judge or another," the source said. "He was saying, 'I need to collect X, but I can only collect Y and we need to change the law on that.' " Washington Post staff writers Dan Eggen and Barton Gellman and washingtonpost.com staff writer Paul Kane contributed to this report. From rforno at infowarrior.org Fri Aug 3 23:54:19 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 03 Aug 2007 19:54:19 -0400 Subject: [Infowarrior] - OT: Can't we vote without a tally? Message-ID: > "The broken computers prompted protracted squabbles among lawmakers Friday > afternoon. Rep. David Dreier (R-Calif.) questioned how they could vote if they > were unable to see the usual tally. Lawmakers are accustomed to seeing how > their colleagues are voting while they mull their own decision." > > Source: > > http://www.politico.com/blogs/thecrypt/0807/Busted_computer_hamstrings_House.h > tml I used to work in the House, and I've seen all kinds of stuff over the years, but give me a break. It's sad that a Congressperson is unable or unwilling to vote their conscience, or based on how they feel. Are our elected leaders so afraid to vote their own way out of fear of angering their political machine overlords? I think so. Frankly I find this Congressperson's question a bit incredible ---- and yes, I would say the same thing if a Democrat asked it, so please, DS, don't get in a huff here, okay?) -rf From rforno at infowarrior.org Sat Aug 4 15:31:46 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 04 Aug 2007 11:31:46 -0400 Subject: [Infowarrior] - Computer Security Problems Found at IRS Message-ID: Computer Security Problems Found at IRS Aug 3 10:50 AM US/Eastern By JIM ABRAMS Associated Press Writer http://www.breitbart.com/article.php?id=D8QPK2E02&show_article=1 WASHINGTON (AP) - IRS employees ignored security rules and turned over sensitive computer information to a caller posing as a technical support person, according to a government study. Sixty-one of the 102 people who got the test calls, including managers and a contractor, complied with a request that the employee provide his or her user name and temporarily change his or her password to one the caller suggested, according to the Treasury Inspector General for Tax Administration, an office that does oversight of Internal Revenue Service. The caller asked for assistance to correct a computer problem. The report said that by failing to question the identity of the caller the employees were putting the IRS at risk of providing unauthorized people access to taxpayer data that could be used for identity theft and other fraudulent schemes. "This is especially disturbing because the IRS has taken many steps to raise employee awareness of the importance of protecting their computers and passwords," said Inspector General J. Russell George. Only eight of the 102 employees contacted either the inspector general's office or IRS security offices to validate the legitimacy of the caller. The report said the IRS took measures to improve security after two similar test telephone calls in 2001 and 2004. "However, the corrective actions have not been effective," it said. The IRS agreed with recommendations from the inspector general that it should take steps to make employees more aware of hacker tactics such as posing as an internal employee and to remind people to report such incidents to security officials. The IRS has nearly 100,000 employees and contractors with access to tax return information processed on about 240 computer systems and more than 1,500 databases. ___ On the Net: Treasury Inspector General for Tax Administration: From rforno at infowarrior.org Sat Aug 4 16:21:36 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 04 Aug 2007 12:21:36 -0400 Subject: [Infowarrior] - Dateline Mole Allegedly at DefCon with Hidden Camera Message-ID: Dateline Mole Allegedly at DefCon with Hidden Camera -- Updated: Mole Caught on Tape By Kim Zetter EmailAugust 03, 2007 | 2:15:13 http://blog.wired.com/27bstroke6/2007/08/media-mole-at-d.html Dateline_mole DefCon security on Friday warned attendees at the annual hacker conference that Dateline NBC may have sent a mole with a hidden camera to the event to capture hackers admitting to crimes. DefCon says it was tipped off by their own mole at Dateline who sent them a pic of the undercover journalist who DefCon employees identified as producer Michelle Madigan. DefCon, an annual underground hacking convention in Las Vegas, has a strict policy against filming conference attendees -- TV media outlets are barred from sweeping a room with their cameras and also have to get permission from any individuals before capturing them on film. All journalists covering DefCon sign an agreement upon registering for the conference that outlines the rules, but the DefCon organizers say the mole apparently registered as a regular attendee, thereby bypassing the legal agreement. Dateline NBC is best known for its controversial To Catch A Predator series, which uses hidden cameras to tape men who are allegedly seeking to have sex with minors they met online. Dateline spokeswoman Jenny Tartikoff would not confirm or deny the allegations about Madigan and the undercover camera at DefCon, saying only that "It's not our policy to comment on our newsgathering." Before opening the show for business Friday, the DefCon goons announced to the crowd that there was a media mole among them. DefCon has been broadcasting her picture on the screens in conference rooms before each talk. Note: The original version of the story did not have the picture or name the journalist or outlet. The story was updated once Dateline responded to a request for comment. UPDATE 2: NBC's mole, Michelle Madigan, became the target of predators herself this afternoon when she was outed at DefCon as an undercover reporter and bolted out of the conference hotel with about two dozen reporters with cameras and others chasing after her -- in the manner of an NBC Dateline To Catch a Predator episode. According to DefCon staff, Madigan had told someone she wanted to out an undercover federal agent at DefCon. That person in turn warned DefCon about Madigan's plans. Federal law enforcement agents from FBI, DoD, United States Postal Inspection Service and other agencies regularly attend DefCon to gather intelligence on the latest techniques of hackers. DefCon holds an annual contest called Spot the Fed, in which attendees out people in the audience they think are undercover federal agents. The contest is good-natured, but the feds who get caught are generally ones who don't mind getting caught. DefCon staff say that Madigan was asked four times -- two times on the phone and two times at the conference -- if she wanted to obtain press credentials, but she declined. DefCon staff lured her to a large hall telling her that the Spot the Fed contest was in session and that she could get a picture of an undercover federal agent at the contest. When she sat down, Jeff Moss, DefCon's founder, announced that they were changing the game. Instead of Spot the Fed, they were going to play Spot the Undercover Reporter and then announced, "And there's one in here right now." Madigan, realizing she'd been had, jumped from her seat and bolted out the door with reporters carrying cameras chasing after her through the parking lot and to her car. From rforno at infowarrior.org Sun Aug 5 02:15:20 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 04 Aug 2007 22:15:20 -0400 Subject: [Infowarrior] - Airport queues longer than flights Message-ID: Airport queues longer than flights By David Millward, Transport Correspondent and Patrick Phelvin Last Updated: 12:52am BST 05/08/2007 http://tinyurl.com/ypj2ov Holidaymakers are facing such severe delays at airports they are being forced to spend more time stuck in queues than on their flights, research by The Daily Telegraph disclosed yesterday. With the holiday season entering its peak, hundreds of thousands of people have been engulfed in the chaos caused by the stringent security regime and the inability of many airports to cope. British Airways and Ryanair confirmed that as a result of the queues at check-in and security, some passengers on short-haul flights to European destinations were spending more time in airport terminals than in the air. Airlines are in open revolt at the service they are being given by airports who they claim are failing to recruit enough staff despite raking in millions of pounds in fees from operators. Yesterday the average time passengers spent getting through check-in and security at Heathrow was 90 minutes - the time it would take to fly to Barcelona or Nice - according to figures gathered by the independent Travel Counsellors company. It has set up a website for holidaymakers to record the delays they encounter and has received "3,000 hits in a week", said David Speakman, the group chairman. "Security posts are not being staffed up," said Mr Speakman. "They knew how many planes and passengers would be coming through. "It is a question of spending money and they are just not investing in enough people." While passengers face frustration, airports are cashing in. Liverpool John Lennon is even charging ?2 for anyone who wants to use a special fast track check-in " with four lanes - while those not willing to pay have to share two. Ken Livingstone, the London Mayor, said this week that Heathrow shamed London. He also accused Spanish-owned BAA, which controls the airports, of profiting out of passengers' misfortune thanks to the income from shops and restaurants - which he dismissed as little more than shopping malls. Ryanair has been embroiled in a public spat with Stansted over the airport's failure to open the minimum of 17 security arches that were promised to help cope with the surge in holiday demand. On one weekend in late July, 78 early morning flights were delayed because of the time taken for passengers to clear security. On one occasion only 14 arches were open, six short of the 20 that airlines using Stansted were promised would be available at peak periods. The Daily Telegraph has also learned that BAA has given a variety of excuses for the delays, including technical difficulties and abnormal sickness levels. Michael O'Leary, Ryanair's chief executive, accused BAA of offering "third world facilities at very high prices". He said: "We have 25, 50 and at times 75 per cent of flights being delayed because passengers can't get to them in time. Our customers are now spending more time in security queues than they are on our flights." British Airways is equally unhappy with Heathrow and in its latest forecasts, published yesterday, it cut its predicted increase in revenue over the present year from five per cent to four - partly because of the airport's operational difficulties. Willie Walsh, BA's chief executive, said: "BAA must recruit additional staff and invest in the right equipment if we are to get back to having good customer service." BA said its passengers on flights to nearby western Europe were also likely to spend more time in the terminal than on the plane. The security regime has even created havoc for pilots. A spokesman for the British Airline Pilots' Association, said: "Passengers don't realise that pilots have to go through the same security procedures as they do, some of which are plain daft. Pilots are told to take off their belts and shoes, before getting on to planes which are loaded with fuel, which are real weapons of mass destruction." The British Air Transport Association, which represents airlines, said there were still major concerns about the time passengers had to queue. "People are waiting longer than they should to get through security," said Roger Wiltshire, the BATA secretary general. "There have been cases of passengers checking in, then missing flights because of the queues." The association had received complaints about security checkpoints that allegedly were not fully staffed and X-ray machines left unmanned. James Fremantle, of the Air Transport Users' Council, said: "We would like to see the airlines doing more to anticipate the problems that might occur and bring in contingency plans to deal with them." The Civil Aviation Authority said punctuality figures for this summer were not yet available, but additional delays were expected because of extra security measures. Between July and September last year only 63 per cent of flights left within 15 minutes of their scheduled take off time, down from 71 per cent in the previous year. The proportion of flights operating on time fell at all monitored airports, except Birmingham, which improved by one percentage point. A BAA spokesman denied that Heathrow was "cashing in" on delays - it had spent ?9 million on terminals and hundreds of extra staff were taken on. Most shops paid a flat rent for space in the terminals and retail figures for wholly-owned stores showed no direct link between delays and revenue. Publishers wishing to reproduce photographs on this page should phone 44 (0) 207 931 2921 or email syndication at telegraph.co.uk From rforno at infowarrior.org Mon Aug 6 11:56:09 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 06 Aug 2007 07:56:09 -0400 Subject: [Infowarrior] - Bush Signs Law to Widen Legal Reach for Wiretapping Message-ID: August 6, 2007 Bush Signs Law to Widen Legal Reach for Wiretapping By JAMES RISEN http://www.nytimes.com/2007/08/06/washington/06nsa.html?ei=5065&en=4e05f95a4 b60ac78&ex=1187064000&partner=MYWAY&pagewanted=print WASHINGTON, Aug. 5 ? President Bush signed into law on Sunday legislation that broadly expanded the government?s authority to eavesdrop on the international telephone calls and e-mail messages of American citizens without warrants. Congressional aides and others familiar with the details of the law said that its impact went far beyond the small fixes that administration officials had said were needed to gather information about foreign terrorists. They said seemingly subtle changes in legislative language would sharply alter the legal limits on the government?s ability to monitor millions of phone calls and e-mail messages going in and out of the United States. They also said that the new law for the first time provided a legal framework for much of the surveillance without warrants that was being conducted in secret by the National Security Agency and outside the Foreign Intelligence Surveillance Act, the 1978 law that is supposed to regulate the way the government can listen to the private communications of American citizens. ?This more or less legalizes the N.S.A. program,? said Kate Martin, director of the Center for National Security Studies in Washington, who has studied the new legislation. Previously, the government needed search warrants approved by a special intelligence court to eavesdrop on telephone conversations, e-mail messages and other electronic communications between individuals inside the United States and people overseas, if the government conducted the surveillance inside the United States. Today, most international telephone conversations to and from the United States are conducted over fiber-optic cables, and the most efficient way for the government to eavesdrop on them is to latch on to giant telecommunications switches located in the United States. By changing the legal definition of what is considered ?electronic surveillance,? the new law allows the government to eavesdrop on those conversations without warrants ? latching on to those giant switches ? as long as the target of the government?s surveillance is ?reasonably believed? to be overseas. For example, if a person in Indianapolis calls someone in London, the National Security Agency can eavesdrop on that conversation without a warrant, as long as the N.S.A.?s target is the person in London. Tony Fratto, a White House spokesman, said Sunday in an interview that the new law went beyond fixing the foreign-to-foreign problem, potentially allowing the government to listen to Americans calling overseas. But he stressed that the objective of the new law is to give the government greater flexibility in focusing on foreign suspects overseas, not to go after Americans. ?It?s foreign, that?s the point,? Mr. Fratto said. ?What you want to make sure is that you are getting the foreign target.? The legislation to change the surveillance act was rushed through both the House and Senate in the last days before the August recess began. The White House?s push for the change was driven in part by a still-classified ruling earlier this year by the special intelligence court, which said the government needed to seek court-approved warrants to monitor those international calls going through American switches. The new law, which is intended as a stopgap and expires in six months, also represents a power shift in terms of the oversight and regulation of government surveillance. The new law gives the attorney general and the director of national intelligence the power to approve the international surveillance, rather than the special intelligence court. The court?s only role will be to review and approve the procedures used by the government in the surveillance after it has been conducted. It will not scrutinize the cases of the individuals being monitored. The law also gave the administration greater power to force telecommunications companies to cooperate with such spying operations. The companies can now be compelled to cooperate by orders from the attorney general and the director of national intelligence. Democratic Congressional aides said Sunday that some telecommunications company officials had told Congressional leaders that they were unhappy with that provision in the bill and might challenge the new law in court. The aides said the telecommunications companies had told lawmakers that they would rather have a court-approved warrant ordering them to comply. In fact, pressure from the telecommunications companies on the Bush administration has apparently played a major hidden role in the political battle over the surveillance issue over the past few months. In January, the administration placed the N.S.A.?s warrantless wiretapping program under the Foreign Intelligence Surveillance Act, and subjected it for the first time to the scrutiny of the FISA court. Democratic Congressional aides said Sunday that they believed that pressure from major telecommunications companies on the White House was a major factor in persuading the Bush administration to do that. Those companies were facing major lawsuits for having secretly cooperated with the warrantless wiretapping program, and now wanted greater legal protections before cooperating further. But the change suddenly swamped the court with an enormous volume of search warrant applications, leading, in turn, to the administration?s decision to seek the new legislation. From rforno at infowarrior.org Mon Aug 6 13:15:31 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 06 Aug 2007 09:15:31 -0400 Subject: [Infowarrior] - Law is code Message-ID: Code-is-law, a term originating from Professor Lawrence Lessig, has been on the collective mind of Radar lately. Tim blogged about it, and the last issue of Release 2.0 explored it further. I found code-is-law on my mind at Foo Camp this year during a presentation on security by Dan Kaminsky. (Yes, the same renaissance hacker that made me fear my web browser last week.) Dan's presentation described how to turn noise into visualizations using dotplots, a technique he uses to guide fuzzers. But ever a true hacker, Dan also created a series of beautiful visualizations ranging from audio captchas to the representation of Zelda. The visualization that fascinated me most combined code and law, produced using Project Gutenberg, kernel32.dll and US Code. < - > http://radar.oreilly.com/archives/2007/08/code_looks_like.html From rforno at infowarrior.org Mon Aug 6 14:07:21 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 06 Aug 2007 10:07:21 -0400 Subject: [Infowarrior] - TV: Style versus Substance Message-ID: It never ceases to amaze me how Americans are more attracted to style versus substance. Given last week's market hijinks, and since I don't get Bloomberg, last night I was watching an Internet stream of CNBC Asia to see how Asia would deal with Friday's Wall Street action. Much to my amazement, the CNBC Asia video stream had NONE of the following, unlike its CNBC-US counterpart: - animated "floating" 3-d graphs and magical Warcraft-like sprinkle-sounds when they change to a new graph. - line-printer audio and visual sound effects when showing price changes for companies in a given sector. - realtime clocks on their graphs, let alone one that shows the time down to the hundredth-second. - needless animations elsewhere on the screen to give the appearance of 'activity' - no 'countdown' to the various market opens; they just opened and the newsreader says "....and Taiwan is now open" while doing his news report. - even when showing day-old taped segments from CNBC USA, they replaced the animated USA stock charts with the less-flashy CNBC Asia ones. There are probably other positives, but this is what I was able to glean thus far. The hour I watched was noticeably more "newsy" and "analytical" than its glitzy US counterpart and felt more Bloomberg-esque as well. Frankly I wonder at times how CNBC-US can call itself a serious financial news network given not only its use of glitzy stuff mentioned above but also when it makes a conscious decision to ignore world market coverage on weeknights (to run taped gameshows) and its desire to run paid programming commercials all weekend instead of the (surprisingly-decent) international financial programming they run on CNBC World. I guess after the US markets close it's all about advertising revenue. :( That said, I will confess CNBC has done a great job with their streaming video on CNBC Plus. No commercials and high video quality. Plus it's free on Sunday nights for the weekly Asian market open! And there ARE people and aspects of CNBC-US that I appreciate, so I'm not totally-negative about the network -- just about some of its production decisions. -rick Infowarrior.org From rforno at infowarrior.org Mon Aug 6 14:12:40 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 06 Aug 2007 10:12:40 -0400 Subject: [Infowarrior] - VeriSign worker exits after laptop security breach Message-ID: (Good riddance to this idiot.......no sympathy from this former VRSN employee.....rf) VeriSign worker exits after laptop security breach Man overboard By John Leyden ? More by this author Published Monday 6th August 2007 11:20 GMT http://www.theregister.co.uk/2007/08/06/verisign_laptop_theft/ VeriSign has warned workers of the theft of a laptop that contained their personal information. The laptop was stolen from a car parked in the garage of a California worker sometime on the night of 12 July. The laptop contained personal information - name, Social Security number, date of birth, salary information, telephone numbers, and home addresses - of an unknown number of VeriSign employees. Bank account numbers or password information were not stored on the machine. Data on the machine was not encrypted, in contravention of VeriSign policies, raising ID theft concerns. The unnamed worker involved has left VeriSign while the web security firm has responded by promising to tighten up its security policies. In a letter to workers, VeriSign said the laptop was probably stolen in a random burglary. Nonetheless, the security infrastructure firm is offering to pay a year's credit watch monitoring subscription to those potentially affected. Reports of the breach first surfaced on Wizbang on Friday. Prompted by our follow-up questions, Verisign issued a statement explaining its response to the breach. VeriSign is taking the recent laptop theft very seriously. The Company initiated an investigation as soon as the theft was discovered. We have no reason to believe that the thief or thieves acted with the intent to extract and use this information. The local police have said the theft may be tied to a series of neighborhood burglaries. We disabled any access by the employee?s computer to the VeriSign network. The employee involved in this incident has since left VeriSign. The Company has a policy on how to manage laptops that contain sensitive information and company data - which in this case was not followed. That policy includes not leaving laptops in vehicles in plain view, keeping the amount of confidential and sensitive data stored on laptops to a minimum, and using data encryption tools to protect those sets of data that absolutely must be stored on a laptop. Going forward, we will continue to review our security procedures to prevent future human errors of this type. VeriSign specialises in marketing the digital certificates and other elements of the infrastructure that underpin secure web transactions, so any kind of security breach is embarrassing. It's far from alone in having problems with lost or stolen laptops containing sensitive information, however. Similar thefts have sparked security flaps at Marks & Spencer, Nationwide Building Society, the Metropolitan Police, the US Department of Veterans Affairs, and others. ? From rforno at infowarrior.org Tue Aug 7 02:21:33 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 06 Aug 2007 22:21:33 -0400 Subject: [Infowarrior] - DHS: 'Plot Would Have Killed Thousands' Message-ID: 'Plot Would Have Killed Thousands' http://abcnews.go.com/WN/story?id=3451976&page=1 EXCLUSIVE: Homeland Security Secretary Michael Chertoff Offers Chilling Details About 2006 Airplane Plot and Current Terror Threats Aug. 6, 2007 ? Terrorists who had planned to detonate gel-based explosives on U.S.-bound flights from London last August would have achieved mass devastation, according to new information from Homeland Security Secretary Michael Chertoff in an exclusive interview with ABC News. "I think that the plot, in terms of its intent, was looking at devastation on a scale that would have rivaled 9/11," Chertoff told ABC's Pierre Thomas. "If they had succeeded in bringing liquid explosives on seven or eight aircraft, there could have been thousands of lives lost and an enormous economic impact with devastating consequences for international air travel." Sources tell ABC News that after studying the plot, government officials have concluded that without the tip to British authorities, the suspects could have likely smuggled the bomb components onboard using sports drinks. The components of that explosives mixture can be bought at any drugstore or supermarket; however, there is some question whether the potential terrorists would have had the skill to properly mix and detonate their explosive cocktails in-flight. But they can work  scientists at Sandia National Laboratory conducted a test using the formula, and when a small amount of liquid in a container was hit with a tiny burst of electrical current, a large explosion followed. (Click on the video player on the right side of this page to view the video.) The test results were reviewed today by ABC terrorism consultant Richard Clarke, who said that while frequent travelers are upset by the current limits on liquids in carry-on baggage, "when they see this film, they ought to know it's worth going through those problems." One official who briefed ABC News said explosives and security experts who examined the plot were "stunned at the extent that the suspects had gamed the system to exploit its weaknesses." "There's no question that they had given a lot of thought to how they might smuggle containers with liquid explosives onto airplanes," Chertoff said. "Without getting into things that are still classified, they obviously paid attention to the ways in which they thought they might be able to disguise these explosives as very innocent types of everyday articles." Tense Hours as Officials Learned of Plot Chertoff speaks candidly about those moments when Homeland Security learned about the potential attack, and the terrorists had not yet been captured. "This was very, very tightly held, because the British were concerned about any possibility of a leak getting out. Obviously, the intelligence folks knew, the senior intelligence folks, the president, senior leaders in the White House," he said. "Within my own department, only the deputy and I were initially told about this." "I got a call telling me that it looked as if the focus had turned on an attack on the United States, specifically an attack on airliners leaving from Britain, traveling to American cities," Chertoff said. "It also became evident, within 24 hours, that the time frame within which the attack was going to take place, would not be a matter of months but & a matter of weeks or even days." Airports in the United States and the United Kingdom were put on red alert  meaning a potential attack could be imminent  and liquids were banned from carry-on luggage as suspects were picked up, including 24 British-born Muslims and seven Pakistanis. "We had to start about 9, 10 o'clock in the evening, when the arrests began to go down in Pakistan, and when we were first given the ability to tell other people about the plot," Chertoff said. "And we had to turn the entire process around by 6 a.m. the following morning, before people started to board airplanes. "You had to change literally thousands of people's behavior in the course of about 12 hours. We had to train them. We had to get everybody to understand what the new rules were going to be. And you had to communicate to the public in a very short period of time. "And so, we spent literally the entire night bringing in not only the TSA senior leadership, but also talking on the phone to the airline leadership, so that everybody would understand what needed to happen at 6 a.m. the following day," he said. For Chertoff, the concern remained that an attack would have been carried out if they'd missed a critical detail. "There's an enormous sense of working against time, giving the analysts as much time as you possibly can, but always recognizing at the end that the benefit of the doubt has to be in favor of saving lives." Assessing Current Risks Since last August, the failed plot has had an enormous impact on U.S. airports, which have remained on orange  or high  alert, for nearly a year. After authorities tested the explosive liquids, the government determined what quantity of liquid explosives could pose a risk if smuggled onboard flights, leading to the 3-ounce limit for carry-on bags. Passengers are still restricted when bringing liquids onboard, and those rules may remain in place forever. At the moment, Chertoff believes there is a "heightened risk" of an attack. "We have seen that in some areas of Pakistan, the enemy has been able to reconstitute itself and get a breathing space, so to speak, where they can plan and do some recruiting and some training. We've seen increased effort to develop terrorist operatives in Europe. "And, of course, the concern we have, because of the visa waiver program, has been Europeans either carrying out attacks against Americans on the European continent, or even coming to the United States," Chertoff said. "When you add these things together, they don't move into a mathematical certainty we're going to have an attack, but they do suggest that there is a heightened threat, a bit more capability than there was, and, therefore, all the more reason for us to continue to raise the level of our security and our defenses," he said. That progress was aided after the arrests last year that provided Homeland Security with information about terrorist capabilities. "Clearly, the effort to put explosives in sports bottles was a reaction to what we had done with respect to other kinds of explosives, and & we're going to be back and forth with terrorists on this kind of cat-and-mouse process for years to come," Chertoff said. And while he is confronted by pieces of data daily as Homeland Security tries to assess credible threats and piece together information, Chertoff said he remains continually struck by the nature of the enemy. "You know, we go about our business during the summer, other times of the year. People are going to ballgames or watching their children graduate from high school," he said, "and it chills me sometimes to think there are people a half a world away who are spending the same period of time in a cave, trying to figure out how to kill us." Copyright ? 2007 ABC News Internet Ventures From rforno at infowarrior.org Tue Aug 7 02:25:07 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 06 Aug 2007 22:25:07 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?Judge_Orders_Release_of_Reports_on?= =?iso-8859-1?q?_=B9_04_Surveillance?= Message-ID: August 7, 2007 Judge Orders Release of Reports on ?04 Surveillance By ROBERT D. McFADDEN http://www.nytimes.com/2007/08/07/nyregion/07police.html?_r=1&hp=&oref=slogi n&pagewanted=print A federal judge yesterday rejected New York City?s efforts to prevent the release of nearly 2,000 pages of raw intelligence reports and other documents detailing the Police Department?s covert surveillance of protest groups and individual activists before the Republican National Convention in 2004. In a 20-page ruling, Magistrate Judge James C. Francis IV ordered the disclosure of hundreds of field intelligence reports by undercover investigators who compiled dossiers on protest groups in a huge operation that the police said was needed to head off violence and disruptions at the convention. But at the behest of the city and with the concurrence of civil liberties lawyers representing plaintiffs who were swept up in mass arrests during the convention, the judge agreed to the deletion of sensitive information in the documents to protect the identities of undercover officers and confidential informants and to safeguard police investigative methods and the privacy of individuals caught up in investigations. The city had largely based its contention for nondisclosure on the need to protect those identities and methods, and had also argued against disclosure because the public might misinterpret the documents or the news media sensationalize them. But the civil liberties lawyers insisted that the documents ? even without the sensitive materials ? were needed to show in court that the police had overstepped legal boundaries in arresting, detaining and fingerprinting hundreds of people instead of handing out summonses for minor offenses. The ruling was the latest development in the long-running case, which posed thorny questions about the free speech rights of protesters and the means used by law enforcement officials to maintain public order. It appeared that the plaintiffs, who had denounced the police for trampling on the civil liberties of protesters who were fingerprinted and detained at length for minor offenses, had largely won the day, while the city had achieved a more limited objective. The city and the Police Department have come under intense scrutiny over the surveillance tactics, in which for more than a year before the convention undercover officers traveled to cities across the country, and to Canada and Europe, to conduct covert observations of people who planned to attend. But beyond potential troublemakers, those placed under surveillance included street theater companies, church groups, antiwar activists, environmentalists, and people opposed to the death penalty, globalization and other government policies. And as the convention unfolded, more than 1,800 people were arrested, mostly for minor violations, and many were herded into pens at a Hudson River pier and fingerprinted instead of being released on summonses or desk appearance tickets, which are more customary for such minor charges. As scores of federal lawsuits challenging the mass arrests on Aug. 31, 2004, were filed in Federal District Court in Manhattan, with plaintiffs claiming wrongful detentions of up to two days and other violations by the police to keep protesters off the streets, the outlines of the extensive covert surveillance operation began to emerge from court records. In March, The New York Times disclosed details of the sweeping operation, including a sample of raw intelligence documents and summaries of observations from field agents and the police cyberintelligence unit. Some plaintiffs and their lawyers, seeking to bolster their cases, asked the court to disclose the documents. In May, Judge Francis allowed the disclosure of 600 pages of secret documents relating to preconvention security preparations. But a second batch of documents, including pictures and reports by undercover agents detailing which protest groups were infiltrated and the results of the surveillance operations, remained in contention. The city argued that disclosure would reveal sources, methods and other information that might compromise current and future investigations, while the plaintiffs contended that the reports would disprove city claims that the protesters planned to engage in violence, and would show that mass arrests had been unnecessary. In his ruling yesterday, Judge Francis acknowledged that some information in the documents needed to be protected. He himself edited out what he regarded as privileged law enforcement information in many ?field intelligence reports? from agents covering confidential sources and techniques. And he did not order the release of documents in which the Republican convention was not mentioned. But he rebuffed city arguments that general information gathered about an organization would necessarily jeopardize confidential police matters. ?It is difficult to imagine how someone could determine the identity of an undercover officer simply from the fact that he or she was present at a meeting or protest attended by dozens, if not hundreds, of people,? the judge declared. From rforno at infowarrior.org Tue Aug 7 11:55:21 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 07 Aug 2007 07:55:21 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?=8C_Surveillance_society_=B9__warn?= =?iso-8859-1?q?ing_on_data_sharing?= Message-ID: ?Surveillance society? warning on data sharing By Michael Peel, Legal Correspondent http://www.ft.com/cms/s/fdf57d8c-4458-11dc-90ca-0000779fd2ac.html Published: August 6 2007 22:21 | Last updated: August 6 2007 22:21 Confidential personal data ? gleaned from sources as diverse as driving licences, medical records and store loyalty cards ? is now often shared without people?s knowledge, the information commission will warn on Tuesday, in its latest salvo against what it calls the ?surveillance society?. The commission says the increasingly complex web of information sharing ? involving the public and private sectors, and bodies ranging from hospitals to credit reference agencies ? can make it hard for people to assert their legal rights to view information held about them. The commission does not name specific organisations, but its comments echo a growing debate over the increasingly widespread and sophisticated use of information gathered by official agencies and businesses. The data can be gleaned from sources such as supermarket loyalty cards and Transport for London?s Oyster plastic travel ticket. Simon Davies, director of Privacy International, said there was ?almost zero awareness? among the public of the detail of how data was shared, meaning that in some organisations sharing of information was becoming the ?default?. ?Very soon, it will be difficult, if not impossible, to stop the data sharing juggernaut,? he said. Richard Thomas, the information commissioner, has stressed that such sharing can be valuable in some circumstances, but he is also worried it is developing with very little accompanying public debate. Privacy specialists say the importance of tight monitoring of data-sharing has become ever more acute due to the rise of company marketing databases such as those of the loyalty programmes Tesco Clubcard and Nectar. The subject has attracted the attention of the Commons home affairs select committee, which in June examined how loyalty card information is shared with the police. Tesco said it only shared information with law enforcement authorities when ?absolutely necessary?, adding that its safeguards to prevent misuse of the personal information it held were ?pretty foolproof?. Another focus of debate is Transport for London?s Oyster card, which has been embraced by police as a tool for tracking the movements of suspected criminals. ?There is no bulk disclosure of data,? TfL said. Copyright The Financial Times Limited 2007 From rforno at infowarrior.org Wed Aug 8 12:18:15 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 08 Aug 2007 08:18:15 -0400 Subject: [Infowarrior] - Air Force Draws Weekend Cyberwarriors From Microsoft, Cisco Message-ID: Air Force Draws Weekend Cyberwarriors From Microsoft, Cisco By John Lasker Email 08.07.07 | 2:00 AM http://www.wired.com/politics/security/news/2007/08/262nd If the U.S. Air Force is ever ordered into a cyberwar with a foreign country or computer-savvy terrorist group, the 100-plus citizen cybersoldiers at the Air National Guard's 262nd Information Warfare Aggressor Squadron will boast an advantage other countries can't match: They built the very software and hardware they're attacking. That's because the 262nd, based at McChord Air Force Base outside Tacoma, Washington, draws weekend warriors from Microsoft, Cisco Systems, Adobe Systems and other tech companies, in a recruitment model that senior military leadership is touting as vital to the Air Force's expanded mission to achieve "dominance in cyberspace." "We ... must capitalize on the talent and expertise of our Guard and Reserve members who may have direct ties and long experience in high-tech industry," wrote Secretary of the Air Force Michael W. Wynne in a recent issue of the Air and Space Power Journal, an Air Force publication. "We must be prepared to defeat our enemies by using combined arms -- air, ground, sea, space, and cyber weapons systems." Created out of a combat communications squadron in 2002, the 262nd was commissioned to carry out simulated cyberattacks within the Air Force. But the Air Force's determination to develop an offensive cyberwarfare capability has been well-known since December 2005, when the service formally revised its mission statement to announce that airmen and airwomen would henceforth "fly and fight in air, space and cyberspace." The military's new focus on recruiting talent from high-tech companies raises a potential conflict of interest. Cisco's routers and switches are considered the nervous system of the internet worldwide. Microsoft and Adobe products are used by hundreds of millions across the planet, and have suffered from programming errors that make them vulnerable to attack -- which sometimes remain a secret inside the company for weeks or months before they're patched. In the hands of an offensive cyberwar unit, advance knowledge of serious vulnerabilities could be devastating, says Robert Masse, a reformed hacker who founded Montreal-based computer security firm GoSecure. Cyberwarfare is "all about knowing exploits no one else knows about," says Masse. "You need the exploits to break in.... The people with the most exploits win." Some countries -- notably China -- have voiced concerns that Microsoft might pack backdoors in its closed-source operating systems and applications. In an effort to curb distrust, in 2003 Microsoft signed a pact with China, Russia, the United Kingdom, NATO and other nations to let them see the Windows source code. But the company is mum on whether it sees ethical problems in its engineers working part time for a military unit dedicated to hacking its products. "Microsoft does not hold specifics about employees that are supporting the 262nd," says a Microsoft spokeswoman. "So to this end, there really is no comment on the types of work they are doing." Cisco and Adobe also declined to comment. Cybersecurity expert Richard Forno, who runs infowarrior.org, praised the recruitment effort. "The whole idea of an offensive information warfare unit, particularly a computer network attack unit, is to build capabilities for possible exploitation down the road," says Forno. "It just so happens the U.S. is lucky that the companies building the world's most popular and widely used IT products are based in the United States." Guardsmen and reservists serve one weekend a month and two weeks a year, and are subject to being called to active or full-time duty for stints ranging from a handful of months to several years. Even though the 262nd is named an "aggressor squadron," much of its work is defensive in nature, says Maj. Philip Osterli, a public information officer representing the unit. "They do look at adversarial threat packages from all across the board," he says. "We do not have a charter allowing us to conduct CNA (computer network attacks)." In addition to the 262nd, the Air National Guard draws from tech companies to staff the 177th Information Aggressor Squadron in Kansas, while both the 67th Network Warfare Wing and the Air Force Information Warfare Center recruit from the tech-heavy "Austin corridor" in central Texas, Wynne wrote. For this year's defense budget, Congress approved $800,000 for the planning and design of a new training and operations facility for the 262nd. From rforno at infowarrior.org Wed Aug 8 13:13:32 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 08 Aug 2007 09:13:32 -0400 Subject: [Infowarrior] - Websites could be required to retain visitor info Message-ID: Original URL: http://www.theregister.co.uk/2007/08/08/litigation_data_retention/ Websites could be required to retain visitor info By Mark Rasch, SecurityFocus Published Wednesday 8th August 2007 10:26 GMT A series of legal events means that companies that have no business reason to retain documents or records may be compelled to create and retain such records just so they can become available for discovery. Companies routinely create, maintain and store electronic records. Some records are consciously created ? like memoranda, letters, spreadsheets, and even e-mails and chat or instant message communications. Other records are created inadvertently, like meta data, log records, IP history records and the like. Some information is useful to the company, and it wants to retain it, and other information is of little use, merely takes up space, creates potential liability, and represents an unwarranted threat for attack or violation of privacy. The problem for most companies in developing or maintaining a document retention/destruction policy is identifying the documents and records it wants to keep and effectively purging the ones it doesn't want. Some recent legal events have made the problem of document retention and destruction even more complicated. A recent case involving file sharing site TorrentSpy illustrates the point. Torrentspy's privacy policy (http://www.torrentspy.com/privacy.asp) is clear and concise. It states: TorrentSpy.com is committed to protecting your privacy. TorrentSpy.com does not sell, trade or rent your personal information to other companies. TorrentSpy.com will not collect any personal information about you except when you specifically and knowingly provide such information. Pretty straightforward, and not too dissimilar from thousands of other website privacy policies. Such privacy policies are considered to be legally binding contracts, and the United States Federal Trade Commission, and Privacy Commissioners in Europe, Asia and other places routinely hold companies to their promises ? under threat of civil and criminal prosecution or fines. The first problem with this privacy policy ? like most privacy policies ? is that it's not true. Whenever you visit a website, you "involuntarily" provide "personal" information to the site operator ? things like the type of browser you are using, your IP address, the physical location of that IP address, your configuration settings, and what website you may have been referred from or to, among other things. If you are engaging in malicious, unlawful, or otherwise "actionable" conduct, the website operator may certainly attempt to use this information to identify you and discern what you are doing ? the essence of "personal information". Indeed, much of what we do as forensic investigators is to use this kind of information to find people. While net-savvy individuals know that this information is being collected and utilized, the vast majority of individuals would not say that they "specifically and knowingly" provided that information to the website. This information frequently has economic value to the website operator as well. Knowing what site referred the user may result in payments from or to the referring site under "pay per click" agreements. Aggregated personal information is useful for advertisers, and valuable to those who collect it. So its not accurate to say that your website ONLY collects information that you voluntarily give them. A better approach to a privacy policy would include language similar to that used by, for example, Google, which specifically states (http://www.google.com/privacypolicy.html): Log information - When you use Google services, our servers automatically record information that your browser sends whenever you visit a website. These server logs may include information such as your web request, Internet Protocol address, browser type, browser language, the date and time of your request and one or more cookies that may uniquely identify your browser. Some of this information is collected automatically as a consequence of delivering web content to the requestor. You would think that, in pursuance of its privacy policies, a company could choose not to collect or more accurately not to store or retain such information ? after all, that's what they promised their customers, no? There has long been an adage in the law that essentially states that "if it exists, it is discoverable". Now, as a result of a lawsuit involving TorrentSpy, the United States District Court for the Central District of California has essentially extended this logic to state that, "if it doesn't exist, we will require that it be created and stored so that it can become discoverable". The case, Columbia Pictures v. Bunnell (http://www.eff.org/legal/cases/torrentspy/columbia_v_bunnell_magistrate_ord er.pdf) (pdf) arose when the movie studios wanted to find out the identity of people using TorrentSpy to download copyrighted works ? personal information about TorrentSpy's users. TorrentSpy promised its users that it wouldn't collect such information, and had no legal obligation to do so. As the court noted: In general, when a user clicks on a link to a page or a file on a website, the website's web server program receives from the user a request for the page or the file. The request includes the IP address of the user's computer, and the name of the requested page or file, among other things. Such information is copied into and stored in RAM.). RAM is a form of temporary storage that every computer uses to process data. Every user request for a page or file is stored by the web server program in RAM in this fashion. The web server interprets and processes that data, while it is stored in RAM, in order to respond to user requests. The web server then satisfies the request by sending the requested file to the user. If the website's logging function is enabled, the web server copies the request into a log file, as well as the fact that the requested file was delivered. If the logging function is not enabled, the request is not retained. In keeping with its stated contractual privacy policy, TorrentSpy did not enable the logging function, did not capture the information in RAM (or more accurately did not store it) and therefore alleged that it could not produce it in litigation. After TorrentSpy was sued, the question arose about whether or not the information NOT regularly collected by TorrentSpy ? the information in RAM ? constituted Electronically Stored Information subject to both discovery and what is called a litigation hold. Under a litigation hold, once you become aware that information you may posess is relevant to ongoing or threatened litigation, you must suspend your document destruction policy and stop deleting that relevant information. Electronically Stored Information is defined under the Federal Rules of Civil Procedure (http://www.law.cornell.edu/rules/frcp/Rule26.htm) as "information that is fixed in a tangible form and to information that is stored in a medium from which it can be retrieved and examined". The court rejected TorrentSpy's claims that the information in RAM was never "stored" since logging was never enabled, and that requiring TorrentSpy to enable logging amounted to requiring it to "create"; records that didn' exist. Certainly, the information in RAM was ? for a brief time ? stored at least transitorily, just as streaming media (like a VOIP call, or videoconference) is stored on your computer for the brief interval it is being displayed. Thus, the information is (1) electronic; (2) stored; and (3) relevant. The consequence of this is that not only is the information subject to discovery under the TorrentSpy precedent, but the entity must then suspend its document deletion policy, which in the case of TorrentSpy was to delete information in RAM that it never stored. The potential consequences of this ruling (which is currently on appeal) are frightening. Whenever a company or other entity learns that information that it doesn't collect (or more accurately collects but doesn't store more than briefly) might be relevant to some litigation, it has to undertake affirmative efforts to start collecting and storing this information, in violation of its express privacy policy (creating potential FTC or privacy commission liability) for no purpose other than to create liability. Thus, when you learn of the possibility of litigation, you may have to START storing streaming media, contents of VOIP calls, contents of videoconferences, webinars, chats, instant messages, logs, scans, or other electronic records that you never stored before. The court also noted that companies "cannot insulate themselves from complying with their legal obligations to preserve and produce relevant information within their possession, custody or control and responsive to proper discovery requests, by reliance on a privacy policy -- the terms of which are entirely within [their] control". Thus, even if you SAY that the information wont be collected (stored) and you have no reason to collect (store) it, a court could mandate that you do so at your own expense. ISPs, Portals and Telcos A similar issue arises with respect to information held by Internet Service Providers (ISPs), web portals like Google, Yahoo and Microsoft, and telephone companies. These entities routinely collect massive volumes of data about their clients and customers ? including things like search requests and results, IP history information, logon information, services utilized, date, time, source, destination, and duration of calls. VoIP providers or ISPs may also store the contents of voice or video communications temporarily as a consequence of transmission of the packet network. Remember the adage ? if it exists, it is discoverable. Now there are legitimate reasons for companies to want to collect, store and use at least some of this information. There are business models based on the analysis of this information. Load balancing, billing, and even selling this information are all legitimate uses (provided that the consumer has some awareness that this is going on.) What is important is that the provider ? the telco, the ISP or the portal ? decides what information is going to be collected, how it is going to be used, whether it is going to be stored (and for how long) and then communicates these facts to the consumer. There has long been a debate over how long these entities will retain the records, and what they will do with them. The Department of Justice and the FBI has long been seeking authority to require ISPs, Telcos and others to retain log data and other data at their own expense, "just in case" the information might later become relevant (http://www.securityfocus.com/columnists/406) to some investigation. European countries have also been engaged in the same dialogue. If the records are retained (even when there is no business reason for keeping them) the records become discoverable ? by grand jury subpoena, FISA or Title III wiretap orders, National Security Letters, or by voluntary cooperation by the ISP or subject. They also become available in any other litigation ? copyright infringement, defamation, or routine divorce cases. Since the ISP or portal would generally be a third party with respect to the underlying litigation, they might not be mandated to create or permanently store log or other transitory information, but that is not entirely clear. What is clear is that the government wants companies that create electronic data to keep it "just in case". Indeed, ABC News reported that the FBI, in a Department of Defense authorization bill (http://blogs.abcnews.com/theblotter/2007/07/fbi-would-skirt.html) requested a grant of $5m to pay telephone companies to store information such as call records, and to develop a method of retrieving such information at the request of law enforcement. As reported by ABC News: The $5m project would apparently pay private firms to store at least two years' worth of telephone and Internet activity by millions of Americans, few of whom would ever be considered a suspect in any terrorism, intelligence or criminal matter. The project would involve "the development of data storage and retrieval systems...for at least two years' worth of network calling records," according to an unclassified budget document posted to the FBI's Web site. So instead of warehousing the records themselves (and with no legal authority to subpoena ALL records), the government is essentially issuing a document preservation request to the telephone companies, requesting that the records be kept by the telcos for two years, and agreeing to pay all or some of the cost of doing so. Effectively, this makes the telephone companies into the warehouses for the government and for anybody with a subpoena. Note that there is nothing wrong with the phone companies keeping these records for their own business purposes, but now they will be keeping them presumably just in case. The issue is not unique to telephone companies. Financial services companies, credit card companies, ISPs, web portals, VoIP providers, social networking sites, chat and IM providers all could be either compelled to retain records, or paid off to retain them just in case - even when their own privacy policy expressly forbids it. Web portals like Google, Yahoo! and Microsoft learned the lesson of the adage that if records exist they will be subpoenaed when, in the context of defending Congress' anti-smut statute, the government subpoenaed (in a civil lawsuit) massive volumes of data about how people used these portals, what they searched for, and what was ultimately delivered. As a result of this, and of the document retention requests by law enforcement and regulators, all of the major portals have voluntarily agreed to anonymize their records after a period of time ? Yahoo! for 13 months, Google and Microsoft for 18 to 24 months. Ask.com went further, offering a service called AskEraser (http://www.securityfocus.com/columnists/450/) which it claims would allow for anonymous web surfing, and where "the company claims it will not retain the search histories of customers who opt in for the AskEraser". Which brings us back to where we started. Just because you promise NOT to collect or retain records, doesn't mean that you won't be required to collect and maintain them. Even if you don't have technology readily available to capture data streaming through your network, if the information is stored there briefly, you may be required to capture it. Sure, you can try anonymizing technologies, but these usually work by NOT LOGGING data, which as we learned with TorrentSpy doesn't always work. What we need is a commonsense approach to what really is a record that is stored by a company, as opposed to log data which COULD be stored by a company. This article originally appeared in Security Focus (http://www.securityfocus.com/columnists/450/). Copyright ? 