From rforno at infowarrior.org Thu Mar 1 10:51:31 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 01 Mar 2007 10:51:31 -0500 Subject: [Infowarrior] - Huge 'Ocean' Discovered Inside Earth Message-ID: http://www.livescience.com/environment/070228_beijing_anomoly.html Huge 'Ocean' Discovered Inside Earth By Ker Than LiveScience Staff Writer posted: 28 February 2007 01:28 pm ET Scientists scanning the deep interior of Earth have found evidence of a vast water reservoir beneath eastern Asia that is at least the volume of the Arctic Ocean. The discovery marks the first time such a large body of water has found in the planet?s deep mantle. The finding, made by Michael Wysession, a seismologist at Washington State University in St. Louis, and his former graduate student Jesse Lawrence, now at the University of California, San Diego, will be detailed in a forthcoming monograph to be published by the American Geophysical Union. Looking down deep The pair analyzed more than 600,000 seismograms?records of waves generated by earthquakes traveling through the Earth?collected from instruments scattered around the planet. They noticed a region beneath Asia where seismic waves appeared to dampen, or ?attenuate,? and also slow down slightly. ?Water slows the speed of waves a little,? Wysession explained. ?Lots of damping and a little slowing match the predictions for water very well.? Previous predictions calculated that if a cold slab of the ocean floor were to sink thousands of miles into the Earth?s mantle, the hot temperatures would cause water stored inside the rock to evaporate out. ?That is exactly what we show here,? Wysession said. ?Water inside the rock goes down with the sinking slab and it?s quite cold, but it heats up the deeper it goes, and the rock eventually becomes unstable and loses its water.? The water then rises up into the overlying region, which becomes saturated with water [image]. ?It would still look like solid rock to you,? Wysession told LiveScience. ?You would have to put it in the lab to find the water in it.? Although they appear solid, the composition of some ocean floor rocks is up to 15 percent water. ?The water molecules are actually stuck in the mineral structure of the rock,? Wysession explained. ?As you heat this up, it eventually dehydrates. It?s like taking clay and firing it to get all the water out.? The researchers estimate that up to 0.1 percent of the rock sinking down into the Earth?s mantle in that part of the world is water, which works out to about an Arctic Ocean?s worth of water. ?That?s a real back of the envelope type calculation,? Wysession said. ?That?s the best that we can do at this point.? The Beijing anomaly Wysession has dubbed the new underground feature the ?Beijing anomaly,? because seismic wave attenuation was found to be highest beneath the Chinese capital city. Wysession first used the moniker during a presentation of his work at the University of Beijing. ?They thought it was very, very interesting,? Wysession said. ?China is under greater seismic risk than just about any country in the world, so they are very interested in seismology.? Water covers 70 percent of Earth?s surface and one of its many functions is to act like a lubricant for the movement of continental plates. ?Look at our sister planet, Venus,? Wysession said. ?It is very hot and dry inside Venus, and Venus has no plate tectonics. All the water probably boiled off, and without water, there are no plates. The system is locked up, like a rusty Tin Man with no oil.? From rforno at infowarrior.org Thu Mar 1 19:07:04 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 01 Mar 2007 19:07:04 -0500 Subject: [Infowarrior] - National ID Card Regulations Issued Message-ID: (c/o Laura E.) DHS Regulations on REAL ID http://www.dhs.gov/xlibrary/assets/nprm_realid.pdf DHS FAQ on REAL ID http://www.dhs.gov/xprevprot/laws/gc_1172767635686.shtm From rforno at infowarrior.org Thu Mar 1 19:51:03 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 01 Mar 2007 19:51:03 -0500 Subject: [Infowarrior] - REAL ID: A few brief comments on the requirements Message-ID: After skimming through the REAL ID document just-released, here are a few comments. Source document: http://www.dhs.gov/xlibrary/assets/nprm_realid.pdf > As discussed below and in section II.E.6 of the NPRM, the recommended > architecture for implementing these data exchanges does not create a national > database, because it leaves the decision of how to conduct the exchanges in > the hands of the States. Moreover, no Federal agency will operate the data > exchanges affecting non-commercial driver?s licensing. Translation: "REAL ID will not reside in a single database, but rather in a collaborative (clustered) environment, with each state's database constituting one portion of that environment (cluster.) And it's not a 'national' or 'federal' database because no Federal agency will operate it." Splitting hairs here, aren't we? A rose by any other name...... > DHS believes that protecting the privacy of the personal information > associated with implementation of the REAL ID Act is critical to maintaining > the public trust that Government can provide basic services to its citizens > while preserving their privacy. Then to solidify the trust we're being asked to place in our government, DHS could start by calling this what it really is when you look past its wrappings and bureaucratic mumbo-jumbo: a National ID Card. > Further, in almost all cases there is no way to verify independently from > documents presented that an address is a person?s principal address. A > mortgage statement or lease may indicate that a person owns or rents property > in a particular place, and while the landlord or bank holding the mortgage > could verify this, it does not establish that this is the person?s principal > residence, just that the ownership or rental is legitimate. In addition, the > cost to States of verifying a multitude of documents presented to establish > address, such as utility bills, leases, mortgages, or other documents, is > potentially significant. In spite of these limitations, there is a need for > some reliability in the information presented for principal residence, as > evidenced by the experience of the 9/11 hijackers and how they obtained > Virginia driver?s licenses (see section II.D.3). Therefore, DHS is 49 > proposing that the States require each applicant to present at least two > documents that include his or her name and current principal residence. > However, the States will retain the flexibility to determine for themselves > precisely which documents, or combination of documents, an applicant must > present to satisfy this requirement and how a State will validate or verify > this information. The proposed regulation would require States to establish a > written policy identifying acceptable documents and how, or if, they will be > independently validated or verified. The proposal would also require that > States provide this information to DHS as part of their initial certification > package and whenever this Translation: "While it's really difficult, if not impossible, to verify independently someone's domicile address, it's important to ensure accurate location information on subjects listed in this new National ID database to prevent another 9/11 from happening. But because it's such a hard requirement to get our hands around -- Americans are just so darn free and mobile -- a utility bill or bank statement probably would be good enough....especially for government work." > The primary benefit of REAL ID is to improve the security and lessen the > vulnerability of federal buildings, nuclear facilities, and aircraft to > terrorist attack. Memo to DHS: Reinforced cockpit doors fixed the primary vulnerability responsible for 9/11 and were a long-overdue countermeasure. And exactly how many members of the American public and/or visiting tourists just 'drop by' a nuclear facility that you need to confirm their IDs before granting entry? Are you saying that this is the case, and I can walk right into my local nuclear power plant and see the atoms in action? If so, you've got much bigger problems to worry about than verifying my ID. > The potential ancillary benefits of REAL ID are numerous, as it would be > more difficult to fraudulently obtain a legitimate license and would be > substantially more costly to create a false license. These other benefits > include reducing identity theft, unqualified driving, and fraudulent > activities facilitated by less secure driver?s licenses such as fraudulent > access to government subsidies and welfare programs, illegal immigration, > unlawful employment, unlawful access to firearms, voter fraud, and possibly > underage drinking and smoking. DHS assumes that REAL ID would bring about > changes on the margin that would potentially increase security and reduce > illegal behavior. Because the 109 size of the economic costs that REAL ID > serves to reduce on the margin are so large, however, a relatively small > impact of REAL ID may lead to significant benefits. Let's not forget making it easier for identity theft to occur via a closed networked cluster of databases containing very private information and the likely ability (abuse) to use this de facto National ID card for marketing purposes or other purposes not even remotely-related to the primary benefits you cited earlier. And this beauty, which is, quite literally, the LAST paragraph of this 160+ page document: > (a) States that issue driver?s licenses and identification cards that do not > satisfy the standards of this Part after May 11, 2008, must ensure that such > driver?s licenses and identification cards-- (1) Clearly state, on their face > in bold lettering, as well as in the machine readable zone if the card > contains one, that they may not be accepted by any Federal agency for Federal > identification or other official purpose; and > > 161 (2) Have a unique design or color indicator that clearly distinguishes > them from driver?s licenses and identification cards that meet the standards > of this Part. Meaning if you value your privacy and refuse to carry a REAL ID or if your state decides that REAL ID indeed is the cost-prohibitive sham for security that it is and decides to not play with DHS' desire to create a National ID card, its citizens will be branded with the post-9/11 version of the "Scarlett Letter" to let all who see their ID card know that they're "different" --- or at least not "one of the good guys." Stigmatized. Branded. Marked. Ostracized. Segregated. Will we have separate bathrooms, too? REAL ID *must* be stopped. For many reasons. -rf From rforno at infowarrior.org Fri Mar 2 08:49:51 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Mar 2007 08:49:51 -0500 Subject: [Infowarrior] - DOJ: Calling Mrs. Lovejoy.... Message-ID: *flails hands in hysterics* Once again, the silver-bullet-justification of "protecting children from sexual predators" is added to something controversial by the DOJ to make a controversial surveillance/enforcement initiative seem less-bad than it really is. I wonder if they can use "child porn" as a way to enact a new round of farm subsidies or ensure the Alaska Bridge To Nowhere actually gets built. Child porn = bad, for sure. But exploiting its dangers in the name of further solidifying the establishment of the Total Surveillance State as part of the government's flawed threat assessments and irrational fears is abominable. Of course, it's called the "SAFETY ACT" --- how reassuring! *flails hands in hysterics* -rf http://news.com.com/2102-1028_3-6163679.html?tag=st.util.print > The Bush administration has accelerated its Internet surveillance push by > proposing that Web sites must keep records of who uploads photographs or > videos in case police determine the content is illegal and choose to > investigate, CNET News.com has learned. > > That proposal surfaced Wednesday in a private meeting during which U.S. > Department of Justice officials, including Assistant Attorney General Rachel > Brand, tried to convince industry representatives such as AOL and Comcast that > data retention would be valuable in investigating terrorism, child pornography > and other crimes. The discussions were described to News.com by several people > who attended the meeting. From rforno at infowarrior.org Fri Mar 2 09:58:33 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Mar 2007 09:58:33 -0500 Subject: [Infowarrior] - RFI - To blog or not to blog? Message-ID: While due to time constraints I probably won't get involved in discussions/debates, but there's enough folks sending me offlist items that might just be better-suited in a more public forum where others can read/comment on them, and perhaps learn from them as well. Ergo, I'm thinking of transitioning to a blog and perhaps shifting from e-mail to blog entries. While I'm only in the early "gee-should-I-do-this" stages of thinking, what say you? Good idea, bad idea? What do y'all think? -rf From rforno at infowarrior.org Fri Mar 2 10:35:06 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Mar 2007 10:35:06 -0500 Subject: [Infowarrior] - The rise of zero-day patches Message-ID: Original URL: http://www.theregister.co.uk/2007/03/02/zero-day_patches_interviews/ The rise of zero-day patches By Federico Biancuzzi Published Friday 2nd March 2007 13:01 GMT Interview Zero-day exploits were once the realm of just underground and elite hackers, but their increased prevalence is bringing a positive new trend: unofficial patches from members of the community, offered for protection before official vendor patches appear. Federico Biancuzzi interviewed Landon Fuller, who wrote Mac OS X patches for recent Month of Apple Bugs vulnerabilities, and the ZERT team, which has offered patches for critical Microsoft Windows zero-days that were actively exploited. Part 1: Landon Fuller on patching Mac OS X Could you introduce yourself? Landon Fuller: I'm a 24 year old bicycle addict. I'm also the director of infrastructure for Three Rings Design (http://www.threerings.net), a small video game company based here in San Francisco. Why have you chosen to write zero-day patches? Landon Fuller: Writing these patches (http://landonf.bikemonkey.org/) provides challenging, discrete problems that are fun to solve. Additionally, I personally appreciate having the option to apply a patch while waiting for a vendor fix - that's an option that I'm happy to provide to others. How much time do you need to develop a patch? Landon Fuller: Generally speaking, it takes anywhere from two to eight hours. My steps for creating a patch are: 1. Recreate the test case and reproduce the issue. For example, to reproduce the Java GIF vulnerability (http://www.zerodayinitiative.com/advisories/ZDI-07-005.html) from the provided description, I had to read up on the GIF format and adapt ImageMagick to produce specifically broken image files. 2. Find the vulnerable code. This is generally a straight-forward debugging exercise, but not always - in patching the Flip4Mac (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-0466) vulnerability, I found that Telestream had stripped all but a few symbols from their binary. Finding the vulnerable code required working backwards up the soon-to-be mangled stack on my x86 system, locating and labeling functions according to their assumed purpose and finding the bug (unexpected signed integer overflow where an unsigned integer should have been used). I then had to do the same thing on my PowerPC system - considerably simpler once I'd already found the issue. William Carrel (http://blog.carrel.org/) also helped debug that one. 3. Determine the safest way to patch an issue and implement the patch. Sometimes this can be tricky. With the CoreGraphics PDF infinite-loop DoS, two functions had to be patched - an entry function, where a per-thread counter was initialised, and an internal function, where the counter was incremented. When the counter function hit the maximum loop count, the patched code returned an error its caller could handle, and CoreGraphics recognised the PDF as corrupt. Additionally, I implemented an idea suggested by William Carrel - to protect against recursion, the outer counter initialiser maintained a reference count that was incremented each time it was called, and decremented directly prior to exiting. The loop counter was not deallocated until the reference count hit 0. 4. Test the patch. Prior to releasing a patch, I would test the fix on both x86 and PowerPC systems. I also implemented a regression test suite, and used that to test the patches for all previous issues as well. Occasionally testing would find an issue, but for the most part, this was the quickest step. How much additional effort is needed to support localised versions of the software? Landon Fuller: Fortunately, Apple's means of localisation does not require implementing multiple versions of a single piece of software. Localised resources are independent of the code, and in nearly all cases the same patch can be used for any localisation. What type of problems (if any) did you have to handle while dealing with two types of architectures (PowerPC and x86)? Landon Fuller: Apple (via NeXT) has solved the multiple architecture issue very nicely - the i386 and PowerPC releases of Mac OS X are built, for the most part, from the same (or very similar) code base. The patch was written in C and cross-compiled for both architectures; after reverse engineering and implementing a patch on x86, I would verify the function signatures on PowerPC and run the regression tests. Only a few instances - such as the Flip4Mac patch - required any architecture-specific wrangling. Did you use the available source code of Darwin to solve any of the bugs? Landon Fuller: While none of the non-kernel Apple bugs were in available source, I did do some research on issues using the available Mac OS X source - one example being the CoreFoundation %n format string specifier. Does the MacOS X license limit your power to develop and/or distribute fixes? Landon Fuller: I'm not a lawyer, and that's a complex area of law. That said, I believe that this kind of work is protected under existing US law, and even more importantly, is ethically sound practice. How do you install your patches? Do you need to include some pieces of the file you are going to patch? Do you think this could become a legal problem? Landon Fuller: The patches are installed as plugins to Application Enhancer (http://www.unsanity.com/haxies/ape/). The code is loaded into vulnerable applications at runtime; it finds and patches the vulnerable functions by name, whether they are in libraries, plugins, or the applications themselves. This means that the same patch can generally be used on both PowerPC and x86 systems, no files are ever modified on disk, and also, the contents of the original file are not required. Sometimes the symbols are stripped and can't be found by name - this was the case with Flip4Mac. I implemented the patch by finding one of the few public symbols that are exported by the plugin, and then computing the offset to the vulnerable code on both PowerPC and x86 systems. At runtime, the patch does the same thing I did manually - it locates the address of the public symbol, adds the offset I computed, and patches the function at the resultant address. Each patch is locked to the specific, latest version of the software in question, and refuses to patch newer versions - as new software releases are installed, there's no worry about patch incompatibilities causing crashes, or more importantly, getting in the way of an official vendor fix. Have you involved Apple during the process of developing or testing a patch, or shared your findings after the patch was released? Landon Fuller: I've made all of the code to the patches available to the public, including Apple, and I've also privately reported to the vendor any additional issues I've found in the course of producing those patches. Have you looked into Apple's official patches for these bugs? From your analysis, what can you say? Landon Fuller: The fixes will generally not be entirely the same, as run-time function patching necessitates wrapping the vulnerable code and preventing failure conditions from occurring. An official patch will simply fix the root issue. Generally vendors take a long time to release patches. They often claim that this time is required to test all possible configurations and interactions with other software to avoid breaking production systems. How can your approach be faster doing reverse engineering? Landon Fuller: Vendors typically have much more extensive testing, review, and verification processes in place; they often support multiple released versions of the software, and multiple products that need to be reviewed for the same flaw. Releases need to be tested for regressions and public release needs to be scheduled. These processes are in place to ensure that customers are well-served by stable software releases. It may be that development/release process changes could reduce turn-around for security issues that's difficult to evaluate from the outside. I do think it's clear, however, that releasing patches for critical issues should take days or weeks, not months. Ultimately, the turnaround from many vendors during the "Month of Apple Bugs (http://projects.info-pull.com/moab/)" was exemplary - OmniGroup had a patch out for OmniWeb within hours. Part 2: ZERT What is ZERT? ZERT: ZERT (http://isotf.org/zert/) (the Zero-day Emergency Response Team) is a group of engineers with extensive experience in reverse engineering software, firmware and hardware coupled with liaisons from industry, community and incident response groups. While ZERT works with several Internet security operations and has liaisons to anti-virus and network operations communities, ZERT is not affiliated with a particular vendor. The purpose of ZERT is not to "crack" products, but rather to "uncrack" them by averting security vulnerabilities in them before they can be widely exploited. Why do we need a Zero-day Emergency Response Team? ZERT: In recent times there has been significantly more effort by criminal elements to exploit zero-day vulnerabilities for financial gain. In some cases the pervasiveness of vulnerabilities presents a critical risk to a significant number of internet users. At such time it may be desirable to some people to have an option to implement interim safeguards until a manufacturer's patch is available. ZERT members work together as a team to release a non-vendor patch when a so-called "0day" (zero-day) exploit appears in the open which poses a serious risk to the public, to the infrastructure of the internet, or both. What type of channels do you control to look for zero-day exploits? ZERT: ZERT members belong to and work with a wide variety of organisations that encounter zero-day exploits or reports thereof. At the moment you have released some patches for Microsoft software. Do you plan to work on other vendors' software too? ZERT: When a zero-day is announced members of ZERT will discuss the perceived exploitability of the vulnerability and the anticipated impact. If the vulnerability is deemed to be critical enough to warrant a patch and the members have the time and skills to create a patch that they are comfortable with then the name of the vendor is not really a concern. How much time do you need to develop a patch? How much additional effort is need to support localised versions of the software? ZERT: The amount of time to develop, test and release a patch will vary from vulnerability to vulnerability. There really haven't been enough patches released by ZERT to have a meaningful historical reference. To date we have not discussed the localisation of patches. Generally closed-source vendors take a long time to release patches. They often claim that this time is required to test all possible configurations and interactions with other software to avoid breaking production systems. How can your approach be faster even without access to source code? What type of reliability testing do you make? ZERT: ZERT always recommends that anyone using a third party patch perform extensive testing in their environment to determine the suitability and compatibility of the patch. ZERT cannot perform the in-depth testing that we would expect of the vendor. If a person is faced with taking one or more servers or workstations offline or trying a third party patch until the vendor has an authorized solution, the choice may be to risk a patch that has undergone less than optimal testing. Generally, if vendor supplied workarounds are viable those would be a first choice. ZERT developers and beta testers test the patches on a variety of systems, but we do not claim to be able to perform the exhaustive testing that a vendor would. That is why ZERT always recommends caution in the use of third party patches and proper testing in the user's environment. Did you have any legal problem posting some disassembled code from a Microsoft patch in your paper [PDF (http://zert.isotf.org/papers/vml-details-20061004.pdf)]? ZERT: No, we have not had any legal problems at all. ZERT has a legal advisor, but we have not had legal issues at all, other than how we wish to license our patches. ZERT does not publish vulnerabilities, ZERT provides patches for published vulnerabilities. >From your analysis of official patches from Microsoft, what can you say? What approach do they use when fixing bugs? ZERT: ZERT has no interest in the variety of ways that a vendor may choose to approach the problems they solve. Vendors must choose the methods they deem most suitable on a case by case basis. ZERT's focus is generally on interim solutions for critical vulnerabilities. How do you install your patches? Do you need to include some pieces of the file you are going to patch? Do you think this could become a legal problem? ZERT: There are a variety of ways to patch vulnerabilities. Care is taken not to redistribute code in a manner that would violate license agreements. We have had no reason to expect any legal problems to date and do not expect any in the future. We license our software as open source under BSD or GPL. Will new Vista security mechanisms block the use of external patches? ZERT: This will depend on what needs to be patched. As long as it is not the kernel or a signed driver it is unlikely to have much effect on third party patches, and probably virtually no effect on patching vulnerabilities for other vendor's products. Does Microsoft EULA limit your power to develop and/or distribute fixes? ZERT: Microsoft EULAs do not apply to Linux, Apple, Sun, Dlink, Linksys, etc. ZERT is not a vendor centric organisation. We have not had any issues with Microsoft in regards to EULA infringements. Are you aware of any new clause included in Windows Vista EULA that could affect your work? ZERT: ZERT enjoys open communications with Microsoft. If a Microsoft EULA is ever an issue with respect to a ZERT patch we are confident that Microsoft will advise us of an concerns. We do not anticipate any issues with any vendor's EULAs however. Federico Biancuzzi is freelancer. In addition to SecurityFocus he also writes for ONLamp, LinuxDevCenter, and NewsForge. This article originally appeared in Security Focus (http://www.securityfocus.com/columnists/437/). Copyright ? 2007, SecurityFocus (http://www.securityfocus.com/) From rforno at infowarrior.org Fri Mar 2 12:52:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Mar 2007 12:52:29 -0500 Subject: [Infowarrior] - A history of Microsoft Windows - the inside story exposed Message-ID: (what's a Friday without some humor? -rf) A history of Microsoft Windows - the inside story exposed Dates, times, approximations By Liam Proven: Friday 02 March 2007, 12:32 WELCOME TO AN architectural overview of the design and planning of a market-leading operating system, illustrating how real professionals do this sort of thing. Please note that due to a complete lack of access to internal documentation, dates are approximate. < - > http://www.theinquirer.net/default.aspx?article=37962 From rforno at infowarrior.org Fri Mar 2 14:36:08 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Mar 2007 14:36:08 -0500 Subject: [Infowarrior] - CBS 60 Minutes Report- Sunday 3/4/07 -- Jihad.Com In-Reply-To: <05a901c75d01$8df4a740$911fa480@mcapmmw208d> Message-ID: Ooooh, cyber-warriors! This bears watching....... -rf ------ Forwarded Message http://www.cbsnews.com/stories/1998/07/08/60minutes/main13502.shtml Sunday, March 4, 2007 JIHAD.COM - The most important recruitment tool for Al Qaeda and other Islamic terrorist groups is the Internet, where Scott Pelley finds sites devoted to terror and cyber warriors out to shut them down. Harry Radliffe is the producer. From rforno at infowarrior.org Fri Mar 2 16:57:19 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Mar 2007 16:57:19 -0500 Subject: [Infowarrior] - Army secretary resigns in scandal's wake Message-ID: (I'm sure there's more to come here.........rf) Army secretary resigns in scandal's wake By ROBERT BURNS, AP Military Writer 11 minutes ago Army Secretary Francis J. Harvey abruptly stepped down Friday as the Bush administration struggled to cope with the fallout from a scandal over substandard conditions for wounded Iraq soldiers at Walter Reed Army Medical Center. The surprise move came one day after Harvey fired the two-star general in charge of the medical center in response to disclosures of problems at the hospital compound. Defense Secretary Robert Gates said Harvey had resigned. But senior defense officials speaking on condition of anonymity said Gates had asked Harvey to leave. Gates was displeased that Harvey, after firing Maj. Gen. George Weightman as the head of Walter Reed, chose to name as Weightman's temporary replacement another general whose role in the controversy was still in question. "I am disappointed that some in the Army have not adequately appreciated the seriousness of the situation pertaining to outpatient care at Walter Reed," Gates said in the Pentagon briefing room. He took no questions from reporters < - > http://news.yahoo.com/s/ap/20070302/ap_on_go_ca_st_pe/walter_reed&printer=1; _ylt=Aiqwjxls9IfHA.I1my3ibdKWwvIE From rforno at infowarrior.org Sat Mar 3 21:13:24 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 03 Mar 2007 21:13:24 -0500 Subject: [Infowarrior] - UK to fingerprint all children for national database Message-ID: Children of 11 to be finger printed David Leppard http://www.timesonline.co.uk/tol/news/uk/article1466943.ece CHILDREN aged 11 to 16 are to have their fingerprints taken and stored on a secret database, internal Whitehall documents reveal. The leaked Home Office plans show that the mass fingerprinting will start in 2010, with a batch of 295,000 youngsters who apply for passports. The Home Office expects 545,000 children aged 11 and over to have their prints taken in 2011, with the figure settling at an annual 495,000 from 2014. Their fingerprints will be held on a database also used by the Immigration and Nationality Directorate to store the fingerprints of hundreds of thousands of asylum seekers. The plans are outlined in a series of ?restricted? documents circulating among officials in the Identity and Passport Service. They form part of the programme for the introduction of new biometric passports and ID cards. Opposition politicians and privacy campaigners warn that the plans show ministers are turning Britain into a ?surveillance society?. David Davis, the shadow home secretary, said: ?This borders on the sinister and it shows the government is trying to end the presumption of innocence. With the fingerprinting of all our children, this government is clearly determined to enforce major changes in the relationship between the citizen and the state in a way never seen before.? Under the new passport and ID scheme, everyone over 16 who applies for a passport will have their details ? including fingerprints and eye or facial scans ? added to the National Identity Register from next year. >From October 2009, ID cards will be issued alongside new passports. Initially these will not be mandatory, but Tony Blair has said that if Labour is reelected it will make them compulsory, a process that the documents predict will take just over a decade. Children under 16 will not be part of the ID card scheme. But the documents show that from 2010 they will still have to be fingerprinted for a new passport. The prints will initially be stored on the directorate?s database. Once children reach 16 their fingerprints and other personal information will be passed for storage on the register, along with those of nearly 50m adults. Children applying for passports will have to travel up to 80 miles to special Home Office screening centres to have their fingerprints taken. The leaked plans envisage 90 new enrolment centres for the ID card scheme on top of the existing network of passport offices. They estimate that it will cost ?528m over 10 years in travel costs for the 5.75m people expected to apply for a new passport each year. The documents also spell out how the cost of passports is set to rise again this year. They say that unless the Home Office can get extra funding for the scheme, the cost of an adult passport will rise by ?10 to ?76 this October. The cost will have risen by 81% since December 2005 when it increased from ?42 to ?51. Last October the price rose again to ?66. When Labour came to power in 1997 a passport cost ?18. The plans show that the price of a child?s passport is to rise even more sharply, to ?58 from the present ?45. The price will have more than doubled in less than two years, rising in stages from ?25 to ?34 in December 2005 and to ?45 last October. Critics described the plans as a stealth tax on holidaymakers to pay for the controversial ID cards scheme. Ministers have already conceded that the cost of the new combined ID card and passport will be ?93 from 2009, but the documents show that price could rise to ?109 at to-day?s prices. A range of further ?stealth charges? will also be imposed, according to the documents. Women who change their names if they get married will have to pay ?36; a further ?27 will be charged to replace a lost or stolen ID card; ?26 to replace a damaged card; and ?6 for a change of address or personal ID number. The documents show that ID cards will not be made compulsory for more than a decade, under present plans. ?Compulsion will be triggered once 80% take-up is achieved in [the first quarter of] 2019,? they state. ?It is assumed that, following compulsion, a 100% registration will be achieved two years later.? The prime minister has hailed the ID cards scheme as the centrepiece of efforts to combat terrorism and illegal immigration, as well as identity theft and benefit fraud. But opponents dismiss it as a ?Big Brother? scheme that is too expensive, poorly planned and unlikely to function efficiently. Last year leaked e-mails from civil servants warned the scheme could be a ?botched operation? that could delay the introduction of ID cards for a generation. The government says the scheme will cost ?6 billion to implement. However, in 2005, the London School of Economics estimated it would cost ?19 billion. The Tories have pledged to scrap the scheme if they win the next election. From rforno at infowarrior.org Sun Mar 4 00:14:02 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 04 Mar 2007 00:14:02 -0500 Subject: [Infowarrior] - Reuters to start financial MySpace Message-ID: Reuters to start financial MySpace http://business.guardian.co.uk/story/0,,2024687,00.html Richard Wray, communications editor Friday March 2, 2007 The Guardian Reuters is planning to launch its own version of MySpace this year - though its community website will not be aimed at teenagers. Instead, fund managers, traders and analysts are being targeted. Reuters hopes to draw from the 70,000 subscribers of its messaging service as a starting point for its foray into the fast-growing sector of community websites. "You will see us, later in the year, launch a version of MySpace for the financial services community," said the chief executive, Tom Glocer. "It won't have the latest hot videos and the 'why I am into Metallica and the Arctic Monkeys' blogs. Instead we are going to give our financial services users the ability to post their research or if they are traders, their trading models." The website will also be exclusive to Reuters subscribers. "People don't want to have 100 friend requests from teenage girls in Florida if they are trading the credit derivatives market, but they probably are interested in being able to share research," said Mr Glocer. Reuters has been quick to embrace online potential. Last year it posted one of its journalists to Second Life, where he reports on events within the virtual world. The company has sold advertising on the billboards outside its virtual headquarters within Second Life. "I would still put this strongly in the realm of experimentation but it's a nice controlled experiment that has probably paid for itself 10 times over in marketing," he said. Reuters reported yesterday an 8% decline in annual trading profits - to ?308m - as it invested in its business. Revenues were ?2.56bn, up 4.8% on an underlying basis. Reuters said revenues would increase at least 6% this year. From rforno at infowarrior.org Sun Mar 4 21:31:27 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 04 Mar 2007 21:31:27 -0500 Subject: [Infowarrior] - The rise of technology addiction Message-ID: The rise of technology addiction The seemingly exponential growth of portable technology has sparked fears that people are becoming addicted or swamped by gadgets and their uses. One major consequence of this phenomenon is that the line between work and private life is much more blurred, now that e-mail and phones provide a 24-hour link between employers and staff. Experts believe that even the decision-making process of the average person can be adversely affected. However, others think that the bombardment of various communications can enhance the brain's ability to process information. Addiction symptoms Nada Kakabadse, a Professor at the Northampton Business School, said: "Your judgement is impaired. Equally your decision making processes are impaired. "It's like losing your spatial judgement, so instead of walking through the door you walk into it. You're more prone to have a car accident if you drive." Prof Kakabadse added: "It's addiction to portable technology, which you take with you practically to bed, the cinema, to the theatre, to a dinner party. The symptoms are, like with any other addiction, that people spend more time using their technology than spending it in socialising or in family time." The growing importance of the issue was highlighted at a gathering in Geneva, Switzerland, for the LIFT 07 technology conference. One of the conclusions reached by experts was that "tech overload" is the price people have to pay for always-on communication, where the line between work and play has become blurred. In fact, there is even some evidence that being bombarded with information from all directions is actually beneficial. Professor Fred Mast, of the University of Lausanne, said: "I think that we can become overloaded. It depends on the situation, but I think we are underestimating the brain's capacity to adapt to new challenges. "Studies have been done showing that people can actually enhance their cognitive abilities, which helps them to process more information at the same time. And their performance even transfers to other tasks." Experts have also noted how different types of technology have developed their own etiquette. For instance, an e-mail can wait two days to be answered but a text message demands an almost immediate reply. Stefana Broadbent from Swisscom said: "E-mail is considered the most formal. At the other end of the spectrum SMS is the most personal of all. "That's where we find all those little exchanges, little endearments, what we call grooming, which is sending: 'I think about you. How did it go? How did you sleep?' He added: "That is actually given by the number of characters. With such few characters, you have to have a lot of mutual understanding and mutual knowledge." Prof Kakabadse added that prioritising was a vital way to prevent communication overload. She said: "I really think it is the responsibility of the individual to prioritise. Even if an employee pushes the boundaries, do discuss with the employee in a constructive way how we can do things better without being overloaded." Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/programmes/click_online/6411495.stm Published: 2007/03/02 15:31:44 GMT ? BBC MMVII From rforno at infowarrior.org Sun Mar 4 21:35:12 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 04 Mar 2007 21:35:12 -0500 Subject: [Infowarrior] - The Pentagon Wants TiVo (to Watch You) Message-ID: The Pentagon Wants TiVo (to Watch You) http://blog.wired.com/defense/2007/03/the_pentagon_wa.html I always love how the Pentagon, after spending billions of dollars on Rube Goldberg contraptions, suddenly discovers that useful things might actually exist in the commercial sector. And so yet another Pentagon advisory panel has picked up on this fact.Poltergeist_041505_big Reuters yesterday reported on a recently issued study on future technologies written by the Pentagon's Defense Science Board. More than anything, it seems these outside advisers want a surveillance system that would put Big Brother to shame, and they're looking at the commercial sector to provide it: William Schneider, the board's chairman, said a key finding was a need to track individuals, objects and activities -- much smaller targets than the Cold War's regiments, battalions and naval battle groups. "It's really an appeal to capture and put into military systems the know-how that's already available in the market place," Schneider said in a telephone interview. So, after reviewing the available technology, what specific types of things do they suggest the military needs? Well, one example, is the Pentagon wants TiVo, according the report (available as a PDF here): To counter these new threats, technology exists, or could be developed, to provide new levels of spatial, temporal, and spectral resolution and diversity. Furthermore, the ability to record terabyte and larger databases will provide an omnipresent knowledge of the present and the past that can be used to rewind battle space observations in TiVo-like fashion and to run recorded time backwards to help identify and locate even low-level enemy forces. For example, after a car bomb detonates, one would have the ability to play high-resolution data backward in time to follows the vehicle back to the source, and then use that knowledge to focus collection and gain additional information by organizing and searching through archived data. Much of the report comes as little surprise: the science advisers want to move away from Cold War-era weapons and toward technologies that can be used in urban conflicts. Small sensors, finding better ways to use data, and an emphasis on increasingly popular "influence operations" all figure big. -- Sharon Weinberger From rforno at infowarrior.org Mon Mar 5 10:00:12 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 05 Mar 2007 10:00:12 -0500 Subject: [Infowarrior] - Top Secret: We're Wiretapping You Message-ID: Top Secret: We're Wiretapping You http://www.wired.com/news/technology/1,72811-0.html By Ryan Singel| Also by this reporter 02:00 AM Mar, 05, 2007 It could be a scene from Kafka or Brazil. Imagine a government agency, in a bureaucratic foul-up, accidentally gives you a copy of a document marked "top secret." And it contains a log of some of your private phone calls. You read it and ponder it and wonder what it all means. Then, two months later, the FBI shows up at your door, demands the document back and orders you to forget you ever saw it. By all accounts, that's what happened to Washington D.C. attorney Wendell Belew in August 2004. And it happened at a time when no one outside a small group of high-ranking officials and workaday spooks knew the National Security Agency was listening in on Americans' phone calls without warrants. Belew didn't know what to make of the episode. But now, thanks to that government gaffe, he and a colleague have the distinction of being the only Americans who can prove they were specifically eavesdropped upon by the NSA's surveillance program. The pair are seeking $1 million each in a closely watched lawsuit against the government, which experts say represents the greatest chance, among over 50 different lawsuits, of convincing a key judge to declare the program illegal. Belew's bout with the Terrorist Surveillance Program began in 2004, when he was representing the U.S. branch office of the prominent Saudi Arabian charity Al-Haramain. Formerly one of the largest charities in Saudi Arabia, Al-Haramain worked to spread a strict view of Islam through philanthropy, missionary work and support for mosques around the world. Federal officials were investigating the Ashland, Oregon, branch of the group for alleged links to terrorism, and had already frozen the charity's U.S. assets. Belew was one of several lawyers trying to keep Al-Haramain off a U.S. Treasury Department watch list -- an effort that sent much paperwork flying back and forth between the attorneys and the Treasury Department's Washington D.C. headquarters across the street from the White House. On Aug. 20, 2004, fellow Al-Haramain attorney Lynne Bernabei noticed one of the documents from Treasury was marked "top secret." Bernabei gave the document to attorneys and directors at Al-Haramain's Saudi Arabia headquarters, and gave a copy to Belew. The document was a log of phone conversations Belew and co-counsel Asim Ghafoor had held with a Saudi-based director for the charity named Soliman al-Buthi. Al-Buthi was a Saudi government employee who volunteered as coordinator for Al-Haramain's North American branches, including the Oregon branch. In a telephone interview with Wired News, al-Buthi says he's now general manager for the environmental department of the city of Riyadh, working on an anti-bird flu project. He denied having any links to terrorism, now or in 2004. "I feel that Islam is best spread by wisdom not by arms or violence," al-Buthi says. Despite al-Buthi's claims of innocence, al-Buthi and Al-Haramain's American branch were added to the government's public list of terrorists on Sept. 9, 2004, just weeks after the government turned over the call log to the charity's attorneys. It's not clear when officials realized they'd given a highly classified document to an organization they considered terrorist, but the FBI showed up at Belew's office in October and demanded the call log back, advising the lawyer not to attempt to remember the document's contents. By then, Belew had given a copy of the document to Washington Post reporter David Ottaway, who had been writing about how the government investigated and listed individuals and groups suspected of funding terrorism. Ottaway did not report on the classified call log, and when the FBI called, the Post dutifully handed over its copy. That might have been the end of it. But in December 2005 The New York Times revealed that the government had been spying on Americans' overseas communications without warrants, and Al-Haramain's lawyers realized why the FBI had been so adamant about getting the document back. "I got up in the morning and read the story, and I thought, 'My god, we had a log of a wiretap and it may or may not have been the NSA and on further reflection it was NSA," says Thomas Nelson, who represents Al-Haramain and Belew. "So we decided to file a lawsuit." The lawyers retrieved one of the remaining copies of the document -- presumably from Saudi Arabia -- and used it to file a complaint in U.S. District Court in Oregon in February of last year. They sought damages from the government of $1 million each for Belew and Ghafoor, and the unfreezing of Al-Haramain's assets, because that action relied on the allegedly illegal spying. The lawsuit is poised to blow a hole through a bizarre catch-22 that has dogged other legal efforts to challenge the Bush administration's warrantless surveillance. Since the 2005 Times story, and subsequent acknowledgment of the surveillance by the Bush administration, some 50-odd lawsuits have sprung up around the NSA program, taking on the government and various telecom companies who are allegedly cooperating in spying on their customers, including BellSouth, Verizon and Sprint. Justice Department and phone company lawyers have asserted that the plaintiffs in those cases don't have legal standing to sue, because they have no proof that they were direct victims of the eavesdropping. At the same time, the government claims it doesn't have to reveal if any individual was or was not wiretapped because the "state secrets privilege" permits it to withhold information that would endanger national security. The tangible document makes Belew's case uniquely positioned to cut through that thicket, says Shayana Kadidal, an attorney with the Center for Constitutional Rights, which represents individuals being held in Guantanamo Bay. The center is also suing to stop the surveillance, but lacks Belew's concrete evidence of monitoring -- arguing instead that the possibility of being monitored hampers its legal work. "The government's line is that if you don't have evidence of actual surveillance, you lose on standing," says Kadidal. "Out of all the cases, this is the only one with evidence of actual surveillance." That evidence also gives the courts enough to rule immediately on whether the president had the authority to spy on Belew and Ghafoor without a court order, said Jon Eisenberg, one of Belew's lawyers. "We know how many times he's been surveilled," Eisenberg told a judge last month. "There is nothing left for this court to do except hear oral arguments on the legality of the program." The Justice Department isn't ready to concede that the two attorneys were swept into the NSA's extrajudicial surveillance. "The government has never confirmed or denied whether plaintiffs were surveilled, much less surveilled under the Terrorist Surveillance Program," spokesman Dean Boyd wrote in an e-mail to Wired News. But if the document is a harmless memo unrelated to NSA surveillance, it's unexpectedly agitating government spooks. Soon after the lawsuit was filed, the document was whisked out of the courthouse and into a Justice Department-controlled secure room known as a Secure Compartmented Information Facility in Portland, Oregon. According to government filings, it remains classified top secret and contains "sensitive compartmented information" -- meaning information that concerns or is derived from intelligence sources, methods or analytical processes, according to the defense and intelligence communities' own definition. Even the lawyers who filed the document with the court are no longer allowed to see it; instead, they've been permitted to file declarations, under seal, based on their memory of its contents. Other aspects of the case also support the plaintiffs' interpretation of the document. Last year, U.S. District Judge Garr King in Portland examined the document and read classified briefs filed by the Justice Department. Then he ordered the government to meet with the plaintiffs to discuss turning over more documents in discovery. It's not likely the court would have permitted the case to continue if the evidence didn't, in fact, indicate that the pair had been under surveillance. And if the surveillance had been court ordered and lawful, King would have been obliged to dismiss the lawsuit. Under the Foreign Intelligence Surveillance Act, or FISA, targets of counter-intelligence or counter-terrorism surveillance can only sue the government when no warrant has been issued. Lawyers for Belew and Ghafoor seize on this point. "If there was a FISA warrant, the whole case would have crumbled on the first day," Nelson says. "Its pretty obvious from the government's conduct in the case, there was no warrant." Justice department lawyers have argued that, even if the pair of lawyers were monitored, judging the president's authority to do so requires looking at the specific reasons why the duo were surveilled. And those facts would be national secrets that would tip off terrorists, so no court can ever rule on the program. "This is not to say there is no forum to air the weighty matters at issue, which remains a matter of considerable public interest and debate, but that the resolution of these issues must be left to the political branches of government," Justice Department lawyers wrote in a brief on the case. But the government has a new, and not necessarily friendly, judicial audience for its no-judges-allowed argument. In August, a special court ordered Belew's lawsuit to be consolidated into a single proceeding comprised of 54 other NSA-related lawsuits, before U.S. District Court Chief Judge Vaughn Walker in San Francisco. Walker has presided over the year-old class-action lawsuit brought by the Electronic Frontier Foundation against AT&T for the phone company's alleged cooperation with the NSA program. The judge made waves in July when he issued a landmark ruling that allowed the AT&T case to proceed, despite the government's claim that the suit must be thrown out because it involved national secrets. Walker ruled that the state-secrets privilege did not apply to the entirety of the case, because the government had admitted the program existed. (Walker recently rejected a motion filed by Wired News seeking the unsealing of evidence in the case.) The government has appealed that state secrets decision to the 9th Circuit Court of Appeals, and asked the judge to put a stop to all 55 cases pending that appeal. But Walker, a libertarian-leaning Republican, has kept the cases moving, noting that any decision from the appeals court is likely to wind through the court system up to the Supreme Court -- a process that could take years. Belew's lawsuit, his lawyers submit, is a chance to short circuit that process entirely. In a hearing in early February, Eisenberg told Walker that the classified document sets the Belew case apart from the other cases, because the judge has enough evidence to decide whether the warrantless surveillance was illegal, without waiting for the 9th Circuit to decide the state secrets issue. "You need only read the statutes to decide, 'Does the president have the right to do this without a warrant?'" Eisenberg said. Walker is expected to rule in March on whether to stay the case or set a hearing date, and the document will likely be moved, under guard, from the Portland secure facility to San Francisco, where Walker can review it. In the meantime, the NSA program is undergoing changes. In a separate lawsuit last August, Michigan U.S. District Court Judge Anna Diggs Taylor found the NSA surveillance program unconstitutional and illegal -- a decision that's now under appeal in the 6th Circuit. Facing that ruling and growing political pressure, in early January, Attorney General Alberto Gonzales essentially announced the end of the warrantless spying, saying the NSA program will continue, but would begin getting "innovative" court orders from the foreign intelligence court. With the program now reformed, the Justice Department has asked for several of the lawsuits against the government to be dismissed as moot. Al-Buthi is now a "specially designated global terrorist," according to the Treasury Department, and he's under indictment in the United States for failing to declare $150,000 in travelers checks raised to help Chechnyan refugees when he last flew out of the country. He told Wired News that he had always declared money when entering the United States, but wasn't aware he needed to do the same when leaving. He says he's been interrogated twice by Saudi officials and cleared of any wrongdoing. From rforno at infowarrior.org Tue Mar 6 07:30:48 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 06 Mar 2007 07:30:48 -0500 Subject: [Infowarrior] - Privacy Board Clears U.S. Spy Programs Message-ID: Mar 5, 9:13 PM EST Privacy Board Clears U.S. Spy Programs By HOPE YEN Associated Press Writer http://hosted.ap.org/dynamic/stories/T/TERROR_PRIVACY?SITE=WIRE&SECTION=HOME &TEMPLATE=DEFAULT WASHINGTON (AP) -- A White House privacy board is giving its stamp of approval to two of the Bush administration's controversial surveillance programs - electronic eavesdropping and financial tracking - and says they do not violate citizens' civil liberties. Democrats newly in charge of Congress quickly criticized the findings, which they said were questionable given some of the board members' close ties with the Bush administration. "Their current findings and any additional conclusions they reach will be taken with a grain of salt until they become fully independent," said Rep. Bennie Thompson, D-Miss., who chairs the House Homeland Security Committee. After operating mostly in secret for a year, the five-member Privacy and Civil Liberties Board is preparing to release its first report to Congress next week. The report finds that both the National Security Agency's warrantless eavesdropping program and the Treasury Department's monitoring of international banking transactions have sufficient privacy protections, three board members told The Associated Press in telephone interviews. Both programs have multiple layers of review before sensitive information is accessed, they said. "We looked at the program, we visited NSA and met with the top people all the way down to those doing the hands-on work," said Carol Dinkins, a Houston lawyer and former Reagan administration assistant attorney general who chairs the board. "The program is structured and implemented in a way that is properly protective and attentive to civil liberties," she said. Some board members were troubled by the Homeland Security Department's error-ridden no-fly lists, which critics say use subjective or inconclusive data to flag suspect travelers. One area the board will focus on in its report is the computerized anti-terrorism screening system recently announced by DHS and used for years without travelers' knowledge to assign risk assessments to millions of Americans who fly abroad. "That's a place where there's a lot of opportunity for improvement," Dinkins said. Lanny Davis, a former Clinton White House counsel and the lone Democrat on the panel, described the board's first report to Congress as modest. He said most of the work in the past year was spent being briefed on the administration's surveillance programs. "We felt reassured regarding the checks-and-balance concerns," Davis said. He said that after several classified briefings, members were impressed by the multiple layers of review, which included audit trails to track whoever has access to the data. Still, Davis said he anticipated the board will continue to monitor the program as needed. "It would be a mistake if that was the end of the review," he said. The board's initial findings come as Congress is moving forward on measures to give the board more authority and make it more independent of the president. Created in late 2004, the panel was established as a compromise between Congress and the White House after a recommendation by the Sept. 11 commission. Both conservative and liberal civil liberties groups have urged the members to aggressively review the eavesdropping program and have questioned whether board members would stand up to the president if he were flouting the law. In recent weeks, the administration has agreed to let a secret but independent panel of judges oversee the program. But many lawmakers and civil libertarians have remained skeptical about its legality, and the Justice Department's inspector general is investigating whether the agency used any of the information improperly. The warrantless program monitors phone calls and e-mails between the United States and other countries that are suspected to be linked to agents of al-Qaida. A federal judge in Detroit last August declared the program unconstitutional. Government attorneys have since asked a Cincinnati-based appeals court to dismiss the lawsuit, arguing the case is moot because the surveillance is now monitored by a secret court. Marc Rotenberg, executive director of the Electronic Privacy Information Center, called it absurd that the White House board effectively gave the eavesdropping program its stamp of approval even before the administration was forced to backtrack and submit it to court oversight. "I have no confidence in the current board in its ability to provide meaningful evaluation of important programs such as the no-fly lists, based on its work on the domestic surveillance program," he said. "It is critical that Congress make the civil liberties board independent of the executive branch." The board does not have subpoena power, and the White House can change its annual reports before they go to Congress. The members serve at the pleasure of Bush, and Attorney General Alberto Gonzales has final say over whether officials must comply with the board's recommendations. Separate House and Senate measures would require that the entire board - not just the chairman and vice chairman - be confirmed by the Senate. The House version would also remove the board from the executive office of the president but keep it within the executive branch and give it subpoena power. The Senate version would keep the board within the executive office and allow it to ask the attorney general to issue subpoenas, with notice to Congress required if a subpoena request was refused or modified. The privacy board members declined to comment on the proposed legislation. But they have made it clear they believe the board works effectively in its current structure and that it could alienate the president if members took on a more openly adversarial role. Bush appointed Dinkins, a Republican, to chair the board. A longtime friend of the Bush family, she was treasurer of Bush's first campaign for governor of Texas, and she is a longtime partner in the law firm of Vinson & Elkins, where Gonzales was once a partner. The panel's other GOP members are vice chairman Alan Raul, a Washington attorney, and former U.S. Solicitor General Theodore Olson. Former Ambassador Francis Taylor is an independent. --- On the Net: Privacy and Civil Liberties Oversight Board: http://www.whitehouse.gov/privacyboard/ ? 2007 The Associated Press. From rforno at infowarrior.org Tue Mar 6 16:50:33 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 06 Mar 2007 16:50:33 -0500 Subject: [Infowarrior] - ABC News to interview NSA-ATT whistleblower Message-ID: Whistle-blower Had to Fight NSA, LA Times to Tell Story March 06, 2007 10:53 AM Brian Ross and Vic Walter Report: http://blogs.abcnews.com/theblotter/2007/03/whistleblower_h.html Klein_splitter_nr Whistle-blower AT&T technician Mark Klein says his effort to reveal alleged government surveillance of domestic Internet traffic was blocked not only by U.S. intelligence officials but also by the top editors of the Los Angeles Times. In his first broadcast interview, which can be seen tonight on World News and Nightline, Klein describes how he stumbled across "secret NSA rooms" being installed at an AT&T switching center in San Francisco and later heard of similar rooms in at least six other cities, including Atlanta, San Diego, Los Angeles, Palo Alto, San Jose and Seattle. "You needed an ordinary key and the code to punch into a key pad on the door, and the only person who had both of those things was the one guy cleared by the NSA," Klein says of the "secret room" at the AT&T center in San Francisco. The NSA is the National Security Agency, the country's most secretive intelligence agency, charged with intercepting communications overseas. Klein says he collected 120 pages of technical documents left around the San Francisco office showing how the NSA was installing "splitters" that would allow it to copy both domestic and international Internet traffic moving through AT&T connections with 16 other trunk lines. "It's gobs and gobs of information going across the Internet," Klein says. Att_secret_room_nr President Bush has acknowledged he authorized the NSA to intercept the communications of people with known links to terrorist organizations "into or out of the United States," but that "we're not trolling through the personal lives of millions of innocent Americans." Intelligence experts say the NSA has the means to filter out suspect communications with sophisticated machines that spot key words, names, addresses or patterns. Eventually, Klein says he decided to take his documents to the Los Angeles Times, to blow the whistle on what he calls "an illegal and Orwellian project." Click Here for Full Blotter Coverage. But after working for two months with LA Times reporter Joe Menn, Klein says he was told the story had been killed at the request of then-Director of National Intelligence John Negroponte and then-director of the NSA Gen. Michael Hayden. The Los Angeles Times' decision was made by the paper's editor at the time, Dean Baquet, now the Washington bureau chief of The New York Times. Baquet confirmed to ABCNews.com he talked with Negroponte and Hayden but says "government pressure played no role in my decision not to run the story." Baquet says he and managing editor Doug Frantz decided "we did not have a story, that we could not figure out what was going on" based on Klein's highly technical documents. The reporter, Menn, declined to comment, but Baquet says he knows "Joe disagreed and was very disappointed." Klein says he then took his AT&T documents to The New York Times, which published its exclusive account last April. As the new Washington bureau chief of The New York Times, Baquet now oversees the reporters who have broken most of the major stories involving the government surveillance program, often over objections from the government. After The New York Times story appeared, Klein filed an affidavit in a lawsuit against AT&T brought by a civil liberties group, Electronic Frontier Foundation. The NSA says it will not confirm or deny the existence or the purpose of the "secret rooms," but in a filing in the court case against AT&T, Negroponte formally invoked the "state secrets privilege," claiming the lawsuit and the information from Klein and others could "cause exceptionally grave damage to the national security of the United States." Klein says what he knows won't help terrorists. "The only people that are being kept in the dark is the American people who are being misled and not realizing, not being told that their private information, that their liberties are being destroyed and tramped on," he said. From rforno at infowarrior.org Tue Mar 6 17:10:16 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 06 Mar 2007 17:10:16 -0500 Subject: [Infowarrior] - Gadfly zeroes in on Oracle bugs Message-ID: CNET News.com http://www.news.com/ Gadfly zeroes in on Oracle bugs By Joris Evers http://news.com.com/Gadfly+zeroes+in+on+Oracle+bugs/2008-1002_3-6164785.html Story last modified Tue Mar 06 11:52:47 PST 2007 ARLINGTON, Va.--Don't even try to tell David Litchfield that Oracle is unbreakable. Litchfield, a noted bug hunter, has made it his mission to tell the world that database software is insecure--Oracle's database software in particular. Litchfield has been vocal in his criticism of Oracle, even calling for the resignation of Oracle Chief Security Officer Mary Ann Davidson. For too long, Oracle and its customers have stuck their heads in the sand when it comes to security, according to Litchfield. And Oracle has taken the wrong approach to address mounting security concerns, he argues. Litchfield, co-founder of Next Generation Security Software in the U.K., is on a crusade. In January he published The Oracle Hacker's Handbook. The book, according to its cover, offers readers a complete arsenal to assess and defend Oracle systems. While dissing Oracle, Litchfield is cheerleading for Microsoft. He has publicly stated that SQL Server 2005, the latest version of Microsoft's database software, is secure. This must hurt at Oracle, a Microsoft arch rival, which has already seen a significant piece of the database market go to the Redmond, Wash.-based software giant. When not hunting for bugs, Litchfield likes to go out with his two greyhounds, and he helps charities find homes for other canines. In fact, he is so passionate about his dogs that he dedicated The Oracle Hacker's Handbook to his wife and two girls, the girls being his greyhounds. At last week's Black Hat DC event, Litchfield discussed a new attack technique that increases the severity of certain vulnerabilities in Oracle's database software. He sat down with CNET News.com at the event to explain why such disclosures are necessary. Q: Why are you into database security? There's so much other software out there. Litchfield: Because that's where the crown jewels are for any organization. Every organization on this planet has a database and that's where the lifeblood of that organization exists. Where better to secure it than at the source. We can secure it at the perimeter, but with vulnerabilities like SQL injection, that security is completely undone. My relationship has gotten slightly better with Oracle and they understand that it's not so much a battle of wills. Despite having a firewall, despite having the Web server locked down, an SQL injection flaw in your Web app takes us all the way through to the back end of the database server. If that database is not using the principle of least privilege or is not fully patched, then we can gain full access to the database server and suck out all your data. The database has to be secured. The problem is that nobody has ever really dealt with the back end until recently. It has always been about securing the perimeter. Lately you have especially been looking closely at Oracle's databases. Is there a specific reason that you're looking at Oracle more than Microsoft or IBM? Litchfield: Yes. SQL Server 2005 is secure. (Microsoft has) solved the problem. Oracle is in the process of solving that problem. IBM, I have looked at DB2 and Informix and sent them a bunch of bugs, probably about 50, ranging from buffer overflows to privilege escalation issues. But IBM's security response was mature. In the most recent past, the Oracle security response was not so mature. They have been combative, as opposed to: "This guy is just trying to make our products more secure." But it is getting better. Oracle is beginning to understand that we're fighting on the same side, just from different perspectives. When a vendor like Oracle becomes more combative, you become more combative as well? Litchfield: I will. It is unfortunate that it happens that way, but if you have to defend yourself, then you should defend yourself. I would rather be working, like I do with Microsoft and IBM, with their security response team. We've got good relationships with Microsoft and IBM. What better way to get things done than have a good relationship, as opposed to sniping at each other from the gutter. My relationship has gotten slightly better with Oracle, and they understand that it's not so much a battle of wills. I'm trying to make them aware of these problems in their database because it affects me indirectly. If someone breaks into that database server and steals my information, then I'm paying for it, not Oracle. Some might think that it's some sort of an extortion game that's being played. Litchfield: I've never asked Oracle for money. If people think that, they are ill-informed. And Microsoft doesn't pay you to say SQL Server 2005 is secure. Litchfield: I'm not being paid by Microsoft to say they're secure, and if anyone is going find a bug in SQL Server 2005, it better be me. It would undermine my ability to be able to say in the future that a product is secure if bugs are found by anyone else. So, if there are bugs in SQL Server 2005, I hope I'm the one who finds them, and I'm looking. What's the business of NGS Software? Litchfield: There are three sides to the business. We sell tools to help assess your state of vulnerability and whether you're compliant with Sarbanes-Oxley, etc. We consult to a number of organizations, and we also do vulnerability research and sell that research. What types of organizations are your typical research customers? Litchfield: Government organizations, those who are responsible for critical national infrastructure and the protection thereof. We try to give them advance warning of security problems. We can tell them that there's a flaw in a particular product, along with a risk mitigation strategy. Even in the absence of a vendor-supplied patch, these systems will be protected. Security through ignorance really doesn't work because one person's ignorance is someone else's revenue stream. NGS has been growing over the past years. Where is the demand? Litchfield: It's mostly in consultancy, which is a bit of a shame because I set out to build a software company and we're more of a consultancy. That's one of my personal failures though and I've not given up. We will be a software company at some stage. What does a typical consultant do? Litchfield: He might do penetration tests, code reviews or threat modeling. It is not installing firewalls; our consultants do the high-end stuff. What is it that drives you to get up and do your job every day? Litchfield: Well, I'm good at it, and if you're good at something, you've got more drive to do. If I was a good painter, I would paint more, you know. But since I am crap, I don't bother doing that. I enjoy the work. Particularly the bug hunting part of it? Litchfield: Yes, it's just a question of analysis. If I were trying to subvert the system, how would I do it? The other reason is that it has an effect on everyone's lives. Now, it's not like I'm curing cancer, but I know that one database server tomorrow is going to be more secure because of something I did, and that means that, for example, more credit card numbers are safe that day. If people at Oracle say that you actually hurt security because of the disclosure of vulnerabilities, what do you say? Litchfield: They have a case. In certain cases it does raise the risk level, OK, and that's one of the major problems with this kind of work. However, in raising the risk level, people are more inclined to protect their systems. Now, as an example of this, I just put out that new attack method that allows an attacker without any special privileges to exploit flaws that were thought to be only exploitable by people with higher privileges. Now we know that that's not true, people have no reason to say they are not going to patch. Someone has, within day zero of me posting my new method, modified their exploits and posted them publicly to use my new methods. Those exploits now can be run by anyone. So, yes it has increased the risk. Back in August 2002, I presented some code that was then taken to form the basis of SQL Slammer. There was that initial raising of risk, but after that short-term pain, there are now more patched SQL Servers out there than there ever were before. The short-term risk has been raised for the long-term benefit, that's the way I look at it. If people like you weren't around, some might say we wouldn't know of any security risks and nobody would be exploiting them either. You don't think that's true? Litchfield: I don't think that's true. There are always going to be bad guys out there. If there aren't good guys working with the vendors to close these holes, then we'll be walking around with our head in the clouds thinking we're all secure when we're not. Security through ignorance really doesn't work because one person's ignorance is someone else's revenue stream. What makes you pull your hair out? Litchfield: When people say things like I'm increasing risk or doing it for selfish reasons. I'm not like that. But I can't always be the popular guy. I just wish there were fewer detractors. You published The Oracle Hacker's Handbook recently. What do you hope to achieve with the book? Litchfield: The Oracle security world is smug basically, and I'm trying to take that security blanket away from them. There are too many people out there who think that the Oracle product is secure and that they don't need to be doing anything. That's irresponsible, as far as I'm concerned. What would you like people to know you for? Litchfield: I would like to be the person who helped convince people that database security is important to look at. I would like to think that it's through my work, and obviously that of some of my peers in the industry, that we've helped shape the way security is dealt with at places like Oracle and Microsoft. Copyright ?1995-2007 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Tue Mar 6 23:07:16 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 06 Mar 2007 23:07:16 -0500 Subject: [Infowarrior] - Cybercrime Treaty: What it Means to You Message-ID: Cybercrime Treaty: What it Means to You March 6, 2007 By Larry Downes http://www.cioinsight.com/print_article2/0,1217,a=202430,00.asp Cybercrime is getting cheaper all the time, as shady characters sell tools to help criminals spam, phish, hack and crash. And a new treaty ratified by the U.S. Senate could wind up passing the costs of combating cybercrime directly to American businesses. >From an economic standpoint, when the cost of crime goes down, frequency goes up. How does the legal system fight back? One way is to increase enforcement and catch more people. But when it comes to cybercrime, no one really expects law enforcement to keep up technologically with criminals?it's an arms race the criminals keep winning. An alternative is to raise the penalties, in hopes of deterring criminals who weigh the benefits of committing their crimes against the risk of getting caught. In that vein, in August the Senate ratified the Convention on Cybercrime, drafted by the Council of Europe with considerable input from the United States. So far, 43 nations have signed on. The Convention includes many sensible provisions aimed at unifying global computer-crime laws, and closes loopholes that make it possible for criminals to escape prosecution by locating their activities offshore. But civil libertarians, along with leading telecommunications companies, strongly oppose the treaty. Civil libertarians are especially concerned about the sweeping authority given to participating countries to seize information from private parties as they investigate cybercrimes, even when the activity being investigated isn't a crime in the country where the data is located. If France is investigating a sale of Nazi memorabilia on eBay, the U.S. must cooperate, even though such transactions are not illegal in the U.S. Telecommunications companies object to provisions that require member countries to establish and enforce potent data-retention policies for network traffic, and require any operator of a computer network to respond to requests for information from any participating country without compensation of any kind. These are potentially serious problems, especially given that the Convention is open to any country that wants to join. But there are more practical reasons U.S. businesses should be concerned. The provisions for data retention and production apply to any operator of a computer network, not just telecoms. Worse, Article 12 attaches liability to businesses for "lack of supervision or control" of employees who commit criminal offenses covered by the Convention. Businesses must worry about employee activities that may be legal here, but illegal elsewhere, risking administrative, civil, or even criminal penalties. These investigative and supervision costs will invariably be imposed on businesses without any real controls. Worldwide law-enforcement agencies, in other words, may now avail themselves of the opportunity to outsource their most expensive problems to you. The Convention may improve the cybercrime-and-punishment equation in favor of deterrence. But it's also added some new variables and possibly irrational numbers. Of the economic, not mathematical, kind. Copyright (c) 2007 Ziff Davis Media Inc. All Rights Reserved. From rforno at infowarrior.org Tue Mar 6 23:20:42 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 06 Mar 2007 23:20:42 -0500 Subject: [Infowarrior] - Satire: Apple unveils new product-unveiling product Message-ID: Satire: Apple unveils new product-unveiling product Steve Jobs reveals highly anticipated product he says will revolutionize product shows and make product-touting CEOs obsolete. The Onion By The Onion Staff Published: March 6, 2007, 5:55 PM PST http://news.com.com/2100-1040_3-6164984.html?part=rss&tag=2547-1_3-0-20&subj =news In an effort to add some levity to your daily dose of technology news, CNET News.com has teamed with the humorists at The Onion. We hope you enjoy the diversion. SAN FRANCISCO--At a highly anticipated media event Tuesday at San Francisco's Moscone Center, Apple CEO Steve Jobs introduced a new Apple product he said would "revolutionize" the process of unveiling new products throughout the world. "In 1984, Apple introduced the Mac," Jobs said to an overflowing crowd as an image of the first Macintosh computer was displayed on a giant screen behind him. "We changed the face of the music industry with the first iPod in 2001. And in January, we showed off the revolutionary new iPhone. Today, Apple is releasing a piece of innovative new technology that will forever change the way innovative new technology is released." The iLaunch, as the new product is called, was then raised up from below the stage, prompting the audience of technology journalists, developers and self-professed "Apple fanatics" to burst into a five-minute standing ovation. "Get ready for the future of product introduction," said Jobs, looking resplendent in a black turtleneck and faded jeans. "The iLaunch will be able to make announcements from this, or any other stage, making human participation in generating consumer awareness almost entirely unnecessary." The iLaunch runs Keynote-formatted presentations in high definition through a built-in projector while displaying a 3D rotating image of the product. Voice-recognition software, Apple's most advanced to date, can recite a speech highlighting the features of the device while injecting several clever digs at competitors. Should a product demonstration experience a glitch or malfunction, the iLaunch boasts a complex algorithm that can automatically produce humorous and distracting quips. Described in its patent filing as a "hype-generating mechanism with fully integrated Mac compatibility," the iLaunch is powered by Intel dual-core processors optimized to calculate a product's gravitas. Apple claims the iLaunch can garner the same amount of press attention as a major scientific discovery, high-court ruling, celebrity meltdown, or natural disaster at 200 times the speed of a traditional media-fostered launch. "If you want to condition the public to liken your product to the telephone and the internal combustion engine in importance, that's now possible with iLaunch," Jobs said. "And it's so easy, even an intern can use it." According to Jobs, the innovative iLaunch not only makes product launching infinitely easier, it could forever change corporate structure itself. "For too long, hands-on, maverick CEOs have devoted their valuable time to strutting around on stage and breathlessly describing the features of their new products, in the process encouraging cults of personality that could have a detrimental long-term effect on their companies," Jobs said. "Apple's goal within the next 12 months is to make me totally obsolete." This comment earned the Apple CEO another, slightly longer, standing ovation. As his presentation wound down, Jobs said there was "one more thing" he wanted to mention: the iLaunch automatically saves a significant, salient product feature for the end of a presentation, to surprise and delight audiences. "Do you want to know what the surprise of this unveiling is?" said Jobs to the eagerly nodding crowd. "The iLaunch itself generated this entire presentation, as well as this very surprise." Even amid fevered speculation, Apple was typically mum before the launch product's launch, and Mac rumor Web sites failed to predict any major details about the new offering, other than the fact that it was going to "change everything" and "be huge." Post-launch reaction has been even more ecstatic. "Before today, I couldn't imagine paying $12,000 for a product-unveiling product," CNET editor Jasmine France said after the presentation. "Now I can't imagine living without it." Shortly after Jobs' address, Microsoft announced that they are working on a similar product, the Launch-O, due to debut in 2009. ? 