From rforno at infowarrior.org Sat Dec 1 02:13:37 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Nov 2007 21:13:37 -0500 Subject: [Infowarrior] - Google's Gdrive (and Its Ad Potential) Raise Privacy Concerns Message-ID: Google's Gdrive (and Its Ad Potential) Raise Privacy Concerns By Wayne Ma Published on: November 29, 2007 http://www.popularmechanics.com/technology/industry/4234444.html It?s still shrouded in secrecy, but Google?s free storage service is headed for the Web next year. Still, if the so-called Gdrive becomes as rapidly popular as the company?s e-mail service has in the past three years, what happens to your secrets? The prospect of a massive, speedy and tricked-out online hard drive already has privacy experts and illegal downloaders alike worried?especially if all that data is in the hands of a third-party giant and its cash cow to compete with Apple and Microsoft. With the rumor mill buzzing over the virtual drive?s advertising model and storage capacity, Google isn?t commenting just yet on any plans. But the company already lets users buy extra space for its e-mail and photo services. ?Each of the services has its own free bucket,? Google spokesman Jason Freidenfelds tells PM. To start, users get more than 5 GB for Gmail and 1 GB for Picasa. Once they reach the limit, they can purchase a yearly plan, similar to Apple?s Mac accounts, to store the overflow. Google Docs, the company?s foray into online word processing and spreadsheet applications, doesn?t place strict limits on space. But ?it makes sense? to eventually put it all under one roof, Freidenfelds says. Online storage services already exist, but most are touted as remote backup solutions?and sometimes serve as virtual warehouses for hackers and copyrighted media files. Services like Omnidrive, MediaMax and Box.Net already offer some advanced features such as encryption and on-the-fly editing. But the Gdrive?s functionality is likely to launch on a much larger scale: Google could try to edge out big competitors?such as Microsoft?s Web-based photo and video offerings and its new Windows Live Skydrive?by making a one-stop shop for everything from document and photo editing to video and e-mail viewing. But portability is the key, and the Gdrive might well be part of a larger plan to push computer use into a data cloud, untethered from individual devices. Coupled with Google?s open-source Android operating system for mobile phones, the Gdrive fits nicely with power users looking to access their files anytime, anywhere. Keeping your data on the Web protects you from losing your files after a computer crash or physical theft, and Google takes the security and privacy of its users? information seriously. ?We have a very strong track record when it comes to protecting users? data,? Freidenfelds says, adding that users? trust in Web apps is ?about where we were when people started realizing that their money was safer in a bank than under their mattress.? But that?s not stopping online rights advocates from raising eyebrows worldwide. Trusting information with a third-party client can still expose you to thorny legal challenges such as a subpoena. Unlike a search warrant for your off-line hard drive, which is far more restrictive and difficult to obtain, Google could perhaps be persuaded by law enforcement to deliver up your files?without even telling you. ?Google would be wise to offer users an option to encrypt your information,? says Nimrod Kozlovski, a professor of Internet law at Tel Aviv University. ?It really needs to have really detailed explanations of what the legal expectations are for storing your info.? Physical hard drives and e-mail services already offer encryption for users via software like BitLocker for Windows Vista and PGP for e-mail. Having your own encryption key for data would make it harder for others to access?and almost useless to hackers, Kozlovski says. Then there?s the trickier part: How does giving away storage translate into profits for Google? The company could potentially serve up contextualized ads to Gdrive users similar to its Gmail service and the Ad Words search model that made Google a giant in the first place. In this case, a computer might scan through all your files for relevant keywords, in a move that?s certain to spook privacy advocates, who tend to give Google a free pass compared with some of its competitors. Still, Kozlovski insists, the lack of human eyes will prevent Google from being held responsible for illegal or infringing material on your hard drive. ?Google will not be liable unless they have knowledge of the material on your hard drive,? he says, adding that the company isn?t obligated to actively search for illegal or copyrighted files unless users share them publicly. And even then, the potential for abuse is low, because Google can easily trace back accounts to those who sign up for them. ?I don?t think it?s an attractive scenario for users to use online storage as a sharing facility,? Kozlovski says. ?They would rather put it on the Web and give other people access or links to it.? Leaving files exclusively on a virtual drive or data cloud could, eventually, usher in a new era of computing where mobile devices replace large, clunky desktops sitting in offices and homes. A virtual drive means that your cellphone, MP3 player and laptop all draw from the same data and sync with one another seamlessly. Take a photo on your camera, and it?s ready to be retrieved by your laptop to edit. Create a spreadsheet on your laptop, then add to it on your cellphone during your next train ride. The Gdrive looks like it will take a quantum leap in that direction?whether you like it or not. From rforno at infowarrior.org Sat Dec 1 02:15:38 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Nov 2007 21:15:38 -0500 Subject: [Infowarrior] - Publishers seek to block Internet search engines from additional content Message-ID: Publishers seek to block Internet search engines from additional content The Associated Press Thursday, November 29, 2007 http://www.iht.com/bin/printfriendly.php?id=8532179 NEW YORK: Seeking greater control of their content, leading news organizations and other publishers said Thursday they would push for a revision to technology that controls access to their content by search engines. Google, Yahoo and other top search companies now voluntarily respect a Web site's wishes as declared in a text file known as robots.txt. The file allows a site to block indexing of individual Web pages, specific directories or the entire site. The proposal, presented by a consortium of publishers at the headquarters of The Associated Press, would add to those commands, further restricting access. The current system does not give sites "enough flexibility to express our terms and conditions on access and use of content," said Angela Mills Wade, executive director of the European Publishers Council, one of the organizations behind the proposal. "That is not surprising. It was invented in the 1990s, and things move on." Robots.txt was developed in 1994 in part because of concerns that some crawlers were straining Web sites by visiting them repeatedly or rapidly. As search engines expanded to offer services for displaying news and scanning printed books, news organizations and book publishers began to complain. The proposed extensions, known as Automated Content Access Protocol, partly grew out of those disputes. Leading the drive for the extensions were groups representing publishers of newspapers, magazines, online databases, books and journals. News publishers complained that Google was posting their news summaries, headlines and photos without permission. Google asserted that "fair use" provisions of copyright laws applied, though it eventually settled a lawsuit with Agence France-Presse and agreed to pay The Associated Press without a lawsuit being filed. Financial terms have not been disclosed. The new automated commands will use the same robots.txt file that search engines now recognize. Web sites could start using them Thursday alongside the existing commands. Like the current robots.txt, the use of the new protocol would be voluntary, so search engines ultimately would have to agree to recognize the commands. Search engines could ignore them and leave it to courts to rule on any disputes over fair use. A Google spokeswoman, Jessica Powell, said the company supported all efforts to bring Web sites and search engines together but needed to evaluate the new protocol to ensure it could meet the needs of millions of Web sites, not just those of a single community. "Before you go and take something entirely on board, you need to make sure it works for everyone," Powell said. Organizers of the new protocol tested their system with the French search engine Exalead but had only informal discussions with others. Google, Yahoo and Microsoft sent representatives to the announcement, and O'Reilly said their "lack of public endorsement has not meant any lack of involvement by them." Danny Sullivan, editor in chief of the industry Web site Search Engine Land, said robots.txt "certainly is long overdue for some improvements." But he questioned whether the new protocol would do much to prevent legal battles. And being an initiative of news publishers, he said, it might lack attributes that blogs, online retailers and other Web sites might need in an updated robots.txt. From rforno at infowarrior.org Mon Dec 3 02:47:46 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 02 Dec 2007 21:47:46 -0500 Subject: [Infowarrior] - Vivendi to Acquire Activision Message-ID: December 3, 2007 Vivendi to Acquire Activision By MATT RICHTEL http://www.nytimes.com/2007/12/03/technology/03activision.html?_r=1&hp=&oref =slogin&pagewanted=print SAN FRANCISCO, Dec. 2 ? Vivendi said Sunday that it planned to acquire a controlling stake in Activision in a deal that creates a rival to Electronic Arts as the world?s largest independent video game publisher. The deal combines Activision and Vivendi Games, companies with different areas of strength in the booming video game business. Activision?s emphasis is on making games for consoles, like the Sony PlayStation 3 and the Microsoft Xbox 360. Its game franchises include the Tony Hawk skateboarding games, the Call of Duty war game series and one of the industry?s current best sellers, Guitar Hero, which allows players to strum along on a plastic guitar to tunes played on television. Vivendi?s strength is in online games, like World of Warcraft, which its Blizzard Entertainment unit has built into a worldwide phenomenon with more than nine million players worldwide. The combination of the two companies, to be known as Activision Blizzard, comes at the end of a record year for video game sales. Recent new game consoles from Microsoft, Sony and Nintendo have set off the release of new games and sequels to popular franchises, and expanded the audience to older men and women. Behind the boom, the industry?s competitive landscape is shifting. The dominance of Sony, with its PlayStation 3, has been upended by the Wii, the console made by the once also-ran Nintendo. So too, there are indications of a shift ? or at least a change of momentum ? on the software side. The sales growth of the leading game maker, Electronic Arts, lags behind Activision?s. Sales at Activision rose to $1.5 billion in 2007, a 74 percent jump from 2003. In the same period, Electronic Arts? revenue rose 25 percent, to $3.1 billion. Vivendi is buying Activision while Activision is in the middle of a hot streak. Its Guitar Hero III sold 1.3 million copies in just seven days after it was released late in October. And through October, Activision had three of the eight best-selling games in the United States this year, according to the NPD Group, which compiles sales data. The deal seeks to upend Electronic Arts? dominance by creating a company that can match it in size and breadth. But the new company also faces formidable challenges as it tries to develop the kind of enduring library of game titles that has given Electronic Arts its long dominance. Under the arrangement announced Sunday, the companies said Vivendi would pay $27.50 a share and make a cash infusion of $1.7 billion to acquire a 52 percent stake in Activision, valuing the combined company at $18.9 billion. Vivendi will then fold its game operations into those of Activision in the new company. The new company plans to repurchase $4 billion worth of its shares for $27.50 each, a move the merger partners said would increase Vivendi?s stake to 68 percent. The purchase price represents a premium of 24 percent over Activision?s closing price on Friday of $22.15 a share. The companies said the new entity would trade on Nasdaq. Vivendi and Activision estimated their combined revenue for 2007 at $3.8 billion. Their merger will thus challenge Electronic Arts, with projected 2007 revenue around $3.7 billion, as the largest video game publisher in the world that is not affiliated with a console maker, like Microsoft or Nintendo. Robert A. Kotick, the chief executive of Activision, said in an interview that he thought his company needed to add such a component in an industry that is being transformed by the Internet. He said that after exploring ways to develop such expertise within Activision, he decided that the better, if not only way, was to merge with another company. ?We looked every which way to figure out how to participate in what Blizzard had created,? he said, ?We couldn?t find a way to duplicate it, but we could acquire the expertise.? Mr. Kotick will retain his position atop the combined company. Bruce Hack, chief executive of Vivendi Games, will become vice chairman and chief corporate officer and lead the merger integration as well as head finance, human resources and the legal section. One challenge for the merger partners is integration. The new company will have 6,000 employees, and Mr. Kotick said that if it met its growth targets, it could be double that size in three or four years. Another challenge is that the video game industry, though it has grown steadily as interactive entertainment cut sharply into traditional media, is a hit-and-miss business. Much like the movie business, every video game company, including Activision, has had its share of disappointments, failed games and costly efforts to develop games that eventually flopped. Largely as a result of Guitar Hero?s success, Wall Street analysts have been bullish about Activision. But even the optimists wonder if Activision can continue its pace of growth. Activision has "absolutely blown away the Street?s expectations and their own guidance," Mike Hickey, an industry analyst with Janco Partners, said last week, before the merger announcement. "They?ve done phenomenally. But can they replicate it?" Activision and Vivendi maintain that their combination changes the dynamics because, they said, their new size creates an entity with a broader game portfolio and greater profitability. In the merger, expected to be completed in the first half of 2008, shares of Vivendi Games will be converted into 295.3 million new shares of Activision common stock, a transaction that values Vivendi Games at $8.1 billion. Vivendi will also buy 62.9 million newly issued shares of Activision for $1.7 billion in cash. Jean-Bernard L?vy, chairman of the board of management and chief executive of Vivendi, said the investment represented a long-term commitment to the video game industry, which he deemed the fastest-growing entertainment sector. The two companies also said that within five business days after closing the transaction, Activision Blizzard would begin a $4 billion all-cash tender offer to purchase up to 146.5 million Activision Blizzard common shares at $27.50 each. Depending on how this works out, Vivendi said it could ultimately own 68 percent of Activision Blizzard on a fully diluted basis. Even as the deal puts Activision Blizzard in the top spot in terms of revenue, one question that will face investors is whether Activision can duplicate the business model of Electronic Arts. Electronic Arts has built its business on creating numerous game franchises that deliver reliable streams of annual revenue. For instance, in its 2007 fiscal year, the company had 24 titles that sold more than a million copies each, and four games ? Madden NFL 07, Need for Speed Carbon, FIFA 07 and The Sims 2 Pets ? that sold more than five million copies. It has done that, in part, by buying studios with popular games. Compared with its competitors, Electronic Arts has invested relatively heavily in the new businesses of casual and mobile games, and popular multiplayer games, industry analysts said. The investments have yet to pay off, but if they do, they could be a big boost to Electronic Arts, the analysts said. From rforno at infowarrior.org Mon Dec 3 02:57:05 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 02 Dec 2007 21:57:05 -0500 Subject: [Infowarrior] - US says it has right to kidnap British citizens Message-ID: US says it has right to kidnap British citizens David Leppard http://www.timesonline.co.uk/tol/news/world/us_and_americas/article2982640.e ce AMERICA has told Britain that it can ?kidnap? British citizens if they are wanted for crimes in the United States. A senior lawyer for the American government has told the Court of Appeal in London that kidnapping foreign citizens is permissible under American law because the US Supreme Court has sanctioned it. The admission will alarm the British business community after the case of the so-called NatWest Three, bankers who were extradited to America on fraud charges. More than a dozen other British executives, including senior managers at British Airways and BAE Systems, are under investigation by the US authorities and could face criminal charges in America. Until now it was commonly assumed that US law permitted kidnapping only in the ?extraordinary rendition? of terrorist suspects. The American government has for the first time made it clear in a British court that the law applies to anyone, British or otherwise, suspected of a crime by Washington. Legal experts confirmed this weekend that America viewed extradition as just one way of getting foreign suspects back to face trial. Rendition, or kidnapping, dates back to 19th-century bounty hunting and Washington believes it is still legitimate. The US government?s view emerged during a hearing involving Stanley Tollman, a former director of Chelsea football club and a friend of Baroness Thatcher, and his wife Beatrice. The Tollmans, who control the Red Carnation hotel group and are resident in London, are wanted in America for bank fraud and tax evasion. They have been fighting extradition through the British courts. During a hearing last month Lord Justice Moses, one of the Court of Appeal judges, asked Alun Jones QC, representing the US government, about its treatment of Gavin, Tollman?s nephew. Gavin Tollman was the subject of an attempted abduction during a visit to Canada in 2005. Jones replied that it was acceptable under American law to kidnap people if they were wanted for offences in America. ?The United States does have a view about procuring people to its own shores which is not shared,? he said. He said that if a person was kidnapped by the US authorities in another country and was brought back to face charges in America, no US court could rule that the abduction was illegal and free him: ?If you kidnap a person outside the United States and you bring him there, the court has no jurisdiction to refuse ? it goes back to bounty hunting days in the 1860s.? Mr Justice Ouseley, a second judge, challenged Jones to be ?honest about [his] position?. Jones replied: ?That is United States law.? He cited the case of Humberto Alvarez Machain, a suspect who was abducted by the US government at his medical office in Guadalajara, Mexico, in 1990. He was flown by Drug Enforcement Administration agents to Texas for criminal prosecution. Although there was an extradition treaty in place between America and Mexico at the time ? as there currently is between the United States and Britain ? the Supreme Court ruled in 1992 that the Mexican had no legal remedy because of his abduction. In 2005, Gavin Tollman, the head of Trafalgar Tours, a holiday company, had arrived in Toronto by plane when he was arrested by Canadian immigration authorities. An American prosecutor, who had tried and failed to extradite him from Britain, persuaded Canadian officials to detain him. He wanted the Canadians to drive Tollman to the border to be handed over. Tollman was escorted in handcuffs from the aircraft in Toronto, taken to prison and held for 10 days. A Canadian judge ordered his release, ruling that the US Justice Department had set a ?sinister trap? and wrongly bypassed extradition rules. Tollman returned to Britain. Legal sources said that under traditional American justice, rendition meant capturing wanted people abroad and bringing them to the United States. The term ?extraordinary rendition? was coined in the 1990s for the kidnapping of terror suspects from one foreign country to another for interrogation. There was concern this weekend from Patrick Mercer, the Tory MP, who said: ?The very idea of kidnapping is repugnant to us and we must handle these cases with extreme caution and a thorough understanding of the implications in American law.? Shami Chakrabarti, director of the human rights group Liberty, said: ?This law may date back to bounty hunting days, but they should sort it out if they claim to be a civilised nation.? The US Justice Department declined to comment. Additional reporting: Anna Mikhailova From rforno at infowarrior.org Mon Dec 3 13:07:12 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 03 Dec 2007 08:07:12 -0500 Subject: [Infowarrior] - LiveJournal bought by Russian firm Message-ID: LiveJournal & SUP Six Apart Announces New Home for LiveJournal http://news.livejournal.com/104520.html Acquisition of LiveJournal, creation of new operating company and investment fund by SUP promise new innovation and expansion for pioneering online community San Francisco, CA - December 3, 2007 - Six Apart, the world's leading independent blogging software and services company, today announced that SUP, an international media company, has acquired LiveJournal (LJ), the pioneer of social networking communities online used by millions of people around the world to connect through personal journals and topic-based communities. SUP has launched an American company, LiveJournal, Inc., to manage and operate LiveJournal globally. This agreement builds on the established and successful relationship between Six Apart and SUP, which entered into a licensing agreement in October 2006 permitting SUP to manage LiveJournal in Russia. The Russian LiveJournal community is second only to the U.S. in number of accounts, and has been influential enough in that country to make "LiveJournal" synonymous with "blogging" in Russian. "We have a tremendous respect for the LiveJournal community, and are pleased to see that LiveJournal, Inc. will continue to build on LiveJournal's rich user experience. We have been impressed by the expertise and enthusiasm that SUP has brought to LiveJournal in Russia. They've introduced new features, nearly doubled the number of users, invested in key product enhancements, and have done justice to one of the most innovative online social networks in the world. Judging both by SUP's track record and their eagerness to create a new user advisory board to oversee the community's interests, this is clearly a good fit," stated Chris Alden, CEO and Chairman of Six Apart. "Having gotten to know LiveJournal in Russia over the past year, we see enormous potential in developing the business worldwide; it has already shown its durability in America. We believe this is a great opportunity," said Andrew Paulson, CEO of SUP. Six Apart acquired LiveJournal in January 2005 from its founder, Brad Fitzpatrick. From its founding, LiveJournal popularized many of the fundamental innovations of social media, such as friends lists and powerful privacy controls. Under Six Apart, the number of LiveJournal accounts nearly tripled from 5 million to over 14 million, and dozens of new features were introduced to the site, including * a powerful email/IM/web notification system; * LJTalk, a completely open-source Jabber-based instant messaging platform; * user-to-user messaging and tremendous improvements in comment management and editing; * a vastly expanded mobile feature set, including a dedicated mobile client; and * dozens of new visual themes and a completely new, simplified site design and navigation system. Six Apart will continue its active investment in and promotion of the signature open source platform technologies created by the LiveJournal team, such as Memcached, Mogile, Perlbal, and OpenID, all of which have been adopted by other leading web properties from Craigslist to Facebook to Wikipedia. LiveJournal, Inc. will also carry on LiveJournal's strong open source tradition. Six Apart will also continue to represent LiveJournal to advertisers and sponsors for at least the coming twelve months. Brand owners interested in advertising on LiveJournal or Six Apart's Vox may visit here. "While we'll miss being LiveJournal's home, this is a great milestone for LiveJournal and also lets us to focus on the core products invented at Six Apart: Movable Type, TypePad, and Vox," said Alden. "We are investing heavily in the products and have substantial growth plans for 2008." For more information about the acquisition, please visit lj_2008. About Six Apart Six Apart Ltd. provides award-winning blogging software and services that change the way millions of individuals, organizations, and corporations connect and communicate across the world every day. Founded in 2002 by husband and wife team Ben Trott and Mena G. Trott, Six Apart is a global company with its headquarters in San Francisco, CA, and offices in Europe and Japan. The company continues to lead in the blogging and social media industry with the Movable Type Publishing Platform, the TypePad hosted blogging service, and Vox, a free blogging service for friends and families. For more information visit the Six Apart corporate web site at http://www.sixapart.com/. < -- BIG CUT -- > http://news.livejournal.com/104520.html From rforno at infowarrior.org Mon Dec 3 19:36:38 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 03 Dec 2007 14:36:38 -0500 Subject: [Infowarrior] - Conversation: Schneier and Ranum Message-ID: December 03, 2007 Security in Ten Years This is a conversation between myself and Marcus Ranum. It will appear in Information Security Magazine this month. < - > http://www.schneier.com/blog/archives/2007/12/security_in_ten.html From rforno at infowarrior.org Mon Dec 3 19:55:38 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 03 Dec 2007 14:55:38 -0500 Subject: [Infowarrior] - OpEd - CNN: Corrupt News Network Message-ID: CNN: Corrupt News Network A self-serving agenda was set for the Republican presidential debates. December 1, 2007 http://www.latimes.com/entertainment/la-et-rutten1dec01,0,4122002.column?col l=la-home-center THE United States is at war in the Middle East and Central Asia, the economy is writhing like a snake with a broken back, oil prices are relentlessly climbing toward $100 a barrel and an increasing number of Americans just can't afford to be sick with anything that won't be treated with aspirin and bed rest. So, when CNN brought the Republican presidential candidates together this week for what is loosely termed a "debate," what did the country get but a discussion of immigration, Biblical inerrancy and the propriety of flying the Confederate flag? In fact, this most recent debacle masquerading as a presidential debate raises serious questions about whether CNN is ethically or professionally suitable to play the political role the Democratic and Republican parties recently have conceded it. Selecting a president is, more than ever, a life and death business, and a news organization that consciously injects itself into the process, as CNN did by hosting Wednesday's debate, incurs a special responsibility to conduct itself in a dispassionate and, most of all, disinterested fashion. When one considers CNN's performance, however, the adjectives that leap to mind are corrupt and incompetent. Corruption is a strong word. But consider these facts: The gimmick behind Wednesday's debate was that the questions would be selected from those that ordinary Americans submitted to the video sharing Internet website YouTube, which is owned by Google. According to CNN, its staff culled through 5,000 submissions to select the handful that were put to the candidates. That process essentially puts the lie to the vox populi aura the association with YouTube was meant to create. When producers exercise that level of selectivity, the questions -- whoever initially formulated and recorded them -- actually are theirs. That's where things begin to get troubling, because CNN chose to devote the first 35 minutes of this critical debate to a single issue -- immigration. Now, if that leaves you scratching your head, it's probably because you're included in the 96% of Americans who do not think immigration is the most important issue confronting this country. We've got a pretty good fix concerning what's on the American mind right now, because the nonpartisan and highly reliable Pew Center has been regularly polling people since January on the issues that matter most to them. In fact, the center's most recent survey was conducted in the days leading up to Wednesday's debate. HERE'S what Pew found: By an overwhelming margin, Americans think the war in Iraq is the most important issue facing the United States, followed by the economy, healthcare and energy prices. In fact, if you lump the war into a category with terrorism and other foreign policy issues, 40% of Americans say foreign affairs are their biggest concern in this election cycle. If you do something similar with all issues related to the economy, 31% list those questions as their most worrisome issue. As anybody who has looked at their 401(k) or visited a gas pump would expect, that aggregate figure has increased dramatically since Pew started polling in January. Back then, for example, concerns over the war outpaced economic anxieties by fully 8 to 1. By contrast, just 6% of the survey's national sample said that immigration was the most important electoral issue. Moreover, that number hasn't changed in a statistically meaningful way since the first of the year. In other words, more than nine out of 10 Americans think something matters more than immigration in this presidential election. So, why did CNN make immigration the keystone of this debate? What standard dictated the decision to give that much time to an issue so remote from the majority of voters' concerns? The answer is that CNN's most popular news-oriented personality, Lou Dobbs, has made opposition to illegal immigration and free trade the centerpiece of his neonativist/neopopulist platform. In fact, Dobbs led into Wednesday's debate with a good solid dose of immigrant bashing. His network is in a desperate ratings battle with Fox News and, in a critical prime-time slot, with MSNBC's Keith Olbermann. So, what's good for Dobbs is good for CNN. In other words, CNN intentionally directed the Republicans' debate to advance its own interests. Make immigration a bigger issue and you've made a bigger audience for Dobbs. That's corruption, and it's why the Republican candidates had to spend more than half an hour "debating" an issue on which their differences are essentially marginal -- and, more important, why GOP voters had to sit and wait, mostly in vain, for the issues that really concern them to be discussed. That's particularly true because that same Pew poll reported findings of particular relevance to Republican voters, the vast majority of whom continue to support the war in Iraq. According to this most recent poll, a substantial number of Americans believe the surge is working. As Pew summarized their findings, "While Iraq remains a deeply polarizing issue across party lines, there has been improvement in how both Democrats and Republicans view the war. At the lowest point in February, barely half of Republicans (51%) said things were going well. Today, 74% of Republicans say the same. And while Democrats remain far more skeptical than Republicans, the proportion of Democrats expressing a positive view of the Iraq effort has doubled since February (from 16% to 33%). "Independents' assessments of how the military effort is going remain far closer to the views of Democrats than of Republicans. Currently, 41% of independents offer a positive assessment, while half say things are not going well. In February, 26% of independents expressed a positive view of the situation in Iraq." Those are significant swings of opinion, yet the poll also found that more than half of Americans still favor withdrawing American troops. That disconnect is a real issue for the GOP candidates, all but one of whom support the war. Unless we're going to believe that the self-selecting YouTube questioners were utterly different from the rest of American voters, it seems pretty clear that CNN ignored these complex -- and highly relevant concerns -- for an issue that served its ratings interests -- immigration -- or ones that made for moments of conventional television conflict, like gun control, which doesn't even show up in surveys of voters' concerns. THIS is intellectual venality, but it pales beside the wickedness of using some crackpot's query about the candidates' stand on Biblical inerrancy to do something that's anathema in our system -- to probe people's individual religious consciences. American journalists quite legitimately ask candidates about policy issues -- say, abortion -- that might be influenced by their religious or philosophical convictions. We do not and should not ask them about those convictions themselves. It's nobody's business whether a candidate believes in the virgin birth, whether God gave an oral Torah to Moses at Sinai, whether the Buddha escaped the round of birth and rebirth or whether an angel appeared to Joseph Smith. The latter point is relevant because CNN's noxious laundering of this question through the goofy YouTube mechanism quite clearly was designed to embarrass Mitt Romney -- who happens to be a Mormon -- and, secondarily, to help Mike Huckabee -- who, as a Baptist minister, had a ready answer, and who happens to be television's campaign flavor of the month. Beside considerations like these, CNN's incompetent failure to weed out Democratically connected questioners pales. In any event, CNN has failed in its responsibilities to the political process and it's time for the leaders of both the Republican and Democratic parties to take the network out of our electoral affairs. timothy.rutten at latimes.com From rforno at infowarrior.org Tue Dec 4 03:33:52 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 03 Dec 2007 22:33:52 -0500 Subject: [Infowarrior] - =?iso-8859-1?q?=8C_Homegrown_=B9_Suppression_of_D?= =?iso-8859-1?q?issent?= Message-ID: Published on Friday, November 30, 2007 by CommonDreams.org ?Homegrown? Suppression of Dissent by Jules Boykoff http://www.commondreams.org/archive/2007/15/30/5526/ Last month the U.S. House of Representatives flew a stealth mission under the mainstream media?s radar, passing startling legislation that targets constitutionally protected political speech and paves a path for the government?s suppression of dissent. The Violent Radicalization and Homegrown Terrorism Prevention Act of 2007 would establish a ten-member National Commission on the Prevention of Violent Radicalization and Homegrown Terrorism primarily comprised of Congress members. It would also give the Department of Homeland Security the power to create ?a university-based Center of Excellence for the Study of Violent Radicalization and Homegrown Terrorism? to ?study the social, criminal, political, psychological, and economic roots? of U.S.