2007, SecurityFocus (http://www.securityfocus.com/) From rforno at infowarrior.org Wed Aug 8 17:01:05 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 08 Aug 2007 13:01:05 -0400 Subject: [Infowarrior] - IEEE: The Politics of DDoS Attacks Message-ID: The Politics of DDoS Attacks Greg Goth http://tinyurl.com/ywrm8c For several weeks beginning in early May, critical public- and private-sector Web sites in the Baltic nation of Estonia suffered crippling distributed-denial-of-service attacks. The DDoS attacks weren?t particularly larger than anything network experts had seen before, nor were they harbingers of new malware tactics. However, the ?soft? elements surrounding them brought new attention to the attack vectors available to anyone with a political chip on the shoulder and rudimentary knowledge of network dynamics. These elements also elicited new resolution from public-sector organizations to increase cross-border cooperation. Initial reports tied the attacks to an ongoing feud between Estonia and Russia. The Estonian government blamed the Russian government for the attacks, claiming to have traced one of the attacking computers to an IP address in one of Russian President Vladimir Putin?s offices. The Russian news agency, RIA Novosti, quoted government officials as denying any role in the attacks. Subsequent investigations revealed the difficulty of discovering the motives and ultimate operators behind a botnet DDoS attack. Also, the very nature of the state-versus-state scenario painted in the first reports only obscured salient technical facts behind them. ?Ignoring any politics in the situation, from a technical point of view it doesn?t take a whole lot of energy to DoS a country the size of Rhode Island,? says Marty Lindner, a senior member of the technical staff at the Computer Emergency Response Team (CERT) Coordination Center at Carnegie Mellon University?s Software Engineering Institute. ?There?s all this talk about this enormous DDOS attack. An attack that size is hitting various parts of the US and other countries every day.? New level of public-sector concern Lindner says the vast majority of attacks in the US don?t hit the news pages because there?s so much unused bandwidth that only the target really feels the pain. ?In the case of Estonia, they were only targeting 12 or 13 distinct Web sites, but the collateral damage was the national bandwidth resources,? Lindner says. ?In the big scheme of things, short of getting people outside the country to filter the attack traffic, there wasn?t much somebody in Estonia could do but hold on for the ride.? Lindner says the relative isolation of the Estonian network infrastructure contributed to the attacks? scale and duration. By isolation, he?s not speaking about the actual network facilities themselves but the supporting organizational structure between the Estonian operators and their colleagues in other nations. ?The ISPs in Estonia hadn?t established the relationships with their friends and neighbors,? he says. ?If the same type of attack were to happen again, I think the relationships have been established so more people would get involved in a more timely manner.? In regions where ISPs have established such relationships and organizations, such as the North American Network Operators Group (NANOG), Lindner says these informal, time-critical communication channels are well established. ?You wouldn?t hear about a medium-sized company in the US that?s bigger than Estonia, networkwise, that gets hit with the same type of attack, because it?s not newsworthy unless they go bankrupt,? Lindner says. ?From a technical point of view, this is old hat; there?s no magic here.? However, the initial suspicions of some sort of state-inspired (if not orchestrated) motivation behind the attacks led to unprecedented public reaction from government security organizations worldwide. On 22 May, Franco Frattini, the European Commission?s commissioner for freedom, justice, and security, announced a new European Union policy intended to combat cyberterrorism. ?Recent coordinated attacks oriented against the informatics systems of a Member State reinforce the need for a coordinated action across the Union involving the Commission and Member States,? Frattini said in announcing the new initiative. ?There is general agreement in Europe on the need to take action at EU-level.? The European Network and Information Security Agency also issued a statement regarding the Estonian attacks. However, ENISA ?s statement made clear that the agency itself wasn?t taking any operational role in dealing with cybercrime, which is the responsibility of member state law enforcement authorities in coordination with Europol: DDoS attacks are hard to mitigate and demand a lot of coordination and cooperation from various parties. CERT Estonia, established late last year, along with many local security managers and CERTs from other countries, had to establish such a cooperative effort quickly to subdue the attacks. Various CERTs from Europe and beyond helped to involve the international CERT community in mitigating attacks in Estonia. Will politics trump policy? After the Estonian attacks, a spate of news stories analyzed the likelihood of continued cyberattacks. Specifically, stories considered possible attacks that might run under the auspices of regimes bent on international mischief?or looked upon by them with a nod and a wink if the attacks served their purposes. ?Estonia was a hint to people they ought to be thinking a little more seriously about this kind of thing,? says James Lewis, director of the technology and public policy program for the Center for Strategic and International Studies, a Washington, D.C.-based think tank. ?It?s just going to be part of the normal practice.? For example, both the New York Times and the London consultancy mi2g wrote pieces highlighting China?s supposed preparation for cyberwarfare. Both stories cited a recent US Defense Department report ( www.defenselink.mil/pubs/pdfs/070523-China-Military-Power-final.pdf) on the Chinese military?s capabilities, quoting its passage on information warfare. Yet, that passage occupies only about a half page in the 50-page report, much of it boilerplate about elements of information warfare that most advanced nations possess. No one has yet pinpointed a connection between the Estonian attacks and the Russian government. Nevertheless, don?t expect politicians to be discouraged from quickly blaming a specific adversary for a DDOS attack. Lewis says cyber saber-rattling should be considered part of the future?s everyday landscape. ?It?s one of those things that people are going to have to get used to as part of politics,? Lewis says. ?That?s sort of slowly dawning on people. Estonia wasn?t a fluke, a one-time event.? Additionally, Lewis says the current climate of dire warnings about national interests in the context of network accessibility and security might be counterproductive in truly advancing knowledge about how DDoS attacks?and their fixes?really work. ?In some ways, we may have talked ourselves into a box,? he says. ?If you say, ?It?s the end of the world!? and, guess what?it isn?t, then how do you deal with this? I don?t think it changed anybody?s mind. It might have changed some minds in NATO and Europe, but not in the US.? One network security veteran says the Estonian attacks? aftermath was predictable and disheartening, so much that he actually stopped following the issue. ?The global reaction early on was the one to be expected, which was ?Oh my God, cyberterrorism, cyberwarfare, run for the hills!?? says Richard Forno, principal consultant for the consultancy KRVW Associates. ?And in fact, as soon as I saw that, I just turned off. I didn?t even do any further looking into the story. I figured the media was going to blow it all out of proportion.? Forno says much information coming from government officials about who might be lurking in the cyberbushes and the sometimes porous state of public sector security is the same as it was 10 years ago. At lectures Forno gave at the National Defense University about five years ago, where he dissected a Defense Department intranet that was billed as ?peered and redundant??virtually impervious to attack. However, he demonstrated that the supposedly separate networks used the same provider. Furthermore, they shared several common facilities. ?So, if you knew where these central points were,? he explains, ?you could disrupt coast-to-coast or regional communications. And people were flabbergasted.? Essentially meaningless boilerplate warnings and often fruitless attempts to plug vulnerabilities can't be blamed on any specific administration, Forno says. It?s just the nature of government IT. CSIS?s Lewis says these network shortcomings aren?t exclusive to any nation, which people should keep in mind when somebody quickly blames at another regime. In the case of China, for instance, Lewis says, ?we also know their network security is really bad, so if it was somebody else who wanted to make it look like the Chinese were doing it, it wouldn?t be that hard.? Neither Forno nor Lewis are confident that this lesson?or any of the more nuanced details about botnet attacks?has gotten through to either public officials or the mainstream press following Estonia's crisis. If any lesson might be gleaned from the Estonian situation, it?s that governments, which can prepare their own intranets and shepherd best practices, can only do so much during crises over the wider Internet. ?At the end of the day, governments are not the guys who can fix this problem,? Lindner says. ?It?s the top-tier carriers?the Level 3s, the Qwests, the AT&Ts, and their counterparts?who can do that. If there are 5,000 computers targeting Estonia, and 2,000 are in the US, the US operators can help with those 2,000, but other people elsewhere have to tackle the other 3,000. So you need to understand where the attacks are coming from, and you have to reach out to a very broad community to start filtering them.? Related URLs Russian Information Agency Novosti story denying role in Estonian attacks: http://en.rian.ru/russia/20070517/65661919.html European Union cyberterrorism policy announcement: http://europa.eu/rapid/pressReleasesAction.do?reference=IP/07/689&format=HTM L&aged=0&language=EN&guiLanguage=en New York Times story on China?s cyberwarfare preparation: www.nytimes.com/2007/06/24/weekinreview/24schwartz.html?ex=1184817600&en=18f 2e485db1066ce&ei=5070 mi2g story on China?s cyberwarfare preparation: www.intentblog.com/archives/2007/05/cyber_warfare_b.html US Defense Department report on Chinese military capabilities: www.defenselink.mil/pubs/pdfs/070523-China-Military-Power-final.pdf From rforno at infowarrior.org Wed Aug 8 17:03:42 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 08 Aug 2007 13:03:42 -0400 Subject: [Infowarrior] - Google News lets newsmakers comment on stories Message-ID: Freedom from the press: Google News lets newsmakers comment on stories http://arstechnica.com/news.ars/post/20070808-who-needs-journalists-google-n ews-to-let-newsmakers-comment-on-stories.html By Nate Anderson | Published: August 08, 2007 - 10:36AM CT Beginning this week, Google News will start posting user comments, but only from people actually featured in news stories. Newspapers that were unhappy about Google News using snippets of their articles will probably be even less pleased to see the new feature deployed, since Google could become an even more formidable player when it starts hosting original content. Here's how the new system will work: people or organizations that are mentioned in news stories can submit comments to the Google News team, which will then display those comments?unedited?alongside the Google News links to those stories. The new system will at first be deployed only within the US, but Google is open to expanding it to other regions if the trial goes well. This raises a number of questions that the announcement does not attempt to answer, such as how Google will vet the comments to ensure they come from the claimed source (watch this space for the first "Google News punked!" stories in the following weeks). Google is also a backer of algorithm-driven solutions as opposed to those which require human interaction and don't scale as well. Vetting comments and verifying identities doesn't sound like the sort of thing which lends itself to an algorithm, but we'll assume Google has thought this through and has some sort of plan. Let's turn instead to the most interesting implication. Once the new system is in place, Google News will feature something it has never had before: original content. There's a certain amount of "originality" in aggregating news sources from around the world and organizing them into easy-to-click topics, of course, but the content has all been owned by others, and some of those others have been less than happy about their inclusion in Google News. If the new comments feature takes off and Google News becomes a central clearinghouse for those who want to respond to pieces in which they appear, the site's popularity would no doubt skyrocket. News junkies would have to visit Google News?and not any particular newspaper?to find out if, say, Barry Bonds objected to a characterization of him on the USA Today sports page. This would clearly be good for Google, but it also has implications for journalism. With the rise of the web, journalists have already lost some of their power as gatekeepers; anyone with a blog can easily tell their own side of a story if a journalist "gets it wrong." But such responses have been scattered across the Internet, and readers generally have to go looking for them. Bringing them all together in one place and sticking them right beside the stories from the professional journalists gives those in the headlines more power to tell their own side of the story. It could also impact news brands. While major papers like The Financial Times, The New York Times, and The Wall Street Journal will have no trouble keeping a high profile, smaller brands might. That's because people can go directly to Google News to get their headlines rather than trolling around to the front pages of a dozen daily papers. This is already happening, but the comments feature could accelerate the trend by combining Google's ease of use with exclusive content. When readers can get all the headlines plus unfiltered reactions from those in the news, why go elsewhere? While this is all possible, we'll really need to see what uptake is like, especially among those who might submit comments. Much like celebrity TV news, Google News need to attract comments from the "big fish" to keep readers interested. If random third-tier analysts and unknown CEOs are the only ones who submit, interest will remain... reduced. From rforno at infowarrior.org Wed Aug 8 23:37:22 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 08 Aug 2007 19:37:22 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?Did_AT=26T_Censor_Pearl_Jam_=B9_s_?= =?iso-8859-1?q?Lollapalooza_WebCast=3F?= Message-ID: Did AT&T Censor Pearl Jam?s Lollapalooza WebCast? Written by Om Malik Wednesday, August 8, 2007 at 1:45 PM PT | 2 comments http://gigaom.com/2007/08/08/att-censored-pearl-jam-webcast/ Ma Bell seems to be acting like the big brother. Apparently, AT&T censored parts of Pearl Jam?s performance over the weekend. Rock band was performing as part of Lollapalooza. On their website, Pearl Jam writes: During the performance of ?Daughter? the following lyrics were sung to the tune of Pink Floyd?s ?Another Brick in the Wall? but were cut from the webcast: - ?George Bush, leave this world alone.? (the second time it was sung); and - ?George Bush find yourself another home.? They go on and say that this is more than just the censorship of a rock band. ?What happened to us this weekend was a wake up call,? they write. AT&T blamed the censorship on an overaggressive content monitor. Gigi B. Sohn, president and co-founder of Public Knowledge, dismissed that defense, and said it was ?nothing short of appalling.? An AT&T spokesperson sent us this statement: ?The editing of the Pearl Jam performance on Sunday night was not intended, but rather a mistake by one of the webcast editors. We have policies in place with respect to editing excessive profanity, but AT&T does not edit or censor performances. We have that policy in place because the blue room is not age-restricted. We regret the mistake and are trying to work with the band to post the song in its entirety.? From rforno at infowarrior.org Thu Aug 9 02:08:32 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 08 Aug 2007 22:08:32 -0400 Subject: [Infowarrior] - School Boards Assn: Internet and social network danger over-rated Message-ID: Schoolboards: net dangers over-rated; bring social networks to school By David Cassel Schoolboards: net dangers over-rated; bring social networks to schoolThe internet isn't as dangerous as people think, and teachers should let students use social networks at school. That's the surprising new recommendation from the National School Boards Association ? a not-for-profit organization representing 95,000 school board members ? in a new study funded by Microsoft, News Corporation, and Verizon. It warns that many fears about the internet are just overblown. "School district leaders seem to believe that negative experiences with social networking are more common than students and parents report," the study reports. For example, more than half the districts think sharing personal information has been "a significant problem" in their schools ? "yet only 3% of students say they've ever given out their email addresses, instant messaging screen names or other personal information to strangers." In fact, the Association and resesearchers at Grunwald Associates LLC surveyed 1,277 students online (between the ages of 9 and 17) ? along with 1,039 parents, and 250 school district leaders "who make decisions on internet policy." And the students reported big differences from the adults' concerns. Only 20% said they'd seen "inappropriate" pictures on social networking sites in the last 3 months. (And only 11% of parents concur, even for the last 6 months.) Only 18% of the students said they'd seen "inappropriate" language, and just 7% reported they'd been "cyberbullied," or asked about their personal identity on a social networking site. Furthermore, the numbers got even smaller when the students were asked about more worrisome situations. Only 4% of the students said they'd ever had an online conversation that made them uncomfortable, and only 2% said an online stranger tried to meet them in person. In fact, after surveying 1,277 students, the researchers found exactly one who reported they'd actually met a person from the internet without their parents' permission ? and described this as "0.08 percent of all students." "Only a minority of students has had any kind of negative experience with social networking in the last three months," the study concludes. "Even fewer parents report that their children have had a negative experience over a longer 6-month period." < - > http://tech.blorge.com/Structure:%20/2007/08/07/schoolboards-net-dangers-ove r-rated-bring-social-networks-to-school/ From rforno at infowarrior.org Thu Aug 9 02:14:00 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 08 Aug 2007 22:14:00 -0400 Subject: [Infowarrior] - Too much security can be overbearing: Microsoft Message-ID: Too much security can be overbearing: Microsoft * 8th August 2007 http://apcmag.com/6895/war_on_terror_overblown_microsoft Steve RileySteve RileyTECH.ED | When does too much security become, well, too much? According to Steve Riley, senior security strategist at Microsoft, it becomes too much when the cost of mitigating the risk outweighs the cost of that which you are trying to protect. Steve's approach to security spans all horizons, not just information technology. He elaborated on this theory in an afternoon session today at Microsoft Tech.Ed entitled "Making the Tradeoff: Be Secure or Get Work Done". The cost of securing an asset is not simply the absolute cost of purchasing an enterprise firewall or business-wide malware software, according to Riley. It's measured against the current cost of leaving things as they are - if a couple of machines go down every week because of security vulnerabilities, that is a cost which can be measured and taken into consideration. However, if the cost is actually less than the cost of removing the problem, bizarre as it may sound, it might not actually be worth it. Steve applied this same train of logic to other, more worldly scenarios. Child kidnapping for example - apparently American parents are paranoid about kidnapping, and so forbid their children to talk to strangers. The result, according to Steve, is a generation which can't ask for help when the only source of help is a stranger, and a general and unacceptable reduction in human interaction which is the basis of any civilised society. He prefers to tell his own kids that "...most adults are kind and honest and will help you if you need helping. But no adult needs your help to find their dog." Teach them to recognise the attacks, rather than react negatively to an imagined fear. And this goes all the way up to the US's so-called "War on Terror". According to Steve, are any of us really made safer by taking our shoes off to go through metal detectors? Surely X-ray scanners which can see right through people's clothing is an unacceptable breach of privacy? At the very least, do we want to live in a society where this is the accepted norm? Regardless of the answer to these questions, go back to his approach with children and strangers - recognise the methods of attack, rather than focus on stopping the tools. Why did the September 11 terrorists use planes to destroy the World Trade Centre? Because it was probably the easiest method at their disposal. If a terrorist wishes kill people at an airport, all the security in the world won't stop them from detonating the bomb while waiting in the security lineup. These are sobering thoughts, and they do make you take a second look at the vast amounts of money and effort going into security "measures" which do much to remove personal liberty and intrude in our daily existence, yet prove remarkably ineffective at actually stopping anyone determined to succeed. There are direct parallels with ordinary, everyday security. For example, we're always told never to write down our passwords. As Steve put it, "...it's perfectly OK to write your password down, as long as you protect the piece of paper". This particular section of Steve's presentation dealing with the War On Terror doesn't appear on the US-developed Tech.Ed DVDs -- it was censored and removed. James Bannan is reporting from Tech.Ed Australia 2007 as a guest of Microsoft. From rforno at infowarrior.org Thu Aug 9 11:43:13 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 09 Aug 2007 07:43:13 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?CFP=3A_=B3_Text_Annotation_for_Pol?= =?iso-8859-1?q?itical_Science_Research_=B2?= Message-ID: Call for Papers A special issue of the Journal of Information Technology & Politics http://www.jitp.net ?Text Annotation for Political Science Research? http://www.jitp.net/files/cfp_text_issue.pdf Text is an important data source for political science research. Large, digitized text collections are becoming increasingly common. Yet most political scientists have little familiarity with the language-processing methodologies available to support research using these collections. Specifically, we are interested in methodologies from the fields of information retrieval, natural language processing, and machine learning. These techniques facilitate the automatic searching, organizing, categorizing, and extracting of information from digitized text. At a high level, the goal of language-processing is to provide one or more semantic annotations on the text. The political science question of interest can then be explored using these annotations. Text annotation techniques vary not only according to the type of semantic annotation required, but also according to the degree of manual intervention involved in the annotation process: text annotation tasks can be accomplished entirely manually (i.e., via human content coding), entirely automatically (e.g. via keyword-based search or text clustering algorithms), automatically after a manual training period (i.e. via "supervised" machine learning methods), or semi-automatically (e.g. via "weakly supervised" machine learning methods that acquire automatic annotation systems from very small amounts of manually labeled text). Although the potential of text annotation methods for political science research is enormous, it is understandably difficult for researchers to know where to start. In addition, in contrast to other research methodologies in the social sciences, the criteria for evaluating social science results that rely on automatic text annotation systems are not widely known, accepted, or appreciated. Keyword searches, for example, are commonly used to trace changing political attention across time, but rarely is attention given to their reliability or accuracy, raising doubts about the validity of researcher inferences. The aim of the special issue is to solicit and publish papers that provide a clear view of the state of the art in text annotation and evaluation, especially for political science. How do the techniques map onto major questions addressed by political scientists? What kinds of problems have been addressed in existing work and what text annotation methods have proven most successful? Are standard statistical measures of accuracy, recall, and precision adequate for evaluating the performance of the text annotation technique, or are new evaluation procedures needed that simultaneously consider the social science question being investigated? Given these interests, we therefore encourage submissions in the following areas: tutorial-style surveys of state-of-the-art techniques in human language technologies and text annotation; surveys of the state-of-the-art in the application of language-processing techniques in the social sciences, particularly in political science; comparisons of competing text annotation methodologies on the same corpus/corpora; innovative evaluation and diagnostic methods; studies of text annotation methods that try to limit the amount of costly, manually annotated data for training automatic annotators, e.g. active learning; specific applications and evaluations of language-processing and text annotation techniques; applications of the text-processing techniques on non-social science problems that point the way to innovative social science applications; and surveys of the available language-processing tools and resources with guidance for when to use them. All submissions must be prepared according to the submission guidelines available at: http://www.jitp.net . Authors must submit via: http://www.criticalmath.com/method/sm.php?org_id=12789 The initial submission is due by November 1, 2007 The guest editors for the special are: Claire Cardie, Professor Computer Science and Information Science 4130 Upson Hall Cornell University Ithaca NY 14853-7501 cardie at cs.cornell.edu John Wilkerson, Associate Professor Department of Political Science 101 Gowen Hall University of Washington Seattle WA 98195-353530 jwilker at u.washington.edu From rforno at infowarrior.org Thu Aug 9 17:52:41 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 09 Aug 2007 13:52:41 -0400 Subject: [Infowarrior] - Pearl Jam statement on ATT censorship Message-ID: LOLLAPALOOZA WEBCAST: SPONSORED/CENSORED BY AT&T? 08.08.07 http://pearljam.com/news/index.php?what=News#195 After concluding our Sunday night show at Lollapalooza, fans informed us that portions of that performance were missing and may have been censored by AT&T during the "Blue Room" Live Lollapalooza Webcast. When asked about the missing performance, AT&T informed Lollapalooza that portions of the show were in fact missing from the webcast, and that their content monitor had made a mistake in cutting them. During the performance of "Daughter" the following lyrics were sung to the tune of Pink Floyd's "Another Brick in the Wall" but were cut from the webcast: - "George Bush, leave this world alone." (the second time it was sung); and - "George Bush find yourself another home." This, of course, troubles us as artists but also as citizens concerned with the issue of censorship and the increasingly consolidated control of the media. AT&T's actions strike at the heart of the public's concerns over the power that corporations have when it comes to determining what the public sees and hears through communications media. Aspects of censorship, consolidation, and preferential treatment of the internet are now being debated under the umbrella of "NetNeutrality." Check out The Future of Music or Save the Internet for more information on this issue. Most telecommunications companies oppose "net neutrality" and argue that the public can trust them not to censor.. Even the ex-head of AT&T, CEO Edward Whitacre, whose company sponsored our troubled webcast, stated just last March that fears his company and other big network providers would block traffic on their networks are overblown.. "Any provider that blocks access to content is inviting customers to find another provider." (Marguerite Reardon, Staff Writer, CNET News.com Published: March 21, 2006, 2:23 PM PST). But what if there is only one provider from which to choose? If a company that is controlling a webcast is cutting out bits of our performance -not based on laws, but on their own preferences and interpretations - fans have little choice but to watch the censored version. What happened to us this weekend was a wake up call, and it's about something much bigger than the censorship of a rock band. The complete version of "Daughter" from the Lollapalooza performance will be posted here soon for any of you who missed it. We apologize to our fans who were watching the webcast and got shortchanged. In the future, we will work even harder to ensure that our live broadcasts or webcasts are free from arbitrary edits. If you have examples of AT&T censoring artist performances around political content, it's a good thing for everyone to know about. Feel free to post examples on the official Pearl Jam Message Pit. From rforno at infowarrior.org Fri Aug 10 01:59:26 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 09 Aug 2007 21:59:26 -0400 Subject: [Infowarrior] - Citing Four-Day Old Law, Bush Seeks Dismissal of NSA Spying suit Message-ID: BREAKING: Citing Four-Day Old Surveillance Law, Bush Seeks Dismissal of Lawsuit Challenging NSA Spying Thursday, August 09 2007 @ 03:52 PM CDT Contributed by: PrivacyNews News Section: In the Courts Four days after President Bush signed controversial legislation legalizing some warrantless surveillance of Americans, the administration is citing the law in a surprise motion today urging a federal judge to dismisss a lawsuit challenging the NSA spy program. The lawsuit was brought by lawyers defending Guantanamo Bay prisoners. The lawyers and others alleged the threat of surveillance is chilling their First Amendment rights of speech, and their clients' right to legal representation. ... Justice Department lawyers are asking (.pdf) U.S. District Judge Vaughn Walker to toss the case, citing the new law -- which says warrantless surveillance can continue for up to a year so long as one person in the intercepted communications is reasonably believed to be located outside of the United States. The motion is set to be heard in federal court in San Francisco this afternoon. THREAT LEVEL will be there. http://www.pogowasright.org/article.php?story=2007080915524542 From rforno at infowarrior.org Fri Aug 10 11:39:43 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Aug 2007 07:39:43 -0400 Subject: [Infowarrior] - Fair dinkum! Aussie lingo sparks security scare Message-ID: (The conspiracy-theorist in me wonders now, post-911, if you're detained erroneously and then release with deepest apologies for the inconvenience, if your name isn't kept on-file somewhere in some "event" database by the homeland security apparatus......can't help but wonder about this........rf) Fair dinkum! Aussie lingo sparks security scare Jano Gibson August 10, 2007 - 3:10PM http://www.theage.com.au/news/travel/fair-dinkum-lingo-sparks-us-scare/2007/ 08/10/1186530597194.html Strewth. Crikey. Bloody hell. An Australian woman has reportedly sparked a security scare aboard a US flight after her use of a common Australian phrase was apparently misinterpreted as an act of aggression. Sophie Reynolds, 41, from Queanbeyan, was flying aboard SkyWest Airlines from Atlanta to Pittsburgh this week when she asked a flight attendant if she could have a pack of pretzels instead of crackers. "[The flight attendant] said they didn't have any [pretzels], and I said, 'Fair dinkum,' out of frustration," Reynolds was quoted as saying in the The Atlanta Journal-Constitution. Before she knew it a second flight attendant asked her for her passport and copied down her name. Then, when the flight landed, three uniformed officers greeted her. "They said, 'You swore at the hostess and there are federal rules against that,"' Reynolds said. "And I said, 'I did not swear at the hostess, I just said 'fair dinkum."' A spokeswoman for the airline said it was not simply a matter of misunderstanding the language. "We witnessed aggressive behaviour throughout the flight," she said. Reynolds was not charged and allowed to go on her way, she said. From rforno at infowarrior.org Fri Aug 10 13:22:10 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Aug 2007 09:22:10 -0400 Subject: [Infowarrior] - Universal Music Will Sell Songs Without Copy Protection Message-ID: Universal Music Will Sell Songs Without Copy Protection By JEFF LEEDS http://www.nytimes.com/2007/08/10/business/10music.html?_r=1&oref=slogin&pag ewanted=print Signaling another departure from the music industry?s longtime antipiracy strategy, the Universal Music Group will sell a significant portion of its catalog without the customary copy protection software for at least the next few months, the company announced yesterday. Universal, the world?s biggest music conglomerate, said it would offer albums and songs without the software, known as digital rights management, through existing digital music retail services like RealNetworks and Wal-Mart, nascent services from Amazon.com and Google, and some artists? Web sites. But the music will not be offered D.R.M.-free through Apple?s iTunes, the leading music service. The use of copy protection software has become a major bone of contention in the digital music business, where iTunes accounts for the vast majority of download sales. The record labels generally have required that retailers place electronic locks to limit copying of music files. But Apple?s proprietary D.R.M. does not work with most rivals? devices or software ? meaning that music sold by competing services cannot play on Apple?s popular iPod. Some record executives say they believe that the stalemate has capped the growth of digital music sales, which the industry is relying on more heavily as sales of plastic CDs slide. The offer of Universal?s music under the new terms is being framed as a test, to run into January, allowing executives to study consumer demand and any effect on online piracy. A Universal decision to adopt the practice permanently would put pressure on other record companies to follow suit. That could stoke a wider debate about how to treat intellectual property in the digital era. Universal?s artists include the Black Eyed Peas and 50 Cent. The effort is likely to be seen as part of the industry?s wider push to increase competition to iTunes and shift leverage away from Apple, which wields enormous influence over prices and other terms in digital music. A month ago, Universal notified Apple that it would not agree to a new long-term contract to sell music through iTunes. Steven P. Jobs, Apple?s chief executive, made his position on copy protection software clear in February, when he posted a statement on the company?s Web site calling on the record companies? to abandon their insistence on D.R.M., which he argued had largely failed to resolve the industry?s piracy woes. So far, only one of the four major music companies, the EMI Group, embraced a wholesale shift away from the usual approach. EMI, which releases music by artists like Norah Jones and Coldplay, first struck a deal with iTunes in which songs without copy protection (and with better audio quality) would be sold at a higher price ? $1.29 instead of the usual 99 cents for the restricted songs. EMI has said the results so far have been promising. Under Universal?s arrangements with digital retailers, at least some of its new music will be sold in unprotected form for 99 cents, company executives said. From rforno at infowarrior.org Fri Aug 10 13:40:14 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Aug 2007 09:40:14 -0400 Subject: [Infowarrior] - Inside the Ring - China espionage In-Reply-To: <46BC6A16.1070901@inetassoc.com> Message-ID: ------ Forwarded Message From: Duane I thought that this might be pertinent to the InfoWarrior list. c/o ISN. http://www.washingtontimes.com/apps/pbcs.dll/article?AID=/20070810/NATION04/ 108100083/1008 By Bill Gertz August 10, 2007 Chinese military intelligence collectors scored a recent coup in stealing valuable U.S. simulation technology that will boost Beijing's combat training. Xiaodong Sheldon Meng, 42, a former Beijing resident, pleaded guilty Aug. 1 in California to illegally providing China's military with embargoed software used in air force and navy training. Meng also pleaded guilty to stealing proprietary corporate technology known as "Mantis" while working for the San Jose-based Quantum3D Inc., and attempting to sell it to China's Navy Research Center. Prosecutors said Meng violated arms export control laws by selling China's military what is called "viXsen" source code, a Quantum3D product controlled for export as a defense article. The software is used in "visual simulation software program used for training military fighter pilots." Meng also illegally installed a copy of Quantum3D's "Mantis" simulation software on a Chinese navy site and altered the code to make it appear as though it belonged to a competitor. The software was part of a sales demonstration project for the Chinese produced by Meng. "This conviction, the first in the nation for illegal exports of military-related source code, demonstrates the importance of safeguarding our nation's military secrets and should serve notice to others who would compromise our national security for profit," said Kenneth L. Wainstein, assistant attorney general for national security. "This case is the latest evidence of the department's enhanced investigative and prosecutorial efforts to keep America's critical technology from falling into the wrong hands." Investigators said Meng stole software that is "designed for precision training of military fighter pilots in night vision scenarios, among other applications." U.S. officials said the compromise could be more extensive than outlined by prosecutors because Quantum3D produces mainly military products, including day and night combat training simulators, and advanced infrared, electro-optical and night vision goggle devices. "The software stolen by Meng will improve the PLA's ability to achieve more sophisticated military simulation for training and mission planning purposes, that is, to help them to better kill us," said Richard Fisher, a specialist at the International Assessment and Strategy Center, referring to the acronym for China's People's Liberation Army. The software acquisition is part of a large-scale Chinese military technology collection program targeting the United States. China is in the process of building up its military forces with the goal of challenging the United States in any conflict over Taiwan. The buildup includes acquisition of advanced Russian fighter bombers as well as new indigenous J-10 fighters. The Pentagon's annual report on China's military power said such illegal software acquisitions are part of China's "aggressive and wide-ranging espionage" that poses "the leading threat to U.S. technology." The technology is "vital for the [Chinese military's] transformation into an information-based, network-centric force," the report stated, noting more than 400 U.S. investigations related to China since 2000. [...] From rforno at infowarrior.org Fri Aug 10 21:35:37 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Aug 2007 17:35:37 -0400 Subject: [Infowarrior] - Court rules Novell owns the UNIX and UnixWare copyrights Message-ID: Court Rules: Novell owns the UNIX and UnixWare copyrights! Novell has right to waive! Friday, August 10 2007 @ 04:52 PM EDT Hot off the presses: Judge Dale Kimball has issued a 102-page ruling [PDF] on the numerous summary judgment motions in SCO v. Novell. Here is what matters most: [T]he court concludes that Novell is the owner of the UNIX and UnixWare Copyrights. That's Aaaaall, Folks! The court also ruled that "SCO is obligated to recognize Novell's waiver of SCO's claims against IBM and Sequent". That's the ball game. There are a couple of loose ends, but the big picture is, SCO lost. Oh, and it owes Novell a lot of money from the Microsoft and Sun licenses. < - > http://www.groklaw.net/article.php?story=20070810165237718 From rforno at infowarrior.org Sat Aug 11 02:20:56 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Aug 2007 22:20:56 -0400 Subject: [Infowarrior] - Privacy: E-Z Pass Data Used To Catch Cheaters Message-ID: Not So Fast: E-Z Pass Data Used To Catch Cheaters Divorce Lawyers Find Toll Records, Prove Spouses Lied About Whereabouts http://wcbstv.com/topstories/local_story_222140553.html (CBS/AP) TRENTON, N.J. There's some potentially troubling and telling news for all you motorists out there who may be taking the Turnpike for the worst crime in marriage: cheating on your significant other. E-ZPass and other electronic toll collection systems are emerging as a powerful means of proving infidelity. That's because when your spouse doesn't know where you've been, E-ZPass does. "E-ZPass is an E-ZPass to go directly to divorce court, because it's an easy way to show you took the off-ramp to adultery," said Jacalyn Barnett, a New York divorce lawyer who has used E-ZPass records a few times. Lynne Gold-Bikin, a Pennsylvania divorce lawyer, said E-ZPass helped prove a client's husband was being unfaithful: "He claimed he was in a business meeting in Pennsylvania. And I had records to show he went to New Jersey that night." Digg This Story! Generally mounted inside a vehicle's windshield behind the rearview mirror, E-ZPass devices communicate with antennas at toll plazas, automatically deducting money from the motorist's prepaid account. Of the 12 states in the Northeast and Midwest that are part of the E-ZPass system, agencies in seven states provide electronic toll information in response to court orders in criminal and civil cases, including divorces, according to an Associated Press survey. In four of the 12 states, including New Jersey and Pennsylvania, highway authorities release E-ZPass records only in criminal cases. West Virginia parkways authority has no policy. (Divorce attorneys in some cases can still obtain toll records from the other spouse rather than a highway agency.) The Illinois Tollway, which hands over toll records, received more than 30 such subpoenas the first half of this year, with about half coming from civil cases, including divorces, according to Joelle McGinnis, an agency spokeswoman. The New Jersey Turnpike Authority said it turns down about 30 subpoenas in civil cases every year, about half of them divorces. Electronic toll records have also proved useful in criminal cases. They played a role in the murder case against Melanie McGuire, a New Jersey nurse convicted in April of killing her husband and tossing his cut-up remains into the Chesapeake Bay in three matching suitcases in 2004. Prosecutors used toll records to reconstruct her movements. Davy Levy, a Chicago divorce lawyer for more than 30 years, said toll records from I-Pass (part of the E-ZPass system) are useful in catching a spouse in a lie. "You bring up the I-Pass records and it destroys credibility," said Levy, who has used such records two or three times for such purposes. The E-ZPass network covers about half the East Coast and part of the Midwest, with about 2 billion charges per year. That can mean a lot of records. One of the busiest toll plazas in New Jersey, the Garden State Parkway's southbound Raritan plaza, gets about 90,000 E-ZPass hits per day. Some worry that using those records for other purposes is a violation of drivers' privacy. "When you're marketed for this new convenience, you may not realize there are these types of costs," said Nicole Ozer of the American Civil Liberties Union of Northern California. Bob Barr, a former Republican congressman from Georgia turned Libertarian and privacy rights advocate, said people who want to protect their privacy shouldn't use electronic toll systems. "People are foolish to buy into these systems without thinking, just because they want to save 20 seconds of time going through a toll booth," he said. From rforno at infowarrior.org Sat Aug 11 15:17:05 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 11 Aug 2007 11:17:05 -0400 Subject: [Infowarrior] - Vista Prevents Users Playing High-Def Content Message-ID: Vista Prevents Users Playing High-Def Content Vista requires premium content like high-definition movies to be degraded in quality when sent to high-quality outputs. Jon Brodkin, Network World Friday, August 10, 2007 6:00 AM PDT http://www.pcworld.com/article/id,135814-pg,1/article.html Content protection features in Windows Vista are preventing customers from playing high-quality video and audio and harming system performance, even as Microsoft neglects security programs that could protect users, computer researcher Peter Gutmann argued at the USENIX Security Symposium in Boston Wednesday. "If there was any threat modeling at all, it was really badly done," Gutmann, from the University of Auckland, New Zealand, said while giving a talk on Vista content protection. "Once the enemy is the user and not the attacker, standard security thinking falls apart." Vista requires premium content like high-definition movies to be degraded in quality when sent to high-quality outputs, so users are seeing status codes that say "graphics OPM resolution too high." Gutmann calls this "probably the most bizarre status code ever." While Microsoft's intent is to protect commercial content, home movies are increasingly being shot in high definition, Gutmann said. Many users are finding they can't play any content if it's considered "premium." "This is not commercial HD content being blocked, this is the users' own content," Gutmann said. "The more premium content you have, the more output is disabled." Gutmann, who wore a white T-shirt marked with a Windows Vista logo during his presentation, first issued his criticisms several months ago with a paper titled A Cost Analysis of Windows Vista Content Protection. Gutmann's paper called Vista's content protection rules "the longest suicide note in history." Microsoft acknowledged that quality of premium content would be lowered if requested by copyright holders, the BBC reported. Microsoft defended its copyright protections after Gutmann's paper came out, saying they are common features of many playback devices, the BBC article says. The protections allow copyright holders to prevent video from being played in high definition unless users have equipment that supports the High-bandwidth Digital Content Protection (HDCP) digital rights management system developed by Intel. If PC users have graphics cards with video connections that don't support HDCP, they are out of luck. High-definition audio is also blocked in many cases, Gutmann said Wednesday. "It's taking this open architecture that IBM created 25 years ago and making it closed again," he said. In a 132-slide PowerPoint presentation, Gutmann outlined numerous features of Vista that he says are frustrating customers and programmers. New functionality related to content protection makes it hard to develop new drivers, he said. When ATI was finally able to ship Vista drivers, they crashed Windows, and Dell and Gateway had to delay Vista upgrades because they couldn't get working drivers, he said. Gutmann said hardware costs will increase because vendors can't provide Vista-approved security functionality unless Hollywood studios like MGM, 20th Century Fox and Disney grant written approval saying the content security meets their standards. A Vista function known as "tilt bits" -- like the tilt sensor in pinball machines -- requires hardware and software drivers to report every minor glitch, even ones that cause no problems, Gutmann said. "Every otherwise unnoticeable minor glitch is suddenly surfaced and turned into a showstopper," he said. Separately, all the extra encryption required to meet Vista's content protection standards means some computer components can never enter power-saving mode, he said. Thus, when you play a movie your CPU keeps running at full steam, he said. The extra power demands make it hard to reduce electricity usage. "It's a bit of an extreme claim, but you could say Windows Vista causes global warming, because it's burning so much power with all this nonsense," Gutmann said. The encryption requirements render high-end graphics processing units less effective, he said, because the best of those products emphasize graphics performance over content protection. On Vista, US$100-video cards can thus outperform those that cost $1,000. Gutmann argued that Microsoft placed content protection above all other priorities when building Vista, perhaps to gain favor and money from Hollywood. Microsoft should have instead focused this effort on security features that protect users, Gutmann said, such as encrypted paging to protect user secrets, protected content domains that keep out malware, and anti-debugging techniques to prevent rootkit hooking. New Zealand's government, which has argued that digital rights management fails to address the rights of people and government, appears to be the only government worldwide to express public concern about Vista's content protection standards, Gutmann said. For more information about enterprise networking, go to NetworkWorld. Story copyright 2007 Network World Inc. All rights reserved. From rforno at infowarrior.org Sat Aug 11 15:18:52 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 11 Aug 2007 11:18:52 -0400 Subject: [Infowarrior] - Why Is Hollywood Making A Sequel To The Napster Wars? Message-ID: Why Is Hollywood Making A Sequel To The Napster Wars? Shutting down Napster was a huge blunder for the record companies, leading to the collapse of the entire industry. Now, movies and TV studios are looking to repeat the failure by going after YouTube, says columnist Cory Doctorow. By Cory Doctorow, InformationWeek Aug. 10, 2007 URL: http://www.informationweek.com/story/showArticle.jhtml?articleID=201400131 Hollywood loves sequels -- they're a safe bet if the franchise is already successful. But you'd have to be nuts to shoot a sequel to a disastrous flop. The Napster debacle was the entertainment industry's biggest-ever flop. That disaster took place six years ago, when the record industry succeeded in shutting down the pioneering file-sharing service. Record companies show no signs of recovery. The disastrous thing about Napster wasn't that it it existed, but rather that the record industry managed to kill it. Napster had an industry-friendly business-model: raise venture capital, start charging for access to the service, and then pay billions of dollars to the record companies in exchange for licenses to their works. Yes, Napster kicked this plan off without getting permission from the record companies, but that's not so unusual. The record companies followed the same business plan a hundred years ago, when they started recording sheet music without permission, raising capital and garnering profits, and then working out a deal to pay the composers for the works they'd built their fortunes on. Napster's plan was plausible. They had the fastest-adopted technology in the history of the world, garnering 52,000,000 users in 18 months -- more than had voted for either candidate in the preceding U.S. presidential election! -- and discovering, via surveys, that a sizable portion would happily pay between $10 and $15 a month for the service. What's more, Napster's architecture included a gatekeeper that could be used to lock out nonpaying users. The record industry refused to deal. Instead, it sued, bringing Napster to its knees. Bertelsmann bought Napster out of the ensuing bankruptcy. Later, Universal followed the same patttern when it killed MP3.com in the courts, then brought home the corpse on the cheap, running it as an internal project. After that, the record companies had a field day: practically every venture-funded P2P company went down, and the record companies made millions of dollars. But the record companies weren't ready to replace these services with equally compelling alternatives. Instead, they fielded inferior replacements like PressPlay, with limited catalog, high prices, and anti-copying technology (digital rights management, or DRM) that alienated users by the millions by treating them like crooks instead of customers. These half-baked ventures did untold damage to the record companies and their parent firms. Just look at Sony: It should have been at the top of the heap. It produces some of the world's finest, best-designed electronics. It owns one of the largest record labels in the world. The synergy should have been incredible. Instead, Sony's portable players -- the MusicClip and others -- were so crippled by anti-copying technology that they couldn't even play MP3s, and the music selection at Sony services like PressPlay was anemic, expensive, and equally hobbled. Sony isn't even a name in the portable audio market anymore -- today's Walkman is an iPod. Of course, Sony still has a record label -- for now. But sales are falling, and the company is reeling from the 2005 "rootkit" debacle, where it deliberately infected eight million music CDs with a hacker tool called a rootkit, compromising more than 500,000 