2007 The Onion. All rights reserved. From rforno at infowarrior.org Wed Mar 7 07:43:54 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 07 Mar 2007 07:43:54 -0500 Subject: [Infowarrior] - DHS: Public Meeting on National ID Card Message-ID: [Federal Register: March 6, 2007 (Volume 72, Number 43)] [Notices] [Page 9958-9959] >From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr06mr07-66] ----------------------------------------------------------------------- DEPARTMENT OF HOMELAND SECURITY Office of the Secretary [DHS-2007-0008] Data Privacy and Integrity Advisory Committee AGENCY: Office of the Secretary, Department of Homeland Security. ACTION: Notice of Federal Advisory Committee meeting. ----------------------------------------------------------------------- SUMMARY: The Data Privacy and Integrity Advisory Committee will meet on March 21, 2007 in Washington, DC. This meeting will be open to the public. DATES: The Data Privacy and Integrity Advisory Committee will meet on Wednesday, March 21, 2007 from 9 a.m. to 12:30 p.m. and 2:15 p.m. to 3:30 p.m. Please note that the meeting may close early if the committee has completed its business. ADDRESSES: The meeting will be held at the Crowne Plaza Washington National Airport, 1480 Crystal Drive, Arlington, Virginia. Send written material, comments, and requests to make oral presentations to Rebecca J. Richards, Executive Director, Data Privacy and Integrity Advisory Committee, Department of Homeland Security, Washington, DC 20528. Written materials, comments, and requests to make oral presentations at the meeting should reach the contact person listed by March 16, 2007. Requests to have a copy of your material distributed to each member of the committee prior to [[Page 9959]] the meeting should reach the persons listed under FOR FURTHER INFORMATION CONTACT, below, by March 16, 2007. Persons wishing to make comments or who are unable to attend or speak at the meeting may submit comments at any time. All submissions received must include the docket number: DHS-2007-0008 and may be submitted by any one of the following methods: Federal Rulemaking Portal: http://www.regulations.gov. Follow instructions for submitting comments on the Web site. E-mail: PrivacyCommittee at dhs.gov. Include docket number in the subject line of the message. Fax: (866) 466-5370. Mail: Ms. Rebecca J. Richards, Executive Director, Data Privacy and Integrity Advisory Committee, Department of Homeland Security, Washington, DC 20528. Instructions: All submissions received must include the words ``Department of Homeland Security Data Privacy and Integrity Advisory Committee'' and the docket number: DHS-2007-0008. Comments received will also be posted without alteration at http://www.regulations.gov, including any personal information provided. Docket: For access to the docket to read background documents or comments received by the DHS Data Privacy and Integrity Committee, go to http://www.regulations.gov. FOR FURTHER INFORMATION CONTACT: Hugo Teufel III, Chief Privacy Officer, or Rebecca J. Richards, Executive Director, Data Privacy and Integrity Advisory Committee, Department of Homeland Security, Washington, DC 20528, by telephone (571) 227-3813, by fax (571) 227- 4171, or by e-mail PrivacyCommittee at dhs.gov. SUPPLEMENTARY INFORMATION: Notice of this meeting is given under the Federal Advisory Committee Act, 5 U.S.C. App. (Pub. L. 92-463). During the meeting, the DHS Chief Privacy Officer will provide an update on the activities of the DHS Privacy Office. In the morning and afternoon sessions, invited speakers will discuss policy development, data integrity, and IT transformation at DHS, as well as DHS' plans to implement the REAL ID Act. The Subcommittees will update the Committee on the work currently being conducted. A tentative agenda has been posted on the Privacy Advisory Committee Web site at http://www.dhs.gov/privacy . At the discretion of the Chair, members of the public may make brief (i.e., no more than three minutes) oral presentations from 4 p.m.-4:30 p.m. If you would like to make an oral presentation at the meeting, please register in advance or sign up on the day of the meeting. If you would like a copy of your material(s) distributed to each member of the committee in advance, please submit 22 copies to Rebecca J. Richards by March 16, 2007. Information on Services for Individuals With Disabilities For information on facilities or services for individuals with disabilities or to request special assistance at the meeting, contact Rebecca J. Richards as soon as possible. Dated: February 28, 2007. Kenneth Mortensen, Acting Chief Privacy Officer. [FR Doc. 07-1008 Filed 3-5-07; 8:45 am] BILLING CODE 4410-10-P From rforno at infowarrior.org Wed Mar 7 14:46:30 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 07 Mar 2007 14:46:30 -0500 Subject: [Infowarrior] - Microsoft WGA Phones Home Even When Told No Message-ID: Heise online reports on a very interesting action Microsoft is taking during the installation of WGA. When you start WGA setup and get to the license agreement page but decided NOT to install the highly controversial WGA component and cancel the installation, the setup program will send your info and the fact that you choose not to install WGA back to their servers. In addition to that it seems that the setup program send some information stored in your registry to http://genuine.microsoft.com/. While it does not specifically identify the user, it looks like it does send some identification of your computer and Windows version (see picture) to Microsoft servers. < - > http://www.aviransplace.com/2007/03/07/wga-reports-back-to-ms-even-if-you-ch oose-not-to-install/ From rforno at infowarrior.org Wed Mar 7 15:41:07 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 07 Mar 2007 15:41:07 -0500 Subject: [Infowarrior] - FAA May Ditch Microsoft For Google And Linux Message-ID: FAA May Ditch Microsoft's Windows Vista And Office For Google And Linux FAA chief information officer David Bowen said he's taking a close look at the Premier Edition of Google Apps as he mulls replacements for the agency's Windows XP-based desktop computers and laptops. http://www.informationweek.com/news/showArticle.jhtml?articleID=197800480 By Paul McDougall InformationWeek March 6, 2007 11:00 AM March is coming in like a lion for Microsoft's public sector business. Days after InformationWeek reported that the Department of Transportation has placed a moratorium on upgrades to Windows Vista, Office 2007, and Internet Explorer 7, the top technology official at the Federal Aviation Administration revealed that he is considering a permanent ban on the Microsoft software in favor of a combination of Google's new online business applications running on Linux-based hardware. In an interview, FAA chief information officer David Bowen said he's taking a close look at the Premier Edition of Google Apps as he mulls replacements for the agency's Windows XP-based desktop computers and laptops. Bowen cited several reasons why he finds Google Apps attractive. "It's a different sort of computing strategy," he said. "It takes the desktop out of the way so you're running a very thin client. From a security and management standpoint that would have some advantages." Google launched Google Apps Premier Edition last month at a price of $50 per user, per year. It features online e-mail, calendaring, messaging, and talk applications, as well as a word processor and a spreadsheet. The launch followed Google's introduction of a similar suite aimed at consumers in August. The new Premier Edition, however, offers enhancements, including 24x7 support, aimed squarely at corporate and government environments. Bowen said he's in talks with the aviation safety agency's main hardware supplier, Dell Computer, to determine if it could deliver Linux-based computers capable of accessing Google Apps through a non-Microsoft browser once the FAA's XP-based computers pass their shelf life. "We have discussions going on with Dell," Bowen said. "We're trying to figure out what our roadmap will be after we're no longer able to acquire Windows XP." Bowen, however, said he has not definitely ruled out an FAA-wide upgrade to Windows Vista and related software -- if Microsoft can satisfy his concerns over compatibility with the agency's existing applications and demonstrate why such a move would make financial sense given Google Apps's low price. "We have a trip to Microsoft scheduled for later this month," said Bowen. Like the Department of Transportation, the FAA -- technically under DOT but managed separately -- has its own moratorium in place on upgrades to Windows Vista, Internet Explorer 7, and Microsoft Office 2007. Among other things, Bowen said the FAA's copies of IBM's Lotus Notes software don't work properly on test PCs running Windows Vista. Bowen's compatibility concerns, combined with the potential cost of upgrading the FAA's 45,000 workers to Microsoft's next-generation desktop environment, could make the moratorium permanent. "We're considering the cost to deploy [Windows Vista] in our organization. But when you consider the incompatibilities, and the fact that we haven't seen much in the way of documented business value, we felt that we needed to do a lot more study," said Bowen. Because of Google Apps' sudden entry into the desktop productivity market, what once would have been a routine decision at the FAA to eventually upgrade to Microsoft's latest software is now firmly up in the air. With similar debates doubtless playing out at other government agencies -- and in the private sector -- Microsoft is going to have to work a lot harder than in past years convincing customers to follow its well worn path of new releases and follow-on patches. From rforno at infowarrior.org Wed Mar 7 19:28:11 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 07 Mar 2007 19:28:11 -0500 Subject: [Infowarrior] - C-SPAN liberalizes its copyright policy Message-ID: http://www.c-span.org/about/press/release.asp?code=video PRESS RELEASE FOR IMMEDIATE RELEASE Contact: Jennifer Moire (202) 626-8797 jmoire at c-span.org C-SPAN TAKES LEAD IN MAKING VIDEO OF CONGRESSIONAL HEARINGS, WHITE HOUSE AND OTHER FEDERAL EVENTS MORE WIDELY AVAILABLE TO THE ONLINE COMMUNITY Cable Network Introduces New Copyright Policy and Expanded Capitol Hearings Website WASHINGTON (Wednesday, March 7, 2007) - Advancing its longstanding mission of bringing government closer to the people, C-SPAN announced today two major initiatives designed to greatly expand citizen access to its online video of federal government activities, such as congressional hearings, agency briefings, and White House events. These actions are intended to meet the growing demand for video about the federal government and Congress, in an age of explosive growth of video file sharers, bloggers, and online 'citizen journalists.' The policy change is effective immediately. ? C-SPAN is introducing a liberalized copyright policy for current, future, and past coverage of any official events sponsored by Congress and any federal agency-- about half of all programming offered on the C-SPAN television networks--which will allow non-commercial copying, sharing, and posting of C-SPAN video on the Internet, with attribution. ? In addition, C-SPAN also announced plans to significantly build out its capitolhearings.org website as a one-stop resource for Congressionally-produced webcasts of House and Senate committee and subcommittee hearings. C-SPAN Executive Committee Chairman William J. Bresnan, CEO of Bresnan Communications said that the network's directors enthusiastically endorsed the copyright policy liberalization. "The C-SPAN board sees this as helping us carry out C-SPAN's public service mission,' he said. "The cable industry created this network to allow citizens greater access to their government and this enhancement appropriately reflects the rapid changes in the online information world." "Giving voice to the average citizen has been a centerpiece of C-SPAN's journalism since our network's founding in 1979," said, Rob Kennedy, C-SPAN president and co-COO. "As technology advances, we want to continue to be a leader in providing citizens with the tools to be active participants in the democratic process." The new C-SPAN policy borrows from the approach to copyright known in the online community as "Creative Commons." Examples of events included under C-SPAN's new expanded policy include all congressional hearings and press briefings, federal agency hearings, and presidential events at the White House. C-SPAN's copyright policy will not change for the network's studio productions, all non-federal events, campaign and political event coverage, and the network's feature programming, such as Book TV and original history series. Capitolhearings.org was launched in 2001 as a public service to aggregate the Congressionally-produced live audio streams of Senate hearings. The initial build-out of the site will incorporate the rapidly increasing webcasts of House committee and subcommittee hearings. ABOUT C-SPAN C-SPAN, the political network of record, was created in 1979 by America's cable companies as a public service. C-SPAN is currently available in more than 90 million households, C-SPAN2 in more than 82 million households and C-SPAN3 in over 12 million households nationwide. For more information about C-SPAN, visit its website at www.c-span.org. From rforno at infowarrior.org Wed Mar 7 20:45:07 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 07 Mar 2007 20:45:07 -0500 Subject: [Infowarrior] - RIAA wins, everybody else loses In-Reply-To: Message-ID: ------ Forwarded Message From: DAN At 7:28 PM -0500 3/7/07, Richard Forno wrote: >Subject: [Infowarrior] - C-SPAN liberalizes its copyright policy Just as this happens, the Library of Congress has decided that non-profit internet streaming music services (such as any or all college music radio) will have to pay royalties. This has the potential to be disastrous for internet radio. For me personally it means that I will no longer be able to listen to some of my favorite radio because I am out of their radio signal range. It also means that worldwide listeners to eclectic streams will be out of luck. From rforno at infowarrior.org Thu Mar 8 09:19:33 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 08 Mar 2007 09:19:33 -0500 Subject: [Infowarrior] - Israel unveils portable hunter-killer robot Message-ID: Israel unveils portable hunter-killer robot Thu Mar 8, 2007 5:31 AM ET JERUSALEM (Reuters) - An Israeli defense firm on Thursday unveiled a portable robot billed as being capable of entering most combat zones alone and engaging enemies with an onboard armory that includes a machine-pistol and grenades. The VIPeR, roughly the size of a small television, was invented as part of Israel's efforts to develop weaponry that could reduce the risks to its forces from hand-to-hand fighting against Palestinian or Lebanese Hezbollah guerrillas. The manufacturer, Elbit Systems Ltd., said that the VIPeR's small size and dual treads enable it to move "undeterred by stairs, rubble, dark alleys, caves or narrow tunnels". As well as bomb-sniffing and bomb disposal equipment, the VIPeR can carry an Uzi machine-pistol or plant a grenade. The weapons would be aimed using an onboard video camera. According to Elbit, which has close links with the Defense Ministry, Israel plans to deploy the VIPeR among its infantry units after field tests. The robot could also be of interest to foreign police units or U.S. forces in Iraq and Afghanistan. http://today.reuters.com/news/articlenews.aspx?type=technologyNews&storyid=2 007-03-08T103103Z_01_L08481636_RTRUKOC_0_US-ISRAEL-ROBOT.xml&src=rss&rpc=22 From rforno at infowarrior.org Thu Mar 8 12:51:22 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 08 Mar 2007 12:51:22 -0500 Subject: [Infowarrior] - Homeland Security revives supersnoop Message-ID: Homeland Security revives supersnoop By Audrey Hudson THE WASHINGTON TIMES Published March 8, 2007 Homeland Security officials are testing a supersnoop computer system that sifts through personal information on U.S. citizens to detect possible terrorist attacks, prompting concerns from lawmakers who have called for investigations. The system uses the same data-mining process that was developed by the Pentagon's Total Information Awareness (TIA) project that was banned by Congress in 2003 because of vast privacy violations. A Government Accountability Office (GAO) investigation of the project called ADVISE -- Analysis, Dissemination, Visualization, Insight and Semantic Enhancement -- was requested by Rep. David R. Obey, Wisconsin Democrat and chairman of the House Appropriations Committee. The investigation focuses on whether the program violates privacy laws, and the findings will be released after completion of the Iraq war supplemental spending bill, possibly as early as this week, a panel aide said. The ADVISE and TIA data-mining projects rely on personal data to track individual behavior and consumer transactions to develop computer algorithms that create a pattern that some behavioral scientists say can predict terrorist behavior. Data can include credit-card purchases, telephone or Internet details, medical records, travel and banking information. Privacy concerns prompted lawmakers on both sides of the aisle to introduce legislation in January to require that government agencies disclose data-mining practices in regular reports to Congress. "A serious discussion on the implications of data-mining programs is long overdue," Sen. Russ Feingold, Wisconsin Democrat and a sponsor of the bill, said yesterday. Sen. John E. Sununu, New Hampshire Republican, is also a bill sponsor. "Many Americans are understandably concerned about the idea of secret government programs analyzing their personal information. Congress needs to know more about the operational aspects and privacy implications of data-mining programs before these programs are allowed to go forward," Mr. Feingold said. A spokesman for the Department of Homeland Security did not return a call for comment. Congress also tucked language inside Homeland Security's spending bill in September requiring an investigation by the agency's inspector general, but allowed $40 million in funding to go forward in this year's budget. "The ADVISE program is designed to extract relationships and correlations from large amounts of data to produce actionable intelligence on terrorists," the spending bill said. "A prototype is currently available to analysts in Intelligence and Analysis using departmental and other data, including some on U.S. citizens." According to a Congressional Research Service (CRS) report in March 2003, TIA planned "to use data mining technologies to sift through personal transactions in electronic data to find patterns and associations connected to terrorist threats and activities." "Recent increased awareness about the existence of the TIA project provoked expressions of concern about the potential for the invasion of privacy of law-abiding citizens by the government, and about the direction of the project by John Poindexter, a central figure in the Iran-Contra affair," the CRS report said. "While the law enforcement and intelligence communities argue that more sophisticated information gathering techniques are essential to combat today's sophisticated terrorists, civil libertarians worry that the government's increased capability to assemble information will result in increased and unchecked government power, and the erosion of individual privacy," the report said. ADVISE was initiated in 2003 following the demise of the TIA project. The new system includes data-mining tools to digest "massive quantities of information from many different sources" to find "hidden relationships in the data," according to a 2004 report by Sandia National Laboratories and Lawrence Livermore National Laboratory on a Homeland Security workshop that outlined this and other technology under development. The technology is expected to analyze more than 3 million "relationships" or connections per hour, says the report, which included an example of how friends, family members, locations and workplaces can be linked by pinging the data http://washingtontimes.com/functions/print.php?StoryID=20070308-124323-4382r From rforno at infowarrior.org Thu Mar 8 19:25:49 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 08 Mar 2007 19:25:49 -0500 Subject: [Infowarrior] - Idaho rejects REAL ID In-Reply-To: Message-ID: (c.o IP) ------ Forwarded Message From: David Farber Begin forwarded message: From: "Stanley, Jay" Date: March 8, 2007 3:30:35 PM EST To: dave at farber.net Subject: Real ID update Dave, Idaho opted out of Real ID today, becoming the second state to say "no thanks," along with Maine. And there are a lot of other states moving in the same direction (we have a map that tracks them online at http://www.realnightmare.org/news/105/). This is important because the whole point of Real ID is to have a uniform national identity document, and when even a few states reject it, the whole concept falls apart. When DHS issued its regulations last week it made a lot of noise about granting an extension for compliance with Real ID. But apparently that hasn't slowed down the rebellion in the states. We've actually seen a lot of action in the states in just the last week. Also we issued an ACLU Real ID "Scorecard" this morning summarizing our analysis of the new regulations. We listed every issue with Real ID that we could find and systematically looked at how many of those problems have been addressed by the regs. The answer: very few (9% to be exact). The Scorecard is also on our Real ID site at www.realnightmare.org - Jay ~~~~~~~~~~~ Jay Stanley Public Education Director, Technology and Liberty Project ACLU 202-715-0818 (office) 202-222-8398 (mobile) From rforno at infowarrior.org Thu Mar 8 23:30:22 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 08 Mar 2007 23:30:22 -0500 Subject: [Infowarrior] - Report Says FBI Violated Patriot Act Guidelines Message-ID: Exclusive: Report Says FBI Violated Patriot Act Guidelines March 08, 2007 8:26 PM Brian Ross and Vic Walter Report: http://blogs.abcnews.com/theblotter/2007/03/exclusive_repor.html The FBI repeatedly failed to follow the strict guidelines of the Patriot Act when its agents took advantage of a new provision allowing the FBI to obtain phone and financial records without a court order, according to a report to be made public Friday by the Justice Department's Inspector General. The report, in classified and unclassified versions, remains closely held, but Washington officials who have seen it tell ABC News it documents "numerous lapses" and describe it as "scathing" and "not a pretty picture for the FBI." FBI Director Robert Mueller is scheduled to brief Congress on the report at noon. The officials say the inspector general found the FBI underreported by at least 20 percent the use of the controversial provision, known as National Security Letters, NSLs, in required disclosures to Congress. The Patriot Act gave FBI agents the ability to demand telephone, bank, credit card and library records by issuing an administrative letter, bypassing the need to seek a warrant from a federal judge. Civil liberties groups have long opposed the provision, saying the lack of oversight could lead to the kinds of problems apparently uncovered by the inspector general. In a report last year, the Justice Department said there were 9,254 NSL requests on 3,501 persons in the calendar year 2005. Some officials say the actual number is substantially higher. The inspector general's report reportedly found "systemic" failures in the issuance, tracking and accountability of the controversial NSLs, although a Justice Department official said there was no finding of "willful or criminal misconduct." FBI officials said they could not comment until the report was made public but said the FBI welcomed the findings because several of the reported problems were unknown to senior management. "Expect a weekend firestorm," said one Justice Department official. From rforno at infowarrior.org Thu Mar 8 23:32:15 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 08 Mar 2007 23:32:15 -0500 Subject: [Infowarrior] - DNS Attack Factsheet (ICANN Report from 6 Feb Event) Message-ID: DNS Attack Factsheet 8 March 2007 Download the DNS attack factsheet here [PDF, 289K]. ICANN has today released a factsheet concerning the recent attack on the root server system on 6 February 2007. The factsheet is intended to provide an explanation of the attack for a non-technical audience in the hope of enlarging public understanding surrounding this and related issues. Aside from covering the attack itself and the engineers' response to it, the factsheet also briefly reviews the root server system, the domain name system, Anycast technology, and what can be done in order to deal with such attacks in future. It is hoped that the factsheet will be the first in a series, with ICANN's general manager of public participation, Kieren McCarthy, acting as series editor. Future factsheets hope to follow a similar approach of providing clear and topical non-technical information about various aspects of the Internet in which ICANN is involved. http://icann.org/announcements/announcement-08mar07.htm From rforno at infowarrior.org Fri Mar 9 08:18:41 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 09 Mar 2007 08:18:41 -0500 Subject: [Infowarrior] - Frequent Errors In FBI's Secret Records Requests Message-ID: Frequent Errors In FBI's Secret Records Requests Audit Finds Possible Rule Violations By John Solomon and Barton Gellman Washington Post Staff Writers Friday, March 9, 2007; A01 http://www.washingtonpost.com/wp-dyn/content/article/2007/03/08/AR2007030802 356_pf.html A Justice Department investigation has found pervasive errors in the FBI's use of its power to secretly demand telephone, e-mail and financial records in national security cases, officials with access to the report said yesterday. The inspector general's audit found 22 possible breaches of internal FBI and Justice Department regulations -- some of which were potential violations of law -- in a sampling of 293 "national security letters." The letters were used by the FBI to obtain the personal records of U.S. residents or visitors between 2003 and 2005. The FBI identified 26 potential violations in other cases. Officials said they could not be sure of the scope of the violations but suggested they could be more widespread, though not deliberate. In nearly a quarter of the case files Inspector General Glenn A. Fine reviewed, he found previously unreported potential violations. The use of national security letters has grown exponentially since the Sept. 11, 2001, attacks. In 2005 alone, the audit found, the FBI issued more than 19,000 such letters, amounting to 47,000 separate requests for information. The letters enable an FBI field office to compel the release of private information without the authority of a grand jury or judge. The USA Patriot Act, enacted after the 2001 attacks, eliminated the requirement that the FBI show "specific and articulable" reasons to believe that the records it demands belong to a foreign intelligence agent or terrorist. That law, and Bush administration guidelines for its use, transformed national security letters by permitting clandestine scrutiny of U.S. residents and visitors who are not alleged to be terrorists or spies. Now the bureau needs only to certify that the records are "sought for" or "relevant to" an investigation "to protect against international terrorism or clandestine intelligence activities." According to three officials with access to the report, Fine said the possible violations he discovered did not "manifest deliberate attempts to circumvent statutory limitations or departmental policies." But Fine found that FBI agents used national security letters without citing an authorized investigation, claimed "exigent" circumstances that did not exist in demanding information and did not have adequate documentation to justify the issuance of letters. In at least two cases, the officials said, Fine found that the FBI obtained full credit reports using a national security letter that could lawfully be employed to obtain only summary information. In an unknown number of other cases, third parties such as telephone companies, banks and Internet providers responded to national security letters with detailed personal information about customers that the letters do not permit to be released. The FBI "sequestered" that information, a law enforcement official said last night, but did not destroy it. Alan Raul, vice chairman of the White House Privacy and Civil Liberties Oversight Board and a former Reagan White House lawyer , said in an interview that the Bush administration has asked the board to review and recommend changes in the FBI's use of national security letters. "The processes seem to be seriously in need of tune-up," Raul said. "We hope to play a role in helping the FBI get to where it knows it needs to be." Lanny Davis, another board member and a former attorney in the Clinton White House , said his recent briefing by the FBI left him "very concerned about what I regard to be serious potential infringements of privacy and civil liberties by the FBI and their use of national security letters. It is my impression that they too regard this as very serious." Fine's audit, which was limited to 77 case files in four FBI field offices, found that those offices did not even generate accurate counts of the national security letters they issued, omitting about one in five letters from the reports they sent to headquarters in Washington. Those inaccurate numbers, in turn, were used as the basis for required reports to Congress. Officials said they believe that the 48 known problems may be the tip of the iceberg in an internal oversight system that one of them described as "shoddy." The report identified several instances in which the FBI used a tool known as "exigent letters" to obtain information urgently, promising that the requests would be covered later by grand jury subpoenas or national security letters. In several of those cases, the subpoenas were never sent, the review found. The review also found several instances in which agents claimed there were exigent circumstances when none existed. The FBI recently ended the practice of using exigent letters in national security cases, officials said last night. The report, mandated by Congress over the Bush administration's objections, is to be presented to several House and Senate committees today. But senior officials, speaking with permission on the condition that they not be identified, said the Bush administration has already responded vigorously to the audit's findings. Attorney General Alberto R. Gonzales learned of the findings three weeks ago and "was incensed when he was told the contents of the report," according to a Justice Department official. "The attorney general commends the work of the inspector general in uncovering serious problems in the FBI's use of NSLs," said Tasia Scolinos, a spokeswoman for Gonzales. "He has told [FBI Director Robert S. Mueller III] that these past mistakes will not be tolerated, and has ordered the FBI and the department to restore accountability and to put in place safeguards to ensure greater oversight and controls over the use of national security letters." FBI and Justice Department officials have long described national security letters as an indispensable tool in combating terrorism, and Fine's report, according to one official who cited excerpts, said investigators told the inspector general that the letters "contributed significantly to many counterterrorism and counterintelligence investigations." Fine did not make an independent assessment of the efficacy of the letters as investigative tools. FBI procedures require that any possible violation of law or regulation on national security letters be reported to the President's Intelligence Oversight Board within 14 days of discovery. Of the 26 breaches it discovered before Fine's review, the FBI referred 19 to the oversight board. Among the responses officials highlighted last night is a tracking database under development by the FBI to ensure that its accounting of national security letters is accurate. One official said the FBI would begin deployment of the system in four of its 56 field offices by the end of the year. Meanwhile, the official said, each office will be required to "hand count" the numbers every month. Gonzales, officials said, has ordered the department's national security division and inspections division to begin audits next month of a sampling of national security letters in every field office. About 15 offices should be audited by the end of the year, the official said. Gonzales has also ordered that he chief counsel of every field office personally sign off on every national security letter, a practice that has been encouraged but not required until now. The office of Director of National Intelligence Mike McConnell has established a working group to consider how much of the information gathered by national security letters should be retained and whether any of it should be purged. After the Patriot Act was passed, the Bush administration eliminated the FBI's requirement that irrelevant personal information from case files be discarded after cases are closed. Mueller has ordered improved training of agents involved in national security cases and better record-keeping. Last May, changes began with the fixing of databases. A senior group of FBI inspectors has been asked to review the conduct of agents and their supervisors to determine if any should be disciplined for mistakes. From rforno at infowarrior.org Fri Mar 9 08:31:36 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 09 Mar 2007 08:31:36 -0500 Subject: [Infowarrior] - Microsoft admits WGA update phones home Message-ID: Microsoft admits WGA update phones home http://www.theregister.co.uk/2007/03/09/ms_wga_phones_home/ By John Oates ? More by this author Published Friday 9th March 2007 10:23 GMT Interested in this story? Receive others like it on your desktop as they break. Microsoft has admitted that the latest update to its Windows Genuine Advantage program will phone back to Redmond even if the user clicks cancel. WGA is meant to help Redmond fight piracy, but has been criticised on privacy grounds and because previous versions have incorrectly labelled people with genuine software as pirates. But if you cancel the installation of WGA, maybe because you dislike the privacy implications, the software will still phone home. Microsoft stresses that WGA does not take any information which could identify you as an individual, but is only used to collate statistics on WGA use. Microsoft UK anti-piracy manager Michala Alexander said in a statement: The data collection and transfer in question are part of some of our update download services, such as the Windows Update service. As with other programs downloaded via these services, the success or failure of WGA Notifications' installation is sent to Microsoft. If the user interrupts installation of WGA Notifications, we send the number of the screen on which installation stopped (first, second, etc.). In order to establish an accurate count, we also generate several globally unique identifiers (GUIDs) that do not contain any personal information. We use the GUIDs to tally the number of individual machines without identifying the user. Other data sent includes user and machine language settings and whether or not the machine was joined to a domain. We use the information collected to generate aggregate statistics that help us improve the WGA user experience and quality of service. Protecting the privacy of our customer's information is very important to Microsoft. That is why we have detailed what information is collected in the Windows Update privacy statement. In addition, the Microsoft Genuine Advantage privacy statement and the Windows Genuine Advantage Notifications End User License Agreement describe this data collection. As documented in these disclosures, the information collected is not used to identify or contact the user. From rforno at infowarrior.org Fri Mar 9 09:14:06 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 09 Mar 2007 09:14:06 -0500 Subject: [Infowarrior] - NY Mag: Generational Privacy Message-ID: (c/o Schneier's blog) Say Everything As younger people reveal their private lives on the Internet, the older generation looks on with alarm and misapprehension not seen since the early days of rock and roll. The future belongs to the uninhibited. < - > http://nymag.com/news/features/27341/ From rforno at infowarrior.org Fri Mar 9 11:06:01 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 09 Mar 2007 11:06:01 -0500 Subject: [Infowarrior] - Congratulations to Sourcefire.... Message-ID: ...for their successful IPO this morning! -rf Sourcefire IPO opens flat, rises in market debut Fri Mar 9, 2007 10:54am E NEW YORK, March 9 (Reuters) - Shares of network security software maker Sourcefire Inc. (FIRE.O: Quote, Profile , Research) on Friday opened flat but then rose in their U.S. market debut, a day after shares priced at the top of a forecast range. Shares of the company opened at $15 and climbed over 5 percent to $15.78 in morning trading on the Nasdaq. On Thursday, the 5.77 million share initial public offering sold for $15 per share, compared with a $12 to $14 forecast, raising $71.8 million. Led by Morgan Stanley & Co. Inc. and Lehman Brothers Inc., underwriters have the option to buy an additional 865,500 shares to cover over-allotments. http://yahoo.reuters.com/news/articlehybrid.aspx?storyID=urn:newsml:reuters. com:20070309:MTFH45879_2007-03-09_15-53-58_N09464683&type=comktNews&rpc=44 From rforno at infowarrior.org Fri Mar 9 11:12:04 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 09 Mar 2007 11:12:04 -0500 Subject: [Infowarrior] - Bugging Out on Homeland Security Message-ID: Bugging Out on Homeland Security Abby Seiff See the photo gallery for an illustrated look at a creepy new line of defense Annoying as they are, you may want to think twice before you crush a cockroach or swat a fly?you could be killing a future foot soldier in the war on terror. Increasingly, scientists are turning to insects and other creatures for better ways to identify biohazards. ?Cockroaches can detect all kinds of things, from anthrax spores to DNA,? says Karen Kester, an entomologist at Virginia Commonwealth University. With $1 million in funding from the Pentagon?s Defense Advanced Research Projects Agency (Darpa), Kester is studying ways to use roaches and houseflies as toxin sentinels inside contaminated buildings or subways. This, of course, spares humans the job, and it may prove more effective than mechanical sensors, which often lack the range and sensitivity of their living counterparts. Bees and fish are also in demand. A small British biotechnology firm called Inscentinel is employing the finely tuned olfactory system of bees to sniff for explosives. And New York, California and Maryland are exploiting the highly sensitive nervous system of bluegill fish to test for toxins in municipal water supplies. Bill Lawler, co-founder of Intelligent Automation Corporation, the California company that sells the bluegill-monitoring system, says living sensors are ?the wave of the future.? So go easy on the Raid. http://www.popsci.com/popsci/technology/243434a70e131110vgnvcm1000004eecbccd rcrd.html From rforno at infowarrior.org Fri Mar 9 11:13:17 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 09 Mar 2007 11:13:17 -0500 Subject: [Infowarrior] - Lawmakers Vow Hearings on FBI Errors Message-ID: Lawmakers Vow Hearings on FBI Errors By John Solomon Washington Post Staff Writer Friday, March 9, 2007; 9:56 AM http://www.washingtonpost.com/wp-dyn/content/article/2007/03/09/AR2007030900 539_pf.html Members of Congress vowed today to conduct investigative hearings -- and consider reining in parts of the Patriot Act -- following revelations of pervasive problems in the FBI's use of national security letters to secretly obtain telephone, e-mail and financial records in terrorism cases. Members of the House and Senate Judiciary and intelligence committees will be briefed today on a Justice Department inspector general probe that found the FBI mishandled one of its potent anti-terrorism tools. The problems included failing to provide proper documentation to justify the use of the letters and significantly underreporting to Congress the number of times the special authority was used, The Washington Post reported in today's editions. The reports to Congress are required by law. The Post article was based on interviews with officials who had access to the report, a classified version of which will be presented today to the Judiciary and intelligence committees. It said the violations were not deliberate, but could be widespread. Sen. Arlen Specter, R-Pa., the top Republican on the Senate Judiciary Committee, raised the possibility that Congress might shrink some of the FBI's antiterrorism powers. "I am very concerned that the FBI has so badly misused national security letters," Specter said. "When we reauthorized the Patriot Act last year, we did so on the basis that there would be strict compliance with the limitations included in the statute." Specter said the committee "will now have to undertake comprehensive oversight on this important matter and perhaps act to limit the FBI's power by revising the Patriot Act." The news that the FBI failed to follow its own basic rules and policies designed to protect civil liberties came at the end of a difficult political week for the Bush administration. The last several days have also seen the conviction of Vice President Dick Cheney's former chief of staff in the CIA leak case; growing controversy over the firings of federal prosecutors; and escalating violence in Iraq. Democrats quickly sought to