-based radicalization and terrorism. Despite its overwhelming support in the House?where it passed 404 to 6?this law is severely problematic in three main ways. First of all, it?s superfluous. We don?t need more laws against ?violent radicalization? and ?homegrown terrorism.? We already have plenty of legislation outlawing murder, conspiracy, arson, and other crimes that the government often associates with terrorism, not to mention wide-reaching terrorism laws like the USA PATRIOT Act, the Animal Enterprise Terrorism Act, and the Military Commissions Act, all of which can be applied to U.S. citizens. As such, the bill is less an honest effort to combat actual terrorism than it is ideology-drenched window dressing designed to win political points and electoral votes. Second, the measure takes aim at political speech that is protected under the First Amendment of the Constitution. Groups and individuals trying to further ?political or social objectives? are explicitly the focus of the act, which brings up questions around the freedom of assembly. >From a judicial perspective, this bill is a constitutional challenge waiting to happen. Sure the bill claims, ?Any measure taken to prevent violent radicalization, homegrown terrorism, and ideologically based violence?should not violate the constitutional rights, civil rights, or civil liberties of United States citizens or lawful permanent residents.? But given the actual text of the bill and the Bush administration?s penchant to engage in warrantless surveillance, this flimsy caveat assuring that dissent will not be suppressed is tantamount to saying ?I don?t do cocaine, I just like the way it smells.? Third, too often the bill employs alarmingly over-broad definitions. The bill states that ?ideologically based violence? is ?the use, planned use, or threatened use of force or violence by a group or individual to promote the group or individual?s political, religious, or social beliefs.? It doesn?t take the imagination of an avant-garde poet to envision scenarios in which radical political dissidents could get sucked into the wide-swirling vortex of ?ideologically based violence.? What if protesters use their bodies during a direct action to take over an intersection or to block traffic, as anti-war activists in Olympia, Washington have done recently? Can this seriously be dubbed ?homegrown terrorism?? What about an anarchist who hurls a brick through a corporate window to make a political statement? Is this vandalism really ?violent radicalization? or ?homegrown terrorism?? The bill also defines ?violent radicalization? in part as ?adopting or promoting an extremist belief system,? but what exactly is ?an extremist belief system?? Anti-capitalism? Socialism? Anarchism? Neo-conservatism? Even a cursory look backward through U.S. history reveals heroic figures who could be dubbed ?violent radicals? or ?homegrown terrorists? under the proposed bill, from U.S. revolutionaries like Sam Adams to gun-toting slavery abolitionists like John Brown to militant civil-rights organizers like Malcolm X and Martin Luther King, Jr. Shortly after the American Revolution, Thomas Jefferson wrote in 1787, ?What country can preserve its liberties if their rulers are not warned from time to time that their people preserve the spirit of resistance?? The Senate, which is currently considering a virtually identical version of the bill, would do well to resurrect ?the spirit of resistance? and finally say no to the Bush administration?s persistent whittling of our civil liberties. The House roll call vote demonstrates that this is not a partisan issue. The bill?s supporters were obviously bi-partisan, but it?s important to note that opposition to the bill was also bi-partisan, with three Democrats and three Republicans voting against it. Unlike the media?who have performed a mums-the-word blackout on the bill?concerned citizens from the left, right, and center must oppose this legislation before the Senate slots it into law. We need a nonpartisan groundswell to stand up to this newest onslaught against our civil liberties, before it?s too late. Jules Boykoff is the author of Beyond Bullets: The Suppression of Dissent in the United States (AK Press, 2007). He teaches political science at Pacific University in Oregon. From rforno at infowarrior.org Tue Dec 4 13:30:24 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 04 Dec 2007 08:30:24 -0500 Subject: [Infowarrior] - Tipping point for DRM and MP3s? Message-ID: Digital developments could be tipping point for MP3 Mon Dec 3, 2007 8:39am EST http://www.reuters.com/article/technologyNews/idUSN0132743320071203?sp=true NEW YORK (Billboard) - Warner Music Group (WMG) and Sony BMG Music Entertainment are feeling increased pressure to follow EMI and Universal Music Group's lead in distributing music in the MP3 format, which forgoes restrictive digital rights management technology. A yearlong download promotion planned between Pepsi and Amazon is among several developments forcing WMG and Sony to consider the format, Billboard has learned, News of the Pepsi promotion, which is expected to be announced February 3 during the Super Bowl, coincides with Wal-Mart's ultimatum that major labels supply walmart.com with their music in MP3, sources said. Labels said they have been watching the success of an MP3 test that Universal Music Group (UMG) began in August. The major label continues to allow the sale of 85 percent of its current catalog as MP3s. Sources said UMG is on the verge of permanently embracing that digital format. But a source close to the testing insisted that the decision is still up in the air while the company awaits conclusive results from the trial, which are due in mid-January. Meanwhile, Disney's Hollywood Records has joined the list of major-distributed labels testing MP3 at Amazon and walmart.com. The company has supplied 30 to 40 titles from its mammoth catalog in the MP3 format. A check of those sites shows the latest albums from Atreyu and Grace Potter & the Nocturnals on the Hollywood label available in the MP3 format, though they are not available at iTunes. EMI began selling its music in MP3 format in June. WMG and Sony BMG Music Entertainment both declined to comment, but have continued to publicly maintain their separate stances in favor of using digital rights management for downloads. Sources said Sony BMG is considering an MP3 test. The company initially was steadfast against MP3 and wouldn't allow its independent distributor, RED Distribution, to engage in negotiations on behalf of its labels with Amazon when the merchant was trying to set up its MP3 download store. But Sony BMG management relented and let RED become involved in those negotiations. The parent company, however, refused to supply Amazon with its catalog in the MP3 format. PEPSI FREE Pepsi's track record with download giveaways may be motivating labels. According to sources, Pepsi will feature a download promotion on the inside of 5 billion of its soda bottlecaps. Sources said Pepsi customers will need to collect five caps in order to exchange them for a download; this yields the potential for 1 billion redeemable tracks. A Pepsi spokesperson declined to comment. Pepsi's first stab at giving away free music downloads, which was conducted in partnership with iTunes in 2004, was also promoted via a highly visible Super Bowl campaign. It resulted in 5 million people downloading free songs in the space of three months -- 5 percent of the 100 million tracks that were offered. While the 5 million digital tracks redeemed in the campaign reportedly fell short of the 25 million target redemption rate, that was in the early days of digital distribution, when Apple was reporting selling digital tracks at a rate of 2.7 million per week. Since then, with the widespread success of the iPod -- which is likely to be even more popular come Christmas -- digital track sales have grown by 416 percent, from the 142.6 million tracks scanned in 2004 to the 735.4 million tracks accumulated so far this year, according to Nielsen SoundScan. Based on trends of the past few years, Billboard estimates that digital download sales could increase by another 5 million per week in 2008. In the week after Christmas in 2006, track sales totaled 30.1 million, a 51 percent increase from the 19.9 million scanned in the corresponding week of the previous year -- which was, in turn, a 197 percent increase over the 6.7 million scans generated during the corresponding week of 2005. Digital downloads generally increase drastically after consumers receive iPods and iPod gift cards for Christmas. In the new Pepsi promotion, sources said, Amazon will serve as the supplier for the downloads, and customers will need to visit a specific redemption store on the Amazon site to access music from participating labels. All majors have been approached about participating in the offer, but the price that Amazon is willing to pay appears to be a sticking point for some labels. Sources said that Amazon will pay labels in the area of 40 cents per track. This compares with the 65-70 cents labels currently receive from Amazon for digital track sales and the 70 cents they get from Apple. Regardless of which labels ultimately sign on, the Super Bowl commercials will nonetheless double as the coming-out party for Amazon's digital download site, which soft-launched September 25. Since then, without aggressively promoting its download business, Amazon has captured about a 3 percent market share of the digital download channel, Billboard estimates. The store has a 6 percent market share of all CD sales. WAL-MART's WISHES Another factor driving the labels' decisions, sources said, involves mass merchant Wal-Mart alerting WMG and Sony BMG that it will pull their music files in the Windows Media Audio format from walmart.com some time between mid-December and mid-January if the labels haven't yet provided the music in MP3 format. Wal-Mart declined comment. "It's a matter of policy that we don't publicly comment on speculation," walmart.com spokeswoman Amy Colella said. "We know digital music is important to our customers, and we're very pleased with the recent performance and customer response to our digital music offering." Though Wal-Mart maintains a modest 2 percent market share in the digital download arena, its market share for physical CDs is considerably larger: about 22 percent, Billboard estimates. Finally, given the steep decline in U.S. CD sales -- so far, down 18.6 percent year to date compared with 2006 -- music executives have expressed their worries about what the new year will bring for the physical format. Switching to a digital format that is compatible with all portable devices, including the all-important iPod, could help merchants like Wal-Mart and Amazon capture some of iTunes' 70 percent market share, and perhaps boost the size of the digital marketplace. Reuters/Billboard From rforno at infowarrior.org Tue Dec 4 19:53:50 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 04 Dec 2007 14:53:50 -0500 Subject: [Infowarrior] - =?iso-8859-1?q?MPAA_=B9_s_University_Toolkit_hit_?= =?iso-8859-1?q?with_DMCA_takedown_notice?= Message-ID: MPAA?s University Toolkit hit with DMCA takedown notice after GPL violation By Ryan Paul | Published: December 04, 2007 - 08:35AM CT http://arstechnica.com/news.ars/post/20071204-mpaas-university-toolkit-hit-w ith-dmca-takedown-notice-after-gpl-violation.html The Motion Picture Association of America (MPAA) recently released a software toolkit designed to help universities detect instances of potentially illegal file-sharing on school networks. The toolkit is based on the increasingly popular Ubuntu Linux distribution and includes the Apache web server as well as custom traffic monitoring software created by the MPAA. Although the toolkit was previously available from a web site set up by the MPAA, the software was removed last night after the organization received a request from Ubuntu technical board member Matthew Garret to take it down due to GPL violations. Many of the components in the Ubuntu Linux distribution, including the Linux kernel, are distributed under the General Public License (GPL). The GPL is an open-source software license that broadly permits modification and redistribution of software but requires distributors to make the source code available to third parties and publish their changes. Licenses like the GPL, which require distributors to make source code available, are referred to as copyleft licenses. Distributing software licensed under the GPL in binary format without making source code available to end users is a violation of the GPL and constitutes copyright infringement. According to Garret, several attempts were made to contact the MPAA before a takedown notice was sent directly to the ISP. "MPAA don't f*** with my s***," wrote Garret in a blog entry. "I did attempt to contact them by e-mail and phone before resorting to the more obnoxious behavior of contacting the ISP." Seth Oster, executive VP and chief communications officer of the MPAA, told Ars that the notice came over the Thanksgiving holiday when their offices were closed. "As soon as we came back and discovered that there had been someone who had raised some concerns, we removed the software," Oster said. "Anytime anyone raises any reasonable concern we look at it because we take copyright very seriously at the MPAA." He also denied Garret's assertions that the ISP was involved in the takedown, saying that the MPAA chose to take the toolkit offline. Although the MPAA's failure to comply with copyright law in this case is a delicious irony, it won't permanently prevent distribution of the antipiracy software toolkit. Oster told Ars that the MPAA would make sure that it fully complied with the GPL, and that the software would be available once again in "short order." The most straightforward way to resolve the problem would be to post a notice next to the download link that provides contact information and affirms willingness to provide the source code upon request. As we noted in our recent coverage of the now-resolved Asus Eee GPL infringement controversy, GPL violations are generally the result of negligence or misunderstandings rather than willful intent to misappropriate intellectual property. When companies distribute products in violation of the GPL, they often remedy the problem as soon as they are informed of the legal implications, which is why GPL infringement lawsuits are very rare. The MPAA, which has consistently lobbied Congress for stricter penalties on copyright infringement, will likely take some much-deserved heat for this embarrassing gaffe. From rforno at infowarrior.org Wed Dec 5 03:11:40 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 04 Dec 2007 22:11:40 -0500 Subject: [Infowarrior] - Advertising inside of PDFs In-Reply-To: <2487EB473DE8A4479AACABE2DA0DE1BBB7BEF9@smmail10.rand.org> Message-ID: C/O Anonymous Adobe chooses Yahoo to serve ads on PDFs http://ct.enews.pdfzone.com/rd/cts?d=201-168-4-26-7961-21608-0-0-0-1 From rforno at infowarrior.org Wed Dec 5 12:38:51 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Dec 2007 07:38:51 -0500 Subject: [Infowarrior] - OT: Teddy Bear Totalitarianism Message-ID: A rather good piece (from a source I rarely read, btw) on the Teddy Bear Teacher story and the problems with "political Islam." Teddy Bear Totalitarianism Back to 7th century Arabia. http://www.weeklystandard.com/Content/Public/Articles/000/000/014/442sdgnu.a sp From rforno at infowarrior.org Wed Dec 5 15:40:02 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Dec 2007 10:40:02 -0500 Subject: [Infowarrior] - AV vendors to agree on standard testing guidelines Message-ID: Rating antivirus software: vendors to agree on standard testing guidelines By Joel Hruska | Published: December 05, 2007 - 01:00AM CT http://arstechnica.com/news.ars/post/20071205-antivirus-vendors-to-agree-on- testing-guidelines.html Understanding which AV package provides the best level of total protection isn't easy. Products from Symantec (Norton Antivirus) and McAfee are virtually ubiquitous, but there are a dozen or more smaller players in the market, all of which advertise themselves as being the best solution for total antivirus protection. Since each company creates its own benchmarks and comparisons, though, it's virtually impossible for an end user to compare one product against another. AV manufacturers are aware of this problem, and are working collectively towards a solution. As PC World reports, many of the larger players in the AV market met in Seoul last week to form the Anti-Malware Testing Working Group. The new group will be tasked with creating a set of software benchmarks that can conduct behavioral tests on multiple suites of security software. Currently, most comparative AV tests are signature-based. This type of test is analogous to what occurs when an antivirus product runs a hard drive scan?virus files with various signatures are scattered throughout the data set that's being checked and each product is rated on how many of those various files it managed to detect. Behavioral scans, on the other hand, are meant to replicate how a PC typically encounters malware, and they model a wide variety of scenarios from email virus detection to page redirects. Companies that have signed on to work with the new group include Symantec, F-Secure, and Sunbelt Software (no McAfee yet). The AMTWG isn't just a vendors-only club; AV software evaluators are also participating, including AV-Test.org and Virus Bulletin. Although they aren't listed in the PC World article, I contacted AV-Comparatives.org. The company publishes a quarterly "report card" on AV products, and is considered to be an excellent evaluator of security products. AV-Comparatives tells Ars that it has also been involved in some of these vendor meetings, and reports that the various companies involved seem genuinely interested in creating an effective standard for measuring product performance. Vendors also aren't putting any pressure on product testers to specifically adopt or abandon particular methods of testing, and have thus far emphasized that the goal of the task force is to create a good evaluation tool. No single benchmark is ever perfect?even those constructed for comprehensive testing and created with the best of intentions are only capable of modeling a certain number of scenarios?but the AV industry appears to be taking the first step towards providing customers with an actual metric they can use for comparative purposes. From rforno at infowarrior.org Wed Dec 5 15:45:58 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Dec 2007 10:45:58 -0500 Subject: [Infowarrior] - Great DMCA presentation for non-geeks Message-ID: (c/o Anonymous) Wellington Grey has a great little slideshow about the idiocy of the DMCA's "anti-circumvention" measures, which prohibit breaking the digital locks off the stuff you own. In it, Grey recounts how offended he was when he bought a TomTom GPS that came with a CD in a sealed envelope, the seal on which read, "By breaking this seal, you agree to our contract," but the contract itself was on the CD, behind the seal. In other words, the CD said, "By breaking this seal, you agree to a bunch of secret stuff." http://tinyurl.com/3co5jm From rforno at infowarrior.org Thu Dec 6 03:36:25 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Dec 2007 22:36:25 -0500 Subject: [Infowarrior] - Iris scans let law enforcement keep eye on criminals Message-ID: Iris scans let law enforcement keep eye on criminals Will be 'as common as fingerprinting' By Wendy Koch USA TODAY http://www.usatoday.com/printedition/news/20071205/1a_bottomstrip05.art.htm A growing number of sheriff's departments are using iris scans to identify sex offenders, runaways, abducted children and wandering Alzheimer's patients. More than 2,100 departments in 27 states are taking digital pictures of eyes and storing the information in databases that can be searched later to identify a missing person or someone who uses a fake name, says Sean Mullin, president of BI{+2} Technologies, which sells the devices. "It's evolving quickly," he says. Most of the sheriffs are doing voluntary iris scans of senior citizens and children. At least 10 metro areas are doing scans of criminals to identify them should another crime occur or to be sure the right inmate is released. "This is the wave of the future. This will become as common as fingerprinting," says Sheriff Greg Solano of Santa Fe County, N.M. Last month, his department began scanning the irises of convicted sex offenders. He says the level of detail and central database can make matches within seconds, compared with weeks for fingerprints and months for DNA. Iris recognition technology has been used by airports to expedite security checks of low-risk travelers and by the government to track possible terrorists. When a patent expired last year, other companies rushed in to expand its uses. "We're seeing tremendous growth," says Barry Morse, CEO of Retica Systems, because of concerns about terrorism, immigration and identity theft. Mullin says the laptop, camera and software cost $10,000. The cameras use harmless infrared light to record the iris' minute ridges and valleys. They can detect 235 unique details and differentiate between right and left eyes and those of identical twins, Mullin says. A fingerprint has about 70 details. Irises aren't affected by age, Lasik eye surgery or disease. The widening use of iris recognition concerns privacy advocates. Some advocates for children say it could give parents a false sense of security. "It's part of the growing surveillance society. We're going to be identified and tracked everywhere we go," says Barry Steinhardt, technology program director at the American Civil Liberties Union. Morse says his company will deliver test devices to the Defense Department next year that will allow it to scan a crowd and store iris data for many people at once. Mullin says the technology has not identified a missing person because the database is small, but it is gaining more than 2,000 scans every week. From rforno at infowarrior.org Thu Dec 6 16:26:52 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 06 Dec 2007 11:26:52 -0500 Subject: [Infowarrior] - Feel-good (crazy?) propsed bill on child porn Message-ID: This is ludicrous.....since the mere posession (let alone transmittlal) of child pornography already is a felony, is this law asking wireless providers, ISPs, and individuals to break one law in order to "enforce" another? I havent read the legislation text year, but I wonder how this will be handled - is there any 'safe harbor' provision for those who comply? Right now this sounds like another knee-jerk "save the children!" proposal that has no substantive analysis or critical thinking behind it. -rf House vote on illegal images sweeps in Wi-Fi, Web sites Posted by Declan McCullagh http://www.news.com/8301-13578_3-9829759-38.html?part=rss&subj=news&tag=2547 -1_3-0-20 The U.S. House of Representatives on Wednesday overwhelmingly approved a bill saying that anyone offering an open Wi-Fi connection to the public must report illegal images including "obscene" cartoons and drawings--or face fines of up to $300,000. That broad definition would cover individuals, coffee shops, libraries, hotels, and even some government agencies that provide Wi-Fi. It also sweeps in social-networking sites, domain name registrars, Internet service providers, and e-mail service providers such as Hotmail and Gmail, and it may require that the complete contents of the user's account be retained for subsequent police inspection. < - > This is what the SAFE Act requires: Anyone providing an "electronic communication service" or "remote computing service" to the public who learns about the transmission or storage of information about certain illegal activities or an illegal image must (a) register their name, mailing address, phone number, and fax number with the National Center for Missing and Exploited Children's "CyberTipline" and (b) "make a report" to the CyberTipline that (c) must include any information about the person or Internet address behind the suspect activity and (d) the illegal images themselves. (By the way, "electronic communications service" and "remote computing service" providers already have some reporting requirements under existing law too.) The definition of which images qualify as illegal is expansive. It includes obvious child pornography, meaning photographs and videos of children being molested. But it also includes photographs of fully clothed minors in overly "lascivious" poses, and certain obscene visual depictions including a "drawing, cartoon, sculpture, or painting." (Yes, that covers the subset of anime called hentai). Someone providing a Wi-Fi connection probably won't have to worry about the SAFE Act's additional requirement of retaining all the suspect's personal files if the illegal images are "commingled or interspersed" with other data. But that retention requirement does concern Internet service providers, which would be in a position to comply. So would e-mail service providers, including both Web-based ones and companies that offer POP or IMAP services. < - > There are two more points worth noting. First, the vote on the SAFE Act seems unusually rushed. It's not entirely clear that the House Democratic leadership really meant this legislation to slap new restrictions on hundreds of thousands of Americans and small businesses who offer public wireless connections. But they'll nevertheless have to abide by the new rules if senators go along with this idea (and it's been a popular one in the Senate). The second point is that Internet providers already are required by another federal law to report child pornography sightings to the National Center for Missing and Exploited Children, which is in turn charged with forwarding that report to the appropriate police agency. So there's hardly an emergency, which makes the Democrats' rush for a vote more inexplicable than usual. From rforno at infowarrior.org Fri Dec 7 13:55:40 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 07 Dec 2007 08:55:40 -0500 Subject: [Infowarrior] - ORNL (hack) attack In-Reply-To: Message-ID: http://www.salon.com/wires/ap/scitech/2007/12/06/D8TC7K582_cyber_attack/inde x.html Hackers Get Data of Federal Lab Visitors By DUNCAN MANSFIELD Associated Press Writer Dec 6th, 2007 | KNOXVILLE, Tenn. -- The Oak Ridge National Laboratory revealed on Thursday that a "sophisticated cyber attack" over the last few weeks may have allowed personal information about thousands of lab visitors to be stolen. The assault appeared "to be part of a coordinated attempt to gain access to computer networks at numerous laboratories and other institutions across the country," lab director Thom Mason said in a memo to the 4,200 employees at the Department of Energy facility. Oak Ridge officials would not identify the other institutions affected by the breach. But they said hackers may have infiltrated a database of names, Social Security numbers and birth dates of every lab visitor between 1990 and 2004. "There was no classified data of any kind compromised," lab spokesman Bill Stair said Thursday. "There are people who think that because they accessed this database that they had access to the lab's supercomputer. That is not the case. There was no access at all." The lab currently has the second-fastest supercomputer in the world, an open-research, 101.7-teraflop Cray XT3/XT4 known as "Jaguar," and has plans to build another. About 3,000 researchers annually visit the facility, a major DOE energy research and high-performance computing center, about 25 miles west of Knoxville. Officials have sent letters to about 12,000 potential victims. Mason said so far there was "no evidence that the stolen information has been used." The assault was in the form of phony e-mails containing attachments, which when opened allowed hackers to penetrate the lab's computer security. The practice is called "phishing." The first fake e-mail arrived Oct. 29. At least six more waves followed. "At first glance, they appeared legitimate," Mason wrote. One notified employees of a scientific conference. Another pretended to notify the employee of a complaint on behalf of the Federal Trade Commission. Each one instructed recipients to open an attachment for further information. And when they did, it "enabled the hackers to infiltrate the system and remove data," Mason wrote. The lab's cyber police determined about 1,100 phony e-mail messages entered the lab's network. In 11 cases, an employee took the bait and opened the attachments. "Our cyber security staff has been working nights and weekends to understand the nature of this attack," Mason wrote. "Reconstructing this event is a very tedious and time-consuming effort that likely will take weeks, if not longer, to complete." Meanwhile, the lab will post updates on its Web site at http://www.ornl.gov/identitytheft. "Every year we build bigger and more sophisticated fences around our databases and every year our enemies find new and more sophisticated ways to tunnel under the fence," Stair said. "This is an ongoing challenge that is going to be there as far as we can see in the future." From rforno at infowarrior.org Fri Dec 7 14:11:57 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 07 Dec 2007 09:11:57 -0500 Subject: [Infowarrior] - FW: Western Digital cripples (well, tries to cripple) network drives In-Reply-To: <20071207033031.GA22178@gsp.org> Message-ID: ------ Forwarded Message From: RK Spotted on the excellent Boing Boing site, where Cory Doctorow writes: Gary sez, "This is the most extreme example I've seen yet of tech companies crippling data devices in order to please Hollywood: Western Digital is disabling sharing of any avi, divx, mp3, mpeg, and many other files on its network connected devices; due to unverifiable media license authentication'. Just wondering -- who needs a 1 Terabyte network-connected hard drive that is prohibited from serving most media files? Perhaps somebody with 220 million pages of .txt files they need to share?" And sure enough, it's right on WD's own web site: http://tinyurl.com/3dwead From rforno at infowarrior.org Fri Dec 7 17:35:02 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 07 Dec 2007 12:35:02 -0500 Subject: [Infowarrior] - =?iso-8859-1?q?Don_=B9_t_Blame_The_Kindle_For_Pir?= =?iso-8859-1?q?acy?= Message-ID: Don?t Blame The Kindle For Piracy December 4th, 2007 ? 5 Comments by Kassia Krozser http://www.booksquare.com/dont-blame-the-kindle-for-piracy/ I am cranky. You?ve been warned. So I?m minding my own business, or, rather, minding other people?s business as I cruise the Internet when what has to be one of the dumber notions to cross my screen appears. Given the stuff I read online every day, this is really saying something. Devices don?t make pirates. Unreasonable barriers make pirates. In what has to be a desperate attempt to find a new angle on the now-waning Kindle story, a few writers have speculated that the Kindle can spark book piracy. Yeah. That?s what the world needs to worry about. The Kindle and piracy. Uh huh. Don?t get me wrong. I have a lot of faith in the ingenuity of my species. There has always been and will always be a percentage of humanity that believes it?s better to live outside the law. Even though Amazon made it near-impossible for people to share books with members of their own family, I believe that there are busy little beavers out there trying hack the Kindle?s DRM. And, frankly, the way the DRM on this device has been implemented, there?s a certain level of begging people to thwart the system. The music industry ? and to a large degree, the motion picture business ? really screwed up when it became obvious that consumers wanted to access music online. Rather that making it easy and affordable for customers to get the music they wanted in the format they wanted, the music industry spent a good decade, untold millions, and countless hours of meetings trying to create a standard or process or method that worked for the industry. Had the music biz thought, ?Wow, we should listen to the people who want our music?, I would wager that piracy would be a much smaller problem. By continually and repeatedly erecting concrete blast walls and ? you gotta love this approach ? treating all customers like criminals, the music industry turned piracy into a self-fulfilling prophecy. If iTunes has taught us anything, it is that flexible, easy-to-use, affordable music will get people to open their wallets. You know, this is so obvious that I feel kind of dumb saying it. Again. Devices don?t make pirates. Unreasonable barriers make pirates. Most people are happy to pay for convenience ? and let?s all be perfectly frank here: pirating books is not necessarily the most fun thing you can do on the high seas (it?s also not that hard if you?re seeking current releases). If it were easy for me to get all the ebook formats I can purchase on the Kindle, man, I?d be ordering two (one for me, one for the husband, we don?t share well). If book piracy increases, do not blame the Kindle. It?s shooting the messenger. Blame Amazon and the publishing industry. I can?t download a book from the eHarlequin store and store it on my laptop and a Kindle. I have to buy the Kindle version. This means I have to commit to my reading device when I make a purchase. That?s just wrong. I can?t buy a PDF ebook from another retailer and easily read it on the Kindle. Amazon, maybe not fully grasping the beauty of the iPod, has chosen to try to lock device to retailer. Bad move. Very bad move. I am a grown human with a decent job. I pay my taxes on time (or rather, someone in my household ensures I am not committing a crime). I read like I breathe. I take far too many books on vacation. I am never more than five feet away from reading material. All I ask is that the people whose job it is to get books to me (you know who you are) make it as easy as possible for me to read those books. I am tired ? tired!! ? of reliving the Beta versus VHS scenario. I don?t want to buy any media in any format while living in fear that my hardware (or software) will be obsolete in a year. I am not a pirate. Never have been, look lousy in an eyepatch (also horizontal stripes? Let?s get real.). Is it so hard to understand that treating the customer like someone who is giving you money for goods and services is a good thing? The Kindle will not spark book piracy. Pirates aren?t nuts about putting several hundred dollars into a device unless the return on investment is worthwhile. As long as the publishing industry, and this includes Amazon because I am convinced they worked more with the industry than the consumer on the Kindle, treats its customers like pirates, these same customers will decide that that publishers don?t value them. That?s what sparks book piracy, gang. Piracy lives in the DNA in some people. But most of us just want to get our entertainment media in a convenient, affordable manner. Rather than building better pirates, maybe more time should be spent on creating happy customers. From rforno at infowarrior.org Sat Dec 8 14:51:58 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 08 Dec 2007 09:51:58 -0500 Subject: [Infowarrior] - Secunia faces legal threat over flaw advisory Message-ID: Secunia faces legal threat over flaw advisory Published: 2007-12-07 http://www.securityfocus.com/brief/640?ref=rss An advisory describing serious flaws in a software module for viewing and printing document files has become the focus of a dispute over the disclosure of software vulnerabilities, according to correspondence published by security firm Secunia on Thursday. Autonomy -- the maker of the KeyView software development kit (SDK) which adds document-printing and viewing functionality to applications -- demanded that Secunia remove details of the flaws affecting the SDK from its public database, according to the series of letters and e-mails between the two companies and posted to Secunia's blog. Secunia published the advisory on November 29, after identifying that several previous vulnerabilities occurred in the SDK and not in third-party products that used the development kit. Several companies -- including IBM and Symantec, the owner of SecurityFocus -- use the software development kit and have already patched flaws related to KeyView in their products. Autonomy argued that, because those flaws had already been disclosed and fixed, it should not be necessary for Secunia to publish an additional advisory. "In this particular situation, the security issue was already identified some time ago by Autonomy and another security research firm and a fix was quickly produced and made available to customers," the company said in a statement sent to SecurityFocus. "When we believe users are going to be misled, we make every effort to ask that an organization publish full and accurate information. ... As other industry leaders do, we appreciate the efforts of security research firms and the service they perform for our customers, who are our number one priority." Companies occasionally use legal threats against researchers and disclosure sites for outing flaws in their products. In 2005, Sybase legally hobbled Next-Generation Security Software, a research and services firm, to prevent it from releasing details of a flaw that had already been fixed. The company later allowed the release. In 2006, in an incident made murky by nondisclosure agreements and media hype, security researcher David Maynor and consumer technology maker Apple argued over the details of two wireless flaws that affected the Mac OS X as well as Windows computers. While the disclosure debate is a perennial topic at security conferences, most companies have accepted the reports of flaws in their software products could become public. "There are definitely a lot of companies out there that think vulnerabilities shouldn't be disclosed," Thomas Kristensen, chief technology officer for Secunia, told SecurityFocus on Friday. "There are a lot of companies that don't publish any information about vulnerabilities." SecurityFocus is owned by Symantec and also published advisories (IBM, Symantec) on the KeyView flaws. If you have tips or insights on this topic, please contact SecurityFocus From rforno at infowarrior.org Sat Dec 8 15:00:31 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 08 Dec 2007 10:00:31 -0500 Subject: [Infowarrior] - DHS to Outsource Open Source Intel Message-ID: DHS to Outsource Open Source Intel http://blog.wired.com/defense/2007/12/dhs-to-outsourc.html Solicitation: D -- Online Terrorism Monitoring Service http://tinyurl.com/yu6hkb From rforno at infowarrior.org Sat Dec 8 15:14:45 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 08 Dec 2007 10:14:45 -0500 Subject: [Infowarrior] - AT&T flings cellphone network wide open Message-ID: AT&T flings cellphone network wide open By Leslie Cauley, USA TODAY http://www.usatoday.com/money/industries/telecom/2007-12-05-att_N.htm NEW YORK ? Starting immediately, AT&T (T) customers can ditch their AT&T phones and use any wireless phone, device and software application from any maker ? think smartphones, e-mail and music downloading. And they don't have to sign a contract. "You can use any handset on our network you want," says Ralph de la Vega, CEO of AT&T's wireless business. "We don't prohibit it, or even police it." AT&T's push to give consumers maximum control of their wireless worlds is being driven, in part, by Google. The tech giant is a monster in the Internet search business for personal computers, and is hoping to replicate that success in the wireless market. Google (GOOG) recently announced plans to link arms with more than two dozen wireless companies, including Sprint (S), with the goal of developing an operating system that lets consumers use any application on mobile devices, much as they now do on PCs. Other partners include Japanese cellphone giant DoCoMo and handset maker Samsung. Everything that Google has promised to bring to the wireless market a year from now AT&T is doing today, de la Vega says. "We are the most open wireless company in the industry." AT&T for years kept quiet the fact that wireless customers had the option of using devices and applications other than those offered by AT&T. But now salespeople in AT&T phone stores will make sure that consumers "know all their options" before making a final purchase. The AT&T wireless chief won't say whether AT&T plans to launch a marketing campaign to push "open" platforms, but allows that might be a possibility. Despite its bear hug of "open" standards, one AT&T device, for now, will remain tightly closed: the Apple iPhone. AT&T has a deal with Apple to be the exclusive U.S. distributor for the next five years. To get the device, consumers must sign a two-year contract. AT&T has no plans to change that arrangement, de la Vega says. "The iPhone is a very special, innovative case." Google's siren call for openness has stuck a finger in the eye of the U.S. cellphone industry, which for years has kept consumers on a short leash. Until recently, contracts were standard, and applications were largely limited to those endorsed (sold) by carriers. That's changing. Verizon (VZ), regarded as one of the most restrictive carriers in terms of devices and applications, recently announced plans to let customers use any device and application they want. The mobile Web is still considered an open ? and largely untapped ? frontier. That's one reason companies such as Google, which has little traction there, are so nervous about getting left behind. From rforno at infowarrior.org Sat Dec 8 15:38:34 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 08 Dec 2007 10:38:34 -0500 Subject: [Infowarrior] - USAF IW Humor Message-ID: Okay, this is a change of pace and has nothing of substantive 'news' quality to it per se, but many of you likely will find amusing anyway. http://www.humorcontrol.org/usaf/ Enjoy! -rick From rforno at infowarrior.org Sat Dec 8 19:15:35 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 08 Dec 2007 14:15:35 -0500 Subject: [Infowarrior] - NMCI Contract $9.3B : "using the oldest software possible" In-Reply-To: Message-ID: Waiting for NMCI http://www.marinecorpstimes.com/news/2007/12/marine_NMCI_071208w/ Even ?satisfied? customers find computer network frustrating By Michael Hoffman - _mhoffman at militarytimes. Posted : Saturday Dec 8, 2007 7:33:24 EST The Navy-Marine Corps Intranet, better known as NMCI, has spawned numerous nicknames over its seven-year existence, most of them far less complimentary than ?No More Contracted Infosystems,? one of the few clean enough for print. It?s also become a verb ? ?I?ve been NMCIed!? ? generally screamed by a Marine or sailor in frustration after a spectacular computer crash. So when the officials who manage NMCI announced a user satisfaction rating of 83.8 percent in November, based on a quarterly survey issued by the private company contracted to run it, the results raised a few eyebrows across the services. Ask the average Marine, sailor or civilian who uses NMCI for an opinion of the system and prepare to get an earful. While some report few problems, the majority have vivid recollections of waiting, waiting, waiting. Waiting for an actual fix after a call to the help desk. Waiting up to 20 minutes for the computer to log on. Waiting, sometimes months, to receive administrative privileges to add vital software. Waiting for permission to add local or network printers. Waiting weeks to transfer accounts from one base to another. Waiting for a modern computer system that operates up to