U.S. computer networks, including military and government networks, all in a (failed) bid to stop copying of its CDs. The public wasn't willing to wait for Sony and the rest to wake up and offer a service that was as compelling, exciting, and versatile as Napster. Instead, they flocked to a new generation of services like Kazaa and the various Gnutella networks. Kazaa's business model was to set up offshore, on the tiny Polynesian island of Vanuatu. Kazaa bundled spyware with its software, making its profits off fees from spyware crooks. Kazaa didn't want to pay billions for record industry licenses -- it used the international legal and finance system to hopelessly snarl the RIAA's members through half a decade of wild profitability. The company was eventually brought to ground, but the founders walked away and started Skype and then Joost. Meantime, dozens of other services had sprung up to fill Kazaa's niche -- AllofMP3, the notorious Russian site, was eventually killed through intervention of the U.S. Trade Representative and the WTO, and was reborn practically the next day under a new name. It's been eight years since Sean Fanning created Napster in his college dorm room. Eight years later, there isn't a single authorized music service that can compete with the original Napster. Record sales are down every year, and digital music sales aren't filling in the crater. The record industry has contracted to four companies, and it may soon be three if EMI can get regulatory permission to put itself on the block. The sue-'em-all-and-let-God-sort-'em-out plan was a flop in the box office, a flop in home video, and a flop overseas. So why is Hollywood shooting a remake? Napster: The Sequel YouTube, 2007, bears some passing similarity to Napster, 2001. Founded by a couple guys in a garage, rocketed to popular success, heavily capitalized by a deep-pocketed giant. Its business model? Turn popularity into dollars and offer a share to the rightsholders whose works they're using. This is a historically sound plan: cable operators got rich by retransmitting broadcasts without permission, and once they were commercial successes, they sat down to negotiate to pay for those copyrights (just as the record companies negotiated with composers after they'd gotten rich selling records bearing those compositions). YouTube '07 has another similarity to Napster '01: it is being sued by entertainment companies. Only this time, it's not (just) the record industry. Broadcasters, movie studios, anyone who makes video or audio is getting in on the act. I recently met an NBC employee who told me that he thought that a severe, punishing legal judgment would send a message to the tech industry not to field this kind of service anymore. Let's hope he's wrong. Google -- YouTube's owner -- is a grown-up company, unusual in a tech industry populated by corporate adolescents. Google has lots of money and a sober interest in keeping it. It wants to sit down with A/V rightsholders and do a deal. Six years after the Napster verdict, that kind of willingness is in short supply. Most of the tech organizations with an interest in commercializing Internet audio and video have no interest in sitting down with the studios: * Some are nebulous open source projects like mythtv, a free hyper-TiVo that skips commercials, downloads and shares videos, and is wide open to anyone who wants to modify and improve it * Some are politically motivated anarchists like ThePirateBay, a Swedish BitTorrent tracker site that has mirrors in three countries with noninteroperable legal systems, where they respond to legal notices by writing sarcastic and profane letters and putting them online * Or out-and-out crooks like the bootleggers who use P2P to seed their DVD counterfeiting operations. It's not just YouTube. TiVo, which pioneered the personal video recorder, is feeling the squeeze, being systematically locked out of the digital cable and satellite market. Their efforts to add a managed TiVoToGo service were attacked by the rightsholders who fought at the FCC to block them. Cable/satellite operators and the studios would much prefer the public to transition to "bundled" PVRs that come with your TV service. These boxes are owned by the cable/satellite companies, who have absolute control over them. Time Warner has been known to remotely delete stored episodes of shows just before the DVD ships, and many operators have started using "flags" that tell recorders not to allow fast-forwarding, or to prevent recording altogether. The reason that YouTube and TiVo are more popular than ThePirateBay and mythtv is that they're the easiest way for the public to get what it wants -- the video we want, the way we want it. We use these services because they're like the original Napster: easy, well-designed, functional. But if the entertainment industry squeezes these players out, ThePirateBay and mythtv are right there, waiting to welcome us in with open arms. ThePirateBay already has announced that it is launching a YouTube competitor with no-plugin, in-browser viewing. Plenty of entrepreneurs are looking at easing the pain and cost of setting up your own mythtv box. The only reason that the barriers to widespread adoption of BitTorrent and mythtv exist is that it hasn't been worth anyone's while to capitalize projects to bring those barriers down. But once the legit competitors of these services are killed, look out. The thing is, the public doesn't want managed services with limited rights. We don't want to be stuck using approved devices in approved ways. We never have -- we are the spiritual descendants of the customers for "illegal" record albums and "illegal" cable TV. The demand signal won't go away. There's no good excuse for going into production on a sequel to The Napster Wars. We saw that movie. We know how it turns out. Every Christmas, we get articles about how this was the worst Christmas ever for CDs. You know what? CD sales are never going to improve. CDs have been rendered obsolete by Internet distribution -- and the record industry has locked itself out of the only profitable, popular music distribution systems yet invented. Companies like Google/YouTube and TiVo are rarities: tech companies that want to do deals. They need to be cherished by entertainment companies, not sued. (Thanks to Bruce Nash and The-Numbers.com for research assistance with this article) Cory Doctorow is co-author of the Boing Boing blog, as well as a journalist, Internet activist, and science fiction writer. Read his previous InformationWeek columns. From rforno at infowarrior.org Sat Aug 11 16:25:39 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 11 Aug 2007 12:25:39 -0400 Subject: [Infowarrior] - Google Video robs customers of the videos they "own" Message-ID: Google Video robs customers of the videos they "own" http://www.boingboing.net/2007/08/10/google_video_robs_cu.html From rforno at infowarrior.org Sat Aug 11 16:28:15 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 11 Aug 2007 12:28:15 -0400 Subject: [Infowarrior] - Court Says Travelers Can't Avoid Airport Searches Message-ID: Court Says Travelers Can't Avoid Airport Searches By David Kravets EmailAugust 10, 2007 | 5:42:37 PMCategories: Privacy Tsa_logoU.S. airline passengers near the security checkpoint can be searched any time and no longer can refuse consent by leaving the airport, the nation's largest federal appeals court ruled Friday. The decision (.pdf) by the 9th U.S. Circuit Court of Appeals overturned the circuit's 34-year-old precedent that over time was evolving toward limiting when passengers could refuse a search and leave the airport after they had checked their bags or placed items on the security screening X-ray machine. Citing threats of terrorism, the court ruled passengers give up all rights to be free of warrantless searches once a "passenger places hand luggage on a conveyor belt for inspection" or "passes though a magnetometer." "?Requiring that a potential passenger be allowed to revoke consent to an ongoing airport security search makes little sense in a post-9/11 world," Judge Carlos Bea wrote for the unanimous 15-judge panel. "Such a rule would afford terrorists multiple opportunities to attempt to penetrate airport security by 'electing not to fly' on the cusp of detection until a vulnerable portal is found." The U.S. Supreme Court has never squarely addressed the limits of the Fourth Amendment in the context of airport searches. The attorney representing a man imprisoned for drug possession who tried to leave the airport rather than be searched is weighing whether to petition the justices to review the decision. < - > http://blog.wired.com/27bstroke6/2007/08/court-says-trav.html From rforno at infowarrior.org Sat Aug 11 16:32:43 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 11 Aug 2007 12:32:43 -0400 Subject: [Infowarrior] - TSA Unveils Planned Overhaul of Airport Screening Message-ID: Back to Article Politics : Security RSS TSA Unveils Planned Overhaul of Airport Screening By Ryan Singel Email 08.10.07 | 12:00 AM http://www.wired.com/print/politics/security/news/2007/08/secure_flight The federal government proposed Thursday to overhaul how airline passengers are screened against terrorist watch lists by taking over the process from airlines, and closing a long-known security hole that allows a person to evade extra screening using a fake boarding pass. The new program, known as Secure Flight, would require airlines to forward itineraries to the government starting 72 hours before a flight. The Transportation Security Administration would then compare the names, dates of birth and gender against hundreds of thousands of names on the No-Fly and Selectee watch lists, and send the results back to the airlines. Those who match or have details similar to a name on the Selectee list will get a boarding pass with a special code singling them out for extra screening. Individuals who don't match will be free to print a boarding pass at home, if the airline offers that option. Airlines have to deny boarding to persons who match the No-Fly list. Travelers who falsely match No-Fly entries will have to show identification to airline personnel, who will tell TSA employees over the phone what the person looks like to help the government decide whether the traveler and the watch list name are the same. The proposal is the latest version of the long-planned, and congressionally mandated, replacement of the current watch list process, in which the government provides the lists to each airline, which then do their own matching. Unlike controversial earlier proposals -- known both as CAPPS II and Secure Flight -- the newest version will not use data from commercial data brokers, such as ChoicePoint. Proposals to assign threat-level scores to travelers not on a watch list and to use airports as a way to find persons with outstanding warrants were also discarded this time around. Privacy groups were still poring over the 137-page proposal (.pdf) Thursday, but the Center for Democracy and Technology's policy director Jim Dempsey gave a tentative stamp of approval. "On initial glance, it is by far the most rational and focused description of a passenger screening system we have seen," Dempsey said. But Dempsey cautions that the government now needs to fix the watch lists. "One huge unresolved issue is the reliability of the watch lists, which we know grew dramatically over the past six years and which undeniably contain unreliable information," said Dempsey. "Congress and the executive branch need to now give a lot of attention to ongoing efforts to make those lists reliable." TSA is also proposing that each boarding pass will have a unique, scannable mark, which could be authenticated by a TSA employee with a wireless device at the head of the screening line. While the TSA hasn't chosen what technologies to use for this system, the move starts to eliminate a long-standing hole in the current system. That hole allows a watch listed person to avoid being banned from flying or encountering extra screening by modifying a print-at-home boarding pass. Privacy groups had criticized the program's earlier versions for planning to store Americans' travel records for decades. The new proposal would delete records on travelers who don't match against the lists after seven days. For people matched against the Selectee list, the data will be stored for seven years, while those who match against the No-Fly list will have their travel data stored for 99 years. The government hopes that centralizing the process will reduce the mismatches that have plagued the watch list system since its expansion after the 9/11 attacks. The Department of Homeland Security says it will work off lists that have more identifying data than the unclassified lists it currently sends to airlines. Passengers will be required to give their full names when making reservations, and airlines and travel agencies will also have to ask for, but not require, dates of birth and gender of prospective travelers. The program won't be cheap, since it requires airlines and travel agencies to make significant changes to their computer systems and buy extra bandwidth to connect to the government. Additionally, Secure Flight aims to take over the watch list screening of international flights, which is currently done by Customs and Border Patrol. The government estimates airlines will need to spend $125 million in the first year, while the cost to the government over the next 10 years is expected to be $1.3 billion to $2 billion. Despite the cost estimates, James May, the president of the Air Transport Association, applauded the announcement. "If properly crafted, the programs will improve aviation security without adding to passenger privacy concerns," May said in a written statement. "In particular, we look forward to a unitary data-collection process that accommodates all government demands for passenger information and leads to the creation of a coordinated worldwide system." After the proposal is officially published and the comment period closes, the TSA hopes to test the program with one airline in the fall and then roll the program out, airline by airline, in 2008. Congress told DHS, however, it cannot start the watch list checking, until government auditors certify that it works and protects Americans' privacy. From rforno at infowarrior.org Sat Aug 11 22:51:52 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 11 Aug 2007 18:51:52 -0400 Subject: [Infowarrior] - In China, a High-Tech Plan to Track People Message-ID: August 12, 2007 In China, a High-Tech Plan to Track People By KEITH BRADSHER http://www.nytimes.com/2007/08/12/business/worldbusiness/12security.html?ei= 5065&en=2d7edb61ed14cb4d&ex=1187496000&partner=MYWAY&pagewanted=print \ SHENZHEN, China, Aug. 9 ? At least 20,000 police surveillance cameras are being installed along streets here in southern China and will soon be guided by sophisticated computer software from an American-financed company to recognize automatically the faces of police suspects and detect unusual activity. Starting this month in a port neighborhood and then spreading across Shenzhen, a city of 12.4 million people, residency cards fitted with powerful computer chips programmed by the same company will be issued to most citizens. Data on the chip will include not just the citizen?s name and address but also work history, educational background, religion, ethnicity, police record, medical insurance status and landlord?s phone number. Even personal reproductive history will be included, for enforcement of China?s controversial ?one child? policy. Plans are being studied to add credit histories, subway travel payments and small purchases charged to the card. Security experts describe China?s plans as the world?s largest effort to meld cutting-edge computer technology with police work to track the activities of a population and fight crime. But they say the technology can be used to violate civil rights. The Chinese government has ordered all large cities to apply technology to police work and to issue high-tech residency cards to 150 million people who have moved to a city but not yet acquired permanent residency. Both steps are officially aimed at fighting crime and developing better controls on an increasingly mobile population, including the nearly 10 million peasants who move to big cities each year. But they could also help the Communist Party retain power by maintaining tight controls on an increasingly prosperous population at a time when street protests are becoming more common. ?If they do not get the permanent card, they cannot live here, they cannot get government benefits, and that is a way for the government to control the population in the future,? said Michael Lin, the vice president for investor relations at China Public Security Technology, the company providing the technology. Incorporated in Florida, China Public Security has raised much of the money to develop its technology from two investment funds in Plano, Tex., Pinnacle Fund and Pinnacle China Fund. Three investment banks ? Roth Capital Partners in Newport Beach, Calif.; Oppenheimer & Company in New York; and First Asia Finance Group of Hong Kong ? helped raise the money. Shenzhen, a computer manufacturing center next to Hong Kong, is the first Chinese city to introduce the new residency cards. It is also taking the lead in China in the large-scale use of law enforcement surveillance cameras ? a tactic that would have drawn international criticism in the years after the Tiananmen Square killings in 1989. But rising fears of terrorism have lessened public hostility to surveillance cameras in the West. This has been particularly true in Britain, where the police already install the cameras widely on lamp poles and in subway stations and are developing face recognition software as well. New York police announced last month that they would install more than 100 security cameras to monitor license plates in Lower Manhattan by the end of the year. Police officials also said they hoped to obtain financing to establish links to 3,000 public and private cameras in the area by the end of next year; no decision has been made on whether face recognition technology has become reliable enough to use without the risk of false arrests. Shenzhen already has 180,000 indoor and outdoor closed-circuit television cameras owned by businesses and government agencies, and the police will have the right to link them on request into the same system as the 20,000 police cameras, according to China Public Security. Some civil rights activists contend that the cameras in China and Britain are a violation of the right of privacy contained in the International Covenant on Civil and Political Rights. Large-scale surveillance in China is more threatening than surveillance in Britain, they said when told of Shenzhen?s plans. ?I don?t think they are remotely comparable, and even in Britain it?s quite controversial,? said Dinah PoKempner, the general counsel of Human Rights Watch in New York. China has fewer limits on police power, fewer restrictions on how government agencies use the information they gather and fewer legal protections for those suspected of crime, she noted. While most countries issue identity cards, and many gather a lot of information about citizens, China also appears poised to go much further in putting personal information on identity cards, Ms. PoKempner added. Every police officer in Shenzhen now carries global positioning satellite equipment on his or her belt. This allows senior police officers to direct their movements on large, high-resolution maps of the city that China Public Security has produced using software that runs on the Microsoft Windows operating system. ?We have a very good relationship with U.S. companies like I.B.M., Cisco, H.P., Dell,? said Robin Huang, the chief operating officer of China Public Security. ?All of these U.S. companies work with us to build our system together.? The role of American companies in helping Chinese security forces has periodically been controversial in the United States. Executives from Yahoo, Google, Microsoft and Cisco Systems testified in February 2006 at a Congressional hearing called to review whether they had deliberately designed their systems to help the Chinese state muzzle dissidents on the Internet; they denied having done so. China Public Security proudly displays in its boardroom a certificate from I.B.M. labeling it as a partner. But Mr. Huang said that China Public Security had developed its own computer programs in China and that its suppliers had sent equipment that was not specially tailored for law enforcement purposes. The company uses servers manufactured by Huawei Technologies of China for its own operations. But China Public Security needs to develop programs that run on I.B.M., Cisco and Hewlett-Packard servers because some Chinese police agencies have already bought these models, Mr. Huang said. Mr. Lin said he had refrained from some transactions with the Chinese government because he is the chief executive of a company incorporated in the United States. ?Of course our projects could be used by the military, but because it?s politically sensitive, I don?t want to do it,? he said. Western security experts have suspected for several years that Chinese security agencies could track individuals based on the location of their cellphones, and the Shenzhen police tracking system confirms this. When a police officer goes indoors and cannot receive a global positioning signal from satellites overhead, the system tracks the location of the officer?s cellphone, based on the three nearest cellphone towers. Mr. Huang used a real-time connection to local police dispatchers? computers to show a detailed computer map of a Shenzhen district and the precise location of each of the 92 patrolling officers, represented by caricatures of officers in blue uniforms and the routes they had traveled in the last hour. All Chinese citizens are required to carry national identity cards with very simple computer chips embedded, providing little more than the citizen?s name and date of birth. Since imperial times, a principal technique of social control has been for local government agencies to keep detailed records on every resident. The system worked as long as most people spent their entire lives in their hometowns. But as ever more Chinese move in search of work, the system has eroded. This has made it easier for criminals and dissidents alike to hide from police, and it has raised questions about whether dissatisfied migrant workers could organize political protests without the knowledge of police. Little more than a collection of duck and rice farms until the late 1970s, Shenzhen now has 10.55 million migrants from elsewhere in China, who will receive the new cards, and 1.87 million permanent residents, who will not receive cards because local agencies already have files on them. Shenzhen?s red-light districts have a nationwide reputation for murders and other crimes. From rforno at infowarrior.org Sun Aug 12 15:18:16 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 12 Aug 2007 11:18:16 -0400 Subject: [Infowarrior] - Customs Computer Glitch Causes Delays at LAX Message-ID: Computer Glitch Causes Delays at LAX Email this Story Aug 12, 8:18 AM (ET) By AMANDA BECK http://apnews.myway.com/article/20070812/D8QVFM1G0.html LOS ANGELES (AP) - Weary international passengers were stuck at Los Angeles International Airport for several hours, unable to set foot in the United States after a computer failure prevented customs officials from screening arrivals. Over 20,000 international passengers, both Americans and foreigners, sat in four airport terminals and in 60 planes starting about 2 p.m. on Saturday, when the computer system broke down, said Los Angeles World Airports spokesman Paul Haney. A major switch in the system, which contains names of arriving passengers and law enforcement data about them, including arrest warrants, had failed and had to be replaced, said Mike Fleming, a U.S. Customs and Border Protection spokesman. "That system allows our officers to make decisions on who we can allow to enter the United States," Fleming said. "You just don't know by looking at them." The computers were fully restored at 11:45 p.m., and the last of backlogged passengers were processed by early Sunday, Fleming said. "This is probably one of the worst days we've had. I've been with the agency for 30 years and I've never seen the system go down and stay down for as long as it did," Peter Gordon, acting port director for customs, told The Los Angeles Times. Officials diverted seven incoming flights to an Ontario airport and advised international passengers departing Sunday to check the status of their flights before leaving for the airport. Terminals that normally accept international passengers were full by 2:30 p.m. Saturday, and passengers arriving afterward had to remain on the runway until their was room inside the terminal buildings. Three people were transported to local hospitals after they fell ill from waiting in the terminals, according to the Los Angeles City Fire Department. (AP) Departing travelers wait in line for security screening at Los Angeles International Airport after... Full Image "This is just unbearable," said Gaynelle Jones, 57, who landed on a 13-hour flight from Hong Kong at about 2:15 p.m. and was still sitting on her plane five hours later. She said she had missed her connecting flight to Houston. "We've already been on a plane for several hours, and they have no timeframe for when we'll be able to get off," Jones said during a cell phone interview. Airport officials said the stranded planes were connected to ground power and passengers had access to food, water and bathrooms. "People are getting a little stir-crazy, feeling claustrophobic," said Chris Cognac, 39, who was returning with family and friends - including 10 children - from a week in Puerto Vallarta. The group had been sitting on the tarmac for five hours when he spoke by phone. Passengers on his plane were in the aisles, holding their carry-on luggage, and ready to disembark when the flight crew asked them to return to their seats, Cognac said. "Everybody's pretty angry with customs at the moment because they're not informing any one of anything," Cognac said. "It's becoming a logistical issue with diapers." From rforno at infowarrior.org Sun Aug 12 20:25:11 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 12 Aug 2007 16:25:11 -0400 Subject: [Infowarrior] - Database of top-secret police phone taps stolen In-Reply-To: Message-ID: (c/o dissent) http://news.independent.co.uk/uk/crime/article2856892.ece Database of top-secret police phone taps stolen By Ruth Elkins Published: 12 August 2007 Police chiefs have launched a major investigation after the theft of a computer database containing thousands of top-secret mobile phone records from terrorism and organised crime investigations. Scotland Yard is concerned that crucial evidence from undercover investigations could be lost forever or has found its way into "the wrong hands" after the computer and other IT equipment disappeared from a private firm in Sevenoaks, Kent, last Monday night after a break-in. Forensic Telecommunications Services, whose clients include Scotland Yard, The Police Service of Northern Ireland, HM Revenue and Customs and the Crown Prosecution Service, specialises in tapping mobile phone calls made by criminal suspects. The stolen security-protected server contained the minutiae of phone calls it had screened, including the identity of the person who had made the call, as well as the exact time and location of the suspect when the call was made. In a statement released to The Mail on Sunday, Forensic Telecommunications Services confirmed that the equipment had been stolen from its offices but denied that its disappearance would impact negatively on current police cases. From rforno at infowarrior.org Mon Aug 13 01:51:59 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 12 Aug 2007 21:51:59 -0400 Subject: [Infowarrior] - UNESCO Report: New Media for Press Freedom Message-ID: The Press Freedom Dimension Challenges and Opportunities of New Media for Press Freedom http://unesdoc.unesco.org/images/0015/001520/152017e.pdf From rforno at infowarrior.org Mon Aug 13 02:07:44 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 12 Aug 2007 22:07:44 -0400 Subject: [Infowarrior] - US doles out millions for street cameras Message-ID: US doles out millions for street cameras Local efforts raise privacy alarms http://www.boston.com/news/nation/washington/articles/2007/08/12/us_doles_ou t_millions_for_street_cameras?mode=PF By Charlie Savage, Globe Staff | August 12, 2007 WASHINGTON -- The Department of Homeland Security is funneling millions of dollars to local governments nationwide for purchasing high-tech video camera networks, accelerating the rise of a "surveillance society" in which the sense of freedom that stems from being anonymous in public will be lost, privacy rights advocates warn. Since 2003, the department has handed out some $23 billion in federal grants to local governments for equipment and training to help combat terrorism. Most of the money paid for emergency drills and upgrades to basic items, from radios to fences. But the department also has doled out millions on surveillance cameras, transforming city streets and parks into places under constant observation. The department will not say how much of its taxpayer-funded grants have gone to cameras. But a Globe search of local newspapers and congressional press releases shows that a large number of new surveillance systems, costing at least tens and probably hundreds of millions of dollars, are being simultaneously installed around the country as part of homeland security grants. In the last month, cities that have moved forward on plans for surveillance networks financed by the Homeland Security Department include St. Paul, which got a $1.2 million grant for 60 cameras for downtown; Madison, Wis., which is buying a 32-camera network with a $388,000 grant; and Pittsburgh, which is adding 83 cameras to its downtown with a $2.58 million grant. Small towns are also getting their share of the federal money for surveillance to thwart crime and terrorism. Recent examples include Liberty, Kan. (population 95), which accepted a federal grant to install a $5,000 G2 Sentinel camera in its park, and Scottsbluff, Neb. (population 14,000), where police used a $180,000 Homeland Security Department grant to purchase four closed-circuit digital cameras and two monitors, a system originally designed for Times Square in New York City. "We certainly wouldn't have been able to purchase this system without those funds," police Captain Brian Wasson told the Scottsbluff Star-Herald. Other large cities and small towns have also joined in since 2003. Federal money is helping New York, Baltimore, and Chicago build massive surveillance systems that may also link thousands of privately owned security cameras. Boston has installed about 500 cameras in the MBTA system, funded in part with homeland security funds. Marc Rotenberg, director of the Electronic Privacy Information Center, said Homeland Security Department is the primary driver in spreading surveillance cameras, making their adoption more attractive by offering federal money to city and state leaders. Homeland Security Department spokesman Russ Knocke said that it is difficult to say how much money has been spent on surveillance cameras because many grants awarded to states or cities contained money for cameras and other equipment. Knocke defended the funding of video networks as a valuable tool for protecting the nation. "We will encourage their use in the future," he added. But privacy rights advocates say that the technology is putting at risk something that is hard to define but is core to personal autonomy. The proliferation of cameras could mean that Americans will feel less free because legal public behavior -- attending a political rally, entering a doctor's office, or even joking with friends in a park -- will leave a permanent record, retrievable by authorities at any time. Businesses and government buildings have used closed-circuit cameras for decades, so it is nothing new to be videotaped at an ATM machine. But technology specialists say the growing surveillance networks are potentially more powerful than anything the public has experienced. Until recently, most surveillance cameras produced only grainy analog feeds and had to be stored on bulky videotape cassettes. But the new, cutting-edge cameras produce clearer, more detailed images. Moreover, because these videos are digital, they can be easily transmitted, copied, and stored indefinitely on ever-cheaper hard-drive space. In addition, police officers cannot be everywhere at once, and in the past someone had to watch a monitor, limiting how large or powerful a surveillance network could be. But technicians are developing ways to use computers to process real-time and stored digital video, including license-plate readers, face-recognition scanners, and software that detects "anomalous behavior." Although still primitive, these technologies are improving, some with help from research grants by the Homeland Security Department's Science and Technology Directorate. "Being able to collect this much data on people is going to be very powerful, and it opens people up for abuses of power," said Jennifer King, a professor at the University of California at Berkeley who studies privacy and technology. "The problem with explaining this scenario is that today it's a little futuristic. [A major loss of privacy] is a low risk today, but five years from now it will present a higher risk." As this technological capacity evolves, it will be far easier for individuals to attract police suspicion simply for acting differently and far easier for police to track that person's movement closely, including retracing their steps backwards in time. It will also create a greater risk that the officials who control the cameras could use them for personal or political gain, specialists said. The expanded use of surveillance in the name of fighting terrorism has proved controversial in other arenas, as with the recent debate over President Bush's programs for eavesdropping on Americans' international phone calls and e-mails without a warrant. But public support for installing more surveillance cameras in public places, both as a means of fighting terrorism and other crime, appears to be strong. Last month, an ABC News/Washington Post poll found that 71 percent of Americans favored increased use of surveillance cameras, while 25 percent opposed it. Still, some homeland security specialists point to studies showing that cameras are not effective in deterring crime or terrorism. Although video can be useful in apprehending suspects after a crime or attack, the specialists say that the money used to buy and maintain cameras would be better spent on hiring more police. That view is not universal. David Heyman, the homeland security policy director at the Center for Strategic and International Studies, pointed out that cameras can help catch terrorists before they have time to launch a second attack. Several recent failed terrorist attacks in England were followed by quick arrests due in part to surveillance video. Earlier this month, Senator Joe Lieberman, independent of Connecticut, proposed an amendment that would require the Homeland Security Department to develop a "national strategy" for the use of surveillance cameras, from more effectively using them to thwart terrorism to establishing rules to protect civil liberties. "A national strategy for [surveillance cameras] use would help officials at the federal, state, and local levels use [surveillance] systems effectively to protect citizens, while at the same time making sure that appropriate civil liberties protections are implemented for the use of cameras and recorded data," Lieberman said. ? Copyright 2007 The New York Times Company From rforno at infowarrior.org Mon Aug 13 12:11:08 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Aug 2007 08:11:08 -0400 Subject: [Infowarrior] - AACS DRM tentacles reach far into operating systems Message-ID: AACS DRM tentacles reach far into operating systems By Ken Fisher | Published: August 12, 2007 - 11:03PM CT http://arstechnica.com/articles/culture/aacs-tentacles.ars Introduction "The biggest trick the devil ever pulled was in getting folks to blame someone other than Hollywood for video DRM." ?not Keyser S?ze Peter Gutmann, author of a well-known and fascinating paper describing the tradeoffs of Microsoft's content protection system in Windows Vista, is on the hunt again. Last year, his paper "Cost Analysis of Windows Vista Content Protection" painted a grim picture of the lengths Microsoft went to in order to gain full compliance with AACS, the next-gen copy control system for Blu-ray and HD DVD (and they did go far). Now Gutmann is reiterating his claims but also reportedly digging deep in his attacks on Microsoft. While Microsoft deserves some of the blame, the bigger story here is the technical nightmare created by AACS and how its tentacles are reaching into the consumer technology we all use daily. It's a shame that this is getting lost in the mix, but after discussing the issue with a journalist this weekend, I decided to delve a little more into it here. Gutmann's presentation at this year's USENIX Security Symposium in Boston has been profiled at Network World. Gutmann's thesis is fairly basic and unchanged from last year: Microsoft spent way too many resources appeasing Hollywood when it should have been making Windows Vista better. Gutmann is essentially correct; any time a consumer electronics manufacturer or other technology company has to waste time with DRM, that company is wasting resources that could be better spent elsewhere if DRM wasn't a sad fact of life. Let no one doubt that. All of this attention focused on Microsoft is missing the bigger story, however. AACS: coming to an (incorporated) OS near you This is important but rarely acknowledged in these discussions (and my journo discussion partner was rather surprised to learn this): Apple will also have to adopt a strict DRM regimen at the most fundamental levels of Mac OS X in order to be able to (legally) play back AACS-protected Blu-ray or HD DVD discs (e.g., most commercial discs in those formats). Apple thus far has avoided criticism, but only because the company has not unveiled its full plans for appeasing the various requirements imposed by the AACS Licensing Administrator for next-gen optical disc DRM. When Apple does, we'll all see that Blu-ray/HD DVD support comes with plenty of strings attached?strings that Apple will have to work into its OS, too. There is no way around it; something similar to Microsoft's Protected Media scheme will be required of Mac OS X if Apple is a licensee to AACS. (The same would be true for Linux, except that AACS won't be licensed for Linux desktop use. There's no way to securely implement it since desktop Linux is an open environment, and AACS requires keeping secrets.) Here's the basic rundown: AACS has "robustness rules" that include strict mandates for the path that video data takes through a software-based system, like a modern PC. These rules require that decrypted video "not be present on any User-Accessible Bus in analog or unencrypted, compressed form," because users could possibly record or redirect that content. Companies like Apple and Microsoft are additionally required to use "encryption, execution of a portion of the implementation in ring zero or supervisor mode (i.e., in kernel mode), and/or embodiment in a secure physical implementation," or any other method that can "effectively" keep encryption keys secret. Furthermore, they are required to use "techniques of obfuscation clearly designed to effectively disguise and hamper attempts to discover the approaches used" to secure the systems. Thus, video content must travel through the system encrypted and must only interact with authorized components over authorized pathways. Again, these are the requirements of AACS, and they're not simple to accomplish, especially in an operating system where there are multiple ways to attack the system. This is why AACS goes even further, requiring that operating systems constantly monitor the "integrity" of the content protection system and purposely stop playing content in the event that any "unauthorized modifications" are detected. In this way, the system not only watches the video path as video travels on it, but it monitors the state of the PC as a whole. So, when thinking about this issue, we have to ask ourselves: is a company like Microsoft or Apple likely to tell Hollywood to jump off a cliff? No, because both companies know that users will want to play HD DVD or Blu-ray discs on their computers. Microsoft didn't tell AACS LA to stuff it, and Apple won't tell them to, either. Not only do both companies want to be a part of the HD "revolution," but both of them are also DRM developers, too. While Steve Jobs may be an opponent of DRM for music, he has said on record that his objections to DRM for music do not apply to video. Timeline flaws adding up Most of what breaks the "HD experience" on PCs right now stems from AACS's demands on technology, starting with the requisite HDMI/HDCP support on video cards and displays. HDMI/HDCP are two key parts of the "secure path" for video, but the two technologies have still not penetrated the PC market in any substantial way. (I'm quite surprised that monitor and video card manufacturers were so late implementing HDCP, given that this aspect of AACS has been known about for some time.) Regardless, note that hardware-level support for AACS (via HDMI/HDCP) has nothing to do with Microsoft or Apple, but both companies will have to grapple with balancing the AACS requirements with providing users with a simple playback environment. Thankfully, Hollywood has backed off the Image Constraint Token for now, the biggest snag in the HDCP plan, likely because of the slow adoption of HDCP itself. Hollywood holds the cards here: it's the studios' content licensing practices at work, and it's their call when to start enforcing technical requirements for full HD display. So, while the HDCP issues may seem only theoretical for now, those days are numbered. Video DRM is a drain on technology performance and engineering, wasting precious resources on something that only benefits a very small group of people with very narrow, self-serving demands. The shape and contours of the video DRM experience is established by Hollywood, not by Microsoft or Apple. How tech companies implement this stuff is, of course, important, and there are signs that Microsoft's implementation is made overly complex by architectural decisions the company has made. But the annoying stuff, like downgraded video quality and video pathways with significant CPU overhead, is all part of AACS, all by design. Last year, Marcus Matthias, product manager of Windows Digital Media at Microsoft, put it this way to me in a discussion about this very issue: "Any device?whether it be a PC or consumer electronic device?will need to ensure compliance with the specified policies [read: AACS], otherwise they risk being unable to access the next-gen DVD content. Clearly we think that offering next-gen DVD content on the PC is much preferable to having the PC excluded from accessing this premium content." Users should be outraged at these developments, but directing that outrage at Microsoft (or Apple) misses the point. The movie industry's fear of fair use and casual piracy is so great that it uses its considerable weight to influence innovation in personal computing. They can create a technology (AACS) and a license for that technology without ever having to prove its utility or safety for consumers. The situation is made more deplorable by the fact that AACS seems to be nothing more than a stab in the dark at the problem: it has already been cracked! AACS is unproven technology with amazingly complex demands. And it's being rolled into operating systems essentially unproven and with little care for how much havoc it wreaks. Some loose ends... Two particular comments reportedly made by Gutmann deserve commentary, even though they aren't related to the issue of AACS in general. Gutmann reportedly said that a $100 video card outperforms a $1,000 video card on Vista, thanks to these content protection mechanisms. This is nothing short of hogwash, as practically any recent video card review will show. Here's Tech Report on the new Radeon 2900XT 1GB. The only way that a $1,000 card and a $100 card might be "similar" would be if they both lacked HDMI/HDCP, which a) Microsoft and Apple have no control over and b) hardly constitutes a fair comparison of the two cards' capabilities. Gutmann also says that users are being punished by an overzealous system that misidentifies "premium" content. Users are supposedly finding that Vista is blocking them from showing their own home movies if they were shot in HD. I've worked with two HD cams on Vista (both from Sony) and haven't had a single problem, but I've never heard anything similar from our readers. I'd love to hear from those of you who have had this problem. Microsoft has publicly stated that content controls can only be activated by copyright holders, which clearly indicates that this should not be happening to users with their own home videos. From rforno at infowarrior.org Mon Aug 13 12:39:16 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Aug 2007 08:39:16 -0400 Subject: [Infowarrior] - Upkeep Of Security Devices A Burden Message-ID: (the "long tail' problem........rf) Upkeep Of Security Devices A Burden http://www.washingtonpost.com/wp-dyn/content/article/2007/08/12/AR2007081201 244_pf.html By Mary Beth Sheridan Washington Post Staff Writer Monday, August 13, 2007; A01 In 2003, the FBI used a $25 million grant to give bomb squads across the nation state-of-the-art computer kits, enabling them to instantly share information about suspected explosives, including weapons of mass destruction. Four years later, half of the Washington area's squads can't communicate via the $12,000 kits, meant to be taken to the scene of potential catastrophes, because they didn't pick up the monthly wireless bills and maintenance costs initially paid by the FBI. Other squads across the country also have given up using them. "They worked, and it was a good idea -- until the subscription ran out," said Mike Love, who oversees the bomb squad in Montgomery County's fire department. At the local level, he said, "there is not budget money for it." Since the Sept. 11, 2001, terrorist attacks, the area has received more than $1 billion in federal money to strengthen first responders and secure the region. That money has bought satellite phones, radios, protective suits, water-security monitors and a host of other items. But local officials are grappling with how to maintain the huge infusion of equipment. Like a driver whose 5-year-old luxury sedan has worn-out brakes, cracked tires and engine problems, local governments are facing hefty bills to keep their gear working. The region has a long list of terrorism-fighting items that need parts and service. Officials recently set aside nearly one-fifth of the area's latest federal homeland security grant -- about $12 million -- to cover maintenance over the next two years. The shopping list includes $120,000 in new batteries for emergency radios; $400,000 to maintain chemical and radiation monitors for rivers; and $250,000 in replacement equipment for top officials' videoconferencing system. Wanting to avoid a maintenance time bomb, governments are starting to plan for the end of the decade, when state and local jurisdictions will probably be forced to shoulder most of the costs. "There's an agreement we're going to start weaning ourselves, such that more and more, we'll pick up" the maintenance costs, said Fairfax County Executive Anthony H. Griffin, who heads a committee of local government administrators working on the grants. In some cases, officials are slowing homeland security projects while the question of upkeep is worked out. This year, for example, the region asked the U.S. Department of Homeland Security for more than $13 million to build a broadband wireless network for emergency workers. In the end, officials decided to spend just $1 million -- on plans that will determine the maintenance costs. Behind such caution is concern that the anti-terrorism dollars that have rained down on the D.C. area in recent years might begin to dry up. Michael Chertoff, the homeland security secretary, warned cities recently that the grants were not like Social Security checks that would arrive year after year. "In fact, as communities begin to build their capabilities, we should see them getting less money," Chertoff said at a news conference. The FBI bomb-kit program shows how even the best-intentioned plans to equip first responders can go awry over the simple question of maintenance. The program was requested in 1999 by Congress, which had been alarmed by a nerve-gas attack on a Tokyo subway that killed 12 people and sickened thousands. Legislators set aside $25 million for the FBI to prepare state and local bomb squads to deal with weapons of mass destruction. The FBI developed a special suitcase of tools that bomb squads could take to scenes. The core of the kit was a rugged wireless laptop loaded with files describing explosives and chemical and biological agents. The kit also included a digital camera so technicians could snap a picture of any strange device and e-mail it to FBI bomb experts for quick advice. "It was a unique communication tool," said FBI Special Agent Barbara Martinez, a top official in the agency's Critical Incident Response Group. The "Cobra kits" were handed out to nearly 400 state and local bomb squads across the country in 2003. Each came with a prepaid three-year service agreement and a one-year wireless card. But apparently, no one realized that the squads might not have the cash to maintain the wireless subscription. Local officials said it could run $60 a month per kit, totaling a few hundred dollars for a squad with several kits. Also, the kits needed periodic updates, which could run into the hundreds or thousands of dollars, they said. "It was quite expensive for the local jurisdictions to absorb the cost," said Jerry Swain, bomb-squad commander for Loudoun County. Montgomery's Love said his department had to stop paying for the system in 2005, just two years after getting it. "Basically, we're still dealing with the same budget we had 10 years ago, except for personnel costs," he said. The D.C. and Arlington County police bomb squads also dropped the wireless subscription. The Prince George's County bomb squad chose to replace that system with other technology purchased through federal grants, a spokesman said. Some local squads said they had more pressing needs than maintaining the system, which they described as occasionally helpful but not essential. "To say it's something that's going to make or break us on the scene, I would say not," Swain said. Others said they found the kit valuable because of its wireless connection to other bomb experts and its copious reference material. "We could carry around 10 textbooks, but it's all there" in the computer, said Sgt. Thomas Sharkey, Metro's bomb-squad commander. Metro has continued to maintain its kits, as have bomb squads run by the Fairfax County police and Virginia State Police. Jeff Fuller, a spokesman for the National Bomb Squad Commanders Advisory Board, said that many squads had found the kits too expensive to maintain but that he didn't know how many stopped using it. Martinez, the FBI official, also said she did not know. Martinez said the kits were initially successful in teaching bomb technicians about weapons of mass destruction. Now, though, some of the kits are sitting unused, she acknowledged. "It is sad -- now you've got that paperweight doorstop out there," she said. But the FBI made it clear from the start that local and state squads would eventually have to pick up the maintenance costs, she said. "Maybe people didn't read the fine print," she added. FBI bomb technicians across the country have continued to maintain their kits and can take them to scenes to assist, she said. Was the project a bad use of $25 million? No, Martinez said, but she added, "I wish it came with the maintenance thing." Because of advances in technology, the 2003 kits would need significant upgrades to be effective now, she said. In this year's application for its homeland security grant, the region's bomb squads included a request to upgrade their Cobra kits and pay for wireless cards. But local officials say it is not clear whether they would use their funding award on the project because they have higher priorities for their squads, including protective suits and robots. "The last thing we want to do is put money into something the grant is not going to keep up over time," said Loudoun County Fire Marshal Keith Brower, who heads a regional committee overseeing bomb squads. "We're flagging those issues right now." From rforno at infowarrior.org Mon Aug 13 16:38:37 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Aug 2007 12:38:37 -0400 Subject: [Infowarrior] - Homeland Security's Minority Report Ambitions Message-ID: http://blog.wired.com/defense/2007/08/homeland-secu-1.html It sounds far-fetched, but this is the aim of Project Hostile Intent (PHI), the latest anti-terrorism idea from the US Department of Homeland Security. According to DHS spokesman Larry Orluskie, the DHS wants to develop systems that can analyse behaviour remotely to predict which of the 400 million people who enter the US every year have "current or future hostile intentions". PHI aims to identify facial expressions, gait, blood pressure, pulse and perspiration rates that are characteristic of hostility or the desire to deceive. Then the idea is to develop "real-time, culturally independent, non-invasive sensors" and software that can detect those behaviours, says Orluskie. The DHS's Advanced Research Projects Agency (HSARPA) suggests that these sensors could include heart rate and breathing sensors, infrared light, laser, video, audio and eye tracking. PHI got quietly under way on 9 July, when HSARPA issued a "request for information" in which it asked security companies and US government labs to suggest technologies that could be used to achieve the project's aims. It hopes to test them at a handful of airports, borders and ports as early as 2010 and to deploy the system at all points of entry to the US by 2012. From rforno at infowarrior.org Tue Aug 14 12:03:33 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Aug 2007 08:03:33 -0400 Subject: [Infowarrior] - GAO Director warns "Learn from the fall of Rome" Message-ID: Learn from the fall of Rome, US warned By Jeremy Grant in Washington Published: August 14 2007 00:06 | Last updated: August 14 2007 00:06 http://www.ft.com/cms/s/80fa0a2c-49ef-11dc-9ffe-0000779fd2ac.html The US government is on a ?burning platform? of unsustainable policies and practices with fiscal deficits, chronic healthcare underfunding, immigration and overseas military commitments threatening a crisis if action is not taken soon, the country?s top government inspector has warned. David Walker, comptroller general of the US, issued the unusually downbeat assessment of his country?s future in a report that lays out what he called ?chilling long-term simulations?. These include ?dramatic? tax rises, slashed government services and the large-scale dumping by foreign governments of holdings of US debt. Drawing parallels with the end of the Roman empire, Mr Walker warned there were ?striking similarities? between America?s current situation and the factors that brought down Rome, including ?declining moral values and political civility at home, an over-confident and over-extended military in foreign lands and fiscal irresponsibility by the central government?. ?Sound familiar?? Mr Walker said. ?In my view, it?s time to learn from history and take steps to ensure the American Republic is the first to stand the test of time.? Mr Walker?s views carry weight because he is a non-partisan figure in charge of the Government Accountability Office, often described as the investigative arm of the US Congress. While most of its studies are commissioned by legislators, about 10 per cent ? such as the one containing his latest warnings ? are initiated by the comptroller general himself. In an interview with the Financial Times, Mr Walker said he had mentioned some of the issues before but now wanted to ?turn up the volume?. Some of them were too sensitive for others in government to ?have their name associated with?. ?I?m trying to sound an alarm and issue a wake-up call,? he said. ?As comptroller general I?ve got an ability to look longer-range and take on issues that others may be hesitant, and in many cases may not be in a position, to take on. ?One of the concerns is obviously we are a great country but we face major sustainability challenges that we are not taking seriously enough,? said Mr Walker, who was appointed during the Clinton administration to the post, which carries a 15-year term. The fiscal imbalance meant the US was ?on a path toward an explosion of debt?. ?With the looming retirement of baby