capitalize. Senate Majority Whip Dick Durbin, D-Ill., who had been pressing for a review of national security letters since 2005, said the report "confirms the American people's worst fears about the Patriot Act. "It appears that the administration has used these powers without even the most basic regard for privacy of innocent Americans," Durbin said in a statement. He called for "reasonable reforms" to the Patriot Act that have been proposed, but not acted on, in the past. "We should give the government all the tools it needs to fight terrorism," Durbin said. "However, I continue to believe that the Patriot Act must include reasonable checks and balances to protect the constitutional rights of all Americans." Sen. Charles Schumer, D-N.Y., like Specter a member of the Senate Judiciary Committee, said the problems identified by the inspector general were a "profoundly disturbing breach of public trust." From rforno at infowarrior.org Fri Mar 9 15:10:26 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 09 Mar 2007 15:10:26 -0500 Subject: [Infowarrior] - Link: DoJ Report on FBI use of NSL's Message-ID: 12MB PDF File download: http://media.washingtonpost.com/wp-srv/nation/pdf/doj_fbiletters_032007.pdf WashPo story: From rforno at infowarrior.org Sat Mar 10 21:14:57 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 Mar 2007 21:14:57 -0500 Subject: [Infowarrior] - UK gov: Don't like ID cards? Hand over your passport Message-ID: Don't like ID cards? Hand over your passport By JAMES SLACK Last updated at 23:09pm on 9th March 2007 http://www.dailymail.co.uk/pages/live/articles/news/news.html?in_article_id= 441329&in_page_id=1770&ito=newsnow Anybody who objects to their personal details going on the new "Big Brother" ID cards database will be banned from having a passport. James Hall, the official in charge of the supposedly-voluntary scheme, said the Government would allow people to opt out - but in return they must "forgo the ability" to have a travel document. With one in every eight people saying they will refuse to sign-up, up to five million adults could effectively be refused permission to leave the country. Campaigners reacted to Mr Hall's remarks with fury, saying they were yet more evidence of the lurch towards "Big Brother" Britain. Phil Booth, of the NO2ID group, said: "The idea that ID cards scheme is voluntary, and people can opt-out, is a joke. "There are all sorts of reasons why people need to travel, not just for holidays. There is work, visiting relatives. "What are these people supposed to do? It stretches the definition of voluntary beyond breaking point. They will go to any length to get personal information for this huge database. Who knows what will happen to it then?" Mr Hall, chief executive of the Identity and Passport Service, delivered his warning during a Downing Street "webchat". One concerned member of the public, Andrew Michael Edwards, asked what would happen to people who refuse to join the ?5.4 billion scheme. Mr Hall replied: "There is no need to register and have fingerprints taken - but you will forgo the ability to have a passport". Officials later explained the meaning of his remark. The first ID cards will be issued in 2009, to anybody who applies for a passport. People will be required to give fingerprints, biometric details such as a facial scan and a wealth of personal details - including second homes, driving licence and insurance numbers. All will be stored on a giant ID cards Register, which can be accessed by accredited Whitehall departments, banks and businesses. While The ID Cards Bill was going through Parliament, peers agreed an "opt out" with Ministers for people who needed a passport, but did not want to participate in the ID cards scheme. It was the only way the Lords would accept the legislation, amid howls of concern that it represents yet another move towards a surveillance society. But, as Mr Hall's comments this week make clear, the opt-out only applies to being physically issued with a card. In order to get a passport, people will still have to hand over all their personal details for storage on the ID cards Register - where they will be treated in the same was as those who agreed to sign-up. They simply avoid getting the card - even though they will have to pay the full combined price of ?93 for an ID card and passport. It means that, despite the Government repeatedly insisting the scheme is voluntary, the only way to avoid signing-up is to never obtain or renew a passport. Therefore, anybody who objects to ID cards on principle and wants to keep their personal details private must remain in the UK for the rest of their lives. Critics said it was clear ID cards were being made compulsory by stealth. Some 6.6million people apply for travel documents each year. Mr Booth said legal challenges were inevitable, as restricting the right of free movement is a grave breach of human rights law. A YouGov survey, published three months ago, found 12 per cent of Britons would refuse to take part in the scheme, even if it meant paying a fine or serving a prison sentence. Mr Booth predicted many of this group would be prepared to bring test cases to challenge the Government's position in court. Liberal Democrat home affairs spokesman Nick Clegg said: "This comment confirms long standing suspicions that the government's claim that the ID database will be voluntary is simply not true. The voluntary claim is serving as a fig leaf for a universal compulsory system. "Once again the government's ID card plans are being pursued behind the backs of the British people." Labour has become increasingly obsessed with the introduction of ID cards, claiming they will help to beat fraud and illegal immigration. But both the Conservatives and Liberal Democrats have fiercely opposed the scheme, amid concerns costs could spiral out of control. Academics have predicted the final bill could reach up to ?20 billion. There are also concerns Ministers could be tempted to strike financial deals to pass on personal details, in a bid to recoup some of the enormous costs. If the Tories win power, it will be scrapped immediately. Mr Hall's comments will fuel the suspicion that Ministers are involved in a desperate race against time to get the project off the ground, and get as many people's details as possible before the next General Election. The Home Office said it had never hidden the fact anybody refusing to give their biometric and other personal details to the ID cards database would not be eligible for a passport. A spokesman said it was more cost effective to link the issuing of passports and ID cards, rather than allow people to register their details for one but not the other. From rforno at infowarrior.org Sat Mar 10 22:21:11 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 Mar 2007 22:21:11 -0500 Subject: [Infowarrior] - Another Vista activation crack Message-ID: The hits keep on coming for Redmond, it seems. What is this, the 3rd or 4th such solution? --rf Activate 64-bit Windows Vista (Ultimate and x64) with TimerStop v2a Crack plus 2099 Trick The TimerStop.sys crack that can permanently activate Windows Vista by making the state of Windows Vista system always in evaluation or trial state, and posted by offlinevista in an anti-WPA forum has been updated to support Windows Vista 64-bit of all edition, including Windows Vista Ultimate. The new version of TimerStop Vista activation countdown timer stopper version 2a (or v2a) consists of 32bit (x86) timerstop.sys (4096 bytes) and timerstop64.sys (6136 bytes) for activation crack of 64bit or x64 version of Windows Vista. < - > http://www.mydigitallife.info/2007/01/24/activate-64-bit-windows-vista-ultim ate-and-x64-with-timerstop-v2a-crack-plus-2099-trick/ From rforno at infowarrior.org Sat Mar 10 23:47:44 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 Mar 2007 23:47:44 -0500 Subject: [Infowarrior] - Pretty cool....Flight Patterns Visualization Art Message-ID: (the quicktime videos are really nifty! -rf) The Flight Patterns visualizations are the result of experiments leading to the project Celestial Mechanics by Scott Hessels and Gabriel Dunne. FAA data was parsed and plotted using the Processing programming environment. The frames were composited with Adobe After Effects and/or Maya. http://users.design.ucla.edu/~akoblin/work/faa/Documentationl2.html From rforno at infowarrior.org Sun Mar 11 00:03:48 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Mar 2007 00:03:48 -0500 Subject: [Infowarrior] - UN Warming Report to Warn of Coming Drought Message-ID: Warming Report to Warn of Coming Drought Mar 10, 7:32 PM (ET) By SETH BORENSTEIN http://apnews.myway.com/article/20070311/D8NPKSRG2.html WASHINGTON (AP) - The harmful effects of global warming on daily life are already showing up, and within a couple of decades hundreds of millions of people won't have enough water, top scientists will say next month at a meeting in Belgium. At the same time, tens of millions of others will be flooded out of their homes each year as the Earth reels from rising temperatures and sea levels, according to portions of a draft of an international scientific report obtained by The Associated Press. Tropical diseases like malaria will spread. By 2050, polar bears will mostly be found in zoos, their habitats gone. Pests like fire ants will thrive. For a time, food will be plentiful because of the longer growing season in northern regions. But by 2080, hundreds of millions of people could face starvation, according to the report, which is still being revised. The draft document by the authoritative Intergovernmental Panel on Climate Change focuses on global warming's effects and is the second in a series of four being issued this year. Written and reviewed by more than 1,000 scientists from dozens of countries, it still must be edited by government officials. But some scientists said the overall message is not likely to change when it's issued in early April in Brussels, the same city where European Union leaders agreed this past week to drastically cut greenhouse gas emissions by 2020. Their plan will be presented to President Bush and other world leaders at a summit in June. The report offers some hope if nations slow and then reduce their greenhouse gas emissions, but it notes that what's happening now isn't encouraging. "Changes in climate are now affecting physical and biological systems on every continent," the report says, in marked contrast to a 2001 report by the same international group that said the effects of global warming were coming. But that report only mentioned scattered regional effects. "Things are happening and happening faster than we expected," said Patricia Romero Lankao of the National Center for Atmospheric Research in Boulder, Colo., one of the many co-authors of the new report. The draft document says scientists are highly confident that many current problems - change in species' habits and habitats, more acidified oceans, loss of wetlands, bleaching of coral reefs, and increases in allergy-inducing pollen - can be blamed on global warming. For example, the report says North America "has already experienced substantial ecosystem, social and cultural disruption from recent climate extremes," such as hurricanes and wildfires. But the present is nothing compared to the future. Global warming soon will "affect everyone's life ... it's the poor sectors that will be most affected," Romero Lankao said. And co-author Terry Root of Stanford University said: "We truly are standing at the edge of mass extinction" of species. The report included these likely results of global warming: _Hundreds of millions of Africans and tens of millions of Latin Americans who now have water will be short of it in less than 20 years. By 2050, more than 1 billion people in Asia could face water shortages. By 2080, water shortages could threaten 1.1 billion to 3.2 billion people, depending on the level of greenhouse gases that cars and industry spew into the air. _Death rates for the world's poor from global warming-related illnesses, such as malnutrition and diarrhea, will rise by 2030. Malaria and dengue fever, as well as illnesses from eating contaminated shellfish, are likely to grow. _Europe's small glaciers will disappear with many of the continent's large glaciers shrinking dramatically by 2050. And half of Europe's plant species could be vulnerable, endangered or extinct by 2100. _By 2080, between 200 million and 600 million people could be hungry because of global warming's effects. _About 100 million people each year could be flooded by 2080 by rising seas. _Smog in U.S. cities will worsen and "ozone-related deaths from climate (will) increase by approximately 4.5 percent for the mid-2050s, compared with 1990s levels," turning a small health risk into a substantial one. _Polar bears in the wild and other animals will be pushed to extinction. _At first, more food will be grown. For example, soybean and rice yields in Latin America will increase starting in a couple of years. Areas outside the tropics, especially the northern latitudes, will see longer growing seasons and healthier forests. Looking at different impacts on ecosystems, industry and regions, the report sees the most positive benefits in forestry and some improved agriculture and transportation in polar regions. The biggest damage is likely to come in ocean and coastal ecosystems, water resources and coastal settlements. The hardest-hit continents are likely to be Africa and Asia, with major harm also coming to small islands and some aspects of ecosystems near the poles. North America, Europe and Australia are predicted to suffer the fewest of the harmful effects. "In most parts of the world and most segments of populations, lifestyles are likely to change as a result of climate change," the draft report said. "Net valuations of benefits vs. costs will vary, but they are more likely to be negative if climate change is substantial and rapid, rather than if it is moderate and gradual." This report - considered by some scientists the "emotional heart" of climate change research - focuses on how global warming alters the planet and life here, as opposed to the more science-focused report by the same group last month. "This is the story. This is the whole play. This is how it's going to affect people. The science is one thing. This is how it affects me, you and the person next door," said University of Victoria climate scientist Andrew Weaver. Many - not all - of those effects can be prevented, the report says, if within a generation the world slows down its emissions of carbon dioxide and if the level of greenhouse gases sticking around in the atmosphere stabilizes. If that's the case, the report says "most major impacts on human welfare would be avoided; but some major impacts on ecosystems are likely to occur." The United Nations-organized network of 2,000 scientists was established in 1988 to give regular assessments of the Earth's environment. The document issued last month in Paris concluded that scientists are 90 percent certain that people are the cause of global warming and that warming will continue for centuries. --- On the Net: Intergovernmental Panel on Climate Change: http://www.ipcc-wg2.org/ From rforno at infowarrior.org Sun Mar 11 00:16:24 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Mar 2007 00:16:24 -0500 Subject: [Infowarrior] - Good luck to everyone tonight.... Message-ID: ....may we survive this mini-Y2K Daylight Savings Time problem and live to see the sunlight tomorrow. As for me, I've stocked up on food, water, medicines, and have more than enough fuel in the generators. After all, you can't be too careful --- or so I've been told by the media all weekend. [/sarcasm] From rforno at infowarrior.org Sun Mar 11 00:19:12 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Mar 2007 00:19:12 -0500 Subject: [Infowarrior] - IEEE Security Informatics Conference Message-ID: http://dimacs.rutgers.edu/ISI2007/index.html nformatics research has emerged as a key scientific discipline and applications domain supporting counterterrorism and homeland security?s missions of anticipation, interdiction, prevention, preparedness and response to terrorist acts. ISI 2007 provides a forum for discussions among these vital communities: academic researchers (in information technologies, computer science, public policy, and social studies), local, state, and federal law enforcement and intelligence experts, and information technology industry consultants and practitioners. Security informatics is a rapidly growing multidisciplinary area that crosscuts numerous disciplines, including computer science, information technology, engineering, public policy, medicine (medical informatics), biology (bioinformatics), social and behavioral sciences, political science, and modeling and analysis. The combination of intelligence and security informatics strives to integrate computational social science, advanced information technologies and algorithms to support counterterrorism and homeland security policies, organizations and operations (both domestically and internationally). Because of the conference?s location near major New York ? New Jersey ports, one of its key themes is port security, where the term ?port? is used here in its broad sense, namely, as a point of entry/exit for secure flows of people and cargo. Other themes cover the components of effective counterterrorism, dynamic data analysis, and critical-infrastructure protection technologies. This conference aims to foster the development and growth of a counterterrorism and homeland-security community by providing a forum and podium for diverse communities: academia, government (local, state, federal law enforcement, intelligence experts, etc.) and industry (consultants and practitioners etc.). We solicit contribution of long or short papers, and proposals for panel discussions on both the science and the practice of intelligence and security informatics. The conference proceedings will be published as an IEEE publication. Several satellite conferences will also be held before or after ISI-2007 (see http://dimacs.rutgers.edu/ISI2007) The upcoming IEEE International Conference on Intelligence and Security Informatics 2007 (ISI 2007) will be held May 23-24, 2007, in New Brunswick, New Jersey, at the Hyatt Hotel. From rforno at infowarrior.org Sun Mar 11 00:33:51 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Mar 2007 00:33:51 -0500 Subject: [Infowarrior] - Chasing High-Tech Fraudsters Message-ID: Chasing High-Tech Fraudsters Published: March 07, 2007 in Knowledge at Wharton In one sense, Frank Abagnale Jr. might seem an odd choice as a featured speaker at a cutting-edge, computer-ruled event like the Wharton Technology Conference 2007. That's not just because Abagnale -- the subject of the 2002 Steven Spielberg movie "Catch Me If You Can" -- was one of the most notorious con men of the 20th century, but also because his technique was so decidedly low-tech. Consider what Abagnale -- a teenager at the time -- did in the mid-1960s when he faked his identity as a Pan Am pilot, a move that allowed him to travel more than one million miles and visit some 250 cities in 26 countries, free of charge. A key element of his scheme involved faking a Pan Am ID card, a process he completed by taking the logo from an airplane model kit sold at a hobby store. Indeed, while Abagnale's riveting lecture was alternately humorous and poignant, it also contained an underlying message: Vigilance against fraudsters and con artists should be even more of a priority now than it was then, because Abagnale's 1960s schemes were harder work. "What I did more than 40 years ago is now about 4,000 times easier to do because of technology," Abagnale said in a brief interview after his speech. "When I used to print checks, I needed a Heidelberg printing press -- it was a million-dollar machine, it was 90 feet long and 18-feet high, and it required different printers and color separators and negatives. Today, I can open up a laptop, create a check from a large, existing Fortune 500 company, capture their logo from their web site, print it on their check and come out with a perfect document in a matter of just minutes." < - > http://knowledge.wharton.upenn.edu/article.cfm?articleid=1677 From rforno at infowarrior.org Sun Mar 11 19:50:40 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Mar 2007 14:50:40 -0500 Subject: [Infowarrior] - No. 3 Senate leader calls on Gonzales to step down In-Reply-To: Message-ID: http://www.pogowasright.org/article.php?story=20070311131701945 Featured Story: No. 3 Senate leader calls on Gonzales to step down The Senate's No. 3 Democrat said Sunday that Attorney General Alberto Gonzales should resign because he is putting politics above the law. Sen. Charles Schumer cited the FBI's illegal snooping into people's private lives and the Justice Department's firing of federal prosecutors. Schumer, D-N.Y., said Gonzales repeatedly has shown more allegiance to President Bush than to citizens' legal rights since taking his job in early 2005. He branded Gonzales, a former White House counsel, as one of the most political attorney generals in recent history. [...] From rforno at infowarrior.org Mon Mar 12 04:18:13 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Mar 2007 23:18:13 -0500 Subject: [Infowarrior] - GUI Guidebook Message-ID: Jeez, poking around this site brings back many memories, both good and bad, about my computing experience..........rf Welcome to guidebook, a website dedicated to preserving and showcasing Graphical User Interfaces, as well as various materials related to them. http://www.guidebookgallery.org/index From rforno at infowarrior.org Mon Mar 12 04:24:11 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Mar 2007 23:24:11 -0500 Subject: [Infowarrior] - U.S. security scares foreign visitors away Message-ID: U.S. security scares foreign visitors away Sunday March 11, 10:13 pm ET By Tim Gaynor http://biz.yahoo.com/rb/070311/usa_security_visitors.html?.v=2 GRAND CANYON, Arizona (Reuters) - Maryellen Fleming-Hoffman manages a gift store on the plunging rim of the Grand Canyon, where visitors come to marvel at one of the world's greatest attractions. Business is good, local travel is buoyant, although one thing is different: foreign visitors to the canyon, like other U.S. tourist attractions, are no longer coming in the numbers they once did, she says. "Overall, the number of foreign visitors are down and we'd like to see more of them," Fleming-Hoffman told Reuters in the Hopi House store, which sells a selection of American Indian jewelry and other handycrafts. The store is among travel-related businesses across the United States feeling a decline in the number of overseas visitors, which have yet to recover to levels before the September 11 2001 attacks. According to figures from the Travel Industry Association of America, the number of travelers to the United States -- not including Canadians and Mexicans -- has dropped by 17 percent since 2001. Despite a record year for world tourism last year and a weak dollar against both the British pound and the euro, the number of visitors from Western Europe dipped by nearly three percent over the previous year. The pinch has been felt by businesses from California to the sunshine state of Florida, which draws tourists with its theme parks and beaches. According to industry lobbyists and analysts, the chief reason behind the decline is a convoluted visa process to enter the country and poor perceptions of treatment by pistol-toting and often stern-faced immigration officials on arrival. FAILING TO EXTEND A WELCOME In a survey conducted by the travel industry lobby group the Discover America Partnership late last year, the United States' scored more than twice as badly as the next region, the Middle East, in terms of travel friendliness. Two-thirds of respondents worried they could be held back at airports because of a mistake in form filling or a misstatement to immigration officials. Half said officials were rude and that they feared them more than the threat of terrorism or crime. For many foreign tourists and business travelers, the anxiety surrounding the entry process makes rival destinations in Europe, Asia and Africa more attractive to visit than the United States. "There's other places you can go where you don't get treated badly at immigration and ports of entry," British visitor Mitchel Lenson told Reuters as he stood on a wind-swept promontory overlooking the Grand Canyon. "The assumption (in the United States) is 'you must be a criminal, so we'll treat you that way,"' he added. Travel industry sources say the frosty welcome is not just driving tourists away but also business travelers from overseas, foreign students and even foreigners seeking medical care in U.S. clinics and hospitals. Geoff Freeman, the executive director of the Washington-based Discover America Partnership, says the decline is costing the increasingly service-led U.S. economy dearly. "(It) harms our economic security," he told Reuters in a telephone interview. "As the number of foreign visitors falls we lose billions of dollars in spending, billions in tax revenues and hundreds of thousands of jobs," he added. LURING BACK VISITORS Lawmakers on Capitol Hill are expected to present a bill this year drawing on the Discover America Partnership's "Blueprint to Discover America" report, which was crafted with input from Tom Ridge, the first U.S. homeland security chief. Among proposals are contracting more staff at U.S. consulates overseas to bring down wait times for travel visas to 30 days -- from the current levels of up to three months in some countries -- and sending in trouble-shooting "rapid response" teams to tackle backlogs. It also proposes extending the visa waiver rights currently held by 27 countries worldwide to other nations to allow more visitors to bypass the strained visa system. Back in the United States, proposals include hiring 250 more Customs and Border Protection agents to work in busy airport arrival halls, and in consulting theme park operator Disney for tips on line management. Tourist authorities say other countries use more state funds to lure foreign visitors, and they would also like to see higher government spending to woo foreign visitors back to the United States, "The welcome from the U.S. government just hasn't been there," said Vanessa Welter, communications director for state tourism agency Visit Florida. "We want to ensure our borders are safe but we also want ensure that people know we want them to come here ... with the exchange rate, we're on sale right now!" (additional reporting by Barbara Liston in Orlando) From rforno at infowarrior.org Mon Mar 12 14:35:14 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Mar 2007 09:35:14 -0500 Subject: [Infowarrior] - Myspace to offer news service Message-ID: MYSPACE TO OFFER NEWS SERVICE By ZACHERY KOUWE http://www.nypost.com/seven/03122007/business/myspace_to_offer_news_service_ business_zachery_kouwe.htm March 12, 2007 -- Social networking behemoth MySpace.com is set to launch its own news service that will allow users to comment on and rate stories that they post on their personal pages. MySpace's news aggregator service is intended to keep users on the site instead of having them go to other places on the Web to get gossip, news and sports stories. The new venture, which could launch in the second quarter, could be a tough competitor to news aggregation and sharing site Digg.com. MySpace's new venture was first reported by media blogger Terry Heaton, who obtained internal company marketing materials on the plan. It's unclear whether MySpace News will have stories posted only by its members or if the company will post selected stories from its media partners. MySpace, like The Post, is owned by News Corp. Digg allows members to post stories they find from across the Web, which are then rated by other users. Traffic to the site has exploded in recent months and Digg's founder Kevin Rose has become a minor Silicon Valley celebrity. MySpace has over 100 million accounts and is consistently rated as one of the most visited sites on the Internet. Because of the large number of users and its parent company's root in newspapers any move into the news business is likely to be watched very closely by other traditional media players. From rforno at infowarrior.org Mon Mar 12 14:38:46 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Mar 2007 09:38:46 -0500 Subject: [Infowarrior] - Seagate ships hard drives with encryption Message-ID: Seagate ships hard drives with encryption By Joris Evers http://news.com.com/Seagate+ships+hard+drives+with+encryption/2100-1029_3-61 66180.html Story last modified Mon Mar 12 06:30:09 PDT 2007 Seagate Technology on Monday plans to announce the first manufacturer to sell laptop PCs with Seagate's new hard drive that has built-in encryption technology. Fremont, Calif.-based ASI Computer Technologies will start selling computers equipped with Seagate's Momentus 5400 FDE.2 drive next month, Seagate said in a statement. The computers, called ASI C8015, will be sold through a number of ASI's partners, including Newegg.com, PowerNotebooks.com and ZipZoomfly.com, an ASI representative said. In addition to an 80GB Seagate drive, the ASI machine will feature a fingerprint reader, 15.4-inch display, Intel Core 2 Duo Mobile 2.0GHz processor, Nvidia graphics with 256MB memory, 1GB RAM and a DVD rewritable drive, according to ASI. The price is expected to be about $2,150. The Seagate drives are equipped with the company's new "DriveTrust" technology, which the company promotes as a simpler way to safeguard data stored on laptops. The encryption technology is designed to make life tougher for computer thieves and to prevent embarrassing breaches. ASI is a small player among notebook makers. It ships "whitebook" computers that don't carry a name brand and are sold by resellers who sometimes put their own names on the hardware. Seagate is also in discussions with major, brand name laptop makers and expects to announce more deals for its new hard drive midyear. "We will obviously be selling this to worldwide resellers," said Michael Hall, a Seagate spokesman. Seagate pitches its encrypting hard disk as an alternative to full-disk encryption software, such as products sold by PGP and PointSec Mobile Technologies. Additionally, high-end editions of Microsoft's upcoming Windows Vista operating system include an encryption feature called BitLocker. The Momentus 5400 FDE.2 offers up to 160GB of capacity, a Serial ATA interface, and hardware-based Advanced Encryption Standard (AES) encryption, according to Seagate. ASI will ship its laptop with Wave Systems' management software to simplify enterprise use of the computers, it said. Copyright ?1995-2007 CNET Networks, Inc. All rights reserved From rforno at infowarrior.org Mon Mar 12 14:40:07 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Mar 2007 09:40:07 -0500 Subject: [Infowarrior] - Terrorists Proving Harder to Profile Message-ID: Terrorists Proving Harder to Profile European Officials Say Traits of Suspected Islamic Extremists Are Constantly Shifting By Craig Whitlock Washington Post Foreign Service Monday, March 12, 2007; A01 ZUTPHEN, Netherlands -- On the surface, the young Dutch Moroccan mother looked like an immigrant success story: She studied business in college, hung out at the pub with her friends and was known for her fashionable taste in clothes. So residents of this 900-year-old river town were thrown for a loop last year when Bouchra El-Hor, now 24, appeared in a British courtroom wearing handcuffs under an all-encompassing black veil. Prosecutors said she had covered up plans for a terrorist attack and wrote a letter offering to sacrifice herself and her infant son as martyrs. "We were flabbergasted to learn that she had become a fanatic," said Renee Haantjes, a college instructor who recalled her as "a normal Dutch girl." People in Zutphen may have been surprised, but terrorism suspects from atypical backgrounds are becoming increasingly common in Western Europe. With new plots surfacing every month, police across Europe are arresting significant numbers of women, teenagers, white-skinned suspects and people baptized as Christians -- groups that in the past were considered among the least likely to embrace Islamic radicalism. The demographics of those being arrested are so diverse that many European counterterrorism officials and analysts say they have given up trying to predict what sorts of people are most likely to become terrorists. Age, sex, ethnicity, education and economic status have become more and more irrelevant. "It's very difficult to make a profile of terrorists," Tjibbe Joustra, the Dutch national coordinator for counterterrorism, said in an interview. "To have a profile that you can recognize, so that you can predict, 'This guy is going to be radical, perhaps he will cross the line into terrorism' -- that, I think, is impossible." < - > http://www.washingtonpost.com/wp-dyn/content/article/2007/03/11/AR2007031101 618_pf.html From rforno at infowarrior.org Mon Mar 12 14:40:54 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Mar 2007 09:40:54 -0500 Subject: [Infowarrior] - Government Sites Aren't FOIA-Friendly Message-ID: Government Sites Aren't FOIA-Friendly Study Finds Most Agencies Fall Short of Transparency Mandate http://www.washingtonpost.com/wp-dyn/content/article/2007/03/11/AR2007031101 043_pf.html Monday, March 12, 2007; A11 Federal agencies helped create the Internet, but most do not use it to inform the public about what they do, a study to be released today shows. In 1996, Congress intended to keep government ahead of the curve by amending the Freedom of Information Act (FOIA) to require that agencies put more public information on their Web sites. Posting important and most-requested records online, the theory went, would burn through a raft of hard-copy FOIA requests, save money and eliminate waiting time. But the new study by the National Security Archive, a nongovernmental research institute and library located at George Washington University, finds that 10 years after Congress passed "E-FOIA," agency Web sites distinguish themselves more for cyber-foot-dragging than for streamlined access. A review of 149 federal agencies found that only 1 in 5 posts on its Web site all the records required and that even fewer -- 6 percent -- tell people how to request what does not appear there. Two-thirds do not provide indexes to their major records systems, or they provide guides that are so unclear they are worthless. Only 1 in 4 agencies includes an online FOIA submission form on its Web site. This failure to comply with the law, advocates of open government say, amounts to another stiff-arm by the executive branch to Congress's demand for greater transparency. "It seems like a no-brainer. . . . It's a very basic Web practice that was adopted by the private sector several years ago or more," said Kristin Adair, staff counsel for the National Security Archive and the report's primary author. Amid all this opacity, a few agencies stand out. One of the most compliant, NASA, was instrumental in the development of the Internet. But so was the Department of Defense, one of the worst E-FOIA offenders. -- Elizabeth Williamson From rforno at infowarrior.org Mon Mar 12 15:40:44 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Mar 2007 10:40:44 -0500 Subject: [Infowarrior] - Pew Research: The State of the News Media 2007 Message-ID: http://www.stateofthenewsmedia.org/2007/index.asp The State of the News Media 2007 is the fourth edition of our annual report on the health and status of American journalism. Its goal is to gather in one place as much data as possible about all the major sectors of journalism, to identify trends, mark key indicators, note areas for further inquiry and provide a resource for citizens, journalists, and researchers. For each area we have produced original research and aggregated existing data into a narrative. The statistical data also exists in an interactive area called Charts & Tables where users can customize their own graphics. This year, we also offer a detailed report on the status of online journalism, based on a close quantitative examination of a diverse sample of news websites. ?Digital Journalism: A Topography? identifies what qualities of the web are being emphasized and which are not. The study also includes an interactive component that allows users to find the qualities they are looking for and test their favorite sites. The study is the work of the Project for Excellence in Journalism, a non political, non partisan research institute that is part of the Pew Research Center in Washington. The study is funded by the Pew Charitable Trusts and was produced with the help of a number of partners, including Rick Edmonds of the Poynter Institute, Andrew Tyndall of ADT Research and a host of industry ?readers.? http://www.stateofthenewsmedia.org/2007/index.asp From rforno at infowarrior.org Tue Mar 13 02:39:20 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Mar 2007 21:39:20 -0500 Subject: [Infowarrior] - DOD wants to fund "political will mapper" tool In-Reply-To: Message-ID: This is interesting from an analytical perspective yet underscores the fetish America has with applying technology and technological systems towards socio-cultural problems. Seeing something like this only makes me think back to Macnamara's infatuation with systems analysis as the be-all end-all for developing lessons-learned reports during Vietnam. In the case of low-intensity conflict and unconventional warfare, I'm skeptical of the effectiveness of such a proposed system. If you don't have folks that understand the theory behind tribal cultures and relations amongst foreign populations --- ie things you ONLY find out with close interaction with the locals -- all something like this will do is give you data and metrics but not wisdom or understanding. In other words, having data =| having understanding. Still, it sounds like a nifty project for some contractor....and I admit I'd be curious to see how this gets developed. -rf http://www.dodsbir.net/solicitation/sttr07/osd07.htm > OSD07-T002 TITLE: Measuring and Mapping Political Will > > > > TECHNOLOGY AREAS: Human Systems > > > > OBJECTIVE: Design, develop and test a dynamic analytical tool for determining > the presence, absence and/or degree of political will for reform and > collaboration with the USG in democratization, counter-insurgency and > counter-terrorism efforts within governments and/or leadership elites of > crisis prone states. Develop a web-enabled/deployable training methodology > and product to be used by USG policy-makers and DoD operational field leaders > to learn how to apply the dynamic analytical tool in specific countries. > > > > DESCRIPTION: In environments that are unstable, the DoD is often at the > forefront of USG efforts to stabilize local and regional populations. > Operational and tactical military leaders may find themselves to be the > primary interface with a country?s political leaders. Gauging willingness of > those political leaders to collaborate with the USG on counter-insurgency, > counter-terrorism and stabilization operations/objectives is critical to U.S. > success in these programs. This willingness to collaborate with the USG, > specifically in efforts to reform the politico/economic environment, is what > is referred to as political will. > > > > The literatures of democratization, counter-insurgency, and counter-terrorism > are replete with the centrality of political will to successfully > accomplishing our national objectives. It is identified as a threshold > variable in determining the relationship between the USG and foreign > government counterparts. Political will is derived from the support of the > people, and is vital to successful accomplishment of USG objectives and > therefore of vital interest to strategic and operational leaders. Moreover, > current planning efforts within both the civilian and military agencies of the > USG depend on the presence of political will for establishing strategies for > dealing with insurgency, terrorism and democratization. For example, current > efforts of the OSD (?Ungoverned Areas?) and the National Security Council > (?Safe Havens Strategy?) begin with an initial threshold question, ?Does the > state have political will?? > > > > Political will is often posed in this way ? i.e. as a binary variable; > counterpart governments in subject states are assumed to either have, or not > have it. It is typically discussed as though the government, or leadership, > of the subject state is monolithic. Analyses of political will generally seem > to assume that once a determination is made, it can be treated as a constant. > However, this over-simplification creates a number of extreme vulnerabilities, > and leads to the likelihood of miscalculation in determining the appropriate > relationship with a host-government counterpart. The miscalculation of such a > key variable can easily result in significant waste of resources, effort and > time, and even counterproductive outcomes. > > > > Military and other planners traditionally make instinctive assumptions about > the presence or absence of political will based on a variety of subjective > factors. Until now no objective framework for determination has been > developed or applied. The result is that major decisions regarding > collaboration, information sharing, funding and planning are based almost > exclusively on individual idiosyncracy, without taking into account historical > or collective experience. As defined in JP 1-02, DoD Dictionary of Military > Terms, an assumption is: ?A supposition on the current situation or a > presupposition on the future course of events, either or both assumed to be > true in the absence of positive proof, necessary to enable the commander in > the process of planning to complete an estimate of the situation and make a > decision on the course of action.? (e.g. following the conclusion of armed > military conflict the population will embrace democratic ideals). Planner?s > can?t actually confirm that is the case without reliable polling data, but > through expert opinion and other methods they strongly suspect its validity. > Based on an assumption that