present-day industry standards. Officials with Electronic Data Systems, the corporation that won the 10-year, $9.3 billion NMCI contract that started in 2000, and Col. Lyle Cross, the program manager for NMCI, said the system has improved over the past seven years, which is shown by the results of the survey. ?We?re not saying everything is perfect,? said Nate Paier, EDS director for NMCI client satisfaction and quality. ?But our track record is always satisfying users more and more.? Cross said the increase in customer satisfaction is due to quicker response to problems with NMCI, a result of the help of a large number of probes distributed throughout the network this year. The probes alert NMCI staff members to systemic issues with the network. However, both EDS and NMCI officials said they still depend on customer surveys the most to target problems. EDS issues the questionnaire four times a year to 189,000 Marines, sailors and civilians, randomly selected from the pool of 660,000 using it. Only 15,000 users completed the most recent survey, about 8 percent, but 7,000 of those took the additional time to write in personal comments. Program officials were unable to provide data on how many users provided responses to the previous surveys. ?Satisfied? customer defined Those who fill out the survey ? which EDS and Cross refused to provide to Marine Corps Times because they said it could skew future results ? rate each category on a 1-to-10 scale. After all the ratings are averaged, a score of 5.5 or higher is considered a satisfied customer. The 83.8 percent satisfaction rating is an improvement on the 74 percent rating NMCI received last year but still falls below the program?s stated target of 85 percent, which NMCI has never reached since its inception. The Government Accountability Office issued a report criticizing NMCI last year, citing the poor customer survey results and questioning exactly how satisfied a customer truly is if providing a rating of seven or less. ?Given that the Navy?s definition of the term ?satisfied? includes many marginally satisfied and arguably somewhat dissatisfied users,? the users with an average satisfaction rating between 5.5 and seven would be more accurately defined as only ?marginally satisfied,? according to GAO?s report titled ? DoD Needs to Ensure That Navy Marine Corps Intranet Program Is Meeting Goals and Satisfying Customers.? The most recent survey showed 66 percent gave the program a rating of seven or above, according to an NMCI release. Cpl. Joseph Staunches, who works at the traffic management office at Marine Corps Logistics Base Albany, Ga., said the TMO shop at his last station at Camp Butler, Okinawa, has waited more than four months to get approval to update software used to track cargo. ?They are using the oldest software possible out there,? he said. Francis Villamie, a retired gunnery sergeant who runs the education office at Marine Corps Logistics Base Barstow, Calif., used the same computer without an upgrade for seven years. Not until two months ago did he receive his first computer upgrade, which finally helped alleviate the excruciating delays between operations. ?It would take me 20 minutes to boot up the system,? he said. ?I would come in, in the morning, and turn on the computer and then have time to go have a cigarette and a cup of coffee before it would come up.? Paier said EDS has continued to enhance and optimize the back end of the network?s infrastructure in the past year, adding more servers and improving firewalls, which might not be immediately noticed by Marines and sailors. EDS also upgraded more than 100,000 personal computers this year, which he said makes a tangible difference that users such as Villamie can see. ?We found that the performance bottleneck was happening at the PC or the desktop,? Paier said. Slowed by security concerns Some NMCI users are seeing improvements, such as Information Systems Technician 1st Class Kenyell Brown, who works for the Navy Cyber Defense Operations Command and rates herself as one of the satisfied. Many Marines and sailors forget how important and necessary the security features that sometimes slow the system are, she said. ?Working here really opened my eyes to security for networks,? Brown said. Retired Cmdr. Randall Grau, who works at Space and Naval Warfare Systems Command as a civilian, has heard the saying ?I?ve been NMCIed,? but he said too many Marines and sailors expect their government computers to operate like their home computers. ?Too many people forget and don?t take into account the security considerations and threats involved,? he said. Others said the security considerations could be satisfied without all the headaches that have been encountered since EDS took over the computer network from military personnel. Requesting administrative privileges each time they need to add key pieces of software or printers to their computers is a common chore for Marines and sailors on NMCI. EDS is trying to cut down on wait times, said Kevin Durking, EDS vice president for NMCI client advocacy and customer satisfaction. While Marines and sailors wait for the necessary administrative privileges or the necessary contracted technician to respond to a computer problem, that?s time not being spent accomplishing the mission, said Sgt. Adam Dickerson, an administrative Marine with Headquarters Support Battalion at Camp Lejeune, N .C. ?They?ll never live up to the standards of the Marine Corps,? he said. ?It will never be as easy as just having Marines down the hall to fix it.? From rforno at infowarrior.org Sun Dec 9 23:51:15 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 09 Dec 2007 18:51:15 -0500 Subject: [Infowarrior] - Did Iceland Teen Call Secret White House Phone? Message-ID: Did Iceland Teen Call Secret White House Phone? Icelandic Boy, 16, 'Wanted to ... Have a Chat, Invite Him to Iceland and See What He'd Say' By FABIOLA ANTEZANA http://abcnews.go.com/print?id=3973925 LONDON, Dec. 8, 2007 ? When V?fill Atlason, a 16-year-old high school student from Iceland, decided to call the White House, he could not imagine the kind of publicity it would bring. Introducing himself as ?lafur Ragnar Gr?msson, the actual president of Iceland, Atlason found President George W. Bush's allegedly secret telephone number and phoned, requesting a private meeting with him. "I just wanted to talk to him, have a chat, invite him to Iceland and see what he'd say," V?fill told ABC News. A White House official, who asked not to be identified, denied the young man had accessed a private number but instead dialled 202-456-1414, the main switchboard for the West Wing. V?fill's mother, Harpa Hreinsdottir, a teacher at the local high school, said her son did, in fact, get through to a private phone. "This was not a switchboard number of any kind," she told ABC News, "it was a secret number at the highest security level." V?fill claims he was passed on to several people, each of them quizzing him on President Gr?msson's date of birth, where he grew up, who his parents were and the date he entered office. "It was like passing through checkpoints," he said. "But I had Wikipedia and a few other sites open, so it was not so difficult really." When he finally got through to President Bush's secretary, V?fill alleges he was told to expect a call back from Bush. "She told me the president was not available at the time, but that she would mark it in his schedule to call me back on Monday evening," he said. Instead, the police showed up at his home in Akranes, a fishing town about 48 kilometers from Reykjavik, and took him to the local police station, where they questioned the 16-year-old for several hours. "The police chief said they were under orders from U.S. officials to "find the leak" -- that I had to tell them where I had found the number," he said. "Otherwise, I would be banned from ever entering the United States." V?fill claims he cannot remember where he got the number. "I just know I have had it for a few years," he told ABC. "I must have gotten it from a friend when I was about 11 or 12." Atlason's mother Harpa, who was not home at the time, said she was shocked to find her son had been taken away by the police but could not quite bring herself to be angry with her son. "He's very resourceful you know," she said. "He has become a bit of a hero in Iceland. Bush is very unpopular here." V?fill was eventually released into his parent's custody, and no charges have been brought against the high school student. When ABC verified the number, it was the Secret Service Uniform Division, which handles security for the president. "If the number were not top secret, why would the police have told me that I will be put on a no-fly list to America?" V?fill asked. "I don't see how calling the White House is a crime," he added. "But obviously, they took it very seriously." Calls to the Secret Service press office were not returned. Copyright ? 2007 ABC News Internet Ventures From rforno at infowarrior.org Mon Dec 10 00:02:42 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 09 Dec 2007 19:02:42 -0500 Subject: [Infowarrior] - Major ISP to Intercept and Modify Web Pages Message-ID: December 08, 2007 Google Hijacked -- Major ISP to Intercept and Modify Web Pages Greetings. Please observe closely the image to your left, showing the home page for Google Canada (click the image for a full-sized, full-resolution version). Does anything seem a bit odd about the normally clean and pristine Google front door? What the blazes is all that ISP-related verbiage taking up the top third of the page? Why would Google ever give an ISP permission to muddy up Google's public face that way? Well, as you've probably already guessed, Google didn't give this ISP any such permission. The ISP simply decided to modify Google on their own, demonstrating a real world example of ISPs Spying On and Modifying Web Traffic that I was discussing yesterday. Just brought to my attention today by a concerned reader who chose Google for his example, what you're looking at is reportedly an ongoing test by Rogers in Canada, scheduled for deployment to Rogers Internet customers next quarter. In case you're curious, "ISNS" on the test Google interception page apparently stands for Internet Subscriber Notification System. For the morbidly curious, here's the javascript and associated code that enables this procedure, which can presumably be applied to any http: (unencrypted) traffic. < - BIG SNIP - > http://lauren.vortex.com/archive/000337.html From rforno at infowarrior.org Mon Dec 10 18:37:56 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Dec 2007 13:37:56 -0500 Subject: [Infowarrior] - More Congressional Copyright Shenanigans Message-ID: Rather than attack 'infringing' computers, as Berman proposed a few years ago, they'll just seize 'em outright. Niiiiiice. Idiots, all. ---rf Congress' copyright reform: seize computers, boost penalties, spend money By Nate Anderson | Published: December 06, 2007 - 01:16PM CT http://arstechnica.com/news.ars/post/20071206-congress-copyright-reform-seiz e-computers-boost-penalties-spend-money.html A bipartisan group of Congressmen (and one woman) yesterday introduced a major bill aimed at boosting US intellectual property laws and the penalties that go along with them. While much of the legislation targets industrial counterfeiting and knockoff drugs, it also allows the government to seize people's computers. The Prioritizing Resources and Organization for Intellectual Property (PRO IP... groan) Act of 2007 has the backing of many of the most powerful politicians on the House Judiciary Committee, including John Conyers (D-MI), Lamar Smith (R-TX), and "Hollywood" Howard Berman (D-CA). In addition to strengthening both civil and criminal penalties for copyright and trademark infringement, the big development here is the proposed creation of the Office of the United States Intellectual Property Enforcement Representative (USIPER). This is a new executive branch office tasked with coordinating IP enforcement at the national and international level. To do this work internationally, the bill also authorizes US intellectual property officers to be sent to other countries in order to assist with crackdowns there. In addition, the Department of Justice gets additional funding and a new unit to help prosecute IP crimes. The bill, which will have a committee hearing soon, is supposed to kick-start the copyright reform process talked about for so long. But copyright reform means one thing to the PRO IP sponsors and another to the consumer groups that have been advocating for it. Gigi Sohn, president of Public Knowledge, said in a statement, "seizing expensive manufacturing equipment used for large-scale infringement from a commercial pirate may be appropriate. Seizing a family's general-purpose computer in a download case, as this bill would allow, is not appropriate." In addition, she protests the increase in "already extraordinary copyright damages" and calls for damages to be linked more closely to actual harm suffered by copyright holders. The Digital Freedom Campaign, backed by the EFF, Public Knowledge, and the Consumer Electronics Association, was more muted in its criticism, instead choosing to praise the legislation for launching a "conversation" about copyright reform. The Digital Freedom Campaign's Maura Corbett said that meaningful copyright reform "must include limits on statutory damages and the codification of the vital principles of fair use," and she hopes that PRO IP "will serve as a catalyst to larger, more meaningful reform." Fortunately, at least some members of the Judiciary Committee are at least aware that the consumer groups have legitimate points to make. Berman, who chairs the Subcommittee on Courts, the Internet and Intellectual Property, announced that his subcommittee would hold a hearing next week on the issue. "As a cosponsor, I obviously feel very strongly that we must strengthen enforcement efforts to fight piracy and counterfeiting," Berman said. "At the hearing, we will be hearing testimony from both industry experts and from labor and consumer advocates to make sure that in doing so, we don't deny appropriate access to America's intellectual property." Who is thrilled with the bill? The MPAA, for one. MPAA head Dan Glickman, in a statement praising the new bill, said that "films left costs foreign and domestic distributors, retailers and others $18 billion a year," a significant increase from the $6 billion it allegedly costs the studios. From rforno at infowarrior.org Tue Dec 11 18:27:26 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Dec 2007 13:27:26 -0500 Subject: [Infowarrior] - Appeals Court: Patriot Act Too Vague In-Reply-To: <23899E23-2C3F-4E3B-B5BE-6F32620DA96C@pacbell.net> Message-ID: http://www.newsmax.com/newsfront/Patriot_Act_ruling/2007/12/11/56077.html Appeals Court: Patriot Act Too Vague Tuesday, December 11, 2007 9:52 AM LOS ANGELES -- A federal appeals court ruled that some portions of the U.S. Patriot Act dealing with foreign terrorist organizations are unconstitutional because the language is too vague to be understood by a person of average intelligence. The ruling released Monday by the 9th U.S. Circuit Court of Appeals in San Francisco affirms a 2005 decision by U.S. District Judge Audrey Collins, who ruled on a petition seeking to clear the way for U.S. groups and individuals to assist political organizations in Turkey and Sri Lanka. Collins said language in the Patriot Act was vague on matters involving training, expert advice or assistance, personnel and service to foreign terrorist organizations. Her ruling prevented the federal government from enforcing those provisions as they apply to the terrorist groups named in the lawsuit. Without clear language, the plaintiffs argued, those who provide assistance to foreign terrorist organizations could be subject to prison terms of up to 15 years. Charles Miller, a Justice Department spokesman, said his agency was reviewing the ruling to determine a response. In its 27-page decision, the appeals court said that to survive a vagueness challenge, a statute ''must be sufficiently clear to put a person of ordinary intelligence on notice that his or her contemplated conduct is unlawful.'' The language covered by the ruling remained unconstitutionally vague despite Congressional amendments to the Patriot Act meant to remedy the problems, the appeals court ruled. ? 2007 Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Wed Dec 12 04:14:57 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Dec 2007 23:14:57 -0500 Subject: [Infowarrior] - Former DHS IG OpEd on TSA Screeners Message-ID: Screening Dreams By Clark Kent Ervin http://jetlagged.blogs.nytimes.com/2007/12/10/screening-dreams/ If you are someone who suspects that what is billed as ?aviation security? is often more show than substance, you are not alone. In fact, you are part of what Nixon aides used to call the ?silent majority.? The security bureaucracy seems to think that as long as it is seen as doing something, and so long as another terror attack does not occur, the public will at least feel secure enough not to insist that it do whatever needs to be done actually to make us secure. Any number of examples could be cited to support this proposition, but let?s focus first on the foiled plot in the summer of 2006 to blow up several jetliners over the United States with liquid explosives. Because no technology had been developed to detect or thwart liquid explosives, the Transportation Security Administration was forced to take, for a time, the draconian step of banning all liquids and gels. We were told at the time that even liquids and gels that are harmless in and of themselves could become incendiary when combined in sufficient quantity. Predictably, a hue and cry ensued from the general public and the travel industry. And, then, without yet developing any effective counter-technology, the T.S.A. relaxed the ban somewhat. Small quantities of liquids and gels can now be brought through security, provided they are sealed in clear plastic bags. And any quantity of liquids and gels can be purchased at airport vendors past checkpoints. So, if even small quantities of harmless liquids and gels can become harmful when combined in the right way and quantity, why should passengers be allowed to bring any amount past checkpoints? Couldn?t two or more terrorists conspire among themselves to bring collectively the requisite amount to make a bomb? And, why should passengers be able to fly with unlimited quantities of liquids and gels purchased from airport vendors past checkpoints? Liquids and gels sold by these restaurants and shops aren?t analyzed for their explosive potential. And, yet, the T.S.A. can say that it?s done something; the ?something? done doesn?t unduly inconvenience the traveler or crimp the economy; and there?s no hell to pay because no terrorist has yet exploited this loophole to pull off another attack. Likewise, the agency can say that it screens every passenger and every checked bag for guns, knives and bombs. But, unless you?ve been living for the last few years in a cave that is much more remote and much less technologically sophisticated than Osama bin Laden?s, you know that government investigation after government investigation has shown that it is just as easy today to sneak deadly weapons past screeners as it was on 9/11. Just a few weeks ago the T.S.A. was defending itself against the latest such report ? one from the Government Accountability Office ? finding screeners at 19 airports around the country to be inept. (The G.A.O. added that it would likely have found similarly dismal results at other airports.) At least the T.S.A.?s defense was audacious, laughably so: the agency chief, Kip Hawley, more or less told Congress that poor results were to be expected because undercover tests nowadays are much more sophisticated than they were before 9/11. In other words, it?s a good thing that screeners are consistently failing these tests because otherwise the tests wouldn?t be much of a test. The problem with this, of course, is that terrorists (at least the ones we have to worry most about ? the hardened Al Qaeda types) are sophisticated. When they test for holes in our security, they, too, will do their very best to think of inventive and clever ways to conceal deadly weapons. Who cares if screeners can spot obvious weapons when terrorists are likely to be more like post-9/11 inspectors than pre-9/11 ones in their sophistication? And, then there?s the old T.S.A. argument that, after all, there are multiple (19, to be more precise) layers of security. If screeners fail to catch terrorists? weapons at the checkpoints, there are 18 more opportunities to foil their plots. But, at the risk of mixing metaphors, security layers as a whole constitute a chain that is only as strong as its weakest link. The screener link in this chain is very weak, indeed. And, as links go, this is arguably the most important one. Barring the occasional exception, the only time that passengers and their carry-ons are screened for weapons is at the checkpoint. At the gate, only one?s boarding pass is checked. So screeners are the last line of defense before would-be terrorists can board airplanes with guns, knives and bombs. If ignorance is bliss, let those of who believe T.S.A. press releases be happy. And if it is better to be lucky than good, TSA, so far at least, has it made. From rforno at infowarrior.org Wed Dec 12 12:43:19 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Dec 2007 07:43:19 -0500 Subject: [Infowarrior] - Declassified docs show fight over surveillance, telecom immunity Message-ID: Declassified docs show fight over surveillance, telecom immunity Posted by Declan McCullagh http://www.news.com/8301-13578_3-9832641-38.html The Bush administration has released formerly classified documents that show how it is pressing Congress to rewrite surveillance law and immunize telecommunications companies from lawsuits. What's also interesting about the documents, which were released in response to the Freedom of Information Act on Monday, is how much is redacted. Entire pages have been excised, in one case leaving only two paragraphs visible. A few highlights from the the files (1 and 2) obtained by the Electronic Frontier Foundation after a court battle: ? Pages 6-8 of file 1: National Intelligence Director Mike McConnell told Congress three months ago that surveillance red tape required intelligence agencies to wait 12 hours to tap an Iraqi phone number--a claim that already has been called into question. These documents give a detailed timeline that doesn't exactly jibe with what McConnell claimed. They say that the the NSA notified the Justice Department at 12:53 p.m. on May 15 that it believed it had the authorization to conduct domestic eavesdropping in this situation. The Justice Department received a formal request at 5:15 p.m. Because Attorney General Alberto Gonzales was traveling, he was not able to authorize it until 7:18 p.m. That's not exactly 12 hours. ? Page 35 of file 1: McConnell argues in a "TOP SECRET" document that retroactive immunity for AT&T and other telecommunications companies is necessary: "It is equally critical that private entities that are alleged to have assisted the (intelligence community) in preventing further attacks on the United States be insulated from liability for doing so." So that's all the nation's top spook is willing to say in a "TOP SECRET" document? Maybe "TOP SECRET" classifications are like U.S. dollars: They used to be worth a lot more than they are today. ? Pages 59-64 of file 1: In a kind of governmental FAQ, the National Security Agency claims that its "minimization procedures" that limit electronic eavesdropping of U.S. citizens protect Americans' privacy rights. If the NSA is targeting a foreigner overseas, it says, its eavesdroppers will take extra precautions. The NSA says, however, that it is "not reasonable to impose time limits" on when it should "drop that individual"--a U.S. citizen inside the United States--as a person of interest. It also objects to enshrining those internal procedures in law, claiming it would "be difficult to change" if necessary. ? Page 6 of file 2: The Office of the Director of National Intelligence has located a "telephone message slip that contains the handwritten personal notes" from an employee. It's being withheld under FOIA on four separate grounds--including that it's been classified. From rforno at infowarrior.org Wed Dec 12 12:44:45 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Dec 2007 07:44:45 -0500 Subject: [Infowarrior] - Data loss at Passport Canada could lead to identity theft Message-ID: (c/o Nick) Data loss at Passport Canada could lead to identity theft Filed Under Technology Issues http://www.digitalhome.ca/blog/2007/12/04/data-loss-at-passport-canada-could -lead-to-identity-theft/ The Globe and Mail (reg reqd) reported this morning of a massive privacy breach in the Passport Canada?s website that allowed hackers to access the personal information of people who had recently applied for a Canadian passport online. The information left unprotected included addresses, social insurance numbers and driver?s licence numbers. The same type of personal information that the federal government says is commonly used by hackers to steal someone?s identity. Passport Canada claims the problems were quickly resolved, however, after the website was brought back online, the Globe found the site could again be compromised in a few keystrokes. Clearly Passport Canada did not take this security breach seriously and their pronouncement that the system was secure was either extreme arrogance or sheer incompetence. Whether it was incompetence or arrogance, the federal government needs to take this data breach very seriously in order to assure Canadians that it can keep our personal information secure. My feeling is this data breach was likely not likely to have any long term repercussions but how do we know unless the government comes clean and identifies and notifies every Canadian whose personal information could have been compromised. By informing these Canadians of the potential breach, it gives them the opportunity to monitor their personal finances for any suspicious activity in the future. By not informing Canadians, you give the hackers the advantage. From rforno at infowarrior.org Wed Dec 12 12:59:52 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Dec 2007 07:59:52 -0500 Subject: [Infowarrior] - Another intrusive advertising technology In-Reply-To: <20071212003609.GB8176@gsp.org> Message-ID: C/o RSK ------ Forwarded Message Earlier this year, we wrote about the fact that many ISPs were making good money selling your clickstream data to various companies for tracking purposes. Now there's a new advertising company that's come along to take advantage of this. The Associated Press has an article about NebuAd, a company that works with ISPs to use your clickstream data to better target advertisements to you. These aren't tracking cookies, which can easily be blocked, and depend on which websites you go to. This is your ISP, who has access to where you're surfing, using that data to insert more targeted ads. To its credit, the company has tried to be quite careful about keeping data private and setting it up in a way that it believes is impossible to trace the data back to an individual user. However, we've all heard stories about "anonymous" datasets that turn out to not be particularly anonymous. The company does also offer an "opt-out" solution, but how many people are even going to realize that their ISPs are a part of this program at all? More here: ISPs Able To Use Your Surfing Data To Insert Their Own Ads Everywhere http://www.techdirt.com/articles/20071211/024003.shtml (Oh, and as one astute commenter at Techdirt has noted, this could be a boon for phishers, who need only wait for users to get used to this and then...) From rforno at infowarrior.org Fri Dec 14 03:50:13 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Dec 2007 22:50:13 -0500 Subject: [Infowarrior] - House committee hears the cons of the PRO-IP Act Message-ID: House committee hears the cons of the PRO-IP Act By Nate Anderson | Published: December 13, 2007 - 02:00PM CT http://arstechnica.com/news.ars/post/20071213-house-committee-hears-the-cons -of-the-pro-ip-act.html The House today held a hearing on the new PRO-IP Act that beefs up intellectual property enforcement. Rick Cotton, a top NBC lawyer and representative for the Coalition Against Counterfeiting and Piracy (CACP), called counterfeiting and piracy "a global pandemic" and "a dagger into the heart of America's future economic security." What the US needs, he said, is a "declaration of war." But not even the Department of Justice is convinced that PRO-IP, in its current form, is that sort of declaration. Counterfeit goods are certainly a problem, and no one at the hearing stands opposed to crafting good intellectual property law to protect creative work and new products (even Public Knowledge's Gigi Sohn proclaimed her support for IP law and enforcement). Rep. Darrell Issa (R-CA), who made money in the car alarm business and was the voice of the "Viper" system, used his opening statement to tell his fellow representatives about how other companies ripped off his products, including his voice, and sold them in the US market. Defective products would arrive at Issa's company that he had not even manufactured, though in the minds of customers, his company was to blame. Will PRO-IP help to fix such problems? Concerns from Justice The PRO-IP Act seeks to stem the "tsunami" (as one representative put it) of counterfeiting and piracy by making a pair of changes to the structure of the federal government. First, a new executive branch office devoted to intellectual property enforcement would be created in the White House, and it would be modeled on the office of the US Trade Representative. The Department of Justice would also get a new IP enforcement division that would consolidate work currently done in several other divisions. Sigal Mandelker, a Deputy Assistant Attorney General at the DOJ, told the subcommittee that this plan raised some concerns at Justice. For one thing, having a White House office that can direct the priorities and investigations at Justice could undermine the independence of the department, she said. In addition, the current arrangement at Justice is "actually quite effective." Public Knowledge weighs in Gigi Sohn Other concerns came from Gigi Sohn, president of Public Knowledge, who attacked the PRO-IP Act's increase to the statutory damages that can be leveled for copyright infringement. Referencing the Jammie Thomas case in Minnesota, Sohn noted that statutory damages are already "disproportionate penalties for infringement," and called on Congress to move them in the other direction. Despite several significant criticisms of the bill, Sohn said that she was pleased with how subcommittee chair Howard Berman (D-CA) listened to many different stakeholders and had already removed the most egregious provisions from the bill. "Unslakable lust for more" Google's senior copyright counsel, William Patry, wasn't at the hearing, but he had a far less charitable take on the legislation. Calling it the most "outrageously gluttonous IP bill ever introduced in the US," Patry made clear that he was appalled by the "unslakable lust for more and more rights, longer terms of protection, draconian criminal provisions, and civil damages that bear no resemblance to the damages suffered." One might expect that coming from a Google lawyer (the blog is written in his private capacity), since the company is a voracious consumer of copyrighted work, but Patry has himself served in the Copyright Office and has written perhaps the definitive seven-volume tome on the subject of US copyright law. Instead, he says, he is "pro-IP in this most important of senses. But an excessive amount of something that is beneficial in measured doses can become fatal in overdoses, and copyright is already at fatal strength." The PRO-IP Act, with its attempt to increase statutory damages and increase forfeiture penalties for equipment used for copyright infringement, clearly moves in a way that Patry dislikes. Fortunately, when it comes to criminal matters, Justice remains steadfastly unconcerned with prosecuting minor infringement cases, as Mandelker again made clear in response to a question. Still, with even harsher laws on the books, there's always a chance that the penalties won't hit only those who import ripped-off car alarms, but a huge array of ordinary Americans. Where penalties are needed, they should fit the crime. Ruining someone's financial life over the equivalent of a box of CDs or DVDs hardly seems to meet that standard. From rforno at infowarrior.org Sat Dec 15 02:21:12 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Dec 2007 21:21:12 -0500 Subject: [Infowarrior] - U.S. military command hacks Wikipedia Message-ID: U.S. military command hacks Wikipedia BY JAMES GORDON MEEK DAILY NEWS WASHINGTON BUREAU Thursday, December 13th 2007, 4:00 AM http://www.nydailynews.com/news/us_world/2007/12/13/2007-12-13_us_military_c ommand_hacks_wikipedia-1.html WASHINGTON - Wikipedia sleuths Wednesday exposed the U.S. military hackers who labeled Fidel Castro an "admitted transsexual" and deleted sensitive information about Gitmo detainees from the Web site. Volunteers working for the online encyclopedia traced digital fingerprints found on Wikipedia.org to Joint Task Force-Guantanamo, the U.S. military command running the Camp Delta terrorist prison in Cuba. The volunteer team discovered that people using military computers registered to the Gitmo task force edited the ailing Cuban president's biography on Wikipedia to say, "Fidel Castro is an admitted transexual(sic)." Anyone can edit Wikipedia entries, but the site expects facts to be linked to credible sources, such as documents or news reports. The Gitmo hackers also deleted prisoner identification numbers from entries about several terror suspects held at Camp Delta, such as Prisoner No. 766, Canadian-born Omar Khadr. Khadr, 21, has been held since 2002 and accused of killing a Special Forces medic in Afghanistan. On another Wikipedia page, the same Gitmo computers were linked to someone who changed the phrase "invasion of Afghanistan" to "war in Afghanistan." By tracing unique identifying numbers found on Wikipedia computer logs, the sleuths found they were registered to Gitmo and the U.S. Southern Command. Military officials did not respond to requests for comment. jmeek at nydailynews.com From rforno at infowarrior.org Sat Dec 15 13:56:43 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Dec 2007 08:56:43 -0500 Subject: [Infowarrior] - Senate "KIDS" Act - more meaningless cyber-fluff Message-ID: I'm not sure what's more laughable -- that Congress tacked on a catchy acronym for this bill (which they seem to pay more attention to than evaluating the substance of such bills) or the fact it's offers nearly zero "protection" for children...... -rf http://www.washingtonpost.com/wp-dyn/content/article/2007/12/14/AR2007121401 734_pf.html Registry May Soon Add Sex Offenders' Web IDs By Catherine Rampell Washington Post Staff Writer Saturday, December 15, 2007; D02 The Senate Judiciary Committee unanimously passed a bill that would require sex offenders to submit e-mail addresses and other online identifiers for inclusion in the Justice Department's National Sex Offender Public Registry. The registry is made up of data on sex offenders collected by each state. Only 11 states require sex offenders to submit online aliases to state sex offender registries, according to the office of Sen. Charles E. Schumer (D-N.Y.), who wrote the bill with Sen. John McCain (R-Ariz.). The legislation, dubbed the Keeping the Internet Devoid of Sexual Predators Act, or KIDS, passed committee Thursday and is supported by several children's advocacy groups as well as the Facebook and MySpace social networking sites. "We commend the Senate Judiciary Committee for passing the KIDS Act that requires convicted sex offenders to register any e-mail address or online identifier they use, so social networking sites can block them from accessing their communities," said Hemanshu Nigam, MySpace's chief security officer. "This legislation is another important tool that will make MySpace an even safer place for all." Last December, MySpace began purging sex offenders from its site based on registry information. Facebook declined to say whether the company would use such e-mail addresses to deny and restrict sex offenders' access to its site. Legal experts said yesterday that while it is legal to deny services to customers based on their criminal history, they were unsure that this bill would curtail sexual predation on the Web. "Unlike moving from one house to another, which is visible and which probation officers can physically check, people can still create and respond to multiple e-mail addresses," said Daniel Filler, law professor at Drexel University in Philadelphia. "Physically, you can only be in one place, but in cyberspace, you can live in a thousand places at once." From rforno at infowarrior.org Sat Dec 15 14:27:22 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Dec 2007 09:27:22 -0500 Subject: [Infowarrior] - Judge: Defendant can't be forced to divulge PGP passphrase In-Reply-To: <47633F21.7090805@well.com> Message-ID: A federal judge in Vermont has ruled that prosecutors can't force a criminal defendant accused of having illegal images on his hard drive to divulge his PGP (Pretty Good Privacy) passphrase. U.S. Magistrate Judge Jerome Niedermeier ruled that a man charged with transporting child pornography on his laptop across the Canadian border has a Fifth Amendment right not to turn over the passphrase to prosecutors. The Fifth Amendment protects the right to avoid self-incrimination. < - BIG SNIP - > http://www.news.com/8301-13578_3-9834495-38.html From rforno at infowarrior.org Sat Dec 15 14:28:53 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Dec 2007 09:28:53 -0500 Subject: [Infowarrior] - More on...Senate "KIDS" Act - more meaningless cyber-fluff In-Reply-To: <20071215141517.GA21521@gsp.org> Message-ID: ------ Forwarded Message From: - removed - Did you catch the story this past week about the guy who killed a sex offender who'd moved into his neighborhood? It turns out that the sex offender was *incorrectly* listed as having committed crimes against minors -- his offenses were against adults. So the murderer killed a guy -- according to him, to "protect his children" -- who probably wasn't a threat to them. http://www.cbsnews.com/stories/2007/12/10/the_skinny/main3597422.shtml (Note also the last sentence in the article. Don't have coffee in your mouth when you read it.) If they set this up, perhaps someone will submit the email addresses of all the US Senators who voted for it. From rforno at infowarrior.org Sat Dec 15 14:34:36 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Dec 2007 09:34:36 -0500 Subject: [Infowarrior] - Are all military marvels needed? Message-ID: A great precis on how DOD procurement and Congress *really* works. --rf Article published Dec 15, 2007 Are all military marvels needed? http://washingtontimes.com/apps/pbcs.dll/article?AID=/20071215/TECHNOLOGY/11 2150048/home.html&template=printart December 15, 2007 By Fred Reed - I see that Boeing has mounted a powerful laser in a C-130 cargo plane that, it says, will be able to cripple a truck from six miles away. Those who watch military technology will recognize this as the little brother of Boeing's Airborne Laser, or ABL, which is mounted in a 747 and is intended to shoot down ballistic missiles. Both, in my opinion, illustrate something profoundly wrong with the U.S. military. The U.S. has