boomers, spiralling healthcare costs, plummeting savings rates and increasing reliance on foreign lenders, we face unprecedented fiscal risks,? said Mr Walker, a former senior executive at PwC auditing firm. Current US policy on education, energy, the environment, immigration and Iraq also was on an ?unsustainable path?. ?Our very prosperity is placing greater demands on our physical infrastructure. Billions of dollars will be needed to modernise everything from highways and airports to water and sewage systems. The recent bridge collapse in Minneapolis was a sobering wake-up call.? Mr Walker said he would offer to brief the would-be presidential candidates next spring. ?They need to make fiscal responsibility and inter-generational equity one of their top priorities. If they do, I think we have a chance to turn this around but if they don?t, I think the risk of a serious crisis rises considerably?. Copyright The Financial Times Limited 2007 From rforno at infowarrior.org Wed Aug 15 01:55:20 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Aug 2007 21:55:20 -0400 Subject: [Infowarrior] - Google Health? Message-ID: Somehow I think this is another Google service I won't be using if/when it ever comes out. Too many bad possibilities, from a privacy perspective IMO. http://blogoscoped.com/archive/2007-08-14-n43.html From rforno at infowarrior.org Wed Aug 15 01:57:57 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Aug 2007 21:57:57 -0400 Subject: [Infowarrior] - RIAA: Pay as we say, not as we do Message-ID: RIAA: Pay as we say, not as we do Recording Ass. is sue-happy - not follow-through happy By Austin Modine in Mountain View ? More by this author Published Wednesday 15th August 2007 00:12 GMT http://www.theregister.co.uk/2007/08/15/riaa_doesnt_pay_legal_fees/ While the legal arm of the Recording Industry Association of America is lightning fast to attack at the slightest inkling of copyright infringement ? justified or not ? it appears the arm which holds the organization's billfold isn't nearly so quick on the draw. In the case of Capitol v. Foster, where the RIAA was ordered to pay $68,585.23 in attorney fees and costs after unsuccessfully suing over copyright infringement, Deborah Foster has yet to receive payment. Despite the judge's ruling, laid down a month ago, Deborah Foster hasn't heard back from the RIAA, much less received any money, prompting her to file a motion of judgment against the organization. The complaint was filed in the US district court of Oklahoma yesterday. El Reg's legal hack, Burke Hansen, explains the filing: "The motion is a legal formality that allows the victor to begin collections proceedings and forces the losing party to decide whether to appeal or not." The motion asks that Foster immediately receive post-judgment collection proceedings, including the registration of the judgment in federal court for a hearing on assets. The document goes on to say that Foster contacted the RIAA's legal counsel by email on August 11, inquiring about payment, but hasn't received a response. Maybe they're too busy cooking up perfectly reasonable tactics to catch copyright infringers such as impersonating a 10-year-old girl's grandmother on the phone? ? From rforno at infowarrior.org Wed Aug 15 12:42:24 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Aug 2007 08:42:24 -0400 Subject: [Infowarrior] - GovExec Mag: Security Theater Message-ID: FEATURES Security Theater By Zack Phillips zphillips at govexec.com Government Executive August 1, 2007 http://www.govexec.com/features/0807-01/0807-01s3.htm There's little downside to being alarmist about terror, so we spend too much on measures that evoke feelings of security without actually improving it. At the time, it seemed reasonable. Richard Reid tried to ignite explosives hidden in his shoe while aboard a December 2001 flight from Paris, so Congress banned butane lighters on planes. But in retrospect, the costs of the ban outweighed the benefits. Airport retailers had to stop selling lighters. Lighter vendor Zippo Manufacturing Co. laid off more than 100 workers in part because of the prohibition. Transportation Security Administration screeners at one point had to confiscate 30,000 lighters every day, quadrupling the amount of garbage the agency had to dispose of. TSA even had to hire a contractor to help with all the extra trash. Meanwhile, the security benefit was minimal. Passengers were allowed to bring matches on board planes, so a determined bomber still could ignite explosives. TSA Administrator Kip Hawley later acknowledged that the search for lighters distracted screeners from the much more important task of watching for explosives and bomb components. As of Aug. 4, Hawley announced in late July, the ban will be lifted. Author and security consultant Bruce Schneier has dubbed such cost-ineffective measures "security theater" because they evoke feelings of security without actually improving it. But it's easy to understand how the lighter ban came to pass. Lawmakers wanted to show voters they were doing something in response to Reid and the Sept. 11 terrorist attacks. Airlines were eager to restore confidence and happy to let the federal government take on the cost and responsibility of baggage screening. Neither had a motivation to argue that shoe bombers did not represent a serious enough threat to aviation to merit the lighter ban, or even to ask the question of whether they posed such a threat. Alarm overpowered reasonable cost-benefit analysis and a measured response. Welcome to homeland security, where everyone has an incentive to exaggerate threats. A Congress member whose district includes a port has little to lose and much to gain by playing up the potential for container-borne terrorism. A city with a dam talks up the need to protect critical infrastructure. A company selling weapons-detection technology stresses the vulnerability of commercial aviation. A civil servant evaluating homeland security grant applications has an interest in over-estimating dangers that might be addressed by grantees rather than denying funding and risk blame in the event of a disaster. Each has an incentive to be alarmist. Hardly any of the players has good reason to contemplate terrorism reasonably or to consider threats in terms of probability and finite budget resources. That lonely job falls to the Homeland Security Department, which, four years after its creation, is just beginning to integrate the complicated notion of risk analysis into its work. Most observers credit Homeland Security Secretary Michael Chertoff with talking enough about risk - not just threats - to bring some improvement. But they also say the climate of fear makes it nearly impossible to have a dispassionate discussion about the real threat of terrorism and the response it truly merits. Overblown John Mueller suspects he might have become cable news programs' go-to foil on terrorism. The author of Overblown: How Politicians and the Terrorism Industry Inflate National Security Threats, and Why We Believe Them (Free Press, 2006) thinks America has overreacted. The greatly exaggerated threat of terrorism, he says, has cost the country far more than terrorist attacks ever did. Watching his Sept. 12, 2006, appearance on Fox & Friends is unintentionally hilarious. Mueller calmly and politely asks the hosts to at least consider his thesis. But filled with alarm and urgency, they appear bewildered and exasperated. They speak to Mueller as if he is from another planet and cannot be reasoned with. That reaction is one measure of the contagion of alarmism. Mueller's book is filled with statistics meant to put terrorism in context. For example, international terrorism annually causes the same number of deaths as drowning in bathtubs or bee stings. It would take a repeat of Sept. 11 every month of the year to make flying as dangerous as driving. Over a lifetime, the chance of being killed by a terrorist is about the same as being struck by a meteor. Mueller's conclusions: An American's risk of dying at the hands of a terrorist is microscopic. The likelihood of another Sept. 11-style attack is nearly nil because it would lack the element of surprise. America can easily absorb the damage from most conceivable attacks. And the suggestion that al Qaeda poses an existential threat to the United States is ridiculous. Mueller's statistics and conclusions are jarring only because they so starkly contradict the widely disseminated and broadly accepted image of terrorism as an urgent and all-encompassing threat. American reaction to two failed attacks in Britain in June further illustrates our national hysteria. British police found and defused two car bombs before they could be detonated, and two would-be bombers rammed their car into a terminal at Glasgow Airport. Even though no bystanders were hurt and British authorities labeled both episodes failures, the response on American cable television and Capitol Hill was frenzied, frequently emphasizing how many people could have been killed. "The discovery of a deadly car bomb in London today is another harsh reminder that we are in a war against an enemy that will target us anywhere and everywhere," read an e-mailed statement from Sen. Joe Lieberman, I-Conn. "Terrorism is not just a threat. It is a reality, and we must confront and defeat it." The bombs that never detonated were "deadly." Terrorists are "anywhere and everywhere." Even those who believe it is a threat are understating; it's "more than a threat." Mueller, an Ohio State University political science professor, is more analytical than shrill. Politicians are being politicians, and security businesses are being security businesses, he says. "It's just like selling insurance - you say, 'Your house could burn down.' You don't have an incentive to say, 'Your house will never burn down.' And you're not lying," he says. Social science research suggests that humans tend to glom onto the most alarmist perspective even if they are told how unlikely it is, he adds. We inflate the danger of things we don't control and exaggerate the risk of spectacular events while downplaying the likelihood of common ones. We are more afraid of terrorism than car accidents or street crime, even though the latter are far more common. Statistical outliers like the Sept. 11 terrorist attacks are viewed not as anomalies, but as harbingers of what's to come. Demystifying Security Sept. 11 was so dramatic and scary that even suggesting that some of the resulting fear is unjustified seems blasphemous. Indeed, the release in July of a new National Intelligence Estimate and its reports of a resurgent al Qaeda served to renew and stoke those fears. But the point is not that terrorists don't exist, or that terrorist attacks won't happen. It's that the pervasive alarm about terrorism obscures the most important question the nation must grapple with: "What level of protection is enough?" Seeking 100 percent security is quixotic. There always will be some risk, but how much can we live with? This question remains unanswered because the political climate created by alarmists, however well-intentioned, prevents it from being raised. Those who try are quickly punished. Democratic presidential candidate John Kerry said in 2004 that the goal should be to reduce terrorism to the level of organized crime - a nuisance but not "the focus of our lives." The Bush campaign immediately pounced, calling Kerry "unfit to lead," and he never used such rhetoric again. The question "How much risk can we live with?" cuts to the heart of homeland security because the answer should guide the way government spends money, the primary tool for fighting terrorism. We simply cannot protect everything, and because budget resources are limited, spending security money protecting one asset means leaving another vulnerable. We must spend effectively and strategically. That means employing sound cost-benefit analyses to reduce risk to manageable levels is the only reasonable goal. Industry has a word for this kind of strategic thinking: risk management. "Risk management is about playing the odds," writes Schneier in Beyond Fear: Thinking Sensibly About Security in an Uncertain World (Copernicus Books, 2003). "It's figuring out which attacks are worth worrying about and which ones can be ignored. It's spending more resources on the serious attacks and less on the frivolous ones. It's taking a finite security budget and making the best use of it. We do this by looking at the risks, not the threats." Schneier wants to demystify security for the masses. He rails against the paternalism of politicians and pundits who, he says, purport to have the answers to complex security dilemmas. Schneier, who once implemented security solutions for the Defense Department and has consulted for other governments and financial institutions, says there are no right answers. Security is all about trade-offs, and anyone can make those judgments. 'Peanut Butter' Spending DHS has received $130 billion in budget authority since 2001 and that certainly buys more security. But more security does not necessarily make the country more secure. How much risk has that $130 billion bought down? No one knows because DHS has neither a long-term, risk-based strategic plan nor a comprehensive way of measuring risk reduction. Mueller, Schneier and many others suggest that politics, not risk, determines how the department spends money. It's not the politics of insider contracts and influence peddling, but the need to be seen as responding somehow to bad news while at the same time not knowing which reaction, if any, is appropriate. Examples of questionable priorities abound. Intelligence and warning capabilities are less visible than detectors and other more high-profile security measures, but nearly everyone agrees they are vital to counterterrorism. Yet such programs account for less than 1 percent of government spending on homeland security, according to the Congressional Research Service. Veronique de Rugy, a fellow at the American Enterprise Institute for Public Policy Research and a visiting scholar at George Mason University's Mercatus Center, has studied DHS' budget extensively. She points out that TSA will have spent more than $14.7 billion in five years screening airline passengers when it could have reduced most of the risk with a single measure that will cost only $100 million over 10 years: reinforcing cockpit doors. A would-be hijacker's options are severely limited if the cockpit is inaccessible. De Rugy sees significant problems in DHS grant programs. By the end of fiscal 2008, DHS will have given $12 billion in grants to state and local governments without a way to measure whether the investment has reduced the risk of terrorism. In particular, de Rugy faults congressional requirements that originally guaranteed each state a minimum allotment. Instead, DHS should be focusing on a few high-risk areas, she says. "They think 'If we do something about it, no matter what [good it does], then we can claim we're on top of everything,' which is exactly the opposite," says de Rugy. "If you're spread really thin, you're not achieving anything." Chertoff refers to this as "spreading the money around like peanut butter on a piece of bread, with everybody getting a little bit." He opposes it. In his first major address as secretary in March 2005, Chertoff said DHS actions should be dictated by risk, not by threats, even though threats capture the focus and imagination of the public and media. "A terrorist attack on the two-lane bridge down the street from my house is bad, but has a relatively low consequence compared to an attack on the Golden Gate Bridge," he said. The secretary's influence is visible in homeland security grant programs. At first, the department crudely calculated risk by using population as a proxy. Later, figures for the extent of threat and the presence of critical infrastructure were added to the equation. Chertoff introduced a new equation: Risk is equal to threat times vulnerability times consequence. For the first time, DHS is considering probabilities in the calculations that drive grants and other security investments. And after the department's controversial Urban Areas Security Initiative grants ignited a firestorm last year, officials refined the program. Applicants now must submit an investment justification for the funds they are requesting. The list of critical infrastructure considered when calculating a city's risk now has only 2,100 facilities - mostly dams, power plants and other significant structures, according to Chertoff. (The fiscal 2006 list, mocked for including a popcorn factory and a hot dog stand, included 200,000 assets.) And perhaps most significantly, DHS now rates all parts of the country as equally vulnerable to attack. Thus, the likely consequences of an attack account for 80 out of 100 "risk points," making that the predominant factor in choosing where to allocate $746 million. The other 20 points are determined by threat analyses. Risk Simulator Risk management long has been used in the finance, insurance and engineering fields. But applying it to counterterrorism is much more difficult because uncertainty about terrorists' intent and capabilities requires some guesswork. Chertoff gets credit for elevating the concept of risk, but even his backers say the department has a long way to go. "I applaud him; he introduced the idea of risk and it has caught on," says Randy Beardsworth, formerly DHS' assistant secretary for strategic plans. "But it's caught on at the 101 level. We need to move to the graduate level - the 501." This is where risk gets more complicated. Beardsworth says the government is much better comparing risk at the tactical level - one nuclear plant versus another - than at the strategic level. Is there more risk associated with air travel or mass transit, for instance? Before leaving DHS in September, Beardsworth was leading a working group to develop a strategic risk tool for Chertoff. The tool would allow him to compare the risk reduction impact of different programs. In one case, DHS could spend millions more dollars and still not lower the risk appreciably. In another case, a small additional investment would reduce risk substantially. In short, the DHS secretary could articulate clear and understandable reasons for making investments. "The cynics will say it's all politics," Beardsworth says. "But as a career guy, I really don't care. This is the right way to look at how to spend money in the homeland security world." Beardsworth says work on the tool stalled after he left. It seems to have been picked up by the new Risk Management and Analysis Office in the Directorate for National Protection and Programs created last year. That office began functioning in April, the first time a single entity has collected risk information departmentwide. Its first tasks are cataloging the risk management methodologies DHS component agencies use and developing a single set of common principles. "It'd be a nice, neat area to say there's only one [risk] formula," says Tina Gabbrielli, acting director of the Risk Management and Analysis Office. "If that were the case, I'd have a pretty easy job. What I learned quickly is that when it comes to risk and risk analysis methodologies, one size does not fit all." The long-term goal is to allow the DHS secretary to know, for instance, how the department can best reduce risk over the next five years. But Gabbrielli admits that capability is a long way off. The level of difficulty becomes clear when considering actual applications - transportation systems, for example. Does an improvement in an airport's weapons screening technology really buy down any risk? Or does it simply shift risk, pushing the terrorist to find a way around checkpoints, such as an employee entrance. Does outfitting commercial jets with systems to defend against shoulder-fired missiles - which could cost as much as $1 million per plane - reduce the risk of attack or simply motivate the terrorist to aim his missile at another target? This is where a new risk management analysis tool comes in. TSA issued a solicitation in late June for a computer simulator that would measure the effectiveness, in terms of risk reduction, of various aviation countermeasures. The simulator would use terrorist teams and government teams and would test multiple defense systems to find the most effective sequence of countermeasures. The problem, de Rugy points out, is that even though DHS is making progress implementing risk management, more terrorist attacks likely will occur. And when they do, the alarm bells will ring, making it nearly impossible to honestly debate security priorities. "Even if it's, like, 50 people being killed, which is horrible, it's very likely it's something not worth investing billions of dollars," she says. "And who's going to be saying that?" From rforno at infowarrior.org Wed Aug 15 13:46:57 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Aug 2007 09:46:57 -0400 Subject: [Infowarrior] - US to Expand Domestic Use Of Spy Satellites In-Reply-To: <92BEA5E5-60F8-42DA-A2A9-AE08B131B330@pacbell.net> Message-ID: August 15, 2007 PAGE ONE http://online.wsj.com/article/SB118714764716998275.html U.S. to Expand Domestic Use Of Spy Satellites By ROBERT BLOCK August 15, 2007; Page A1 The U.S.'s top intelligence official has greatly expanded the range of federal and local authorities who can get access to information from the nation's vast network of spy satellites in the U.S. The decision, made three months ago by Director of National Intelligence Michael McConnell, places for the first time some of the U.S.'s most powerful intelligence-gathering tools at the disposal of domestic security officials. The move was authorized in a May 25 memo sent to Homeland Security Secretary Michael Chertoff asking his department to facilitate access to the spy network on behalf of civilian agencies and law enforcement. Until now, only a handful of federal civilian agencies, such as the National Aeronautics and Space Administration and the U.S. Geological Survey, have had access to the most basic spy-satellite imagery, and only for the purpose of scientific and environmental study. According to officials, one of the department's first objectives will be to use the network to enhance border security, determine how best to secure critical infrastructure and help emergency responders after natural disasters. Sometime next year, officials will examine how the satellites can aid federal and local law-enforcement agencies, covering both criminal and civil law. The department is still working on determining how it will engage law enforcement officials and what kind of support it will give them. Access to the high-tech surveillance tools would, for the first time, allow Homeland Security and law-enforcement officials to see real- time, high-resolution images and data, which would allow them, for example, to identify smuggler staging areas, a gang safehouse, or possibly even a building being used by would-be terrorists to manufacture chemical weapons. Overseas -- the traditional realm of spy satellites -- the system was used to monitor tank movements during the Cold War. Today, it's used to monitor suspected terrorist hideouts, smuggling routes for weapons in Iraq, nuclear tests and the movement of nuclear materials, as well as to make detailed maps for U.S. soldiers on the ground in Afghanistan and Iraq. Plans to provide DHS with significantly expanded access have been on the drawing board for over two years. The idea was first talked about as a possibility by the Central Intelligence Agency after 9/11 as a way to help better secure the country. "It is an idea whose time has arrived," says Charles Allen, the DHS's chief intelligence officer, who will be in charge of the new program. DHS officials say the program has been granted a budget by Congress and has the approval of the relevant committees in both chambers. Wiretap Legislation Coming on the back of legislation that upgraded the administration's ability to wiretap terrorist suspects without warrants, the development is likely to heat up debate about the balance between civil liberties and national security. Access to the satellite surveillance will be controlled by a new Homeland Security branch -- the National Applications Office -- which will be up and running in October. Homeland Security officials say the new office will build on the efforts of its predecessor, the Civil Applications Committee. Under the direction of the Geological Survey, the Civil Applications Committee vets requests from civilian agencies wanting spy data for environmental or scientific study. The Geological Survey has been one of the biggest domestic users of spy- satellite information, to make topographic maps. Unlike electronic eavesdropping, which is subject to legislative and some judicial control, this use of spy satellites is largely uncharted territory. Although the courts have permitted warrantless aerial searches of private property by law-enforcement aircraft, there are no cases involving the use of satellite technology. In recent years, some military experts have questioned whether domestic use of such satellites would violate the Posse Comitatus Act. The act bars the military from engaging in law-enforcement activity inside the U.S., and the satellites were predominantly built for and owned by the Defense Department. According to Pentagon officials, the government has in the past been able to supply information from spy satellites to federal law- enforcement agencies, but that was done on a case-by-case basis and only with special permission from the president. Even the architects of the current move are unclear about the legal boundaries. A 2005 study commissioned by the U.S. intelligence community, which recommended granting access to the spy satellites for Homeland Security, noted: "There is little if any policy, guidance or procedures regarding the collection, exploitation and dissemination of domestic MASINT." MASINT stands for Measurement and Signatures Intelligence, a particular kind of information collected by spy satellites which would for the first time become available to civilian agencies. According to defense experts, MASINT uses radar, lasers, infrared, electromagnetic data and other technologies to see through cloud cover, forest canopies and even concrete to create images or gather data. Tracking Weapons The spy satellites are considered by military experts to be more penetrating than civilian ones: They not only take color, as well as black-and-white photos, but can also use different parts of the light spectrum to track human activities, including, for example, traces left by chemical weapons or heat generated by people in a building. Mr. Allen, the DHS intelligence chief, said the satellites have the ability to take a "multidimensional" look at ports and critical infrastructure from space to identify vulnerabilities. "There are certain technical abilities that will assist on land borders...to try to identify areas where narcotraficantes or alien smugglers may be moving dangerous people or materials," he said. The full capabilities of these systems are unknown outside the intelligence community, because they are among the most closely held secrets in government. Some civil-liberties activists worry that without proper oversight, only those inside the National Application Office will know what is being monitored from space. "You are talking about enormous power," said Gregory Nojeim, senior counsel and director of the Project on Freedom, Security and Technology for the Center for Democracy and Technology, a nonprofit group advocating privacy rights in the digital age. "Not only is the surveillance they are contemplating intrusive and omnipresent, it's also invisible. And that's what makes this so dangerous." Mr. Allen, the DHS intelligence chief, says the department is cognizant of the civil-rights and privacy concerns, which is why he plans to take time before providing law-enforcement agencies with access to the data. He says DHS will have a team of lawyers to review requests for access or use of the systems. "This all has to be vetted through a legal process," he says. "We have to get this right because we don't want civil-rights and civil- liberties advocates to have concerns that this is being misused in ways which were not intended." DHS's Mr. Allen says that while he can't talk about the program's capabilities in detail, there is a tendency to overestimate its powers. For instance, satellites in orbit are constantly moving and can't settle over an area for long periods of time. The platforms also don't show people in detail. "Contrary to what some people believe you cannot see if somebody needs a haircut from space," he says. James Devine, a senior adviser to the director of the Geological Survey, who is chairman of the committee now overseeing satellite- access requests, said traditional users of the spy-satellite data in the scientific community are concerned that their needs will be marginalized in favor of security concerns. Mr. Devine said DHS has promised him that won't be the case, and also has promised to include a geological official on a new interagency executive oversight committee that will monitor the activities of the National Applications Office. Mr. Devine says officials who vetted requests for the scientific community also are worried about the civil-liberties implications when DHS takes over the program. "We took very seriously our mission and made sure that there was no chance of inappropriate usage of the material," Mr. Devine says. He says he hopes oversight of the new DHS program will be "rigorous," but that he doesn't know what would happen in cases of complaints about misuse. --Andy Pasztor contributed to this article. Write to Robert Block at bobby.block at wsj.com3 From rforno at infowarrior.org Wed Aug 15 13:54:25 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Aug 2007 09:54:25 -0400 Subject: [Infowarrior] - New airport agents check for danger in fliers' facial expressions Message-ID: New airport agents check for danger in fliers' facial expressions By Kaitlin Dirrig | McClatchy Newspapers http://www.mcclatchydc.com/homepage/story/18923.html WASHINGTON ? Next time you go to the airport, there may be more eyes on you than you notice. Specially trained security personnel are watching body language and facial cues of passengers for signs of bad intentions. The watcher could be the attendant who hands you the tray for your laptop or the one standing behind the ticket-checker. Or the one next to the curbside baggage attendant. They're called Behavior Detection Officers, and they're part of several recent security upgrades, Transportation Security Administrator Kip Hawley told an aviation industry group in Washington last month. He described them as "a wonderful tool to be able to identify and do risk management prior to somebody coming into the airport or approaching the crowded checkpoint." The officers are working in more than a dozen airports already, according to Paul Ekman, a former professor at the University of California at San Francisco who has advised Hawley's agency on the program. Amy Kudwa, a TSA public affairs specialist, said the agency hopes to have 500 behavior detection officers in place by the end of 2008. Kudwa described the effort, which began as a pilot program in 2006, as "very successful" at identifying suspicious airline passengers. She said it had netted drug carriers, illegal immigrants and terrorism suspects. She wouldn't say more. At the heart of the new screening system is a theory that when people try to conceal their emotions, they reveal their feelings in flashes that Ekman, a pioneer in the field, calls "micro-expressions." Fear and disgust are the key ones, he said, because they're associated with deception. Behavior detection officers work in pairs. Typically, one officer sizes up passengers openly while the other seems to be performing a routine security duty. A passenger who arouses suspicion, whether by micro-expressions, social interaction or body language gets subtle but more serious scrutiny. A behavior specialist may decide to move in to help the suspicious passenger recover belongings that have passed through the baggage X-ray. Or he may ask where the traveler's going. If more alarms go off, officers will "refer" the person to law enforcement officials for further questioning. The strategy is based on a time-tested and successful Israeli model, but in the United States, the scrutiny is much less invasive, Ekman said. American officers receive 16 hours of training ? far less than their Israeli counterparts_ because U.S. officials want to be less intrusive. The use of "micro-expressions" to identify hidden emotions began nearly 30 years ago when Ekman and colleague Maureen O'Sullivan began studying videotapes of people telling lies. When they slowed down the videotapes, they noticed distinct facial movements and began to catalogue them. They were flickers of expression that lasted no more than a fraction of a second. The Department of Homeland Security hopes to dramatically enhance such security practices. Jay M. Cohen, undersecretary of Homeland Security for Science and Technology, said in May that he wants to automate passenger screening by using videocams and computers to measure and analyze heart rate, respiration, body temperature and verbal responses as well as facial micro-expressions. Homeland Security is seeking proposals from scientists to develop such technology. The deadline for submissions is Aug. 31. The system also would be used for port security, special-event screening and other security screening tasks. It faces high hurdles, however. Different cultures express themselves differently. Expressions and body language are easy to misread, and no one's catalogued them all. Ekman notes that each culture has its own specific body language, but that little has been done to study each individually in order to incorporate them in a surveillance program. In addition, automation won't be easy, especially for the multiple variables a computer needs to size up people. Ekman thinks people can do it better. "And it's going to be hard to get machines that are as accurate as trained human beings," Ekman said. Finally, the extensive data-gathering of passengers' personal information will raise civil-liberties concerns. "If you discover that someone is at risk for heart disease, what happens to that information?" Ekman asked. "How can we be certain that it's not sold to third parties?" Whether mass-automated security screening will ever be effective is unclear. In Cohen's PowerPoint slide accompanying his aviation industry presentation was this slogan: "Every truly great accomplishment is at first impossible." McClatchy Newspapers 2007 * del.icio.us * | * yahoo * | * Digg it From rforno at infowarrior.org Wed Aug 15 23:31:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Aug 2007 19:31:29 -0400 Subject: [Infowarrior] - RIP Appleworks Message-ID: (granted I haven't used it since the days of my Apple 2c and GS systems, but even then, it was an effing-powerful software suite that was simple yet elegant. Alas, those were the days! ---rf) Apple cans AppleWorks AppleWorks declared 'end of life' Jonny Evans http://www.macworld.co.uk/macsoftware/news/index.cfm?RSS&NewsID=18827 AppleWorks' last breath was masked by last week's iMac, iLife and iWork announcements - Apple has discontinued the product. Apple told resellers of the demise of AppleWorks last week, announcing that the software had reached "End of Life" status. It will no longer be sold. The AppleWorks website now directs users to the iWork section of Apple's website. The original AppleWorks was written by Robert Lissner and released in 1984 by Apple for the Apple II family of computers, and at one point was the biggest-selling software package in the industry. The modern incarnation of AppleWorks started life as ClarisWorks, written by Bob Hearn and Scott Holdaway. At one time, AppleWorks was bundled with all consumer level Macs sold by Apple. It reached version 6.0, where it languished since the late nineties. From rforno at infowarrior.org Thu Aug 16 00:58:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Aug 2007 20:58:29 -0400 Subject: [Infowarrior] - Appeals court may let NSA lawsuits proceed Message-ID: Appeals court may let NSA lawsuits proceed By Declan McCullagh http://news.com.com/Appeals+court+may+let+NSA+lawsuits+proceed/2100-1028_3-6 202865.html Story last modified Wed Aug 15 17:23:16 PDT 2007 SAN FRANCISCO--A federal appeals court on Wednesday appeared unwilling to end a pair of lawsuits that claim the Bush administration engaged in widespread illegal surveillance of Americans. The 9th U.S. Circuit Court of Appeals repeatedly pressed Gregory Garre, the Bush administration's deputy solicitor general, to justify his requests to toss out the suits on grounds they could endanger national security by possibly revealing "state secrets." Judge Harry Pregerson wondered: "We just have to take the word of members of the executive branch that it's a state secret. That's what you're saying, isn't it?" A moment later Judge Michael Hawkins suggested that granting the request could "mean abdication" of our duties. At the heart of both cases is the U.S. Department of Justice's argument that any lawsuit claiming illegal activity on behalf of AT&T and the National Security Agency--even if the eavesdropping is known to have taken place--cannot proceed because they could let enemies and terrorists know how the government's surveillance apparatus works. It "could compromise the sources, methods and operational details of our intelligence gathering capabilities," Solicitor General Garre said. In the first case, called Hepting v. AT&T, the Electronic Frontier Foundation and other attorneys had filed a class action lawsuit against AT&T saying it unlawfully opened its networks to the NSA. U.S. District Judge Vaughn Walker in San Francisco ruled last summer that it could proceed. The second case, Al-Haramain Islamic Foundation v. President Bush, is unique: it involves a classified document that the U.S. Treasury Department accidentally turned over to an attorney for the foundation. The top-secret document showed, according to the group, "Al-Haramain and its attorneys had been subjected to warrantless surveillance in violation of" federal law. They responded by filing another lawsuit in February 2006 alleging violations of the Foreign Intelligence Surveillance Act. Now on News.com A bump on the road to Windows Vista Photos: The one-of-a-kind wooden bicycle FAQ: Tapping the energy of the high seas Extra: Harry Potter and the death of books The Justice Department says the Al-Haramain case must be thrown out because it, too, could endanger state secrets. The foundation's attorneys must not even be allowed to refer to it, government attorney Thomas Bondy said Wednesday, because their "mental recollections of the documents are also out of the case." While no decision was announced Wednesday, and a final ruling could take months to reach, a three-judge panel of the 9th Circuit pressed prosecutors to justify asking that the case be dismissed based on declarations submitted by senior Bush administration officials. (All three judges are Democratic appointees.) "The bottom line here is that once the executive declares that certain activity is a state secret, that's the end of it?" Pregerson asked. "No cases, no litigation, absolute immunity? The king can do no wrong?" From rforno at infowarrior.org Thu Aug 16 01:02:02 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Aug 2007 21:02:02 -0400 Subject: [Infowarrior] - OT: How To Speak Hedgie Message-ID: How To Speak Hedgie What hedge-fund managers mean when they talk about challenges. By Daniel Gross Posted Tuesday, Aug. 14, 2007, at 4:16 PM ET http://www.slate.com/id/2172224/nav/tap3/ In these days of market volatility, hedge-fund managers and executives at all types of money management firms have been forced to explain why their funds are shutting down, losing money hand over fist, and freezing investors' funds. When they do so, however, they frequently lapse into a strange euphemistic dialect. And so we thought it would be helpful to provide a handy Hedgie-English glossary. Hedge-Fund Phrase: Challenging Translation: Run for the hills! Hedge-fund managers never piss away money. They just face challenges. "We sincerely appreciate your patience and understanding during this challenging period," Jeffrey Larson, founder of Sowood Capital, told investors last month, as he explained why the $3 billion hedge fund, having lost half its capital, was selling off its remaining positions and closing up shop. As two of its large hedge funds that invested in mortgage-backed securities were going down, Bear Stearns CEO James Cayne told investors that "the sub-prime mortgage market has been challenging for a number of months." More recently, Monday's Wall Street Journal quoted giant asset manager Barclays as saying that performance in its 32 Capital Fund had been "challenging." Hedge-Fund Phrase: Unprecedented, unique circumstances Translation: Stuff happens. But we had no clue. Anyone who read the best seller The Black Swan knows that random geopolitical, financial, and economic events can cause the prices of assets to move in ways that defy history and sophisticated computer models. But it comes as a shock to the brightest minds on Wall Street, especially those who run quantitative-based funds. "Wednesday is the type of day people will remember in quant-land for a very long time," Matthew Rothman, head of quantitative equity strategies for Lehman Brothers told the Wall Street Journal last week. "Events that models only predicted would happen once in 10,000 years happened every day for three days." Strangely, these same models failed to predict the once-in-10,000-year events that roiled the markets in 1997, 1998, 2001, and 2002. Hedge-Fund Phrase: Market volatility has produced unfair, unrealistic prices. Translation: The market is efficient only when it works in our favor. Several money managers blamed their temporary problems on investors' irrational collective behavior. "Investor fear has overtaken reason and has induced a period in which most securities have simply ceased to trade," said Sentinel Management, which sought to halt redemptions of some of its funds this week. And such conditions make it "virtually impossible to properly price securities or to trade them." Goldman Sachs CFO David Viniar noted that the firm's decision to inject $2 billion into its ailing Global Equity Opportunities fund "reflects our collective belief that the value of this fund is suffering from a market dislocation that does not reflect the fundamental value of the fund's positions." In other words, the losses shown by these funds isn't the fault of the managers, it's the fault of a market that just won't value assets properly. Ironically, you never hear fund managers say that their gains have been unwarrantedly large due to the market's failure to reflect stocks' fundamental value. Hedge-Fund Phrase: Our results were affected by the selling behavior of other firms. Translation: We made the same dumb trades as everyone else. "We have been caught in what appears to be a large wave of de-leveraging on the part of quantitative long/short hedge funds,'' James Simons of Renaissance Technologies said in a letter to investors last week, which sought to explain losses in his highly regarded hedge fund. He also noted that the methodology used by his fund was "undoubtedly shared by a number of long/short hedge funds." Goldman Sachs similarly blamed other funds' behavior for its own losses. Of course, the premise of high-end money management is that you don't simply mimic the same investment strategy of 30 other hedge funds. That why Simons was paid $1.7 billion in 2006 (article purchase required). Hedge-Fund Phrase: We just want to protect investors. Translation: We just want to cover our butts. Declining performance frequently leads investors to withdraw their funds, which can, in turn, force hedge funds to sell securities to raise cash. To forestall the ensuing death spiral, funds sometimes lock the door. French bank BNP Paribas last week froze redemptions of three funds that held mortgage-backed securities. BNP said it was limiting the libert? of its investors for the sake of protecting the Gallic virtues of ?galit? and fraternit?. Locking up the funds temporarily is the best way "to protect the interests and ensure the equal treatment of our investors." Sentinel used the classic American trope of aligning the interests of the owners with those of the shareholders. "We don't believe it is in anyone's best interest if a run on Sentinel took place and we were in a forced liquidation mode." Hedge-Fund Phrase: This isn't a rescue. Translation: THIS IS TOTALLY A RESCUE!!!!!!! Goldman Sachs' GEO fund lost 30 percent of its value in a week and was leveraged at a rate of 6-to-1. But to hear Goldman tell it, the cratering of its own fund simply presented an irresistible buying opportunity. "We are investing not because we have to, but because we want to," said Viniar during a conference call. At another point, he noted: "No, let me just clarify. This is not a rescue." And if you believe that, I've got some subprime debt I'd like to sell you. From rforno at infowarrior.org Thu Aug 16 02:53:27 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Aug 2007 22:53:27 -0400 Subject: [Infowarrior] - U.S. Defends Surveillance to 3 Skeptical Judges Message-ID: U.S. Defends Surveillance to 3 Skeptical Judges By ADAM LIPTAK Published: August 16, 2007 http://www.nytimes.com/2007/08/16/washington/16nsa.html?_r=1&hp&oref=slogin SAN FRANCISCO, Aug. 15 ? Three federal appeals court judges hearing challenges to the National Security Agency?s surveillance programs appeared skeptical of and sometimes hostile to the Bush administration?s central argument Wednesday: that national security concerns require that the lawsuits be dismissed. ?Is it the government?s position that when our country is engaged in a war that the power of the executive when it comes to wiretapping is unchecked?? Judge Harry Pregerson asked a government lawyer. His tone was one of incredulity and frustration. Gregory G. Garre, a deputy solicitor general representing the administration, replied that the courts had a role, though a limited one, in assessing the government?s assertion of the so-called state secrets privilege, which can require the dismissal of suits that could endanger national security. Judges, he said, must give executive branch determinations ?utmost deference.? ?Litigating this action could result in exceptionally grave harm to the national security of the United States,? Mr. Garre said, referring to the assessment of intelligence officials. The three judges, members of the United States Court of Appeals for the Ninth Circuit, were hearing arguments in two lawsuits challenging the highly classified surveillance programs, which the administration says are essential in fighting international terrorism. The appeals were the first to reach the court after dozens of suits against the government and telecommunications companies over N.S.A. surveillance were consolidated last year before the chief judge of the federal trial court here, Vaughn R. Walker. The appeals concern two related questions that must be answered before the merits of the challenges can be considered: whether the plaintiffs can clearly establish that they have been injured by the programs, giving them standing to sue; and whether the state secrets privilege requires dismissal of the suits on national security grounds. Though the questions are preliminary, the impact of the appeals court?s ruling may be quite broad. Should it rule for the government on either ground, the legality of the N.S.A. programs may never be adjudicated. All three judges indicated that they were inclined to allow one or both cases to go forward for at least limited additional proceedings before Judge Walker. The two cases deal with different secret programs, but are broadly similar. One, a class action against AT&T, focuses mainly on accusations that the company provided the N.S.A. its customers? phone and Internet communications for a vast data-mining operation. The lawyers in the AT&T case call that program, which the government has not acknowledged, a ?content dragnet.? The second case, brought by an Islamic charity and two of its lawyers against the government, concerns a program disclosed by The New York Times in December 2005, which the administration calls the Terrorist Surveillance Program. The program, which has since been submitted to a secret court?s supervision, bypassed court warrants in monitoring international communications involving people in the United States. Last month another federal appeals court, in Cincinnati, dismissed a suit brought in Detroit by the American Civil Liberties Union, saying the plaintiffs there, including lawyers and journalists, could not prove they had been injured by this latter program. Lawyers in the two cases that were argued Wednesday say they have such proof. In the AT&T case, the plaintiffs submitted a sworn statement from a former technician for the company who disclosed technical documents about the installation of monitoring equipment at an AT&T Internet switching center in San Francisco. Mr. Garre, representing the administration, and Michael K. Kellogg, a lawyer for AT&T, said the sworn statement was built on speculation and inferences. Robert D. Fram, a lawyer for the plaintiffs, said the statement provided more than enough direct evidence to allow the case to go forward. Similarly, in the case brought by the charity, al-Haramain Islamic Foundation, the plaintiffs say the government mistakenly provided them a document, since reclaimed, that proves they were subject to surveillance without court approval. On Wednesday, Thomas M. Bondy, a Justice Department lawyer, told the court that the document ?to this day remains totally classified.? In both cases, the government said the plaintiffs? evidence was insufficient to establish standing to sue, adding that even litigating the matter would endanger national security. ?Whether plaintiffs were subjected to surveillance is a state secret,? the Justice Department said in a recent brief in the Haramain case, ?and information tending to confirm or deny that fact is privileged.? One of the judges on the panel, M. Margaret McKeown, seemed to endorse a lower court finding that the wiretap program was no longer secret. ?We know quite a lot? about the Terrorist Surveillance Program, said Judge McKeown, who, like the third judge on the panel, Michael Daly Hawkins, was appointed by President Bill Clinton. Judge Pregerson, appointed by President Jimmy Carter, appeared irritated with the government?s arguments, and he became frustrated when Mr. Garre said he could not provide simple answers to questions about the scope of a recently amended 1978 law, the Foreign Intelligence Surveillance Act. Mr. Garre said it was a complicated law. ?Can?t be any more complicated than my phone bill,? Judge Pregerson said. From rforno at infowarrior.org Thu Aug 16 11:58:47 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Aug 2007 07:58:47 -0400 Subject: [Infowarrior] - Vague Threat Prompts Steps by N.Y. Police Message-ID: August 11, 2007 Vague Threat Prompts Steps by N.Y. Police By THE NEW YORK TIMES http://www.nytimes.com/2007/08/11/nyregion/11threat.html?