the environment (political will) will be more > benign than contested, the military planner may assign fewer resources at > their disposal to population control/security tasks than if the reverse were > true. A capability to dynamically assess the impact of political will on > national/ military objectives would be of enormous value to USG planners in > that it would allow for more efficient/effective allocation of USG > resources/efforts. > > > > This research project will de-construct and unpack the concept of political > will into its constituent elements. The reduction of political will to a > binary variable misses the tremendous array of intermediary positions between > the poles of presence or absence. The project will establish a full spectrum > of gradients between the two extremes based on the level of intensity of > political will. This will enable policy-makers and field leaders to gauge > just how much political will their counterparts possess. With respect to the > monolithic character of regimes, even the most autocratic regimes are not > entirely monolithic ? there are always elements within a regime which favor > reform. The study will therefore develop a mapping methodology to help > determine the universality of political will - which sub-components of host > country regime possess political will for reform and collaboration. Finally > the project will develop a dynamic component to measure the propensity to > variation in political will, or its robustness, based on behavior and fact > patterns. > > > > PHASE I: Design the analytic framework for a nuanced determination of critical > ?political will? factors within regimes that directly influence stabilization > operations and other military-relevant missions and outcomes. Metrics for > measuring political will are to be developed, along with the capability to > model dynamic changes in the political will dimension that may occur within a > given regime. > > > > PHASE II: Develop and refine the framework using empirical validation to > clarify relationships between gradients of political will intensity and actual > behavior. Use the same historical cases to validate the behavior and fact > patterns. Establish overall validity of the dynamic analytic tool through > selected testing. > > > > PHASE III: Design and develop modular deployable training program to enable > policy-makers and field-based leaders to apply the dynamic analytic tool > appropriately and utilize the methodology effectively. > > > > DUAL USE COMMERCIALIZATION: The political will concept could be designed at > multiple levels and has potentially wide applicability USG-wide, Multination > and International governments and industries. > > > > REFERENCES: > > 1. Brinkerhoff, Derick W., with assistance from Nicolas P. Kulibaba, > ?Identifying and Assessing Political Will for Anti-Corruption Efforts,? > (1999). > > > > 2. Blair, Harry and Gary Hanson, ?Weighing in on the scales of justice: > Strategic approaches for donor-supported rule of law programs,? (1994). > > > > 3. Turvey, Brent E., ?Criminal Profiling: An Introduction to Behavioral > Evidence Analysis,? (2002). > > > > KEYWORDS: political will, political support, governmental support, political > commitment, leadership attitude > > From rforno at infowarrior.org Tue Mar 13 13:34:57 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Mar 2007 08:34:57 -0500 Subject: [Infowarrior] - US Attornies' Firings Had Genesis in White House Message-ID: Firings Had Genesis in White House Ex-Counsel Miers First Suggested Dismissing Prosecutors 2 Years Ago, Documents Show By Dan Eggen and John Solomon Washington Post Staff Writers Tuesday, March 13, 2007; A01 The White House suggested two years ago that the Justice Department fire all 93 U.S. attorneys, a proposal that eventually resulted in the dismissals of eight prosecutors last year, according to e-mails and internal documents that the administration will provide to Congress today. The dismissals took place after President Bush told Attorney General Alberto R. Gonzales in October that he had received complaints that some prosecutors had not energetically pursued voter-fraud investigations, according to a White House spokeswoman. Gonzales approved the idea of firing a smaller group of U.S. attorneys shortly after taking office in February 2005. The aide in charge of the dismissals -- his chief of staff, D. Kyle Sampson -- resigned yesterday, officials said, after acknowledging that he did not tell key Justice officials about the extent of his communications with the White House, leading them to provide incomplete information to Congress. Lawmakers requested the documents as part of an investigation into whether the firings were politically motivated. While it is unclear whether the documents, which were reviewed yesterday by The Washington Post, will answer Congress's questions, they show that the White House and other administration officials were more closely involved in the dismissals, and at a much earlier date, than they have previously acknowledged. Seven U.S. attorneys were fired on Dec. 7 and another was fired months earlier, with little explanation from the Justice Department. Several former prosecutors have since alleged intimidation, including improper telephone calls from GOP lawmakers or their aides, and have alleged threats of retaliation by a Justice Department official. Administration officials have portrayed the firings as a routine personnel matter, designed primarily to rid the department of a handful of poor performers. But the documents and interviews indicate that the idea for the firings originated at least two years ago, when then-White House counsel Harriet E. Miers suggested to Sampson in February 2005 that all prosecutors be dismissed and replaced. < - > http://www.washingtonpost.com/wp-dyn/content/article/2007/03/12/AR2007031201 818_pf.html From rforno at infowarrior.org Tue Mar 13 14:03:06 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Mar 2007 09:03:06 -0500 Subject: [Infowarrior] - Spying Too Secret For Your Court: AT&T, Gov Tell Ninth Message-ID: Spying Too Secret For Your Court: AT&T, Gov Tell Ninth Ladyjusticeblue AT&T told an appeals court in a written brief Monday that the case against it for allegedly helping the government spy on its customers should be thrown out, because it cannot defend itself -- even by showing a signed order from the government -- without endangering national security. A government brief filed simultaneously backed AT&T's claims and said a lower court judge had exceeded his authority by not dismissing the suit outright. < - > http://blog.wired.com/27bstroke6/2007/03/its_too_secret_.html From rforno at infowarrior.org Tue Mar 13 15:45:34 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Mar 2007 10:45:34 -0500 Subject: [Infowarrior] - If you must pirate, use counterfeit Windows Message-ID: If you must pirate, use counterfeit Windows MS exec gets pragmatic about piracy By John Leyden ? More by this author Published Tuesday 13th March 2007 13:14 GMT http://www.theregister.co.uk/2007/03/13/ms_piracy_benefits/ A senior Microsoft exec has admitted that some software piracy actually ends up benefiting the technology giant because it leads to purchases of other software packages. In this way, some software pirates who might otherwise never try Microsoft products become paying customers, according to Microsoft business group president Jeff Raikes. "If they're going to pirate somebody, we want it to be us rather than somebody else," Raikes told delegates at last week's Morgan Stanley Technology conference in San Francisco, Information Week reports. Raikes' stance seems at odds with the Microsoft's recent aggressive anti-piracy push, via its controversial Windows Genuine Advantage Programme, which resulted in many instances where legitimate users were identified as using "dodgy" software. And that's to say nothing of the millions Microsoft spends every year on other anti-piracy initiatives. Rather than saying that piracy isn't a problem per-se, Raikes reckons that between 20 and 25 per cent of US software is pirated, he argues pragmatically that it can have benefits over the long-run. "We understand that in the long run the fundamental asset is the installed base of people who are using our products," Raikes said. "What you hope to do over time is convert them to licensing the software," he said. Although Microsoft has no intentions of scaling down (much less abandoning) its effort to chase software counterfeiters, Raikes argues that it's against its interests to push illegitimate users so hard that they wind up using alternative products. "You want to push towards getting legal licensing, but you don't want to push so hard that you lose the asset that's most fundamental in the business," Raikes said, adding that Microsoft is developing "pay-as-you-go" software pricing models in a bid to encourage low-income people in emerging countries to use its technology. Raikes' intervention provides a welcome perspective on the software piracy debate which has for a long time been dominated by the simplistic argument, wheeled out ad nauseum by industry groups such as the Business Software Alliance, that a copy of pirated software is equivalent to a lost sale. From rforno at infowarrior.org Tue Mar 13 15:47:18 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Mar 2007 10:47:18 -0500 Subject: [Infowarrior] - Malaysia uses sniffer dogs to fight movie pirates Message-ID: Malaysia uses sniffer dogs to fight movie pirates By Clarence Fernandez Reuters Tuesday, March 13, 2007; 10:05 AM http://www.washingtonpost.com/wp-dyn/content/article/2007/03/13/AR2007031300 266.html SEPANG, Malaysia (Reuters) - Malaysia deployed two sniffer dogs in its battle against music and movie piracy on Tuesday, becoming the first country in the world to use the animals to hunt for disks of illegal recordings hidden in cargo. Two female Black Labradors, "Flo" and "Lucky," demonstrated their technique by sniffing through piles of sealed cartons in an air cargo hangar and then signaling their handler about a suspect package by sitting down in front of it. "It's cost-effective, and in terms of time, it's very effective too," said Domestic Trade Minister Shafie Apdal, adding that the dogs took only 10 minutes to check boxes that security officials would have needed a day to plow through. Malaysia, which figures on a U.S. watchlist on piracy, has dramatically stepped up efforts to rein in copyright pirates as it negotiates a free-trade pact with the United States. Shafie said Malaysia would try out the dogs for a month, carrying out searches at border posts, in cargo hangars and storage centers to see where they functioned best before the government made a decision on setting up a permanent dog unit. "The arrival and deployment of Lucky and Flo will make Malaysia the first country in the world to test the capability of dogs in detecting optical disks in hidden compartments or shipments," he said at Malaysia's biggest air-cargo center in Sepang outside Kuala Lumpur. The trial is a joint effort of the Malaysian authorities and the Motion Picture Association, which groups six major Hollywood movie companies. The MPA has spent $17,000 on the dogs, including eight months of training to detect the chemicals used in optical discs, one official said. "No one's ever trained dogs to sniff polycarbonate before," Mike Ellis told reporters. "These dogs were taken from scratch and trained how to sniff these chemicals." Trained by a handler in Northern Ireland who usually teaches dogs to find bombs, Lucky and Flo are aged three-and-a-half, and can find, but cannot distinguish between, CDs and DVDs, burned and replicated disks, or legitimate and pirate disks. "However, the dogs will be valuable in locating disks being shipped in unlikely or unregistered containers," the MPA said. The grouping estimates that copyright theft cost its members about $1.2 billion in lost revenue in the Asia-Pacific region last year, a fraction of annual worldwide losses of $6 billion. In 2006, Malaysian authorities seized 25 VCD replicating machines capable of turning out 87 million pirated disks a year. Handler Dave Mayberry said Lucky and Flo would start work alongside Malaysian officials on Wednesday, despite feeling the heat after moving from temperatures of 3 degrees Celsius (37.4 F) in Britain to 36 degrees Celsius (96.8 F) in Malaysia. "They have a very thick coat for the cold weather at home," he said. "The longer they stay here, the thinner that will get." From rforno at infowarrior.org Tue Mar 13 15:48:26 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Mar 2007 10:48:26 -0500 Subject: [Infowarrior] - Viacom in $1 bln copyright suit vs Google, YouTube Message-ID: Viacom in $1 bln copyright suit vs Google, YouTube Tue Mar 13, 2007 9:46am ET31 NEW YORK (Reuters) - Media conglomerate Viacom Inc. said on Tuesday that it was suing Google Inc. and its Internet video-sharing site YouTube for more than $1 billion over unauthorized use of its programming online. The lawsuit, the biggest challenge to date to Google's ambitions to make YouTube into a major vehicle for advertising and entertainment, accuses the Web search leader and its unit of "massive intentional copyright infringement." Viacom filed the suit with the U.S. District Court for the Southern District of New York, seeking more than $1 billion in damages and an injunction against further violations. Viacom contends that almost 160,000 unauthorized clips of its programming have been uploaded onto YouTube's site and viewed more than 1.5 billion times. "YouTube's strategy has been to avoid taking proactive steps to curtail the infringement on its site," Viacom said in a statement. "Their business model, which is based on building traffic and selling advertising off of unlicensed content, is clearly illegal and is in obvious conflict with copyright laws." Viacom said its decision to sue Google followed "a great deal of unproductive negotiation" with the company. Representatives for Google and YouTube were not immediately available. Google shares fell 0.8 percent to $451.12 in early Nasdaq trade. Viacom Class B shares were down 1 percent at $39.15 on the New York Stock Exchange. ? Reuters 2007. All Rights Reserved. http://today.reuters.com/news/articlenews.aspx?type=internetNews&storyid=200 7-03-13T134200Z_01_WEN5351_RTRUKOC_0_US-VIACOM-YOUTUBE.xml&src=rss&rpc=22 From rforno at infowarrior.org Wed Mar 14 00:08:51 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Mar 2007 19:08:51 -0500 Subject: [Infowarrior] - EFF reveals plot to cripple European television Message-ID: EFF reveals plot to cripple European television EFF Paper http://www.eff.org/IP/DVB/dvb_briefing_paper.php BoingBoing Comments http://www.boingboing.net/2007/03/13/eff_reveals_plot_to_.html From rforno at infowarrior.org Wed Mar 14 15:00:31 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Mar 2007 10:00:31 -0500 Subject: [Infowarrior] - FW: digital resistance In-Reply-To: Message-ID: By way of CSL..... -------------------------------------------------------------------------- Dr Stellan Vinthagen, Senior Lecturer School of Global Studies Peace and Development Research Institute G?teborg University Box 700, SE 405 30 G?teborg, Sweden www.padrigu.gu.se and www.globalstudies.gu.se Join the Academic Seminar which will blockade the Faslane nuclear weapon base, Scotland on 27th June (see www.faslane365.org) (Join the mailing list at faslane.academic.block-subscribe at lists.riseup.net) The Resistance Studies Network: Blogg: www.resistancestudies.org Abstract: Understanding "Digital Resistance" (ESA Conference 3-6 Sept 2007) Our paper explore the state of a specific method of resistance: ICT based collective resistance ("digital resistance") and in particular the maturity and description of digital resistance. Of particular interest to this study is the role of technological infrastructure in forming the content and form of acts of resistance. While resistance is distinctive as a challenge which might undermine power, it is manifold and continually invented and one of its forms are, we propose, digital. Even though Internet is a new political arena the development of movement activity has been fast and impressive. Some interpret this as a danger ("cyperterrorism"), others as a promise of a new democratic and interactive future. There is a need for empirically based analysis enabling us to understand the heterogenous expressions of the "digitalisation" of oppositional politics. Some use digital communication as simply a faster and more efficient method, others, with great ICT knowledge, act more skilled than security firms or anti-terrorist agencies. The variation is enormous but the existing empirical knowledge is still shallow. Our analysis develops a typology which describes forms of resistance, enemies, goals and technological strategy among groups. And finally we discuss the added possibilities and limititations with digital resistance. Mathias Klang, Mona Lilja and Stellan Vinthagen From rforno at infowarrior.org Wed Mar 14 19:45:03 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Mar 2007 14:45:03 -0500 Subject: [Infowarrior] - OpenBSD hit by 'critical' IPv6 flaw Message-ID: OpenBSD hit by 'critical' IPv6 flaw By Joris Evers http://news.com.com/OpenBSD+hit+by+critical+IPv6+flaw/2100-1002_3-6167193.ht ml Story last modified Wed Mar 14 11:17:41 PDT 2007 A vulnerability in the way OpenBSD handles IPv6 data packets opens systems running the traditionally secure open-source operating system to serious attack. A memory corruption vulnerability error exists in the OpenBSD code that handles IPv6 packets, Core Security Technologies said in an alert published Tuesday. Exploiting the flaw could let an attacker commandeer a vulnerable system, according to Core, which said it discovered the issue and crafted sample exploit code. "This vulnerability allows attackers to gain complete control of the target system bypassing all the operating system's security mechanisms," Core said in a statement Wednesday. Core deems the issue "critical." Security monitoring company Secunia rates it "highly critical." OpenBSD is one of several operating systems based on the Berkeley Software Distribution, or BSD. The most popular BSD descendents are FreeBSD, PCBSD and NetBSD, with OpenBSD coming in fourth, according to the BSDstats project. OpenBSD is mostly known for its security enhancements and is used for firewalls, intrusion detection systems and other applications. Google is among OpenBSD users and backers. The OpenBSD team likes to tout that only a few remotely exploitable vulnerabilities have been found in the code in a decade. A security update was issued last week to deal with the OpenBSD issue, which affects multiple releases of the operating system. Default installations of OpenBSD are vulnerable as IPv6 is enabled and the system does not filter inbound packets, Core said. IPv6 is the next version of the Internet Protocol designed to support a broader range of IP addresses as the IP version 4 addresses currently in use become more scarce. To exploit the vulnerability an attacker must have the ability to send malicious IPv6 packets to the target system or be on the same network, Symantec said in an alert. The Cupertino, Calif., security company raised its ThreatCon to level 2 because of the issue, which means attacks are expected. As a work-around for users who can not apply the OpenBSD patch or who do not need to process or route IPv6 traffic on their systems, all inbound IPv6 packets can be blocked by using Openness' firewall. From rforno at infowarrior.org Thu Mar 15 01:56:35 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Mar 2007 20:56:35 -0500 Subject: [Infowarrior] - File sharing a threat to children and to national security Message-ID: Notepads, fax machines, and Post-It notes can be used to exfilitrate information that's sensitive to national security too, but you don't see reports talking about those threats --- or, the recognition that accidents and lazyness in how we use/run technology cause much greater potentials for such compromises. *cough* VA laptops *cough* And of course, "protecting the children" can be used as the justification for anything, so in general this report just sounds FUDdy to me.........rf File sharing a threat to children and to national security http://www.shadowmonkey.net/articles/general/uspto-file-sharing-report.html In today's Let's Be A Little Overdramatic file, a newly released report from the U.S. Patent and Trademark Office suggests that networked file and music sharing could harm children and threaten national security. The November, 2006, report, entitled "Filesharing Programs and Technological Features to Induce Users to Share," makes two main points across the span of its 80 pages: * that peer-to-peer networks could manipulate sites so children violate copyright laws more frequently than adults, exposing those children to copyright lawsuits and, in turn, make those who protect their copyrighted material appear antagonistic, and * file-sharing software could be to blame for government workers who expose sensitive data and jeopardize national security after downloading free music on the job Interestingly, the report makes numerous references to RIAA and MPAA legal actions against file-sharing activity, as well as cites a 2005 Department of Homeland Security report that government workers had installed file-sharing programs that accessed classified information without their knowledge. On the national security front, the report's introduction, by Under Secretary of Commerce for Intellectual Property and Director of the USPTO Jon W. Dudas, includes the following: A decade ago, the idea that copyright infringement could become a threat to national security would have seemed implausible. Now, it is a sad reality. Is file sharing a threat to our children? Is it a threat to our national security? Broad claims. Read the report for yourself: PDF version HTML version From rforno at infowarrior.org Thu Mar 15 01:57:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Mar 2007 20:57:29 -0500 Subject: [Infowarrior] - Google adding search privacy protections Message-ID: Google adding search privacy protections By Elinor Mills http://news.com.com/Google+adding+search+privacy+protections/2100-1038_3-616 7333.html Story last modified Wed Mar 14 17:08:15 PDT 2007 Google is changing its data retention practices to make it harder to identify the specific computers used in searches. Google's servers log information every time someone conducts a Web search, keeping data such as the keywords used, the Internet Protocol address or unique number assigned to that person's computer, and information from Web cookies, which are small bits of data exchanged between a server and a Web browser each time the browser accesses the server. Cookies are used to authenticate the user and maintain information such as the user's site preferences. Currently, Google maintains the search data logs indefinitely. Under the new policy announced on Wednesday, which Google expects to have fully implemented by the end of the year, the company will anonymize the final eight bits of the IP address and the cookie data after somewhere between 18 months and 24 months, unless legally required to retain the data for longer. The information on specific searches will remain indefinitely, but it will be much harder to tie the searches to specific individuals or computers. "Logs anonymization does not guarantee that the government will not be able to identify a specific computer or user, but it does add another layer of privacy protection to our users' data," the company said. The policy change will apply to future Web search data as well as archived logs and all copies of the data stored on other servers, Google said. Users will be able to opt out of the practice and request that their search data be maintained indefinitely. Privacy advocates in general said Google's policy change is a step in the right direction but not nearly enough to really protect Web searchers from overzealous law enforcers. Keeping the search histories could enable investigators and governments to get to all sorts of personal information about people, they argue. "I don't think the Google proposal is adequate. This period is too long and it's not in fact data destruction, it's more data de-identification, and that should be happening in 18 to 24 hours, not months," said Marc Rotenberg, executive director of the Electronic Privacy Information Center. "I'm not persuaded that this isn't still a ticking time bomb for Google's search engine." Richard M. Smith, an Internet security and privacy consultant at Boston Software Forensics, said Google should never be archiving the IP address and cookies on servers. "Google should not be in the spy business," he said. "By logging IP addresses and search strings they are running the largest intelligence operation in the world." Anonymizing the last eight bits of the IP address effectively would enable investigators to narrow the IP address down to 256 possible computers or users. That would be similar to obscuring the last digit in someone's street address. "For most average consumers that is pretty much anonymous," because many people connect to the Internet through large companies that dynamically assign IP addresses, making it even harder to determine exactly which person conducted a search, said Ari Schwartz, deputy director for the Center for Democracy and Technology. "It is a risk, but it is better than what we have today." Kevin Bankston, staff attorney at the Electronic Frontier Foundation, said he would like to see Google scrub the entire IP address within six months, but praised Google for making this "positive first step." "We hope other online service providers will heed this example and work to minimize the amount of data they keep about their customers," Bankston said. Yahoo and Microsoft have declined to disclose their exact data retention policies with respect to Web searches. AOL saves personally-identifiable search data for up to 30 days in a way that's visible to the user and uses an encryption hashing technique to obscure it thereafter, said AOL spokesman Andrew Weinstein. "We do not keep any IP addresses in our search database, and we de-identify any associated account information through an encryption algorithm," he said. "We have also made a business decision not to keep any unique identifiers (i.e. the hashed user ID) for longer than 13 months. ..."That said, it still might contain information of a personal nature, as the data released last year clearly did." The risks associated with Web search data were highlighted last August when AOL inadvertently exposed on the Internet the search history of more than 650,000 of its users. The move prompted widespread criticism from privacy advocates and Congress and the filing of a complaint against AOL with the Federal Trade Commission, as well as the firing of two AOL employees and the resignation of its chief technology officer and a class action lawsuit. The lawsuit was later dismissed because AOL's user agreement requires lawsuits filed against it to be filed in its home state of Virginia, said Bankston. Google said it can't anonymize the entire IP address, delete it altogether or anonymize any of it sooner than 18 months because it needs the data to analyze usage patterns and diagnose system problems. For example, Google uses the information for fraud detection and prevention and to combat denial of service attacks that can temporarily cripple or shut down servers. "Knowing what country a user is coming from helps us figure out whether or not we are delivering the right search," said Nicole Wong, deputy general counsel for Google. Why wait 18 to 24 months? The proposed timeframe for retaining the data in identifiable form was chosen because data retention laws in Europe require communications service providers to hold on to the information for that long, according to Wong. If governments in various countries enact legislation to require communications service providers to archive Internet traffic for specific lengths of time including up to four years, as some are considering, Google would then have to abide by the laws, the company said. Law enforcement will still be able to subpoena server log data after it is anonymized, but every request will be considered on its merits and Google's response will depend on how narrow the request is and how relevant the data is to the investigation, Google said. However, EPIC's Rotenberg said two years is that "top end" of the timeframe European governments are seeking for requiring communications service providers retain user data. Google said it is making the changes in response to feedback from privacy activists and others, including the Norwegian Data Protection Authority with which Google executives met in January. A team of Google executives, engineers and lawyers were involved in establishing the new policy, Wong said. Of all the major search engines, Google is the only one to publicly disclose that it has fought government efforts for consumer data. A year ago, Google challenged a subpoena received by the U.S. Department of Justice that ordered Google to hand over a random sample of a week's worth of search terms and one million Web pages from its index to aid in the Bush administration's defense of an Internet pornography law. One month later a federal judge sided mostly with Google and ordered the company to provide half of the amount of Web pages sought but none of the search queries. The new policy would not have affected that situation because the government was not asking for searches tied to individual IP addresses, Wong said. Copyright ?1995-2007 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Thu Mar 15 03:32:40 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Mar 2007 23:32:40 -0400 Subject: [Infowarrior] - House Passes Open-Government Bills Message-ID: House Passes Open-Government Bills By Elizabeth Williamson and Jonathan Weisman Washington Post Staff Writers Thursday, March 15, 2007; Page A17 http://www.washingtonpost.com/wp-dyn/content/article/2007/03/14/AR2007031402 300.html In a bipartisan confrontation with the White House over executive branch secrecy, the House ignored a stern veto threat and overwhelmingly passed a package of open-government bills yesterday that would roll back administration efforts to shield its workings from public view. Even top Republicans supported three bills that would streamline access to records in presidential libraries, expand safeguards for government whistle-blowers, and strengthen the Freedom of Information Act (FOIA), which guides public requests for government documents. All were approved with veto-proof majorities. The White House issued tough statements on all three bills, saying, for example, that the presidential records act was "misguided, and would improperly impinge on the President's constitutional authority, in violation of settled separation of powers principles." The showdown was the latest in a series of efforts by Congress to force accountability from an administration that has been unresponsive to questions from lawmakers and the public about its decision-making. Introduced for government "Sunshine Week," an effort by the American Society of Newspaper Editors and other open-government groups to protest what they consider excessive government secrecy, the bills took on added heat as lawmakers called the White House to account for its role in the firings of U.S. attorneys and the FBI's mishandling of national security letters. "If [Bush] does veto this, we would have a disagreement," said Rep. Dan Burton (R-Ind.). "I feel on this issue there should be openness." Republicans on the House floor offered only tepid opposition to the measures, led by Rep. Michael R. Turner (Ohio), a relatively junior Republican. Turner said he wished that the presidential libraries measure would apply only to former presidents, not sitting ones. He complained that the Freedom of Information bill had been changed between the time it was approved by the House Oversight and Government Reform Committee and the time it reached the House floor in the same kind of "backroom" deal-making Democrats are decrying. But it soon emerged that those changes were made only to ensure that the measure would not cost taxpayers any money, a change Rep. Paul D. Ryan (Wis.), the House Budget Committee's ranking Republican, grudgingly acknowledged. None of the handful of Republicans who did speak against the bill mentioned the White House's veto threats. The White House reaction surprised even some of the bill's sponsors. The White House "was trying to get members to take a closer look, and I think that's a good thing," said Rep. Todd R. Platts (R-Pa.), who co-sponsored the measures. "We're glad to have this issue more closely scrutinized. . . . Anything that results in members looking at more specifics, I think, is good government." The last bill to pass late yesterday was the Whistleblower Protection Enhancement Act, which would for the first time extend whistle-blower protection to government scientists. The Senate Judiciary Committee held hearings yesterday on the Senate version of the bill to amend the FOIA, co-sponsored by committee Chairman Patrick J. Leahy (D-Vt.) and Sen. John Cornyn (R-Tex.). "Ultimately what I'm hoping is that we can begin to change some of the culture here in Washington when it comes to open government and recognize that documents held by government officials are presumptively open records," Cornyn said this week. "I can't think of anything more important than more transparency and more openness in the operation of government. "Information shouldn't be squirreled away and hidden." From rforno at infowarrior.org Thu Mar 15 13:59:45 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Mar 2007 09:59:45 -0400 Subject: [Infowarrior] - Chertoff warns of Web of terrorism Message-ID: Chertoff warns of Web of terrorism By Audrey Hudson THE WASHINGTON TIMES Published March 15, 2007 http://washingtontimes.com/functions/print.php?StoryID=20070314-110450-2830r Radical Islamists are using the Internet to recruit homegrown terrorists in the U.S., Homeland Security Secretary Michael Chertoff told a Senate panel yesterday. "I don't think it's necessary to send radical recruiters into the United States, and I think there's a risk to doing that," Mr. Chertoff told the Senate Homeland Security and Government Affairs Committee. "But I have no question about the fact that [Osama] bin Laden and [Ayman al-Zawahiri] and others like them quite consciously use the media, including the Internet, as a recruiting tool," Mr. Chertoff said. "In terms of recruiting, I would say that the principal way to enter the U.S. is through the Internet." The committee yesterday expanded its investigation into the radicalization of inmates in U.S. prisons to include Internet and other media recruitment and the threat of growing Islamic radicalism in the U.S. "The department's own Homeland Security Advisory Council in a recent report called radical Islam the most significant terrorist threat to the homeland today, said that it is spreading, and predicted that the number and magnitude of attacks on the United States will increase," said Sen. Joe Lieberman, Connecticut independent and committee chairman. "Assuming for a moment that there is some validity to the notion that there is a growing divide occurring here, one possible cause clearly is the use of the Internet to promote the terrorists' dark age and hateful vision. It gives their multimedia campaigns of alienation and violence a global reach, including right into American homes and offices," Mr. Lieberman said. "We all want to make sure that our imaginations do not fail us again as we counter the possibility of this new threat of Islamist extremist and terrorist groups within our own country," Mr. Lieberman said. The committee is examining what Mr. Lieberman called "extremist propaganda" on the Internet and other "nodes" where radicalization may be occurring, including universities and mosques. "We do know that universities and madrassas can be sites for radicalization," Mr. Chertoff said. Mr. Chertoff said the solution to reducing recruitment is to involve the local and ethnic communities rather than "monitoring people's religious activities." "I'm not advocating a heavy federal footprint on this," Mr. Chertoff said. Rep. Bill Shuster, Pennsylvania Republican, last week introduced legislation to urge video-trading Web sites like YouTube.com to remove jihad propaganda videos, calling such sites "a new battleground on the Internet." Mr. Shuster says the sites support terrorist fundraising and help distribute propaganda, as well as recruit and train future terrorists. "I doubt that the American public in World War II would have accepted the major media outlets of the time distributing Nazi propaganda at face value," Mr. Shuster said. "Times have changed, media has evolved, but the fact remains -- terrorists hope their supporters see these videos and are encouraged to attack Western interests." "These videos aid the enemy, and they must be confronted," Mr. Shuster said. Sen. Susan Collins, Maine Republican and ranking member of the panel, initiated the committee investigation as the chairman last year with the focus on prisons, and said they have unearthed "examples of radical recruiters, where radical imams were going into the prisons and trying to convert and radicalize." Mr. Chertoff agreed and said, "The presence of a radical imam is probably more dangerous because it's a more dynamic recruiting environment." From rforno at infowarrior.org Thu Mar 15 17:27:26 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Mar 2007 13:27:26 -0400 Subject: [Infowarrior] - NOTACON 4 announcement Message-ID: 42 Days 22h 33m 15s Until Notacon 4! http://www.notacon.org/ NOTACON, an annual conference held in Cleveland, Ohio, explores and showcases technologies, philosophy and creativity often overlooked at other "hacker cons". Our desire is not to supplant other events, but complement them and strike a balance that has gone unnoticed in our community for far too long. With each new year we build upon the successes and knowledge of the previous years. Our goal is to enlighten, educate, and entertain attendees, presenters, and staff alike. We try to do this by finding new ways to apply technology to graphics, art, music, or social interaction. Notacon espouses an ethos of exploration, participation and positive contributions. Hence, while some of the material we may cover is controversial or potentially "black hat" in nature, we feel it is important to bring light to all topics so that everyone can learn from the experience and create something good, fun or interesting from it. Events during Notacon run from Friday morning through Sunday afternoon. These include over 40 presentations, contests such as "Anything but Ethernet", game shows, prize giveaways and a whole lot of who-knows-what. Anything can happen, and usually does. Feel free to get involved in our community now by exploring our getting involved section. Also, please join our forums, mailing lists, IRC server, and other online communities. Feel free to check out our archives (2004, 2005, 2006) from previous years as well. http://www.notacon.org/ From rforno at infowarrior.org Thu Mar 15 17:44:39 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Mar 2007 13:44:39 -0400 Subject: [Infowarrior] - AP: 1M archived pages removed post-9/11 Message-ID: AP: 1M archived pages removed post-9/11 Posted 1d 20h ago | Comment | Recommend 1 E-mail | Save | Print | Subscribe to stories like this By Frank Bass and Randy Herschaft, Associated Press http://www.usatoday.com/news/washington/2007-03-13-archives_N.htm More than 1 million pages of historical government documents ? a stack taller than the U.S. Capitol ? have been removed from public view since the September 2001 terror attacks, according to records obtained by the Associated Press. Some of the papers are more than a century old. In some cases, entire file boxes were removed without significant review because the government's central record-keeping agency, the National Archives and Records Administration, did not have time for a more thorough audit. "We just felt we couldn't take the time and didn't always have the expertise," said Steve Tilley, who oversaw the program. Archives officials are still screening records, but the number of files pulled recently has declined dramatically, he said. The records administration began removing materials under its "records of concern" program, launched in November 2001 after the Justice Department instructed agencies to be more guarded in releasing government papers. The agency has removed about 1.1 million pages, according to partially redacted monthly progress reports reviewed by the AP. The reports were obtained under the Freedom of Information Act. The pulled records include the presumably dangerous, such as nearly half an enormous database from the Federal Emergency Management Agency with information about all federal facilities. But they also include the presumably useless, such as part of a collection about the Lower Colorado River Authority that includes 114-year-old papers. FIND MORE STORIES IN: Archives | Freedom of Information | National Archives and Records Administration About 80 cubic feet of naval facility plans and blueprints ? on microfilm, about 200,000 pages ? were withdrawn since the agency said it didn't have time to go through each individual document. In all, archivists identified as many as 625 million pages that could have been affected under the security program. In their haste to remove potentially harmful documents from view, archives officials acknowledged many records were withdrawn that should be available. The public can still request to see parts of withdrawn documents under the Freedom of Information Act and may in some cases be allowed to see whole files that were removed. The archives program comes less than one year after the records administration came under fire for allowing public documents to be reclassified as secret under a separate program. After the September 2001 attacks, the records administration signed a secret deal with the Pentagon and CIA to review and permit the removal of tens of thousands of pages from