no conventional military enemies now. Neither Russia nor China nor anyone else is building vast arsenals of advanced weaponry. The enemies the U.S. actually fights are guerrillas and insurgents. So why spend huge sums on high-tech arms? Why use a very costly laser to do what is already easily done by existent gunships and missiles? The main reason is money. Uncle Sugar has lots of it. Much of American politics revolves around ways of draining the national purse. Thus, road-construction firms want to build roads whether we need them or not, etc. Aerospace companies behave accordingly. Big-ticket, advanced weaponry is immensely expensive, which translates into immensely profitable. The tab for a project can run easily into the billions. Further, the weapon constitutes a semi-immortal trough. For example, a new fighter plane ? the F-22, for example ? can take 25 years to develop. It then costs a fortune ($361 million a copy for the F-22, according to the Government Accountability Office), and creates a 30-year market for spare parts, upgrades, service-life extensions and so on. For engineers, for programmers and aerospace companies and towns where the factories are, the economic attraction outweighs military utility. It can be a 50-year cash cow. And with that much money, and that many jobs at stake, people will persuade themselves that it is militarily a good idea. The companies then look for additional applications of whatever it is, whether they make sense or not, and peddle them to the Pentagon. The resulting hardware may perform well. Engineers design these things, and by their nature engineers want things to work. They love to push the envelope, to do something that hasn't been done before. People who design airplanes love airplanes. They work for huge companies with lots of money so they can use the best computers and materials. The result is a weapon that works, but not necessarily one that is needed. The F-22 is a technical marvel that can cruise at supersonic speeds and comes equipped with stealth technology and miraculous electronics. It is not particularly useful against urban insurgents with rifles, though. A great facilitator of massive tech projects is unlegislated secrecy, otherwise known as inattention. No one really watches most of the federal government. Do you know what HUD's budget is, or what it does with it? Me neither. The big tech projects aren't hidden, they aren't "black" programs. You can read about them in Aviation Week, but few of us do. They just grow quietly in the shadows. They become institutions with offices in the Pentagon, protected by congressmen who represent the districts where they are made. For the 30 years during which I covered the military, the pattern was to defend the advanced weaponry while neglecting the inglorious low-tech equipment needed in war. There is no constituency for the cheap and mundane. The military prepares to fight an enemy, however imaginary, that justifies the high-tech equipment it wants ? not the unglamorous ragtag militia that is actually out there. Thus, a huge, advanced, undeniably interesting laser in a cargo plane. From rforno at infowarrior.org Sat Dec 15 14:41:24 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Dec 2007 09:41:24 -0500 Subject: [Infowarrior] - Senate preparing to give telcom immunity on Monday Message-ID: (thank you Sen Reid -- caving again to the WH........rf) http://www.boingboing.net/2007/12/14/senate-set-to-forgiv.html Tim from the Electronic Frontier Foundation sez, "At EFF, we've just sent out an urgent action alert. Monday morning, the Foreign Intelligence Service Bill bill finally goes to the Senate floor, and at noon the Senate will cast their most important votes yet on Telecom Immunity for participation in massive, nationwide illegal NSA wiretapping. We've set up an action alert page for Boing Boing readers to contact their Senators, and would be much obliged if you could share the link." < - > The Senate is poised to grant retroactive immunity for telecoms that broke the law! On Monday, there will be critical, make-or-break votes in the Senate -- contact your Senator immediately to stop telecom immunity! Senate lawmakers must support Senator Chris Dodd and other heroes in allowing a full debate to proceed on Monday, and they must vote to strip telecom immunity from the bill. The Senate should not let the telecoms off the hook. Granting immunity sets a dangerous precedent, sending the message that lawbreaking is acceptable and that the rights of Americans can be freely infringed by private companies in defiance of the law. And though the debate about the proper process of collecting foreign intelligence is complex, the issue of telecom immunity is not. The facts are simple enough: the telecoms broke the law, so the Senate should let Americans have their day in court. From rforno at infowarrior.org Sun Dec 16 20:02:36 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Dec 2007 15:02:36 -0500 Subject: [Infowarrior] - Wider Spying Fuels Aid Plan for Telecom Industry Message-ID: December 16, 2007 Wider Spying Fuels Aid Plan for Telecom Industry By ERIC LICHTBLAU, JAMES RISEN and SCOTT SHANE http://www.nytimes.com/2007/12/16/washington/16nsa.html?hp=&pagewanted=print WASHINGTON ? For months, the Bush administration has waged a high-profile campaign, including personal lobbying by President Bush and closed-door briefings by top officials, to persuade Congress to pass legislation protecting companies from lawsuits for aiding the National Security Agency?s warrantless eavesdropping program. But the battle is really about something much bigger. At stake is the federal government?s extensive but uneasy partnership with industry to conduct a wide range of secret surveillance operations in fighting terrorism and crime. The N.S.A.?s reliance on telecommunications companies is broader and deeper than ever before, according to government and industry officials, yet that alliance is strained by legal worries and the fear of public exposure. To detect narcotics trafficking, for example, the government has been collecting the phone records of thousands of Americans and others inside the United States who call people in Latin America, according to several government officials who spoke on the condition of anonymity because the program remains classified. But in 2004, one major phone carrier balked at turning over its customers? records. Worried about possible privacy violations or public relations problems, company executives declined to help the operation, which has not been previously disclosed. In a separate N.S.A. project, executives at a Denver phone carrier, Qwest, refused in early 2001 to give the agency access to their most localized communications switches, which primarily carry domestic calls, according to people aware of the request, which has not been previously reported. They say the arrangement could have permitted neighborhood-by-neighborhood surveillance of phone traffic without a court order, which alarmed them. The federal government?s reliance on private industry has been driven by changes in technology. Two decades ago, telephone calls and other communications traveled mostly through the air, relayed along microwave towers or bounced off satellites. The N.S.A. could vacuum up phone, fax and data traffic merely by erecting its own satellite dishes. But the fiber optics revolution has sent more and more international communications by land and undersea cable, forcing the agency to seek company cooperation to get access. After the disclosure two years ago that the N.S.A. was eavesdropping on the international communications of terrorism suspects inside the United States without warrants, more than 40 lawsuits were filed against the government and phone carriers. As a result, skittish companies and their lawyers have been demanding stricter safeguards before they provide access to the government and, in some cases, are refusing outright to cooperate, officials said. ?It?s a very frayed and strained relationship right now, and that?s not a good thing for the country in terms of keeping all of us safe,? said an industry official who believes that immunity is critical for the phone carriers. ?This episode has caused companies to change their conduct in a variety of ways.? With a vote in the Senate on the issue expected as early as Monday, the Bush administration has intensified its efforts to win retroactive immunity for companies cooperating with counterterrorism operations. ?The intelligence community cannot go it alone,? Mike McConnell, the director of national intelligence, wrote in a New York Times Op-Ed article Monday urging Congress to pass the immunity provision. ?Those in the private sector who stand by us in times of national security emergencies deserve thanks, not lawsuits.? Attorney General Michael B. Mukasey echoed that theme in an op-ed article of his own in The Los Angeles Times on Wednesday, saying private companies would be reluctant to provide their ?full-hearted help? if they were not given legal protections. The government?s dependence on the phone industry, driven by the changes in technology and the Bush administration?s desire to expand surveillance capabilities inside the United States, has grown significantly since the Sept. 11 attacks. The N.S.A., though, wanted to extend its reach even earlier. In December 2000, agency officials wrote a transition report to the incoming Bush administration, saying the agency must become a ?powerful, permanent presence? on the commercial communications network, a goal that they acknowledged would raise legal and privacy issues. While the N.S.A. operates under restrictions on domestic spying, the companies have broader concerns ? customers? demands for privacy and shareholders? worries about bad publicity. In the drug-trafficking operation, the N.S.A. has been helping the Drug Enforcement Administration in collecting the phone records showing patterns of calls between the United States, Latin America and other drug-producing regions. The program dates to the 1990s, according to several government officials, but it appears to have expanded in recent years. Officials say the government has not listened to the communications, but has instead used phone numbers and e-mail addresses to analyze links between people in the United States and overseas. Senior Justice Department officials in the Bush and Clinton administrations signed off on the operation, which uses broad administrative subpoenas but does not require court approval to demand the records. At least one major phone carrier ? whose identity could not be confirmed ? refused to cooperate, citing concerns in 2004 that the subpoenas were overly broad, government and industry officials said. The executives also worried that if the program were exposed, the company would face a public-relations backlash. The D.E.A. declined to comment on the call-tracing program, except to say that it ?exercises its legal authority? to issue administrative subpoenas. The N.S.A. also declined to comment on it. In a separate program, N.S.A. officials met with the Qwest executives in February 2001 and asked for more access to their phone system for surveillance operations, according to people familiar with the episode. The company declined, expressing concerns that the request was illegal without a court order. While Qwest?s refusal was disclosed two months ago in court papers, the details of the N.S.A.?s request were not. The agency, those knowledgeable about the incident said, wanted to install monitoring equipment on Qwest?s ?Class 5? switching facilities, which transmit the most localized calls. Limited international traffic also passes through the switches. A government official said the N.S.A. intended to single out only foreigners on Qwest?s network, and added that the agency believed Joseph Nacchio, then the chief executive of Qwest, and other company officials misunderstood the agency?s proposal. Bob Toevs, a Qwest spokesman, said the company did not comment on matters of national security. Other N.S.A. initiatives have stirred concerns among phone company workers. A lawsuit was filed in federal court in New Jersey challenging the agency?s wiretapping operations. It claims that in February 2001, just days before agency officials met with Qwest officials, the N.S.A. met with AT&T officials to discuss replicating a network center in Bedminster, N.J., to give the agency access to all the global phone and e-mail traffic that ran through it. The accusations rely in large part on the assertions of a former engineer on the project. The engineer, who spoke on the condition of anonymity, said in an interview that he participated in numerous discussions with N.S.A. officials about the proposal. The officials, he said, discussed ways to duplicate the Bedminster system in Maryland so the agency ?could listen in? with unfettered access to communications that it believed had intelligence value and store them for later review. There was no discussion of limiting the monitoring to international communications, he said. ?At some point,? he said, ?I started feeling something isn?t right.? Two other AT&T employees who worked on the proposal discounted his claims, saying in interviews that the project had simply sought to improve the N.S.A.?s internal communications systems and was never designed to allow the agency access to outside communications. Michael Coe, a company spokesman, said: ?AT&T is fully committed to protecting our customers? privacy. We do not comment on matters of national security.? But lawyers for the plaintiffs say that if the suit were allowed to proceed, internal AT&T documents would verify the engineer?s account. ?What he saw,? said Bruce Afran, a New Jersey lawyer representing the plaintiffs along with Carl Mayer, ?was decisive evidence that within two weeks of taking office, the Bush administration was planning a comprehensive effort of spying on Americans? phone usage.? The same lawsuit accuses Verizon of setting up a dedicated fiber optic line from New Jersey to Quantico, Va., home to a large military base, allowing government officials to gain access to all communications flowing through the carrier?s operations center. In an interview, a former consultant who worked on internal security said he had tried numerous times to install safeguards on the line to prevent hacking on the system, as he was doing for other lines at the operations center, but his ideas were rejected by a senior security official. The facts behind a class-action lawsuit in San Francisco are also shrouded in government secrecy. The case relies on disclosures by a former AT&T employee, Mark Klein, who says he stumbled upon a secret room at an company facility in San Francisco that was reserved for the N.S.A. Company documents he obtained and other former AT&T employees have lent some support to his claim that the facility gave the agency access to a range of domestic and international Internet traffic. The telecommunications companies that gave the government access are pushing hard for legal protection from Congress. As part of a broader plan to restructure the N.S.A.?s wiretapping authority, the Senate Intelligence Committee agreed to give immunity to the telecommunications companies, but the Judiciary Committee refused to do so. The White House has threatened to veto any plan that left out immunity, as the House bill does. ?Congress shouldn?t grant amnesty to companies that broke the law by conspiring to illegally spy on Americans? said Kate Martin, director of the Center for National Security Studies in Washington. But Bobby R. Inman, a retired admiral and former N.S.A. director who has publicly criticized the agency?s domestic eavesdropping program, says he still supports immunity for the companies that cooperated. ?The responsibility ought to be on the government, not on the companies that are trying to help with national security requirements,? Admiral Inman said. If the companies decided to stop cooperating, he added, ?it would have a huge impact on both the timeliness and availability of critical intelligence.? From rforno at infowarrior.org Sun Dec 16 20:06:53 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Dec 2007 15:06:53 -0500 Subject: [Infowarrior] - 3.2 Gigabit per Second Speed for FireWire Message-ID: 1394 Trade Association Announces 3.2 Gigabit per Second Speed for FireWire http://www.1394ta.org/Press/2007Press/december/12.12.a.htm New S3200 specification delivers higher speed than competing technologies - and much sooner - with no changes to connectors or cables Dallas, Dec. 12, 2007 -- The 1394 Trade Association today announced a new specification to quadruple the speed of FireWire to reach 3.2 gigabits per second. The new electrical specification, known as S3200, builds upon the IEEE 1394b standard, preserving all the advantages of FireWire while offering a major and unprecedented boost in performance. The new speed uses the cables and connectors already deployed for FireWire 800 products, making the transition forward easy and convenient for 1394 product vendors and their customers. Because the 1394 arbitration, data, and service protocols were not modified for S3200, silicon and software vendors can deploy the faster speed FireWire quickly and with confidence that it will deliver its full potential performance. The S3200 specification is expected to be ratified by early February. FireWire 800 products deployed since 2003 have proven that IEEE 1394b delivers outstanding performance. Operating without polling, without idle times, and without continuous software management, FireWire 800 efficiently delivers more than 97 percent of its bit rate as payload -- not overhead. FireWire 800 hard drives today can easily move over 90 megabytes per second. S3200 preserves 100 percent of the 1394b design efficiency and will deliver extremely high payload speeds reaching nearly 400 megabytes per second. Other interface technologies struggle to deliver half their advertised bit rate to the user, even under optimal conditions. No Compromises to 1394?s Features The S3200 specification brings FireWire to this new performance level without compromising existing features. For example, FireWire provides much more electrical power than any other interface, freeing users from inconvenient AC power adapters. FireWire products built using S3200 will directly connect to every previously released FireWire product. Alternative cable options are available to carry FireWire over long distances - 100 meters or more - even at high speeds. Also, FireWire?s peer-to-peer architecture allows products to operate with a computer - or without one. This superior combination of features is not found in any other technology, which explains why over one billion FireWire ports have been shipped to date, on products as diverse as computers, cameras, televisions, hard drives, and musical instruments. IEEE 1394 also is deployed in vital applications in state-of-the-art aircraft and polar orbiting satellites. S3200 Strengthens 1394?s Position in Storage, Consumer Electronics One of the strongest markets today for FireWire is storage for computers. The best hard drives with FireWire 800 can move data almost three times as fast as the best hard drives with USB 2.0. Also, FireWire provides much more electrical power than USB, so FireWire-equipped hard drives can operate without an AC adapter, and at high rotational speeds. USB hard drives can fail to work from USB power, or require a second USB cable for power, or use the lowest-performance drive mechanisms because so little power is available. With S3200 this power advantage for FireWire is fully preserved. S3200 also makes FireWire so fast that users will see no advantage from eSATA. Both interfaces are much faster than any modern hard drive mechanism, but eSATA does not provide electrical power to operate a drive. On a computer, an eSATA port is far less flexible than a FireWire port, because many more devices can connect to FireWire. For these reasons, S3200 makes FireWire the superior choice for future external storage products. S3200 will also enhance FireWire?s strong position in consumer electronics A/V devices such as camcorders and televisions. Today, 100 percent of HD set top boxes provided by cable companies have FireWire ports. So do 100 models of HDTV. FireWire is the only separable interface today that can record HD programs in their full digital quality while also meeting the content protection requirements of copyright holders. Many companies are pursuing whole-home HD network solutions using FireWire - notably the HANA Alliance. Technology development is also nearing completion to permit FireWire to operate over cable television coaxial cables, without disrupting the existing program content. With S3200, FireWire becomes fast enough to move even uncompressed HD signals over long distances at much lower cost than solutions such as HDMI. "The S3200 standard will sustain the position of IEEE 1394 as the absolute performance leader in multi-purpose I/O ports for consumer applications in computer and CE devices," said James Snider, executive director, 1394 Trade Association. "There is a very clear migration path from 800 Megabits/second to 3.2 Gigabits/second, with no need for modifications to the standard and no requirement for new cables or connectors." The Silicon Working Group developed the S3200 specification within the 1394 Trade Association, with participation by industry leaders including Symwave, Texas Instruments, LSI Corporation, and Oxford Semiconductor. S3200 specifies the electrical operation of the 3.2 Gigabit mode first specified by IEEE 1394b-2002, without changing any connector, cable, protocol, or software requirements. Based on the working group's progress, the Trade Association has set a January 2008 date for the specification to enter a ratification process. The 1394 Trade Association is a worldwide organization dedicated to the advancement and enhancement of the IEEE 1394 audio video standard. For more information, visit www.1394ta.org Contact: Dick Davies 415 652 7515 ipra at mindspring.com From rforno at infowarrior.org Mon Dec 17 00:59:05 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Dec 2007 19:59:05 -0500 Subject: [Infowarrior] - Control sought on military lawyers Message-ID: Control sought on military lawyers Bush wants power over promotions Email|Print| Text size ? + By Charlie Savage Globe Staff / December 15, 2007 WASHINGTON - The Bush administration is pushing to take control of the promotions of military lawyers, escalating a conflict over the independence of uniformed attorneys who have repeatedly raised objections to the White House's policies toward prisoners in the war on terrorism. The administration has proposed a regulation requiring "coordination" with politically appointed Pentagon lawyers before any member of the Judge Advocate General corps - the military's 4,000-member uniformed legal force - can be promoted. A Pentagon spokeswoman did not respond to questions about the reasoning behind the proposed regulations. But the requirement of coordination - which many former JAGs say would give the administration veto power over any JAG promotion or appointment - is consistent with past administration efforts to impose greater control over the military lawyers. The former JAG officers say the regulation would end the uniformed lawyers' role as a check-and-balance on presidential power, because politically appointed lawyers could block the promotion of JAGs who they believe would speak up if they think a White House policy is illegal. Retired Major General Thomas Romig, the Army's top JAG from 2001 to 2005, called the proposal an attempt "to control the military JAGs" by sending a message that if they want to be promoted, they should be "team players" who "bow to their political masters on legal advice." It "would certainly have a chilling effect on the JAGs' advice to commanders," Romig said. "The implication is clear: without [the administration's] approval the officer will not be promoted." The new JAG rule is part of a set of proposed changes to the military's procedures for promoting all commissioned officers, a copy of which was obtained by the Globe. The Pentagon began internally circulating a draft of the changes for comments by the services in mid-November, and the administration will decide whether to make the changes official later this month or early next year. < - > http://www.boston.com/news/nation/washington/articles/2007/12/15/control_sou ght_on_military_lawyers/ From rforno at infowarrior.org Mon Dec 17 12:22:20 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Dec 2007 07:22:20 -0500 Subject: [Infowarrior] - OSVDB 2.0 RELEASED In-Reply-To: <47661B95.5020503@opensecurityfoundation.org> Message-ID: OPEN SOURCE VULNERABILITY DATABASE (OSVDB) 2.0 RICHMOND, VA, December 15, 2007 ? OSVDB announced a major milestone in the cataloging, classification, description and management of software and hardware security vulnerabilities: The release of OSVDB 2.0, a complete rewrite of the web site using Ruby on Rails, provides substantial performance and reliability improvements for both developers and researchers. ?OSVDB 2.0 will help evolve stagnant Vulnerability Databases and position OSVDB as the go-to security vulnerability database,? says Brian Martin, one of the project leaders. OSVDB, a recognized leader in providing services to the security industry for the past five years, has cataloged nearly 40,000 vulnerabilities, with the help of over 300 volunteers, while gaining industry recognition and vendor support. ?The new Ruby on Rails MVC framework will allow for quick and efficient deployment of changes,? says Dave Shettler, Lead Developer of the OSVDB project. ?This will provide greater flexibility to adapt to the changes in the vulnerability and security industry.? Eighteen months ago OSVDB project leaders identified the need to provide more services, an easier interface for updating vulnerabilities and a way to make it simple for individuals and companies to integrate with the project. OSVDB 2.0 achieves these objectives. OSVDB 2.0 enhancements include: greater detail about the overall nature of a specific vulnerability, a ?Watch List? service that provides alerts for new vulnerabilities, consolidating external blogs by vulnerability, and new reporting metrics. The enhanced data will allow users to find vulnerabilities based on criteria such as attack type, solution status or if the vulnerability has been confirmed or disputed by the vendor. ?We know that OSVDB 2.0?s new features will prove to be useful for the security community.? says Kelly Todd, one of the project leaders. ?OSVDB is a team effort for improved security by the security community.? Users of the old system will immediately notice that the project has implemented a customizable portal that fully integrates the old backend interface and the front end website. In addition, the method for updating vulnerabilities has been changed to a ?Wiki style? system that allows contributors to edit individual fields when needed. The enhanced classification system is now tracking the following additional fields: ?Context Dependent ??Wormified? ?Vulnerability Dependent ?Security Software ?Coordinated Disclosure ?Uncoordinated Disclosure ?Vendor Disputed ?Vendor Verified ?Solution Types ?Wireless The OSVDB project leaders--Jake Kouns, Brian Martin, Dave Shettler, Chris Sullo, Kelly Todd , and Steve Tornio-- would like to thank all of the volunteers and organizations who help make the project a success. The full list of contributors to the project can be viewed at: http://osvdb.org/contributors We would also like to thank our sponsors: ?Google (google.com), for sponsoring OSVDB in the Google Summer of Code program in 2006 and 2007. ?Layered Technologies (layeredtech.com), for web hosting. ?GFI (gfi.com), for financial support. ?The OSVDB project will go as far as the community is willing to take it.?, says Jake Kouns, project lead. ?We continue to encourage individuals to get involved and help shape the future of the project.? If you would like to become involved with the project please contact us at moderators at osvdb.org OSVDB 2.0 can be found at www.OSVDB.org. Press Contact: Jake Kouns Open Source Vulnerability Database Project +1.804.306.8412 Email: jkouns at opensecurityfoundation.org From rforno at infowarrior.org Mon Dec 17 21:53:03 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Dec 2007 16:53:03 -0500 Subject: [Infowarrior] - Fears mount over internet privacy Message-ID: December 16, 2007 Fears mount over internet privacy Google rival Ask.com is promising to wipe out people?s search records within hours. But do the data really disappear? Dominic Rushe, New York http://business.timesonline.co.uk/tol/business/industry_sectors/technology/a rticle3055825.ece FOR the past three years Daniel Brandt has been running his own search engine. He called it, cheekily enough, Scroogle. Scroogle.org is the antiGoogle. It carries no advertisements and survives on donations from its users, usually less than $20 (?9.90) apiece when and if they make them. It doesn?t even have its own technology and relies instead on ?scraping? search results from Google?s site and offering them up, minus the ads. Traffic has doubled every year and now Scroogle has passed 100,000 visitors a day. Brandt said growth was down to one word: privacy. Unlike its well-funded rivals, Scroogle keeps no record of who is using its site or what they are looking for. Within an hour of using the site, the search terms are gone for good. The internet has become a depository for our most private thoughts and information. Details we would be reluctant to share with a doctor are routinely volunteered to Google, Yahoo and other search engines, and can easily be traced back to the computer it came from. ?A lot of people don?t realise search engines save everything you search for,? said Brandt, a longtime Google critic. ?The more these issues get into the press, the more people realise that when they sit down at their keyboard, they?re being watched,? he said. But after a series of scandals, that laissez-faire attitude seems to be coming to an end. All the big search groups have been tightening up privacy policies. Last week the search engine Ask.com went furthest by offering a new service, Ask Eraser, that will wipe out a searcher?s queries within hours. Search information is valuable, allowing firms neatly to target ads to a person?s interests to generate billions in advertising revenue. Search logs also improve the engine?s performance, companies argue. Google uses search-log data to run its spellchecker ? the system that asks: ?Did you mean: Arnold Schwarzenegger?? when you type in his name spelt wrongly. Search data are also used to detect and fight spam and other attempts at internet fraud. Google, the industry leader, stores personal information for 18 months, as does Microsoft?s search engine. Yahoo and Time Warner?s AOL retain search requests for 13 months. But they are not the only people after the information. Search records have increasingly been targeted by the police. Last month in North Carolina a court denied Robert Petrick a retrial after he was convicted of murdering his wife. Google was one of the strongest witnesses against him. His wife, cellist Janine Sutphen, went missing in 2003. When police became suspicious they raided Petrick?s home and found the computer consultant had Googled the words ?neck?, ?snap?, ?break? and ?hold? before his wife was killed. The prosecution argued Petrick had also viewed a document entitled 22 Ways to Kill a Man With Your Bare Hands and researched body decomposition and the topography of the lake where his wife?s body was later found. Few people would complain about internet searches being used to catch criminals, but divorce lawyers regularly subpoena search-engine firms looking for dirt on warring spouses. Highly personal information can be used in a variety of ways that were never sanctioned by the person who entered the search terms. Then there are the risks of accidental breaches. Last year AOL inadvertently released detailed queries conducted by more than 650,000 Americans. Searches released by AOL included ?depression and medical leave?, ?fear that spouse is contemplating cheating? and ?how to kill oneself by natural gas?. Searchers were quickly able to identify some of those behind the queries. While AOL is the only firm to have suffered a major leak so far, critics say that more are bound to come, and internet users should be wary of how firms can legitimately use their personal information. The London-based watchdog Privacy International ranked Google as ?hostile to privacy? in its survey of internet firms, its lowest rating. Rivals Yahoo and Microsoft also fared poorly. In recent months, Ask.com has been trying to seize the high ground on search by casting itself as the alternative to Google?s ?monopoly? and by emphasising privacy. A spokesman said: ?Some people are willing to lessen their concerns about privacy to get more services, but, for a certain set of people, privacy reigns supreme.? It is difficult to erase digital footprints, however, and the information typed by users of Ask Eraser will not disappear completely. Ask.com relies on Google to deliver many of the ads that appear next to its search results, so Ask.com will continue to pass some query information to Google. ?One less place for data to be breached is a good thing,? said the Ask.com spokesman. Others are less impressed. Danny Sullivan, editor-in-chief of Search Engine Land, a blog that covers search engines and marketing, said more privacy moves were likely but that increasing privacy on the web was no simple matter. ?All the major search engines have moved to toughen up their stance on privacy this year. I think it?s useful, but the changes they are making gloss over the more detailed logging that goes on when people use these services,? he said. Google will anonymise data after 18 months, so that any searches done, say, 19 months earlier, would not be traceable back to a person?s computer. But when people log on to one of Google?s services, Gmail, for example, and use the web history feature, which records and saves searches, Google is keeping track of all the websites they visit and all their searches ?and they are going to keep that for ever?, Sullivan said. Data are linked far more closely to you personally and you don?t have any control over it. What happens next may well depend on investigations under way into Google?s privacy policies. In Europe and the US it is under pressure from politicians over its purchase of online ad firm Double Click, the largest digital-ad server with a huge data-base of consumer searches. Between them, Double Click and Google know an awful lot about how people behave on the web. In the meantime, for those concerned about their privacy, there?s always Scroogle. ?Until we get too popular,? said Brandt. ?Then I?m expecting Google will pull our plug.? From rforno at infowarrior.org Tue Dec 18 12:42:37 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Dec 2007 07:42:37 -0500 Subject: [Infowarrior] - Dodd Beats Back Bush Spying Bill Message-ID: Dodd Beats Back Bush Spying Bill Mon Dec 17, 10:50 PM ET http://news.yahoo.com/s/thenation/20071218/cm_thenation/45261018&printer=1;_ ylt=AnihohfSQL0_vb7FgfTrdmI__8QF The Nation -- After waging an all-out battle against the Bush administration and leaders of his own party, Senator Chris Dodd achieved a legislative victory on Monday, halting President Bush's attempt to rush a Senate vote on a bill granting retroative amnesty to companies accused of illegally spying on American citizens. "Today we have scored a victory for American civil liberties and sent a message to President Bush that we will not tolerate his abuse of power and veil of secrecy," Dodd said in a statement distributed by his presidential campaign. "The President should not be above the rule of law, nor should the telecom companies who supported his quest to spy on American citizens," he added. The news was also cheered by the Electronic Frontier Foundation, which is suing over allegedly illegal domestic spying in Hepting v. AT&T. "The biggest hero today is Senator Dodd, who recognized the profound Constitutional issues at stake in taking this key issue away from the courts, and refused to let it be rammed through the Senate without a fight," said Cindy Cohen, the group's legal director. "Over the holiday break we hope that many Senators will listen to their constituents who want them to stand up for the Fourth Amendment," she added. Halting the amnesty bill was also a victory for the netroots, which ferociously backed Dodd's legislative strategy and pressed Harry Reid, who ultimately backed down by announcing he would delay the vote until January. Over half a million people lobbied against the bill via email, Democratic bloggers rallied support and pressed the presidential candidates, and MoveOn targetted specific Senators to back Dodd's efforts. "No president should be able to work with corporations to break the law and then use Congress to cover up the crimes," wrote MoveOn's Nita Chaudhary, urging web activists to lobby Congress on Monday morning. "Holding the phone companies accountable may be the only way that the American people find out the extent of the Bush administration's illegal actions," she added. While Dodd's effort shows that a little leadership and backbone can get results, the battle is far from over. Bush is demanding that Reid get the spying bill passed -- with retroatctive amnesty -- in January, when the critical fight over accountability for spying could be overshadowed by a presidential campaign in full swing. The Constitution-netroots wing of the Democratic Party will keep fighting for accountability, thankfully, but it's up to the presidential candidates and the Senate leadership to ensure that Bush does not steamroll the rule of law once again. From rforno at infowarrior.org Tue Dec 18 12:47:33 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Dec 2007 07:47:33 -0500 Subject: [Infowarrior] - Dodd Filibuster Threat Wins; Spying Bill Postponed to Next Year Message-ID: Dodd Filibuster Threat Wins; Spying Bill Postponed to Next Year - Updated By Ryan Singel EmailDecember 17, 2007 | 7:28:55 PMCategories: NSA http://blog.wired.com/27bstroke6/2007/12/dodd-filibuster.html Senator Christopher Dodd's threatened filibuster of a bill giving immunity to telecoms that helped the government spy on Americans unexpectedly carried the day Monday, as Senate Majority Leader Harry Reid decided to postpone the vote on the measure until after the winter break. The announcement was an unexpected victory for civil liberties groups, whose anti-immunity fortunes looked grim this morning as the Senate looked primed to pass an expansive spying bill that would free telecoms like AT&T and Verizon from privacy lawsuits. Dodd showed his moxie and determination all day, as he held the floor for long stretches, railing against an administration-backed bill that would have freed telecoms from 40-odd lawsuits pending against them in federal court. The presidential candidate threatened to filibuster and hold the Senate floor if the Senate shot down his amendment to strip immunity from the bill. That threat moved Reid to postpone a vote on the bill, so that the Senate could take up war funding bills, a massive domestic spending bill and changes to the Alternative Minimum Tax before the winter break. Dodd's determination to fight telecom immunity also boosted his lagging presidential campaign. Electronic Frontier Foundation legal director Cindy Cohn was "very, very pleased" about the delay. The EFF is suing AT&T for allegedly helping the NSA wiretap the internet, a suit that is now awaiting a decision from the U.S. Ninth Circuit Appeals Court, which will likely rule in the coming weeks if the suit can continue despite