_r=1&oref=slogin&pa gewanted=print The Police Department set up checkpoints yesterday in Lower Manhattan and increased security after learning of a vague threat of a radiological attack here. In an interview last night, Paul J. Browne, a police spokesman, said, ?We?ve found nothing to verify the threat.? He added, though, ?Because it meant our deploying radiological monitoring equipment, it was noticed, and it gave rise to some rumors that we were obligated to kill.? The police learned about the threat through an item on the Web site debka.com ? a site that Mr. Browne said was believed to have Israeli intelligence and military sources ? that said that Qaeda operatives were planning to detonate a truck filled with radiological material in New York, Los Angeles or Miami. Officials say the Web site carries reports that are often wrong, but occasionally right. In response to the threat, the police set up checkpoints at various Manhattan entry points and at Bowery and Canal Street. They also ?increased deployment of radiological sensors, including vehicle, marine and helicopter-mounted, as well as those carried by N.Y.P.D. personnel,? a statement from the department said. Mayor Michael R. Bloomberg released his own statement last night saying the city?s threat level had not changed and calling the police response nothing out of the ordinary. ?These actions are like those that the N.Y.P.D. takes every day: precautions against potential but unconfirmed threats that may never materialize,? he said. From rforno at infowarrior.org Thu Aug 16 12:22:00 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Aug 2007 08:22:00 -0400 Subject: [Infowarrior] - LAX outage is blamed on a single computer?!? Message-ID: LAX outage is blamed on a single computer City officials demand a full report on the U.S. Customs system failure and contingency plans. By Tami Abdollah, Los Angeles Times Staff Writer August 15, 2007 http://www.latimes.com/news/nationworld/nation/la-me-lax15aug15,1,6802259.st ory?coll=la-headlines-nation&ctrack=1&cset=true U.S. Customs officials said Tuesday that they had traced the source of last weekend's system outage that left 17,000 international passengers stranded in airplanes to a malfunctioning network interface card on a single desktop computer in the Tom Bradley International Terminal at LAX. The card, which allows computers to connect to a local area network, experienced a partial failure that started about 12:50 p.m. Saturday, slowing down the system, said Jennifer Connors, a chief in the office of field operations for the Customs and Border Protection agency. As data overloaded the system, a domino effect occurred with other computer network cards, eventually causing a total system failure a little after 2 p.m., Connors said. "All indications are there was no hacking, no tampering, no terrorist link, nothing like that," she said. "It was an internal problem" contained to the Los Angeles International Airport system. The system was restored about nine hours later, only to give out again late Sunday for about 80 minutes, until about 1:15 a.m. Monday. The second outage was caused by a power supply failure, Connors said. But customs officials are investigating whether the Saturday incident may have played a role in Sunday's outage. Los Angeles City Council members Bill Rosendahl and Janice Hahn called Tuesday for an immediate report from Los Angeles World Airports, which runs LAX, on actions taken by the customs agency to permanently correct the computer malfunction problem. They also called for World Airports to report on contingency plans for working with customs and other officials to properly deal with passengers in the event of another such breakdown. Nancy Castles, a spokeswoman for the airports agency, said airport and customs officials are discussing how to handle a similar incident should it occur. The customs agency "has total federal jurisdiction on whether or not to allow people on or off the planes," Castles said. During the incident, the customs agency authorized airport officials to supply food, water and even diapers to stranded passengers, as well as fuel to keep air-conditioning systems running on planes. Also Tuesday, Rep Jane Harman (D-Venice) requested a comprehensive briefing from customs officials in Washington early next week. Customs and Border Protection agency spokesman Michael Fleming said the agency had formed a group in Washington to study the system malfunction: "how it happened, how we're going to address it . . . . " A plan was already in place this year to update and replace customs' entire information technology system at major international airports, with work at LAX scheduled to be completed by October 2008, Connors said. tami.abdollah at latimes.com From rforno at infowarrior.org Thu Aug 16 22:45:24 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Aug 2007 18:45:24 -0400 Subject: [Infowarrior] - Federal ID plan raises privacy concerns Message-ID: Federal ID plan raises privacy concerns By Eliott C. McLaughlin CNN http://www.cnn.com/2007/POLITICS/08/16/real.id/ (CNN) -- Americans may need passports to board domestic flights or to picnic in a national park next year if they live in one of the states defying the federal Real ID Act. art.chertoff.realid.gi.jpg Homeland Security Secretary Michael Chertoff says there are no plans for a federal database of drivers' information. The act, signed in 2005 as part of an emergency military spending and tsunami relief bill, aims to weave driver's licenses and state ID cards into a sort of national identification system by May 2008. The law sets baseline criteria for how driver's licenses will be issued and what information they must contain. The Department of Homeland Security insists Real ID is an essential weapon in the war on terror, but privacy and civil liberties watchdogs are calling the initiative an overly intrusive measure that smacks of Big Brother. More than half the nation's state legislatures have passed symbolic legislation denouncing the plan, and some have penned bills expressly forbidding compliance. Several states have begun making arrangements for the new requirements -- four have passed legislation applauding the measure -- but even they may have trouble meeting the act's deadline. The cards would be mandatory for all "federal purposes," which include boarding an airplane or walking into a federal building, nuclear facility or national park, Homeland Security Secretary Michael Chertoff told the National Conference of State Legislatures last week. Citizens in states that don't comply with the new rules will have to use passports for federal purposes. "For terrorists, travel documents are like weapons," Chertoff said. "We do have a right and an obligation to see that those licenses reflect the identity of the person who's presenting it." Chertoff said the Real ID program is essential to national security because there are presently 8,000 types of identification accepted to enter the United States. "It is simply unreasonable to expect our border inspectors to be able to detect forgeries on documents that range from baptismal certificates from small towns in Texas to cards that purport to reflect citizenship privileges in a province somewhere in Canada," he said. Chertoff attended the conference in Boston, Massachusetts, in part to allay states' concerns, but he had few concrete answers on funding. The Department of Homeland Security, which estimates state and federal costs could reach $23.1 billion over 10 years, is looking for ways to lessen the burden on states, he said. On the recent congressional front, however, Chertoff could point only to an amendment killed in the Senate last month that would've provided $300 million for the program. "There's going to be an irreducible expense that falls on you, and that's part of the shared responsibility," Chertoff told the state legislators. Bill Walsh, senior legal fellow for the Heritage Foundation, a Washington-based conservative think tank that supports the Real ID Act, said states shouldn't be pushing for more federal dollars because, ultimately, that will mean more federal oversight -- and many complaints about cost coincide with complaints about the federal government overstepping its bounds. "They are only being asked to do what they should've already done to protect their citizens," Walsh said, blaming arcane software and policies at state motor vehicle departments for what he called "a tremendous trafficking in state driver's licenses." The NCSL is calling Real ID an "unfunded mandate" that could cost states up to $14 billion over the next decade, but for which only $40 million has been federally approved. The group is demanding Congress pony up $1 billion for startup costs by year's end or scrap the proposal altogether. Everyone must visit DMV by 2013 The Real ID Act repealed a provision in the 9/11 Commission Implementation Act calling for state and federal officials to examine security standards for driver's licenses. It called instead for states to begin issuing new federal licenses, lasting no longer than eight years, by May 11, 2008, unless they are granted an extension. It also requires all 245 million license and state ID holders to visit their local departments of motor vehicles and apply for a Real ID by 2013. Applicants must bring a photo ID, birth certificate, proof of Social Security number and proof of residence, and states must maintain and protect massive databases housing the information. NCSL spokesman Bill Wyatt said the requirements are "almost physically impossible." States will have to build new facilities, secure those facilities and shell out for additional equipment and personnel. Those costs are going to fall back on the American taxpayer, he said. It might be in the form of a new transportation, motor vehicle or gasoline tax. Or you might find it tacked on to your next state tax bill. In Texas, Wyatt said, one official told him that without federal funding, the Longhorn State might have to charge its citizens more than $100 for a license. "We kind of feel like the way they went about this is backwards," Wyatt said, explaining that states would have appreciated more input into the process. "Each state has its own unique challenges and these are best addressed at state levels. A one-size-fits-all approach to driver's licenses doesn't necessarily work." Many states have revolted. The governors of Idaho, Maine, Montana, New Hampshire, Oklahoma, South Carolina and Washington have signed bills refusing to comply with the act. Six others have passed bills and/or resolutions expressing opposition, and 15 have similar legislation pending. Though the NCSL says most states' opposition stems from the lack of funding, some states cited other reasons for resisting the initiative. New Hampshire passed a House bill opposing the program and calling Real ID "contrary and repugnant" to the state and federal constitutions. A Colorado House resolution dismissed Real ID by expressing support for the war on terror but "not at the expense of essential civil rights and liberties of citizens of this country." Privacy concerns raised Colorado and New Hampshire lawmakers are not alone. Groups like the American Civil Liberties Union and Electronic Frontier Foundation say the IDs and supporting databases -- which Chertoff said would eventually be federally interconnected -- will infringe on privacy. EFF says on its Web site that the information in the databases will lay the groundwork for "a wide range of surveillance activities" by government and businesses that "will be able to easily read your private information" because of the bar code required on each card. The databases will provide a one-stop shop for identity thieves, adds the ACLU on its Web site, and the U.S. "surveillance society" and private sector will have access to the system "for the routine tracking, monitoring and regulation of individuals' movements and activities." The civil liberties watchdog dubs the IDs "internal passports" and claims it wouldn't be long before office buildings, gas stations, toll booths, subways and buses begin accessing the system. But Chertoff told legislators last week that DHS has no intention of creating a federal database, and Walsh, of the Heritage Foundation, said the ACLU's allegations are disingenuous. States will be permitted to share data only when validating someone's identity, Walsh said. "The federal government wouldn't have any greater access to driver's license information than it does today," Walsh said. States have the right to refuse to comply with the program, he said, and they also have the right to continue issuing IDs and driver's licenses that don't meet Real ID requirements. But, Walsh said, "any state that's refusing to implement this key recommendation by the 9/11 Commission, and whose state driver's licenses are as a result used in another terrorist attack, should be held responsible." State reaction to Real ID has not been all negative. Four states have passed bills or resolutions expressing approval for the program, and 13 states have similar legislation pending (Several states have pending pieces of legislation both applauding and opposing Real ID). advertisement Chertoff said there would be repercussions for states choosing not to comply. "This is not a mandate," Chertoff said. "A state doesn't have to do this, but if the state doesn't have -- at the end of the day, at the end of the deadline -- Real ID-compliant licenses then the state cannot expect that those licenses will be accepted for federal purposes." E-mail to a friend E-mail to a friend All About American Civil Liberties Union ? From rforno at infowarrior.org Fri Aug 17 01:19:00 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Aug 2007 21:19:00 -0400 Subject: [Infowarrior] - Pentagon Paid $998, 798 to Ship Two 19-Cent Washers Message-ID: Pentagon Paid $998,798 to Ship Two 19-Cent Washers (Update3) By Tony Capaccio http://www.bloomberg.com/apps/news?pid=20601070&sid=ardg6DwCCMFI&refer=home Aug. 16 (Bloomberg) -- A small South Carolina parts supplier collected about $20.5 million over six years from the Pentagon for fraudulent shipping costs, including $998,798 for sending two 19-cent washers to an Army base in Texas, U.S. officials said. The company also billed and was paid $455,009 to ship three machine screws costing $1.31 each to Marines in Habbaniyah, Iraq, and $293,451 to ship an 89-cent split washer to Patrick Air Force Base in Cape Canaveral, Florida, Pentagon records show. The owners of C&D Distributors in Lexington, South Carolina -- twin sisters -- exploited a flaw in an automated Defense Department purchasing system: bills for shipping to combat areas or U.S. bases that were labeled ``priority'' were usually paid automatically, said Cynthia Stroot, a Pentagon investigator. C&D and two of its officials were barred in December from receiving federal contracts. Today, a federal judge in Columbia, South Carolina, accepted the guilty plea of the company and one sister, Charlene Corley, to one count of conspiracy to commit wire fraud and one count of conspiracy to launder money, Assistant U.S. Attorney Kevin McDonald said. Corley, 46, was fined $750,000. She faces a maximum prison sentence of 20 years on each count and will be sentenced soon, McDonald said in a telephone interview from Columbia. Stroot said her sibling died last year. Corley didn't immediately return a phone message left on her answering machine at her office in Lexington. Her attorney, Gregory Harris, didn't immediately return a phone call placed to his office in Columbia. `Got More Aggressive' C&D's fraudulent billing started in 2000, Stroot, the Defense Criminal Investigative Service's chief agent in Raleigh, North Carolina, said in an interview. ``As time went on they got more aggressive in the amounts they put in.'' The price the military paid for each item shipped rarely reached $100 and totaled just $68,000 over the six years in contrast to the $20.5 million paid for shipping, she said. ``The majority, if not all of these parts, were going to high-priority, conflict areas -- that's why they got paid,'' Stroot said. If the item was earmarked ``priority,'' destined for the military in Iraq, Afghanistan or certain other locations, ``there was no oversight.'' Scheme Detected The scheme unraveled in September after a purchasing agent noticed a bill for shipping two more 19-cent washers: $969,000. That order was rejected and a review turned up the $998,798 payment earlier that month for shipping two 19-cent washers to Fort Bliss, Texas, Stroot said. The Pentagon's Defense Logistics Agency orders millions of parts a year. ``These shipping claims were processed automatically to streamline the re-supply of items to combat troops in Iraq and Afghanistan,'' the Justice Department said in a press release announcing today's verdict. Stroot said the logistics agency and the Defense Finance and Accounting Service, which pays contractors, have made major changes, including thorough evaluations of the priciest shipping charges. Dawn Dearden, a spokeswoman for the logistics agency, said finance and procurement officials immediately examined all billing records. Stroot said the review showed that fraudulent billing is ``not a widespread problem.'' ``C&D was a rogue contractor,'' Stroot said. While other questionable billing has been uncovered, nothing came close to C&D's, she said. The next-highest billing for questionable costs totaled $2 million, she said. Stroot said the Pentagon hopes to recoup most of the $20.5 million by auctioning homes, beach property, jewelry and ``high- end automobiles'' that the sisters spent the money on. ``They took a lot of vacations,'' she said. To contact the reporter on this story: Tony Capaccio a From rforno at infowarrior.org Fri Aug 17 01:22:49 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Aug 2007 21:22:49 -0400 Subject: [Infowarrior] - FBI & ICE Bury Terrorism Cases Behind the Wall In-Reply-To: <05A0F257-0E3B-43C5-A644-F1B5C0DBCBDF@PACBELL.NET> Message-ID: Tuesday 14 Aug 2007 FBI & ICE Bury Terrorism Cases Behind the Wall By Annie Jacobsen in category Bureaucracy & The Wall http://www.theaviationnation.com/ A stunning report by the Inspector General reveals that the turf war between the FBI and ICE (Immigrations and Customs Enforcement) has resulted in major terrorism cases being dropped or ignored by ICE agents so as to avoid working with FBI agents. From USA Today: Using a hypothetical example, the report said, if a case involved two leads ? one involving illegal drugs and the other involving terrorism ? an agent would pursue the drug lead in order to avoid working with the FBI. In such cases, the agent did not always forward the terrorism lead to the joint task force, the report said. The Joint Terrorism Task Force (JTTF) is controlled by the FBI. Not only does this egregious pettiness jeopardize the country's national security, but it contradicts the very premise of the creation of the Department of Homeland Security which was to tear down the wall of bureaucracy. Instead, according to both Inspector Generals overseeing the two federal agencies, the FBI and ICE have buried terrorism cases behind that wall. The investigation began at the behest of Iowa Senator Charles Grassley, a member of the Judiciary Committee. According to a press release, Senator Grassley sought oversight in response "to reports from retired ICE agent Joe Webber, a 30-year veteran and former head of the Houston field office." "It seems obvious that the findings of this report justify concerns about a lack of trust between our two largest federal law enforcement agencies. They need to work together in order to do everything possible to protect Americans in the war on terror," Grassley said in a statement. The report is posted at http://grassley.senate.gov. From rforno at infowarrior.org Fri Aug 17 11:53:34 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Aug 2007 07:53:34 -0400 Subject: [Infowarrior] - Liberties Advocates Fear Abuse of Satellite Images Message-ID: August 17, 2007 Liberties Advocates Fear Abuse of Satellite Images By ERIC SCHMITT http://www.nytimes.com/2007/08/17/us/17spy.html?ei=5090&en=54ee7068cc313140& ex=1345003200&partner=rssuserland&emc=rss&pagewanted=print WASHINGTON, Aug. 16 ? For years, a handful of civilian agencies have used limited images from the nation?s constellation of spy satellites to track hurricane damage, monitor climate change and create topographical maps. But a new plan to allow emergency response, border control and, eventually, law enforcement agencies greater access to sophisticated satellites and other sensors that monitor American territory has drawn sharp criticism from civil liberties advocates who say the government is overstepping the use of military technology for domestic surveillance. ?It potentially marks a transformation of American political culture toward a surveillance state in which the entire public domain is subject to official monitoring,? said Steven Aftergood, director of the Project on Government Secrecy for the Federation of American Scientists. At issue is a newly disclosed plan that Mike McConnell, director of national intelligence, approved in May in a memorandum to Homeland Security Secretary Michael Chertoff, which puts some of the nation?s most powerful intelligence-gathering tools at the disposal of domestic security officials as early as this fall. The uses include enhancing seaport and land-border security, improving planning to mitigate natural disasters, and determining how best to secure major events, like the Super Bowl or national political conventions. Eventually, state and local law enforcement officials could be allowed to tap into the technology on a case-by-case basis, once legal guidelines are worked out, administration officials said. Spy satellites, which provide higher-resolution photographs than commercial satellite imagery, and in real time, have traditionally been used overseas to monitor terrorist movements and nuclear tests. Their expanded use in domestic surveillance marks a new era in intelligence gathering, conjures up images of ?Big Brother in the sky,? and raises civil liberties concerns. ?This touches so many Americans, it can?t be allowed to be discussed behind closed doors,? said Caroline Fredrickson, director of the Washington legislative office of the American Civil Liberties Union. The new data sharing comes as Congress passed legislation this month that broadened the Bush administration?s authority to eavesdrop without warrants on some Americans? international communications. Administration officials say that in the aftermath of the Sept. 11 attacks, the government has been looking for ways to use spy satellites and other sensors to strengthen the nation?s defenses against terrorism. ?The view after Sept. 11 was that we ought to move this to homeland security and broaden the domain,? Charles E. Allen, the Department of Homeland Security?s top intelligence officer, said Thursday in a telephone interview. ?We obviously believe this is a good expansion.? The new plan largely follows recommendations included in a 2005 independent study group led by Keith R. Hall, a former head of the National Reconnaissance Office who is a vice president of the consulting firm Booz Allen Hamilton. ?Today, policies and practices governing the use of I.C. capabilities, many of which predate 9/11, discourage rather than encourage use by domestic users especially law enforcement,? the report said. The abbreviation I.C. refers to the intelligence community. ?The ultimate effect is missed opportunities to collect, exploit and disseminate domestic information critical to fighting the war on terrorism, preparing for, responding to, and recovering from disasters natural and man-made,? the report said. The Posse Comitatus Act of 1878 prohibits the active-duty military forces from conducting law enforcement missions on American soil, and Mr. Allen underscored that the new information-sharing would not violate that ban. Mr. Allen said that the new program would be especially useful for disaster planning, and for policing land and seaports. He said the effort might eventually share information with domestic law enforcement officials but only after a careful review that would take several months. ?We are not going to be penetrating buildings, bunkers or people?s homes with this,? Mr. Allen said. ?I view that as absurd. My view is that no American should be concerned.? A new office within the Homeland Security Department, called the National Applications Office, will be responsible beginning in October for coordinating requests from civilian agencies for spy satellite information. The Homeland Security Department and the Office of the Director of National Intelligence would be responsible for overseeing the program. Reviews would be conducted by agency lawyers, inspectors general and privacy officers. Civil liberties advocates complained that the agencies could not be trusted to supervise themselves, and that Congress needed to play a larger oversight role. An official with the House Intelligence Committee said the panel had been notified of the program last spring but had not been given details of the data-sharing, and would ask for a full briefing when lawmakers returned in September from their summer recess. ?Crystal-clear rules on the use of such information are needed to protect the privacy of the American people,? said Representative Jane Harman, a California Democrat who heads the House Homeland Security Subcommittee on Intelligence, Information Sharing and Terrorism Risk Assessment. From rforno at infowarrior.org Fri Aug 17 12:39:22 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Aug 2007 08:39:22 -0400 Subject: [Infowarrior] - CIA, FBI Computers Used for Wikipedia Edits Message-ID: CIA, FBI Computers Used for Wikipedia Edits http://www.washingtonpost.com/wp-dyn/content/article/2007/08/16/AR2007081601 727_pf.html By Randall Mikkelsen Reuters Thursday, August 16, 2007; 6:43 PM WASHINGTON (Reuters) - People using CIA and FBI computers have edited entries in the online encyclopedia Wikipedia on topics including the Iraq war and the Guantanamo prison, according to a new tracing program. The changes may violate Wikipedia's conflict-of-interest guidelines, a spokeswoman for the site said on Thursday. The program, WikiScanner, was developed by Virgil Griffith of the Santa Fe Institute in New Mexico and posted this month on a Web site that was quickly overwhelmed with searches. The program allows users to track the source of computers used to make changes to the popular Internet encyclopedia where anyone can submit and edit entries. WikiScanner revealed that CIA computers were used to edit an entry on the U.S.-led invasion of Iraq in 2003. A graphic on casualties was edited to add that many figures were estimated and were not broken down by class. Another entry on former CIA chief William Colby was edited by CIA computers to expand his career history and discuss the merits of a Vietnam War rural pacification program that he headed. Aerial and satellite images of the U.S. prison for terrorism suspects at Guantanamo Bay, Cuba, were removed using a computer traced to the FBI, WikiScanner showed. CIA spokesman George Little said he could not confirm whether CIA computers were used in the changes, adding that "the agency always expects its computer systems to be used responsibly." The FBI did not have an immediate response. Computers at numerous other organizations and companies were found to have been involved in editing articles related to them. Griffith said he developed WikiScanner "to create minor public relations disasters for companies and organizations I dislike (and) to see what 'interesting organizations' (which I am neutral towards) are up to." It was not known whether changes were made by an official representative of an agency or company, Griffith said, but it was certain the change was made by someone with access to the organization's network. It violates Wikipedia's neutrality guidelines for a person with close ties to an issue to contribute to an entry about it, said spokeswoman Sandy Ordonez of the Wikimedia Foundation, Wikipedia's parent organization. However, she said, "Wikipedia is self-correcting," meaning misleading entries can be quickly revised by another editor. She said Wikimedia welcomed the WikiScanner. WikiScanner can be found at wikiscanner.virgil.gr/ ? 2007 Reuters From rforno at infowarrior.org Fri Aug 17 15:32:52 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Aug 2007 11:32:52 -0400 Subject: [Infowarrior] - Kevlar-Lined School Uniforms Coming To U.S. Message-ID: Kevlar-Lined School Uniforms Coming To U.S. http://keyetv.com/topstories/topstories_story_228004502.html (CBS) LONDON Pencils, notebooks and ? stab-proof vests? It doesn't sound like your usual back to school list, but some British families are shelling out hundreds of dollars for the protective uniforms, all due to a danger that has parents concerned. The mean streets of Britain can be deadly. Surveillance cameras captured one attack that left a young man stabbed to death. Teenage killings here have skyrocketed. As kids go back to school, petrified parents are taking an extraordinary step, outfitting their children with stab-proof school uniforms, lined with Kevlar, the same kind of material found in flak jackets worn by U.S. troops. They'll stop anybody bent on slashing the wearer. Casual clothes are getting the treatment too. And Internet orders have been flooding in, including hundreds from the U.S. "I was actually quite shocked myself," said Adrian Davis, manufacturer of a model of protective vest. "This wasn't even a direction I was looking to move in, but we have to do something." Eighteen young people were murdered this year in London alone, and a recent study revealed that 1 in 3 children have carried a knife in the past year. Three boys at Heather Guiste's school have been stabbed to death. "It will protect the children," Guiste said. "I do think it's a brilliant idea because you know, you never know because the parents ain't gonna be there all the time." The government insists violent crime is falling, despite the surge in teen stabbings. "Around 1 percent of crimes either have a knife used or intimated, so it is a tiny proportion of total crime," said Deputy Asst. Commissioner Al Hitchcock. But for some parents, even that minimal risk is too great when it comes to protecting their most valued treasure of all. The company producing the stab-proof clothing is called "Bladerunner." In addition to hundreds of United Kingdom sales, they say they've had orders from New York, Los Angeles, Dallas and Florida, but these orders were not for school uniforms. (? MMVII, CBS Broadcasting Inc. All Rights Reserved.) From rforno at infowarrior.org Sat Aug 18 02:27:03 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Aug 2007 22:27:03 -0400 Subject: [Infowarrior] - FISA Court: Admin must respond to ACLU Message-ID: In Unprecedented Order, FISA Court Requires Bush Administration to Respond to ACLU's Request That Secret Court Orders Be Released to the Public (8/17/2007) Government Must Respond by August 31 FOR IMMEDIATE RELEASE CONTACT: media at aclu.org http://www.aclu.org/safefree/spying/31356prs20070817.html WASHINGTON - In an unprecedented order, the Foreign Intelligence Surveillance Court (FISC) has required the U.S. government to respond to a request it received last week by the American Civil Liberties Union for orders and legal papers discussing the scope of the government's authority to engage in the secret wiretapping of Americans. According to the FISC's order, the ACLU's request "warrants further briefing," and the government must respond to it by August 31. The court has said that any reply by the ACLU must be filed by September 14. "Disclosure of these court orders and legal papers is essential to the ongoing debate about government surveillance," said Anthony D. Romero, Executive Director of the ACLU. "We desperately need greater transparency and public scrutiny.We're extremely encouraged by today's development because it means that, at long last, the government will be required to defend its contention that the orders should not be released." The ACLU filed the request with the FISC following Congress' recent passage of the so-called "Protect America Act," a law that vastly expands the Bush administration's authority to conduct warrantless wiretapping of Americans' international phone calls and e-mails. In their aggressive push to justify passing this ill-advised legislation, the administration and members of Congress made repeated and veiled references to orders issued by the FISC earlier this year. The legislation is set to expire in six months unless it is renewed. "These court orders relate to the circumstances in which the government should be permitted to use its profoundly intrusive surveillance powers to intercept the communications of U.S. citizens and residents," said Jameel Jaffer, Director of the ACLU's National Security Project. "The debate about this issue should not take place in a vacuum.It's imperative that the public have access to basic information about what the administration has proposed and what the intelligence court has authorized." FISC orders have played a critical role in the evolution of the government's surveillance activities over the past six years. After September 11, President Bush authorized the National Security Agency (NSA) to inaugurate a program of warrantless wiretapping inside the United States. In January 2007, however, just days before an appeals court was to hear the government's appeal from a judicial ruling that had found the NSA program to be illegal in a case brought by the ACLU, Attorney General Gonzales announced that the NSA program would be discontinued. Gonzales explained that the change was made possible by FISC orders issued on January 10, 2007, which he characterized as "complex" and "innovative." Those orders are among the documents requested by the ACLU. Since January 2007, government officials have spoken publicly about the January 10 orders in congressional testimony, to the media and in legal papers - the orders remaining secret all the while. They have also indicated that the FISC issued other orders in the spring that restricted the administration's surveillance activities. House Minority Leader John Boehner stated that the FISC had issued a ruling prohibiting intelligence agents from intercepting foreign-to-foreign calls passing through the United States. To a large extent, it was the perception that the FISC had issued an order limiting the administration's surveillance authority that led Congress to pass the new legislation expanding the government's surveillance powers. Yet the order itself, like the January 2007 order, has remained secret. The ACLU's request to the FISC acknowledges that the FISC's docket includes a significant amount of material that is properly classified. The ACLU argues, however, that the release of court orders and opinions would not raise any security concern to the extent that these records address purely legal issues about the scope of the government's wiretap authority, and points out that the FISC has released such orders and opinions before. The ACLU is seeking release of all information in those judicial orders and legal papers the court determines, after independent review, to be unclassified or improperly classified. A copy of the FISA court order, the ACLU's motion to the FISC, as well as information about the ACLU's lawsuit against the NSA and other related materials are available online at: www.aclu.org/spying In addition to Jaffer, lawyers on the case are Steven R. Shapiro, Melissa Goodman, and Alexa Kolbi-Molinas of the ACLU and Art Spitzer of the ACLU of the National Capital Area. From rforno at infowarrior.org Sat Aug 18 14:42:45 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 18 Aug 2007 10:42:45 -0400 Subject: [Infowarrior] - LA Times hysteria on Google News, UBL, and 'unedited' responses Message-ID: Two salient points from this LA Times editorial about Google News are just too funny to ignore....... Source: http://www.latimes.com/news/opinion/la-ed-google17aug17,0,5712024.column?col l=la-opinion-leftrail > Many publishers consider the Internet, and Google in particular, a greater > threat to their livelihoods than Osama bin Laden. Always good fear tactic to invoke UBL in the first sentence of an editorial rant. It's right up there with waving the flag and asking about who's protecting the children. Smaks of ignorant desperation, methinks. > But Google now is doing yet another thing that's bound to get under > journalists' skin. This month, it announced plans to let people and > organizations comment on the stories written about them. For example, if The > Times ran another expos? on conflicts of interest within the Food and Drug > Administration's drug-approval process, Google News would provide a forum for > the FDA and any researchers or drug manufacturers implicated in the story to > respond, unedited. How dare Google let the public or the subject of a news story publish a response that is UNEDITED by the journalism community on a site called "news"? My stars, that would be the thin edge of the wedge and the end of civilization as we know it! (Granted, there's the potential for lots of 'noise' in such unedited forums, but It's not like folks could publish their own responses on blogs and/or via press releases already, right?) You have to wonder if the ailing print news industry is shooting itself in both feet using such histrionics and self-serving fearmongering ala the entertainment industry. -rf From rforno at infowarrior.org Sun Aug 19 02:03:51 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 18 Aug 2007 22:03:51 -0400 Subject: [Infowarrior] - Concern Over Wider Spying Under New Law Message-ID: August 19, 2007 Concern Over Wider Spying Under New Law By JAMES RISEN and ERIC LICHTBLAU http://www.nytimes.com/2007/08/19/washington/19fisa.html?ei=5065&en=d48269ca 162f2f10&ex=1188100800&partner=MYWAY&pagewanted=print WASHINGTON, Aug. 18 ? Broad new surveillance powers approved by Congress this month could allow the Bush administration to conduct spy operations that go well beyond wiretapping to include ? without court approval ? certain types of physical searches of American citizens and the collection of their business records, Democratic Congressional officials and other experts said. Administration officials acknowledged that they had heard such concerns from Democrats in Congress recently, and that there was a continuing debate over the meaning of the legislative language. But they said the Democrats were simply raising theoretical questions based on a harsh interpretation of the legislation. They also emphasized that there would be strict rules in place to minimize the extent to which Americans would be caught up in the surveillance. The dispute illustrates how lawmakers, in a frenetic, end-of-session scramble, passed legislation they may not have fully understood and may have given the administration more surveillance powers than it sought. It also offers a case study in how changing a few words in a complex piece of legislation has the potential to fundamentally alter the Foreign Intelligence Surveillance Act, a landmark national security law. Two weeks after the legislation was signed into law, there is still heated debate over how much power Congress gave to the president. ?This may give the administration even more authority than people thought,? said David Kris, a former senior Justice Department lawyer in the Bush and Clinton administrations and a co-author of ?National Security Investigation and Prosecutions,? a new book on surveillance law. Several legal experts said that by redefining the meaning of ?electronic surveillance,? the new law narrows the types of communications covered in the Foreign Intelligence Surveillance Act, known as FISA, by indirectly giving the government the power to use intelligence collection methods far beyond wiretapping that previously required court approval if conducted inside the United States. These new powers include the collection of business records, physical searches and so-called ?trap and trace? operations, analyzing specific calling patterns. For instance, the legislation would allow the government, under certain circumstances, to demand the business records of an American in Chicago without a warrant if it asserts that the search concerns its surveillance of a person who is in Paris, experts said. It is possible that some of the changes were the unintended consequences of the rushed legislative process just before this month?s Congressional recess, rather than a purposeful effort by the administration to enhance its ability to spy on Americans. ?We did not cover ourselves in glory,? said one Democratic aide, referring to how the bill was compiled. But a senior intelligence official who has been involved in the discussions on behalf of the administration said that the legislation was seen solely as a way to speed access to the communications of foreign targets, not to sweep up the communications of Americans by claiming to focus on foreigners. ?I don?t think it?s a fair reading,? the official said. ?The intent here was pure: if you?re targeting someone outside the country, the fact that you?re doing the collection inside the country, that shouldn?t matter.? Democratic leaders have said they plan to push for a revision of the legislation as soon as September. ?It was a legislative over-reach, limited in time,? said one Congressional Democratic aide. ?But Democrats feel like they can regroup.? Some civil rights advocates said they suspected that the administration made the language of the bill intentionally vague to allow it even broader discretion over wiretapping decisions. Whether intentional or not, the end result ? according to top Democratic aides and other experts on national security law ? is that the legislation may grant the government the right to collect a range of information on American citizens inside the United States without warrants, as long as the administration asserts that the spying concerns the monitoring of a person believed to be overseas. In effect, they say, the legislation significantly relaxes the restrictions on how the government can conduct spying operations aimed at foreigners at the same time that it allows authorities to sweep up information about Americans. These new powers are considered overly broad and troubling by some Congressional Democrats who raised their concerns with administration officials in private meetings this week. ?This shows why it is so risky to change the law by changing the definition? of something as basic as the meaning of electronic surveillance, said Suzanne Spaulding, a former Congressional staff member who is now a national security legal expert. ?You end up with a broad range of consequences that you might not realize.? The senior intelligence official acknowledged that Congressional staff members had raised concerns about the law in the meetings this week, and that ambiguities in the bill?s wording may have led to some confusion. ?I?m sure there will be discussions about how and whether it should be fixed,? the official said. Vanee Vines, a spokeswoman for the office of the director of national intelligence, said the concerns raised by Congressional officials about the wide scope of the new legislation were ?speculative.? But she declined to discuss specific aspects of how the legislation would be enacted. The legislation gives the director of national intelligence, Mike McConnell, and Attorney General Alberto R. Gonzales broad discretion in enacting the new procedures and approving the way surveillance is conducted. The new legislation amends FISA, but is set to expire in six months. Bush administration officials said the legislation was critical to fill an ?intelligence gap? that had left the United States vulnerable to attack. The legislation ?restores FISA to its original and appropriate focus ? protecting the privacy of Americans,? said Brian Roehrkasse, Justice Department spokesman. ?The act makes clear that we do not need a court order to target for foreign intelligence collection persons located outside the United States, but it also retains FISA?s fundamental requirement of court orders when the target is in the United States.? The measure, which President Bush signed into law on Aug. 5, was written and pushed through both the House and Senate so quickly that few in Congress had time to absorb its full impact, some Congressional aides say. Though many Democratic leaders opposed the final version of the legislation, they did not work forcefully to block its passage, largely out of fear that they would be criticized by President Bush and Republican leaders during the August recess as being soft on terrorism. Yet Bush administration officials have already signaled that, in their view, the president retains his constitutional authority to do whatever it takes to protect the country, regardless of any action Congress takes. At a tense meeting last week with lawyers from a range of private groups active in the wiretapping issue, senior Justice Department officials refused to commit the administration to adhering to the limits laid out in the new legislation and left open the possibility that the president could once again use what they have said in other instances is his constitutional authority to act outside the regulations set by Congress. At the meeting, Bruce Fein, a Justice Department lawyer in the Reagan administration, along with other critics of the legislation, pressed Justice Department officials repeatedly for an assurance that the administration considered itself bound by the restrictions imposed by Congress. The Justice Department, led by Ken Wainstein, the assistant attorney general for national security, refused to do so, according to three participants in the meeting. That stance angered Mr. Fein and others. It sent the message, Mr. Fein said in an interview, that the new legislation, though it is already broadly worded, ?is just advisory. The president can still do whatever he wants to do. They have not changed their position that the president?s Article II powers trump any ability by Congress to regulate the collection of foreign intelligence.? Brian Walsh, a senior legal fellow at the conservative Heritage Foundation who attended the same private meeting with Justice Department officials, acknowledged that the meeting ? intended by the administration to solicit recommendations on the wiretapping legislation ? became quite heated at times. But he said he thought the administration?s stance on the president?s commander-in-chief powers was ?a wise course.? ?They were careful not to concede any authority that they believe they have under Article II,? Mr. Walsh said. ?If they think they have the constitutional authority, it wouldn?t make sense to commit to not using it.? Asked whether the administration considered the new legislation legally binding, Ms. Vines, the national intelligence office spokeswoman, said: ?We?re going to follow the law and carry it out as it?s been passed.? Mr. Bush issued a so-called signing statement about the legislation when he signed it into law, but the statement did not assert his presidential authority to override the legislative limits. At the Justice Department session, critics of the legislation also complained to administration officials about the diminished role of the FISA court, which is limited to determining whether the procedures set up by the executive administration for intercepting foreign intelligence are ?clearly erroneous? or not. That limitation sets a high bar to set off any court intervention, argued Marc Rotenberg, executive director of the Electronic Privacy Information Center, who also attended the Justice Department meeting. ?You?ve turned the court into a spectator,? Mr. Rotenberg said. From rforno at infowarrior.org Mon Aug 20 01:23:09 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 19 Aug 2007 21:23:09 -0400 Subject: [Infowarrior] - Terror goes digital. With Canadian help Message-ID: Terror goes digital. With Canadian help OMAR EL AKKAD >From Saturday's Globe and Mail August 18, 2007 at 12:40 AM EDT http://www.theglobeandmail.com/servlet/story/RTGAM.20070817.wyarmouth18/BNSt ory/National/home Welcome to Yarmouth, Nova Scotia ? pivotal battleground in the global jihad. The town of 7,000 doesn't look the part. Its quietly beautiful downtown lives and dies by tourists. The coastline puts postcards to shame. The New York Islanders have held their training camp here for the past two years. But unwittingly, Yarmouth has become an example of the sort of unassuming places that are serving as relay stations in a virtual war. The town is home to a branch of Register.com, one of its largest employers and one of the most popular Internet domain-name registration services in the world. For a fee, the company allows users to register website names ? the .com, .net or .org addresses you type into your web browser to surf the Internet. Normally, when anyone signs up new domains, they have to provide a name, address and contact information, all of which become publicly available to anyone who's even remotely net-savvy. (The information is copied to one of the central databases that form the backbone of the Internet, to ensure there are no conflicts, such as two separate entities owning the same domain.) But for a few extra dollars, Register.com also offers an anonymous registration service: Try to find out who registered any one of these websites, and you'll be handed the same address and phone number in Yarmouth. This service is hugely popular: Civil-liberties advocates and anyone else who values their privacy flock to it. But it's also very useful to another group of people, halfway around the globe: On one of the world's largest pro-Hamas websites, viewers can download martyrdom videos that feature the diatribes of masked men shortly before they launch deadly attacks. Look up the registration info for that site, and you'll get that Yarmouth address and phone number. Illustration by Neal Cresswell for The Globe and Mail (Illustration by Neal Cresswell for The Globe and Mail) Videos Night of Bush Hunting Video game takes aim at Bush The Globe's Omar El Akkad discusses the rise of video games as a method to promote jihadist propaganda The Globe and Mail The challenge this situation poses is not unprecedented. Years ago, authorities noticed that child pornography websites, though often operated from outside North America, made use of North American anonymous-registration services. In response, a large number of watchdog groups began hunting down such sites to force the registration firms to shut them down. ?There's nothing near that level [of public monitoring] with terrorist websites,? says Wade Deisman, Director of the National Security Working Group at the University of Ottawa. Government intelligence services don't have the resources to manage the scale of the problem. ?I haven't seen anything that comes even close to addressing this issue,? he says. The FBI estimates somewhere in the range of 6,000 terrorism-supporting websites are currently active. Last week, the Simon Wiesenthal Center for Holocaust Studies published a report stating that, in terms of nefarious online activity, terrorism promotion had eclipsed hatemongering. This is the new jihad ? the evolution of a propaganda effort that, just a decade ago, consisted mostly of Osama bin Laden speeches on video tapes smuggled out of a hideout in Afghanistan. Today, the public-relations arms of terrorist organizations ? run less by grizzled warriors than by 20-something computer geeks ? deal in digital currency, getting their messages out instantly and universally using the scope and anonymity of the web. The process is borderless. A beheading video moves from a hideout in Peshawar to a server in London to a computer screen in Toronto unhindered, fuelling a global radicalization juggernaut that intelligence agencies describe as perhaps the biggest threat facing the West today. All manner of video, audio and even interactive propaganda have found an audience among many disaffected Muslim youth around the world. But while the majority of people who download such content may only fuel a passive resentment of the West, for others the audiovisual diatribes of Mr. bin Laden and his kin have served as a sort of gateway drug to a more violent worldview. That was the case among some of the alleged ringleaders of the Toronto terrorist group arrested during a sweep last summer ? a trail led from some of those arrested to a massive, and now defunct, web forum where angry youth traded incendiary content. In another case, a young British man named Younis Tsouli was arrested in England in 2005 and charged with ?conspiracy to murder, conspiracy to cause an explosion, conspiracy to obtain money by deception, fundraising and possession of articles for terrorist purposes.? Mr. Tsouli, now 23, had never so much as fired a rifle ? his agitation was purely online. The computer hacker got his start moving propaganda videos around the web for al-Qaeda in Iraq and soon popped up in connection with at least three alleged terrorist plots, including one in Canada. For Mr. Tsouli, it was not a great stretch from posting beheading videos to sending out suicide-bomb-belt manuals. Besides the anonymous registries, many effective terrorist-propaganda producers rely on the hugely popular public blogging and file-sharing sites used by millions to rant about their bosses and share barbecue recipes. That leaves law-enforcement officials in the uncomfortable position of trying to catch a wisp of an enemy without trampling on everyone else's civil liberties. And so a battle rages in Ottawa, as Canadian police and spy agencies complain that the legislation governing online crime is a historical relic. Privacy advocates, on the other hand, fear a world where every 0 and 1 is visible to Big Brother. Meanwhile, terrorist propaganda operations have come to rival the PR departments of multinational corporations, complete with publishing houses, movie-editing studios and video-game developers. This is the ammunition in a battle of ideas that all sides agree may end up being more important than any blood-and-bullets conflict ? a battle that, so far, the West is losing. Al-Qaeda's spin doctor It started with a single memo, dated June 20, 2000. Abu Huthayfa, a member of al-Qaeda's inner circle, was writing to his mentor, Osama bin Laden, about the importance of public relations. The writer was struck by some of the tactics already in use by Hamas, especially the practice of videotaping statements of soon-to-be ?martyrs.? A year earlier, the Al Jazeera television network had aired an interview with Mr. bin Laden, and the public response convinced Mr. Huthayfa that there were many people around the world hanging on the soft-spoken Saudi's every word. He asked his leader, why wasn't al-Qaeda taking better advantage? Why was it that two years after the U.S. embassy bombings in Dar Es Salaam and Nairobi, many people knew little about ?the heroes of this magnificent undertaking?? Abu Huthayfa's solution to al-Qaeda's PR shortfalls would serve as the foundation for the single most important advance in the terrorist group's history. He proposed the creation of a separate informational branch of al-Qaeda. At the time, the group's communiqu?s flowed freely around much of Afghanistan, but that was a form of preaching to the converted ? elsewhere in the world, al-Qaeda was still a small fish. To remedy this, Mr. Huthayfa set his sights on the Internet, especially e-mail and file-sharing websites. He touted the advantages of instant communication, the massive amount of information that could be sent around the world in a blink. ?The importance of establishing a website for you on the Internet in which you place all your legible, audible, and visible archives and news must be emphasized,? he wrote. ?It should not escape the mind of any one of you the importance of this tool in communicating with people.? It didn't. Within a year, Mr. bin Laden would declare that up to 90 per cent of al-Qaeda's battles would be fought not with guns, but words and images. (The memo, recovered in a raid on an al-Qaeda hideout, is now a public document found on several terrorism-studies databases.) After the attacks of Sept. 11, 2001, a flood of videos glorifying the carnage began appearing online. In many cases the producer was al-Sahab (?the Clouds?), the newly created media arm of al-Qaeda. The hijackers appeared superimposed over images of the planes crashing into New York's twin towers, reading their wills and issuing stern warnings to the U.S. This time, the propaganda opportunity would be fully exploited. The post-9/11 videos showcased many of al-Qaeda's major talking points. Over and over, would-be martyrs and senior leaders glorified the attacks and the attackers ? the idea of a fast-track to eternal paradise being a significant selling point for disaffected Muslim youth and other possible recruits. Another refrain was to warn of further attacks, citing a list of demands that combined legitimate and illegitimate grievances from across the Muslim world in a patchwork of outrage. ?If you look at the messaging and narrative, it's aimed at a Western audience,? says Frank Cilluffo, director of the Homeland Security Policy Institute at George Washington University, and a former special assistant on security to the president. ?I look at al-Qaeda as a brand, and you have to look at what makes brands flourish ? there has been a big improvement in use of symbols.? One of the most oft-repeated symbols is the Arabic word ummah, meaning ?Muslim nation.? Among many Muslims worldwide, it conjures halcyon images of a global empire ruled by religion, where borders of race, ethnicity and nationality are obliterated and the only common denominator is the word of God. But the ummah also has come to serve a second purpose, as justification for violence. If Muslims everywhere are one, the thinking goes, then a car bombing in Bali is a legitimate response to the killing of a child in Gaza. In geographic reality, there is no ummah; perhaps the most recent attempt at one was the Ottoman empire. But from another view, there is perhaps the largest ummah in the history of Islam, composed of chat rooms and file servers from Islamabad to Antigua. In this cyber- ummah, race, ethnicity and nationality are invisible; the common denominator is the digitized word of God. There are segments of the cyber- ummah that have nothing to do with terrorism: Many mainstream Muslim youth groups in Canada use web forums. But, as with neo-Nazi and child-porn rings, the qualities that make Internet forums legitimately useful also empower the bad guys. After the Sept. 11 attacks, the U.S.