public view that intelligence officials believed had been declassified too hastily. In the aftermath of disclosures about that program, archives officials promised they would not enter into any more secret agreements with federal agencies, would publicize withdrawals and would establish procedures for reclassifying documents. A subsequent audit of the disputed program found one of every three sampled documents should not have been reclassified. The newer program, however, has been operated wholly by archives officials, and its scope apparently dwarfs the removal of CIA and Pentagon records. In a memo to employees, then-Archivist of the United States John Carlin said the records of concern program would "reduce the risk of providing access to materials that might support terrorists." A later memo explained that "relatively current, accurate and detailed information on a structure, organization or facility that is crucial to protecting national defense, the country's infrastructure, symbolic monuments and personal identity are records of concern." The archives initially targeted six categories of documents for review, but the list was expanded to include 10 categories in early 2002: ? Plans, photos or maps of government facilities or other sensitive infrastructure ? Emergency action, civil defense and continuity of government information ? Nuclear technology materials ? Weapons technology information, including biological and chemical agents ? Presidential protection records ? Materials relating to intelligence gathering and studies ? Studies on terrorism and counterterrorism ? Information on natural resources, such as oil, uranium and water ? Material that could be potentially useful to terrorists ? Materials relating to the Middle East with information on potentially current topics The director of an online coalition for freedom of information issues, Patrice McDermott of OpenTheGovernment.org, urged officials to create a public registry of withdrawn documents. She said officials should work toward releasing more than 400 million pages of backlogged files rather than removing smaller numbers of papers. "This is a questionable use of tax dollars," McDermott said. Other researchers said the project, while well-intentioned, reinforces a culture of secrecy that became more pronounced after the September 2001 terror attacks. "You want government to be vigilant when it comes to security, but you also want them to behave responsibly," said Steven Aftergood, who runs the government secrecy project for the Washington-based Federation of American Scientists. "You can't have a situation where secrecy becomes the default mode." Many of the removed records might be useful to terrorists, according to the AP's review. Archivists removed records from the U.S. Surgeon General's Preventive Medicine Division, which studied biological weapons created between 1941 and 1947. Other records withdrawn don't appear to be useful to terrorists. Archivists removed information from a 1960 Bureau of Indian Affairs report on enrollments in the Alaska's Tlingit and Haida tribes because it included Social Security numbers, which could be used for identity theft. A 1960 map of the Melton Hill Reservoir in east Tennessee ? now perhaps best-known as a spring training site for collegiate rowing teams around the eastern United States ? was removed from view, as were 1967 architectural drawings for the Lyndon B. Johnson Presidential Library in Austin, Texas. In e-mails and memos obtained by the AP, archives employees made it clear they were trying to minimize the number and scope of removals. In an internal e-mail, the No. 2 Archives official expressed satisfaction at finding fewer and fewer papers that should be removed. "All quiet on records of concern front," wrote Lewis Bellardo. "Just the way we like it." Archives officials generally have received passing marks from secrecy experts who have been aware of the program, said Tom Blanton, director of the National Security Archive, a George Washington University-based research institute. But Blanton also said the effort appears to be a case of misplaced priorities. "Government's first instinct is to hide vulnerabilities, not to fix them," said Blanton. "And that doesn't make us safer." Copyright 2007 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Thu Mar 15 17:45:47 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Mar 2007 13:45:47 -0400 Subject: [Infowarrior] - AP: FOIA Quiz Message-ID: http://hosted.ap.org/specials/interactives/wdc/foia_quiz/index.html From rforno at infowarrior.org Fri Mar 16 03:51:12 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Mar 2007 23:51:12 -0400 Subject: [Infowarrior] - Viacom = Copyright Hypocrite Message-ID: (file this in the "ya think?" department) Apparently Viacom's position on copyright infringement is that their corporate copyrights are more important than your personal copyrights, and if you get mistakenly-caught-up in their current DMCA dragnet, you don't matter. No word yet on what, if any, restitution or apology is forthcoming from Viacom's hypocritical take on copyright protections. I'm not holding my breath. -rf http://www.law.com/jsp/article.jsp?id=1173776610683 > Videos Pulled From Web Sites Draw Suits > > Amanda Bronstad > The National Law Journal > March 14, 2007 > > The creators of videos that have been improperly removed by YouTube and other > Internet service providers after allegations of copyright violations are > fighting back with a new breed of lawsuits. < snip > > Viacom, which owns MTV Networks and Nickelodeon Networks, asked YouTube to > remove videos that depicted clips of its copyrighted shows and movies. > > Don Verrilli, a partner in the Washington, D.C., office of Chicago's Jenner & > Block and outside counsel to Viacom, acknowledged that about 60 of the videos > were mistakenly identified as infringing material, but said that most of the > videos taken down were copyright-protected and properly removed. From rforno at infowarrior.org Fri Mar 16 04:00:06 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Mar 2007 00:00:06 -0400 Subject: [Infowarrior] - CEBIT - DSL gateways will mark video to catch pirates Message-ID: CEBIT - DSL gateways will mark video to catch pirates advertisement Peter Sayer, IDG News Service 16/03/2007 08:30:33 http://www.pcworld.idg.com.au/index.php/id;1722391352 Another role could soon be added to the many already performed by home gateway devices: identifying video pirates. Home gateway manufacturer Thomson SA plans to incorporate video watermarking technology, which it also developed, into future set- top boxes and other video devices. The watermarks, unique to each device, will make it possible for investigators to identify the source of pirated videos. By letting consumers know the watermarks are there, even if they can't see them, Thomson hopes to discourage piracy without putting up obstacles to activities widely considered fair use, such as copying video for use on another device in the home or while traveling to work. "The idea is to slow down piracy without limiting the use of the consumer. They should not be upset about this unless they are widely redistributing content," said Pascal Marie, responsible for strategic marketing at the company's content security division. Thomson developed the technology, NexGuard, to identify individual copies of the films distributed digitally to cinemas or on DVD as preview copies for reviewers and awards juries. In the past, pirated copies of films available over the Internet or in street markets have been traced back to such sources. Now, the availability of high-definition video-on-demand services is multiplying the points at which high-quality video can be pirated. Thomson's plan is to watermark video with a unique code before it leaves the home gateway or set-top box (STB). To do that, it is working with semiconductor manufacturer STMicroelectronics to incorporate NexGuard into digital video chips. STMicro has already incorporated NexGuard into its 7100 series of chips for STBs. NexGuard can mark video encoded in MPEG-2, MPEG-4 AVC (H.264) and VC-1 formats. At Cebit in Hanover, Germany, this week, Thomson is demonstrating how the chips might be used, and at the National Association of Broadcasters show in Las Vegas next month, it will show prototype STBs incorporating the technology. Also next month, the company will unveil system capable of directly watermarking content produced with Windows Media Video 9 codecs, Marie said. "We are able to process directly this format without the need to decode it, watermark it and re-encode it." Thomson sells its gateways and STBs to network operators -- one of its biggest customers is Orange, the Internet access subsidiary of France Telecom, which packages the devices as the LiveBox, an all-in-one terminal for telephony, television, Wi-Fi and Internet access. Thomson will apply the watermarking at two levels, Marie said. One watermark will identify the network operator distributing the content, while a second, carrying 40 bits of information, will identify the individual device, he said. The watermarks are robust, Marie said. Films projected digitally and captured by a camcorder can still be traced, although "we need a longer period of detection to identify it," he said. Clips recorded directly from an STB, re-encoded at a lower bit rate and then posted to an online video sharing service might be identifiable after just a few seconds, he said. From rforno at infowarrior.org Fri Mar 16 04:01:03 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Mar 2007 00:01:03 -0400 Subject: [Infowarrior] - RIAA Ordered To Turn Over Its Attorneys Billing Records in Capitol v. Foster Message-ID: RIAA Ordered To Turn Over Its Attorneys Billing Records in Capitol v. Foster The RIAA has been ordered to turn over its attorneys' billing records in Capitol v. Foster by March 26, 2007. The order requires the RIAA to produce the attorneys' time sheets, billing statements, billing records, and costs and expense records. The Court reviewed authorities holding that an opponent's attorneys fees are a relevant factor in determining the reasonableness of attorneys fees, quoting a United States Supreme Court case which held that "a party cannot litigate tenaciously and then be heard to complain about the time necessarily spent by his opponent in response" (footnote 11). http://recordingindustryvspeople.blogspot.com/2007/03/riaa-ordered-to-turn-o ver-its-attorneys.html From rforno at infowarrior.org Fri Mar 16 04:04:40 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Mar 2007 00:04:40 -0400 Subject: [Infowarrior] - DOJ PATRIOT Act Apologist Site Didn't Get the Memo Message-ID: PATRIOT Act Apologist Site Didn't Get the Memo http://www.eff.org/deeplinks/ Last week, the Department of Justice Inspector General's office released a damning report documenting the FBI abusing its powers under the PATRIOT Act and violating the law to collect Americans' telephone, Internet, financial, credit, and other personal records about Americans without judicial approval. It appears that not everyone at the DOJ got the memo. The DOJ's Life and Liberty website, a site dedicated to defending the honor of the PATRIOT Act during the re-authorization process last spring, still reads as if nothing has changed. Particularly in the light of the newly revealed truth, many of the quotes now seem (at best) naive. Under the headline of "Examining the Facts", the DOJ asserts that PATRIOT has "four-year track record with no verified civil liberties abuses." The site quotes an op-ed by former House Judiciary Committee Chairman James Sensenbrenner: Zero. That's the number of substantiated USA PATRIOT Act civil liberties violations. Extensive congressional oversight found no violations. Six reports by the Justice Department's independent Inspector General, who is required to solicit and investigate any allegations of abuse, found no violations. Wow, that sure sounds good. Unfortunately, the new report reveals that is is simply not true: the inspector general identifies dozens of instances in which extra-judicial demands for personal information -- known as National Security Letters -- may have violated laws and agency regulations. In the Archive section, the site includes quotes from an op-ed by Senator Pat Roberts responding to critics like ourselves: I regret to say it, but the rhetoric of those opposed to permanently authorizing the act has no substance and borders on paranoia. Opponents have criticized the act for years but can cite only hypothetical abuses. Facts are stubborn things. The actual record is quite clear - there have been no substantiated allegations of abuse of Patriot Act authorities, period. Critics could only point to hypothetical abuses because the fox was guarding the hen house. Senator Roberts also opined that: Through aggressive congressional oversight, we know the FBI uses Patriot Act authorities within the law. It's now clearer than ever that the oversight was not aggressive enough, with the report documenting that the FBI decieved Congress about its use of the letters. The report is likely only the tip of the iceberg. Immediate and thorough oversight hearings are necessary to uncover the truth and hold the Administration accountable. From rforno at infowarrior.org Fri Mar 16 04:08:44 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Mar 2007 00:08:44 -0400 Subject: [Infowarrior] - Democrats Give FCC Ultimatum Message-ID: Democrats Give FCC Ultimatum By Ira Teinowitz http://tvweek.com/news.cms?newsId=11718 The Federal Communications Commission drew an ultimatum from the House Energy and Commerce Committee telecom panel: Return to your traditional role of consumer protection or else. "When the FCC loses sight of its proper role, consumers suffer," said Rep. John Dingell, D-Mich., told FCC commissioners at a hearing Tuesday. The hearing lasted more than four hours as member after member questioned FCC commissioners. It was the first appearance by all five FCC commissioners at the House oversight panel in more than three years and the first since Democrats took over Congress. The commissioners found themselves quizzed about a smorgasbord of issues, from broadband growth to media ownership. The commission?s reception quickly made clear that the FCC -- like other parts of the government -- would be treated dramatically different under Democrats than it was under Republicans. "We intend to have you appear frequently," said panel chairman Rep. Ed Markey, D-Mass., who also asked why the FCC hadn?t probed whether the Bush administration violated telephone privacy laws when the National Security Agency obtained phone individual phone records. Rep. Dingell unveiled a barrage of attacks and said the meetings could be monthly if the FCC doesn?t change. He questioned whether the FCC had gone too far when, in the name of speeding up cable competition, it sought to limit concessions cities can seek for awarding new cable franchises, suggesting any such limit of cities was up to Congress. He rapped the FCC for taking too long to finish two payola probes?one of radio station payments by music companies for airplay and the other of government payments to conservative commentator Armstrong Williams to promote President Bush?s "No child left behind" initiative. Rep. Dingell also complained that the FCC regularly announced approval of items on its plate months before detailing exactly what it approved. "I find regulating by press release a curious way to interpret the Administrative Procedures Act." Finally, he attacked the FCC for not protecting the public interest.Other Democrats questioned the FCC?s commitment to boosting the number of broadcasting licenses held by women and minorities.Republicans defended the FCC?s direction and some suggested a need to further ease media ownership rules to help smaller stations.FCC chairman Kevin J. Martin and the FCC commissioners defended their decisions at the hearing, but mostly offered to provide additional information. (Editor: Horowitz) E-mail to a Friend From rforno at infowarrior.org Fri Mar 16 12:36:19 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Mar 2007 08:36:19 -0400 Subject: [Infowarrior] - Can a Rootkit Be Certified for Vista? Message-ID: Can a Rootkit Be Certified for Vista? March 15, 2007 By Lisa Vaas NEW YORK?Forget what Microsoft says about Vista being the most secure version of Windows yet. More to the point, what do the hackers think of it? In a nutshell, they think it's an improvement, but at the end of the day, it's just like everything else they dissect?that is, breakable. "Not all bugs are being detected by Vista," pointed out famed hacker H.D. Moore. "Look at how a hacker gets access to the driver: Right now I'm working on Microsoft's automated process to get Metasploit-certified. It [only] costs $500." Moore is the founder of the Metasploit Project and a core developer of the Metasploit Framework?the leading open-source exploit development platform?and is also director of security research at BreakingPoint Systems. The irony of his statement lies in the idea that Vista trusts Microsoft-certified programs?programs that can include a hacker exploit platform that walks through the front door for a mere $500 and a conveyor-belt approval process. Moore was one of a handful of white-hat hackers in the audience of a session on Vista security here at Ziff Davis Enterprise's 2007 Security Summit on March 14. The session, titled "Vista: How Secure Are We?," was presented by David Tan, co-founder and chief technology officer at CHIPS Computer Consulting. By Moore's side were equally prestigious hackers Joanna Rutkowska?security researcher at COSEINC?and Jon "Johnny Cache" Ellch, author of "Hacking Exposed Wireless." < - > http://www.eweek.com/print_article2/0,1217,a=203243,00.asp From rforno at infowarrior.org Fri Mar 16 12:41:09 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Mar 2007 08:41:09 -0400 Subject: [Infowarrior] - U.S. Warns of Long Delays For Passports Message-ID: Wonderful news. In the name of protecting the homeland by forcing everyone to have passports (even for daytrips to CDA/MXO) now, citizens will suffer delays in travel because of poor planning on the government's part in the first place. -rf U.S. Warns of Long Delays For Passports By Matthew Lee Associated Press Friday, March 16, 2007; A03 http://www.washingtonpost.com/wp-dyn/content/article/2007/03/15/AR2007031501 827_pf.html Overwhelmed by unprecedented demand, the State Department is warning would-be travelers to brace for lengthy delays in getting U.S. passports, even when they pay a hefty fee to speed their applications. The department has hired hundreds of employees to process passport requests over the past two years as tougher immigration rules have taken effect. Even so, the department says a crush of new applicants -- more than 1 million a month -- has inundated its staff and caused delays of up to 1 1/2 months amid the peak January-to-April season when many people are preparing to travel over the spring and summer. In addition, a regulation that took effect this year requiring Americans to have passports when traveling by air anywhere outside the country, including Canada, Mexico and the Caribbean, "has increased passport demand and production to record levels," the department said in a statement this week. Applications received between October and March have risen 44 percent over the same period in 2005-2006, the department said in a notice sent to lawmakers yesterday. Some members of Congress have received complaints from constituents about delays. According to the notice, routine passport processing could take 10 weeks instead of the previous six, and expedited processing could take four weeks instead of two weeks. About 12 million passport applications were processed in 2006 and as many as 17 million are expected this year, the department said. For adults getting their first passport, the routine processing fee is $97, with an additional $60 charge for expedited service. Passport renewals for adults cost $67, with the same fee for expediting. The department said that by the end of 2008 it plans to have hired 400 passport adjudicators since 2004. The agency's 16 production facilities are also working overtime, including 24 hours a day in three shifts at the National Passport Center in New Hampshire. A new center capable of making as many as 10 million passports a year is to open in Arkansas in April, it said. About 74 million Americans have valid U.S. passports. From rforno at infowarrior.org Fri Mar 16 19:31:40 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Mar 2007 15:31:40 -0400 Subject: [Infowarrior] - ISPs selling clickstreams? In-Reply-To: Message-ID: (c/o IP) At the Open Data 2007 conference in New York today, David Cancel, the CEO of Compete Inc. revealed that ISPs happily sell clickstream data -- and that it's a big business. They don't sell your name -- just your clicks -- but the clicks are tied to you as a specific user (User 1, User 2, etc.). < - > http://internet.seekingalpha.com/article/29449 From rforno at infowarrior.org Fri Mar 16 20:02:00 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Mar 2007 16:02:00 -0400 Subject: [Infowarrior] - IBM researchers take on video surveillance privacy Message-ID: IBM researchers take on video surveillance privacy http://news.yahoo.com/s/infoworld/20070316/tc_infoworld/86924 James Niccolai 2 hours, 1 minute ago San Francisco (IDGNS) - Researchers at IBM Corp. are trying to address privacy concerns about video surveillance systems, part of a broader effort by IBM to build a new business in the fast-growing surveillance market. Concerns about security in cities, airports and other public places are causing a proliferation of video surveillance systems, but the increase has heightened concerns about privacy among regulators and the general public. IBM hopes to alleviate the concerns with technology that can pick out faces in a video frame and automatically blur them, so that people's images -- and therefore their movements -- are not recorded, said Joachim Stark, director of digital video surveillance with IBM's global services group. An obvious hurdle is identifying the potential suspects from innocent bystanders. Investigators often review closed-circuit video footage after a crime is committed, and blurring faces would defeat much of the point of doing surveillance. One solution is to find ways to identify suspects automatically so that only their faces are left unblurred. Video analytics software can already trigger an alert when a person leaves an object of a certain size on a station platform, for example, and walks off. After spotting such a behavior, a surveillance system could "rewind" the action in Tivo-like fashion and unblur a suspect's face from the moment the person enters the frame, Stark said. Another option is to blur all the faces when the video is recorded, but allow investigators with the right access permissions to unmask them at a later date. None of the solutions are perfect, and Stark said it's likely to be a few years before the blurring technology, being developed at IBM's T.J. Watson Research Center in New York, is ready for commercial use. Another hurdle is being able to identify and blur faces in real time. A prototype was demonstrated at the Cebit trade show in Hanover, Germany. In the meantime IBM has an array of software and services to pursue its video surveillance push, which began late last year and is aimed at the retail, banking and public sectors. It calls the products its Smart Surveillance System. It's a newcomer to the market, and will compete with established players like Vidient Inc., ObjectVideo Inc., and others. The video surveillance market is growing at around 15 percent annually, Stark said. IBM hopes to distinguish itself with its database and middleware technologies, which can help store and analyze the vast quantities of video data. Surveillance technologies have already come a long way. IBM's analytics software records metadata, or information about the data in a video, such as colors and the size of objects in a frame. If a witness reports seeing some on a red sweater acting suspiciously, investigators can search for "red" in the surveillance software and pull up the relevant images. Such systems can generate vast amounts of data, however, and IBM is looking at compression technologies to reduce the volume. From rforno at infowarrior.org Sat Mar 17 03:15:25 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Mar 2007 23:15:25 -0400 Subject: [Infowarrior] - Aaah! They're Coming! (FBI: Extremists seek school bus work) Message-ID: Okay, folks --- I guess next week is going to be a bad news week, so it's time to trot out the FEAR card to scare the populace again and drown out any embarassing news that might break! -rf FBI: Extremists seek school bus work By LARA JAKES JORDAN, Associated Press Writer Fri Mar 16, 7:07 PM ET http://news.yahoo.com/s/ap/20070316/ap_on_re_us/school_bus_extremists&printe r=1;_ylt=Atwtg5rdYXw_lusn3ea17Q5H2ocA Suspected members of extremist groups have signed up as school bus drivers in the United States, counterterror officials said Friday, in a cautionary bulletin to police. An FBI spokesman said, "Parents and children have nothing to fear." Asked about the alert notice, the FBI's Rich Kolko said, "There are no threats, no plots and no history leading us to believe there is any reason for concern," although law enforcement agencies around the country were asked to watch out for kids' safety. The bulletin, parts of which were read to The Associated Press, did not say how often foreign extremists have sought to acquire licenses to drive school buses, or where. It was sent Friday as part of what officials said was a routine FBI and Homeland Security Department advisory to local law enforcement. It noted "recent suspicious activity" by foreigners who either drive school buses or are licensed to drive them, according to a counterterror official. Foreigners under recent investigation include "some with ties to extremist groups" who have been able to "purchase buses and acquire licenses," the bulletin says. But Homeland Security and the FBI "have no information indicating these individuals are involved in a terrorist plot against the homeland," it says. The memo also notes: "Most attempts by foreign nationals in the United States to acquire school bus licenses to drive them are legitimate." Kolko said the bulletin was sent merely as an educational tool to help local police identify and respond to any suspicious activity. One counterterror official, who spoke on condition of anonymity because of the sensitivity of the issue, said the government felt it was likely that the foreigners investigated were merely employed as bus drivers, and did not intend to use them as part of any terror plot. A second official said the government felt it prudent that the backgrounds of all those who come in contact with school children be checked. Homeland Security spokesman Russ Knocke said the government has no credible information to suggest terrorists are "involved in buying school buses or seeking licenses to drive them." He said there was no indication of any immediate threat to the country. ___ From rforno at infowarrior.org Sat Mar 17 03:18:39 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Mar 2007 23:18:39 -0400 Subject: [Infowarrior] - Homeland Security team to focus on U.S. Terrorists Message-ID: Homeland Security team to focus on U.S. terrorists By Mimi Hall, USA TODAY WASHINGTON ? The Homeland Security Department said Wednesday it has created a unit to combat the threat posed by "homegrown terrorists" ? citizens or legal residents who plot attacks from inside the nation's borders. "This phenomenon presents a real and serious challenge to our nation," Homeland Security Secretary Michael Chertoff told a Senate panel. Chertoff emphasized that violent extremists "represent a small, fringe element within the American Muslim community" and that members of that community have been "outspoken in their opposition to terrorist violence." He noted that the last major attack by homegrown terrorists was the Oklahoma City bombing of 1995. Homeland's Chief Intelligence Officer Charles Allen's new unit will address all forms of extremist activity but will focus mainly on the threat from radicalized Muslims. The group has met with officials in 18 cities from Albany, N.Y., to Sacramento to get a handle on the problem. Allen said members have found that: ?Radicalization is a growing problem in prisons and at universities. Impressionable students are particularly susceptible to charismatic leaders aiming to "instill a brand of extreme ideology." ?There are groups in the USA that serve as "gateways" for radicalization. ?Extremists "manipulate social situations to create perceptions of victimization" and then provoke police or political responses that can be used as propaganda. Senate Homeland Security Committee Chairman Joe Lieberman, I-Conn., said Europe has a bigger problem with homegrown terrorists. The London and Madrid train bombings were carried out by citizens or longtime residents. Sen. Susan Collins, R-Maine, the top Republican on the committee, said the government's efforts to secure the nation's borders and screen airline passengers help keep out foreign terrorists but don't protect against the rise of terrorist cells. Chertoff said some Muslim groups are working with his office to combat radicalization. Jenn Kauffman of the Arab American Institute said her group looks forward to working with Homeland Security. Salam Al-Marayati, executive director of the Muslim Public Affairs Council, said the USA does not have the extremism seen in Muslim communities elsewhere. "It's the Muslim community's role to eliminate violent extremism, which is what it is doing," he said. Find this article at: http://www.usatoday.com/news/washington/2007-03-14-homegrown_N.htm?POE=NEWIS VA From rforno at infowarrior.org Sat Mar 17 03:22:36 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Mar 2007 23:22:36 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?Cingular=2C_Qwest_blocking_=8C_Fre?= =?iso-8859-1?q?e_=B9_Calls?= Message-ID: Cingular, Qwest blocking ?Free? Calls Written by Paul Kapustka Thursday, March 15, 2007 at 10:35 AM PT | 16 comments http://gigaom.com/2007/03/15/cingular-qwest-blocking-free-calls/ Looks like the empire is finding new ways to fight back ? according to FreeConference.com, another rural-ISP free-calling operator, major carriers Cingular, Qwest and Sprint are actively blocking users trying to call FreeConference.com, claiming it might be a violation of those carriers? acceptable use policies. FreeConference.com, which offers ?free? conference calls for the price of a long-distance call to numbers in Iowa or Minnesota, sent an email to its users saying that Cingular (aka AT&T Wireless) started blocking calls to FreeConference.com on March 9, with Qwest and Sprint following suit soon thereafter. FreeConference.com CEO Alex Cory told us in an email exchange today that the company ?did not get prior notice [about the blocking], nor have our or our customers? repeated attempts to get reasonable explanations gotten anywhere.? UPDATE: An AT&T spokesperson confirmed the company is blocking the calls. While the blocking doesn?t seem to be a blanket move ? we were able to get through to FreeConference.com this morning using a Cingular handset in California ? Cory says that any blocking, even limited blocking, ?is unacceptable.? Langauge from a Cingular user forum shows why Cingular may believe it is right to block such services: We may block access to certain categories of numbers (e.g. 976, 900 and certain international destinations) or certain web sites if, in our sole discretion, we are experiencing excessive billing, collection, fraud problems or other misuse of our network. AT&T spokesperson Mark Siegel said the company is blocking ?certain numbers? for conferecing services, including FreeConferece.com?s, an action it feels appropriate under its wireless terms of service agreements. AT&T?s wireless service, he said, is for calls ?between one person and another person, not between one person and many.? Cory, who says that FreeConference.com?s regulatory-fee arbitrage compensation structure isn?t on the same level as the free international calling plans (he claims all FreeConference.com?s calls are actually terminated in the local area where they are connected), doesn?t agree with Cingular?s take but will not comment much further ? ?We believe they are violating [regulations], but it is probably best to leave this to the lawyers.? Theoretically, AT&T could be on the hook for multiple call-termination charges for the conference calls, since each participant in the conference could count as another termination ? so it?s pretty clear why they might try to use any method at their disposal to discourge such operations. Typically, long-distance or cellular providers pay local telcos a termination fee for each call that is completed. In rural areas where regional telcos have higher-than-usual termination fees, telcos and free-calling concerns have partnered to build businesses where some amount of profit is based on the spread between what the call-completion costs and what they charge the long-distance provider. Additional reporting by Katie Fehrenbacher. From rforno at infowarrior.org Sat Mar 17 16:06:03 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 Mar 2007 12:06:03 -0400 Subject: [Infowarrior] - Termination of RegisterFly.com Registrar Accreditation Message-ID: http://www.icann.org/announcements/announcement-2-16mar07.htm 16 March 2007 ICANN today issued a formal notice of termination of RegisterFly.com's Registration Accreditation Agreement (RAA). ICANN has issued a letter to RegisterFly [PDF, 902K] indicating that it will cease operating as an ICANN-Accredited Registrar on March 31, 2007. Under the terms of the Registrar Accreditation Agreement (RAA), ICANN must provide 15 days written notice to RegisterFly of its intention to terminate. Effective immediately ICANN has terminated RegisterFly's right to use the ICANN Accredited Registrar logo on its website. Between now and 31 March RegisterFly is required to unlock and provide all necessary Authinfo codes to allow domain name transfers to occur. Any and all registrants wishing to transfer away from RegisterFly during this period should be allowed to do so efficiently and expeditiously. "Terminating accreditation is the strongest measure ICANN is able to take against RegisterFly under its powers," Dr. Paul Twomey, President and CEO of ICANN said today. "ICANN has been frustrated and distressed by recent management confusion inside RegisterFly," Dr. Twomey, President said. "I completely understand the greater frustration and enormous difficulty that this has created for registrants." When the Agreement is terminated, ICANN can approve a bulk transfer of all current RegisterFly domain names to another ICANN accredited Registrar. "Of course, RegisterFly does not have to wait till then. They can request ICANN to approve a bulk transfer immediately. I call on RegisterFly to act in the interests of registrants and seek such a transfer from us straight away," Dr. Twomey said. ICANN intends to hold a forum to discuss the reform of the Accreditation policy and process at its Lisbon meeting in a week's time*. A set of questions and points to inform the discussion will be made public prior to the Lisbon meeting. * The Lisbon meeting is one of three meetings held a year by ICANN to meet with global stakeholders. It will take place from 26-30 March 2007. Media Contacts: Jason Keenan Media Adviser ICANN ( USA) Ph: +1 310 818 9072 E: jason.keenan at icann.org International: Andrew Robertson Edelman ( London) Ph: +44 7921 588 770 E: andrew.robertson at edelman.com From rforno at infowarrior.org Sat Mar 17 16:58:34 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 Mar 2007 12:58:34 -0400 Subject: [Infowarrior] - Comments on the RIAA Leadership's Op-Ed on Piracy Message-ID: A few comments that need to be made, feel free to repost far and wide. -rf Explaining the Crackdown on Student Downloading By Mitch Bainwol and Cary Sherman http://insidehighered.com/views/2007/03/15/sherman > Today, virtually no one, particularly technology savvy students, can claim not > to know that the online ?sharing? of copyrighted music, movies, software and > other works is illegal. Memo to Mitch and Cary: I have copyrighted all my articles to claim ownership of them. Yet I freely give permission to distribute them anywhere as long as they're kept intact and credit is given to me -- so the "online sharing of copyrighted materials" is most certainly NOT illegal in such a clear-cut fashion that you claim. You're conflating terms here to sow FUD in the press. Again. Sure, copying a Van Halen song and sending it to the world via P2P is wrong, and I don't condone it. But by going after people doing that through invasive technological or legal restrictions, you preclude me from taking a legitimately-purchased Van Halen song and using it how and when I want to for my own personal enjoyment -- in the car, on my iPod, on my computer, or burned onto a CD for the bedroom clock radio. There's nothing illegal about that, and it doesn't make me a pirate or potential pirate. But greedy rats that you are, you'd rather me purchase multiple incompatible devices or services in order to play the same song in a different venue or format. And yet you act surprised to find out that by treating your customers as criminals, you're seeing fewer of the former and more of the latter. > Yet this is about far more than the size of a particular slice of the pie. No, it's about you trying to own multiple slices. Heck, you want to own the entire pie (digital music) and control the ingredients (music players, software, the Internet, and natonal policy) used both to make the pie and facilitate its enjoyment. (Although with some of the stuff you folks are selling these days, I hope you're going to take charge of the subsequent barfing, too.) > This is about a generation of music fans. College students used to be the > music industry?s best customers. Now, finding a record store still in business > anywhere near a campus is a difficult assignment at best. It?s not just the > loss of current sales that concerns us, but the habits formed in college that > will stay with these students for a lifetime. This is a teachable moment ? an > opportunity to educate these particular students about the importance of music > in their lives and the importance of respecting and valuing music as > intellectual property. Memo to Mitch and Cary: Record stores have been replaced by the Internet, iTunes, and such. Folks want ala carte stuff and if they can get it from their dorm room via iTunes, they'll do that instead of traipse to the record store. It's sad for the record store owners, but it's just the evolution of your industry -- and business/society in general. Tell me again why the iTunes store is seeing dismal sales of legally-purchased music downloads? Oh, right -- you can't. You aging idiots forget that college kids have embraced the Internet as a source for music, and if YOU had embraced this new medium instead of trying to legislate or innovate against it, you'd be riding pretty in the profits right now instead of being one of the most despised industries in the world. By forcing onerous, counterproductive restrictions -- both technical and legal -- on music and customers, and declaring war on future ones through frivilous and sometimes erroneous lawsuits, you've pretty much turned off this new generation to your product and industry. You did this to yourselves and can only blame yourselves for the result. > Yet the vast majority of institutions still have not come to grips with the > need to take appropriate action. Just like how you've still not come to grips with realizing that your Industrial Age business model is on life support and needs to adapt in order to survive? Unless you evolve with the times, the Internet Age will prove exactly how irrelevant you folks and your industry machines really are. Frankly, I think that's what terrifies you the most. You stand on the brink of irrelevance. You reap what you sow. - Rick Infowarrior.org From rforno at infowarrior.org Sun Mar 18 01:44:43 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 Mar 2007 21:44:43 -0400 Subject: [Infowarrior] - Getting your personal information via FOIA Message-ID: It's been 40 years since passage of the mother of all information access laws?the U.S. Freedom of Information Act. Given that March 11 marked the start of America's third annual Sunshine Week? a national effort to cast light onto the growing recesses of government secrecy?U.S. News is again providing links so its readers can file requests for federal records under the FOIA and its sister statute, the Privacy Act. Although the government can be slow in getting back to you, the request process itself is pretty straightforward. < - > http://www.usnews.com/usnews/news/badguys/070313/getting_your_government_fil es.htm From rforno at infowarrior.org Sun Mar 18 01:46:02 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 Mar 2007 21:46:02 -0400 Subject: [Infowarrior] - Hackers promise Month of Myspace Bugs Message-ID: Two hackers, known as Mondo Armando and M?staschio, don?t want to disclose their real names but promise to begin disclosing security vulnerabilities in MySpace, every day in April. "The purpose of the exercise is not so much to expose MySpace as a hive of spam and villainy (since everyone knows that already), but to highlight the monoculture-style danger of extremely popular websites. We could have just as easily gone after Google or Yahoo or MSN or IDG or whatever. MySpace is just more fun, and is becoming notoriously [obnoxious] about responding to security issues," wrote Mondo Armando. The MySpace hackers launched their project late Thursday expressing simultaneous enthusiasm and disdain for the task ahead. They intend to primarily publish cross site scripting bugs, which can allow an attacker to execute malicious script within a victim's browser, but they may also publish bugs that affect browsers or technologies like Flash or QuickTime. Although there are sceptics on what will happen on April Fool?s day, based on the duo?s blog it appears they are serious about the task at hand. Who wants to take bets on the number they?ll find in the first month? http://www.neowin.net/index.php?act=view&id=38874 From rforno at infowarrior.org Sun Mar 18 15:53:55 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Mar 2007 11:53:55 -0400 Subject: [Infowarrior] - Amid Concerns, FBI Lapses Went On Message-ID: Amid Concerns, FBI Lapses Went On Records Collection Brought Internal Questions But Little Scrutiny By R. Jeffrey Smith and John Solomon Washington Post Staff Writers Sunday, March 18, 2007; A01 FBI counterterrorism officials continued to use flawed procedures to obtain thousands of U.S. telephone records during a two-year period when bureau lawyers and managers were expressing escalating concerns about the practice, according to senior FBI and Justice Department officials and documents. FBI lawyers raised the concerns beginning in late October 2004 but did not closely scrutinize the practice until last year, FBI officials acknowledged. They also did not understand the scope of the problem until the Justice Department launched an investigation, FBI officials said. Under pressure to provide a stronger legal footing, counterterrorism agents last year wrote new letters to phone companies demanding the information the bureau already possessed. At least one senior FBI headquarters official -- whom the bureau declined to name -- signed these "national security letters" without including the required proof that the letters were linked to FBI counterterrorism or espionage investigations, an FBI official said. The flawed procedures involved the use of emergency demands for records, called "exigent circumstance" letters, which contained false or undocumented claims. They also included national security letters that were issued without FBI rules being followed. Both types of request were served on three phone companies. < - > http://www.washingtonpost.com/wp-dyn/content/article/2007/03/17/AR2007031701 451_pf.html From rforno at infowarrior.org Sun Mar 18 22:25:10 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Mar 2007 18:25:10 -0400 Subject: [Infowarrior] - Update: To Blog or Not To Blog Message-ID: Within a day of my recent RFI about whether I should start blogging this list, I received 29 messages from list subscribers. Of those, 24 asked (many begged) me NOT to blog, because e-mail is far more convenient. 