the government's arguments that the suit puts "state secrets" at risk. "We hope that the senators will take the holiday break to listen to their constituents," Cohn said. "The overwhelming majority of their constituents, as far as we can tell, think telecom immunity is a bad idea." Dodd spent nearly 10 hours on the Senate floor Monday, assaulting the administration's secret warrantless wiretapping program and channeling Senator Frank Church, whose investigation in the 1970s of the nation's intelligence services clandestine led to Congressional limits on government spying. Those limits, which included the Foreign Intelligence Surveillance Act, will be loosened by all of the spying bills moving through Congress. After Reid's announcement on Monday night, Dodd took to the floor again, thanking Reid for not invoking procedural moves to stop him from speaking at length today. "I felt so strongly about this issue I was determined to do everything in my power to stop it," Dodd said. "I am grateful we are moving on to other issues and that we will return to this matter in January. My hope is between now and then we can resolve this matter. If it's not I'll be back here opposing those provisions giving immunity." From rforno at infowarrior.org Tue Dec 18 12:59:45 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Dec 2007 07:59:45 -0500 Subject: [Infowarrior] - CommitteeCaller.com Message-ID: (wonder how long this lasts.......rf) CommitteeCaller.com is a site that allows one person to target an entire congressional committee over the phone. The web application utilizes the open source Asterisk PBX system to connect you to every senator or house member on a particular committee. No more digging around the 'net entering zip-codes to retrieve phone numbers of representatives -- CommitteeCaller.com automates the tedium of repetitively dialing your favorite politicians. Select a committee, enter in your phone number and click "Put me in touch with democracy!" and you'll be called by our system and sequentially patched through to the front office of each member on that committee. You can even rate how each call went -- information that will enable us to rank representatives on how accountable and responsive they are to their constituents. http://www.committeecaller.com/ From rforno at infowarrior.org Tue Dec 18 13:02:02 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Dec 2007 08:02:02 -0500 Subject: [Infowarrior] - How Sony BMG lost its mind and rootkitted its CDs Message-ID: How Sony BMG lost its mind and rootkitted its CDs -- prepublication law paper Posted by Cory Doctorow, December 17, 2007 2:36 AM | permalink Aaron Perzanowski and Deirdre Mulligan have just posted a wonderful pre-publication paper called "The Magnificence of the Disaster: Reconstructing the Sony BMG Rootkit Incident," which will shortly be published in the Berkeley Technology Law Journal. Exhaustively researched and footnoted -- but written in clear, non-lawyerese prose -- The Magnificence of the Disaster comprehensively analyses the madness that led Sony-BMG to install dangerous, illegal rootkit anti-copying software as well as spyware (produced by a company founded to supply Elvis impersonators, no less!) on millions of its CDs, leading the company to enormous financial and legal penalties. Potential customers who were aware of the existence and dangers posed by Sony BMG?s protection measures steered clear of XCP discs. The sales history of Get Right with the Man, an XCP-infected album by Van Zant that was released some six months prior to the rootkit announcement, is emblematic of the online retail impact of the rootkit incident. On November 2, just two days after the initial public announcement of the rootkit, Get Right with the Man ranked at number 887 on the music charts at Amazon.com.61 The next day, after Amazon user reviews alerted shoppers to the dangers posed by XCP, the album dropped to number 1,392.62 By the Thanksgiving holiday weekend, the XCP recall was underway and the album plummeted to number 25,802.63 In contrast, in retail environments in which customers had less immediate access to information about the dangers of XCP, sales of Get Right with the Man were relatively undisturbed.64 Since brick and mortar retailers like Wal-Mart, the nation?s leading seller of CDs,65 do not facilitate the sort of customer feedback common to online retailers, this outcome is hardly surprising... SunnComm, the company that delivered MediaMax, offered even more cause for concern. The company began as a provider of Elvis impersonation services.114 After a change in management following a false press release announcing a non-existent $25 million production deal with Warner Brothers,115 the company purchased a 3.5? floppy disk factory in 2001, displaying a disturbing dearth of technological savvy.116 After two em- ployees announced their intention to leave the fledgling company to de- velop copy protection software, SunnComm convinced the pair to lead a new division, leaving both Elvis and floppy discs behind in order to de- velop what would become MediaMax.117 http://www.boingboing.net/2007/12/17/how-sony-bmg-lost-it.html From rforno at infowarrior.org Tue Dec 18 13:04:55 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Dec 2007 08:04:55 -0500 Subject: [Infowarrior] - A look at the "US and the Police State" Message-ID: ....a rather well-done precis of a bunch of questionable laws/practices enacted here in the US in recent years, if you can see past the periodic conspiracy-theory phrases. -rf A Look Back and Ahead Police State America By STEPHEN LENDMAN Year end is a good time to look back and reflect on what's ahead. If past is prologue, however, the outlook isn't good, and nothing on the horizon suggests otherwise. Voters last November wanted change but got betrayal from the bipartisan criminal class in Washington. Their attitude shows in an October Reuters/Zogby (RZ) opinion poll with George Bush at 24% that tops Richard Nixon's worst showing of 25% at his lowest 1974 Watergate point. And if that looks bad, consider Congress with "The Hill" reporting from the same RZ Index that our legislators scored a "staggering 11%, the lowest (congressional) rating in history," but there's room yet to hit bottom and a year left to do it. Why not with lawmakers' consistent voter sellout and failure record that keeps getting worse. < - BIG SNIP - > http://www.counterpunch.org/lendman12172007.html From rforno at infowarrior.org Wed Dec 19 01:42:30 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Dec 2007 20:42:30 -0500 Subject: [Infowarrior] - Congress Passes First FOIA Reform Bill in More Than a Decade In-Reply-To: <5pk9br$660r21@iron3-listserv.tops.gwu.edu> Message-ID: Update 5:18 p.m. Congress Passes First FOIA Reform Bill in More Than a Decade Bill Provides ?Common Sense? Solutions for Openness Problems: Penalties for Delays, Tracking Systems for Requests, Ombuds-style Office to Mediate Disputes, Better Agency Reporting Reforms Recommended by Archive Audits and Testimony For more information contact: Thomas Blanton/Meredith Fuchs /Kristin Adair: 202/994-7000 Washington DC, December 18, 2007 - The House of Representatives at 5:18 pm today unanimously passed the Freedom of Information Act (FOIA) reform bill (S. 2488) that passed the Senate by unanimous consent on December 14. The bill aims to fix some of the most persistent problems in the FOIA system, including excessive delay, lack of responsiveness, and litigation gamesmanship by federal agencies. Following today?s approval by the House, the OPEN Government Act will be sent to the President's desk for approval. ?Our six government-wide audits of FOIA performance show that these bipartisan changes to the Freedom of Information Act are common sense solutions,? remarked Meredith Fuchs, general counsel of the National Security Archive. ?This bill establishes tracking systems for FOIA requests like FedEx uses for packages, actually penalizes agencies for the first time for delays that our audits found could reach 20 years, and sets up an office to mediate disputes as an alternative to litigation.? http://www.nsarchive.org ________________________________________________________ THE NATIONAL SECURITY ARCHIVE is an independent non-governmental research institute and library located at The George Washington University in Washington, D.C. The Archive collects and publishes declassified documents acquired through the Freedom of Information Act (FOIA). A tax-exempt public charity, the Archive receives no U.S. government funding; its budget is supported by publication royalties and donations from foundations and individuals. From rforno at infowarrior.org Wed Dec 19 03:29:14 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Dec 2007 22:29:14 -0500 Subject: [Infowarrior] - U.S. still unprepared for disaster: report Message-ID: U.S. still unprepared for disaster: report Tue Dec 18, 3:33 PM ET http://news.yahoo.com/s/nm/20071218/ts_nm/disaster_preparedness_usa_dc&print er=1;_ylt=AkxjV0HsWo1cz7qMh5fuDghg.3QA The United States remains unprepared for disasters ranging from biological attacks to a flu pandemic, and funding for preparedness is falling, according to a report released on Tuesday. Many states still lack a stockpile of drugs, masks, gloves and other equipment needed to battle a pandemic of diseases, despite five years of constant and detailed warning, the Trust for America's Health said in its report. "Overall, federal funding for state and local preparedness will have declined by 25 percent in 3 years if the president's FY (fiscal year) 2008 request is approved," the report reads. "Until all states measure up, the United States is not safe." The nonprofit Trust has been issuing reports every year for five years, and said the 2001 anthrax attacks, in which five people died when anthrax spores were mailed to several offices, should have been a wake-up call. The disasters caused by hurricanes Katrina and Rita that wrecked the U.S. Gulf Coast in 2005 should have galvanized more action and highlighted a variety of problems with U.S. disaster preparedness, the group said. But the report released on Tuesday still finds preparedness is spotty. "Thirteen states do not have adequate plans to distribute emergency vaccines, antidotes, and medical supplies from the Strategic National Stockpile," the report reads. "Twenty-one states do not have statutes that allow for adequate liability protection for healthcare volunteers during emergencies. Twelve states do not have a disease surveillance system compatible with the Centers for Disease Control and Prevention's National Electronic Disease Surveillance System," it added. "Seven states have not purchased any portion of their federally subsidized or unsubsidized antivirals to use during a pandemic flu. Seven states and (Washington) D.C. lack sufficient capabilities to test for biological threats." Health experts agree that a pandemic of some sort of disease is overdue and believe the H5N1 avian influenza circulating in Europe, Asia and Africa is the most immediate threat. World Health Organization experts are now investigating a cluster of human H5N1 cases in Pakistan where it is possible there has been human to human transmission of the virus, usually passed rarely from birds to people. It has infected 340 people and killed 209 globally since 2003. The National Association of County and City Health Officials said people should understand that local officials are trying to prepare when they can but said it shared concerns that federal funding was not being kept up. "Diseases recognize neither state nor local boundaries and every link in the local, state and federal chain of protection must be strong," the group said in a statement. (Reporting by Maggie Fox; Editing by David Wiessler) From rforno at infowarrior.org Wed Dec 19 03:42:38 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Dec 2007 22:42:38 -0500 Subject: [Infowarrior] - MS to bundle 'broken' random number tool in Vista SP1 Message-ID: MS to bundle 'broken' random number tool in Vista SP1 Developers urged to avoid built-in backdoor By John Leyden ? More by this author Published Tuesday 18th December 2007 12:04 GMT http://www.theregister.co.uk/2007/12/18/vista_sp1_rng_backdoor_fears/ Microsoft plans to bundle a cryptographically flawed pseudo random number generator in its upcoming service pack for Windows Vista. Cryptographers have expressed concern about a possible backdoor in a standard for random number generators approved by the National Institute of Standards and Technology (NIST) this year. The cryptographically weak Dual_EC_DRBG approach, which is based on the mathematics of elliptic curves, was one of four "deterministic random bit generators", approved by the NIST in March. Flaws in the approach (Dual_EC_DRBG) first emerged in August at the Crypto 2007 conference when cryptographers Dan Shumow and Niels Ferguson demonstrated that two constants in the standard used to define the algorithm's elliptic curve have a relationship with a second, secret set of numbers. Anyone who had access to the second set of numbers would have a kind of skeleton key able to unlock any instance of Dual_EC_DRBG. Suspicions that this weakness might be used as a backdoor have been fueled by the NSA's support of Dual_EC_DRBG in the standards-setting process. Random number generators are important because the correct operation of SSL and other protocols relies on their randomness. Standards set in this area by NIST are significant because they are likely to be followed by hardware and software suppliers in much the same way that the Advanced Encryption Standard (AES), which was also approved under the auspices of the NIST, has become widely adopted. Crypto guru Bruce Schneier, who previously described the weakness as a backdoor, notes that the Dual_EC_DRBG approach will be implemented in Windows Vista SP1. Although the technology will not be applied by default, that leaves users reliant on the good sense of developers in avoiding the cryptographically weak approach. The default random number generator in Vista SP1 will be CTR_DRBG, technology based on the AES standard that's reckoned to be far more robust than Dual_EC_DRBG. Schneier's latest warning on the issue has sparked a lively discussion on his blog with participants expressing concern that the flawed Dual_EC_DRBG random number generator could appear more prominently in either the IE or .NET developer framework further down the road. From rforno at infowarrior.org Thu Dec 20 14:10:39 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Dec 2007 09:10:39 -0500 Subject: [Infowarrior] - Apple shutters Mac rumor site Message-ID: Apple, Think Secret settle lawsuit http://www.thinksecret.com/news/settlement.html December 20, 2007 - PRESS RELEASE: Apple and Think Secret have settled their lawsuit, reaching an agreement that results in a positive solution for both sides. As part of the confidential settlement, no sources were revealed and Think Secret will no longer be published. Nick Ciarelli, Think Secret's publisher, said "I'm pleased to have reached this amicable settlement, and will now be able to move forward with my college studies and broader journalistic pursuits." From rforno at infowarrior.org Thu Dec 20 14:19:17 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Dec 2007 09:19:17 -0500 Subject: [Infowarrior] - Text of Dodd FISA speech Message-ID: Dodd Speaks in Opposition to FISA Reform Bill December 17, 2007 Senator Chris Dodd today will make the following remarks on the Senate floor regarding his opposition to the Foreign Intelligence Surveillance Act (FISA) reform legislation being considered by the Senate: < - BIG SNIP - > http://dodd.senate.gov/index.php?q=node/4177 From rforno at infowarrior.org Thu Dec 20 17:02:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Dec 2007 12:02:29 -0500 Subject: [Infowarrior] - Satellite-Surveillance Plan Aims to Mollify Critics Message-ID: Satellite-Surveillance Plan Aims to Mollify Critics By SIOBHAN GORMAN December 20, 2007; Page A4 http://online.wsj.com/article/SB119812248622741723.html?mod=hps_us_whats_new s WASHINGTON -- After delaying a domestic satellite-surveillance program for more than two months, Homeland Security Secretary Michael Chertoff expects to finalize a new charter for it this week, a move that attempts to quell civil-liberties concerns and get the program back on track. Mr. Chertoff also plans soon to unveil a cyber-security strategy, part of an estimated $15 billion, multiyear program designed to protect the nation's Internet infrastructure. The program has been shrouded in secrecy for months and has also prompted privacy concerns on Capitol Hill because it involves government protection of domestic computer networks. Both areas put Homeland Security in the middle of a public debate over domestic spy powers, kicked off by the revelation two years ago that the National Security Agency had been eavesdropping on some conversations in the U.S. without a warrant. In the fall, the department put the satellite program on hold after an outcry on Capitol Hill. Lawmakers have also asked Mr. Chertoff to delay the introduction of the cyber-security initiative. "One lesson I've learned is it's not enough to say we know what we're doing is going to be OK," Mr. Chertoff said in an interview. "We've got to really make it clear to the public that we're doing this, but we're not doing that." The satellite program, which would be run by a new department branch called the National Applications Office, would expand the domestic use of satellite imagery by federal and local authorities. Congress lashed out at the department when The Wall Street Journal reported plans for the program in August. Mr. Chertoff suspended the program until legislators received more information. The satellite-spy technology was originally developed to monitor activities and people outside the U.S. House Homeland Security Committee Chairman Bennie G. Thompson of Mississippi said his committee received its last update on the spy-satellite program three months ago. "We still haven't seen the legal framework we requested or the standard operation procedures on how the NAO will actually be run," he said. In a spending bill Congress passed yesterday, lawmakers prohibited the department from spending money on the program until Mr. Chertoff certifies the program is legal and the Government Accountability Office reviews the certification. In creating the charter, Mr. Chertoff said there had been "back and forth" over keeping the language clear and simple. "If it is jargon-laden, then people look at it and say, 'What's the hidden agenda here?'" The charter will clarify that the satellite program will follow all current U.S. legal restrictions on technical surveillance. Where a warrant is required for collection, one will be obtained before that activity is approved. Under the charter, the program won't use technology to intercept verbal communications. Write to Siobhan Gorman at siobhan.gorman at wsj.com From rforno at infowarrior.org Fri Dec 21 00:16:20 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Dec 2007 19:16:20 -0500 Subject: [Infowarrior] - NCAA Puts Limits On Live Blogging Sports Events Message-ID: Yep, that's the way to draw and keep fans and generate buzz --- not to mention, as the article analysis reads, it makes *no* sense!! NCAA Puts Limits On Live Blogging Sports Events http://www.techdirt.com/articles/20071220/010939.shtml From rforno at infowarrior.org Fri Dec 21 00:20:16 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Dec 2007 19:20:16 -0500 Subject: [Infowarrior] - New Apple DRM patent Message-ID: http://www.macrumors.com/2007/12/20/apple-applies-for-autmoatic-shutdown-and -piracy-fighting-patents/ < - > The other filing, patent application #20070288886, deals with attempts to fight software piracy. A digital rights management system permits an application owner to cause code to be injected into the application's run-time instruction stream so as to restrict execution of that application to specific hardware platforms. In a first phase, an authorizing entity (e.g., an application owner or platform manufacturer) authorizes one or more applications to execute on a given hardware platform. Later, during application run-time, code is injected that performs periodic checks are made to determine if the application continues to run on the previously authorized hardware platform. If a periodic check fails, at least part of the application's execution string is terminated--effectively rendering the application non-usable. The periodic check is transparent to the user and difficult to circumvent. Apple has thus-far resisted industry trends towards activation of software, and currently only uses such methods in some of its most costly professional software. While it is clear that Apple has been working on methods to combat piracy, it remains to be seen how far Apple will employ the methods in its software. Readers are reminded that only a portion of the applications filed end up making it to shipping products. From rforno at infowarrior.org Fri Dec 21 14:23:02 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Dec 2007 09:23:02 -0500 Subject: [Infowarrior] - I Am Not Afraid Campaign Message-ID: (c/o Schnier Blog) Interesting campaign that I could get behind, too. http://action.downsizedc.org/wyc.php?cid=77 In short: "?I am not afraid of terrorism, and I want you to stop being afraid on my behalf. Please start scaling back the official government war on terror. Please replace it with a smaller, more focused anti-terrorist police effort in keeping with the rule of law. Please stop overreacting. I understand that it will not be possible to stop all terrorist acts. I accept that. I am not afraid.? From rforno at infowarrior.org Fri Dec 21 14:26:05 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Dec 2007 09:26:05 -0500 Subject: [Infowarrior] - Unlisted Number Address "Exploit" Revealed In-Reply-To: <5B091FD4-677F-471A-AE13-6DCEE7B51781@cs.cmu.edu> Message-ID: Details of Unlisted Number Address "Exploit" Revealed http://lauren.vortex.com/archive/000347.html Greetings. After due consideration, some expert advice, and since the firm involved obviously feels that they're not doing anything wrong (will everyone else agree?), I've decided to release the details of the unlisted number to address lookup "exploit" I outlined in "Psst! Wanna Know the Street Address for an Unlisted Number?" ( http://lauren.vortex.com/archive/000346.html ) -- please see that entry for the background on this situation. This "exploit" is still up and running as of a few minutes ago. As noted previously, this technique is extremely successful at revealing the street addresses for U.S. landline (non-mobile) telephone numbers, including those aforementioned unlisted numbers. The returned information isn't 100% accurate for all queries and some numbers are missing -- I suspect stale data in certain situations -- but it's very "good" overall. Also, the full text of a response I received from the company's (apparent) public relations firm is available for your perusal and amusement ( http://lauren.vortex.com/acceller-rocket-response.txt ). Calling this procedure an "exploit" is actually a misnomer as you'll see, since it's simple and direct to access once you know where it lives -- and even that is unfortunately relatively obvious, so it seems very likely that it's already being used for "unintended" purposes. My hope is that broader knowledge of this matter may lead to a more rapid resolution of the situation, since the firm chose not to limit this data after I called their attention to the privacy issues involved. As you probably know, various large cable television and other service firms (e.g. Time Warner, Comcast, etc.) offer an array of Web-based offers via their Web sites. The most typical means for a new customer to query these sites about available offers at their location is via their phone number. And as it turns out, a major provider of back-end database and related operations provides various functional aspects of many related Web sites. Enter a phone number at the Time Warner offers site, for example, and it's likely to actually be processed by this back-end service (sometimes in a quite obvious manner). It is also apparently possible to make similar queries via voice calls to a toll-free number at the back-end services firm's call center, but I have not explored the non-Web aspects of this operation in detail. Rather than worry about the cable firms in this example (though we could go through their sites as well when they link to this company) we might as well go directly to the back-end operation that's providing the information, since their own site apparently gives access to exactly the same data. Here we go ... The company under discussion is Acceller, Inc., and you can visit their services access page at: http://digitallanding.com In the upper right-hand corner of the page, you'll find a "Search For Offers" form where a phone number may be entered. It's that simple. (Note: You may need to have cookies enabled for this to work, and Internet Explorer may perform better than other browsers in some cases for these queries.) Enter a phone number, watch the bouncing ball for 10 seconds or so, and then you stand an excellent chance of seeing a street address revealed for U.S. non-mobile numbers (along with the various service offerings available at that address, of course). The "geniuses" who programmed that site probably won't be getting any job offers from Google anytime soon. The implementation error is serious and obvious. The proper procedure to avoid revealing private information about unlisted numbers would be to have the user enter their address -- not reveal it from the database based on phone number -- and then verify it yes or no against the database (even this suggested technique has some privacy issues, but they are relatively less serious and could be minimized in various ways). By taking the "helpful shortcut" of revealing the address, the system is putting at risk -- for free and unlimited access by anyone at any time -- the private address information for unlisted numbers. I'm afraid that's really all there is to it. Simple, clean, and neat, to be sure. If you've been paying your local phone company every month for an unlisted number and are upset by this situation, I urge you to contact your telephone company, Acceller, and -- who knows? -- perhaps even your legislative representatives might be intrigued, among other persons and groups. Unfortunately, this isn't the sort of Christmas present that most people probably would wish for. But it appears to be Acceller that's doing all of the ho-ho-hoing. --Lauren-- Lauren Weinstein lauren at vortex.com or lauren at pfir.org Tel: +1 (818) 225-2800 http://www.pfir.org/lauren Co-Founder, PFIR - People For Internet Responsibility - http://www.pfir.org Co-Founder, NNSquad - Network Neutrality Squad - http://www.nnsquad.org Founder, PRIVACY Forum - http://www.vortex.com Member, ACM Committee on Computers and Public Policy Lauren's Blog: http://lauren.vortex.com From rforno at infowarrior.org Fri Dec 21 21:49:33 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Dec 2007 16:49:33 -0500 Subject: [Infowarrior] - Apples For The Army Message-ID: Apples For The Army Andy Greenberg , 12.21.07, 6:00 AM ET http://www.forbes.com/2007/12/20/apple-army-hackers-tech-security-cx_ag_1221 army_print.html Given Apple's marketing toward the young and the trendy, you wouldn't expect the U.S. Army to be much of a customer. Lieutenant Colonel C.J. Wallington is hoping hackers won't expect it either. Wallington, a division chief in the Army's office of enterprise information systems, says the military is quietly working to integrate Macintosh computers into its systems to make them harder to hack. That's because fewer attacks have been designed to infiltrate Mac computers, and adding more Macs to the military's computer mix makes it tougher to destabilize a group of military computers with a single attack, Wallington says. This past year was a particularly tough one for military cybersecurity. Cyberspies infiltrated a Pentagon computer system in June and stole unknown quantities of e-mail data, according to a September report by the Financial Times. Later in September, industry sources told Forbes.com that major military contractors, including Boeing, Lockheed Martin, Northrop Grumman and Raytheon had also been hacked. The Army's push to use Macs to help protect its computing corps got its start in August 2005, when General Steve Boutelle, the Army's chief information officer, gave a speech calling for more diversity in the Army's computer vendors. He argued the approach would both increase competition among military contractors and strengthen its IT defenses. Apple computers still satisfy only a tiny portion of the military's voracious demand for computers. By Wallington's estimate, around 20,000 of the Army's 700,000 or so desktops and servers are Apple-made. He estimates that about a thousand Macs enter the Army's ranks during each of its bi-annual hardware buying periods. Military procurement has long been driven by cost and availability of additional software--two measures where Macintosh computers have typically come up short against Windows-based PCs. Then there have been subtle but important barriers: For instance, Macintosh computers have long been incompatible with a security keycard-reading system known as Common Access Cards system, or CAC, which is heavily used by the military. The Army's Apple program, created after Boutelle's 2005 address, is working to change that. As early as February 2008, the Army is planning to introduce software, developed by Arlington, Texas-based Thursby Software, that will also enable Mac desktops and laptops to use CAC systems--a change that should make it easier to get Macs into the service. Though Apple machines are still pricier than their Windows counterparts, the added security they offer might be worth the cost, says Wallington. He points out that Apple's X Serve servers, which are gradually becoming more commonplace in Army data centers, are proving their mettle. "Those are some of the most attacked computers there are. But the attacks used against them are designed for Windows-based machines, so they shrug them off," he says. Apple, which declined to comment, has long argued its hardware is less hackable than comparable PCs. Jonathan Broskey, a former Apple employee who now heads the Army's Apple program, argues that the Unix core at the center of the Mac OS operating system makes it easier to lock down a Mac than a Windows platform. And Apple's smaller market share has long meant that it didn't attract cybercriminals hoping to wreck the most havoc possible. "If you look at the numbers, you see that malicious software for Macs is very limited," he says. "We used to sell Apples by saying they don't get viruses." Of course, cyberspooks may be honing their Mac-attacking skills, too. An end-of-year report by Finnish software security company F-Secure highlights the growing number of hackers targeting Apple systems with malicious software, some of which could allow cybercriminals to steal security passwords. In the past two years, until this October, F-Secure found only a small handful of malicious programs targeting Macs. In the past two months, the company has found more than a hundred specimens of Mac-targeted malicious code. Charlie Miller, a software researcher with Independent Security Evaluators, worries that the Army's diversification plan isn't enough to thwart the bad guys. He sees a two-platform system as a "weakest link" scenario, in which a determined cyber-intruder will seek out the more vulnerable of the two targets. "In the story of the three little pigs, did diversifying their defenses help? Not for the pig in the straw house," he says. The marketing pitch that Apples are inherently more secure than PCs is also largely a myth, contends Miller, who gained notoriety for remotely hacking the iPhone last August. He points to data gathered by software security firm Secunia, which showed that Apple had to patch nearly five times as many security flaws in its software over the past year as Microsoft had to patch in Windows. Apple's Quicktime player alone, he says, was patched 34 times. "I love my Macs, but in terms of security, they're behind the curve, compared to Windows," Miller warns. But the Army's Jonathan Broskey stands by his claims of Apple's security: He says the high number of patches to Apple software is a good sign--evidence of the large community of developers actively working to tighten Unix programs and eliminate bugs. Nonetheless, like any responsible IT department, he says the Army's Apple program will closely monitor security updates to Mac-specific programs. "The Army's no different from any corporation," he says. Still, relative to corporate cybersecurity, Lieutenant Colonel Wallington points out, the stakes are much higher. A leaked deployment order, for instance, might reveal the path of a supply truck and the points where it could be sabotaged, he says. "This is information that affects the lives of soldiers and the civilians we're trying protect," Broskey adds. "It has to be safeguarded." From rforno at infowarrior.org Sun Dec 23 01:34:15 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Dec 2007 20:34:15 -0500 Subject: [Infowarrior] - IO: The Best Propaganda Ever Message-ID: The Best Propaganda Ever Topics: arts/culture | propaganda Source: http://listverse.com/politics/top-10-propaganda-videos/ The latest email bulletin from the USC Center on Public Diplomacy called our attention to a list that someone has compiled of the "Top 10 Propaganda Videos." Viewing the list in chronological order is like taking a trip through the social obsessions of yesteryear: a clip from Leni Riefenstahl's 1935 pro-Nazi film, "Triumph of the Will"; a 1943 anti-Nazi cartoon by The Walt Disney Company, and a pro-tax film from the same year featuring Donald Duck; a Communist propaganda film from Moscow in the 1940s; American anti-Communist and anti-homosexual films from the 1950s; anti-porn and anti-LSD films from the 1960s; an anti-software piracy film from the 1990s; and a recent anti-American film that denounces the war in Iraq and the Project for the New American Century. < - > http://www.prwatch.org/node/6818 From rforno at infowarrior.org Sun Dec 23 01:37:04 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Dec 2007 20:37:04 -0500 Subject: [Infowarrior] - Third Annual Homeland Security Law Institute Message-ID: http://www.abanet.org/adminlaw/institute/2008/homelandsecurity/home.html Third Annual Homeland Security Law Institute January 17-18, 2008 L'Enfant Plaza Hotel, Washington, DC Co-Sponsored by: ABA Criminal Justice Section ABA Section of Public Utility, Communications and Transportation Law ABA Forum on Air and Space Law ABA Senior Lawyers Division http://www.abanet.org/adminlaw/institute/2008/homelandsecurity/home.html From rforno at infowarrior.org Sun Dec 23 04:31:10 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Dec 2007 23:31:10 -0500 Subject: [Infowarrior] - Hoover Planned Mass Jailing in 1950 Message-ID: Hoover Planned Mass Jailing in 1950 By TIM WEINER http://www.nytimes.com/2007/12/23/washington/23habeas.html?ei=5065&en=766197 cd970eb337&ex=1198990800&partner=MYWAY&pagewanted=print A newly declassified document shows that J. Edgar Hoover, the longtime director of the Federal Bureau of Investigation, had a plan to suspend habeas corpus and imprison some 12,000 Americans he suspected of disloyalty. Hoover sent his plan to the White House on July 7, 1950, 12 days after the Korean War began. It envisioned putting suspect Americans in military prisons. Hoover wanted President Harry S. Truman to proclaim the mass arrests necessary to ?protect the country against treason, espionage and sabotage.? The F.B.I would ?apprehend all individuals potentially dangerous? to national security, Hoover?s proposal said. The arrests would be carried out under ?a master warrant attached to a list of names? provided by the bureau. The names were part of an index that Hoover had been compiling for years. ?The index now contains approximately twelve thousand individuals, of which approximately ninety-seven per cent are citizens of the United States,? he wrote. ?In order to make effective these apprehensions, the proclamation suspends the Writ of Habeas Corpus,? it said. Habeas corpus, the right to seek relief from illegal detention, has been a fundamental principle of law for seven centuries. The Bush administration?s decision to hold suspects for years at Guant?namo Bay, Cuba, has made habeas corpus a contentious issue for Congress and the Supreme Court today. The Constitution says habeas corpus shall not be suspended ?unless when in cases of rebellion or invasion, the public safety may require it.? The plan proposed by Hoover, the head of the F.B.I. from 1924 to 1972, stretched that clause to include ?threatened invasion? or ?attack upon United States troops in legally occupied territory.? After the terrorist attacks of Sept. 11, 2001, President Bush issued an order that effectively allowed the United States to hold suspects indefinitely without a hearing, a lawyer, or formal charges. In September 2006, Congress passed a law suspending habeas corpus for anyone deemed an ?unlawful enemy combatant.? But the Supreme Court has reaffirmed the right of American citizens to seek a writ of habeas corpus. This month the court heard arguments on whether about 300 foreigners held at Guant?namo Bay had the same rights. It is expected to rule by next summer. Hoover?s plan was declassified Friday as part of a collection of cold-war documents concerning intelligence issues from 1950 to 1955. The collection makes up a new volume of ?The Foreign Relations of the United States,? a series that by law has been published continuously by the State Department since the Civil War. Hoover?s plan called for ?the permanent detention? of the roughly 12,000 suspects at military bases as well as in federal prisons. The F.B.I., he said, had found that the arrests it proposed in New York and California would cause the prisons there to overflow. So the bureau had arranged for ?detention in military facilities of the individuals apprehended? in those states, he wrote. The prisoners eventually would have had a right to a hearing under the Hoover plan. The hearing board would have been a panel made up of one judge and two citizens. But the hearings ?will not be bound by the rules of evidence,? his letter noted. The only modern precedent for Hoover?s plan was the Palmer Raids of 1920, named after the attorney general at the time. The raids, executed in large part by Hoover?s intelligence division, swept up thousands of people suspected of being communists and radicals. Previously declassified documents show that the F.B.I.?s ?security index? of suspect Americans predated the cold war. In March 1946, Hoover sought the authority to detain Americans ?who might be dangerous? if the United States went to war. In August 1948, Attorney General Tom Clark gave the F.B.I. the power to make a master list of such people. Hoover?s July 1950 letter was addressed to Sidney W. Souers, who had served as the first director of central intelligence and was then a special national-security assistant to Truman. The plan also was sent to the executive secretary of the National Security Council, whose members were the president, the secretary of defense, the secretary of state and the military chiefs. In September 1950, Congress passed and the president signed a law authorizing the detention of ?dangerous radicals? if the president declared a national emergency. Truman did declare such an emergency in December 1950, after China entered the Korean War. But no known evidence suggests he or any other president approved any part of Hoover?s proposal. From