-led invasion of Afghanistan scattered much of al-Qaeda's leadership ? its literal Arabic name, ?the base,? was no longer apt. At that point, al-Qaeda morphed from a group into a mindset: Where there once was one well-defined organization, there sprung up dozens of relatively unconnected cells, not just in Iraq and Afghanistan, but in London and Madrid. The founders of those cells were, in many cases, Western-born young men whose parents were immigrants but who had never set foot themselves in any war zone. Instead, this new generation of jihadis had grown up watching the fruits of al-Sahab's labour ? the propaganda and martyrdom videos floating freely across the cyber- ummah. ?You have a group of individuals who are distanced from their parents; don't necessarily feel fully embedded in their current society, so they look to one another to reaffirm their attitudes,? says Mr. Cilluffo. ?It really goads the bravado.? A new generation has taken over the informational arm Abu Huthayfa suggested some seven years ago. As comfortable at the keyboard as the original mujahedeen were with rifles, they have swapped the grainy video of past terrorist communiqu?s for a far more polished product. But it wasn't only the form of the message that took a generational leap forward. The target demographic also had come into focus: young, angry, Western kids. Joystick jihad By almost any measure, Night of Capturing Bush is an unbelievably awful video game. In the first-person shooter, released in September of last year, you play the role of a hardcore, AK47-toting Islamic warrior. Your goal is to mow down feeble, eerily identical U.S. troops in Iraqi settings ? Iraq being composed mainly of various heavily pixilated shades of brown. The difficulty levels are skewed to the point where the cloned U.S. troops could unload entire armouries of bullets on you and still not make much of a dent. As war songs play in the background, you make your way through six levels, culminating, as the title suggests, in a showdown with U.S. President George W. Bush. (Ironically, Night of Capturing Bush is a minor modification of Quest for Saddam, an equally mediocre 2003 game from right-wing U.S. activist Jesse Petrilla.) But glitchy game-play and atrocious graphics did little to hinder Night of Capturing Bush's primary purpose, which was strictly ideological. In a press release hyping the game, its creators, an anonymous group called the Global Islamic Media Front, dubbed their desired audience ?terrorist children.? Within a few hours of its release, across thousands of online message boards, these ?terrorist children? passed the game back and forth. The Media Front only had to initiate the craze; thousands of sympathizers around the planet did the rest. It wasn't the first time Islamic extremist propaganda fused with pop culture. Two years previous, a young British man calling himself Sheikh Terra stepped in front of a camera, his face covered, carrying what appeared to be a pistol, and began dancing. The resulting rap video was called Dirty Kuffar (Kuffar is an Arabic word for disbeliever). Since its release, Dirty Kuffar has been downloaded onto millions of computers and remixed by many like-minded web jihadists. You can find it on video-sharing sites such as YouTube. ?I saw a number of video games. I saw rap videos with a very good tune to them,? says Mr. Cilluffo. ?I can't tell you for a fact we're certain who's designing what, but I can tell you that when it comes to technology and its application, I think the younger generation has a leg up.? One common method of disseminating anything from a terrorist video game to a bomb-making manual to a beheading video is to make copies available on dozens of free websites at the same time. On these sites, which were created to help people transfer data files too large to e-mail, anyone can quickly create an account ? when barred by the administrators of one site, the user just jumps to another. By the time all such sites wise up, the message is all over the world. On the Global Islamic Media Front site, each newly produced video is quickly uploaded to a dozen or more free sites. The Front's own site is not hosted on an obscure or secret server, but on Wordpress, one of the most widely used blogging services in the world. Because registering with a blogging site such as Wordpress doesn't require domain registration, there is no publicly accessible address or phone number. That's likely the same thinking behind Press-Release, a website chock full of communiqu?s from ?the Islamic State Of Iraq.? There, users can download high-quality videos featuring attacks on U.S. military vehicles, as well as detailed listings of American casualties. Look up the registration info and you're handed an address in Mountain View, Calif. ? far removed from the killing fields of Iraq, but near the headquarters of Google Inc., which owns the popular blogging domain Blogspot, on which ?Press Release? is hosted. Anonymity isn't enough, however. There's an intense emphasis on secrecy evident in the various password-protected forums and message boards where jihad-minded teens gather. One of the most widely visited extremist forums subscribes to the country-club model ? the only way in is to have a current member vouch for you. This security consciousness is in large part due to the new emphasis police and intelligence agencies are placing on infiltrating such forums. But today the level of infiltration is so high that intelligence agencies face a recurring problem: An agent goes undercover on a web forum and finds dozens of users making violent, extremists statements, but to the agent's dismay, it soon becomes apparent that many of them are undercover operatives from other intelligence agencies. Joining the fray Frank Cilluffo sat before a dozen or so of the most powerful politicians in the world last May and told them they should consider broadcasting footage of dead children to the public. Mr. Cilluffo had been called before the U.S. Senate Homeland Security and Governmental Affairs committee to talk about strategies for combatting online extremism. He presented a simple argument: Extremist videos often leverage footage of civilians killed by Israeli and U.S. troops. Why not show the world what happens to civilians ? often Muslim civilians ? when Islamic extremist groups carry out their attacks? ?I don't remember exactly [the committee's] response,? Mr. Cilluffo recalls. ?I think we did have some silence. It's a pretty provocative statement. ?The idea behind that was to take off any filters and demonstrate that the consequences of terror have a real impact: People are killed. This is not a theoretical set of issues.? The recommendation was part of a broader argument that if the U.S. government and its allies attempt to fight a war of ideas on their own, they're going to lose. ?Much of the solution comes from people with credibility in these constituencies, I don't think that can come from Western governments,? Mr. Cilluffo says. ?We need people who are versed in the Koran, who can show how it's being distorted. We need people who appreciate cultural nuances and norms. I think that governments have a role to play, but by no means the primary role.? What Mr. Cilluffo was pitching was the construction of a rival narrative to the one circulated in the cyber- ummah ? one that would separate out the reasonable grievances from the specious ones circulated by extremists, and be delivered by someone credible. But his pitch wasn't an easy one to make, given that many Western governments, police and intelligence shops had long viewed the war on terror as just that ? a war, which will be won or lost with old-fashioned techniques. Producing a rival message has been a low priority. ?This is the tip of a much bigger issue,? says Mr. Deisman of the National Security Working Group in Ottawa. ?The reason why we haven't matched the propaganda war is because we consider ourselves states characterized by tolerance and acceptance. For us to be saying what we stand for may be seen as infringing on someone else.? In England, where the problem of ?homegrown terrorism? is far more urgent, Mr. Deisman points out the propaganda war has intensified: ?England truly is an embattled country. The government is producing videos about what Englishness means,? he says. ?Can you imagine if we did that in Canada? People would be up in arms.? But even on the traditional counterterrorism front, law-enforcement officials are coming up against a major wall: For the most part, the legal system was not designed for cyberspace, as you can see by looking at the key case of the murder-conspiracy trial of Younis Tsouli in England this summer. Mr. Tsouli was alleged to have lived a double life on the Internet under the name ?Irhabi007? ( Irhabi means terrorist in Arabic), distributing tools of extremism. He had become one of the most important terrorism conduits in the world, and his trial marked a watershed moment in combatting cyber-crime. However, in May, that trial hit an embarrassing bump. Justice Peter Openshaw, the supervising judge, turned to prosecutors and said: ?The trouble is I don't understand the language. I don't really understand what a website is.? A university professor was quickly brought into court to explain the Internet. In the case of child pornography, Mr. Deisman points out, there was a lag of about five to seven years before independent groups began forming for the purpose of shutting illegal sites down. The delay might be equally long with terrorism sites. ?This stuff has happened so quickly,? Mr. Deisman says. ?Typically it takes a while to catch up.? In Canada, the onus is largely on the public to point out such websites ? such as the pro-Hamas one registered in Yarmouth ? to the domain-name firms. Register.com is based in New York but has offices in many places; the municipality and province provided hundreds of thousands of dollars in perks to convince it to locate operations in Yarmouth. And it has a very specific policy for dealing with cases where someone reports a domain being used for illegal purposes. ?This policy includes reviewing the content to determine the validity of the report and, if applicable, disabling the domain and notifying the customer of the reason for this action,? says Wendy Kennedy, the firm's manager of public relations and customer marketing. ?At times, Register.com has also reached out to law enforcement to report suspicious activity.? But the servers in Yarmouth are by no means the only ones in Canada where terrorist-related content may be residing. Until a few weeks ago, the website for al-Qaeda in the Islamic Maghreb, one of the most extensive and regularly updated of its kind, was registered to a building near downtown Toronto. The address belongs to Contactprivacy, the anonymous-registration arm of Canadian domain-name provider Tucows Inc. After its web-hosting service in Germany was alerted to the Maghreb site and pulled the plug earlier this year, Tucows followed suit. But in an environment where similar sites are popping up daily, it was a small victory. It has been seven years now since Abu Huthayfa sent a memo to Osama bin Laden extolling the virtues of an online public-relations strategy. Their opponents have yet to catch up. ?We have been slow to recognize that we have to go beyond tactics and recognize there's a war of ideas,? says Mr. Cilluffo. ?I believe there's only one side that has stepped up to the battlefield, and it's not us.? Globe and Mail writer Omar El Akkad shared the 2007 National Newspaper Award for investigative journalism with colleague Greg McArthur for their examination of online activities by accused terrorists. From rforno at infowarrior.org Mon Aug 20 02:47:59 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 19 Aug 2007 22:47:59 -0400 Subject: [Infowarrior] - Psychologists Scrap Interrogation Ban Message-ID: Psychologists Scrap Interrogation Ban By THE ASSOCIATED PRESS http://www.nytimes.com/aponline/us/AP-Torture-Psychology.html?pagewanted=pri nt Filed at 10:13 p.m. ET SAN FRANCISCO (AP) -- The nation's largest group of psychologists scrapped a measure Sunday that would have prohibited members from assisting interrogators at Guantanamo Bay and other U.S. military detention centers. The American Psychological Association's policy-making council voted against a proposal to ban psychologists from taking part in any interrogations at U.S. military prisons ''in which detainees are deprived of adequate protection of their human rights.'' Instead, the group approved a resolution that reaffirmed the association's opposition to torture and restricted members from taking part in interrogations that involved any of more than a dozen specific practices, including sleep deprivation and forced nakedness. Violators could be expelled and lose their state licenses to practice. Critics of the proposed ban who spoke before the vote at the 148,000-member organization's annual meeting said the presence of psychologists would help insure interrogators did not abuse prisoners. ''If we remove psychologists from these facilities, people are going to die,'' said Army Col. Larry James, who serves as a psychologist at Guantanamo Bay. Supporters argued that psychologists should not be working at detention centers where prisoners are detained indefinitely without being charged. ''If psychologists have to be there so detainees don't get killed, those conditions are so horrendous that the only moral and ethical thing is to leave,'' said Laurie Wagner, a psychologist from Dallas. The association's vote follows reports that mental health specialists were involved in prisoner abuse scandals at Guantanamo Bay and Abu Ghraib prison in Iraq. From rforno at infowarrior.org Mon Aug 20 21:08:36 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Aug 2007 17:08:36 -0400 Subject: [Infowarrior] - Skype outage....a weird explaination? Message-ID: Doesn't Windows reboot monthly when the new updates are installed? So doesn't Skype have to deal with a monthly "flood of login requests" to its services? While I've not looked into the matter that much, I find their statement about what happened to be a bit.....weak. At least Securityfocus called 'em on it in the last paragraph of the article below. Thoughts? --rf Skype: Outage prompted by Microsoft Update Published: 2007-08-20 http://www.securityfocus.com/brief/572?ref=rss Last week's two-day outage of the Skype voice-over-IP network was not caused by an attack, but by a lack of resources available to the peer-to-peer messaging technology due to Microsoft's monthly update, the Luxembourg-based subsidiary of online auction giant eBay said on Monday. On Thursday, August 16, Skype users had trouble connecting to the service, which uses a peer-to-peer network to provide instant messaging, voice-over-IP telephony and video chat capabilities. Skype identified the problem as a software bug that caused sign-on issues, but did not resolve the outages until Saturday, promising a full explanation of the issue after the weekend. 'The disruption was triggered by a massive restart of our users? computers across the globe within a very short timeframe as they re-booted after receiving a routine set of patches through Windows Update," Skype spokesman Villu Arak said in a statement posted to the company's blog on Monday. "The high number of restarts affected Skype?s network resources. This caused a flood of log-in requests, which, combined with the lack of peer-to-peer network resources, prompted a chain reaction that had a critical impact." While Skype has had its own share of security flaws, the service's infrastructure was thought to be resilient to attack or disruptions, given its distributed nature. Threats to voice-over-IP communications have been frequently talked about, but rarely realized, with the exception of caller ID spoofing attacks. Skype did not comment on an apparent exploit for the voice-over-IP messaging client that appeared on a Russian security site on Friday, except to say that the outage was not a malicious attack. Nor did the company explain why Microsoft's update affected the client this time around while previous updates have not, only saying that a flaw caused its network-healing algorithm to fail to provide resources fast enough. Microsoft did not immediately provide a comment on the outage. From rforno at infowarrior.org Tue Aug 21 00:20:01 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Aug 2007 20:20:01 -0400 Subject: [Infowarrior] - Claims that anonymous domain registration aid terrorists are overblown Message-ID: Claims that anonymous domain registration aid terrorists are overblown By Jacqui Cheng | Published: August 20, 2007 - 02:01PM CT http://arstechnica.com/news.ars/post/20070820-claims-that-anonymous-domain-r egistration-aid-terrorists-are-overblown.html Domain registrars are providing services that aid terrorism, claims Canadian newspaper The Globe and Mail. A lengthy article published over the weekend, "Terror goes digital. With Canadian help," delves into the many different facets of the Internet that have been used by Islamic terrorist groups to communicate their messages to each other and to the rest of the world. But the "Canadian help" part of the equation comes by way of domain registrars Register.com and Tucows, which both operate out of Canada. The newspaper's assertions that these companies somehow aid terrorists with their services, however, are somewhat misguided. The linchpin of The Globe and Mail's argument is that registrars are aiding terrorists by helping to keep them anonymous. As many of our readers know, people who register new domains now often have the option to do so without having their personal information displayed to the public through a WHOIS query. This service usually only costs a few extra dollars per year and has been applauded by privacy advocates as a way to keep a citizen's personal info private?no one needs to know who has registered those domains, they argue. But according to The Globe and Mail, the service has made it easier for terrorists to put their message out online without exposing their location or contact information. But it's not as if the registrars themselves don't store the information. Both Register.com and Tucows require people who are registering domains to enter all of their personal information, regardless of whether they make use of the public anonymizing services or not. Register.com told us that the company provides private registration services so that its customers can avoid getting unwanted spam, mail, and telephone calls, but that there are a number of terms that users must agree to in order to use them. The company says that it takes reports of illegal activity on its servers seriously. "Our policy clearly states that any site that does not comply with applicable laws, government rules or requirements, court orders or requests from law enforcement, is subject to immediate termination," Register.com's Wendy Kennedy told Ars. "In the event that Register.com is notified that a user of our Private Domain Registration is violating our policy, we follow a very specific process to respond. This process includes investigating the report and if applicable, disabling the domain and notifying the customer of the reason for this action. Register.com has, and will continue, to work with law enforcement to protect our domains for being used for any such activities." As the "war on terror" moves onto the Internet, however, domain registrars will continue feeling pressure from both sides over the privacy services offered to their customers. And although Register.com appears to be making a reasonable effort to strike a balance thus far, shutting down web sites that are hosted on this side of the pond only represents small victories against those determined to spread word of their activities around the world. From rforno at infowarrior.org Tue Aug 21 02:45:12 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Aug 2007 22:45:12 -0400 Subject: [Infowarrior] - And TSA is supposed to find terrorists? Message-ID: Wichita Man Left Outside Orlando Airport for Three Days Aug 19, 2007 11:42 PM by Linda Mares A Wichita pastor suffered a stroke and was left outside an Orlando airport for three days before anyone noticed. 76-year-old Kenneth Davis is now recovering in an Orlando hospital. His family says he flew from Wichita to Orlando for a gospel seminar. They believe he wasn't feeling well, asked for a wheelchair, and was rolled to curb to be picked up. < - > http://www.kbsd6.com/global/story.asp?s=6949420&ClientType=Printable From rforno at infowarrior.org Tue Aug 21 02:45:59 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Aug 2007 22:45:59 -0400 Subject: [Infowarrior] - Sen Leahy: FISA Bill Doesn't Settle Telecom Liability Issue Message-ID: Sen Leahy: FISA Bill Doesn't Settle Telecom Liability Issue Dow Jones August 20, 2007: 05:22 PM EST http://money.cnn.com/news/newsfeeds/articles/djf500/200708201722DOWJONESDJON LINE000420_FORTUNE5.htm WASHINGTON -(Dow Jones)- Temporary domestic wire-tapping legislation enacted in August didn't give telephone companies retroactive legal immunity, Senate Judiciary Committee Chairman Patrick Leahy, D-Vt., said Monday. AT&T Inc. (T), MCI Communications Services, Inc. and its parent company, Verizon Communications, Inc. (VZ), are all the subject of class-action lawsuits seeking damages for their alleged participation in the National Security administration's warrantless wire-tapping program. But in a related class-action lawsuit brought by the Center for Constitutional Rights against the Bush administration, the government is now arguing that the temporary expansion of the Foreign Intelligence Surveillance Act, also known as FISA, should be the reason to dismiss the case permanently. Speaking to reporters Monday, Leahy responded that "lawyers can argue whatever they want," but Congress "very specifically did not grant immunity." Leahy said that the issue of whether to grant retroactive immunity hinges on the Bush administration's legal rationale for the domestic wire-tapping program, which the Bush administration calls the "Terrorist Surveillance Program." But so far the White House has stonewalled Congress, Leahy said. In a letter Monday to Leahy, White House Counsel Fred Fielding said that the White House still wouldn't hand over any documents relating to the program's legal rationale, because a "core set of highly sensitive national security and related documents we have identified so far are potentially subject to claims of executive privilege." In 2006, Vice President Dick Cheney succeeded in blocking the Judiciary Committee, then led by Sen. Arlen Specter, R-Pa., from seeking the information directly from the telephone companies. Cheney brokered a side deal with committee member Sen. Orrin Hatch, R-Utah, which left Specter without the votes needed to issue subpoenas to the telecomm companies. The committee had hoped to ask the companies about the program and why they had cooperated. At least one company, Qwest Communications International Inc. ( Q), refused to comply with the government's request. Speaking after his press conference Monday, Leahy he said he would still like to hear from Qwest and why they felt legally comfortable ignoring the request. Before leaving Washington for a month-long vacation, Congress bowed to White House pressure and passed a six-month extension and expansion of domestic wire- tapping authorities under the Foreign Intelligence Surveillance Act. The bill also included language requiring telecommunications providers to cooperate with government intelligence surveillance orders and explicitly giving those companies protection for any future cooperation with government surveillance programs. But President George W. Bush had sought to include in that bill a provision giving telephone companies retroactive immunity from criminal and civil liabilityfor cooperating with the wiretapping program and for handing over telephone records for customers. In a radio address last month, Bush argued that the provisions would "allow the government to work more efficiently with private-sector entities like communications providers, whose help is essential." While acceding to most of the Bush administration's other demands, lawmakers balked at the retroactive immunity provision. The basis for the class-action lawsuits against the telephone companies is that federal law prohibits the government from obtaining customers' call-detail records without a warrant or other valid legal process, and similarly prohibits telecommunications providers from giving such information to the government without judicial or other lawful authorization. -By John Godfrey, Dow Jones Newswires; 202-862-6601; John.Godfrey at dowjones.com From rforno at infowarrior.org Tue Aug 21 02:56:53 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Aug 2007 22:56:53 -0400 Subject: [Infowarrior] - Warner Bros. Filming Audiences In An Attempt To Stop Piracy? Message-ID: Reader Sam says he was filmed by a security guard contracted by Time/Warner during a recent showing of The Invasion at an AMC movie theater. When he complained about it to customer service, they told him "Time Warner/Warner Bros had contracted a security company to film movie theater audiences around the country during the opening weekend of its movies in an effort to prevent piracy." Ew! We think this is scary. If we saw some potential psycho filming us during a movie we'd be weirded out and we'd leave. Especially if it was during a (sort-of) remake of Invasion of the Body Snatchers. Do not go to sleep. Warner Bros. will film you. (Sam's letter under the jump) < - > http://consumerist.com/consumer/big-brother-is-watching/is-warner-bros-filmi ng-audiences-in-an-attempt-to-stop-piracy-291307.php From rforno at infowarrior.org Tue Aug 21 12:07:04 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Aug 2007 08:07:04 -0400 Subject: [Infowarrior] - Coupon Hacker Faces DMCA Lawsuit Message-ID: http://www.wired.com/print/politics/onlinerights/news/2007/08/coupons Coupon Hacker Faces DMCA Lawsuit By David Kravets Email 08.20.07 | 2:00 AM John Stottlemire is accused of posting Coupon Inc.'s proprietary software online for consumer use, which allegedly violates the Digital Millennium Copyright Act. Photo: Courtesy of John Stottlemire John Stottlemire is the DVD Jon of coupon-clipping, and it's getting him in trouble. The California man is on the working end of a federal copyright lawsuit after posting code and instructions that allow shoppers to circumvent copy protection on downloadable, printable coupons -- the type used by General Foods, Colgate, Disney and others to sell everything from soap to breakfast cereal. The coupons are distributed by Mountain View, California-based Coupons Inc. through ad banners, e-mail and its website, coupons.com. To use them, consumers must install Coupons Inc.'s proprietary software. The software assigns each user's computer a unique identifier, which the company uses to track and control the consumer's coupon-printing practices, usually limiting each user to two coupons per product. Each printed coupon has its own unique serial code. In a lawsuit filed in U.S. District Court in San Jose, California, last month, Coupons Inc. accuses Stottlemire of creating and giving away a program that erases the unique identifier, allowing consumers to repeatedly download and print as many copies of a particular coupon as they want. The lawsuit also charges Stottlemire with posting tutorials on bargain-swapping sites DealIdeal.com and thecouponqueen.net on how to manually defeat the print limit, which the complaint alleges "would allow users of that software to print an unlimited number of coupons from the coupons.com website." Stottlemire, 42, of Fremont, California, insists there was no encryption or hacking involved, and therefore he did not violate the Digital Millennium Copyright Act. "I honestly think there are big problems when you are not allowed to delete files off of your computer," says Stottlemire. To be sure, Stottlemire's work differs from the generic online copyright battles involving movies, music or even literature: He's accused of liberating something that is already free. But Coupons Inc. argues the coupon hack is no different from cracks like "DVD Jon" Johansen's program DeCSS. Scores of companies contract with Coupons Inc. to release a limited number of coupons for each product. If somebody cracks the code and downloads hundreds or thousands of them, it's consumers who lose, according to CEO Jeff Weitzman. "We're protecting copyrighted information that is free to consumers already," says Weitzman. "We're trying to make sure everybody can get their fair share." Ironically, Stottlemire says his motive was to get a job at Coupons Inc. "My goal was to show Jeff my capabilities and to ask him for employment," he says. But motives aside, Stottlemire says the case now raises bigger issues: How can a computer owner be prohibited from deleting files from his own computer? "All I did was erase files or registry keys," he says. "Nothing was hacked. Nothing was decoded that was any way, shape or form in the way the DMCA was written." Legal experts aren't so sure. "I think it's a pretty broad statute," says Carl Tobias, a professor at the University of Richmond School of Law. "It may cover this. I think it does give companies a lot of leverage and a lot of power." Jim Gibson, a University of Virginia School of Law visiting scholar who teaches copyright law, suggests Stottlemire might be swimming in legally murky waters at best. "He might be in trouble for providing technology that is designed for essentially hacking around copyright protection," Gibson says. "Whether as a matter of public policy there should be a claim against him is a completely different story." Stottlemire says he's being sued because Coupons Inc. "does not have the technology in place that would limit the number of times that a person could print a coupon." The 500 brands Coupons Inc. represents also suffer from fraud the old-fashioned way. They fall victim to photocopying of their coupons. Weitzman says the company shuts off coupon-printing access to violators if photocopied coupons with the same serial numbers show up at markets. That hurts the companies' bottom line, Weitzman says. "We monitor those things very carefully," he says. "If we do see duplicates coming through, we have ways from keeping people from printing coupons in the future." The company wants Stottlemire to turn over the names of people he knows downloaded his software, and is seeking damages from the coder that could amount to hundreds of thousands -- or even millions -- of dollars. And it's not offering him 10 percent off. From rforno at infowarrior.org Tue Aug 21 22:19:27 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Aug 2007 18:19:27 -0400 Subject: [Infowarrior] - DOD kills TALON database Message-ID: US kills controversial anti-terror database http://www.networkworld.com/community/node/18609 Long criticized for keeping track of regular everyday citizens, the government?s anti-terror database will officially close Sept. 17. The Threat and Local Observation Notices or TALON, was established in 2002 by then-Deputy Defense Secretary Paul D. Wolfowitz as a way to collect and evaluate information about possible threats to U.S. servicemembers and defense civilians all over the world. Congress and others protested its apparent use as an unauthorized citizen tracking database. The TALON system came under fire in 2005 for improperly storing information about some civilian individuals and non-government-affiliated groups on its database. The Air Force developed TALON, or the Threat and Local Observation Notice system in response to the Sept. 11, 2001, terrorist attacks as a way to gather data on possible terrorist threats. Anti-war groups and other organizations, protested after it was revealed last year that the military had monitored anti-war activities, organizations and individuals who attended peace rallies. The Defense Department conducted a four-point review of the system in December 2005 and, as a result, purged a large amount of information that was deemed unnecessary from the database, the DoD said in a release. The Defense Department Inspector General reviewed TALON, and in a report dated June 27, 2007, found that the program legally gathered and maintained information on individuals and organizations. It is being closed because reporting to the system had declined significantly, and it was determined to no longer be of analytical value, said Army Col. Gary Keck, a Pentagon spokesman said I a release. The announcement was not unexpected as Secretary of Defense Robert Gates made it clear in April he wanted to change the Pentagon's intelligence gathering operations and said TALON would likely be shut down. The department is working to develop a new reporting system to replace TALON, but in the interim, all information concerning force protection threats will go to the FBI's Guardian reporting system. From rforno at infowarrior.org Tue Aug 21 22:20:43 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Aug 2007 18:20:43 -0400 Subject: [Infowarrior] - Blizzard negotiating with researchers for virtual epidemic study Message-ID: Blizzard negotiating with researchers for virtual epidemic study By John Timmer | Published: August 21, 2007 - 12:50PM CT http://arstechnica.com/news.ars/post/20070821-blizzard-negotiating-with-rese archers-for-virtual-epidemic-study.html Around this time two years ago, a strange phenomenon struck the virtual inhabitants of World of Warcraft. A disease designed to be limited to areas accessed by high-level characters managed to make it back to the cities of that virtual world, where it devastated their populations. At the time, Ars' Jeremy Reimer noted, "it would be even more interesting if epidemiologists in the real world found that this event was worthy of studying as a kind of controlled experiment in disease propagation." The epidemiologists have noticed, and there may be more of these events on the way for WoW players. There were a number of features in the virtual outbreak that actually mimicked the spread of and response to real-world epidemics. A key feature was that the disease could be carried by the game's "pets," the virtual equivalent of domesticated animals; this behavior is shared by SARS and avian flu, among other diseases. The game's teleportation acted like air travel in allowing the disease to rapidly go "global." The humans controlling the players also mimicked the behavior of real populations during historical epidemics. As the populations of cities were wiped out by the disease, surviving players began avoiding them, and any large groups of players became scarce in the surrounding countryside. It took only six months for the first academic analysis of the outbreak to appear in the journal Epidemiology. The article highlighted the advantages of the WoW incident, comparing it favorably to existing computer models that "are limited in their potential to account for changes in human behaviors during epidemics." At the same time, it recognized that virtual characters might not accurately track all normal human behaviors. On balance, the analysis in Epidemiology felt that virtual worlds might provide a useful supplement to traditional models of disease spread, and suggested working with game programmers to test a variety of disease conditions. "Multiplayer online role-playing games may even be useful as a testing ground for hypotheses about infectious disease dissemination," the author said, "Game programmers could allow characters to be inflicted by various infectious diseases, some of which may not be visible to the player, and track the dissemination patterns of the disease in specific subpopulations." It looks like something of the sort is in the works. A report from the Agence France-Presse indicates that Nina Fefferman, a researcher from Tufts University, is currently negotiating with Blizzard about running epidemiological tests in WoW. Although this is quite intriguing from a scientific standpoint, it's not clear whether gamers will come out the winners in these experiments. If the primary advantage of a virtual game environment is the fact that real human behavior emerges, then modeling diseases that are not visible to the players appears to be besides the point. Players have to be aware of the disease, and it has to be disruptive enough to induce them to change behavior for such experiments to yield valuable data. Players were apparently fascinated by the accidental WoW plague, but it's doubtful they'll respond as positively to a second one, especially if it is inserted into their world intentionally. Epidemiology, 18(2), March 2007. From rforno at infowarrior.org Tue Aug 21 22:37:00 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Aug 2007 18:37:00 -0400 Subject: [Infowarrior] - DHS Data Mining Program Suspended After Evading Privacy Review Message-ID: DHS Data Mining Program Suspended After Evading Privacy Review, Audit Finds By Ryan Singel EmailAugust 20, 2007 | 6:01:49 PM http://blog.wired.com/27bstroke6/2007/08/dhs-data-mining.html A controversial Homeland Security data mining system called ADVISE that dreamed of searching through trillions of records culled from government, public and private databases analyzed personal information without the required privacy oversight, may cost more than commercially available alternatives and has been suspended until a privacy review has been completed, according to an internal audit. The Analysis, Dissemination, Visualization, Insight, and Semantic Enhancement program, one of twelve DHS data mining efforts, hit the trifecta of civil libertarians concerns about data mining programs ? invasiveness, secrecy and ineffectiveness, according to a recent DHS Inspector General report (.pdf). DHS hoped the data sifting tool would help analysts "detect, deter, and mitigate threats to our homeland and disseminate timely information to its homeland security partners and the American public." The idea was to build a generic toolset that could find hidden relationships in massive amounts of data and provide the tool to groups working with data sets as divergent as intelligence and newspaper reports to WMD sensor data. Started in 2003, the program has gotten $42 million in funding through 2007. But the data-mining program faces a troubled future, due to revelations that its tests did not simply use fake data as the DHS Science and Technology section publicly said they did. "The pilots used live data, including personally identifiable information, from multiple sources in attempts to identify potential terrorist activity," the report said. For its part, the DHS Privacy Office did not know that S&T had proceeded with implementation of the ADVISE pilot programs with live data, but without addressing privacy matters. In a July 6, 2006, report to the Congress, the Privacy Office stated that the ADVISE tool alone does not perform data mining. [?] Unbeknownst to the Privacy Office, the ADVISE pilots had been implemented at least 18 months prior to its July 2006 report. ADVISE is now shut down until after privacy reviews are completed. The Science and Technology Directorate hoped its system would tap into 50 DHS databases and 100 other data sources. A DHS Workshop paper said the system would be engineered to handle 1 billion structured pieces of data and one million unstructured text messages per hour. The Inspector General found however that access to data was never lined up and that commercially available products like i2's Analyst Notebook were cheaper and more effective for small data sets. For example, officials of Customs and Border Protection?s Office of Strategic Trade initially expressed interest in ADVISE as a potential solution to their requirement to view and process millions of pieces of trade data. Customs and Border Protection officials received a demonstration of ADVISE capabilities and attended a training session at Livermore. However, after learning the cost of ADVISE, these officials told S&T that the system was too expensive and therefore would not be a good option for them. The Total Information Awareness program, a similar research effort started by the Darpa, the Pentagon's high-tech research arm, was largely shuttered by Congress in 2003. But the dream of database diving to identify would-be terrorists using super-smart algorithms lives on. From rforno at infowarrior.org Wed Aug 22 02:48:12 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Aug 2007 22:48:12 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?US_launches_=8C_MySpace_for_spies_?= =?iso-8859-1?q?=B9?= Message-ID: US launches ?MySpace for spies? By Demetri Sevastopulo in Washington Published: August 21 2007 20:29 | Last updated: August 21 2007 20:29 http://www.ft.com/cms/s/0/6e2648ea-5014-11dc-a6b0-0000779fd2ac.html Spies and teenagers normally have little in common but that is about to change as America?s intelligence agencies prepare to launch ?A-Space?, an internal communications tool modelled on the popular social networking sites, Facebook and MySpace. The Director of National Intelligence will open the site to the entire intelligence community in December. The move is the latest part of an ongoing effort to transform the analytical business following the failure to detect the 9/11 terrorist attacks or find weapons of mass destruction in Iraq. Thomas Fingar, the deputy director of national intelligence for analysis, believes the common workspace ? a kind of ?MySpace for analysts? ? will generate better analysis by breaking down firewalls across the traditionally stove-piped intelligence community. He says the technology can also help process increasing amounts of information where the number of analysts is limited. ?Burying the same number of analysts in ever higher piles of hay would no more increase the number of needles,? says Mr Fingar. Underscoring the power of social-networking sites, the Central Intelligence Agency recently used Facebook to help boost applications for the national clandestine service. The move sparked concerns that the CIA was monitoring members, which the agency denies. ?Earlier this year, the CIA used Facebook - an excellent peer-to-peer marketing tool - to advertise employment opportunities with the agency,? said George Little, a CIA spokesman. ?This effort, part of a much broader campaign leveraging traditional and new advertising media, was used strictly for informational purposes.? The DNI has also built an internal collaborative site called Intellipedia, modelled on Wikipedia, the online encyclopedia. It has also created a version of http://del.icio.us, the social book-marking site, for members of the intelligence community. Another tool that has been developed is a national intelligence library, which can be accessed from A-Space. While MySpace and Facebook have spread like wildfire, particularly among the younger generations of internet users, members of the intelligence community are divided. Mike Wertheimer, the senior DNI official for analytic transformation and technology, illustrates the dilemma with an example from an internal blog thread last year. A female employee who had arranged a high-school reunion on MySpace asked why the community had not created a similar tool. That prompted a response that she wasn?t thinking big enough. But Mr Wertheimer says two other people immediately jumped in with concerns about a ?counter-intelligence nightmare? that could cost US lives. ?That is very typical within the intelligence community of the approach to social networking tools,? says Mr Wertheimer. ?The positive value is?not easily quantified. The negative, the risk for people under cover? is drawn out so starkly, even though it is speculative, that they tend to carry the day.? But he says the intelligence community needs to consider that not sharing information can also cost lives, a lesson learned from the 9/11 attacks. ?We are willing to experiment in ways that we have never experimented before,? he adds. ?It breaks a lot of traditional senses that people?s lives are at risk, and how can you take any step that increases that risk.? Mr Wertheimer says A-Space will initially be voluntary to assuage worries of spies concerned about blowing their cover. The DNI wants some foreign intelligence services to participate in A-Space, but there has been some resistance. ?I would say in the entire community, the folks most virulently against sharing the information are the foreign partners,? says Mr Wertheimer, who says the also want access to the intelligence library. ?They ask ?well can we have access??,? says Mr Wertheimer. ?I ask them back if you want access, what services are you willing to create for the library, what data are you willing to put in it, have you thought through your risk/profit scenario? They kind of stand back because that is not normally how we talk to them. It is a new day.? A-Space will be equipped with web-based email and software that recommends areas of interest to the user just like Amazon suggests books to its customers. The site will also allow users to create and modify documents, and determine user privileges, in a similar fashion to Google Documents. Mr Wertheimer says the new infrastructures should help break down some of the physical communications problems in the intelligence community. ?I am unable to send email, and even make secure phone calls, to a good portion of the Intel community from my desktop because of firewalls,? he says. In September, the DNI and the Intelligence and National Security Alliance, a public-private intelligence group, will hold a conference to enlist support and ideas from the private sector and academia. ?We have gotten to the stage where we want to open this up, tap more ideas, stimulate some competition to help us here,? says Mr Fingar. Mike McConnell, the director of national intelligence, invited the chief executives of Facebook and MySpace to participate, but so far Mark Zuckerburg, the CEO of Facebook, has declined. A Facebook spokeswoman said the decision was purely because of scheduling conflicts. Email the reporter: demetri.sevastopulo at ft.com Copyright The Financial Times Limited 2007 From rforno at infowarrior.org Thu Aug 23 02:30:03 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Aug 2007 22:30:03 -0400 Subject: [Infowarrior] - Vermont accepts the other REAL ID Message-ID: ermont accepts the other REAL ID By Michael Hampton Posted: August 22, 2007 7:28 pm http://www.homelandstupidity.us/2007/08/22/vermont-accepts-the-other-real-id / The state of Vermont has partnered with the Department of Homeland Security to develop a new driver license document which will be accepted in lieu of a passport for border crossings, the department announced Tuesday. Following the lead of Washington state, which announced plans earlier this year to develop a secure identification card which would be acceptable for land border crossing under the Western Hemisphere Travel Initiative, Vermont plans to have the licenses available by the end of 2008. Residents would have to provide proof of identity and citizenship and pay an extra fee, not yet announced, for the card. ?I applaud the leadership of the state of Vermont who came forward to join us in our effort to bolster security through secure identification,? said Homeland Security Secretary Michael Chertoff. ?This partnership helps us strike the right balance between security and facilitation, incorporating 21st century technology and innovation.? That?s right; it was apparently Vermont?s idea to join the national ID program. Next summer, people returning to the U.S. will be required to present a passport or other proof of citizenship approved by the Department of Homeland Security under the Western Hemisphere Travel Initiative. The requirement has already taken effect for people returning by air, leading to months-long backlogs in passport applications. In the Washington state pilot, the driver license/border crossing cards will contain RFID chips readable from as much as 30 feet away. Though the chips contain only a single number referencing a DHS database entry, the technology could be used by terrorists to pick Americans out of a crowd. But DHS spokeswoman Laura Keehner said that the specific technology to be used in the Vermont card has yet to be determined. DHS has not determined whether the Vermont passport will be using the same radio frequency identification tag technology as in Washington State?s hybrid driver?s license/border crossing card, Keenher said. Washington State officials have said they will place on the cards Generation 2 RFID tags that can be scanned at 30 feet. Critics also contend those types of RFID tags cannot be encrypted and can be easily cloned. To protect privacy, DHS and Washington State have said the RFID tag will transmit wirelessly only a reference number, which must be matched to a database to obtain personal information. DHS is planning to use a similar technology in its People Access Security Services identification card to be created for people who frequently cross the borders. For Vermont, the technology decisions for the identification card are not yet final, Keehner said. ?We are still determining the technology,? she said. ?We are working together to finalize those details.? ? Washington Technology ?I?m pleased we will be able to provide this more reasonable option for Vermonters who travel frequently to Canada,? Vermont Gov. Jim Douglas said in a statement. ?As we move forward with this innovative project, we must continue to include our northern neighbors whose economic and security interests are linked directly to our own.? Douglas spokesman Jason Gibbs said the governor is pushing for Quebec to adopt similar identification for Qu?b?cois visitors to the U.S. DHS spokesman Russ Knocke said that the secure licenses would ?take that use of fake IDs off the table for terrorists, as well as for other criminals.? It doesn?t, of course, take identity theft off the table. Today, identity theft is easier than ever, and this sort of ?secure? document will make it even more attractive to terrorists and other criminals. For the moment, as in Washington, the new Vermont ID and passport card is voluntary. But it, like REAL ID, lays the groundwork for nationally standardized identification documents which everyone may eventually be required to carry at all times. And like all bad government programs, it will cause additional expense for ordinary people through duplication of effort with the REAL ID program, and will make people who accept it even less secure. The only thing made secure by this program, and others like it, is the government ? secure from We the People. From rforno at infowarrior.org Thu Aug 23 02:35:46 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Aug 2007 22:35:46 -0400 Subject: [Infowarrior] - Are Books Becoming Obsolete? Message-ID: As a voracious reader and lifelong book lover, this is a sad, sad trend. -rf Are Books Becoming Obsolete? Posted August 22, 2007 | 09:07 PM (EST) http://tinyurl.com/ysms43 A new report doesn't bode well for books. According to an Associated Press-Ipsos poll released recently, one in four adults read not a single book last year, which explains the significant drop in book sales over the last few years, but doesn't explain why superstores, like Barnes & Noble and Borders, continue to expand. There are many reasons why people don't read as they once did. The major reason is that there is a feast for the eyes without the need for settling down and focusing on the written word. Television provides a variety of images, video games deliver bright colors and packed action, and the Internet gives the power of immediacy. Books are something else all together--they are a quiet entertainment and we are no longer raised to know how to be "quiet." Richard Bustos from Dallas is a prime example: "I just get sleepy when I read," said Richard Bustos of Dallas, a habit with which millions of Americans can doubtless identify. Bustos, a 34-year-old project manager for a telecommunications company, said he had not read any books in the last year and would rather spend time in his backyard pool. This is discouraging news for the serious writer. Just yesterday, I lamented the difficulties of getting a traditional publishing book deal on my post here. Mainstream publishers are struggling since they are in the business of selling books. They must compete with the aforementioned forms of entertainment, and that is not an easy thing to do when money is to be made. This is why the latest publication of Harry Potter was met with such glee, even though with the dramatic discounts, bookstores didn't make much money from it. Still, the thinking was that it drove traffic into the stores and perhaps customers would pick up another book, along with that latest copy of Harry Potter. But consider this: Who are the 27 percent of people the AP-Ipsos poll found hadn't read a single book this year? Nearly a third of men and a quarter of women fit that category. They tend to be older, less educated, lower income, minorities, from rural areas and less religious. I tend to think it also goes a little deeper. We are a busy people, most trying to stay ahead of the bills. We clock in overtime and forfeit vacations in order to pay the mortgage, and at the end of the day, most just want to collapse in front of the television with the remote in one hand, a beverage in the other, and not have to think. But a book demands more from us. When one opens a book, one brings his or her experiences and knowledge, or hunger for knowledge, to the work and a new world can unfold with each turning page. Unfortunately, just like most media, there is a lot of fast food for the mind being published and people think that reading such commercial dribble keeps them in the know. On one level it does, but it is knowledge that serves no useful purpose. For publishers, it's a moneymaker because we are a fast food society unwilling to take time to digest sustenance. Here are some more statistics: People from the West and Midwest are more likely to have read at least one book in the past year. Southerners who do read, however, tend to read more books, mostly religious books and romance novels, than people from other regions. Whites read more than blacks and Hispanics, and those who said they never attend religious services read nearly twice as many as those who attend frequently. There was even some political variety evident, with Democrats and liberals typically reading slightly more books than Republicans and conservatives. The Bible and religious works were read by two-thirds in the survey, more than all other categories. Popular fiction, histories, biographies and mysteries were all cited by about half, while one in five read romance novels. Every other genre -- including politics, poetry and classical literature -- were named by fewer than five percent of readers. More women than men read every major category of books except for history and biography. Industry experts said that confirms their observation that men tend to prefer nonfiction. What this fellow said mirrors how the industry has been responding: "Fiction just doesn't interest me," said Bob Ryan, 41, who works for a construction company in Guntersville, Ala. "If I'm going to get a story, I'll get a movie." Bearing that in mind, it's possible Ryan has seen the movie version of Harper Lee's To Kill A Mockingbird, even if he hasn't read the book. What is sad about this is that if Lee were to pitch her novel to agents and editors now, it's quite likely she'd be hard pressed to find someone willing to publish it, since it is "too quiet to be commercially viable." From rforno at infowarrior.org Thu Aug 23 13:46:59 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Aug 2007 09:46:59 -0400 Subject: [Infowarrior] - CNET to hawk 'Windows Certified' Message-ID: Anyone else think this is a minor conflict-of-interest for a technology journalism organization to jump in bed with a vendor in the manner? (Disclaimer: I have penned op-eds for their News.Com site over the years) -rf CNET Channel Announces Its Collaboration With Microsoft to Bring the Windows Vista Logo Program to Online Retailers and Their Customers Wednesday August 22, 8:00 am ET SAN FRANCISCO--(BUSINESS WIRE)--CNET Channel, a division of CNET Networks, Inc. (Nasdaq:CNET - News), today announced it has collaborated with Microsoft to distribute information about products that have earned the Certified for Windows Vista or the Works with Windows Vista logo. Thousands of innovative products from the world's leading hardware and software manufacturers have been tested to meet the requirements of Windows Vista Logo Program for ease of use, better performance and enhanced security on Windows Vista-based PCs. CNET Channel, the leading provider of online product content and solutions, now enables online retailers in North America, Europe and Australia to access this logo information so millions of consumers and businesses can have more confidence and higher satisfaction with the products they choose. CNET Channel's high-quality, accurate and consistent product content helps over 2,100 high technology manufacturers and channel businesses in 35 national markets drive their online businesses and increase sales effectiveness. As an aggregator of best of breed content and e-commerce services, CNET Channel will now deliver 'Certified for Windows Vista' and 'Works with Windows Vista' logo information with its product content, rich media solutions and professional services that help retailers, resellers, distributors and manufacturers maximize their online business potentials. CNET Channel's solutions, combined with the Windows Vista Logo Program, contribute to business by providing the solutions that help consumers make confident, rapid, easy buying decisions every day. "Manufacturers know it is essential that their products are identified as Certified for Windows Vista so customers can make fast, confident buying decisions," said Steve Parrott, general manager of CNET Channel. "They also know that CNET Channel has the greatest reach into the online retail marketplace, providing product data and solutions to the biggest e-commerce sites. One of the reasons we're able to work with Microsoft is because of the vast reach of our content syndication and the integrity of our solutions. We're looking forward to helping consumers throughout the world make educated and confident buying decisions about products that are Certified for Windows Vista." < - > http://biz.yahoo.com/bw/070822/20070822005061.html?.v=1 From rforno at infowarrior.org Thu Aug 23 13:47:52 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Aug 2007 09:47:52 -0400 Subject: [Infowarrior] - Pupils face tracking bugs in school blazers Message-ID: Pupils face tracking bugs in school blazers http://education.guardian.co.uk/schools/story/0%2C%2C2153054%2C00.html James Meikle, education correspondent Tuesday August 21, 2007 The Guardian A school uniform maker said yesterday it was "seriously considering" adding tracking devices to its clothes after a survey found many parents would be interested in knowing where their offspring were. Trutex would not say whether it was studying a spy in the waistband or a bug in the blazer but admitted teenagers were less keen than younger children on the "big brother" idea. The Lancashire company, which sells 1m blouses, 1.1m shirts, 250,000 pairs of trousers, 200,000 blazers, 60,000 skirts and 110,000 pieces of knitwear each year, commissioned an online survey for 809 parents and 444 children aged between nine and 16. It said 44% of the adults were worried about the safety of pre-teen children and 59% would be interested in satellite tracking systems being incorporated in schoolwear. While nearly four in 10 pupils aged 12 and under were prepared to go along with the idea, teenagers were more wary of "spying". Clare Rix, the marketing director, said: "As well as being a safety net for parents, there could be real benefits for schools who could keep a closer track on the whereabouts of their pupils, potentially reducing truancy levels.' The announcement follows news that an Essex firm, BladeRunner, used Kevlar, a synthetic fibre used in body armour, to line school uniforms sent in by parents anxious about knife culture. Barry Samms, a director, said the company was concentrating on its line of stab-proof hooded tops, having sold about 1,500 of the ?65 garment, mainly to over-30s, since launch earlier this year. The company was now selling ?120 tops to walkers and mountain-bikers worried about barbed-wire snags. From rforno at infowarrior.org Thu Aug 23 14:13:18 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Aug 2007 10:13:18 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?What_=B9_s_Off_the_Record_at_N=2EH?= =?iso-8859-1?q?=2ET=2ES=2EA=2E=3F_Almost_Everything?