3 said they'd prefer me not to blog, but would participate if I did start blogging. And only 2 said they'd want me to start blogging. Hence, there's no change away from the current e-mail list distribution planned anytime soon. Frankly, I find e-mail more convenient as well. :) While it may be "my" list, I try to keep it meaningful and useful to its subscribers. So thanks again for the input, feedback, suggestions and many kind words both on this issue and in general over the years....it's not only encouraging but much-appreciated! cheers -rick From rforno at infowarrior.org Sun Mar 18 22:33:53 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Mar 2007 18:33:53 -0400 Subject: [Infowarrior] - Google buys video game ad firm Adscape Message-ID: Google buys video game ad firm Adscape Sunday March 18, 5:36 pm ET http://biz.yahoo.com/rb/070318/google_adscape.html?.v=1 NEW YORK (Reuters) - Google Inc. purchased video game advertising firm Adscape to expand into in-game advertising, the Internet search leader said on its Web site on Friday. Financial details were not furnished. In February, technology site Red Herring reported the value of the expected deal at around $23 million, citing unnamed sources. Video game analysts in February said Google's entrance into the nascent field of advertising inside ever more elaborate video games could give the field a big boost. "As more and more people spend time playing video games, we think we can create opportunities for advertisers to reach their target audiences while maintaining a high quality, engaging user experience," Google said on its site. Microsoft last year paid $200 million to buy in-game ad company Massive Inc., which has secured deals with game publishers UbiSoft Entertainment SA, THQ Inc. and Take-Two Interactive Software Inc. "We think this rich environment is a perfect medium to deliver relevant, targeted advertising that ultimately benefits the user, the video game publisher and the advertiser," Google said. From rforno at infowarrior.org Sun Mar 18 23:10:11 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Mar 2007 19:10:11 -0400 Subject: [Infowarrior] - Should gun data lists be muzzled? Message-ID: (c/o PWR) Should gun data lists be muzzled? First Amendment rights collided with Second Amendment rights in the recent brouhaha. By Laurence Hammack http://www.roanoke.com/news/roanoke/wb/109163 It didn't take long for Sunshine Week to turn stormy. At 9:15 last Sunday morning, just a few hours after The Roanoke Times was dropped on doorsteps and shoved into paper boxes across the region, Scot Shippee fired the first shot in what would become the newspaper's biggest Internet controversy. In an online discussion forum, Shippee blasted the paper for posting on its Web site a database that included the names and addresses of everyone in Virginia licensed to carry a concealed handgun. Shippee wrote that if the newspaper was so committed to public information, it would only be fair for him to publicly list the home address of editorial writer Christian Trejbal. A column by Trejbal that day had urged readers to celebrate Sunshine Week -- a national recognition of the public's right to know -- by using the database to see who in their community was "packing heat." In the furor that followed, irate readers swamped the newspaper with hundreds of calls and e-mails. And Trejbal became the recipient of threats and a suspicious package that drew a state police bomb squad to his Christiansburg home. There was no bomb, only fallout. Even though The Roanoke Times hastily removed the database from its Web site, questions remain: Should people be allowed to know who among them is secretly armed? Or did identifying those who carry concealed handguns invade their privacy and make them targets for criminals? And will this fundamental conflict between advocates of the First and Second amendments be resolved by the General Assembly's restricting public access to gun permit information when it takes up the issue next year? *** The issue of hidden guns and open records is handled differently from state to state. Virginia is one of 17 states that treats information about concealed-handgun permit holders as a public matter, according to the Reporters Committee for Freedom of the Press. In another 18 states, the information is closed from public view. The remaining states have no laws or court decisions that clearly address the question one way or the other. Because laws vary from state to state, direct comparisons are hard to draw from a database of record availability compiled by the committee. In some states the information is open only to police, in one state it's available just to the media, in others the names of permit holders are public but their addresses are not, and in others permit holders can petition the court to keep their information private. In Vermont and Alaska, the issue is moot because people don't need a permit to carry a concealed handgun. In Wisconsin and Illinois, individuals are not allowed to pack a hidden holster, permit or not. One thing does seem clear: A growing number of states -- including Florida, Ohio and South Dakota -- have passed laws in recent years to remove or restrict concealed-weapon information from the public domain. Virginia could be headed in that direction, as the blowup over Trejbal's column has some state lawmakers talking about introducing bills at next year's General Assembly. "The trend has been moving in the direction of protecting people's privacy rights," said Alan Gottlieb of Second Amendment Foundation, a gun rights organization based in Washington state. The catalyst behind that trend is "abusive behavior by the media," said Marion Hammer, executive director of Unified Sportsmen of Florida. Hammer's group pushed for the change in Florida's law last year after an Orlando television station became the latest media outlet to run a database of concealed handgun permit holders. "They made it sound like exercising a constitutional right was something wrong, and they held [gun owners] up to ridicule," Hammer said. While Second Amendment supporters argue that publicizing the names of gun owners violates their privacy and makes them possible targets of crime, some First Amendment advocates say there's a compelling public interest in that information. "I can hear the shocked indignation of gun-toters already: It's nobody's business but mine if I want to pack heat," Trejbal wrote in his column on Sunshine Week, which included a link to the now-defunct database of permit holders. "Au contraire. Because the government handles the permitting, it is everyone's business." Some media experts -- journalism ethics professor Edward Wasserman of Washington and Lee University among them -- have questioned whether a newspaper should publish the information just because it has it. But Lucy Dalglish, executive director of the Reporters Committee for Freedom of the Press, sided with Trejbal. "I think public records are public records" and people should have the right to see them, she said. "I don't know what it is about the gun people. They seem to think they should have all these rights, but they don't want to recognize the rights of the rest of us to know who they are." *** Among the hundreds of comments about Trejbal's column that followed Shippee's initial posting to roanoke.com's message board, there was this one from a woman identified only as "Not Wanted to be found": "I've moved twice to get away from a violent ex. Now I have to move again. I really appreciate you publishing my address. Gee, thanks." It was a common theme that ran through the opposition: Publicizing the names and addresses of 135,000 concealed-gun carriers was more than just a privacy issue; it also enabled criminals to track down their victims and find the best homes to burglarize for guns. Yet no one interviewed for this story -- including a Second Amendment scholar, a state police spokeswoman, the National Rifle Association and three other gun rights groups -- could point to a single incident in which that actually ever happened. The odds seem unlikely to Randell Beck, executive editor of The Argus Leader in South Dakota, which maintains a database of that state's concealed handgun permit holders on its Web site. "I find it very difficult to argue that [publication] in any way may put you on somebody's burglary list," Beck said. "In fact the opposite argument applies: If I'm a burglar looking for a place to steal stuff, and if I know Joe Blow has a handgun, I would be less likely to burglarize his house, knowing that he might shoot me." Andria Harper, director of the First Amendment Foundation, made the same argument when her group fought unsuccessfully against the move to close gun records in Florida. "That's the definition of a dumb criminal," Harper said. "To stalk someone they know has a concealed weapon." Even though NRA spokeswoman Ashley Varner could not cite an incident in which a criminal used concealed-carry data to commit a crime, she said there were "real-life situations" in which potential victims were forced to move after being outed. Said Varner: "I would hope that we don't have to wait for someone to actually be burglarized or raped for someone to say: 'Oh, maybe this is a bad idea.' " *** Not many people noticed, at least not at first, when The Free Lance-Star of Fredericksburg quietly put a database of local concealed handgun permit holders on its Web site in November 2002. But once the Virginia Citizens Defense League found out, the guns rights group quickly mobilized its membership, encouraging them to bombard the newspaper with angry e-mails and phone calls. The organization also dug up the home addresses and other information about the paper's key managers and made it public. "We were flooded" with opposition, said Brian Baer, editor of Fredericksburg.com. The newspaper quickly took the database down and never put it back up. But The Free Lance-Star still publishes information from newly issued concealed handgun permits, which it gathers from local courthouses, on a regular basis. Local news editor Dick Hammerstrom said they might get a complaint every month or so. The same holds true in Danville, where the Register & Bee runs the information in its weekly publication for nonsubscribers. "It hasn't been an issue here at all," news editor Darren Sweeney said. That could soon change, as the controversy in Roanoke has refocused the VCDL's attention on the issue. "They're going to get a pounding on this," the group's president, Philip Van Cleave, said of any newspaper that dares publish the information. VCDL was especially incensed that The Roanoke Times chose to list the exact address of gun owners. The Fredericksburg paper listed just the street names, and in South Dakota only the city or county in which a gun owner lives is made public. While the Argus Leader received about 20 complaints, editor Beck said he would have expected much more flak had the exact addresses been listed. Another reason why outrage peaked in Roanoke might be a line in Trejbal's column in which he noted that Virginia does not take the same pains to list gun owners online as it does for convicted sex offenders. "Concealed handgun permit holders and sex offenders????," wrote one poster, identified only as "vashooter." "Your [sic] a class act, way to abuse the first amendment while trying to strip us of the second." Before a Virginia resident obtains court permission to carry a concealed handgun, he or she must pass a criminal background check and a firearm training course. That should debunk the implication that concealed handgun carriers are an inherent risk to society and need to be monitored, said Nelson Lund, a George Mason University law professor who specializes in gun issues. "Every time anyone has looked into this, they have found extraordinarily low levels of misuse of firearms by concealed-carry holders," Lund said. *** Almost as fast as the concealed handgun database went up on roanoke.com, it was gone. Roanoke Times president and publisher Debbie Meade explained Monday that it was pulled because of concerns that state police, who provided the data at the newspaper's request, might have identified crime victims on the list in violation of a state law. That turned out not to be the case. But the newspaper was in no rush to re-post the data, explaining that it was only intended as a temporary feature to supplement the column on Sunshine Week. Many questions remained unanswered by week's end, including three that were submitted in writing to Meade: Did the newspaper make any mistakes in publishing the database? If yes, what were those mistakes? If no, did the newspaper bow to pressure in deciding not to re-post the data? "We're still responding to the developments from the past several days and have not had time to evaluate all of this yet," Meade responded Friday afternoon in a written statement. "But I can assure you that those discussions will take place." From rforno at infowarrior.org Mon Mar 19 01:30:14 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Mar 2007 21:30:14 -0400 Subject: [Infowarrior] - EU Site to Offer Extreme Weather Data Message-ID: EU Site to Offer Extreme Weather Data Sunday March 18, 9:26 pm ET By William J. Kole, Associated Press Writer http://biz.yahoo.com/ap/070318/eu_extreme_weather.html?.v=5 New Web Site to Pool Up-to-the-Minute Information on Dangerous 'Extreme Weather' Across Europe VIENNA, Austria (AP) -- It looks like a color-coded terror alert scale -- and meteorologically speaking, that's exactly what it is. With climate change making conditions more unpredictable, national weather services from across the European Union have joined forces to create http://www.meteoalarm.eu -- a new Web site providing up-to-the-minute information on "extreme weather" across the continent. The initiative, managed by Austria's Central Institute for Meteorology and Geodynamics, is designed to give Europeans a single source for details on flash floods, severe thunderstorms, gale-force winds, heat waves, blizzards and other violent weather that poses a threat to life or property. It also issues 24- and 48-hour warnings for heavy fog, extreme cold, forest fires and "coastal events" such as high waves or severe tides. "In one glance you will be able to see where in Europe the weather might become dangerous," organizers said Saturday in a statement. The service is similar to the United States' National Weather Service, which posts on its Web site conditions, warnings and forecasts for all 50 states. Although the European site officially will launch in Madrid, Spain, on March 23 -- World Meteorological Day -- it is already live on the Web in test form. Under the new pan-European warning system, white means missing or insufficient data; green means no imminent threat; yellow signifies potentially dangerous weather; orange warns of dangerous conditions; and red means very dangerous, "exceptionally intense" weather. Pictograms and photographs showing lightning bolts, churning floodwaters and other catastrophic scenes also pop up "to make the general public more conscious or aware" of a particular threat, the organizers said. Users click on maps to get details on current conditions or forecasts of violent weather for the next day. There are also links to a country's national weather service. The Network of European Meteorological Services includes 20 countries and covers land stretching from Portugal to Sweden. Not every nation in the region is contributing, but the site hopes to bring others online eventually. The Web site "pulls together all the warnings from the official national weather services," said Michael Staudinger of the Vienna weather institute. It seemed to be accurate on Saturday, at least for Vienna, which was buffeted by gale-force winds gusting to 50 mph. The system churned out a yellow high-wind warning for the area and provided details in German and English. http://www.meteoalarm.eu From rforno at infowarrior.org Mon Mar 19 16:50:30 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Mar 2007 12:50:30 -0400 Subject: [Infowarrior] - NFL violates copyright law, YouTube collaborates with them Message-ID: NFL violates copyright law, YouTube collaborates with them The NFL has violated the DMCA, ignoring the law's dispute resolution system and sending a second takedown notice to YouTube demanding that it censor Wendy Seltzer's clip from the Superbowl. Wendy, a former EFF lawyer who founded the Chilling Effects project and now teaches at Brooklyn Law, grabbed a clip of the NFL's ridiculous copyright warning from the Superbowl and posted it to YouTube. The NFL sent a takedown notice to YouTube, Wendy sent a counter-notice, and now the NFL is supposed to go to court to pursue its claim. But instead, the NFL just sent another takedown notice -- something that is illegal, "knowingly materially misrepresent[ing] ... that material or activity is infringing." Of course, YouTube took the material down anyway (they have a pattern of sucking up to rightsholder groups instead of standing up for their users), showing that the weak, ineffectual user protections in the DMCA are routinely ignored by rightsholders and ISPs. < - > http://www.boingboing.net/2007/03/19/nfl_violates_copyrig.html From rforno at infowarrior.org Mon Mar 19 22:24:13 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Mar 2007 18:24:13 -0400 Subject: [Infowarrior] - Fingerprints required to buy a car? Message-ID: Brave New Car Dealer: fingerprints required to buy a car? Imagine you?ve gone through a multiple week process to purchase an automobile. You know the drill. Research every feature, pick your color, then, it?s negotiations for purchase price and for trade-in. Everything is done and agreed-apon, and excited, you are ready to hand over the check and collect your new car. But wait! You are handed a slip of paper and told to mark your right thumbprint in a box. The paper says clearly that it?s a request, for your protection, and to prevent your identity theft. When you politely decline, the dealership refuses to sell you the car. < - > http://www.lornamatic.com/wordpress/?p=141 From rforno at infowarrior.org Mon Mar 19 23:05:01 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Mar 2007 19:05:01 -0400 Subject: [Infowarrior] - White House Seeking Gonzales Replacements Message-ID: White House Seeking Gonzales Replacements By: Mike Allen March 19, 2007 06:31 PM EST http://www.politico.com/news/stories/0307/3202.html Republican officials operating at the behest of the White House have begun seeking a possible successor to Attorney General Alberto Gonzales, whose support among GOP lawmakers on Capitol Hill has collapsed, according to party sources familiar with the discussions. Among the names floated Monday by administration officials are Homeland Security Secretary Michael Chertoff and White House anti-terrorism coordinator Frances Townsend. Former Deputy Attorney General Larry Thompson is a White House prospect. So is former solicitor general Theodore B. Olson, but sources were unsure whether he would want the job. Republican sources also disclosed that it is now a virtual certainty that Deputy Attorney General Paul J. McNulty, whose incomplete and inaccurate congressional testimony about the prosecutors helped precipitate the crisis, will also resign shortly. Officials were debating whether Gonzales and McNulty should depart at the same time or whether McNulty should go a day or two after Gonzales. Still known as "The Judge" for his service on the Texas Supreme Court, Gonzales is one of the few remaining original Texans who came to Washington with President Bush. In a sign of Republican despair, GOP political strategists on Capitol Hill said that it is too late for Gonzales' departure to head off a full-scale Democratic investigation into the motives and timing behind the firing of eight U.S. attorneys. "Democrats smell blood in the water, and (Gonzales') resignation won't stop them," said a well-connected Republican Senate aide. "And on our side, no one's going to defend him. All we can do is warn Democrats against overreaching." A main reason Gonzales is finding few friends even among Republicans is that he has long been regarded with suspicion by conservatives who have questioned his ideological purity. In the past, these conservatives warned the White House against nominating him for the Supreme Court. Now they're using the controversy over the firing of eight federal prosecutors to take out their pent-up frustrations with how he has handled his leadership at Justice and how the White House has treated Congress. Complaints range from his handling of immigration cases to his alleged ceding of power in the department to career officials instead of movement conservatives. Without embracing Gonzales, Republicans pointed out that presidents are free to replace U.S. attorneys at will. Sen. Kay Bailey Hutchison (R-Texas) noted on MSNBC that some of those who were replaced "haven't whined or complained about it" and added, "I think that there's a lot of politics, but I don't think it's just on one side." But officials on Capitol Hill said that after the Justice Department failed to turn over a batch of e-mails about the prosecutors on Friday as expected, Republican senators became less likely to defend Gonzales or the White House. They feared the delay signaled more damaging information was in the pipeline. "We have a crisis where there doesn't need to be one, and now Democrats have an issue where they can open up the subpoena floodgates," said an exasperated Republican aide. "Once these investigations start, there always ends up being a lot of messy collateral damage." Now the White House is girding for a confirmation battle at the same time it is coping with Democrats' threats to subpoena aides to Bush, including senior adviser Karl Rove. Among the contenders to replace Gonzales, Chertoff is a former U.S. circuit judge for the Third Circuit Court of Appeals, based in Philadelphia. Before that, he was confirmed by the Senate in 2003 as assistant attorney general for the criminal division. Under this scenario, Chertoff's successor at the Department of Homeland Security might be Townsend, who now works in the White House as assistant to the president for homeland security and counterterrorism. Townsend held senior Justice Department posts under Attorney General Janet Reno during the Clinton administration and is also a potential nominee for attorney general. Republican sources said other widely respected Republican lawyers have been considered for attorney general, although some of them may not be interested in taking the job. These names include: --Former Sen. Fred Thompson of Tennessee, the "Law & Order" star who is now considering seeking the Republican presidential nomination. --Olson, who was Bush's first solicitor general and now is a partner at Gibson, Dunn & Crutcher in Washington. --Larry Thompson, who has been general counsel of PepsiCo Inc. since leaving his first-term job as deputy to Attorney General John Ashcroft. --Retired federal judge Laurence H. Silberman, who was named by Bush to be co-chairman of the Commission on the Intelligence Capabilities of the United States Regarding Weapons of Mass Destruction. --George J. Terwilliger III, a former deputy attorney general and acting attorney general who was a leader of Bush's legal team during the Florida election recount. Asked if Gonzales will stay, White House Press Secretary Tony Snow said Monday: "We hope so. He has the confidence of the president." But Snow also revealed that the president had not talked to Gonzales since a conversation the two had when Bush was in Mexico last week. From rforno at infowarrior.org Tue Mar 20 12:26:16 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Mar 2007 08:26:16 -0400 Subject: [Infowarrior] - How Apple orchestrated web attack on researchers Message-ID: How Apple orchestrated web attack on researchers * Date: March 20th, 2007 * Blogger: George Ou * Category: Security, Mobile/Wireless, News, ~Events~, Defcon2006, Apple Last summer when I wrote "Vicious orchestrated assault on MacBook wireless researchers", it set off a long chain of heated debated and blogs. I had hoped to release the information on who orchestrated the vicious assault but threats of lawsuits and a spineless company that refused to defend itself meant I couldn't disclose the details. Well a lot has changed since then and researcher David Maynor is no longer working for SecureWorks and he's finally given me permission to publish the details. < - > http://blogs.techrepublic.com.com/Ou/?p=451 From rforno at infowarrior.org Tue Mar 20 12:41:53 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Mar 2007 08:41:53 -0400 Subject: [Infowarrior] - FBI Issues New Rules For Getting Phone Records Message-ID: FBI Issues New Rules For Getting Phone Records By John Solomon Washington Post Staff Writer Tuesday, March 20, 2007; A06 http://www.washingtonpost.com/wp-dyn/content/article/2007/03/19/AR2007031901 775_pf.html The FBI, which has been criticized for improperly gathering telephone records in terrorism cases, has told its agents they may still ask phone companies to voluntarily hand over toll records in emergencies by using a new set of procedures, officials said yesterday. In the most dire emergencies, requests can be submitted to the companies verbally, officials said. This month, the bureau sent field agents a new "emergency letter" template for seeking the records, shortly before the public release of a report by the Justice Department's inspector general that documented abuses of emergency phone-records collection by counterterrorism agents, officials said. That report created a furor on Capitol Hill and prompted FBI Director Robert S. Mueller III to take personal responsibility. The report documented instances in which agents gathered phone records between 2003 and 2005 using emergency powers when no emergencies existed. It also reported that agents did not follow basic legal requirements, such as certifying that requests for phone records were connected to authorized FBI investigations. New rules from the FBI general counsel's office tell agents they are to limit emergency requests for phone records to the most dire situations, in which the loss of life or bodily harm is believed to be imminent. They are to document carefully the circumstances surrounding the request. Agents also have been relieved of a paperwork burden that was at the heart of past problems, officials said. Under past procedures, agents sent "exigent circumstances letters" to phone companies, seeking toll records by asserting there was an emergency. Then they were expected to issue a grand jury subpoena or a "national security letter," which legally authorized the collection after the fact. Agents often did not follow up with that paperwork, the inspector general's investigation found. The new instructions tell agents there is no need to follow up with national security letters or subpoenas. The agents are also told that the new letter template is the preferred method in emergencies but that they may make requests orally, with no paperwork sent to phone companies. Such oral requests have been made over the years in terrorism and kidnapping cases, officials said. "Emergencies will still come up. If we have a child kidnapping or a 'ticking bomb' terrorist threat, we will ask the telecommunications carriers to provide records under the authority provided by law," said FBI Assistant Director John Miller. The new procedures, he said, will include "an audit trail to ensure we are doing it the right way." The new guidance to agents cites a provision in federal law allowing a telephone provider to voluntarily turn over phone records to law enforcement figures "in good faith" if they "believe that an emergency involving danger of death or serious physical injury to any person requires disclosure without delay," a senior FBI official said. From rforno at infowarrior.org Tue Mar 20 12:43:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Mar 2007 08:43:29 -0400 Subject: [Infowarrior] - MySpace Restrictions Upset Some Users Message-ID: MySpace Restrictions Upset Some Users By BRAD STONE Published: March 20, 2007 http://www.nytimes.com/2007/03/20/technology/20myspace.html?_r=1&oref=slogin Some users of MySpace feel as if their space is being invaded. MySpace, the Web?s largest social network, has gradually been imposing limits on the software tools that users can embed in their pages, like music and video players that also deliver advertising or enable transactions. At stake is the ability of MySpace, which is owned by the News Corporation, to ensure that it alone can commercially capitalize on its 90 million visitors each month. But to some formerly enthusiastic MySpace users, the new restrictions hamper their abilities to design their pages and promote new projects. ?The reason why I am so bummed out about MySpace now is because recently they have been cutting down our freedom and taking away our rights slowly,? wrote Tila Tequila, a singer who is one of MySpace?s most popular and visible users, in a blog posting over the weekend. ?MySpace will now only allow you to use ?MySpace? things.? Ms. Tequila, born Tila Nguyen, has attracted attention by linking to more than 1.7 million friends on her MySpace page. To promote her first album, she recently added to her MySpace page a new music player and music store, called the Hoooka, created by Indie911, a Los Angeles-based start-up company. Users listened to her music and played the accompanying videos 20,000 times over the weekend. But the Hoooka disappeared on Sunday after a MySpace founder, Tom Anderson, personally contacted Ms. Tequila to object, according to someone with direct knowledge of the dispute. She then vented her thoughts on her personal blog. MySpace says that it will block these pieces of third-party software ? also called widgets ? when they lend themselves to violations of its terms of service, like the spread of pornography or copyrighted material. But it also objects to widgets that enable users to sell items or advertise without authorization, or without entering into a direct partnership with the company. A MySpace spokeswoman said yesterday that the service did not remove anything from Ms. Tequila?s page. ?A MySpace representative contacted her and told her that she had violated our terms of service in regards to commercial activity,? the spokeswoman said. ?She removed the material herself, after realizing it was not appropriate for MySpace.? Ms. Tequila and her representatives would not comment. But Justin Goldberg, chief executive of Indie911, said MySpace?s actions undercut the notion that the social networks? users have complete creative freedom. ?We find it incredibly ironic and frustrating that a company that has built its assets on the back of its users is turning around and telling people they can?t do anything that violates terms of service,? he said. ?Why shouldn?t they call it FoxSpace? Or RupertSpace?? Mr. Goldberg said, referring to the News Corporation?s chief, Rupert Murdoch. The tussle between MySpace and Indie911 underscores tensions between established Internet companies and the latest generation of Web start-ups. Without a critical mass of visitors to their sites, many of these smaller companies are devising strategies that involve clamping on to sites like MySpace and Facebook and trying to make money off their traffic. MySpace, meanwhile, is trying to show that it can generate stable revenue. Google will pay it at least $900 million over the next three years to serve ads to the site?s users. And last fall, MySpace announced a partnership with Snocap, a San Francisco-based company, to sell music. Perhaps not coincidentally, this year, MySpace blocked widgets from Revver, a video-sharing site that embeds advertisements in its clips, and Imeem, a music buying service. ?Our users weren?t happy,? said Dalton Caldwell, Imeem?s chief executive, who was nevertheless ambivalent about the MySpace ban because he thought the move might encourage his users to visit his site directly. ?If MySpace isn?t really ?their space? after all, maybe users will think about things differently.? In the past, MySpace executives have said that the service failed to block companies like YouTube that began successful businesses from MySpace?s pages. ?We probably should have stopped YouTube,? Michael Barrett, chief revenue officer for Fox Interactive Media, a part of the News Corporation, said in an interview in late February. ?YouTube wouldn?t exist if it wasn?t for MySpace. We?ve created companies on our back.? MySpace and its corporate parent say they want to find ways to support and exploit the growing widget economy. Last year, Fox Interactive Media introduced a service called Spring Widget. The service provides tools to help developers create widgets for use both on computer desktops and online networks like MySpace. In a recent use of its technology, the studio behind the horror film ?Dead Silence? used a Spring Widget tool on its promotional MySpace page to count down the minutes until the film?s release. Fred Wilson, a New York-based venture capitalist who invests in social media companies, said the strategy showed that the News Corporation was trying to take advantage of growing interest in widgets while also trying to carefully control what made it onto MySpace. But that could be a dangerous strategy, Mr. Wilson said. ?Every attempt everyone has ever made to try to dictate what a person?s Internet experience will be has ended up coming up empty,? he said. ?You have to accept the fact that you are never going to be the be-all and end-all of everyone?s experience. They are one click away from everyone else on the Web.? As for Ms. Tequila, who wrote on her blog that she was a personal friend of Mr. Anderson, the MySpace co-founder, she wrote that she felt bad about blasting the site but that she could not stay silent. ?You guys used to be so cool,? she wrote of MySpace. ?Don?t turn into a corporate evil monster.? Louise Story contributed reporting. Sphere It! Next Article in Technology (1 of 18) ? From rforno at infowarrior.org Tue Mar 20 17:20:59 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Mar 2007 13:20:59 -0400 Subject: [Infowarrior] - Senate Limits Gonzales' Hiring Authority Message-ID: (rolling back a provision of the PATRIOT ACT, by the way........rf) Senate Limits Gonzales' Hiring Authority By PETE YOST and LARA JAKES JORDAN The Associated Press Tuesday, March 20, 2007; 1:05 PM WASHINGTON -- The Senate voted overwhelmingly Tuesday to end the Bush administration's ability to unilaterally fill U.S. attorney vacancies as a backlash to Attorney General Alberto Gonzales' firing of eight federal prosecutors. Amid calls from lawmakers in both parties to resign, Gonzales got a morale boost with an early-morning call from President Bush, their first conversation since a week ago, when the president said he was unhappy with how the Justice Department handled the firings. With a 94-2 vote, the Senate passed a bill that canceled a Justice Department-authored provision in the Patriot Act that had allowed the attorney general to appoint U.S. attorneys without Senate confirmation. Democrats say the Bush administration abused that authority when it fired the eight prosecutors and proposed replacing some with White House loyalists. < - > http://www.washingtonpost.com/wp-dyn/content/article/2007/03/20/AR2007032000 649_pf.html From rforno at infowarrior.org Tue Mar 20 17:29:25 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Mar 2007 13:29:25 -0400 Subject: [Infowarrior] - Congress Holds Hearings on Improper F.B.I. Spying Message-ID: March 20, 2007 Congress Holds Hearings on Improper F.B.I. Spying By THE ASSOCIATED PRESS Filed at 1:12 p.m. ET http://www.nytimes.com/aponline/us/AP-National-Security-Letters.html?pagewan ted=print WASHINGTON (AP) -- Republicans and Democrats sternly warned the FBI on Tuesday that it could lose its broad power to collect telephone, e-mail and financial records to hunt terrorists if the agency doesn't quickly address widespread abuses of the authority detailed in a recent internal investigation. Their threats came as the Justice Department's chief watchdog, Glenn A. Fine, told a House panel that the FBI engaged in widespread and serious misuse of its authority in illegally collecting the information from Americans and foreigners through so-called national security letters. If the FBI doesn't move swiftly to correct the mistakes and problems revealed last week in Fine's 130-page report, ''you probably won't have NSL authority,'' said Rep. Dan Lungren, R-Calif., a supporter of the power, referring to the data requests by their initials. ''I hope that this would be a lesson to the FBI that they can't get away with this and expect to maintain public support,'' said Rep. James Sensenbrenner of Wisconsin, the House Judiciary Committee's former Republican chairman. ''Let this be a warning.'' The FBI's failure to establish sufficient controls or oversight for collecting the information constituted ''serious and unacceptable'' failures, Fine told the committee. Democrats called Fine's findings an example of how the Justice Department has used broad counterterrorism authorities Congress granted in the wake of the Sept. 11 attacks to trample on privacy rights. ''This was a serious breach of trust,'' said Rep. John Conyers, D-Mich., the Judiciary chairman. ''The department had converted this tool into a handy shortcut to illegally gather vast amounts of private information while at the same time significantly underreporting its activities to Congress.'' Rep. Jerrold Nadler, D-N.Y., said Congress should revise the USA Patriot Act, which substantially loosened controls over the letters. ''We do not trust government always to be run by angels, especially not this administration,'' Nadler said. ''It is not enough to mandate that the FBI fix internal management problems and recordkeeping, because the statute itself authorizes the unchecked collection of information on innocent Americans.'' Some Republicans, however, said the FBI's expanded spying powers were vital to tracking terrorists. ''The problem is enforcement of the law, not the law itself,'' said Rep. Lamar Smith of Texas, the panel's senior GOP member. ''We need to be vigilant to make sure these problems are fixed.'' Fine said he did not believe the problems were intentional, although he acknowledged he could not rule that out. ''We believe the misuses and the problems we found generally were the product of mistakes, carelessness, confusion, sloppiness lack of training, lack of adequate guidance and lack of adequate oversight,'' Fine said. ''It really was unacceptable and inexcusable what happened here,'' he added under questioning. Valerie Caproni, the FBI's general counsel, said she took responsibility for the abuses and believed they could be fixed in a matter of months. ''We're going to have to work to get the trust of this committee back, and we know that's what we have to do, and we're going to do it,'' she said. In a review of headquarters files and a sampling of just four of the FBI's 56 field offices, Fine found 48 violations of law or presidential directives during between 2003 and 2005, including failure to get proper authorization, making improper requests and unauthorized collection of telephone or Internet e-mail records. He estimated that ''a significant number of ... violations throughout the FBI have not been identified or reported.'' The bureau has launched an audit of all 56 field offices to determine the full extent of the problem. The Senate Judiciary Committee is to hear Wednesday from Fine and FBI Director Robert Mueller on the same topic. In 1986, Congress first authorized FBI agents to obtain electronic records without approval from a judge using national security letters. The letters can be used to acquire e-mails, telephone, travel records and financial information, like credit and bank transactions. In 2001, the Patriot Act eliminated any requirement that the records belong to someone under suspicion. Now an innocent person's records can be obtained if FBI field agents consider them merely relevant to an ongoing terrorism or spying investigation. Fine's review, authorized by Congress over Bush administration objections, concluded the number of national security letters requested by the FBI skyrocketed after the Patriot Act became law in 2001. Fine found more than 700 cases in which FBI agents obtained telephone records through ''exigent letters'' which asserted that grand jury subpoenas had been requested for the data, when in fact such subpoenas never been sought. From rforno at infowarrior.org Tue Mar 20 17:44:27 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Mar 2007 13:44:27 -0400 Subject: [Infowarrior] - FBI Confirms Contracts with AT&T, Verizon and MCI Message-ID: FBI Confirms Contracts with AT&T, Verizon and MCI The FBI's general counsel, Valerie Caproni, testified today on Capitol Hill that the FBI entered into contracts with AT&T, Verizon and MCI to harvest phone records on American citizens under a national security letter program that has come under fire from Congress and the Justice Department's Office of Inspector General for circumventing privacy laws. Caproni confirmed during a House Judiciary hearing that AT&T and Verizon, which bought MCI in 2005, had and continue to have contracts with the FBI that compensate phone companies for turning over the toll records of customers connected to counterterroism investigations. The telecoms entered into the contracts in May 2003, according to the report issued last week by the DoJ Inspector General. "The contract essentially pays for the man hours or the personnel cost for the people who have to do the work," said FBI Assistant Director John Miller in an interview with Wired News last night. "We want dedicated people who handle our requests or do nothing else." http://blog.wired.com/27bstroke6/2007/03/fbi_confirms_co.html From rforno at infowarrior.org Tue Mar 20 17:45:52 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Mar 2007 13:45:52 -0400 Subject: [Infowarrior] - Homeland Security HQ to move into loony bin Message-ID: Homeland Security to move into loony bin By Michael Hampton Posted: March 20, 2007 12:34 pm http://www.homelandstupidity.us/2007/03/20/homeland-security-to-move-into-lo ony-bin/ The Department of Homeland Security is moving its headquarters to a lunatic asylum. As Dave Barry is fond of saying, I am not making this up. Under a plan projected to cost $3 billion, beginning in 2011 DHS will begin moving most of its 60 Washington, D.C.