rforno at infowarrior.org Sun Dec 23 04:44:49 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Dec 2007 23:44:49 -0500 Subject: [Infowarrior] - No proof airport security makes flying safer-study Message-ID: No proof airport security makes flying safer:study Fri Dec 21, 2007 3:13 AM ET http://today.reuters.com/news/articlenews.aspx?type=domesticNews&storyid=200 7-12-21T081310Z_01_N20210240_RTRUKOC_0_US-SECURITY-AIRPORTS.xml WASHINGTON (Reuters) - Airport security lines can annoy passengers, but there is no evidence that they make flying any safer, U.S. researchers reported on Thursday. A team at the Harvard School of Public Health could not find any studies showing whether the time-consuming process of X-raying carry-on luggage prevents hijackings or attacks. They also found no evidence to suggest that making passengers take off their shoes and confiscating small items prevented any incidents. The U.S. Transportation Security Administration told research teams requesting information their need for quick new security measures trumped the usefulness of evaluating them, Eleni Linos, Elizabeth Linos, and Graham Colditz reported in the British Medical Journal. "We noticed that new airport screening protocols were implemented immediately after news reports of terror threats," they wrote. "Even without clear evidence of the accuracy of testing, the Transportation Security Administration defended its measures by reporting that more than 13 million prohibited items were intercepted in one year," the researchers added. "Most of these illegal items were lighters." The researchers said it would be interesting to apply medical standards to airport security. Screening programs for illnesses like cancer are usually not broadly instituted unless they have been shown to work. "We'd like airport security screening to be of value. As passengers and members of the public we'd like to know the evidence and the reasoning behind these measures," Linos said in a telephone interview. "Can you hide anything in your shoes that you cannot hide in your underwear?" they asked. TSA spokesman Christopher White said the agency has not had a chance to read the article. "If anyone has questions about whether our efforts have been fruitful over the past five years -- come on," White said in a telephone interview. "While we can't publicize everything that we've done, every event, we can say definitively that our efforts over the last five years have not been for nothing," White added. With $5.6 billion spent globally on airport protection each year, the public should be encouraged to query some screening requirements -- such as forcing passengers to remove their shoes, the researchers said. White said the agency has pictures of shoe bombs on its Web site at (http://www.tsa.gov/) and welcomes people to examine them. "We encourage a legitimate public dialogue. We want passengers to understand why we do what we do," he said. (Reporting by Maggie Fox, editing by Eric Walsh) From rforno at infowarrior.org Sun Dec 23 04:46:02 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Dec 2007 23:46:02 -0500 Subject: [Infowarrior] - U.Maine Law Clinic Is First To Fight RIAA Message-ID: http://www.p2pnet.net/story/14433 Student lawyers act for students in RIAA case p2pnet news | RIAA News:- A student law clinic is about to cause a revolution in the P2P filesharing war launched by Warner Music, EMI, Vivendi Universal and Sony BMG. In what?s probably a world?s first, not lawyers, but student attorneys at the University of Maine School of Law?s Cumberland Legal Aid Clinic have themselves taken up the fight on behalf of fellow students. Hannah Ames and Lisa Chmelecki from the Cumberland clinic are now officially representing two Maine students. Ames and Chmelecki are being guided by clinic director and U of M assistant professor Deirdre Smith (right). They?ve filed a reply to the US Supreme Court decision in Bell Atlantic v Twombly, and the subsequent California decision, Interscope v Rodriguez, which dismissed the RIAA?s ?making available? complaint as mere ?conclusory?, ?boilerplate? ?speculation?. ?The two students represented by Cumberland join eight others represented by a Portland law firm, bringing to 10 the number of University of Maine students moving to dismiss the RIAA?s case,? says Recording Industry vs The People. This could be the true beginning of the end for the RIAA in its attempts to bring students to heel, turning them into compliant consumers of corporate product under threat of legal persecution and severe financial penalties no student can afford. If other student from clinics not only in the US but around the world follow the examples of Ames and Chmelecki, the stage will be set for a series of confrontations and lightning strikes even the highly paid expert Big 4 legal teams won?t be able to handle. Smith is on the Maine Supreme Judicial Court?s Advisory Committee on the Rules of Evidence, and governor John Baldacci?s Select Committee on Judicial Appointments. She?s a former member of the Board of Directors of the Maine Bar Foundation and a founding board member of KIDS Legal. Definitely stay tuned. From rforno at infowarrior.org Mon Dec 24 00:58:22 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Dec 2007 19:58:22 -0500 Subject: [Infowarrior] - EFF looking for new websmaster Message-ID: EFF looking for new websmaster http://lawgeek.typepad.com/lawgeek/2007/12/eff-looking-for.html If anyone knows a good candidate for the EFF webmaster job opening, please pass this along! It's a great gig with fantastic people and a chance to really make a difference. --------------------------- The Electronic Frontier Foundation (EFF), an Internet civil liberties nonprofit organization based in San Francisco, is seeking a full-time webmaster to start immediately. This person will be responsible for managing content and building web features on eff.org, and helping to build and maintain EFF's web initiatives and campaigns. The environment is fast-paced; the work is cutting-edge. A love of technology and familiarity with related civil liberties issues is a must. The ideal candidate will have a broad range of experience in web production, including: * XHTML/CSS web design and implementation * Open-source web technology: PHP, Javascript, Unix, Apache, etc. * Graphics production, editing and optimization * An eye for clean user-centric web design and layout * Organizing and keeping track of large amounts of complex web content Additional familiarity with any of these is a plus: * Drupal CMS * Subversion (or similar concurrent versioning system) * MySQL * Smarty * Flash/ActionScript * Writing blog posts, press releases, web content, etc. Salary in the low $50s with benefits. To apply, send a cover letter and your resume with links to some samples of your work to webjob-at-eff-dot-org . Please send these materials in a non-proprietary format. No phone calls please! From rforno at infowarrior.org Mon Dec 24 02:52:10 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Dec 2007 21:52:10 -0500 Subject: [Infowarrior] - Police Begin Fingerprinting on Traffic Stops Message-ID: Police Begin Fingerprinting on Traffic Stops By Sarah Thomsen http://www.wbay.com/Global/story.asp?s=2776926 If you're ticketed by Green Bay police, you'll get more than a fine. You'll get fingerprinted, too. It's a new way police are cracking down on crime. If you're caught speeding or playing your music too loud, or other crimes for which you might receive a citation, Green Bay police officers will ask for your drivers license and your finger. You'll be fingerprinted right there on the spot. The fingerprint appears right next to the amount of the fine. Police say it's meant to protect you -- in case the person they're citing isn't who they claim to be. But not everyone is sold on that explanation. "What we've seen happen for the last couple of years [is] increasing use of false or fraudulent identification documents," Captain Greg Urban said. Police say they want to prevent the identity theft problem that Milwaukee has, where 13 percent of all violators give a false name. But in Green Bay, where police say they only average about five cases in a year, drivers we talked with think the new policy is extreme. "That's going too far," Ken Scherer from Oconto said. "You look at the ID, that's what they're there for. Either it's you or it's not. I don't think that's a valid excuse." "I would feel uncomfortable but I would do it," Carol Pilgrim of Green Bay said. Citizens do have the right to say no. "They could say no and not have to worry about getting arrested," defense attorney Jackson Main said. "On the other hand, I'm like everybody else. When a police officer tells me to do something, I'm going to do it whether I have the right to say no or not." That's exactly why many drivers are uneasy about the fine print in this fingerprinting policy. Police stress that the prints are just to make sure you are who you claim to be and do not go into any kind of database; they simply stay on the ticket for future reference if the identity is challenged. AddThis Social Bookmark Button From rforno at infowarrior.org Mon Dec 24 16:04:53 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Dec 2007 11:04:53 -0500 Subject: [Infowarrior] - Analysis of a Modern Malware Distribution System Message-ID: Pushdo - Analysis of a Modern Malware Distribution System * URL: http://www.secureworks.com/research/threats/pushdo * Date: December 17, 2007 * Author: Joe Stewart Recently, Sophos published a blog entry detailing the trouble they are having with the Pushdo trojan, a fairly new and prolific threat being circulated in fake "E-card" emails. From their description, it is clear that the author(s) of Pushdo are making a concerted effort to spread their malware far and wide. But what exactly is Pushdo, and how does it work? We decided to take a closer look at this malware family. Pushdo is usually classified as a "downloader" trojan - meaning its true purpose is to download and install additional malicious software. There are dozens of downloader trojan families out there, but Pushdo is actually more sophisticated than most, but that sophistication lies in the Pushdo control server rather than the trojan. < - > http://www.secureworks.com/research/threats/pushdo/ From rforno at infowarrior.org Mon Dec 24 16:05:43 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Dec 2007 11:05:43 -0500 Subject: [Infowarrior] - Australia's controversial national ID program hits the dumpster Message-ID: Australia's controversial national ID program hits the dumpster By Joel Hruska | Published: December 24, 2007 - 08:44AM CT http://arstechnica.com/news.ars/post/20071224-australias-controversial-natio nal-id-program-hits-the-dumpster.html Opponents of Australia's controversial Access Card received an early Christmas present earlier this month when the incoming Rudd Labor Government finally axed the controversial ID program. Had it been implemented, the Access Card program would have required Australians to present the smart card anytime they dealt with certain federal departments, including Medicare, Centrelink, the Child Support Agency, or Veterans' Affairs. For reference, Medicare is the government agency responsible for the maintenance of Australia's universal health care system, Centrelink is responsible for the dispersement of social security payments, the Child Support Agency is responsible for the collection of child support from each parent in the event of a separation or divorce. Veterans' Affairs appears to be at least somewhat analogous to its US counterpart, minus the provisions for medical treatment. Although the Australian government attempted to paint the Access Card system as a "Human Services Access Card," there's little doubt that it would've doubled as an effective national ID system. Information printed on the card was to include one's name, photo, signature, card, and DVA entitlements. Those particular requirements aren't any more onerous than what the US requires for a driver's license, but the Access Card didn't stop there. Each card would have been tied to an individual user via a specific card number and a corresponding PIN required to access the card's more detailed information . Encrypted information contained within the card's RFID chip would have included a person's legal name, date of birth, gender, address, signature, card number, card expiration date, and Medicare number. Provisions were also included that would allow additional information deemed to be necessary for either "the administration or purposes of the Act." Australians were unhappy about being forced to carry a unique ID card merely for the purpose of interacting with basic human and health services, and the proposal faced opposition from its very inception. The defeat of John Howard in the Australian polls was the last gasp of the Access Card program, which was killed off as one of the very first acts of the new Labor government, lead by Prime Minister Kevin Rudd. Australia's battle against the Access Card system echoes the active opposition in America to the REAL ID act. Although the two plans differ substantially in scope and implementation, critics of both argued against them on the same privacy- and civil-liberties-oriented grounds. From rforno at infowarrior.org Mon Dec 24 18:27:30 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Dec 2007 13:27:30 -0500 Subject: [Infowarrior] - Queen's Speech hits YouTube Message-ID: Queen's Speech hits YouTube One would like to wish you all a Happy 2.0 Christmas By Kelly Fiveash ? More by this author Published Monday 24th December 2007 13:01 GMT http://www.theregister.co.uk/2007/12/24/queen_youtube_christmas_message/ She may be an octogenarian but Queen Elizabeth has joined the Web 2.0 jamboree just in time for Christmas. The 81-year-old monarch, who annually delivers a televised Christmas day message to her subjects, will this year also see her festive chinwag posted to video sharing website YouTube. Last year's message from the Queen was given the podcast treatment, but tomorrow?s live address to the nation could see millions all over the world tuning in to find out it if the Royal family has had an Annus Horribilis or a hooting tooting 2007. Buckingham Palace said it is to be shown live on a dedicated ?Royal YouTube Channel? at 3pm GMT. The channel actually launched in early October and already has some 8, 500 subscribers. The Queen made her Christmas Day broadcasting debut 50 years ago in which she hyped the possibilities of television. Back then she said: "I very much hope that this new medium will make my Christmas message more personal and direct. "That it is possible for you to see me today is just another example of the speed at which things are changing all around us." We at Vulture Central have no idea what to expect from her YouTube efforts tomorrow. But, sadly, we doubt our Liz will deliver it while skating down an underground escalator or jumping into a Christmas tree. ? From rforno at infowarrior.org Tue Dec 25 00:23:45 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Dec 2007 19:23:45 -0500 Subject: [Infowarrior] - =?iso-8859-1?q?Questions_We_Thought=2C_But_Didn_?= =?iso-8859-1?q?=B9_t_Ask=2C_in_2007?= Message-ID: December 24, 2007, 3:40 pm Questions We Thought, But Didn?t Ask, in 2007 By Brad Stone http://bits.blogs.nytimes.com/2007/12/24/questions-we-thought-but-didnt-ask- in-2007/index.html?hp If the local cable company?s customer service phone help line always has ?longer than expected? hold times, when does it ever have ?shorter than expected? hold times? If you know someone obsessively checks their e-mail on their iPhone, should you be insulted when they fail to answer your e-mail in a timely manner? Consumer electronics companies sheath their products in vacuum-sealed packaging that are impossible to open. Why are they so afraid of us using their products? I am married with a house. Why do I see so many ads for online dating sites and cheap mortgages? Should I be happy that I see those ads? It means Internet advertisers still have no idea who I am. As my number of Facebook friends inevitably expands, with second and third-tier acquaintances and complete strangers joining my network (I am too nice to deny them), doesn?t the value of my ?social graph? decline? If every Facebook user routinely says they ignore the ads on the site, how has the company become so valuable? If Internet supremacy is inherently ephemeral as Yahoo, AOL and innumerable other companies have all demonstrated over the last decade why isn?t their inevitable declines baked into the stratospheric valuations of today?s online leaders? Are all MySpace users spam bots? Google has thrived by proving that computer users value speed above nearly all else. So why does each Microsoft Windows device I use take longer and longer to boot up? Microsoft says its release of its new operating system, Vista is a success and that sales of licenses are brisk. If that?s true, why does it seem all users of the operating system loathe it? From rforno at infowarrior.org Wed Dec 26 15:09:55 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Dec 2007 10:09:55 -0500 Subject: [Infowarrior] - Egypt 'to copyright antiquities' Message-ID: Egypt 'to copyright antiquities' http://news.bbc.co.uk/2/hi/middle_east/7160057.stm Egypt's MPs are expected to pass a law requiring royalties be paid whenever copies are made of museum pieces or ancient monuments such as the pyramids. Zahi Hawass, who chairs Egypt's Supreme Council of Antiquities, told the BBC the law would apply in all countries. The money was needed to maintain thousands of pharaonic sites, he said. Correspondents say the law will deal a blow to themed resorts across the world where large-scale copies of Egyptian artefacts are a crowd-puller. Mr Hawass said the law would apply to full-scale replicas of any object in any museum in Egypt. "Commercial use" of ancient monuments like the pyramids or the sphinx would also be controlled, he said. "Even if it is for private use, they must have permission from the Egyptian government," he added. But he said the law would not stop local and international artists reproducing monuments as long as they were not exact replicas. The Luxor hotel in the US city of Las Vegas would also not be affected because it was not an exact copy of a pyramid and its interior was completely different, Mr Hawass told AFP news agency. But he said claims by the hotel that it was "the only pyramid-shaped building in the world" could no longer be made. The announcement came two days after an Egyptian newspaper called on the hotel to pay a share of its profits to the central Egyptian city of Luxor, which administers the ancient Valley of the Kings burial site. From rforno at infowarrior.org Wed Dec 26 19:24:57 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Dec 2007 14:24:57 -0500 Subject: [Infowarrior] - Russia launches final satellites for its own GPS Message-ID: Russia launches final satellites for its own GPS Tue Dec 25, 2007 8:45pm GMT http://www.reuters.com/article/technologyNews/idUSL2510281920071225 MOSCOW (Reuters) - Russia successfully launched a rocket on Tuesday carrying the last three satellites to complete a navigation system to rival America's GPS. The military-run GLONASS mapping system works over most of Russia and is expected to cover the globe by the end of 2009, once all its 24 navigational satellites are operating. A space rocket blasted off from Russia's Baikonur cosmodrome on the steppes of neighboring ex-Soviet Kazakhstan, from which Russia rents the facility. "The launch was carried out smoothly at 10:32 p.m. (1932 GMT)," RIA news agency quoted a spokesman for the Russian space agency as saying. "We expect satellites to separate from the booster on the orbit at 2:24 a.m. (2324 GMT)". Work on GLONASS -- or Global Navigation Satellite System -- began in the Soviet Union in the mid-1970s to give its armed forces exact bearings around the world. The collapse of the Russian economy in the late 1990s drained funds and the plans withered, but President Vladimir Putin has ensured the project is now being lavishly funded from a brimming government budget. Officials said GLONASS would mainly be used alongside the U.S. global positioning system, which Washington can switch off for civilian subscribers, as it did during recent military operations in Iraq. (Writing by Chris Baldwin, editing by Richard Meares) From rforno at infowarrior.org Wed Dec 26 20:33:53 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Dec 2007 15:33:53 -0500 Subject: [Infowarrior] - IFPI wants ISPs to block The Pirate Bay, filter P2P traffic Message-ID: IFPI wants ISPs to block The Pirate Bay, filter P2P traffic 12/26 2007 | 12:01 AM Posted by: Janko Roettgers http://www.p2p-blog.com/item-439.html The International Federation of the Phonographic Industry (IFPI) wants European ISPs to build the copyright equivalent to the Chinese firewall, and its counting on the help of European lawmakers to achieve this goal. The music industry association approached the EU parliament with a set of recommendations to "develop cooperations with ISPs", something that the paper calls "key to the future of the music business." So what can ISPs do to cooperate, you might ask? Well, that's easy: Just filter out any illegitimate content, block P2P protocols and block access to websites like The Pirate Bay. That's all. Here's what IFPI exactly has in mind: ISPs should use acoustic fingerprinting-based filtering solutions like the one industry darling Audible Magic is offering to block any transfer of unlicensed sound recordings. The IFPI paper likens this to filtered / licensed P2P applications like iMesh and Kazaa, but it doesn't even specify whether these filters should only affect P2P, meaning that possibly every song transfer via IM or FTP could be affected as well. ISPs should also block any type of Bittorrent or Gnutella traffic. From the paper: "It is (...) possible for ISPs to block their customers' access to specific P2P services that are known to be predominantly infringing and that have refused to implement steps to prevent infringement, while not affecting regular services such as web and email." And finally, ISPs are supposed to block "infringing websites" that are located in "rogue jurisdictions" or "refuse to cooperate" with the industry. One example quoted is Allofmp3.com, another one is The Pirate Bay, a site the IFPI calls "an infamous infringing service locaded in Sweden". The German IT news website heise.de is reporting that IFPI has succeeded in getting some political support for these ideas. The Committee for Culture and Education will decide in January whether they want to incorporate recommendations for ISP-based filtering into a dossier about the future of cultural industries in Europe. This in itself may sound like a small step, but the EFF Europe is already up in arms about it, calling ISP filtering "an ill-considered and damaging quick fix." From rforno at infowarrior.org Thu Dec 27 01:04:28 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Dec 2007 20:04:28 -0500 Subject: [Infowarrior] - More Comcastic Greed Message-ID: In the mail today I received a nice marketing slick from Comcast that told me aaaaalllllllll about the great things they've done over the past year to "bring me the highest quality service". Which of course set off alarm bells in my head, because when I see a utility show itself off in a slick four-color publication that ain't the firm's Annual Report To Shareholders, it's a sure sign that it's time for our annual price-raping. Sure enough.....and this year, by percentage, it's unbelievable: A 4% increase in Digital Cable service (no premium channels) A 16% increase in Comcast-branded DVR monthly fee ....and it looks like roughly 10-16% increases for most premium or specialty channels as well as their other TV bundles. The only packages that didn't see a rate increase were their cable internet packages -- which I don't use anyway. But generally increases across the board, just like last year. And the year before. Etc, etc, etc. My 2008 new years vow is to dump my Comcast DVR and go with Tivo or another solution just on principle alone. Since I have no access to FIOS and my building isn't able to get satellite, there's I can't do much about my cable rate short of raise hell with Arlington County or cancel the service.....but I'll dump as many of Comcast's services as I can, and be sure to tell the world about it, too. Even if their service didn't suck, these people have no shame. Comcastic, hardly. Comcraptic? definitely. -rf From rforno at infowarrior.org Thu Dec 27 04:26:56 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Dec 2007 23:26:56 -0500 Subject: [Infowarrior] - NFL backtracks on Patriots-Giants telecasting Message-ID: Patriots-Giants Game Now on NBC and CBS By RICHARD SANDOMIR Published: December 27, 2007 http://www.nytimes.com/2007/12/27/sports/football/27tv.html?_r=1&hp&oref=slo gin The Patriots-Giants game, which was to be broadcast Saturday night to less than half the country by the NFL Network, will be available to fans throughout the nation under an agreement reached Wednesday by NBC and CBS to simulcast it. The 15-0 Patriots are attempting to become the first N.F.L. team since the 1972 Miami Dolphins to finish the regular season unbeaten. Miami went on to win the Super Bowl and finish at 17-0. The decision to have NBC and CBS give the NFL Network the exposure it has so far lacked came in the face of mounting Congressional pressure, a threat to examine the antitrust exemption the National Football League has to negotiate its television contracts. ?I think the pressure was one thing and that had an impact,? said Pat Bowlen, the owner of the Denver Broncos. ?But you look at the significance of the game, of New England possibly going undefeated, and we wanted it to be seen by the whole country.? Representative Joseph Courtney, Democrat of Connecticut, praised the decision by N.F.L. Commissioner Roger Goodell to expand the game?s availability. Without the simulcasts, tens of thousands of fans in the state ? which has loyalties divided between the Patriot and the Giants ? would not have seen the game. ?It was the right pressure point for Congress to step in and say to the N.F.L., ?You?re a protected industry and you have to look out for the best interests of the fans,?? he said. The NFL Network is available to 43 million cable and satellite subscribers, but it is not carried by major cable operators like Time Warner, Cablevision and Charter. Comcast carries the network only on its digital sports tier, which requires an extra fee. NBC and CBS will use the NFL Network?s game production, including the announcers Cris Collinsworth and Bryant Gumbel. They will not pay an extra rights fee ? together the networks pay the league a combined average yearly fee of $1.2 billion ? and will divide revenues from selling 18 30-second commercials with local stations. The simulcast will mark the first time since Super Bowl I in 1967 that the same N.F.L. game will be carried by more than one network. In that instance, when Green Bay beat Kansas City, CBS and NBC produced their own versions of the game. If the NFL Network had not existed, the Patriots-Giants game almost certainly would have been on CBS; but it might have been a Sunday night game on NBC. ?I?m intrigued by the historic nature of two over-the-air networks carrying the game,? said Dick Ebersol, the chairman of NBC Universal Sports. ?It?ll be fun and will give the NFL Network a chance to exhibit their wares.? Ebersol said that he suggested a simulcast to Steve Bornstein, the NFL Network?s chief executive, in October but felt as recently as last week that the idea might not come to fruition. In recent days, conversations accelerated among the league, Ebersol and Leslie Moonves, the chief executive of CBS. Without CBS and NBC, the game would have been seen only by the NFL Network?s 43 million subscribers and 10.8 million other TV homes in the Patriots and the Giants? designated home markets of Boston-Manchester, N.H., and New York-New Jersey. Bornstein said the decision to broaden distribution for the game came after his realization that cable operators did not want to negotiate a deal. ?We were optimistic they would come to their senses, but it just didn?t happen,? he said, then added: ?I thought they?d react to the fans? interest; I was wrong. I thought they wanted quality programming to sell and promote and differentiate themselves, but I was wrong.? He played down the impact of pleas made by the Congressional delegations of Connecticut, Vermont and Rhode Island, who wrote to Goodell asking that the game be made widely available on local broadcast stations in New England outside the Patriots? primary market. ?We had some of the same interests as the politicians, but this was a reaction to our fans,? Bornstein said. As recently as Dec. 21, in a letter to Senator Patrick Leahy, Democrat of Vermont and chairman of the Senate Judiciary Committee, Goodell wrote that ?despite Vermonters? affection for the two teams,? Vermont ?is not ? and never has been ? a ?home market? of either the Patriots or the Giants for purposes of our cable simulcast rules.? Under those rules, ESPN must make its games available to stations in the teams? home markets for those residents who do not or cannot get cable. But unlike the NFL Network, ESPN is available virtually everywhere. When ESPN?s games are simulcast on local stations, fans of the two teams outside the home markets (like Giants fans in Albany) are almost certain to be able to see them on cable. The league?s refusal to stretch the boundaries of the home market for the Patriots-Giants game would have left many viewers in the dark. Bornstein insisted that efforts at fully distributing the NFL Network are hamstrung because as an independent network it is not owned wholly or in part by a major cable From rforno at infowarrior.org Thu Dec 27 13:56:20 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Dec 2007 08:56:20 -0500 Subject: [Infowarrior] - Bhutto Killed at Political Rally Message-ID: Bhutto Killed at Political Rally By Griff Witte and Debbi Wilgoren Washington Post Foreign Service Thursday, December 27, 2007; 8:49 AM RAWALPINDI, Pakistan, Dec. 27 -- Former Pakistani prime minister Benazir Bhutto was assassinated Thursday at a political rally, two months after she returned from eight years of exile to attempt a political comeback, officials said. Bhutto was shot at close range as she was leaving the rally in this garrison city south of Islamabad, aides said. Immediately after the shooting, a suicide bomber detonated explosives near Bhutto's car, killing at least 15 other people. Bhutto was rushed to a hospital with extensive wounds to her torso, her supporters said. Shortly after she arrived at the hospital, an official came out of the building and told a crowd of supporters Bhutto was dead. Also Thursday, a rooftop sniper opened fire on supporters of former prime minister Nawaz Sharif at a different pre-election rally in Rawalpindi, leaving four dead and at least five injured. Bhutto's death is a devastating development, coming 12 days before Pakistanis are set to vote in national parliamentary elections already marked by enormous political turmoil. President Pervez Musharraf declared a state of emergency in November -- a move which he said was to combat terrorism, but which was widely perceived as an effort to stave off legal challenges to his authority. U.S. military officials said last week that the terrorist group al-Qaeda increasingly is focusing its efforts in Pakistan. < - > http://www.washingtonpost.com/wp-dyn/content/article/2007/12/27/AR2007122700 122.html?hpid=topnews From rforno at infowarrior.org Thu Dec 27 14:17:01 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Dec 2007 09:17:01 -0500 Subject: [Infowarrior] - FBI to put criminals, security issues up in digital billboard lights Message-ID: FBI to put criminals, security issues up in digital billboard lights Submitted by Layer 8 on Wed, 12/26/2007 - 10:02pm. http://www.networkworld.com/community/node/23351 The FBI today said it wants to install 150 digital billboards in 20 major U.S. cities in the next few weeks to show fugitive mug shots, missing people and high-priority security messages from the big bureau. The initiative is made possible through a partnership with Clear Channel Outdoor, the advertising company that?s providing the space as a public service. The billboards will let the FBI highlight those people it is looking for the most: violent criminals, kidnap victims, missing kids, bank robbers, even terrorists, the FBI said in a release. And the billboards will be able to be updated largely in real-time ?right after a crime is committed, a child is taken, or an attack is launched. The FBI said it tested its first billboard in the Philadelphia area in September, with crystal-clear images of 11 of its most violent fugitives on eight billboards and a 24-hour hotline for the public to call. The billboards paid quick public safety dividends. In October, two fugitives were captured as a direct result of the publicity, the FBI said. Chicago, Las Vegas, Los Angeles and Miami will be among those cities provided with the new billboards, along with Milwaukee and Philadelphia.The FBI said Atlanta, Cleveland, Indianapolis, Memphis and Minneapolis will also get the billboards, as will Akron, Ohio; Columbus, Ohio; Albuquerque, N.M.; El Paso, Texas; Des Moines, Iowa; Newark, N.J.; Wichita, Kan.; and the Florida cities of Tampa and Orlando. Using digital billboards to put pressure on criminals is not an entirely new concept. According to a CNN report, in September, Florida authorities arrested a drug suspect two weeks after his photo was displayed on a billboard in Daytona Beach. A tipster who saw the suspect's picture found him sitting in a McDonald's. The billboards have also been useful in disasters. When an interstate bridge collapsed in August in Minneapolis, billboards displayed an emergency message within 15 minutes, the report stated. The downside is that only a small fraction of U.S. billboards are digital ? 500 or so out of estimated 450,000 total signs, according to published reports. From rforno at infowarrior.org Thu Dec 27 20:24:47 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Dec 2007 15:24:47 -0500 Subject: [Infowarrior] - U.S. copyright waived in tiny nation Message-ID: http://www.hollywoodreporter.com/hr/content_display/news/e3i069cf19291fa5cce 90e1758ae1d39cca U.S. copyright waived in tiny nation By Leo Cendrowicz Dec 25, 2007 BRUSSELS -- The Caribbean nation of Antigua and Barbuda has won the right to waive U.S. copyrights in films, television and music under an unusual ruling by the World Trade Organization. The landmark decision by the Geneva-based trade watchdog means that the tiny islands are able to violate intellectual property protection worth up to $21 million as part of a dispute between the countries over online gambling. The ruling ends a legal battle lasting nearly five years, which ended in the WTO finding that Washington had wrongly blocked online gambling operators on the island from the American market at the same time it allowed online wagering on horse racing. The award is significantly lower than the damages of $3.44 billion a year Antigua and Barbuda had claimed, but higher than the $500,000 offered by the U.S. The Office of the US Trade Representative nevertheless welcomed the outcome, saying Antigua's claim, at three times the size of its economy, had been "patently excessive." The WTO often takes decisions awarding trade compensation in cases where one nation's policies are found to break its rules. But this is only the second time the compensation lets one country violate intellectual property laws. In this case, Antigua will -- in theory -- be allowed to distribute copies of American DVDs, CDs and games and software with impunity. "That has only been done once before and is, I believe, a very potent weapon," Antigua's lawyer Mark Mendel said. "I hope that the United States government will now see the wisdom in reaching some accommodation with Antigua over this dispute." However, the ruling paves the way for further conflicts as the copyright holders concerned are expected to argue with the Antigua government over the actual value of the individual rights that are waived. The USTR has also warned that that the award was strictly limited to Antigua, and that even with respect to Antigua, "it would establish a harmful precedent for a WTO Member to affirmatively authorize what would otherwise be considered acts of piracy, counterfeiting, or other forms of IPR infringement." The five-year WTO battle concerned the U.S. block on foreign online gambling operators from the American market at the same time it allowed online wagering on horse racing. Antigua, with a population of about 70,000, is a center for offshore Internet gaming operations and attracts large numbers of U.S. residents to its online casino-style games and betting services. The European Union, India, Canada, Australia and other WTO signatories aligned themselves alongside the Antiguan case. However, separate deals were agreed with these economies, including U.S. trade concessions to the EU in mail services and warehousing as compensation. Latest news ? Advertisement From rforno at infowarrior.org Fri Dec 28 13:40:32 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Dec 2007 08:40:32 -0500 Subject: [Infowarrior] - China finds U.S. firms eager allies on security Message-ID: China finds U.S. firms eager allies on security By Keith Bradsher Thursday, December 27, 2007 http://www.iht.com/bin/printfriendly.php?id=8926040 BEIJING: In preparation for the Beijing Olympics and a host of other international events, some American companies are helping the Chinese government to design and install one of the most comprehensive high-tech public surveillance systems in the world. When told of the companies' transactions, critics of China's human rights record said the work violated the spirit of a sanctions law Congress passed after the Tiananmen Square killings. The Commerce Department, however, says the sophisticated systems that Honeywell, General Electric, United Technologies and IBM are installing do not run afoul of the ban on providing China "crime control or detection instruments or equipment." With athletes and spectators coming from around the world, every Olympic host nation works to build the best security system it can. In an era of heightened terrorism concerns, it could be argued, high-tech surveillance systems will be an indispensable part of China's security preparations. And given China's enormous economic potential, corporations are always anxious to get a foothold here; the Olympics provide a prime opportunity. But as the first authoritarian regime to host an Olympics since the former Yugoslavia in 1984, China also presents particular challenges. Long after the visitors leave, security industry experts say, the surveillance equipment Western companies leave behind will provide authorities here new tools to track not only criminals, but dissidents too. "I don't know of an intelligence-gathering operation in the world that, when given a new toy, doesn't use it," said Steve Vickers, a former head of criminal intelligence for the Hong Kong police who now leads a consulting firm. Indeed, the autumn issue of the Chinese Public Security Ministry's magazine prominently listed places of worship and Internet cafes as locations to install new cameras. A Commerce Department official who insisted on anonymity, said the agency was reviewing its entire list of banned exports, including military and crime control products. Asked whether equipment identified as commercial by Western manufacturers could have crime control applications, the official said, "There may be users in China who figure out law enforcement uses for it." Multinationals are reluctant to discuss their sales to China's security forces, but they say they have done everything necessary to comply with relevant laws. Information is not easy to come by, but interviews with engineers at the Public Security Ministry's biennial convention; visits to Chinese surveillance camera factories and police stations; and reports on China prepared for member-companies of the Security Industry Association, a trade group based in Alexandria, Virginia, provide an outline of China's mammoth effort. Interviews with security experts and executives in Asia and the United States also provided previously unknown details about the systems American companies are providing. Honeywell has already started helping the police to set up an elaborate monitoring system to analyze feeds from indoor and outdoor cameras in one of Beijing's most heavily populated districts, the site of several Olympic venues. The company is working on more expansive systems in Shanghai, to be ready for the 2010 World Expo there - in addition to government and business security systems in Guangzhou, Shenzhen, Nanjing, Changsha, Tianjin, Kunming and Xi'an. General Electric has sold the Chinese authorities its powerful VisioWave system, which allows security officers to control thousands of video cameras simultaneously and automatically alerts them to suspicious or fast-moving objects, like people running. The system will be deployed at the Beijing national convention center, including the Olympics media center. IBM is installing a similar system in Beijing that should be ready before the Olympics. It will analyze and catalog people and behavior. Julie Donahue, IBM's vice president for security and privacy services, told a technology news service this month that by next summer IBM would install in Beijing its newly developed Smart Surveillance System, a powerful network that links large numbers of video cameras. IBM refused repeated requests to answer questions about the system, or discuss her remarks. United Technologies flew three engineers from its Lenel security subsidiary in Rochester, New York, to Guangzhou to customize a 2,000-camera network in a single large neighborhood, the first step toward a city-wide network of 250,000 cameras to be installed before the 2010 Asian Games. The company is also seeking contracts to build that network. Critics argue that all these programs violate the spirit, if not the letter, of the 1990 U.S. law banning the export of "crime control or detection instruments or equipment" to China. The Commerce Department, charged with developing regulations that implement the law, disagrees. The department bars exports for which the sole use is law enforcement, like equipment for detecting fingerprints at crime scenes. But video systems are allowed if they are "industrial or civilian intrusion alarm, traffic or industrial movement control or counting systems," according to the regulations. Since multinationals increasingly manufacture some security systems in China, export rules are irrelevant. But the post-Tiananmen law also prohibits companies from using American security technology anywhere in the world to supply China with banned products. The companies note that the products they provide are not banned by the government. Honeywell said that it complies with the letter and spirit of the laws in every country where it operates. General Electric said it had reviewed the VisioWave sale to China and believed that it complied fully with both the letter and spirit of the law. United Technologies said that the equipment it is selling for Guangzhou is not banned under the legislation. And IBM said that it complies with American regulations. James Mulvenon is the director of the Center for Intelligence Research and Analysis, a government contractor in Washington that does classified analyses on overseas military and intelligence programs. He said the companies' participation in Chinese surveillance "violates the spirit of the Tiananmen legislation." Representative Tom Lantos, the California Democrat who is chairman of the House Foreign Affairs Committee, said, "U.S.