= Message-ID: August 22, 2007, 12:07 pm What?s Off the Record at N.H.T.S.A.? Almost Everything By Christopher Jensen http://wheels.blogs.nytimes.com/2007/08/22/whats-off-the-record-at-nhtsa-alm ost-everything/ If you want to know something as simple as who heads the National Highway Traffic Safety Administration, don?t bother to ask the safety agency?s communications office. Without special permission, officials there are no longer allowed to provide information to reporters except on a background basis, which means it cannot be attributed to a spokesman. Without such attribution, there are few circumstances under which most reporters will report such information. This makes for interesting dealings with the office charged with providing information about the nation?s top automotive safety agency. So, I will end the suspense about the boss?s identity. The administrator is Nicole R. Nason, who took over on May 31, 2006, after she was appointed to the post by President Bush. And it is she who put the big hush on one of the government?s most important safety agencies. I found this out recently when I asked to talk to an N.H.T.S.A. researcher about some technical safety issues in which he had a great deal of expertise. Agency officials told me I could talk to the expert on a background basis, but if I wanted to use any information or quotes from him, that would have to be worked out later with a N.H.T.S.A. official. The arrangement struck me as manipulative, and I declined to agree to it. Nicole R. NasonNicole R. Nason took over as N.H.T.S.A. chief in 2006. (Photograph by Bill Pugliano/Getty Images) It seems that Ms. Nason has adopted a policy that has blocked virtually all of her staff ? including the communications office ? from providing any information to reporters on the record, which means that it can be attributed. As an alternative I was told I could interview Ms. Nason on the record (instead of the expert on the subject of my article). I declined, failing to see how her appointment as administrator ? she was trained as a lawyer ? made her a expert in that subject. When I said I would like to talk to Ms. Nason on the record about her no-attribution policy, she was not available. The agency?s new policy effectively means that some of the world?s top safety researchers are no longer allowed to talk to reporters or to be freely quoted about automotive safety issues that affect pretty much everybody. ?My God,? said Joan Claybrook, who was N.H.T.S.A. administrator from 1977 to 1981 and is now president of Public Citizen, a consumer advocacy group. Given that N.H.T.S.A. is the leading source of automotive safety information in the United States, its researchers are public officials and people are entitled to ?know what information they have, whether it is on paper or in their heads,? Ms. Claybrook said. The policy of allowing information to be attributed only to political appointees is intermittently enforced around other parts of the Department of Transportation, including the Federal Railroad Administration. But it is a radical change from the way N.H.T.S.A has operated for at least 20 years. In the past, reporters could talk to its experts and the agency was proud to discuss its research and accomplishments. Ms. Nason felt it was necessary for N.H.T.S.A. to have a ?central spokesperson? and ?we were finding a lot of stuff did not need to be on the record,? David Kelly, her chief of staff, told me. He also insisted, after our telephone conversation, that he did not want to be quoted and had intended to speak only on background. (My notes show no such request.) So that central spokesperson is Ms. Nason, whose previous job was assistant secretary for governmental affairs in the Department of Transportation. ?In that position, she was responsible for oversight of congressional affairs, coordinating all legislative and nonlegislative relationships between the D.O.T. and Congress,? according to her N.H.T.S.A. biography. If she has any experience in keeping a Congressman from skidding out of control, that could come in handy now that she is speaking for an entire agency of seasoned safety experts. From rforno at infowarrior.org Thu Aug 23 17:10:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Aug 2007 13:10:29 -0400 Subject: [Infowarrior] - Foreign Aid Groups Face Terror Screens Message-ID: Foreign Aid Groups Face Terror Screens By Walter Pincus Washington Post Staff Writer Thursday, August 23, 2007; A01 http://www.washingtonpost.com/wp-dyn/content/article/2007/08/22/AR2007082202 847_pf.html The Bush administration plans to screen thousands of people who work with charities and nonprofit organizations that receive U.S. Agency for International Development funds to ensure they are not connected with individuals or groups associated with terrorism, according to a recent Federal Register notice. The plan would require the organizations to give the government detailed information about key personnel, including phone numbers, birth dates and e-mail addresses. But the government plans to shroud its use of that information in secrecy and does not intend to tell groups deemed unacceptable why they are rejected. < - > The Federal Register notice said the program could involve 2,000 respondents and "will become effective on August 27," the last day that public comments about it are to be submitted. Harry Edwards, a spokesman for USAID, said yesterday that the agency may not stick to that starting date, but he said the agency would not discuss the origins or any details of the program until the comment period concludes. < - > The information is to include name, address, date and place of birth, citizenship, Social Security and passport numbers, sex, and profession or other employment data. The data collected "will be used to conduct national security screening" to ensure these persons have no connection to entities or individuals "associated with terrorism" or "deemed to be a risk to national security," according to the notice. Such screening normally involves sending the data to the FBI and other police and intelligence agencies to see if negative information surfaces. The new system would also require that the groups turn over the individuals' telephone and fax numbers and e-mail addresses, another indication that those numbers would be checked against data collected as part of a terrorist screening program run by the U.S. intelligence community. Until now, under an earlier Bush administration initiative, nongovernmental organizations had been required to check their own employees and then certify to AID that they were certain no one was associated with individuals or groups that appeared on applicable governmental terrorist listings. The far broader proposed vetting program would involve U.S. intelligence and law enforcement agencies and could result in the denial of applications for funding. But AID is also seeking to withhold any of its findings from disclosure because the decision would be based on "classified and sensitive law enforcement and intelligence information," according to a second Federal Register notice seeking exemption for the program from the Privacy Act. "USAID cannot confirm or deny whether an individual 'passed' or 'failed' screening," the notice says, to protect "counterterrorism and counterintelligence missions as well as the personal safety of those involved in counterterrorism investigations." From rforno at infowarrior.org Thu Aug 23 17:24:06 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Aug 2007 13:24:06 -0400 Subject: [Infowarrior] - CBOT electronic trading down Message-ID: CBOT electronic trading down Dow Jones News Service 11:19 AM CDT, August 23, 2007 The Chicago Board of Trade said Thursday its e-CBOT electronic markets are down due to technical issues. The exchange made the announcement via its trading floor public address system. It is expected to restart, with staggered reopenings, at 11:30 a.m. Central Time, the exchange said. All markets entered pre-open at 11 a.m. The financial opening will begin at 11:30 a.m., followed by equities and metals at 11:35 p.m. and agriculturals at 11:37 p.m. During the outage, CBOT open auction remained open. Officials at the CBOT haven't made an official comment on the nature of the technical issues. Traders who use the e-cbot system said they first noticed problems in placing orders for the December corn right after the electronic and pit trade opened at 10:30 a.m. Eastern Time, but quickly the technical problems plagued the entire system. http://www.chicagotribune.com/business/chi-070823-cbot,0,5072463.story From rforno at infowarrior.org Thu Aug 23 19:18:58 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Aug 2007 15:18:58 -0400 Subject: [Infowarrior] - Hysterical justice in the name of copyright enforcement Message-ID: Remember the guy who was arrested for uploading "Star Wars" a few years ago? Check out the latest twist --- which is farcical on *so* many levels I don't know where to begin. ----rf From: http://techdirt.com/articles/20070822/221127.shtml < - > He ended up getting arrested for doing so and eventually he plead guilty to 'conspiracy to commit copyright infringement' and 'criminal copyright infringement.' For that, he ended up in jail for five months with another five months of home confinement. The home confinement part includes an ankle bracelet he needs to wear. I'd challenge the movie industry to explain how this can possibly be fair, given the fact that there's almost no evidence his actions did any real damage. However, here's where it gets even better. As part of his home confinement, he agreed to install some tracking software on his computer, so his probation officer could track what he's doing (and, presumably, to make sure he's not uploading more stuff). Only problem? He's an Ubuntu Linux user and the gov't doesn't have any tracking software for Linux. So he's been told that he must use Windows for the term of his confinement. He did plead guilty so he has to accept the punishment -- but all in all it really does seem like the punishment is excessive given the actual damage caused. From rforno at infowarrior.org Fri Aug 24 12:27:08 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Aug 2007 08:27:08 -0400 Subject: [Infowarrior] - DHS: Could chicken coops be a terrorist target? Message-ID: Could chicken houses be a terrorist target? By Joseph Gidjunis Staff Writer http://www.delmarvanow.com/apps/pbcs.dll/article?AID=/20070822/DW01/70822031 4/-1/DW WASHINGTON -- Chicken houses across the country are one step away from being named the newest terrorist targets demanding stricter access and regulation, according to the U.S. Department of Homeland Security. As part of the DHS Chemical Security Anti-Terrorism Standards, facilities with more than 7,500 pounds of propane gas -- 1,785 gallons -- could be considered high-risk. To determine if a facility is a security risk, operators must process complete "Top Screen" safety measures, including vulnerability assessments, develop site security plans and implement protective measures approved by DHS. U.S. Sens. Barbara Mikulski, D-Md., Ben Cardin, D-Md., and Tom Carper, D-Del., have co-authored a letter to Homeland Security Secretary Michael Chertoff demanding answers for what they describe as a waste of government time and money. The rule affects nearly every poultry grower across the Delmarva peninsula, and as many as 20,000 sites across the country, because propane gas is the most popular chicken house heating method. One house typically has a 1,000 gallon to 1,500 gallon tank attached to it. There could be more than 50,000 facilities subjected to the report in the United States, according to the National Propane Gas Association. "We appreciate the fact that Homeland Security does have a responsibility to the security of this nation, but in terms of what is considered a threat, I would think chicken houses would be so far down on the list that nobody would ever find it," said Worcester County farmer Virgil Shockley, who has 9,000 gallons heating six chicken houses. If the rule is approved, the regulations would require farmers to take 25 to 30 hours to fill out Internet-based reports. This process could prove taxing, if not impossible, because of a lack of high-speed Internet access across parts of Delmarva. Using unsecured connections at public libraries isn't a realistic possibility either, said Bill Satterfield, executive director of Delmarva Poultry Industry. DPI, which serves as the region's research and lobbying arm for more than 1,400 poultry growers and four major firms, encouraged its members to take action last May because violations are fined $25,000 per day. The letter the U.S. senators wrote to DHS earlier this month requested an explanation as to why the regulations are necessary for such a low amount of the chemical. No reply has arrived. "The raising of poultry is a major industry and a key driver of economic growth in our states," according to the joint letter. "Given the serious threats that are currently facing our country and the limited resources of the Department of Homeland Security, please explain why this initiative is a good use of federal dollars. We urge you to ensure that no unnecessary burdens are placed on the poultry industry." Satterfield said he understands the rule, but it was intended for industrial sites, not family farms. "It's unlikely that family farms growing chickens would be the object of terrorist attacks, and a risk assessment is a waste of their time and the government's money," Satterfield said. If the government keeps the rule, he's worried that farmers will be forced to circumvent the rule by reducing the size of their tanks, but that would mean spending more money for more frequent refills of a smaller tank. "The three 1,000-gallon propane tanks at a local grain elevator, or nursing home, or school or campground are not terrorist targets," said NPGA Senior Vice President Philip Squair in a May 1 news statement. "What DHS is asking is for ordinary homeowners, businesses and farmers to declare themselves terrorist targets because they choose to use propane to heat their houses and businesses." Hundreds of public comments were filed with the DHS on the proposed rule, and many expressed displeasure with its possible implications. "Completing the registration and screening process will be very difficult and costly to family-owned poultry farms like mine," wrote Mark and Christy McDowell of Greenwood. "I believe the Screening Threshold Quantity for propane should be increased." The industry hopes the 7,500-pound limit cap will jump to 18,000, which would bypass most of the region's poultry farmers. jgidjunis at dmg.gannett.com 4100-749-7171, Ext. StoryChat Post a Comment From rforno at infowarrior.org Fri Aug 24 13:08:25 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Aug 2007 09:08:25 -0400 Subject: [Infowarrior] - Interesting interview w/Mark Cuban Message-ID: Mark Cuban Aug 23 2007 The maverick investor discusses the internet, trading, high-definition TV, and Rupert Murdoch. < - > http://www.portfolio.com/views/columns/the-world-according-to/2007/08/23/Mar k-Cuban From rforno at infowarrior.org Fri Aug 24 13:14:50 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Aug 2007 09:14:50 -0400 Subject: [Infowarrior] - Study: Students more wary of Wikipedia, online resources than thought Message-ID: Study: Students more wary of Wikipedia, online resources than thought By Nate Anderson | Published: August 24, 2007 - 01:32AM CT (article link) http://arstechnica.com/news.ars/post/20070824-study-students-more-wary-of-wi kipedia-online-resources-than-thought.html (study link) http://www.firstmonday.org/issues/issue12_8/head/index.html A new study conducted at a California liberal arts college found that students don't look first at Wikipedia when given a research assignment. They don't even go to Google or Yahoo. Instead, most students look at their course readings, talk to professors, and use their library's web site and databases. Hurrah for US research skills? Not exactly. The study appears in the current issue of First Monday, a peer-reviewed online-only journal dealing with digital culture. Researchers at St. Mary's, a small liberal arts college in California, took a look at what students did when confronted with a new research assignment from a professor. The findings aren't especially surprising: the first thing students did was to get confused and procrastinate. Once they finally settled down to work, though, the surprises began. Some professors have lamented the fact that too many students dive right into Wikipedia or fire up general search engines when searching for scholarly information. The St. Mary's study found, though, that 40 percent of students surveyed first went to their course materials for background information and citations. Next up was the library web site, where 23 percent of students went first. Search engines were the first destination for 13 percent of students, and 12 percent went to the professor. Only 3 percent tried Wikipedia. Students were also (thankfully) aware that blogs weren't scholarly sources, and all of them noted that they would not include blog data in a research paper. Those findings would be more heartening if they were representative of all college students; sadly, that's not the case. The study included only upper-division students, which excludes half of the US collegiate population. It took place at a small liberal arts school with an annual tuition of $30,000 a year (not including room and board). And it relied on the survey data of 178 students (survey data can lend itself to the underreporting of "undesirable" behaviors) rather than on observation. As such, we wonder how the data would look were the scope considerably expanded. Perhaps the survey wasn't representative of all students, but it was interesting in that it covered a fairly privileged subset of students?and even these students admitted to being routinely confused about doing research, procrastinating until the last possible moment, and finding the research process "barely a tolerable task." The study found that even these upper-level students were "confused by what college-level research entails." Concerns about students running to the web to take shortcuts on their research may be overblown, but it is clear that students need better instruction and tools to guide their research. In light of this, it's surprising how many students aren't turning to online resources, even if these resources may be flawed. From rforno at infowarrior.org Fri Aug 24 13:45:56 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Aug 2007 09:45:56 -0400 Subject: [Infowarrior] - Mark Cuban interview link Message-ID: Some folks reported a bad URL -- here's a shortcut to the interview. http://tinyurl.com/yscmrs From rforno at infowarrior.org Fri Aug 24 21:41:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Aug 2007 17:41:29 -0400 Subject: [Infowarrior] - NJ Teen Unlocks IPhone From AT&T Network Message-ID: http://www.breitbart.com/article.php?id=D8R7H9OG1&show_article=1 NJ Teen Unlocks IPhone From AT&T Network Aug 24 01:25 PM US/Eastern By PETER SVENSSON AP Technology Writer NEW YORK (AP) - A 17-year-old hacker has broken the lock that ties Apple's iPhone to AT&T's wireless network, freeing the most hyped cell phone ever for use on the networks of other carriers, including overseas ones. George Hotz of Glen Rock, N.J., confirmed Friday that he had unlocked an iPhone and was using it on T-Mobile's network, the only major U.S. carrier apart from AT&T that is compatible with the iPhone's cellular technology. In a video posted to his blog, he holds an iPhone that displays "T-Mobile" as the carrier. While the possibility of switching from AT&T to T-Mobile may not be a major development for U.S. consumers, it opens up the iPhone for use on the networks of overseas carriers. "That's the big thing," said Hotz, in a phone interview from his home. The phone, which combines an innovative touch-screen interface with the media-playing abilities of the iPod, is sold only in the U.S. AT&T Inc. spokesman Mark Siegel said the company had no comment, and referred questions to Apple. A call to Apple was not immediately returned. Hotz said the companies had not been in touch with him. The hack, which Hotz posted Thursday to his blog, is complicated and requires skill with both soldering and software. It takes him about two hours to perform. Since the details are public, it seems likely that a small industry may spring up to buy U.S. iPhones, unlock them and send them overseas. "That's exactly, like, what I don't want," Hotz said. "I don't want people making money off this." He said he wished he could make the instructions simpler, so users could modify the phones themselves. "But that's the simplest I could make them," Hotz said. The next step, he said, would be for someone to develop a way to unlock the phone using only software. The iPhone has already been made to work on overseas networks using another method, which involves copying information from the Subscriber Identity Module, a small card with a chip that identifies a subscriber to the cell-phone network. The SIM-chip method does not require any soldering, but does requires special equipment, and it doesn't unlock the phone?each new SIM chip has to be reprogrammed for use on a particular iPhone. Both hacks leave intact the iPhone's many functions, including a built-in camera and the ability to access Wi-Fi networks. The only thing that won't work is the "visual voicemail" feature, which shows voice messages as if they were incoming e-mail. Since the details of both hacks are public, Apple may be able to modify the iPhone production line to make new phones invulnerable. The company has said it plans to introduce the phone in Europe this year, but it hasn't set a date or identified carriers. There is apparently no U.S. law against unlocking cell phones. Last year, the Library of Congress specifically excluded cell-phone unlocking from coverage under the Digital Millennium Copyright Act. Among other things, the law has been used to prosecute people who modify game consoles to play a wider variety of games. Hotz collaborated online with four other people, two of them in Russia, to develop the unlocking process. "Then there are two guys who I think are somewhere U.S.-side," Hotz said. He knows them only by their online handles. Hotz himself spent about 500 hours on the project since the iPhone went on sale on June 29. On Thursday, he put the unlocked iPhone up for sale on eBay, where the high bid was above $2,000 midday Friday. The model, with 4 gigabytes of memory, sells for $499 new. "Some of my friends think I wasted my summer but I think it was worth it," he told The Record of Bergen County, which reported Hotz's hack Friday. Hotz heads for college on Saturday. He plans to major in neuroscience?or "hacking the brain!" as he put it to the newspaper?at the Rochester Institute of Technology. ___ On the Net: Hotz' blog: http://iphonejtag.blogspot.com/ Apple iPhone: http://www.apple.com/iphone Copyright 2007 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Fri Aug 24 21:47:28 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Aug 2007 17:47:28 -0400 Subject: [Infowarrior] - Ariz. school suspends boy for drawing a gun Message-ID: Ariz. school suspends boy for drawing a gun posted at 5:30 pm on August 23, 2007 by Bryan MESA, Arizona ? Officials at an Arizona school suspended a 13-year-old boy for sketching what looked like a gun, saying the action posed a threat to his classmates. The boy?s parents said the drawing was a harmless doodle and school officials overreacted. ?The school made him feel like he committed a crime. They are doing more damage than good,? said the boy?s mother, Paula Mosteller. < - > http://hotair.com/archives/2007/08/23/ariz-school-suspends-boy-for-drawing-a -gun/ From rforno at infowarrior.org Sat Aug 25 14:52:35 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 25 Aug 2007 10:52:35 -0400 Subject: [Infowarrior] - Tech: How far we've come since 1993 Message-ID: Uncanny predictions, eh? I remember these too....now I feel all old. :) ----rf (sent to Dave's IP list) From: dewayne at warpspeed.com (Dewayne Hendricks) Date: August 24, 2007 1:33:11 PM EDT To: Dewayne-Net Technology List Subject: [Dewayne-Net] AT&T's 1993 "You Will" Ads [Note: I remember these. Sort of interesting to checkout what they were predicting then and how much of it has been realized today, fourteen years later. Sort of not so much. One wonders whether or not to be happy or sad about that. BTW, the voice in those ads belongs to Tom Selleck. If you don't know who he is, then welcome to one of the changes that fourteen years brings. DLH] AT&T 1993 "YOU WILL" ADS So, looking back at what technology was "futuristic" then, how much is commonplace today? From rforno at infowarrior.org Sat Aug 25 19:31:40 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 25 Aug 2007 15:31:40 -0400 Subject: [Infowarrior] - Windows Genuine Advantage suffers worldwide outage Message-ID: (yet another vulnerability caused by forcing DRM and requiring network centricity on your customer base to make standalone products function. Not a good thing! ---rf) Windows Genuine Advantage suffers worldwide outage, problems galore By Ken Fisher | Published: August 25, 2007 - 11:44AM CT http://arstechnica.com/news.ars/post/20070825-windows-genuine-advantage-suff ers-worldwide-outage-problems-galore.html Late last night we started receiving reports from readers experiencing problems with Windows Genuine Advantage authentication. Users of both Windows XP and Windows Vista were writing to say that they could not validate their installations using WGA, and one user even said that his installation was invalidated by the service. We contacted our sources at Microsoft, who told us off the record that the company is aware of a major WGA server outage affecting users across the globe. The Windows Genuine Advantage support forum has exploded with complaints, as a result, and Phil Liu, WGA project manager, says that he won't sleep until the problem is fixed. Windows Vista and XP are affected, 32- and 64-bit versions. Microsoft is telling users who are affected that they should "try again" later, with some support techs telling readers that Microsoft is aiming to have a fix in place by Tuesday, August 28. That would mean the outage will last more than three days, given that it started last night (and may have started earlier; we're hearing reports of some users running into this earlier in the week, on limited bases). Reader Aaron Woolf tells us he was unable to validate patches for installation on a developer's copy of Vista pulled from MSDN. He writes, "My legitimate MSDN-acquired Vista Ultimate, which has been running, activated and validated for several months, now fails WGA." Others have reported similar difficulties. How does this affect you? If you use Windows, do your best to avoid anything that requires a ping to WGA. That means you should stay away from patches and add-ons until the coast is clear. WGA will not reach out across the Internet and deactivate your copy of Windows, but you should avoid talking to a WGA server for any reason. For those of you doing installations and upgrades this weekend, we recommend that you avoid activation at this time. Remember that you can run Windows legally for 30 days without activating. If you attempt a validation and it fails, your install may be marked as non-genuine, which could lead to several annoyances. First things first, do not reboot a Windows machine that has been marked as non-genuine. Once you do so, you will lose functionality and the Aero interface. It would be best to wait until this problem has been resolved. The cause Right now we don't have official word on a cause, but one source with familiarity with WGA tells us that the issue may be caused by updates to the service that were required after Microsoft expanded the number of activations keys available for Windows XP. However, the sense we get from Phil Liu is that Microsoft is pretty much in the dark right now. From rforno at infowarrior.org Sun Aug 26 03:11:55 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 25 Aug 2007 23:11:55 -0400 Subject: [Infowarrior] - AT&T goes after iPhone unlocking sites Message-ID: (this was bound to happen -- ATT has far more at stake with unlocked iPhones than Apple does....in fact, Apple would benefit from the hack, since they sell more iPhones....rf) http://blog.iphoneunlocking.com/ Press Release August 25th, 2007 iphoneunlocking.com, a subsidiary of UniquePhones (www.uniquephones.com). was poised and ready to release remote software unlocking services for the iphone today at 12 noon EST. The sale of unlocking codes is on hold after the company received a telephone call from a Menlo Park, California, law firm at approximately 2:54 a.m. this morning (GMT). After saying they were phoning on behalf of AT&T, the law firm presented issues such as copyright infringement and illegal software dissemination. Uniquephones is taking legal advice to ascertain whether AT&T was sending a warning shot or directly threatening legal action. The logistics of different continents as well as it being a weekend factors into how the situation develops. Until an assessment is made of the potential of legal action, Uniquephones is unable to release the unlocking software for sale. The company spokesperson also said that the company would also be evaluating what to eventually do with the software should they be legally denied the right to sell it. A substantial delay caused by any legal action would render the unlocking software a less valuable commodity as well as creating unforeseen security issues for the company From rforno at infowarrior.org Mon Aug 27 01:14:48 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 26 Aug 2007 21:14:48 -0400 Subject: [Infowarrior] - Social Networking: An Unmanageable Circle of Friends Message-ID: An Unmanageable Circle of Friends Social-Network Web Sites Inundate Us With Connections, and That Can Be Alienating By Monica Hesse Washington Post Staff Writer Sunday, August 26, 2007; M10 http://www.washingtonpost.com/wp-dyn/content/article/2007/08/24/AR2007082400 481_pf.html Jason Calacanis wishes he could be your Facebook friend, but he just can't. The Internet entrepreneur loves networking; the New Yorker magazine once wrote a profile of him called "The Connector." When people want to get from point A to point B, he's A and a half. But Calacanis now has several thousand friends, with more requests streaming in daily. He's tired. So on his blog this summer, Calacanis, 37, declared a Facebook moratorium. In the future he'll outsource his friend management to an intern. While Calacanis may have burned out early, he predicts he won't be alone: "Everyone's going to face a level of this, too." And then . . . chaos? Isolation? Abject misery? When we reach that point where a utility that is supposed to bring us closer to our friends actually makes us hate our friends -- and the death grip that managing them has on our time -- where will we go from there? "Everyone senses that social networking is really important," says Duncan J. Watts, a Columbia University sociology professor and author of "Six Degrees: The Science of a Connected Age." "But the big question has been: How do you convert networking into a Web site? So far it's been done in an ad-hoc, slapdash sort of way." The problem, according to Watts? Despite Newsweek's assertion last week that Facebook "has already changed the way millions of us connect," Watts says sites like it are failing us because they do not do the thing that social networks are designed to do, namely: network. His websessed students spend their Facebook time keeping up with the infinitesimal details of their acquaintances' lives through the egomaniacally titled News Feeds. Call it stalking, procrastinating or friend collecting, it doesn't build real connections. A history lesson: "Social network" is not a Facebook term or even -- remember these? -- a Friendster or Xanga one. Sociologist J.A. Barnes coined the phrase in 1954 to explain the friend-of-a-friend-of-a-friend connections that cut across traditional groupings of family or ethnic groups. These pathways have historically been the way people get jobs, find apartments, meet spouses and generally navigate the world. They are studied by the 1,200 members of International Network for Social Network Analysis (INSNA), who presumably all have great jobs and fabulous apartments. (Craigslist, of course, has taken over some of the traditional network's roles, though not all.) The bigger problem with Facebook et al., says Barry Wellman, a University of Toronto sociologist and founder of INSNA, is that current sites "assume that everyone in your life is on one happy network." On MySpace, your work colleagues are given the same info as your Halo buddies. That's not how life works, and pretending it does dilutes the meaning of our more powerful connections. Part of the problem is a numbers game. Oft-cited anthropological research puts the maximum effective group size at 150, known as the Dunbar number. Some groups -- religious congregations, book clubs -- splinter off when their numbers get too high for members to bond. Facebook does not. Facebook allows its users to spread their time and energy, like butter covering an increasingly larger piece of friend-network toast. Do you want a lot of toast? Or do you want a lot of butter on normal-size bread? Ogheneruemu "O.G." Oyiborhoro wants the toast. He is the George Washington University junior who holds the school's title of most Facebook friends -- 3,456 and counting. He collects them at parties, in classes, in the library. He thinks the face recognition probably helped out when he ran for and won a student government position last year. But if Oyiborhoro needed to find a new apartment, whom would he ask for help? He thinks for a minute. "That's a good question." Not the 3,456, though. "The furthest I'd go with Facebook would be to ask someone to borrow a textbook. I'd want to actually trust the person" for a bigger request. To use a social networking site for actual social networking would be an impertinence. An imposition. A sign -- even a relatively small one -- of vulnerable humanity instead of the casual snarkiness popular on the site's Walls (so named because messages are posted there, but isn't there a sociologist somewhere dissecting the isolation that the name implies?). It would be like actually playing with collectible Luke and Leia dolls instead of lining them up and occasionally vacuuming off their dusty plastic boxes. It's so1996 to worry about the Internet secluding people from one another (and yeah, some people have found love -- and even apartments -- on Facebook). But the fact that the current popular spaces for social networking come up short means that someone is going to have to find a way for everyone to be real friends again. One industry response to the issue so far has come in the form of . . . more social networking sites. On Aug. 6, online address book Plaxo introduced Pulse, its solution to the walled garden syndrome (i.e., if you wants to see a pal's Facebook entry, you too must belong to Facebook; to gawk at his Flickr photos, you too must Flick). Pulse users can stream everything from Amazon wish lists to del.icio.us Web markers directly into Pulse accounts. To Wellman's point, they can also separate which groups of people receive which types of information. Another futurist prediction involves vertical social networking -- think really juiced-up message boards -- in which users meet via genuine common interests rather than simply mass friend-collect. But that type of "let's nerd out by meeting others on the Thomas Kinkade social network" experience has its own pitfalls. Maybe Thomas Kinkade fans and dog lovers and Beautiful People -- who can join a network where admission is based on looks -- should be forced to occasionally disconnect from each other and meet dog-hating ugly people, just like IRL. That's how real social networks have prevented us from getting too myopic, from living in apartment buildings where the only permissible artwork is . . . Thomas Kinkade, painter of light. In some ways, we're dragged back to that Internet-causes-isolation theory again by the very sites that were designed to prove that it didn't. If hours in the day are limited, and we're spending more of them on social networking sites, then are we ultimately losing either breadth or depth in the way we interact with other people? Or are we just rethinking what it means to be connected, accepting that we'll trade Facebook pokes with 3,456 people but then find our apartments on Craigslist? Until someone figures all of this out, and discovers how to prevent social networking sites from becoming the death of social networking, what does Jason Calacanis, that exhausted networking guru, plan to do? For starters, this: "If you really want to get in touch with me, give me a call." From rforno at infowarrior.org Sun Aug 26 23:29:47 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 26 Aug 2007 19:29:47 -0400 Subject: [Infowarrior] - On Advertising: Jets become flying billboards Message-ID: On Advertising: Jets become flying billboards By Eric Pfanner Published: August 26, 2007 http://www.iht.com/articles/2007/08/26/business/ad27.php LONDON: 'Please return your seat backs and tray tables to their upright and locked position - and start reading the advertisement that is staring you in the face." O.K., you won't actually hear that last part as the flight attendants prepare an aircraft for landing. But as airlines look for new sources of revenue to offset rising fuel costs, more carriers are turning planes into marketing vehicles, installing advertising in hard-to-miss places. Several American carriers, including US Airways and AirTran, recently started selling ads on napkins or stickers that appear on open tray tables. Over the summer, Ryanair, the European low-fare carrier, has gone further, installing advertising panels on the covers of the overhead luggage compartments and in the backs of closed tray tables. Ryanair, and the companies behind these advertising systems, say the new spots offer marketers an effective way to reach consumers who have cash to spend and who are increasingly difficult to influence via traditional media like television and newspapers. InviseoMedia, which has sold the seat-back ads to Ryanair and another European low-fare carrier, Germanwings, says the system provides an average of 40 minutes of "dwell time" during a typical flight. In other words, the only ways for passengers to avoid the ads, which are placed behind tamper-proof plastic shields, is to open the tray or get up and stretch their legs. When they do that, they are confronted with the ads on the overhead bins, which are being sold by a separate company, Fourth Edition. Today in Technology & Media Consumers have voice on Web 2.0 On Advertising: Jets become flying billboards A Web site shows quirky side of Russia "It's a good medium, a good audience and they're captive to some extent," said Dominic Stead, chief executive of Inviseo. "In this day and age, the opportunity to get someone's attention and hold it is invaluable." Inviseo started to install its panels in Germanwings planes about two years ago, and companies like Microsoft, DaimlerChrysler, Hewlett-Packard and HRS, a German travel Web site, have advertised on them. Since the seat-back ad space became available in Ryanair planes this summer, it has attracted only one advertiser: Creative, a maker of digital entertainment devices. But Stead said the Inviseo system could be popular with advertisers that link ads to mobile phone call-in and text-message campaigns, because Ryanair and a number of other airlines plan to enable in-flight cellphone use soon. The use of overhead bins for ads has been faster to catch on than the seat backs, with ads being place by companies like ING, the Dutch bank; Red Bull, a so-called energy drink; and Meteor Mobile Communications, an Irish cellphone operator. Martin Barry, managing director of Fourth Edition, said the ads could generate annual revenue of ?6.5 million, or $8.8 million, if all 41 panels on every one of Ryanair's 137 planes were sold for an entire year. Like Inviseo, Fourth Edition splits an undisclosed portion of the proceeds with the airline. Both Fourth Edition and Inviseo, which are privately held, say they have an advantage over potential rivals because they have already obtained approval for their systems, as required by safety regulators. Will other advertisers and airlines climb aboard? Even though marketers are eager to connect with consumers in new ways, they are also wary about annoying them. "A lot of brands are pretty skeptical about being associated with in-flight advertising," said Ben Cunningham, a media planner at Vizeum, part of the London advertising company Aegis. "In general, it has been something pretty niche for us to advise our clients to get involved with." Other forms of airborne advertising have been around for some time. Carriers have turned the outsides of airplane fuselages into flying billboards. They have sold print ads in their magazines, and some offer video ads in their seat-back entertainment systems. Several carriers have even experimented with ads printed on airsickness bags. Fourth Edition and Inviseo said they were talking with other airlines. But one budget carrier, easyJet, said it was not interested for now. "Onboard advertising is not something we're looking to at the moment," said Marianne West, a spokeswoman. "I think we're quite happy to advertise our own brand onboard." Eric Pfanner can be reached at adcol at iht.com. From rforno at infowarrior.org Sun Aug 26 23:22:56 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 26 Aug 2007 19:22:56 -0400 Subject: [Infowarrior] - Comcast Cuts Off Heavy Internet Users Message-ID: Comcast Cuts Off Heavy Internet Users Customers complain bandwidth limits are secret http://consumeraffairs.com/news04/2007/08/comcast_ban.html?imw=Y Comcast has warned broadband Internet customers across the country to curb their downloading or wind up on the curb. The company has a bandwidth limitation that, if broken, can result in a 12-month suspension of service. The problem, according to customer complaints, is that the telecom giant refuses to reveal how much downloading is too much. The company, which a few years ago advertised the service as ?unlimited? has an ?acceptable use policy? which enforces the invisible download limit. The 23-part policy, states that it is a breach of contract to generate ?levels of traffic sufficient to impede others' ability to send or retrieve information.? But nowhere does it detail what levels of traffic will impede others. Michael, of Speedway, Ind., uses Comcast Internet to transfer large work files while his son uses it for school research. In 2004 he received letters threatening to disconnect his Internet if he doesn't restrict his bandwidth. ?Unfortunately, neither the letter, the AUP, the Comcast websites, nor any printed Comcast materials specify what those bandwidth usage limitations are,? Michael wrote to ConsumerAffairs.Com. ?Essentially, what they are doing is drawing an invisible line, then threatening to disconnect anyone who crosses it. "I am more than willing to curb my usage to meet any limitations set by Comcast...if only they would actually make those limitations available to their subscribers,? he said. ConsumerAffairs.Com has received several complaints from onetime Comcast customers whose service was interrupted by the phantom policy. One of them is Frank Carreiro, a West Jordan, Utah computer technician who has led the charge for hundreds of consumers with his ?Comcast Broadband dispute? blog. Carriero received a phone call from Comcast in December 2006 warning him that if he didn't cut back on his usage, they were going to cut his service. When he contacted customer service to see what he could do, they had no idea what he was talking about and even suggested it was a prank call. One month later, he woke up to no Internet. When he called Comcast, they informed him he would be without service for 12 months. For the next few months, he, his wife and his six children were without Internet until DSL came into their neighborhood. Comcast told Carreiro he was downloading 200-300 gigabytes per month. He said he and his family download a lot of data but could never have used that much. So when he got his new service, he began tracking his use using two independent data logs. ?We haven't broken 50 Gigs a month yet and we tried,? Carreiro wrote in an e-mail. ?I've even built a server for family photos to be shared and still we're not breaking 50 Gigs.? Carreiro said he has spoken to hundreds of people in 15 states in the past five months who have had their Internet privileges revoked by Comcast. But Comcast spokesperson, Charlie Douglas, said only .001 percent of Comcast's customers ever horde too much bandwidth. Carreiro, whose neighbors have also lost their Internet, doesn't agree. ?If it's so low, why do I have a couple of people right down the street who have had their Internet taken away?? Carreiro asked. Douglas said the company shuts off people's Internet if it affects the performance of their neighbors because often many people will share a connection on one data pipe. If customers want a more dedicated stream, they can order Comcast's business account which costs ?roughly $1,500 per month,? Douglas said. Carrerio agreed that download restrictions for residential accounts are necessary to keep the Internet running smoothly. But he said Comcast should reveal what the restrictions are, as most other Internet providers do. Some Internet providers charge customers based on how much they wish to download every month. Carreiro's current provider has a 100-gigabyte cap. Douglas refused to reveal Comcast's bandwidth ceiling and would not say on the record why they keep it a secret. From rforno at infowarrior.org Tue Aug 28 16:44:01 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Aug 2007 12:44:01 -0400 Subject: [Infowarrior] - GetAmnesty.com: MPAA Extortion at its Finest Message-ID: GetAmnesty.com: MPAA Extortion at its Finest Written by Ernesto on August 27, 2007 http://torrentfreak.com/getamnestycom-mpaa-extortion-at-its-finest/ The MPAA and their fellow anti-piracy organizations send out thousands of infringement notices. Only a fraction of these are played out in court, and those that do make it into court are settled at an early stage. So why not circumvent the whole legal system, and gently coerce people to pay for ?amnesty?? GetAmnesty.com: MPAA Extortion At It's FinestThis is exactly what the suits at the MPAA must have thought, because they asked Nexicon to develop a program to convert infringement notices into cash. The GetAmnesty program is a combination of both enforcement activities and efforts to turn infringers into paying ?customers?. It tracks down copyright infringers by using a wide variety of methods. But, instead of sending out the regular infringement notices, they now include links for people to get amnesty. Basically they are asking to pay them an X amount of money, and they promise drop everything and go away. Here?s what you read on the website, and allegedly in the infringement notices: > If you receive a notice that means that we have evidence of you infringing > a copyright holder that we represent. Please stop and consider what such a > paper trail could do to one?s future. We understand that this notice may come > as a bit of a surprise to you, but we sincerely believe that signing our > agreement is in your best interest. I?m not sure how we?re supposed to call this.. extortion? Intimidation? They are clearly trying to scare people into giving their money to the copyright holders without clear evidence. They might have an IP address, but this doesn?t mean anything. The MPAA, or any other anti-piracy organization can?t sue someone simply because he or she pays the bills for the internet connection. Several cases (example 1/2) were dropped already because of this argument. An IP address is not a person. Andrew Norton, a spokesperson of the US Pirate Party, said in a response to TorrentFreak: ?These efforts to continually alienate their consumers will not do major rights holding groups any favors. Programs such as this are thinly veiled extortion efforts, and represent further efforts by media cartels to shore up their crumbling business models by intimidation, and violation of users rights.? Norton continues: ?It is impossible for any program to determine if something is infringing copyright, or if it comes under fair use. With the recent probes into the john-doe lawsuits and their usage, it is clear that this is a pathetic new method to try and shore up the outdated perceptions of the rights holders, rather than trying to adapt and change to suit the times. It is no longer the 1940s, and unlike FM, media conglomerates cannot wish or bury the internet, and modern technology.? The MPAA and other content owners will use these methods because it?s an easy way for them to make money, and they save quite a bit on legal costs too. In fact, the RIAA already uses a website called P2Plawsuits where people can settle their cases online. I seriously question the legality of these extortion tactics. GetAmnesty.com was launched a few days ago. If people receive infringement letters with links to this site, please contact us. In the meanwhile you might want to take a look at what SiteAdvisor says about GetAmnesty? Phishing or other scams ? and that?s exactly what it is. From rforno at infowarrior.org Tue Aug 28 16:48:55 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Aug 2007 12:48:55 -0400 Subject: [Infowarrior] - New Sony Rootkit found on USB drives Message-ID: Deja vu: Sony uses rootkits, charges F-Secure The Finnish security company has found that Sony Microvault USM-F flash drives install files in a hidden folder that hackers can access http://www.infoworld.com/archives/emailPrint.jsp?R=printThis&A=/article/07/0 8/27/Sony-uses-rootkits-charges-F-Secure_1.html By Gregg Keizer, Computerworld, IDG News Service August 27, 2007 A line of USB drives sold by Sony installs files in a hidden folder that can be accessed and used by hackers, a Finnish security company charged Monday, raising the specter of a replay of the fiasco that hit Sony's music arm two years ago when researchers discovered that its copy protection software used rootkit-like technologies. According to F-Secure, the fingerprint-reader software included with the Sony MicroVault USM-F line of flash drives installs a driver that hides in a hidden directory under "c:\windows". That directory and the files within it are not visible through Windows' usual APIs, said F-Secure researcher Mika Tolvanen in a posting to the company's blog Monday. "[But] if you know the name of the directory, it is possible to enter the hidden directory using [the] Command Prompt, and it is possible to create new hidden files," said Tolvanen. "There are also ways to run files from this directory." All of this -- and the fact that the directory goes unspotted by some antivirus scanners -- is similar to the Sony BMG rootkit case in late 2005. Then, researchers spotted rootkit-like cloaking technologies used by the copy-protection software Sony BMG Music Entertainment installed on PCs when customers played the label's audio CDs. The Federal Trade Commission (FTC) alleged that Sony had violated federal law and settled with the company earlier this year. Before that, Sony paid out nearly $6 million to settle cases with U.S. states. "This isn't the same code, recycled," said Mikko Hypponen, F-Secure's chief research officer, in an interview Monday. "Sony doesn't do any of its own development in this area; it looks like a Chinese company did it. But the similarities lie in the fact that like the Sony BMG rootkit, this software uses a hidden folder and hides files in it." More important, he said, is another trait shared by both. "This can be used to hide malware," Hypponen charged. By mid-November 2005, less than two weeks after the first reports that the Sony BMG copy protection software used rootkit-style technologies, Trojan horses using the Sony code to hide from security software popped up in the wild. Hypponen is convinced the same thing can happen here. "This will be trivial to use," he said. Both Hypponen and Tolvanen pointed out that the MicroVault software is cloaking the folder for good reason: To protect the fingerprint reader's authentication files from being tampered with or circumvented. The issue, said Hypponen, is that Sony's left the door ajar. "What's not justified is that others can use this folder," he said. "If Sony was only hiding its own files, no one would object." F-Secure first notified Sony "about a month ago" that its rootkit-sniffing software, BlackLight, had reported hidden files on a system with the MicroVault software. "We never got a reply," said Hypponen. Sony did not respond to a Computerworld request for comment Monday. From rforno at infowarrior.org Tue Aug 28 17:52:41 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Aug 2007 13:52:41 -0400 Subject: [Infowarrior] - More on: GetAmnesty.com: MPAA Extortion at its Finest In-Reply-To: Message-ID: ------ Forwarded Message From: security curmudgeon Date: Tue, 28 Aug 2007 17:47:47 +0000 (UTC) : GetAmnesty.com: MPAA Extortion at its Finest : Written by Ernesto on August 27, 2007 : http://torrentfreak.com/getamnestycom-mpaa-extortion-at-its-finest/ : : The MPAA and their fellow anti-piracy organizations send out thousands : of infringement notices. Only a fraction of these are played out in : court, and those that do make it into court are settled at an early : stage. So why not circumvent the whole legal system, and gently coerce : people to pay for ?amnesty?? When another site like this first came up there was some discussion and laughs. Looking at this one, a few things to point out in no particular order: - Privacy policy refers to the people using the site as 'customers'. If the masses are 'customers', can we now file complaints against them to the BBB? - Privacy policy says "We will never share, sell, or rent your personal information with third parties for their promotional use. Occasionally, we enter into contracts with third parties so that they can assist us in servicing you (for example, providing customer service)." IANAL but that seems to contradict itself. - 'Sign In' is all over HTTP, no encryption used. Reading back to the Privacy Policy they say "SECURITY - We take every precaution to protect the confidentiality and security of your personal information.." It further says "When we ask for sensitive information, such as credit card numbers, we protect it through the use of encryption during transmission, such as the Secure Socket Layer (SSL) protocol." So that means the "Notice ID" and "Password" are not considered sensitive to them. If you are entering an agreement with a third party like this, to avoid legal proceedings, wouldn't you want some assurance that all of this is encrypted when sent to their server? - They accept Vias, MasterCard and AmEx. I wonder if they are PCI compliant? (I'd guess no based on the issues I see on the site just browsing around) - The Terms of Service page has typos, doesn't href link URLs, etc. Worse, for 'Modification of Terms' they say "To make your review more convenient, we will post a version number or date at the bottom of this page." However, on http://getamnesty.com/index.php?p=terms and http://www.getamnesty.com/tos.html there is no such number to distinguish when it was last modified. - Useful links has a single link, and surprisingly not to the MPAA/RIAA. - They are running Apache 1.3.37, mod_fastcgi 2.4.2, mod_auth_passthrough 1.8, mod_log_bytes 1.2, mod_bwlimited 1.4, FrontPage 5.0.2.2635.SR1.2, mod_ssl 2.8.28, OpenSSL 0.9.7a and PHP-CGI 0.1b. Oh, they are powered by PHP 5.1.6 too. From rforno at infowarrior.org Tue Aug 28 22:33:36 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Aug 2007 18:33:36 -0400 Subject: [Infowarrior] - Still more on: GetAmnesty.com: MPAA Extortion at its Finest In-Reply-To: <46D4A12C.8060205@jonsimon.com> Message-ID: Very good point. Perhaps we would find a good use for phishing scams after all? :) --rf ------ Forwarded Message From: Jon It sounds like a great way to do a scam. Spam out e-mails saying: BabyOneMoreTime.mp3 was downloaded off Kazaa filesharing at 10:43PM on 8/6/07 from the IP-address 12.111.59.6, which is associated with this e-mail address, sucker at att.net. Our lawyers will be contacting you shortly. If you would like to settle this case out of course, please make a payment at our website if you would like to avoid a court case and larger settlement. Most people don't know what an IP address is, let alone what theirs is. Pretty soon, the RIAA and MPAA won't be able to do anything due to all the scams around them. -Jon From rforno at infowarrior.org Wed Aug 29 02:13:06 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Aug 2007 22:13:06 -0400 Subject: [Infowarrior] - Pew Center Reflects on Two Decades of U.S. News Preferences Message-ID: Pew Center Reflects on Two Decades of U.S. News Preferences http://www.editorandpublisher.com/eandp/news/article_display.jsp?vnu_content _id=1003631682&imw=Y By E&P Staff Published: August 27, 2007 3:40 PM ET NEW YORK The Pew Research Center has released a new study that monitored public interest in news from 1986 to 2006. The results show that though American interest in news has shifted with the times, the changes have been slight and not suggestive of any sort of meaningful trend. The study broke down the news into 19 categories: -War/Terrorism (U.S.-Linked) -Bad Weather -Man-Made Disasters -Natural Disaster -Money -Crime and Social Violence -Health and Safety -Domestic Policy -Campaigns and Elections -Washington Politics -Political Scandals -Other Politics -Sports -War/Terrorism (Non-U.S.) -Science and Technology -Foreign Policy (US) -Other Nations -Personalities and Entertainment -Celebrity Scandals Each category was then analyzed for three decades: 1986-1989, 1990-1999, 2000-2006. Two categories of news --"Washington Politics" and "Money -- trended upward during the period of study. From 1986-1989, "Washington Politics" was read closely by 17% of the polled audience, while "Money" was read closely by 23% of the audience. By the final period, 2000-2006, "Washington Politics" had risen in interest up to 24%, while "Money" news was up to 40%. In all, the only pattern to truly emerge among the 19 categories was what researchers deemed a "U-shape": categories that started high, slipped in the next decade, and then rose again in this decade. Perhaps one of the greater surprises of the Pew study is that what the study called "Tabloid News" (a combination of celebrity gossip, non-political scandals, popular culture, and sports), did not climb steadily nor dominate any of the other categories. In the 1980s, it had an index score of 21%. By the end of the survey, it was at 18%. As a breakdown per decade, the following were the top news subjects: 1986-1989: Natural Disaster (61% interest) 1990-1999: Bad Weather (40% interest) 2000-2006: War/Terrorism (U.S.