-based companies obviously don't know the meaning of decency if they're seeking out ways to wriggle through the loopholes in our laws to capitalize on the market opportunities presented by the Olympics." He said his committee would continue to investigate what he sees as American corporate assistance for political repression. Mulvenon noted that the pace of technological change means that products with mainly civilian applications, like building management computer systems with powerful video surveillance features, had blurred the distinction between law enforcement and civilian technologies. But he said the Commerce Department has tended to define narrowly the technologies that qualify as crime control and prevention. A Commerce Department official said the department's bureau of industry and security had prevented the export of a "medium-tech" product to China for the Olympics that was clearly intended for law enforcement use. The official declined to identify the product and insisted on anonymity because he was not authorized to speak for the department. Olympics security spending increased rapidly this year, following China's little-noticed decision last winter to create more than 600 "safe cities" nationwide through the establishment of surveillance camera networks. A table in the autumn edition of the security ministry's magazine suggested the number of surveillance cameras that should be installed in each community, based on its size, international prominence and location - from 250,000 to 300,000 cameras in metropolises like Beijing and Shanghai to 1,000 to 5,000 cameras for small towns and rural counties. That would still leave major Chinese cities behind London in the scope of their security camera systems. London already has as many as 500,000 cameras if video systems at banks, supermarkets and other commercial locations are included. But government agencies in London have installed smaller, separate systems of a few hundred cameras at a time, in contrast with the highly integrated approach of the Chinese government. In New York City, the police are trying to assemble a network of 3,000 public and private cameras below Canal Street to discourage terrorism in Lower Manhattan; they are starting with 100 cameras. China does not have sufficient security guards to watch the video feeds from so many cameras, so the authorities have been shopping for foreign computer systems that automatically analyze the information, security executives said. At the security equipment convention this year - in Shenzhen, the center of China's security industry - multinationals competed with local companies to offer high-technology products, as police officials from around the country browsed the booths. Part of the sales pitches from American companies is that their systems can protect local police during incidents of alleged police abuse. When a car in Beijing hit an elderly foreign tourist, the police used Honeywell systems to check a nearby street camera and discovered that the tourist had been jaywalking, said He Han, a Honeywell engineer who worked on the system. "We were one of the first to introduce foreign advanced products and management practices," He said. "We have the biggest user network in China." If American companies do not sell security systems here, Chinese companies will; the Shenzhen conference drew a handful of American companies, but about 800 of the nearly 1,000 exhibitors were Chinese - and they were aggressively pursuing contracts. The young engineers in jacket and tie at the American booths stood in sharp contrast, for example, to a Chinese company's booth with a half dozen young women in black patent leather boots, five-inch heels and metallic silver micro-mini dresses. China is likely to emerge from the Olympics with remarkable surveillance capabilities, Vickers, the former head of criminal intelligence for the Hong Kong police, said. "They are certainly getting the best stuff," he added. "One, because money talks, and second, because whatever the diplomatic issues, the U.S. wants to supply the Olympics." From rforno at infowarrior.org Fri Dec 28 14:26:11 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Dec 2007 09:26:11 -0500 Subject: [Infowarrior] - CJR: The Limits of Clear Language Message-ID: Essay ? November / December 2007 The Limits of Clear Language Orwell worried about polluted language, but polluted information is more toxic By Nicholas Lemann < - > http://www.cjr.org/essay/the_limits_of_language.php?page=all From rforno at infowarrior.org Sat Dec 29 02:13:07 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Dec 2007 21:13:07 -0500 Subject: [Infowarrior] - RIP Netscape Navigator (1994-2008) Message-ID: Web icon set to be discontinued The browser that helped kick-start the commercial web is to cease development because of lack of users. Netscape Navigator, now owned by AOL, will no longer be supported after 1 February 2008, the company has said. In the mid-1990s the browser was used by more than 90% of the web population, but numbers have slipped to just 0.6%. In particular, the browser has faced competition from Microsoft's Internet Explorer (IE), which is now used by nearly 80% of all web users. "While internal groups within AOL have invested a great deal of time and energy in attempting to revive Netscape Navigator, these efforts have not been successful in gaining market share from Microsoft's Internet Explorer," said Tom Drapeau on the company's blog. Browser wars Netscape was developed by Marc Andreessen, co-author of Mosaic, the first popular web browser. Mosaic was written while Mr Andreessen was a student at the National Center for Supercomputing Applications at the University of Illinois in 1992. After graduation he set up Netscape Communications Corporation and began development of the Navigator browser. The first version was released in 1994. It was quickly a success and dominated the browser market in the mid-1990s. But other companies followed its success, notably Microsoft, which bundled its Explorer software with its operating systems. This culminated in a highly-publicised legal battle, which saw Microsoft accused of anti-competitive behaviour. Although the settlement saw Netscape gain many concessions from Microsoft including the ability to exploit IE code, it has been unable to gain back its market share. The demise of Navigator was compounded in 2003 when AOL, which bought Netscape in 1998, made redundant most of the staff working on new versions of the browser. Many of the staff moved to the Mozilla Foundation which develops the popular Firefox browser. This browser has a 16% share of the browser market. Fade away Although a core team has continued to work on the secure browser - it is currently on version nine - AOL has decided to finally pull the plug. "After 1 February, there will be no more active product support for Navigator nine, or any previous Netscape Navigator browser," wrote Mr Drapeau. "We feel it's the right time to end development of Netscape branded browsers, hand the reins fully to Mozilla and encourage Netscape users to adopt Firefox," he said. Users of the browser will no longer receive security or software updates after the date. Old versions of the browser will still be available for download, but will no longer be supported. Microsoft is expected to launch a new version of IE in 2008, whilst the third version of Firefox is currently available as a beta, or test version. Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/7163547.stm Published: 2007/12/28 19:54:26 GMT ? BBC MMVII From rforno at infowarrior.org Sat Dec 29 02:14:37 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Dec 2007 21:14:37 -0500 Subject: [Infowarrior] - TSA's new forbidden item: >2 gm lithium batteries Message-ID: The TSA has discovered that on January 1st, 2008 lithium batteries are going to become more dangerous than they were on December 31, 2007. Thankfully, they've taken action by forbidding them beginning in 2008. Lithium Metal Battery, Spare or Installed (over 2 grams lithium): In checked bag? Forbidden Carry-on? Forbidden The Department of Transportation's web site doesn't say why they're forbidden. They just are. Link < - > http://www.boingboing.net/2007/12/28/tsas-new-forbidden-i.html From rforno at infowarrior.org Sat Dec 29 03:38:00 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Dec 2007 22:38:00 -0500 Subject: [Infowarrior] - McGovern OpEd: Creeping Fascism Message-ID: Lessons from the Past Creeping Fascism By RAY McGOVERN Former CIA analyst "There are few things as odd as the calm, superior indifference with which I and those like me watched the beginnings of the Nazi revolution in Germany, as if from a box at the theater ... Perhaps the only comparably odd thing is the way that now, years later...." These are the words of Sebastian Haffner (pen name for Raimund Pretzel), who as a young lawyer in Berlin during the 1930s experienced the Nazi takeover and wrote a first-hand account. His children found the manuscript when he died in 1999 and published it the following year as "Geschichte eines Deutschen" (The Story of a German). The book became an immediate bestseller and has been translated into 20 languages-in English as "Defying Hitler." I recently learned from his daughter Sarah, an artist in Berlin, that today is the 100th anniversary of Haffner's birth. She had seen an earlier article in which I quoted her father and emailed to ask me to "write some more about the book and the comparison to Bush's America...this is almost unbelievable." More about Haffner below. Let's set the stage first by recapping some of what has been going on that may have resonance for readers familiar with the Nazi ascendancy, noting how "odd" it is that the frontal attack on our Constitutional rights is met with such "calm, superior indifference." Goebbels Would be Proud It has been two years since top New York Times officials decided to let the rest of us in on the fact that the George W. Bush administration had been eavesdropping on American citizens without the court warrants required by the Foreign Intelligence Surveillance Act (FISA) of 1978. The Times had learned of this well before the election in 2004 and acquiesced to White House entreaties to suppress the damaging information. In late fall 2005 when Times correspondent James Risen's book, "State of War: the Secret History of the CIA and the Bush Administration," revealing the warrantless eavesdropping was being printed, Times publisher, Arthur Sulzberger, Jr., recognized that he could procrastinate no longer. It would simply be too embarrassing to have Risen's book on the street, with Sulzberger and his associates pretending that this explosive eavesdropping story did not fit Adolph Ochs' trademark criterion: All The News That's Fit To Print. (The Times' own ombudsman, Public Editor Byron Calame, branded the newspaper's explanation for the long delay in publishing this story "woefully inadequate.") When Sulzberger told his friends in the White House that he could no longer hold off on publishing in the newspaper, he was summoned to the Oval Office for a counseling session with the president on Dec. 5, 2005. Bush tried in vain to talk him out of putting the story in the Times. The truth would out; part of it, at least. < - > http://www.counterpunch.org/mcgovern12282007.html Ray McGovern was a CIA analyst from 1963 to 1990 and Robert Gates' branch chief in the early 1970s. McGovern now serves on the Steering Group of Veteran Intelligence Professionals for Sanity (VIPS). He is a contributor to Imperial Crusades, edited by Alexander Cockburn and Jeffrey St. Clair. He can be reached at: rrmcgovern at aol.com From rforno at infowarrior.org Sat Dec 29 03:45:13 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Dec 2007 22:45:13 -0500 Subject: [Infowarrior] - Wal-Mart axes short-lived movie service Message-ID: ...but as we see elsewhere with DRM-crippled products, if the vendor shuts down, no matter what sort of "graceful exit" they might offer customers you run the risk of losing 'your' product if it can't reauthorize or validate itself. Yet another reason NOT to have DRM. Great way to voluntarily screw yourself for the benefit of the clueless and greedy entertainment industry. -rf Wal-Mart axes short-lived movie service http://www.electronista.com/articles/07/12/27/wal.mart.axes.videos/ Wal-Mart has shut down its fledgling movie service with virtually no announcement, according to user reports. Visitors to the official site are greeted with a message that the site has shut down as of December 21st and redirects users to information about the closure. Videos and other content remain playable but will still include the copy restrictions of before, which prevent the videos from transferring to non-purchasing computers but allow their use on as many as three portable media players that support guarded Windows Media content. No refunds are available and customers will have to visit a Wal-Mart store to buy more videos, the retailer warns. The shutdown comes just 10 months after the opening of the store in February and is the result of poor sales despite the shop remaining in a beta (testing) state, Wal-Mart and its content system provider Hewlett-Packard say. While Wal-Mart is not directly responsible for shutting down the store, sub-par income for HP has forced an early termination of the backbone behind the service and left Wal-Mart with little choice, according to a Wal-Mart spokesperson. An end to Wal-Mart's store dashes the early hopes of movie studios. The video download site was the first to sign all major Hollywood production houses to its catalog, potentially supplying the retail chain with an edge over Apple's iTunes Store and other services that have unsuccessfully negotiated licenses for key studios or else are limited to older titles. Wal-Mart is rumored to have been instrumental in blocking some deals with Apple to shelter its lucrative physical video sales, which account for a large portion of all video revenues in the US. The firm's efforts to sell videos online are winding down just as word has surfaced that Apple may be opening an iTunes movie rental service that would enlist at least 20th Century Fox and would likely involve Disney as well, playing on Apple chief Steve Jobs' membership on the Disney board of directors. Wal-Mart's store has only allowed purchases since its opening and may have suffered from this decision as a result. From rforno at infowarrior.org Sat Dec 29 03:49:23 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Dec 2007 22:49:23 -0500 Subject: [Infowarrior] - DARPA: Snorting a Brain Chemical Could Replace Sleep Message-ID: Snorting a Brain Chemical Could Replace Sleep By Alexis Madrigal Email 12.28.07 | 12:00 AM http://www.wired.com/science/discoveries/news/2007/12/sleep_deprivation In what sounds like a dream for millions of tired coffee drinkers, Darpa-funded scientists might have found a drug that will eliminate sleepiness. A nasal spray containing a naturally occurring brain hormone called orexin A reversed the effects of sleep deprivation in monkeys, allowing them to perform like well-rested monkeys on cognitive tests. The discovery's first application will probably be in treatment of the severe sleep disorder narcolepsy. The treatment is "a totally new route for increasing arousal, and the new study shows it to be relatively benign," said Jerome Siegel, a professor of psychiatry at UCLA and a co-author of the paper. "It reduces sleepiness without causing edginess." Orexin A is a promising candidate to become a "sleep replacement" drug. For decades, stimulants have been used to combat sleepiness, but they can be addictive and often have side effects, including raising blood pressure or causing mood swings. The military, for example, administers amphetamines to pilots flying long distances, and has funded research into new drugs like the stimulant modafinil (.pdf) and orexin A in an effort to help troops stay awake with the fewest side effects. The monkeys were deprived of sleep for 30 to 36 hours and then given either orexin A or a saline placebo before taking standard cognitive tests. The monkeys given orexin A in a nasal spray scored about the same as alert monkeys, while the saline-control group was severely impaired. The study, published in the Dec. 26 edition of The Journal of Neuroscience, found orexin A not only restored monkeys' cognitive abilities but made their brains look "awake" in PET scans. Siegel said that orexin A is unique in that it only had an impact on sleepy monkeys, not alert ones, and that it is "specific in reversing the effects of sleepiness" without other impacts on the brain. Such a product could be widely desired by the more than 70 percent of Americans who the National Sleep Foundation estimates get less than the generally recommended eight hours of sleep per night (.pdf). The research follows the discovery by Siegel that the absence of orexin A appears to cause narcolepsy. That finding pointed to a major role for the peptide's absence in causing sleepiness. It stood to reason that if the deficit of orexin A makes people sleepy, adding it back into the brain would reduce the effects, said Siegel. "What we've been doing so far is increasing arousal without dealing with the underlying problem," he said. "If the underlying deficit is a loss of orexin, and it clearly is, then the best treatment would be orexin." Dr. Michael Twery, director of the National Center on Sleep Disorders Research, said that while research into drugs for sleepiness is "very interesting," he cautioned that the long-term consequences of not sleeping were not well-known. Both Twery and Siegel noted that it is unclear whether or not treating the brain chemistry behind sleepiness would alleviate the other problems associated with sleep deprivation. "New research indicates that not getting enough sleep is associated with increased risk of cardiovascular disease and metabolic disorders," said Twery. Still, Siegel said that Americans already recognize that sleepiness is a problem and have long treated it with a variety of stimulants. "We have to realize that we are already living in a society where we are already self-medicating with caffeine," he said. He also said that modafinil, which is marketed as Provigil by Cephalon and Alertec in Canada, has become widely used by healthy individuals for managing sleepiness. "We have these other precedents, and it's not clear that you can't use orexin A temporarily to reduce sleep," said Siegel. "On the other hand, you'd have to be a fool to advocate taking this and reducing sleep as much as possible." Sleep advocates probably won't have to worry about orexin A reaching drugstore shelves for many years. Any commercial treatment using the substance would need approval from the Food and Drug Administration, which can take more than a decade. From rforno at infowarrior.org Sat Dec 29 13:43:18 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Dec 2007 08:43:18 -0500 Subject: [Infowarrior] - READ: The Airport Security Follies Message-ID: This is by far one of the best assessments of the joke known as commercial aviation security I've read in a long time. It's written by a career commercial airline pilot, which makes it more relevant and insightful.....even if it doesn't say anything that the few of us "reality-based" security analysts don't already know, realize, or have tried to preach since 9/11. --rf December 28, 2007, 6:52 pm The Airport Security Follies By Patrick Smith http://jetlagged.blogs.nytimes.com/2007/12/28/the-airport-security-follies/ Six years after the terrorist attacks of 2001, airport security remains a theater of the absurd. The changes put in place following the September 11th catastrophe have been drastic, and largely of two kinds: those practical and effective, and those irrational, wasteful and pointless. The first variety have taken place almost entirely behind the scenes. Explosives scanning for checked luggage, for instance, was long overdue and is perhaps the most welcome addition. Unfortunately, at concourse checkpoints all across America, the madness of passenger screening continues in plain view. It began with pat-downs and the senseless confiscation of pointy objects. Then came the mandatory shoe removal, followed in the summer of 2006 by the prohibition of liquids and gels. We can only imagine what is next. To understand what makes these measures so absurd, we first need to revisit the morning of September 11th, and grasp exactly what it was the 19 hijackers so easily took advantage of. Conventional wisdom says the terrorists exploited a weakness in airport security by smuggling aboard box-cutters. What they actually exploited was a weakness in our mindset ? a set of presumptions based on the decades-long track record of hijackings. In years past, a takeover meant hostage negotiations and standoffs; crews were trained in the concept of ?passive resistance.? All of that changed forever the instant American Airlines Flight 11 collided with the north tower. What weapons the 19 men possessed mattered little; the success of their plan relied fundamentally on the element of surprise. And in this respect, their scheme was all but guaranteed not to fail. For several reasons ? particularly the awareness of passengers and crew ? just the opposite is true today. Any hijacker would face a planeload of angry and frightened people ready to fight back. Say what you want of terrorists, they cannot afford to waste time and resources on schemes with a high probability of failure. And thus the September 11th template is all but useless to potential hijackers. No matter that a deadly sharp can be fashioned from virtually anything found on a plane, be it a broken wine bottle or a snapped-off length of plastic, we are content wasting billions of taxpayer dollars and untold hours of labor in a delusional attempt to thwart an attack that has already happened, asked to queue for absurd lengths of time, subject to embarrassing pat-downs and loss of our belongings. The folly is much the same with respect to the liquids and gels restrictions, introduced two summers ago following the breakup of a London-based cabal that was planning to blow up jetliners using liquid explosives. Allegations surrounding the conspiracy were revealed to substantially embellished. In an August, 2006 article in the New York Times, British officials admitted that public statements made following the arrests were overcooked, inaccurate and ?unfortunate.? The plot?s leaders were still in the process of recruiting and radicalizing would-be bombers. They lacked passports, airline tickets and, most critical of all, they had been unsuccessful in actually producing liquid explosives. Investigators later described the widely parroted report that up to ten U.S airliners had been targeted as ?speculative? and ?exaggerated.? Among first to express serious skepticism about the bombers? readiness was Thomas C. Greene, whose essay in The Register explored the extreme difficulty of mixing and deploying the types of binary explosives purportedly to be used. Green conferred with Professor Jimmie C. Oxley, an explosives specialist who has closely studied the type of deadly cocktail coveted by the London plotters. ?The notion that deadly explosives can be cooked up in an airplane lavatory is pure fiction,? Greene told me during an interview. ?A handy gimmick for action movies and shows like ?24.? The reality proves disappointing: it?s rather awkward to do chemistry in an airplane toilet. Nevertheless, our official protectors and deciders respond to such notions instinctively, because they?re familiar to us: we?ve all seen scenarios on television and in the cinema. This, incredibly, is why you can no longer carry a bottle of water onto a plane.? The threat of liquid explosives does exist, but it cannot be readily brewed from the kinds of liquids we have devoted most of our resources to keeping away from planes. Certain benign liquids, when combined under highly specific conditions, are indeed dangerous. However, creating those conditions poses enormous challenges for a saboteur. ?I would not hesitate to allow that liquid explosives can pose a danger,? Greene added, recalling Ramzi Yousef?s 1994 detonation of a small nitroglycerine bomb aboard Philippine Airlines Flight 434. The explosion was a test run for the so-called ?Project Bojinka,? an Al Qaeda scheme to simultaneously destroy a dozen widebody airliners over the Pacific Ocean. ?But the idea that confiscating someone?s toothpaste is going to keep us safe is too ridiculous to entertain.? Yet that?s exactly what we?ve been doing. The three-ounce container rule is silly enough ? after all, what?s to stop somebody from carrying several small bottles each full of the same substance ? but consider for a moment the hypocrisy of T.S.A.?s confiscation policy. At every concourse checkpoint you?ll see a bin or barrel brimming with contraband containers taken from passengers for having exceeded the volume limit. Now, the assumption has to be that the materials in those containers are potentially hazardous. If not, why were they seized in the first place? But if so, why are they dumped unceremoniously into the trash? They are not quarantined or handed over to the bomb squad; they are simply thrown away. The agency seems to be saying that it knows these things are harmless. But it?s going to steal them anyway, and either you accept it or you don?t fly. But of all the contradictions and self-defeating measures T.S.A. has come up with, possibly none is more blatantly ludicrous than the policy decreeing that pilots and flight attendants undergo the same x-ray and metal detector screening as passengers. What makes it ludicrous is that tens of thousands of other airport workers, from baggage loaders and fuelers to cabin cleaners and maintenance personnel, are subject only to occasional random screenings when they come to work. These are individuals with full access to aircraft, inside and out. Some are airline employees, though a high percentage are contract staff belonging to outside companies. The fact that crew members, many of whom are former military fliers, and all of whom endured rigorous background checks prior to being hired, are required to take out their laptops and surrender their hobby knives, while a caterer or cabin cleaner sidesteps the entire process and walks onto a plane unimpeded, nullifies almost everything our T.S.A. minders have said and done since September 11th, 2001. If there is a more ringing let-me-get-this-straight scenario anywhere in the realm of airport security, I?d like to hear it. I?m not suggesting that the rules be tightened for non-crew members so much as relaxed for all accredited workers. Which perhaps urges us to reconsider the entire purpose of airport security: The truth is, regardless of how many pointy tools and shampoo bottles we confiscate, there shall remain an unlimited number of ways to smuggle dangerous items onto a plane. The precise shape, form and substance of those items is irrelevant. We are not fighting materials, we are fighting the imagination and cleverness of the would-be saboteur. Thus, what most people fail to grasp is that the nuts and bolts of keeping terrorists away from planes is not really the job of airport security at all. Rather, it?s the job of government agencies and law enforcement. It?s not very glamorous, but the grunt work of hunting down terrorists takes place far off stage, relying on the diligent work of cops, spies and intelligence officers. Air crimes need to be stopped at the planning stages. By the time a terrorist gets to the airport, chances are it?s too late. In the end, I?m not sure which is more troubling, the inanity of the existing regulations, or the average American?s acceptance of them and willingness to be humiliated. These wasteful and tedious protocols have solidified into what appears to be indefinite policy, with little or no opposition. There ought to be a tide of protest rising up against this mania. Where is it? At its loudest, the voice of the traveling public is one of grumbled resignation. The op-ed pages are silent, the pundits have nothing meaningful to say. The airlines, for their part, are in something of a bind. The willingness of our carriers to allow flying to become an increasingly unpleasant experience suggests a business sense of masochistic capitulation. On the other hand, imagine the outrage among security zealots should airlines be caught lobbying for what is perceived to be a dangerous abrogation of security and responsibility ? even if it?s not. Carriers caught plenty of flack, almost all of it unfair, in the aftermath of September 11th. Understandably, they no longer want that liability. As for Americans themselves, I suppose that it?s less than realistic to expect street protests or airport sit-ins from citizen fliers, and maybe we shouldn?t expect too much from a press and media that have had no trouble letting countless other injustices slip to the wayside. And rather than rethink our policies, the best we?ve come up with is a way to skirt them ? for a fee, naturally ? via schemes like Registered Traveler. Americans can now pay to have their personal information put on file just to avoid the hassle of airport security. As cynical as George Orwell ever was, I doubt he imagined the idea of citizens offering up money for their own subjugation. How we got to this point is an interesting study in reactionary politics, fear-mongering and a disconcerting willingness of the American public to accept almost anything in the name of ?security.? Conned and frightened, our nation demands not actual security, but security spectacle. And although a reasonable percentage of passengers, along with most security experts, would concur such theater serves no useful purpose, there has been surprisingly little outrage. In that regard, maybe we?ve gotten exactly the system we deserve. From rforno at infowarrior.org Sat Dec 29 17:01:06 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Dec 2007 12:01:06 -0500 Subject: [Infowarrior] - The Year in Oversight Message-ID: The Year in Oversight News: The yeas and nays of Congress' efforts to gavel the Bush administration into order in 2007 By Brian Beutler, Media Consortium December 24, 2007 http://www.motherjones.com/washington_dispatch/2007/12/year-in-oversight.htm l As the year draws to a close, it will be tempting for pundits?liberal and otherwise?to despair at the Democrats' inability to wield their new congressional leadership to affect real and swift change in the country. After all, the war in Iraq not only continues, but 2007 was its deadliest year. FISA presents a greater danger to American civil liberties today than it did when the Democrats took their gavels in January. And the radiant vision of Karl Rove being escorted down Pennsylvania Avenue to jail never came to pass. But there have been successes, too. Many have emerged as part of an aggressive oversight effort, which has dragged a number of scandals out of the shadows and into the cleansing daylight. Democrats in both the House and Senate have led the way in exposing corrupt leadership at the Department of Justice, in revealing just how shadowy the president's domestic spying program is (and how unpopular it is among members of the federal law enforcement community), and in alerting the country to the damaging and deadly role private military contractors play in war zones. So as we all take the measure of 2007, here?s the good, the bad, and the ugly in a year's worth of congressional oversight. Quiet as a mouse. There certainly have been gaffes, softballs, and missed opportunities. And the most obvious are found in the Senate Committee on Homeland Security?the Senate's version of Rep. Henry Waxman's Oversight Committee in the House. Unlike Waxman's enthusiastic probing, the Senate chair conducted zero proactive investigations into Bush administration malfeasance. It's chairman? Connecticut's Joseph Lieberman. Fit for a Prince. Likewise, when Erik Prince, the now-infamous CEO of private military contractor Blackwater, was called to testify before Waxman's committee on October 2, many assumed he'd be slaughtered. Blackwater contractors had recently massacred more than a dozen Iraqis and had been implicated in a host of other atrocities. Waxman even came armed with a long and damning report about the company's misdeeds. But by the end of the hearing, Prince had found his stride. He shifted the focus from Blackwater to structural problems with the war effort in Iraq and refused to disclose how much of his company's billion dollars in federal contracts constituted profit. He closed by graciously thanking the committee for its hospitality. "Glad I could come here and correct some facts," Prince said. Naming names?of sources. Over the summer, the House Judiciary Committee created an electronic tip line for whistleblowers in the Justice Department. Do-gooders provided enough personal information to allow the committee to investigate, but were assured the information would be kept in confidence. And it was?until the committee accidentally sent a list of the whistleblowers' email addresses to every address that had been entered at the site, including Vice President Dick Cheney's public email: vice_president at whitehouse.gov. Foresight is 20/20. Blunders weren't confined to investigations. Democrats Dianne Feinstein and Charles Schumer helped Republican Judiciary Committee members endorse the nomination of then-designate Attorney General Michael Mukasey, despite his equivocal answers to questions about torture. The full Senate confirmed him by a vote of 53-40 on November 8; just one month later, the Department of Justice revealed that CIA videotapes of two detainees being interrogated?and allegedly waterboarded?had been destroyed, despite widespread objections among members of the government in the know. Given Mukasey's unwillingness to describe waterboarding as torture?and therefore a crime?some, including Senator Joe Biden, want an independent investigation of the matter. The year started on a better foot for Democrats. Mukasey's nomination was the result of months of congressional tenacity in uncovering the administration's lies and distortions about its firing of U.S. attorneys and its warrantless wiretapping program. Throughout the spring and summer, the House and Senate Judiciary committees uncovered documents and held hearings that shook the Justice Department to its foundation. Oops, did I say that? The U.S. attorneys scandal erupted almost immediately after the Democrats took over Congress, and, as such, became the focal point of their oversight. In their first weeks in power, Democrats interrogated Justice Department officials and obtained documents at odds with their testimonies. On May 23, under a grant of limited immunity, Justice's former director of public affairs, Monica Goodling, told the House Judiciary Committee that her one-time colleague, then-Deputy Attorney General Paul McNulty, had misled the Congress about the extent of White House involvement in politically motivated firings of U.S. attorneys. Poor bedside manner. Just days earlier, on May 15, former Deputy Attorney General James Comey detailed for the Senate Judiciary Committee a 2004 attempt by then-White House Counsel Alberto Gonzales to make then-Attorney General John Ashcroft sign off on the National Security Agency's so-called Terrorist Surveillance Program. Delirious in his hospital bed, Ashcroft refused, referring Gonzales instead to Comey. Comey thought the warrantless domestic snooping illegal and did not approve it. When the White House attempted to go over his head, he and several senior Justice Department officials threatened to resign. All in the family. Prince's graceful exit from Waxman's October hearing was not the end of the Blackwater saga. A big part of Blackwater's job in Iraq is to protect State Department officers, but former Inspector General Howard "Cookie" Krongard had a peculiar allergy to watchdogging the relationship. On November 14, we learned why. Waxman's committee asked Cookie some tough questions?among them, did he know that his brother, A.B. "Buzzy" Krongard, was a member of Blackwater's advisory board? Cookie first insisted that his brother had told him otherwise in a conversation six weeks prior. During a break, he called his brother Buzzy and, he says, learned the hard truth, prompting him to vow before the committee to recuse himself from all Blackwater investigations going forward. The story didn't end there. Later that same day, reporter Spencer Ackerman of TPM Media reached Buzzy by telephone and learned that Cookie, according to Buzzy, had known of his brother's role at Blackwater for weeks. In the wake of this revelation, Cookie stepped down from his position altogether. Whether he'll face a perjury inquiry remains to be seen. The attorney general has no clothes. Perhaps the biggest oversight victory can be found in the dislodging of Gonzalez. On July 24, brewing Justice Department controversies came to a head when Gonzales appeared before the Senate Judiciary Committee and embarrassed himself badly on a number of fronts. In his testimony, Gonzales insisted, among other things, that the warrantless wiretapping program was a matter of little controversy within the Department of Justice?that all disagreements had involved another, unidentified intelligence operation. But two days later, on July 26, FBI director Robert Mueller, under questioning by the House Judiciary Committee's Rep. Mel Watt, admitted to having "serious reservations about the warrantless wiretapping program." The admission raised two possibilities: Either the wiretapping program had once been much more aggressive than we know, or Gonzales had directly perjured himself. In September, following in the footsteps of a host of senior Justice officials, Gonzales tendered his resignation?a capstone of a series of investigations so aggressively obstructed that three current and former administration officials may well be held in contempt by one or both houses of Congress in 2008. Brian Beutler is the Washington correspondent for the Media Consortium, a network of progressive media organizations, including Mother Jones. From rforno at infowarrior.org Sat Dec 29 17:04:09 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Dec 2007 12:04:09 -0500 Subject: [Infowarrior] - OpEd: We Are All Prisoners Now Message-ID: We Are All Prisoners Now by Paul Craig Roberts We Are All Prisoners Now http://www.antiwar.com/roberts/?articleid=12113 Paul Craig Roberts "They?re locking them up today They?re throwing away the key I wonder who it?ll be tomorrow, you or me?" ~ The Red Telephone (LOVE, 1967) At Christmas time it has been my habit to write a column in remembrance of the many innocent people in prisons whose lives have been stolen by the US criminal justice (sic) system that is as inhumane as it is indifferent to justice. Usually I retell the cases of William Strong and Christophe Gaynor, two men framed in the state of Virginia by prosecutors and judges as wicked and corrupt as any who served Hitler or Stalin. This year is different. All Americans are now imprisoned in a world of lies and deception created by the Bush Regime and the two complicit parties of Congress, by federal judges too timid or ignorant to recognize a rogue regime running roughshod over the Constitution, by a bought and paid for media that serves as propagandists for a regime of war criminals, and by a public who have forsaken their Founding Fathers. Americans are also imprisoned by fear, a false fear created by the hoax of "terrorism." It has turned out that headline terrorist events since 9/11 have been orchestrated by the US government. For example, the alleged terrorist plot to blow up Chicago?s Sears Tower was the brainchild of an FBI agent who searched out a few disaffected people to give lip service to the plot devised by the FBI agent. He arrested his victims, whose trial ended in acquittal and mistrial. Raising doubts among Americans about the government is not a strong point of the corporate media. Americans live in a world of propaganda designed to secure their acquiescence to war crimes, torture, searches and police state measures, military aggression, hegemony and oppression, while portraying Americans (and Israelis) as the salt of the earth who are threatened by Muslims who hate their "freedom and democracy." Americans cling to this "truth" while the Bush regime and a complicit Congress destroy the Bill of Rights and engineer the theft of elections. Freedom and democracy in America have been reduced to no-fly lists, spying without warrants, arrests without warrants or evidence, permanent detention despite the constitutional protection of habeas corpus, torture despite the prohibition against self-incrimination ? the list goes on and on. In today?s fearful America, a US Senator, whose elder brothers were (1) a military hero killed in action, (2) a President of the United States assassinated in office, (3) an Attorney General of the United States and likely president except he was assassinated like his brother, can find himself on the no-fly list. Present and former high government officials, with top secret security clearances, cannot fly with a tube of toothpaste or a bottle of water despite the absence of any evidence that extreme measures imposed by "airport security" makes flying safer. Elderly American citizens with walkers and young mothers with children are meticulously searched because US Homeland Security cannot tell the difference between an American citizen and a terrorist. All Americans should note the ominous implications of the inability of Homeland Security to distinguish an American citizen from a terrorist. When Airport Security cannot differentiate a US Marine General recipient of the Medal of Honor from a terrorist, Americans have all the information they need to know. Any and every American can be arrested by unaccountable authority, held indefinitely without charges and tortured until he or she can no longer stand the abuse and confesses. This predicament, which can now befall any American, is our reward for our stupidity, our indifference, our gullibility, and our lack of compassion for anyone but ourselves. Some Americans have begun to comprehend the tremendous financial costs of the "war on terror." But few understand the cost to American liberty. Last October a Democrat-sponsored bill, "Prevention of Violent Radicalism and Homegrown Terrorism," passed the House of Representatives 404 to 6. Only six members of the House voted against tyrannical legislation that would destroy freedom of speech and freedom of assembly and that would mandate 18 months of congressional hearings to discover Americans with "extreme" views who could be preemptively arrested. What better indication that the US Constitution has lost its authority when elected representatives closest to the people pass a bill that permits the Bill of Rights to be overturned by the subjective opinion of members of an "Extremist Belief Commission" and Homeland Security bureaucrats? Clearly, Americans face no greater threat than the government in Washington. From rforno at infowarrior.org Sat Dec 29 17:08:16 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Dec 2007 12:08:16 -0500 Subject: [Infowarrior] - The MS OOXML Smokescreen Message-ID: In an effort to win quick converts to its bid to have Microsoft Office Open XML (MOOXML) accepted as an ISO standard, Microsoft is deprecating parts of its widely-criticized MOOXML. But whatever the new Microsoft OOXML file format with deprecated parts will eventually look like (if such a format ever appears in an actual application), these cosmetic changes don?t really make a difference for Microsoft or the world. Neither Microsoft Office 2007 or the version after that will ever likely produce a standards-compliant format. Besides, OpenDocument has been around now for a few years and is becoming widely supported in industry. However, there has been no meaningful movement from MS towards support. Actions speak louder than words. What is described in the ECMA OOXML specification is not what is currently implemented in MS Office 2007. The actual specification: says ECMA OOXML is a format that Microsoft Office 2007 can *read*. Note, however, that it is not the format that Microsoft Office 2007 is actually *writing* for example: The Scripts, macros, passwords, Sharepoint tagshooks, DRM and other tie-ins used by MS Office 2007 are not part of the ECMA OOXML specification. If you try encrypting a document in Office 2007, it is no longer even a zip file + XML at that point. There is no editor reference application for Office Open XML, so an application can send Office Open files to Microsoft Office, and Microsoft Office can open those files, but any edits are saved in a different format! < - > http://fanaticattack.com/2007/the-deprecated-smoke-screen-of-ms-office-open- xml-ooxml.html From rforno at infowarrior.org Sat Dec 29 17:09:04 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Dec 2007 12:09:04 -0500 Subject: [Infowarrior] - SCO gets the boot from Nasdaq Message-ID: Take care, bye-bye now! --rf SCO Group gets the boot from Nasdaq Posted by Stephen Shankland The Nasdaq market has delisted The SCO Group, the Linux-seller-turned-Linux-litigant now in Chapter 11 bankruptcy protection. The Lindon, Utah-based company's shares were taken off the Nasdaq because of the bankruptcy proceedings, the company said Thursday in a statement. The company had appealed Nasdaq's decision to do so but lost its appeal on December 21, the company said in a regulatory filing with the Securities and Exchange Commission. The company filed for bankruptcy protection in the wake of years of steadily declining Unix revenue and a court ruling in August that crippled its legal argument that its proprietary Unix technology is used in open-source Linux. A court ruled Novell still holds the Unix copyrights. http://www.news.com/8301-13580_3-9838155-39.html?part=rss&subj=news& tag=2547-1_3-0-20 From rforno at infowarrior.org Sat Dec 29 17:10:12 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Dec 2007 12:10:12 -0500 Subject: [Infowarrior] - Patent Litigation Run Amok Message-ID: Patent Litigation Run Amok http://trolltracker.blogspot.com/2007/12/patent-litigation-run-amok.html Back in early October I looked at the Fortune 100 and looked at who got sued the most (Part 1, Part 1a, Part 2). To nobody's surprise, the companies in the high tech/telecom industry have been the most sued, especially by non-practicing entities. Well, the last three months haven't changed any of that. With patents valued at an all-time high and the threat of patent reform around the corner, the onslaught of cases -- especially in plaintiff-friendly jurisdictions like the Eastern District of Texas -- is unbelievable. I decided to take my top 20 list from the end of September, and add the last three months' cases. Below is my revised list. For the hell of it, I added in Apple and Google. I actually did three lists: the number of patent cases filed against these companies since October 1, the total in 2006-2007, and the number of patent lawsuits by non-practicing entities in 2006-2007. (Note that, of course, this does not include cases filed December 19-31, even though I did see a huge multi-defendant case today involving Google. Also, this does not include cases where companies' customers were sued - I have no idea who's indemnifying whom). Before I give the list, my conclusions: patent litigation is out of control. Out of the top third of the companies in the Fortune 100 sued for patent infringement over the last two years (plus adding in Apple and Google), these 35 companies were sued 500 times in that two-year period! That's an average of over 14 times per company. Out of those 500 lawsuits, you would expect roughly 60 in the last 3 months. But, in fact, there were almost double that number of lawsuits in the last 3 months aimed at those top 35 companies. Moreover, in the 21-month period from January 2006 through September 2007, cases filed by entites that don't make any products accounted for around 50% of the cases filed against those top 35 entities, which comprised companies in the High Tech, Financial, Retail, Automotive, Health Care, and Bio/Pharma sectors. Sure, some sectors (High Tech, Financial) had more NPEs than others, but the overall percentage was 50%. But looking at the last 3 months, the percentage of NPE cases among these 35 leading American companies has shot from 50% up to nearly 70%. And if you look at the High Tech/Telecom and Financial sectors only over the last 3 months, a full 80% (63 out of 78) were cases brought by these non-practicing entities. (And note, I did not include individual inventors or universities in the "non-practicing entity" category, or else the numbers would have been even more shockingly higher) (And what about Microsoft, being sued almost twice per month over the last two years? Every month. For two years!) Without further adieu, here are the lists: Defendants Sued The Most, October-December 2007 (through December 18) 1. Microsoft (12) 2t. Apple (7) 2t. HP (7) 4t. Cisco (6) 4t. Google (6) 4t. Wal-Mart (6) 7t. AT&T (5) 7t. Dell (5) 7t. Motorola (5) 10t. Intel (4) 10t. Johnson & Johnson (4) 10t. Sprint Nextel (4) 10t. Target (4) Defendants Sued The Most, 2006-2007 (through December 18) 1. Microsoft (43) 2. Verizon (29) 3t. Target (28) 3t. Dell (28) 5t. Wal-Mart (24) 5t. HP (24) 7. Apple (23) 8t. Motorola (20) 8t. Sprint Nextel (20) 10. AT&T (19) 11. Johnson & Johnson (18) 12t. GE (16) 12t. Google (16) 14t. General Motors (15) 14t. IBM (15) 16. Cisco (14) 17. Sears (12) 18t. Best Buy (11) 18t. Time Warner (11) 20t. Comcast (10) 20t. Lowe's (10) 20t. Honeywell (10) 23. Walgreen (9) 24. Intel (8) 7 patent lawsuits Bank of America Costco FedEx Procter & Gamble 6 patent lawsuits CVS/Caremark Ford Home Depot McKesson 5 patent lawsuits 3M Federated Department Stores Merck Defendants Sued The Most By Non-Practicing Entities, 2006-2007 1. Microsoft (23) 2. Verizon (22) 3. Sprint/Nextel (19) 4. Dell (18) 5. Motorola (17) 6. AT&T (16) 7t. Apple (15) 7t. HP (15) 9t. Cisco (13) 9t. Google (13) 11. Time Warner (11) 12. General Motors (10) 13t. Comcast (9) 13t. IBM (9) 15t. Bank of America (7) 15t. FedEx (7) 15t. Wal-Mart (7) 18. Best Buy (6) 19t. General Electric (5) 19t. Intel (5) From rforno at infowarrior.org Sat Dec 29 17:12:16 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Dec 2007 12:12:16 -0500 Subject: [Infowarrior] - Leaked Microsoft Docs: DoubleClick Deal Monopolistic Message-ID: www.internetnews.com/bus-news/article.php/3718921 Leaked Microsoft Docs: DoubleClick Deal Monopolistic By Stuart J. Johnston December 28, 2007 Online advertising is crucial to Microsoft's burgeoning "software-plus-services" initiative ? it's the fuel for all the free services the company is bringing to market. It is no surprise then, that the approval earlier this month of the merger of Google and DoubleClick by a 4 to 1 vote of the U.S. Federal Trade Commission (FTC) was bad news for Microsoft -- not that it didn't try to derail the deal. A blogger for the New York Times last week obtained three confidential Microsoft documents that the software behemoth had provided to the FTC this fall. They were prepared in support of Microsoft's arguments that the merger would harm competitors' ability to compete in emerging online advertising marketplaces. Microsoft officials independently confirmed the documents are bona fide. "We believe this merger raises serious questions about the future of competition in the online advertising market, as well as about consumer privacy and copyright protection," Jack Evans, a Microsoft spokesperson, said in an e-mail to InternetNews.com. The leaked documents go into more detail. "By combining the dominant network for sales of online advertising with the dominant provider of ad-serving tools (which are the advertiser and publisher 'portals' to the online advertising market), Google will obtain dominant control over the 'pipeline' for online advertising," the introduction to the main document, titled "Summary of Antitrust Analysis," states. The company's high-level analysis? "The transaction will put Google in a position to extract an increasing portion of the money flowing between advertisers and publishers through the pipeline. It will also enable Google to use its access to, and control over, a predominant share of publisher 'inventory' (the ad space on a Web page available to be seen by users) and valuable user information to impair its rivals? ability to compete to sell and serve ads," the document continues. The other two documents include a PowerPoint slide deck illustrating the state of the online advertising business today and what Microsoft purports it would look like if the merger goes through. It also includes a document containing proposed alternative remedies that the FTC could have taken. Obviously, the documents didn't carry the weight with the FTC that Microsoft's legal and public relations teams had hoped. However, all is not lost ? not yet, at any rate. That's because the European Commission (EC) is holding a meeting regarding the proposed merger on January 21. The EC announced last month that it would take a deeper look at the proposed $3.1 billion deal, after a preliminary evaluation found that the combination would raise competition concerns. While Microsoft officials would not confirm that the same or similar documents will be or have been already filed with the EC, it seems apparent that will be the case, with some tweaking to reflect differences in the EC's laws and markets. One of the lingering questions is whether the EC is still so ticked at Microsoft for having dragged its heels for three years over the 2004 antitrust ruling against Microsoft that the company's arguments won't hold much weight. That question is counterbalanced by another: whether the perceived threat of another emerging potential monopoly will get the EC riled up enough to block the merger outright. Microsoft, of course, hopes that its arguments will resonate more clearly with the EC than they did with the FTC. "Google?s acquisition of DoubleClick would result in Google controlling a virtual monopoly share of the ad-serving capacity currently available to third-party publishers and thus would raise barriers to entry/competition to insurmountable levels (and require competitors to confront a rival that is dominant in every component of the pipeline and that can manipulate network effects to make entry even more difficult)," the documents state. In its best "Help, I'm drowning" voice, the company warns that even the all powerful Microsoft has been blocked from Google's main market ? search advertising. "One need look no further than search advertising to see that despite Microsoft?s size, technical prowess, and strong incentives, it has been unable to compete effectively with Google in search and that Google's lead in search advertising has continued to grow because of network efforts." In its pitch to the FTC's commissioners, Microsoft didn't just shoot for an "all or nothing" approach, however. If the merger isn't blocked outright, the company has several fallback positions it recommends, none of which were chosen by the FTC, by the way. Here Microsoft's documents echo some of the same concerns as European consumer groups that argue the combination of the two online advertising giants, along with their huge databases of users' behaviors, would not only threaten users' privacy, but also drive up advertising rates for European companies, and thus artificially raise consumer prices. One of Microsoft's recommendations would be to force Google to divest itself of key ad publishing tools it is acquiring with DoubleClick. "Unless and until Google's competitors are able to obtain access to competitively neutral and unbiased ad-serving tools like those currently provided by DoubleClick, the ability of Google's rivals to create viable alternative pipelines will be very difficult, if possible at all," Microsoft's analysis document states at one point. Under other recommendations, in the remedies document, Microsoft calls for "open access for competing ad networks," as well as prohibiting Google from "discriminating in favor of DoubleClick in terms of the access that Google affords ad-serving tool vendors to its networks." These arguments did not sway the FTC. However, the EC has proven it takes a different view of competition than U.S. governmental bodies, so the decision could go either way. Microsoft, meanwhile, has not been frugal about trying to compete head-to-head with Google and DoubleClick. Last summer, it spent $6 billion on ad giant aQuantive. As one sign of some success, Microsoft also this month inked a deal valued at $500 million with cable giant Viacom, formerly a DoubleClick customer, to serve ads on its content Web sites and to sell left-over online advertising inventory. From rforno at infowarrior.org Sun Dec 30 20:29:14 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 Dec 2007 15:29:14 -0500 Subject: [Infowarrior] - RIAA Now Going After Personal Use Message-ID: Download Uproar: Record Industry Goes After Personal Use By Marc Fisher Washington Post Staff Writer Sunday, December 30, 2007; M05 http://www.washingtonpost.com/wp-dyn/content/article/2007/12/28/AR2007122800 693_pf.html Despite more than 20,000 lawsuits filed against music fans in the years since they started finding free tunes online rather than buying CDs from record companies, the recording industry has utterly failed to halt the decline of the record album or the rise of digital music sharing. Still, hardly a month goes by without a news release from the industry's lobby, the Recording Industry Association of America, touting a new wave of letters to college students and others demanding a settlement payment and threatening a legal battle. Now, in an unusual case in which an Arizona recipient of an RIAA letter has fought back in court rather than write a check to avoid hefty legal fees, the industry is taking its argument against music sharing one step further: In legal documents in its federal case against Jeffrey Howell, a Scottsdale, Ariz., man who kept a collection of about 2,000 music recordings on his personal computer, the industry maintains that it is illegal for someone who has legally purchased a CD to transfer that music into his computer. The industry's lawyer in the case, Ira Schwartz, argues in a brief filed earlier this month that the MP3 files Howell made on his computer from legally bought CDs are "unauthorized copies" of copyrighted recordings. "I couldn't believe it when I read that," says Ray Beckerman, a New York lawyer who represents six clients who have been sued by the RIAA. "The basic principle in the law is that you have to distribute actual physical copies to be guilty of violating copyright. But recently, the industry has been going around saying that even a personal copy on your computer is a violation." RIAA's hard-line position seems clear. Its Web site says: "If you make unauthorized copies of copyrighted music recordings, you're stealing. You're breaking the law and you could be held legally liable for thousands of dollars in damages." They're not kidding. In October, after a trial in Minnesota -- the first time the industry has made its case before a federal jury -- Jammie Thomas was ordered to pay $220,000 to the big record companies. That's $9,250 for each of 24 songs she was accused of sharing online. Whether customers may copy their CDs onto their computers -- an act at the very heart of the digital revolution -- has a murky legal foundation, the RIAA argues. The industry's own Web site says that making a personal copy of a CD that you bought legitimately may not be a legal right, but it "won't usually raise concerns," as long as you don't give away the music or lend it to anyone. Of course, that's exactly what millions of people do every day. In a Los Angeles Times poll, 69 percent of teenagers surveyed said they thought it was legal to copy a CD they own and give it to a friend. The RIAA cites a study that found that more than half of current college students download music and movies illegally. The Howell case was not the first time the industry has argued that making a personal copy from a legally purchased CD is illegal. At the Thomas trial in Minnesota, Sony BMG's chief of litigation, Jennifer Pariser, testified that "when an individual makes a copy of a song for himself, I suppose we can say he stole a song." Copying a song you bought is "a nice way of saying 'steals just one copy,' " she said. But lawyers for consumers point to a series of court rulings over the last few decades that found no violation of copyright law in the use of VCRs and other devices to time-shift TV programs; that is, to make personal copies for the purpose of making portable a legally obtained recording. As technologies evolve, old media companies tend not to be the source of the innovation that allows them to survive. Even so, new technologies don't usually kill off old media: That's the good news for the recording industry, as for the TV, movie, newspaper and magazine businesses. But for those old media to survive, they must adapt, finding new business models and new, compelling content to offer. The RIAA's legal crusade against its customers is a classic example of an old media company clinging to a business model that has collapsed. Four years of a failed strategy has only "created a whole market of people who specifically look to buy independent goods so as not to deal with the big record companies," Beckerman says. "Every problem they're trying to solve is worse now than when they started." The industry "will continue to bring lawsuits" against those who "ignore years of warnings," RIAA spokesman Jonathan Lamy said in a statement. "It's not our first choice, but it's a necessary part of the equation. There are consequences for breaking the law." And, perhaps, for firing up your computer. From rforno at infowarrior.org Mon Dec 31 00:56:32 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 Dec 2007 19:56:32 -0500 Subject: [Infowarrior] - Individual privacy under threat in Europe and U.S., report says Message-ID: Individual privacy under threat in Europe and U.S., report says The Associated Press Sunday, December 30, 2007 http://www.iht.com/bin/printfriendly.php?id=8957581 LONDON: Individual privacy is under threat in the United States and across the European Union as governments introduce sweeping surveillance and information-gathering measures in the name of security and controlling borders, an international rights group has said in a report. Greece, Romania and Canada had the best privacy records of 47 countries surveyed by Privacy International, which is based in London. Malaysia, Russia and China were ranked worst. Both Britain and the United States fell into the lowest-performing group of "endemic surveillance societies." "The general trend is that privacy is being extinguished in country after country," said Simon Davies, director of Privacy International. "Even those countries where we expected ongoing strong privacy protection, like Germany and Canada, are sinking into the mire." In the United States, the administration of President George W. Bush has come under fire from civil liberties groups for its domestic wiretapping program, which allows monitoring, without a warrant, of international phone calls and e-mail messages involving people suspected of having terrorist links. "The last five years has seen a litany of surveillance initiatives," Davies said. He said little had changed since the Democrats took control of Congress a year ago. "We would expect the cancellation of some programs, the review of others, but this hasn't occurred," Davies said. Britain was criticized for its plans for national identity cards, a lack of government accountability and the world's largest network of surveillance cameras. Davies said the loss earlier this year of computer disks containing personal information and bank details on 25 million people in Britain highlighted the risks of centralizing information on huge government databases. The report, released Saturday, said privacy protection was worsening across Western Europe, although it was improving in the former Communist states of Eastern Europe. It said concern about terrorism, immigration and border security was driving the spread of identity and fingerprinting systems, often without regard to individual privacy. The report said the trends had been fueled by the emergence "of a profitable surveillance industry dominated by global IT companies and the creation of numerous international treaties that frequently operate outside judicial or democratic processes." The survey considers a range of factors, including legal protection of privacy, enforcement, data sharing, the use of biometrics and the prevalence of closed circuit TV cameras. "People shouldn't feel despondent about the results," Davies said. "Our view is that privacy-friendly systems will emerge in coming years and that consumers will soon begin to see privacy as a political issue." From rforno at infowarrior.org Mon Dec 31 11:54:37 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 Dec 2007 06:54:37 -0500 Subject: [Infowarrior] - Will More Eyes Make Us Safer? Message-ID: NYT - Jet Lagged http://jetlagged.blogs.nytimes.com/2007/12/30/will-more-eyes-make-us-safer/ December 30, 2007, 5:47 pm Will More Eyes Make Us Safer? By Clark Kent Ervin You know the old saw - "there are three kinds of lies: lies, damn lies and statistics." The quip was brought to mind when I glanced at the year-end Department of Homeland Security fact sheet touting what it's done to make us safer. Among the featured items was "increasing by more than 175 percent the number of personnel trained in techniques to identify high-risk passengers in airports." Call me cynical, but I always wonder when huge statistical increases are cited rather than the raw numbers themselves, especially when the statistics are being cited by government officials. And that goes double when the officials in question are from the Department of Homeland Security. But it's not really the numbers that concern me here; it's the program itself. Since 2003, the Transportation Security Administration has operated a program called SPOT (Screening Passengers by Observation Techniques). T.S.A. workers are given four days of classroom instruction and one day of on-the-job-training in spotting suspicious behavior that might be indicative of terrorist intent. They then roam airports looking for passengers who appear unusually nervous or angry or determined, in hopes of preventing the next would-be Mohammed Atta from carrying out another attack. I'm not opposed to behavior recognition, in theory. The Israelis have been using it for years quite successfully. And it makes sense to complement efforts to spot deadly weapons by concentrating at least some attention on spotting people with deadly intent. After all, as another old saying goes, "guns don't kill people; people kill people." And T.S.A. is right that there should be many layers of security to multiply its chances of catching terrorists. The agency is also right to introduce more randomness into the security system, to decrease the chance that terrorist plotters can learn protocols and procedures well enough to defeat them. Behavior recognition is nothing if not "random." But I strongly question whether five days is enough to train anybody in the intrinsically difficult art-science of behavior detection. And with all due respect to T.S.A. screeners, they are not Mossad agents. Study after study has shown them to be incapable of spotting artfully concealed weapons, and sometimes, even, inartfully concealed ones. So, what makes us think that screeners who can't tell a bomb component from a curling iron can all of sudden tell whether the guy with the big frown on his face is frowning because he's determined to kill infidels today or because somebody just dropped a suitcase on his foot? Appearances are, needless to say, in the eye of the beholder. People can appear to be agitated or nervous for any number of reasons. Some people are scared of flying. Some people have medical conditions or psychological disorders that make them sweat or jiggle or otherwise seem oddly out of place. And, then, the very act of interrogation causes some people who wouldn't otherwise be agitated or nervous in an airport to become nervous or agitated. Hardened terrorists, on the other hand, are trained to be as cool as cucumbers and to blend into their surroundings like lizards on leaves. So, while screeners are sizing up the hapless sap with the nervous tic, Al Qaeda operatives are free to go about their deadly business. Oh, and another thing. It would be interesting to see the racial/ethnic profile of who's been deemed to be acting suspiciously. If it were to turn out that most are, or at least appear to be, Arab or South Asian, the program could wind up doing more harm than good. Such stereotyping would, rightly, incense the Arab-South Asian-Muslim community at a time when America needs its support as never before to help root out the tiny minority of extremists among them. And it would play into the hands of Al Qaeda by focusing attention on one profile at a time when our intelligence tells us the terrorist group is seeking to recruit people who don't fit that profile. So, before I'm comfortable with calling the increase in "B.D.O."'s (Behavior Detection Officers) a real achievement, I'd want to know a lot more what they actually do, how they do it, and how well they distinguish between terrorists and innocents like you and me. Increasing by 175 percent the use of an even a good idea badly executed is nothing to brag about. Clark Kent Ervin was the first inspector general of the United States Department of Homeland Security, where he served from January, 2003 to December, 2004. He is the Director of the Aspen Institute?s Homeland Security Program and the author of ?Open Target: Where America is Vulnerable to Attack.? He lives in Washington. From rforno at infowarrior.org Mon Dec 31 15:03:58 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 Dec 2007 10:03:58 -0500 Subject: [Infowarrior] - Happy New Year Message-ID: Happy 2008, everyone! And to start the new year off, here's some securitygeek-oriented humour that came out this morning. Enjoy. :) http://xkcd.com/364/ All the best for '08 and beyond, -rick From rforno at infowarrior.org Mon Dec 31 20:19:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 Dec 2007 15:19:29 -0500 Subject: [Infowarrior] - Data breaches reached new heights in 2007 Message-ID: Reports of data breaches reached new heights in 2007 By Mark Jewell, Associated Press BOSTON ? The loss or theft of personal data such as credit card and Social Security numbers soared to unprecedented levels in 2007, and the trend isn't expected to turn around anytime soon as hackers stay a step ahead of security and laptops disappear with sensitive information. And while companies, government agencies, schools and other institutions are spending more to protect ever-increasing volumes of data with more sophisticated firewalls and encryption, the investment often is too little too late. "More of them are experiencing data breaches, and they're responding to them in a reactive way, rather than proactively looking at the company's security and seeing where the holes might be," said Linda Foley, who founded the San Diego-based Identity Theft Resource Center after becoming an identity theft victim herself. Foley's group lists more than 79 million records reported compromised in the United States through Dec. 18. That's a nearly fourfold increase from the nearly 20 million records reported in all of 2006. Another group, Attrition.org, estimates more than 162 million records compromised through Dec. 21 ? both in the U.S. and overseas, unlike the other group's U.S.-only list. Attrition reported 49 million last year. "It's just the nature of business, that moving forward, more companies are going to have more records, so there will be more records compromised each year," said Attrition's Brian Martin. "I imagine the total records compromised will steadily climb." But the biggest difference between the groups' record-loss counts is Attrition.org's estimate that 94 million records were exposed in a theft of credit card data at TJX Cos., the owner of discount stores including T.J. Maxx and Marshalls. The TJX breach accounts for more than half the total records reported lost this year on both groups' lists. The Identity Theft Resource Center counts about 46 million ? the number of records TJX acknowledged in March were potentially compromised. Attrition's figure is based on estimates from Visa and MasterCard officials who were deposed in a lawsuit banks filed against TJX. The breach is believed to have started when hackers intercepted wireless transfers of customer information at two Marshalls stores in Miami ? an entry point that led the hackers to eventually break into TJX's central databases. TJX has said that before the breach, which was revealed in January, it invested "millions of dollars on computer security, and believes our security was comparable to many major retailers." With wireless data transmission more common, hackers increasingly are expected to target what many experts see as a major vulnerability. Eavesdroppers appear to be learning how to bypass security safeguards faster than ever, said Jay Tumas, the head of Harvard University's network operations, at a recent conference for information security professionals. "Within a year or two, these folks are catching up," Tumas said. The two non-profit groups' 2007 data also show rising numbers of incidents in which employees lose sensitive data, as opposed to cases of hacking. Besides TJX's problem, major 2007 breaches include lost data disks with bank account numbers in Britain, a hacker attack of a U.S.-based online broker's database and a con that spilled resume contact information from a U.S. online jobs site. "A lot of breaches are due to inadequate information handling, such as laptop computers with Social Security numbers on them that are lost," Foley said. "This is human error, and something that's completely avoidable, as opposed to a hacker breaking into your computer system." Attrition.org and the Identity Theft Resource Center are the only groups, government included, maintaining databases on breaches and trends each year. They've been keeping track for only a handful of years, with varied and still-evolving methods of learning about breaches and estimating how many people were affected. Despite those challenges, the two non-profits say it's clear 2007 will end up a record year for the amount of information compromised, because of greater data loss and increased reporting of breaches. Both groups acknowledge many breaches may be missing from their lists, because they largely count incidents reported in news media that they consider credible. Media coverage has risen in part because of the growing number of states requiring businesses and institutions to publicly disclose data losses. Thirty-seven states, plus Washington D.C., now have such requirements. Because of proliferation of such laws, "it may take a year or two before things stabilize and we can see what's really happening," Foley said. "If that's the case, then we'll know whether businesses are practicing better information-handling techniques." Copyright 2007 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. Find this article at: http://www.usatoday.com/tech/news/computersecurity/2007-12-30-data_N.htm