-Linked) (43% interest) The entire results of the study can be found at http://pewresearch.org/pubs/574/two-decades-of-american-news-preferences From rforno at infowarrior.org Wed Aug 29 02:15:13 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Aug 2007 22:15:13 -0400 Subject: [Infowarrior] - Rep Berman's at it again..... Message-ID: http://www.variety.com/index.asp?layout=print_story&articleid=VR1117970777&c ategoryid=18 To print this page, select "PRINT" from the File Menu of your browser. Posted: Thurs., Aug. 23, 2007, 5:46pm PT Lawmaker proposes piracy warning Internet subscribers would receive letter By DAVE MCNARY, BEN FRITZ A leading lawmaker will propose federal legislation requiring telcos and cable operators to send Internet subscribers a warning letter if they access pirated content. Rep. Howard Berman (D-Los Angeles) disclosed Thursday at a U.S. Chamber of Commerce antipiracy panel in Hollywood that he'll introduce the legislation as early as next month. If enacted, it would mark a significant change in federal law by making Internet service providers responsible for piracy on their networks, not just those who download or share the content. Berman, speaking at the Hollywood Roosevelt Hotel, indicated that under the legislation there would be a phase-in period for ISPs to notify subscribers. "Initially, it would be a voluntary program," he added. Berman indicated he'd introduce the bill with Rep. John Conyers (D-Mich.) through the House Judiciary Subcommittee on Courts, the Internet and Intellectual Property. Berman, a 13-term member of Congress whose district includes Hollywood, said the legislation will be part of a broader bill to strengthen anticounterfeiting efforts. It will require that federal agents enforce intellectual property violations by Internet service providers, mandate interagency cooperation and initiate the use of international attaches to provide information. Thursday's panel culminated four days of events in Los Angeles designed to raise awareness of and build support for anti-piracy efforts. Rep. Brad Sherman (D-Los Angeles) cited a recent study by the Los Angeles Economic Development Corp. showing that piracy causes $5.2 billion in annual economic losses -- over half of that to the motion picture business. The Chamber also sponsored an event at the Chinese Theater to demonstrate infrared technology employed to spot illegal camcording in theaters. Andrews Intl. VP Andrew Lamprey said studios are currently using his firm's security services on as many as 300 screenings per week. From rforno at infowarrior.org Wed Aug 29 01:23:07 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Aug 2007 21:23:07 -0400 Subject: [Infowarrior] - Why Apple Can't Stop iPhone Hackers Message-ID: News Analysis August 28, 2007, 12:01AM EST text size: TT Why Apple Can't Stop iPhone Hackers AT&T and Apple may face an uphill battle prosecuting hackers who untether the iPhone from the AT&T wireless network http://www.businessweek.com/print/technology/content/aug2007/tc20070827_2306 98.htm by Olga Kharif It sure sounds like a steal. On Aug. 31, George Hotz plans to trade in his iPhone for a metallic blue Nissan (NSANY) 350Z sports car and three brand-new iPhones. But the 17-year-old's device is no ordinary Apple phone. Hotz hacked his iPhone and unlocked it so that it can be used on a variety of cell-phone networks, becoming the first person known to have done so. The person buying Hotz's phone, Terry Daidone, believes he's the one getting the deal because Hotz has agreed to work for him at his cell-phone refurbishing company, CertiCell. Daidone says he doesn't plan to sell unlocked iPhones just yet. Rather, he says that he wants Hotz to teach CertiCell's technicians the secrets to unlocking other kinds of cell phones. But that could change?if he can clear up legal questions surrounding the practice of unlocking mobile phones. "As the need arises to unlock phones, we should be at the forefront of that," Daidone says. Apple (AAPL) and AT&T (T), the sole authorized supplier of the iPhone in the U.S., are doing what they can to make sure that legal clearance never comes. The two companies have put their lawyers on the case, applying pressure on hackers involved in unlocking iPhones to try to get them to stop. Much is at stake. AT&T has been hoping that as the exclusive provider of the iPhone, it will see a surge in new customers and monthly service charges of at least $60 from each one. Apple is supposed to get a cut of the revenues. If iPhones are unlocked, they can be used on the wireless networks of rivals like T-Mobile USA?and AT&T gets zippo. AT&T wouldn't comment for this story, while Apple didn't return a request for comment. Fuzzy Laws So will Apple and AT&T's legal action deter hackers? Hardly. Individual users are already allowed to unlock their own phones under an exemption to the Digital Millennium Copyright Act (DMCA) that the U.S. Copyright Office issued last November. The exemption, in force for three years, applies to "computer programs?that enable wireless telephone handsets to connect to a wireless telephone communication network, when circumvention is accomplished for the sole purpose of lawfully connecting to a wireless telephone communication network." What's less clear is whether companies and hackers can legally unlock the phones and then sell them to others, or sell unlocking software. "The law here is unclear," says Jonathan Kramer, founder of Kramer Telecom Law Firm in Los Angeles. "There just isn't any case law in this area for us to figure out how it plays out." Experts believe that AT&T and Apple will point to the DMCA's section 1201, stating that "no person shall circumvent a technological measure that effectively controls access to a work protected under this title." They will claim that a phone lock is just such a technological measure that protects copyrighted work: namely, cell-phone software. Hackers Undeterred Problem is, it could be argued that, in reality, the lock only protects access to a carrier's communications network?and communications services aren't copyrightable under the Act, explains Jane Ginsburg, professor of literary and artistic property law at Columbia Law School. "This law was written for DVDs and video games," she explains. "What's going on here is using the Copyright Act to achieve another objective." Indeed, this time, hackers may have the law on their side. Remember, decades ago, automakers built their instrument panels so that only authorized radios of their own manufacture would fit in. Eventually, U.S. courts ended that practice. "If Apple and AT&T push too hard, they might see a revision of [the Copyright Act, and it won't be in their favor]," says Richard Doherty, director of consultancy the Envisioneering Group. That's why, for now, some hackers contacted by AT&T lawyers still plan to release their wares. "Over the next few days?you will get what you are looking for," promises an Aug. 27 message posted on the Web site of UniquePhones, which helps people unlock mobile phones. Opening Up the Networks Demand for unlocked iPhones, which sell for $499 and $599, is rising. Already, the phone has become a cultural phenomenon, with enthusiastic fans going to great lengths to get their hands on one. Consumers in rural areas where AT&T doesn't have a network or in markets with spotty AT&T coverage may want to use the popular device through T-Mobile's network. Overseas, consumers want to try it in conjunction with Orange (FTE) and Vodafone (VOD) wireless service. "If Apple offered unlocked iPhones for $1,200, they'd probably sell some," Doherty says. Frustration over locked iPhones is showing up in the courts as well. A class-action lawsuit filed on Aug. 27 in the Supreme Court of the State of New York tells of an iPhone buyer who racked up $2,000 in charges because he couldn't use a different carrier's network while he was on a trip to Mexico. Filed against Apple, the suit claims the plaintiff didn't know that iPhone was tethered to the AT&T network. Many hope that the legal wrangling will, eventually, result in major shifts in how the U.S. wireless industry operates. For one, a case could pave the way to making all wireless networks more open to unlocked phones. In the next five years, 10% to 15% of U.S. wireless users could move to unlocked phones, figures Andrei Jezierski, founder of venture consultancy i2 Partners in New York (see BusinessWeek.com, 12/4/06, "Motorola, Nokia Set Cell Phones Free"). Plus, to answer pent-up demand for untethered phones, a cell-phone carrier could differentiate its offerings by selling all of its handsets unlocked, says David Chamberlain, an analyst with consultancy In-Stat. "It's an anomaly that the phones are tied to individual carriers," he says. "Can we change that business as usual? Maybe. But people who want that will fight for a very long time." Kharif is a reporter for BusinessWeek.com in Portland, Ore. From rforno at infowarrior.org Tue Aug 28 15:16:36 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Aug 2007 11:16:36 -0400 Subject: [Infowarrior] - Test ignore Message-ID: Test ignore From rforno at infowarrior.org Mon Aug 27 19:36:15 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Aug 2007 15:36:15 -0400 Subject: [Infowarrior] - TorrentSpy Closes to U.S. Users Message-ID: TorrentSpy Closes to U.S. Users By Kim Zetter EmailAugust 27, 2007 | http://blog.wired.com/27bstroke6/2007/08/torrentspy-clos.html A few minutes before midnight last night, TorrentSpy began blocking US-based IP addresses from using its search engine, says Ira Rothken, TorrentSpy's lawyer. The move is in direct response to a federal court order earlier this year requiring the search engine to begin logging users' IP addresses and activity. Last year, the Motion Picture Association of America sued TorrentSpy, a BitTorrent search engine, for alleged copyright infringement by aiding users in trading pirated material through file-sharing networks. TorrentSpy maintains a privacy policy that promises users it will not collect any personal information about them without their consent. But a judge ordered the service to begin tracking users and hand over the data to the MPAA. She allowed, however, that the site could mask the IP addresses of users for the time being. Rothken responded when the judgment first came down that TorrentSpy would likely cut off U.S. users rather than violate its privacy policy and hand over customer data. TorrentSpy is appealing the decision but made good on its word last night to protect the privacy of its users by blocking U.S. users. "It's axiomatic that when you have a privacy policy which promises in essence that a search engine is not going to tie personally identified information to the searches that you do that you have the ability to honor it and that a court cannot usurp that promise, especially when users do not get proper notice and an opportunity to get heard," Rothken told Wired News. "We believe that the privacy rights of users in this context are substantially more important than issues related to secondary and possibly tertiary copyright infringement." As of this morning, US-based users attempting to use the search engine receive the following message: Torrentspy Acts to Protect Privacy Sorry, but because you are located in the USA you cannot use the search features of the Torrentspy.com website.Torrentspy's decision to stop accepting US visitors was NOT compelled by any Court but rather an uncertain legal climate in the US regarding user privacy and an apparent tension between US and European Union privacy laws. We hope you understand and will take the opportunity to visit one of these other fine websites: Daily Suture Heavy Music Massive Mating Game WackyVids.com Linkbucks.com Hollywire.com SearchAgent.com Teenist.com (ADULT) From rforno at infowarrior.org Mon Aug 27 16:17:01 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Aug 2007 12:17:01 -0400 Subject: [Infowarrior] - Teenager cracks govt's $84m porn filter Message-ID: Teenager cracks govt's $84m porn filter http://www.smh.com.au/news/National/Teenager-cracks-govts-84m-porn-filter/20 07/08/25/1187462562907.html August 25, 2007 - 7:49AM A 16-year-old schoolboy has cracked the federal government's $84-million internet porn filter. Tom Wood, a Year 10 student, told News Ltd newspapers it took him about 30 minutes to break through the government's new filter, released on Tuesday. Tom, who attends a Melbourne private school, can deactivate the filter after several clicks. His method ensures the software's toolbar icon is not deleted. He can leave his parents believing the filter is still working. Tom, a former cyber bullying victim, fears a computer-savvy child could put the bypass on the internet for others to use. "It's a horrible waste of money," he said. "They could get a much better filter for a few million dollars made here rather than paying overseas companies for an ineffective one." Communications Minister Helen Coonan said the government had anticipated children would find ways to get around the NetAlert filters. Suppliers were contracted to provided updates, Senator Coonan said. "The vendor is investigating the matter as a priority. "Unfortunately, no single measure can protect children from online harm and ... traditional parenting skills have never been more important." Family First senator Steve Fielding, a cyber safety campaigner, said cracking the software highlighted the need for compulsory filtering by internet providers. "You need both. You need it at the ISP and at the PC level," Senator Fielding said. "The Government has not listened to common sense and it leaves kids exposed." ? 2007 AAP From rforno at infowarrior.org Mon Aug 27 13:11:15 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Aug 2007 09:11:15 -0400 Subject: [Infowarrior] - RIAA: Judge Holds "Making Available" is a "Distribution" Message-ID: Friday, August 24, 2007 Pro Se Defendant Loses to RIAA in Atlantic v. Howell in Arizona, Judge Holds "Making Available" is a "Distribution" In Atlantic v. Howell, a case against a pro se defendant in Arizona, the judge ruled in favor the RIAA and concluded that "making available" is in and of itself a copyright infringement. This is the second time of which we are aware in which, in the context of a summary judgment motion against a pro se litigant, a judge has stated that merely "making available" is in and of itself a copyright infringement. The first was Motown v. DePietro in Philadelphia, where the RIAA's summary judgment motion was nevertheless denied. http://recordingindustryvspeople.blogspot.com/2007/08/pro-se-defendant-loses -to-riaa-in.html From rforno at infowarrior.org Mon Aug 27 13:09:44 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Aug 2007 09:09:44 -0400 Subject: [Infowarrior] - Separating fact from fiction on digital copyrights Message-ID: Separating fact from fiction on digital copyrights By Maura Corbett http://news.com.com/Separating+fact+from+fiction+on+digital+copyrights/2010- 1030_3-6204450.html Story last modified Mon Aug 27 04:00:02 PDT 2007 I'll bet you can recite most of the copyright warnings that appear on your screen when you pop in a DVD, or at the end of football game, can't you? At the very least, we all know that when the warning signs appear, what follows are a few very-important-sounding sentences noting the dire consequences of unauthorized use of what we're about to see. We don't necessarily understand it, but we know it's bad. And if we were to believe what they tell us, discussing Barry Bonds' homeruns around the water cooler would put us all in jail. Did it ever occur to you that, in many cases, these serious, ubiquitous warnings may not actually be accurate? Perhaps they've just been around so long that they've been accepted as fact, but in many cases, as very recently pointed out by the Computer and Communications Industry Association, they are at best misleading and, at worst, flat-out wrong. The group filed a formal complaint with the Federal Trade Commission earlier this month against some of the worst offenders--among them, NBC Universal, Major League Baseball and the National Football League--alleging that the statements used by these corporations often include gross misrepresentations of federal law and characterize as unlawful acts that are explicitly permitted by law. NBC Universal immediately characterized the complaint as "frivolous," which pretty much sums up how the company feels about the rights of its consumers. Consumer rights in the digital age are not frivolous. We have them, we should protect them, and U.S. copyright law guarantees them. Consumers may copy, distribute, perform and transmit portions of a publication or work provided that such use constitutes "fair use," which is a legal way of saying that we can enjoy limited and nonlicensed use of copyrighted material without requiring permission from the rights holder. Fair use is not merely a nice concept--it is a federal law based on free speech rights under the First Amendment and is a cornerstone of the creativity and innovation that is a hallmark of this country. However, with the advent of the digital age, fair use has gone missing. Warnings attached to movies, sports broadcasts and other media often provide wildly misleading information about consumer rights under copyright law. For example, warnings on many Universal DVDs state, in part, that "any unauthorized exhibition, distribution or copying of this film or any part thereof (including soundtrack) is an infringement of the relevant copyright and will subject the infringer to severe civil and criminal penalties." Now on News.com Mortgage meltdown: Tech stocks' gain? Week in review: AMD's scramble, Google's gamble Is the digital pen getting mightier? Extra: Space cadet school This statement is simply untrue--the federal copyright statutes specifically allow unauthorized reproduction for criticism, commentary and other purposes. Just recently, the NFL threatened the media by withholding press credentials for any organization that showed more than 45 seconds of a game. This is not the way forward. We should not permit rights holders to use copyright law to create new powers for themselves. Even as we urge consumers to respect the law--and we should--large copyright owners have the same obligation. Scaring their customers is not educating them. Misleading and threatening them, at the end of the day, hurts everyone, including the copyright holders themselves. Copyright law was never intended to serve as a big stick for the rights holder to wield against the freedom of information and ideas. We hope the FTC agrees. Copyright ?1995-2007 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Mon Aug 27 12:15:13 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Aug 2007 08:15:13 -0400 Subject: [Infowarrior] - Gonzales Resigns as Attorney General Message-ID: August 27, 2007 Gonzales Resigns as Attorney General By STEVEN LEE MYERS http://www.nytimes.com/2007/08/27/washington/27cnd-gonzales.html?_r=1&hp=&or ef=slogin&pagewanted=print WACO, Tex., Aug. 27 ? Attorney General Alberto R. Gonzales, whose tenure has been marred by controversy and accusations of perjury before Congress, has resigned. A senior administration official said he would announce the decision later this morning in Washington. Mr. Gonzales, who had rebuffed calls for his resignation, submitted his to President Bush by telephone on Friday, the official said. His decision was not immediately announced, the official added, until after the president invited him and his wife to lunch at his ranch near here. Mr. Bush has not yet chosen a replacement but will not leave the position open long, the official said, speaking on condition of anonymity because the Attorney General's resignation had not yet been made public. Mr. Bush had repeatedly stood by Mr. Gonzales, an old friend and colleague from Texas, even as he faced increasing scrutiny for his leadership of the Justice Department, including his role in the dismissals of nine United States attorneys late last year and questions about whether he testified truthfully about the National Security Agency's surveillance programs. "We're watching a political exercise," Mr. Bush said at a news conference this month, dismissing accusations that the Attorney General had stonewalled or misled a congressional inquiry. "I mean, this is a man who has testified, he's sent thousands of papers up there. There's no proof of wrong." Mr. Gonzales's resignation is the latest in a series of high-level departures that has reshaped the end of Mr. Bush's second term. Karl Rove, another of Mr. Bush's close circle of aides from Texas, stepped down two weeks ago. The official said that the decision was Mr. Gonzales's and that the president accepted it grudgingly. At the same time, the official acknowledged that the turmoil over his tenure as Attorney General had made continuing difficult. "The unfair treatment that he's been on the receiving end of has been a distraction for the department," the official said. From rforno at infowarrior.org Wed Aug 29 13:22:17 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Aug 2007 09:22:17 -0400 Subject: [Infowarrior] - Commentary: Watching Freedom's Watch Message-ID: Watching Freedom's Watch Richard Forno A new grassroots lobbying effort headed by former White House Press Secretary Ari Fleisher is running a series of "pro-war" videos to support military operations in Iraq. While I sympathize with all who have served, suffered, and/or died during this conflict, I must nevertheless take issue with what I find is an appalling and misleading message being presented by this video: The "Wounded Vet" video http://www.youtube.com/watch?v=TNTWYnPi8yc Three key statements from this ad deserve mention: "Congress was right to vote to fight terrorism in Iraq and Afghanistan" True, but that's conflating rationales. Terrorists who attacked us on 9/11 were in Afghanistan, not Iraq....and we attacked them there in late 2001 with strong international support and political backing. However, since we invaded Iraq in a blatant war-of-choice with a flimsy international coalition to support us, NOW there are terrorists in Iraq, including elements linked to those who caused 9/11. So it's become a self-fulfilling prophecy: "there were no 9/11-related terrorists in Iraq, but since we invaded they're there, so now it's all the more reason to stay and fight them -- and besides we've been authorized to fight terrorism wherever they pose a threat!" (And of course, by shifting our focus to Iraq, Afghanistan is falling apart again -- our adversaries are regrouping and conducting significant new operations against us there, too.) The geographically-challenged might note that Iraq is pretty close to another "problem country" in the eyes of the PNAC Alumni Association -- Iran. But I digress. "They attacked *us* and they will again." While this is being said during the ad, a still image of a plane flying into the WTC on 9/11 is shown -- thus clearly trying again to make the suggestion that the perpetrators of 9/11 and (the need to invade and now stay in) Iraq were/are linked, even though such links were disproved repeatedly by any number of bipartisan government commissions and investigations in recent years, and also by senior members of the Administration. That's pure FUD and fear-mongering. "They won't stop in Iraq." This is simply an extension of the tired old chickenhawk talking point about "fighting terrorists over there so we don't fight them here at home." Anyone who still believes or perpetuates that logic clearly does not understand the nature of the current conflict, terrorism, unconventional warfare, or simple human nature. Sadly, that flawed logic has become one of the more salient Administration talking points in defense of the Iraq War, if not also a cornerstone for its current 'strategy.' The bottom line about this commercial: It has been proven repeatedly that none of the 9/11 terrorists had ANY connection with Iraq. It is clear this ad's desired message is to once again try connecting Iraq and 9/11 in an effort to place fear in the minds of viewers in an effort to curry public opinion for the current policy and 'strategy' during a time when serious questions are being raised by the political opposition, general public, and members of the President's own party. I daresay folks in DC are in a panic mode about what to do both from a political and national policy perspective, and are fearful of admitting that based on how things have devolved in Iraq since March 2003, the ideal outcome in Iraq won't be a "good" one aligned with lofty US goals but rather the one that's "least bad" for all involved, as Thomas Ricks noted the other day to Tim Russet. Two final points about the politicization of Iraq and our military not specifically related to the aforementioned commercial: (1) I am sick of hearing how pundits and politicians take great pains to say they're "just back from Iraq" as if that confers any additional credence to their statements. Most such visits are tightly-controlled and secured, and as a result these folks aren't seeing "the real picture" outside their security bubbles and short periods of time "on the ground." (2) You can find soldiers and veterans both for and against the war, so for a politician or pundit to make claims that soldiers are supporting their position (or using them in commercials) is a meaningless statistic, because there are just as many who are opposed to it -- which is only natural if one considers the opinions of various US servicemembers as representative of the deep divisions of opinion here in American society. Such a technique is used simply as window-dressing to support their various statements. Just a few thoughts from someone not buying the spin. -rick PS: Has anyone else noticed that during the past week that there's been a marked increase in the hostile public rhetoric towards Iran? From rforno at infowarrior.org Wed Aug 29 17:36:42 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Aug 2007 13:36:42 -0400 Subject: [Infowarrior] - Congress to eye feds' spy satellite scheme Message-ID: Congress to eye feds' spy satellite scheme Posted by Anne Broache http://news.com.com/8301-10784_3-9768357-7.html?part=rss&subj=news&t ag=2547-1_3-0-20 When politicians return to Washington from their August recess next week, one of their first orders of business will be lobbing questions at Bush administration officials over recently disclosed plans to open up powerful spy satellites to the likes of American border-security agents and police. On September 6, the U.S. House of Representatives Homeland Security Committee plans to hold a morning hearing entitled "Turning Spy Satellites on the Homeland: the Privacy and Civil Liberties Implications of the National Applications Office," according to a press release issued by the panel. Scheduled to appear for questioning are the Department of Homeland Security's Chief Intelligence Officer Charles Allen, Chief Privacy Officer Hugo Teufel, and Civil Rights and Civil Liberties Officer Dan Sutherland. The event is apparently a direct response to a Wall Street Journal report about two weeks ago, which revealed that the sprawling federal agency had signed off on expanded use of the so-called "eyes in the sky." By October, Homeland Security is poised to establish a new subset called the National Applications Office, which would oversee expanding access to the surveillance images. Data about domestic incidents is already fused and sorted 24/7 at Homeland Security 'nerve centers' like this one. (Credit: U.S. Department of Homeland Security) The military has been using the Cold War-era surveillance gadgets overseas for years in an effort to spot terrorist hideouts, to track contraband movement and to plot routes for U.S. soldiers, the WSJ reported. Domestic agencies like the U.S. Geological Survey have also had access to the high-resolution images for mapping and environmental studies. But the use of the monitoring technique for domestic law enforcement purposes appears to be on murkier legal grounds. That's why the plan has attracted concern from some congressional Democrats, including Rep. Edward Markey (D-Mass.), the chairman of a congressional telecommunications and Internet panel, and Rep. Bennie Thompson (D-Miss.), the Homeland Security Committee's chairman (click here for a PDF of Thompson's August 22 letter). Homeland Security officials, for their part, say they have already briefed the various congressional intelligence committees about their plans and have even secured a budget for their activities, according to the WSJ. That may make it more difficult for politicians the House Homeland Security panel to get answers in an open forum next week, as the Bush Administration officials may claim they're not at liberty to discuss classified details. It's likely no coincidence that the hearing is set to occur during Congress's first week back in session after a month-long recess. Congressional Democrats are clearly seeking to rebuild some credibility among privacy and civil liberties advocates after caving at the last minute to the president's demands to enact what critics argue are unacceptably sweeping changes--albeit temporary ones--to federal electronic snooping law. (Since then, both House Speaker Nancy Pelosi and Senate Majority Leader Harry Reid have implicitly threatened to let that law die unless the administration cooperates with Congress's demands for more details on its surveillance programs.) From rforno at infowarrior.org Wed Aug 29 17:53:30 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Aug 2007 13:53:30 -0400 Subject: [Infowarrior] - InfowarCon Moved to March 2008 to Ease Scheduling Conflicts Message-ID: InfowarCon Moved to March 2008 to Ease Scheduling Conflicts http://www.infowarcon.com/content.php?id=press_release.php&size=1500 The much anticipated revival of InfowarCon is going to have to wait another few months. Bowing to pressure from defense agencies, educational institutions and international organizations, the event conflicted with too many other senior level commitments during the September time frame. InfowarCon founder Winn Schwartau said: ?We brought back InfowarCon at the request of countless people and organizations, both within the U.S. and internationally. We also made an assumption about timing ? a poor one as it turns out. It used to be the end of the fiscal year was perfect for the U.S. government, but times have changed.? Many of the senior officials who wanted to speak and attend were unable to commit. To accommodate them and myriad others, InfowarCon has been rescheduled for 2-4 March, 2008, at the same location. InfowarCon?s original dates also conflicted with the opening schedules of military schools and academies who wanted to participate. Professor Dan Kuehl of the National Defense University said: ?This is wonderful news. The end of the fiscal year is a big problem. This move will allow greater support from the educational and defense communities.? ?InfowarCon is a serious and important forum for cooperation between government and industry on national and global cyberterrorism. To make this discussion meaningful we need input from as many voices as possible. I absolutely support any move that increases participation. It?s in the best interest of all concerned?, said Richard Marshall, Senior Information Assurance Representative, Office of Legislative Affairs, National Security Agency. InfowarCon?s sponsors have backed the move. All pre-registered attendees and sponsors will receive upgrades. New registrants will be able to sign-up at revised ?Early Bird? rates at www.infowarcon.com. ?Just our way of making sure that InfowarCon?s passionate supporters will now get even more out of the event,? said Schwartau. Media Contact Information: Eric Green InfowarCon Tel: 240 396 0007 x 908 Eric at infowarcon.com www.infowarcon.com InfowarCon Advisory Board: Dr. Dan Kuehl, National Defense University; Amit Yoran, NetWitness; Mark Rasch, FTI; Dorothy Denning, DoD; Richard Forno, Infowarrior.org; Lars Nicander, CATS; Bruce Brody, CACI. InfowarCon Sponsors & Partners Include: The Department of Homeland Security (DHS), Mandiant, Netwitness, Purifile, Secure Computing, Lincoln Group, White Wolf Security, Department of Defense Cyber Crime Center (DC3), (ISC)2; Homeland Defense Journal, Government Security News, Homeland Defense Week, Officer.com, Continuity Insights, InfraGard National Members Alliance, ISSA NOVA, Terrorism Research Center and National Defense University. From rforno at infowarrior.org Wed Aug 29 23:30:25 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Aug 2007 19:30:25 -0400 Subject: [Infowarrior] - Privacy: A Closer Look at Coupons.com Message-ID: Ben Edelman's report: http://www.benedelman.org/news/082807-1.html John Stottlemire's analysis http://www.tenbucks.net/ Wired Article: Downloadable Coupons Come With Sneaky Extras, Researcher Says http://www.wired.com/politics/security/news/2007/08/coupon_security From rforno at infowarrior.org Thu Aug 30 12:14:21 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Aug 2007 08:14:21 -0400 Subject: [Infowarrior] - LiveJournal Says Users are Responsible for Content of Links Message-ID: http://yro.slashdot.org/article.pl?sid=07/08/29/2319240&from=rss Today, LiveJournal management have demonstrated a serious lack of understanding in how the internet works, declaring that users are responsible for the content of the webpages that they link to in their blog entries. A user points out the obvious flaw: "I get ToS'd because the link's been redirected to a page full o' porn, even though context clearly shows that when I originally put up the link that it didn't actually land on a page of porn?" One wonders how such a long-established blogging company can be so ignorant about the nature of the world wide web. Link to more details: http://liz-marcs.livejournal.com/288425.html From rforno at infowarrior.org Thu Aug 30 18:42:45 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Aug 2007 14:42:45 -0400 Subject: [Infowarrior] - 20,000 Copyright Lawsuits and Counting Message-ID: Happy Anniversary Pirates: 20,000 Copyright Lawsuits and Counting By David Kravets EmailAugust 29, 2007 | 2:07:48 PM http://blog.wired.com/27bstroke6/2007/08/happy-anniversa.html Four years ago, the recording industry set off a legal firestorm when it sued 261 music file-swappers, a move that has reshaped the peer-to-peer, file-sharing world and revamped pirating technologies. The legal tempest commenced September 8, 2003. Members of the Recording Industry Association of America have followed with some 20,000 similar lawsuits, legal threats and settlements, according to a report published Wednesday by the Electronic Frontier Foundation. "The lawsuits, however, are not working," according to the report by the California privacy group. "Today, downloading from P2P networks is more popular than ever, despite the widespread public awareness of lawsuits." The report's conclusion: "Suing music fans is no answer to the P2P dilemma." Napster was shuttered. But alternatives like Aimster and AudioGalaxy filled the vacuum. They too, were supplanted by Kazaa and Morpheus, which were overshadowed by eDonkey and Bit Torrent. The report details several stages of the industry's litigation tactics. At its infancy, the RIAA issued 1,500 subpoenas to internet service providers nationwide, a prelude to its first 261 targets. It has evolved. The RIAA has created a web site for infringers to pay fines with credit cards. One initial target was Brianna Lahara, a 12-year-old girl living with her single mother in a New York City public housing project. She paid $2,000 to settle the case A month later, the legal tactics changed. The RIAA issued 204 threat letters. A majority of the targets settled for an average $3,000. The 80 alleged infringers who did not settle were sued weeks later, according to the report. After the legal landscaped changed, a later phase of the litigation began in 2004. More than 500 so-called "John Doe" lawsuits were filed targeting unidentified uploaders. The courts issued subpoenas to the ISP's who turned over the users' identities. Thousands of cases later, the litigation entered yet another phase, this time tagging university students. The so-called "deterrence and education initiative" has pegged about 3,000 students at 100 campuses nationwide. To speed up settlements, the RIAA set up a web site, where "those receiving pre-litigation letters can simply settle their cases by paying the settlement with a credit card, without any aspect of the case ever entering the legal system," according to EFF's report. Plastic Justice at its finest. From rforno at infowarrior.org Fri Aug 31 11:30:18 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 31 Aug 2007 07:30:18 -0400 Subject: [Infowarrior] - NBC Joins Universal Leaving iTunes Message-ID: BC Joins Universal Leaving iTunes NBC has told Apple (AAPL) that it will not renew its long-term deal with the iTunes store. The GE (GE) unit is "the No. 1 supplier of digital video to Apple?s online store, accounting for about 40 percent of downloads," according to The New York Times. Univeral Music, the world's largest music publisher also declined to sign another long term deal with Apple. Several other companies like CBS (CBS) will reach their end of their initial deals with Apple in the next few months. The Zune could not hurt the iTune model. Neither, it appears, could cell handsets with music capability. But, that leaves Apple as its own worst enemy. It has pushed so hard on the rates that it gets from content owners, they they are balking at staying on board. It is easy to argue that the video and music content owners have no where else to go. They cannot do business without Apple. But, it is not entirely clear that this is true. Companies like Wal-Mart (WMT) and Amazon (AMZN) have large download businesses. Sony (SNE) is opening the Walkman plattform to MP3. And, the video content companies are opening their own websites. And, Nokia (NOK) has launched a big initiative to sell digital content thought its own online store No one can predict who will blink first in the battle over who will set prices for iTunes content. But, for the first time in a couple of years, at least it is a horse race. http://www.247wallst.com/2007/08/nbc-joins-unive.html From rforno at infowarrior.org Fri Aug 31 11:46:07 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 31 Aug 2007 07:46:07 -0400 Subject: [Infowarrior] - Scientists sue NASA, Caltech over deep new background checks Message-ID: Scientists sue NASA, Caltech over deep new background checks The Associated Press Thursday, August 30, 2007 http://www.iht.com/articles/ap/2007/08/30/america/NA-GEN-US-NASA-Background- Checks.php PASADENA, California: Jet Propulsion Laboratory scientists and engineers sued NASA and the California Institute of Technology on Thursday, challenging extensive new background checks that the space exploration center and other federal agencies began requiring in the wake of the Sept. 11 terror attacks. The lawsuit was filed in U.S. District Court in Los Angeles by 28 plaintiffs. Many have worked on such projects as the Mars rovers, the Galileo probe to Jupiter and the Cassini mission to Saturn, but none are involved in classified work, according to the suit. It seeks class-action status to represent similar JPL employees. Caltech was sued because it manages JPL for NASA and employs its staff. The suit also named the U.S. Department of Commerce, which is involved in promulgating federal identification standards. "It's our policy not to comment on matters in litigation," said JPL spokeswoman Veronica McGregor. A 2004 Homeland Security presidential directive mandated new security badges for millions of federal workers and contractors. In order to receive new "smart" badges for access to buildings and computers, they must fill out a form online about employment history, past residences and any illegal drug use. The requirements apply to everyone from janitors to visiting professors. The suit claims the directive was concerned "exclusively with the establishment of a common identification standard" and "contemplates no additional background investigation or suitability determination beyond that already required by law." But according to the lawsuit, the Commerce Department and NASA instituted requirements that employees and contractors permit sweeping background checks to qualify for credentials and refusal would mean the loss of their jobs. NASA calls on employees to permit investigators to delve into medical, financial and past employment records, and to question friends and acquaintances about everything from their finances to sex lives, according to the suit. The requirements apply to everyone from janitors to visiting professors. The suit claims violations of the U.S. Constitution's 4th Amendment protection against unreasonable search and seizure, 14th Amendment protection against invasion of the right to privacy, the Administrative Procedure Act, the Privacy Act, and rights under the California Constitution. Those in more sensitive positions are asked to disclose financial records, list foreign trips and give the government permission to view their medical history. Workers also must sign a waiver giving investigators access to virtually all personal information. Plaintiffs in the lawsuit include senior research scientist Robert Nelson, a 27-year veteran who leads NASA's New Millennium Program which tests or validates new technology NASA will use in space; William Bruce Banerdt, project scientist for the Mars Exploration Rovers; and Julia Bell, a senior engineer who has served on the navigation team for the Mars Odyssey and MER missions, among others. The lawsuit was announced at a press conference at the Pasadena offices of their lawyers. A group of the plaintiffs who attended described their situation as having to choose between leaving jobs they love and giving up their constitutional rights. Attorney Dan Stormer said the employees were being forced to "voluntarily" sign forms opening up every detail of their personal lives to federal scrutiny for two years whether or not they keep their jobs. Plaintiff Susan Foster, a technical writer and editor at JPL for nearly 40 years, said she will resign before the badges are required, and that there were members of the clerical staff who were too "frightened" about losing their jobs to come forward. "They don't tell you what they're looking for, they don't tell you when they're looking for it, they won't tell us what they're doing with the data," she said of the background checks. Dennis Byrnes, a flight dynamics engineer who has worked on trajectory designs for Galileo and the Apollo moon landings, said he was afraid the requirements would prompt people to "flee" government service. The plan is a "flawed promise of security at the expense of freedom," he said. A hearing was set for Sept. 24 on a request for a preliminary injunction in advance of a Sept. 28 deadline by which JPL employees must fill out forms authorizing the background checks. Employees who don't meet the deadline will be barred from JPL and will be "voluntarily terminated" as of Oct. 27. According to the lawsuit, many of the plaintiffs have been employed at JPL for decades, and none work on classified or national security materials or issues, and none have security clearances. "Many of the plaintiffs only agreed to work for NASA with the understanding that they would not have to work on classified materials or to undergo any type of security clearance," the suit said. Data collected from NASA missions and instruments by those plaintiffs who are researchers is in the public domain and shared with the scientific community, the suit said. "Indeed, many of the plaintiffs have elected to work only on non-classified work expressly so their research can be subject to peer review, (and) they can collaborate with the best scientists worldwide and publish their results," it said. In June, JPL workers who consider the background checks unnecessary and intrusive aired their complaints before NASA Administrator Michael Griffin. Griffin said that it was a "privilege to work within the federal system, not a right" and that he would carry out the order unless it was overturned in court, according to a video of the meeting obtained by The Associated Press. JPL, in the foothills of the San Gabriel Mountains east of Los Angeles, prides itself on its university atmosphere. Unlike other NASA centers, JPL, has operated for decades under contract by Caltech. But the 177-acre (72-hectare) campus and its buildings belong to NASA. To enter the grounds, workers flash identification badges at two checkpoints, and guards randomly search cars. From rforno at infowarrior.org Fri Aug 31 11:50:01 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 31 Aug 2007 07:50:01 -0400 Subject: [Infowarrior] - Even the Navy Can't Censor the Internet Message-ID: (from Risks-l) Even the Navy Can't Censor the Internet > Thu, 30 Aug 2007 07:48:44 -0700 http://lauren.vortex.com/archive/000279.html I frequently make the assertion that it's impossible to successfully censor the Internet by trying to remove materials that have already been posted publicly after they've attracted attention. What's published is published, what's done is done. The genie won't just refuse to go back into the bottle, he'll stick his tongue out at you as well -- or worse. You may recall the international brouhaha a couple of weeks ago over the Navy pulling from YouTube all copies of an (originally relatively obscure -- now infamous) amateur music video posted by a user named "PUMPIT01" and produced on the aircraft carrier Ronald Reagan (CVN76), as described in http://tinyurl.com/2tuzdz and many other stories. The video in question ("Women of CVN76") has been variously described as being removed due to security violations (brief shots of utterly innocuous reactor-related areas), "inappropriate use of safety equipment," and other explanations. The real reason for the Navy's "reaction" is clearly just plain old ordinary embarrassment, especially since the ship's CO has a cameo role in the amusing production. But my point here isn't to post a video review, but rather to emphasize that for all the noise about deleting the video, it of course remains easily available with but a minimum amount of effort. You may feel that the inability to effectively "recall" posted materials is a blow for freedom, or to the contrary an information control disaster. But either way, it's a fact -- a reality that we can't escape. And perhaps the sooner we come to terms with this truth, the less time we'll be wasting at shadow boxing with useless Internet censorship attempts. There are far better ways that we can be spending our time. Excuse me? Oh, where's the video? Like I said, finding a copy is actually quite simple. Example: For the sake of the argument, let's say that you did a Google Search right now for the straightforward query of: cvn-76 women pumpit01 "click here" No magic words. No secret codes. Just pretty obvious stuff from the news stories about the video, plus a little common search sense. And while any given search results are often fairly ephemeral, and any particular copy of material found at any given time may still be removed, well, the Internet is a big place, and the Lords of Censorship remain essentially impotent, for better or worse, indeed. Lauren Weinstein +1 (818) 225-2800 http://www.pfir.org/lauren lauren at vortex.com From rforno at infowarrior.org Fri Aug 31 12:12:51 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 31 Aug 2007 08:12:51 -0400 Subject: [Infowarrior] - Vatican air' passengers' holy water confiscated Message-ID: http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2007/08/29/wvatican129. xml 'Vatican air' passengers' holy water confiscated By Malcolm Moore in Rome Last Updated: 2:54am BST 31/08/2007 The passengers on board the Vatican?s first flight to Lourdes may have been pilgrims in search of spiritual healing, but they still had to obey anti-terrorism rules, it has emerged, after several of them had their holy water confiscated. The Vatican?s new service, a Boeing 737 painted in yellow-and-white papal livery, took off from Rome?s Fiumicino airport on Monday, serving swordfish canapes to 148 pilgrims reclining on headrests stamped with the message: ?I search for your face, oh Lord?. While the outward journey was smooth, turbulence struck on the return when anti-terror rules were strictly applied by the French police. No bottles containing more than 100ml of liquid were allowed on board unless checked in, meaning passengers were forced give up the holy water they had just collected at Lourdes. Many hoped to ferry the water back to sick relatives. Instead, dozens of plastic containers in the shape of the Madonna were left at security, while one man decided to drink all of his. One passenger drank all of his holy water rather than discard it ?I did tell others that their containers would not be allowed. Those who travel a lot know that they do not make exceptions,? said Massimo Barra, head of the Red Cross in Italy, who was on board. Monsignor Liberio Andreatta, the official on board from the Vatican?s travel agency, did not even try to argue with the rules, to the dismay of the pilgrims. Many passengers asked the police how they could be foolhardy enough to throw away the miraculous water, according to the Corriere della Sera newspaper. The spring at the sanctuary at Lourdes, where the Virgin Mary is said to have appeared in 1858, is famed for its miraculous healing powers, and every day long queues of believers wait to fill up their containers. The water is so valuable that one French website, www.lourdes-water.com, is offering a litre for ?64. Despite the hiccup, the new service cut down an difficult overland pilgrimage to two hours. Cardinal Ruini, the former head of the Italian bishops, was on board, along with Luciano Moggi, the disgraced former head of Juventus football club, who was seeking some spiritual comfort. The Vatican has promised that seats would cost at least 10 per cent less than the industry average, and that some pilgrims may be able to fly to Lourdes and back in the same day. It also wants to expand its service to routes such as Fatima in Portugal, Santiago de Compostela in Spain, and possibly even Jerusalem. Mistral Air, the charter company which is providing the planes for the Vatican, said it expects to transport 150,000 pilgrims annually. From rforno at infowarrior.org Fri Aug 31 12:26:06 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 31 Aug 2007 08:26:06 -0400 Subject: [Infowarrior] - Storm Hits Blogger Message-ID: Storm Hits Blogger The ubiquitous Storm Trojan has found a new home ? on spam blog sites in Google's Blogger network http://www.darkreading.com/document.asp?doc_id=132793&WT.svl=news1_1 AUGUST 30, 2007 | 4:53 PM By Kelly Jackson Higgins Senior Editor, Dark Reading Careful whose blog you're reading these days: Researchers have discovered the Storm Trojan nestled in hundreds of blog sites in Google's Blogger network. This Storm infection is not simple comment spam, where spammers post their junk messages and malware as blog comments. "These are blogs that post spam," says Alex Eckelberry, CEO of Sunbelt Software, who has been studying the posts. He says he hasn't seen any legitimate blogs bites being hacked and sprinkled with Storm, but he's still researching the trend. Eckelberry, who first discovered Storm executable files on several blogger sites this week, says Storm is showing up on blogs that use the mail-2-blogger feature, where bloggers can post via email. Google does have a CAPTCHA defense in place to prevent this kind of infection, requiring some bloggers to manually enter their code in order to post their blogs. "But these guys are somehow flying under the radar," Eckelberry says. "I have no idea how they are doing this." One site he found that's laden with Storm as well as spam junk is http://www.visionbuzz.blogspot.com/, for instance. And a Google search for Storm's infamous keywords, including "dude what if you wife finds this" and "man your insane," comes up with hundreds of blog sites, he says. Storm is often referred to as a worm, but it's technically a Trojan. It relies on social engineering, with a tempting message and link, and it's all about expanding spam and the underlying botnet behind it, notes Joe Stewart, senior security researcher for SecureWorks. Although it's less dangerous than a traditional worm, it ranks in the top five most prolific threats, he says. "You're not in danger of identity theft -- it's really not all that dangerous to the person who's been infected... It's really more dangerous to the Internet architecture as a whole," he says. The Trojan gives Storm's bot army the ability to launch powerful distributed denial of services attacks, Stewart says. "But that's not its only purpose. It's also to make money, [such as from] stock spam." "It's very disturbing to have Storm executables being linked onto sites we can control. But blog sites that Storm is operating off of are hard to control," Eckelberry says. "We've been working with Google in getting this shut down, and Google has been very helpful." Why are the bad guys starting to plant Storm executables in blogs? "It's all about the numbers," says Randy Abrams, director of technical education for Eset, an anti-malware vendor. "The more places you can get the links out to, the more uneducated users you will trick into clicking on them and then infecting themselves. This, in turn, expands the botnet, which increases the profitability of [the exploit]." From rforno at infowarrior.org Fri Aug 31 13:09:43 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 31 Aug 2007 09:09:43 -0400 Subject: [Infowarrior] - FBI surveillance: It's come a long way Message-ID: FBI surveillance: It's come a long way By JOHN DUNBAR Associated Press Writer The FBI disclosed new details about its secretive technology for tracing telephone calls and recording conversations during criminal, terrorism and espionage investigations, custom-made tools it has developed quietly for a decade. Documents released under the Freedom of Information Act reveal the government has come a long way since the days of alligator clips and reel-to-reel tape recorders when it comes to its surveillance techniques. In hundreds of heavily censored pages, the FBI described in unprecedented detail a sophisticated surveillance system known as the Digital Collection System Network. It includes programs to record information about telephone calls - such as the number called and the duration of the call - made by surveillance targets and another program called Digital Storm to record conversations. Many of the documents were marked "for official use only." Some of the FBI files describe the security risks that outsiders might gain access to the bureau's eavesdropping tools. The FBI said part of its surveillance system is tightly guarded, physically against intruders and electronically against hackers. < - > http://www.sanluisobispo.com/news/politics/story/129946.html From rforno at infowarrior.org Fri Aug 31 11:47:52 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 31 Aug 2007 07:47:52 -0400 Subject: [Infowarrior] - Security researcher stumbles across embassy e-mail log-ins Message-ID: Security researcher stumbles across embassy e-mail log-ins By Eric Bangeman | Published: August 30, 2007 - 10:36PM CT http://arstechnica.com/news.ars/post/20070830-security-researcher-stumbles-a cross-embassy-e-mail-log-ins.html Security consultant Dan Egerstad has managed to snag usernames and passwords for over 100 e-mail accounts belonging to embassy employees around the world. According to Computer Sweden, which was able to check that some of the data was accurate, the embassies affected include India, Russia, Uzbekistan, Kazakhstan, and Iran, along with a British office in Nepal. Egerstad said he found the data inadvertently after some security-related research. "I did some experimentation and came across the information accidentally," Egerstad told Computer Sweden. Of the embassies affected, only Russia has yet to own up to the problem. Roman Mironov, the head secretary at the Russian embassy in Stockholm, told a Swedish television station that the information is accurate, but no longer relevant since the login information has been changed. The Indian embassy refused Computer Sweden's requests for comment. Computer Sweden says that it has confirmed other aspects of Egerstad's account without trying to log into any of the compromised accounts, but has decided against naming or linking to the web site where the data was posted. Given that the data obtained appears to be confined to e-mail login information, the potential for damage appears to be limited. Egerstad hopes that his finding the data proves to be an eye-opening experience for the embassy staff. "I hope this leads them to take action," Egerstad told Computer Sweden. "And I hope they become a bit more aware of security issues." Thanks to Anders Bylund for the translation help.