-based offices to a new building it will construct on the grounds of St. Elizabeths Hospital, an insane asylum still in operation in Washington. St. Elizabeths Hospital holds the dubious distinction of being the first federally sponsored mental hospital in the country, according to its web site. The U.S. Coast Guard will be the first element of the DHS to move into the new building in 2011, department Spokesman Larry Orluskie told United Press International. The DHS?s headquarters functions will follow in 2013, and the other components slated for centralization will move in after that. Orluskie said that the U.S. Secret Service, the biometric system for tracking foreign visitors called U.S.-VISIT, the new Domestic Nuclear Detection Office, the Office of the Inspector General, U.S. Citizenship and Immigration Services and the DHS Science and Technology Directorate will probably remain in their current locations. ? United Press International It somehow seems fitting that the Department of Homeland Security, based on a loony premise, should move into a loony bin. From rforno at infowarrior.org Tue Mar 20 18:16:07 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Mar 2007 14:16:07 -0400 Subject: [Infowarrior] - UK: Citizen Counter-Terrorists Message-ID: Citizen Counter-Terrorists http://www.schneier.com/blog/archives/2007/03/citizen_counter.html The greater Manchester police want everyone to help them find terrorists: In a new anti-terror drive, a tip-off hotline is being relaunched and an advertising campaign will urge people to report any suspicious behaviour. It asks: * Do you know anyone who travels but is vague on where they're going? * Do you know someone with documents in different names for no obvious reason? * Do you know someone buying large or unusual quantities of chemicals for no obvious reason? * Handling chemicals is dangerous, maybe you've seen goggles or masks dumped somewhere? * If you work in commercial vehicle hire or sales, has a sale or rental made you suspicious? * Have you seen someone with large quantities of mobiles? * Have you seen anyone taking pictures of security arrangements? * Do you know someone who visits terrorist-related websites? * Have you seen any suspicious cheque or credit card transactions? * Is someone is asking for a short-term let on a house or flat on a cash basis for no apparent reason? This reminds me of TIPS, the ill-conceived U.S. program to have meter readers and the like -- people who regularly enter people's homes -- report suspicious activity to the police. It's just dumb; people will report each other because their food smells wrong, or they talk in a funny language. The system will be swamped with false alarms, which police will have to waste their time following up on. This sort of state-sponsored snitchery is something you'd expec From rforno at infowarrior.org Wed Mar 21 02:47:14 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Mar 2007 22:47:14 -0400 Subject: [Infowarrior] - Privacy for Internet Names Moves Forward Message-ID: Privacy for Internet Names Moves Forward Tuesday March 20, 9:11 pm ET By Anick Jesdanun, AP Internet Writer Internet Domain Name Body Inches Forward in Relaxing Contact Disclosure Requirements http://biz.yahoo.com/ap/070320/domain_name_privacy.html?.v=4 NEW YORK (AP) -- Many owners of Internet addresses face this quandary: Provide your real contact information when you register a domain name and subject yourself to junk or harassment. Or enter fake data and risk losing it outright. Help may be on the way as a key task force last week endorsed a proposal that would give more privacy options to small businesses, individuals with personal Web sites and other domain name owners. "At the end of the day, they are not going to have personal contact information on public display," said Ross Rader, a task force member and director of retail services for registration company Tucows Inc. "That's the big change for domain name owners." At issue is a publicly available database known as Whois. With it, anyone can find out the full names, organizations, postal and e-mail addresses and phone numbers behind domain names. Hearings on the changes are expected next week in Lisbon, Portugal, before the Internet Corporation for Assigned Names and Numbers, or ICANN, the main oversight agency for Internet addresses. Resolution, however, could take several more months or even years, with crucial details on implementation still unsettled and a vocal minority backing an alternative. Under the endorsed proposal -- some six years in the making -- domain name registrants would be able to list third-party contact information in place of their own -- to the chagrin of businesses and intellectual-property lawyers worried that cybersquatters and scam artists could more easily hide their identities. "It would just make it that much more difficult and costly to find out who's behind a name," said Miriam Karlin, manager of legal affairs for International Data Group Inc., publisher of PC World and other magazines. She said she looks up Whois data daily to pursue trademark and copyright violators. Privacy wasn't a big consideration when the current addressing system started in the 1980s. Back then, government and university researchers who dominated the Internet knew one another and didn't mind sharing personal details to resolve technical problems. Today, the Whois database is used for much more. Law-enforcement officials and Internet service providers use it to fight fraud and hacking. Lawyers depend on it to chase trademark and copyright violators. Journalists rely on it to reach Web site owners. And spammers mine it to send junk mailings for Web site hosting and other services. And Internet users have come to expect more privacy and even anonymity. Small businesses work out of homes. Individuals use Web sites to criticize large corporations or government officials. The Whois database, for many, reveals too much. The requirements for domain name owners to provide such details also contradict, in some cases, European privacy laws that are stricter than those in the United States. Registration companies generally don't check contact information for accuracy, but submitting fake data could result in missing important service and renewal notices. It also could be grounds for terminating a domain name. Over the past few years, some companies have been offering proxy services, for a fee, letting domain name owners list the proxy rather than themselves as the contact. It's akin to an unlisted phone number, though with questionable legal status. The U.S. government has banned proxies entirely for addresses ending in ".us," even after many had already registered names behind them. Critics also complain that such services can be too quick or too slow -- depending on whom you ask -- in revealing identities under legal pressure. "Right now there's no regulation, no accreditation, no standards," said Margie Milam, general counsel for MarkMonitor, a brand-protection firm. "Some can take weeks, which can slow down investigations." The task force proposal, known as operational point of contact, would make third-party contacts a standard offering. Domain name owners could list themselves, a lawyer, a service provider or just about anyone else; that contact would forward important communications back to the owner. Details must still be worked out, but the domain name registrant rather than the proxy would likely be clearly identified as the legal owner, unlike the current, vague arrangement. ICANN's staff also pressed for more clarity on to whom and under what circumstances the outside contact would have to release data. Although that proposal received a slight majority on the Whois task force, some stakeholders including businesses and lawyers have pushed an alternative known as special circumstances. Domain name holders would have to make personal contact details available, as they do today, unless they can justify a special circumstance, such as running a shelter for battered women. "On the whole, society is much better off having this kind of transparency and accountability," said Steven Metalitz, an intellectual-property lawyer on the task force. ICANN's Council of the Generic Names Supporting Organization plans public hearings in Lisbon, after which it could make a recommendation or convene another task force to tackle implementation details. Supporters of the new proposal remain hopeful that resolution is near. "A lot of public interest groups have been waiting a long time to see if this process actually works or if it's just a charade," said Wendy Seltzer, a non-voting task force member and fellow with Harvard University's Berkman Center for Internet and Society. "If this turns out to have been for naught, you will have a lot of frustrated people." From rforno at infowarrior.org Wed Mar 21 13:13:09 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Mar 2007 09:13:09 -0400 Subject: [Infowarrior] - A better way than the TSA In-Reply-To: <000d01c76ba0$de351a70$0201a8c0@DB0PJ521> Message-ID: csmonitor.com - The Christian Science Monitor Online from the March 21, 2007 edition - http://www.csmonitor.com/2007/0321/p09s01-coop.html A better way than the TSA Private security firms would actually keep us safe, not just make us feel that way. By Becky Akers NEW YORK The Improving America's Security Act recently passed by Congress allows the Transportation Security Administration's (TSA) airport screeners to unionize. This bill could add about 50,000 dues-paying members to union rolls while breathing new life into TSA's unofficial slogan: Thousands Standing Around. The White House has threatened to veto the legislation because it claims that collective bargaining will destroy the TSA's flexibility. And according to the White House, "flexibility is ... how the ... TSA protects Americans while they travel." Who knew? Cynics probably put "flexible" at the bottom of the TSA's attributes, right after "competent" and "fun-loving." But flexible or not, screeners have little effect on security. They are there to make passengers feel safe, not to actually keep them safe. The TSA itself virtually confirms this. So does its parent bureaucracy, the Department of Homeland Security (DHS), and the General Accounting Office (GAO). All three routinely test screeners' ability to intercept weapons smuggled through checkpoints. And screeners routinely flunk. Washington's reaction is to tinker with department rules and spend millions on "better" technology. But a far better approach would be to scrap federally regulated flight security altogether. Private security firms would rely on effective antiterrorist tools rather than political correctness. They would actually keep us safe, not just make us feel that way. The TSA was barely a year old when the GAO gave it failing marks in a report to the House Aviation Subcommittee in 2003. The committee's then chairman, John Mica (R) of Florida, summarized the findings: TSA was "still a very poor system" that "needs a dramatic overhaul." By April 2005, the agency's incompetence was so glaring that not one but two federal reports documented it. Both the GAO and the DHS found that screening was no more effective than before 9/11. The TSA had gone from bad to worse a year later when undercover investigators packed their bags with common household items that explode when combined. They tried to smuggle these ingredients past the checkpoints at 21 airports - and they succeeded every time. Barraged by criticism, DHS pooh-poohed the test's premises: "While random items commonly found under a kitchen sink could conceivably be concocted into an IED [improvised explosive device], we find it highly implausible." Months later, British police announced that they had foiled a plot to smuggle explosive components aboard planes, combine them en route, and blow up 10 transatlantic flights. That "highly implausible" scenario now has American passengers bagging their gels and liquids like tuna sandwiches. You might suppose the TSA's failures would force it to improve. You'd be right: In 2006, screeners flunked only 20 of the TSA's 22 tests. The TSA squanders vast amounts of flyers' time and $5 billion per year in taxes, so its failures are infuriating. But they're not surprising. After all, the agency responds to a problem that doesn't exist: terrorists thronging airports and boarding flights. The 9/11 attacks succeeded largely because of their novelty. The bad guys are smart enough to know this even if American bureaucrats aren't. That's why no TSA screener has found a single terrorist. Instead, they're frisking toddlers and wheelchair-bound seniors. I'm not calling for a return to the way things were before 9/11, mind you. Even those privately employed screeners were heavily regulated by government. Indeed, federal officials have micromanaged aviation since its beginning. The resulting mess - long lines, high fares, inconvenient routes, and the arrogance that passes for service - is largely due to that interference. Now, with the TSA as useless as an expired ticket, it's time to put federal control on the "Do Not Try" list. Why not let the free market protect aviation as it has our banking with ATM cards and PINs, our cars and homes with their burglar, smoke, and carbon-monoxide alarms, and even our telephones with caller-ID? Privatized protection isn't a panacea, but it's better than the TSA. Without that federal straitjacket, security wouldn't be uniform and easy to game: each airline would adapt its policies to its own routes, destinations, and customers. Meanwhile, experts could design security systems without mandates from bureaucrats who understand paperwork and politics but not planes and passengers. Jets worth billions and the repeat business that comes only from satisfied, living customers will compel the airlines to provide potent protection. One thing is certain: Any airline that treated flyers as the TSA does would lose business fast. And should. . Becky Akers is writing a book about the Transportation Security Administration. From rforno at infowarrior.org Wed Mar 21 16:04:32 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Mar 2007 12:04:32 -0400 Subject: [Infowarrior] - Uni tells RIAA to pay for services rendered Message-ID: Aww, shucks -- now the RIAA is angry that Universities aren't doing things specially for them (both immediately and strategically) and might actually want to get paid for such efforts. Good job, U of Neb! -rf U of Nebraska can?t track down downloading students http://education.zdnet.com/?p=926 The Recording Industry Association of America would love to give University of Nebraska students who are illegally downloading music a chance to pay up before taking them to court, but they can't find out who they are, the lobbying group says. The Omaha World-Herald reports that the RIAA has sent 36 letters to Nebraska students they have found to be illegally downloading music, but due to system programming, they can only find nine of the students. "Probably not," said Walter Weir, the university's chief information officer, when asked if the recording industry could locate the remaining students in some other way. "If they can't give us any more information, I don't know how in the heck anyone can find 'em." The university's system was unintentionally designed to automatically change a computer's Internet protocol address each time that computer is turned on. The university only saves a record of these "IP addresses" for about a month. It's the only tool the University of Nebraska at Lincoln and the recording industry have to find the students. RIAA spokeswoman Jenni Engebretsen has been critical of UNL for failing to keep computer records that would have made it easy to track down the UNL offenders. "One would think universities would understand the need to retain these records," she said. The industry has sent more than 1,000 "cease and desist" complaints to UNL during the current school year, more than all but two other U.S. universities. To make matters worse, the university wants to be reimbursed $11 for each warning letter it processes. "We're spending taxpayer dollars tracking down RIAA problems," Weir said. "Are we an agent of the RIAA? Why aren't they paying us for this?" That request was rebuked by the RIAA. "It is neither practical nor appropriate for us to entertain a reimbursement request," said Engebretsen. The university is researching installing software that would hinder students' ability to illegally download music. From rforno at infowarrior.org Wed Mar 21 19:48:48 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Mar 2007 15:48:48 -0400 Subject: [Infowarrior] - How I Became A Music Pirate Message-ID: Agree 100% with the sentiment......rf How I Became A Music Pirate http://consumerist.com/consumer/drm/how-i-became-a-music-pirate-245644.php From rforno at infowarrior.org Thu Mar 22 12:40:11 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2007 08:40:11 -0400 Subject: [Infowarrior] - FTC public RFC on Sony DRM Message-ID: Sony BMG Music Entertainment; Analysis of Proposed Consent Order To Aid Public Comment http://cryptome.org/ftc032107.htm From rforno at infowarrior.org Thu Mar 22 12:41:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2007 08:41:29 -0400 Subject: [Infowarrior] - Judge's decision leaves RIAA with lose-lose situation Message-ID: Judge's decision leaves RIAA with lose-lose situation in Elektra v. Santangelo By Eric Bangeman | Published: March 21, 2007 - 08:38PM CT http://arstechnica.com/news.ars/post/20070321-judges-decision-leaves-riaa-wi th-lose-lose-situation-in-elektra-v-santangelo.html The case of Elektra v. Santangelo has been one of the more closely followed cases in the RIAA's crusade against suspected file sharers, due in no small part to the aggressiveness of Patti Santangelo's defense. Ray Beckerman is reporting that Judge Colleen McMahon has denied the RIAA's motion to dismiss the case without prejudice, ruling that the case must either proceed to trial or be dismissed with prejudice. It's a noteworthy ruling because if the case is dismissed with prejudice, Santangelo would be considered the prevailing party and would likely be entitled to an award of attorneys' fees, as in Capitol v. Foster. In her ruling, Judge McMahon concluded that "no conceivable interest of justice would be served by permitting this case to be dismissed without prejudice against defendant." Instead, the defendant should have a shot at vindication via a trial or have the case dismissed with prejudice. "This case is two years old," wrote Judge McMahon. "There has been extensive fact discovery. After taking this discovery, either plaintiffs want to make their case that Mrs. Santangelo is guilty of contributory copyright infringement or they do not." The choice is clear-cut for the RIAA: either proceed with a full-blown jury trial in which they will have to convince a jury that the defendant is guilty of secondary infringement?making the same argument that the judge in Capitol v. Foster didn't buy?or agree to an order dismissing the action with prejudice. (For a further discussion of secondary infringement, see earlier Capitol v. Foster coverage.) Patti Santangelo, a divorced mother of five, was sued in 2005 after MediaSentry, the RIAA's investigative arm, found music in a shared folder under an IP that Santangelo's ISP said was assigned to her account at that time. Santangelo denied any knowledge of the alleged file-sharing, but the RIAA pressed ahead with the case. After a barrage of legal filings, the RIAA then sued two of her children last November: Michelle, age 20, and Robert, age 16 (and 11 years old when the infringement allegedly took place). The new lawsuit claimed that Michelle had admitted to illicit downloading and that Robert's best friend had implicated him. At the same time, the RIAA continued to press its case that Patti Santangelo was guilty of secondary infringement. Robert has since filed an answer to the RIAA's lawsuit, denying any wrongdoing and demanding a trial by jury. The ruling leaves the RIAA between a rock and a hard place, a position that it may find itself in more frequently as such cases move through the court system. From rforno at infowarrior.org Thu Mar 22 13:26:23 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2007 09:26:23 -0400 Subject: [Infowarrior] - Judge Throws Out Internet Blocking Law Message-ID: Judge Throws Out Internet Blocking Law Thursday March 22, 9:24 am ET By Maryclaire Dale, Associated Press Writer http://biz.yahoo.com/ap/070322/internet_blocking.html?.v=3 Judge Tosses Law That Makes It a Crime for Web Sites to Let Kids Access 'Harmful' Material PHILADELPHIA (AP) -- A federal judge on Thursday threw out a 1998 law that makes it a crime for commercial Web site operators to let children access "harmful" material. In the ruling, the judge said parents can protect their children through software filters and other means that do not limit the rights of others to free speech. From rforno at infowarrior.org Thu Mar 22 14:23:35 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2007 10:23:35 -0400 Subject: [Infowarrior] - Walt Mossberg on Copyright Laws Message-ID: Congress Must Make Clear Copyright Laws to Protect Consumers >From Wall Street Journal, March 22, 2007 By Walter S. Mossberg http://www.freepress.net/news/21882 Here comes another in the long line of lawsuits between media companies and Internet companies over who gets to distribute content. This time it?s Viacom, the enormously rich owner of properties like Paramount Pictures and Comedy Central, suing Google, the enormously rich owner of YouTube. The issue: Viacom wants to get paid more than Google wants to pay it for all of those fuzzy, two-minute clips from programs like ?The Daily Show? that users post to YouTube. The companies tried to negotiate a deal, but the talks failed, so Viacom is suing for $1 billion. I am not a lawyer, and I have no idea how this lawsuit will wind up. I suspect it is mainly a bargaining tactic by Viacom. But I know one thing: This fight isn?t primarily about consumers and their rights, and its outcome won?t necessarily make things better for Internet users. Consumers won?t be a party to this case any more than they were in the room when the latest major copyright law was passed by Congress. That law, the 1998 Digital Millennium Copyright Act, was enacted at the behest of record labels and movie studios. Their purpose was to stop people from using computers and the Internet to distribute digital copies of material to which they didn?t hold either the copyright or a distribution license. That idea makes sense. Unlike some Internet zealots, I believe that intellectual property is real and that some form of copyright is appropriate to protect it. I am against the unlicensed copying of DVDs for sale on street corners, or the mass uploading of songs to so-called sharing sites. The Internet and technology companies managed to insert a clause in the DMCA sparing them from penalties for carrying copyright content on grounds they were just innocent conduits. That will be a big issue in the Viacom case. But consumers got no such get-out-of-jail-free card. In fact, the DMCA, and other recent laws and regulations passed under pressure from media companies, are pretty hostile when it comes to consumers. They turn essentially innocent actions into unlawful behavior, because they define copyright infringement too broadly. They have given rise to a technology called Digital Rights Management that causes too many hassles for honest people and discriminates against the new digital forms of distribution. Even Apple CEO Steve Jobs, who created a DRM system for music that actually has worked, recently called for an end to copy protection of legally sold music, mainly because the record labels apply that protection only to online sales, not to physical compact discs. Most honest people wouldn?t consider it piracy to buy a CD, copy it to a computer and email one of the song files to a spouse or friend. But the record industry, backed by the laws it essentially wrote, does. Most honest people wouldn?t think that uploading to YouTube a two-minute TV clip, which they paid their cable company to receive, is piracy. But Viacom, backed by the laws its industry essentially wrote, is demanding that Google remove all such clips. To be fair, Viacom, unlike the misguided record labels, isn?t suing the actual consumers who posted these clips. It?s suing Google because it claims Google is making money from them and refusing to pay for that privilege. Google isn?t blameless here, either. It does make money, at least indirectly, from other companies? copyright material, for which it didn?t pay, even though it has negotiated some paid deals and says it is willing to negotiate others. And while Google says it diligently removes all copyright clips for which it hasn?t secured paid rights, every YouTube visitor knows that this system is, at best, imperfect. As a nonlawyer, I think these clips seem like ?fair use,? an old copyright concept that seems to have weakened under the advent of the new laws. Under fair use, as most nonlawyers have understood it, you could quote this sentence in another publication without permission, though you?d need the permission of the newspaper to reprint the entire column or a large part of it. A two-minute portion of a 30-minute TV show seems like the same thing to me. But why should I have to guess about that? What consumers need is real clarity on the whole issue of what is or isn?t permissible use of the digital content they have legally obtained. And that can come only from Congress. Congress is the real villain here, for having failed to pass a modern copyright law that protects average consumers, not just big content companies. We need a new digital copyright law that would draw a line between modest sharing of a few songs or video clips and the real piracy of mass distribution. We need a new law that would define fair use for the digital era and lay out clearly the rights of consumers who pay for digital content, as well as the rights and responsibilities of Internet companies. If you don?t like all of the restrictions on the use of digital content, the solution isn?t to steal the stuff. A better course is to pressure Congress to pass a new copyright law, one that protects the little guy and the Internet itself. This article is from Wall Street Journal. If you found it informative and valuable, we strongly encourage you to visit their Web site and register an account, if necessary, to view all their articles on the Web. Support quality journalism. From rforno at infowarrior.org Thu Mar 22 16:09:26 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2007 12:09:26 -0400 Subject: [Infowarrior] - Federal Agency Bans Microsoft Vista Message-ID: Federal Agency Bans Microsoft Vista Thursday March 22, 12:06 pm ET http://biz.yahoo.com/ap/070322/microsoft_government.html?.v=2 Department of Transportation Bans Microsoft Vista From Computers, Citing Cost, Compatibility WASHINGTON (AP) -- At least two federal government agencies are refusing to upgrade their computers with Microsoft Corp.'s Windows Vista operating system, citing concern over costs and compatibility issues. In a Jan. 19 memo to staff, Dan Mintz, the Transportation Department's chief information officer, imposed an "indefinite moratorium" on upgrading desktop and laptop computers with the new operating system, Office 2007 and Internet Explorer 7. Mintz wrote that there is "no compelling technical or business case" to upgrade to the new products and specific reasons not to upgrade. He cited hardware, software and labor costs, compatibility issues with current applications and limited funding. He also wrote technology staff will be busy with the agency's move to a new headquarters. The memo says the software only may be acquired for testing purposes and only with the CIO's approval. Microsoft did not return calls seeking comment. The details of Mintz's memo were first reported earlier this month by InformationWeek, a technology trade publication. From rforno at infowarrior.org Thu Mar 22 16:11:51 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2007 12:11:51 -0400 Subject: [Infowarrior] - NBC Teams Up With News Corp., AOL and Others to Form Online Video Site Message-ID: NBC, News Corp. in Online Video Venture Thursday March 22, 12:06 pm ET NBC Teams Up With News Corp., AOL and Others to Form Online Video Site http://biz.yahoo.com/ap/070322/online_video.html?.v=3 NEW YORK (AP) -- NBC Universal and News Corp. joined forces with several Internet companies Thursday to distribute TV shows online in an effort to better control their programming and stave off competition from YouTube. The new network, which would launch this summer, comes in response to the explosive growth Google Inc.'s YouTube, a do-it-yourself video-sharing site that is currently being sued by Viacom Inc., another major media company, for copyright infringement. The venture is aimed at giving broadcasting companies like NBC and News Corp., which owns the Fox broadcast network and the Twentieth Century Fox movie and TV studio, greater control over how their shows are distributed on the Internet. Programs owned by NBC and News Corp. such as "Heroes," "24," and "House" will appear on the network, supported by advertising, and distributed through Yahoo, Time Warner Inc.'s AOL unit, Microsoft Corp.'s MSN site, and MySpace, which is owned by News Corp. Besides homemade videos, YouTube also carries many clips uploaded by users from copyrighted TV shows such as "The Daily Show with Jon Stewart," which airs on Viacom's Comedy Central cable network. In its lawsuit, Viacom says YouTube is encouraging copyright infringement. YouTube says it's protected by law so long as it promptly takes down any copyright-protected material as soon as it's asked to. From rforno at infowarrior.org Thu Mar 22 16:25:23 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2007 12:25:23 -0400 Subject: [Infowarrior] - Senate Bill Would Mandate Disclosure of Data Mining Message-ID: Senate Bill Would Mandate Disclosure of Data Mining By Ellen Nakashima Washington Post Staff Writer Wednesday, March 21, 2007; D03 http://www.washingtonpost.com/wp-dyn/content/article/2007/03/20/AR2007032001 604_pf.html The Justice Department is opposing bipartisan Senate legislation that would require federal agencies to disclose to Congress data-mining programs they use to find patterns of criminal or terrorist activity, saying that it duplicates a reporting requirement mandated in the 2006 renewal of the USA Patriot Act. The department, however, missed the March 9 deadline to report on its data-mining programs as required by the law. Senate Democrats, who have pressed for disclosure to ensure that privacy and civil liberties were not violated, are not pleased. "This is more stonewalling by the administration to avoid congressional oversight," said Senate Judiciary Committee Chairman Patrick J. Leahy (D-Vt.), who co-sponsored the data-mining provision with Sens. Russell Feingold (D-Wis.) and John E. Sununu (R-N.H.). "We specifically placed sunshine provisions in the Patriot Act reauthorization to ensure some reasonable checks on the department's data-mining activities that affect millions of Americans," Leahy said. The 2006 Patriot Act mandated a one-time report on Justice data-mining initiatives. The Senate proposal would establish a yearly reporting requirement for all federal agencies. A Justice Department inspector general's report revealed recently that the FBI improperly gathered telephone and financial records of U.S. residents using administrative subpoenas called national security letters, and in some cases merely by citing "exigent circumstances." The report, released two weeks ago, was mandated in the reauthorized Patriot Act over the Bush administration's objections. The report also found that the FBI "significantly understated" to Congress the number of national security letters it had issued. In January, Leahy asked Attorney General Alberto R. Gonzales whether the Justice Department would produce a report on its data-mining activities. He received no reply. But Friday, with the department trying to contain fallout from the inspector general's report and a controversy over its firing of eight U.S. attorneys, Richard A. Hertling, the acting assistant attorney general, wrote Leahy that the department was "working diligently" to complete the report and send it to Congress "as expeditiously as possible." In a Feb. 28 letter to Leahy, Hertling said the legislation is "largely duplicative" of the Patriot Act requirement and that its scope is "potentially quite broad" and "might be read to include a wide range of normal, everyday investigative techniques." Hertling said the Department of Homeland Security "has many of these same concerns." The Senate passed the data-mining measure last week as part of a Homeland Security bill. There is no similar provision in the House version of the larger bill and differences between the two bills will have to be resolved in a conference committee. Jim Harper, director of information policy at the Cato Institute, a libertarian think tank, said that the administration's opposition to reporting on data-mining programs appears to reflect on one hand "simple, bureaucratic intransigence . . . less oversight is better for a bureaucracy." On the other, he said, in light of the inspector general's report, Justice Department officials might fear that data-mining oversight "would reveal a great deal more that offends privacy." The Justice Department "appreciates the importance of congressional oversight on these critical matters," said Dean Boyd, a spokesman. From rforno at infowarrior.org Thu Mar 22 16:43:20 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2007 12:43:20 -0400 Subject: [Infowarrior] - More on COPA smackdown Message-ID: U.S. Judge Blocks 1998 Online Porn Law By MARYCLAIRE DALE The Associated Press Thursday, March 22, 2007; 10:39 AM http://www.washingtonpost.com/wp-dyn/content/article/2007/03/22/AR2007032200 616_pf.html PHILADELPHIA -- A federal judge on Thursday dealt another blow to government efforts to control Internet pornography, striking down a 1998 U.S. law that makes it a crime for commercial Web site operators to let children access "harmful" material. In the ruling, the judge said parents can protect their children through software filters and other less restrictive means that do not limit the rights of others to free speech. "Perhaps we do the minors of this country harm if First Amendment protections, which they will with age inherit fully, are chipped away in the name of their protection," wrote Senior U.S. District Judge Lowell Reed Jr., who presided over a four-week trial last fall. The law would have criminalized Web sites that allow children to access material deemed "harmful to minors" by "contemporary community standards." The sites would have been expected to require a credit card number or other proof of age. Penalties included a $50,000 fine and up to six months in prison. Sexual health sites, the online magazine Salon.com and other Web sites backed by the American Civil Liberties Union challenged the law. They argued that the Child Online Protection Act was unconstitutionally vague and would have had a chilling effect on speech. The U.S. Supreme Court upheld a temporary injunction in 2004 on grounds the law was likely to be struck down and was perhaps outdated. Technology experts said parents now have more serious concerns than Web sites with pornography. For instance, the threat of online predators has caused worries among parents whose children use social-networking sites such as News Corp.'s MySpace. The case sparked a legal firestorm last year when Google challenged a Justice Department subpoena seeking information on what people search for online. Government lawyers had asked Google to turn over 1 million random Web addresses and a week's worth of Google search queries. A judge sharply limited the scope of the subpoena, which Google had fought on trade secret, not privacy, grounds. To defend the nine-year-old Child Online Protection Act, government lawyers attacked software filters as burdensome and less effective, even though they have previously defended their use in public schools and libraries. "It is not reasonable for the government to expect all parents to shoulder the burden to cut off every possible source of adult content for their children, rather than the government's addressing the problem at its source," a government attorney, Peter D. Keisler, argued in a post-trial brief. Critics of the law argued that filters work best because they let parents set limits based on their own values and their child's age. The law addressed material accessed by children under 17, but applied only to content hosted in the United States. The Web sites that challenged the law said fear of prosecution might lead them to shut down or move their operations offshore, beyond the reach of the U.S. law. They also said the Justice Department could do more to enforce obscenity laws already on the books. The 1998 law followed Congress' unsuccessful 1996 effort to ban online pornography. The Supreme Court in 1997 deemed key portions of that law unconstitutional because it was too vague and trampled on adults' rights. The newer law narrowed the restrictions to commercial Web sites and defined indecency more specifically. In 2000, Congress passed a law requiring schools and libraries to use software filters if they receive certain federal funds. The high court upheld that law in 2003. From rforno at infowarrior.org Thu Mar 22 17:44:45 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2007 13:44:45 -0400 Subject: [Infowarrior] - CRS to restrict public distro of its reports Message-ID: You'd Know if You Were Congressional Thursday, March 22, 2007; Page A19 http://www.washingtonpost.com/wp-dyn/content/article/2007/03/21/AR2007032102 043.html All non-congressionals, or those who think they may be, please take note. This week, Congressional Research Service chief Daniel P. Mulhollan issued a memo to all staffers in the service, known as Congress's think tank. From now on, he wrote, CRS researchers will require a supervisor's approval before giving any CRS report to a "non-congressional." Non-congressionals are, said CRS spokeswoman Janine D'Addario, usually fellow researchers in "U.S. government entities and nongovernmental entities, the media and foreign governments, like embassies." The CRS works exclusively for Congress and is legendarily closefisted with its reports. For years, open-government groups and some members of Congress have fought unsuccessfully to put the reports online. Now it comes out that CRS researchers have been trading reports like baseball cards with these special non-congressionals, sharing knowledge on North Korean counterfeiting, wheat subsidies and other topics commissioned by Congress. That can continue, according to Mulhollan's memo, but "prior approval should now be requested at the division or office level." However: "Product requests can also originate from other non-congressional sources including individual researchers, corporations, law offices, private associations, libraries, law firms and publishers. The Inquiry Section typically declines these requests, and most often refers the caller to his or her congressional representative's office," Mulhollan wrote. So let's review. All governmental, nongovernmental, foreign-governmental, media researcher-type non-congressionals -- and you know who you are -- can still have CRS reports, if a CRS supervisor approves. For the rest of you non-congressionals, the rules have not changed. The answer is no -- go ask Congress. -- Elizabeth Williamson From rforno at infowarrior.org Thu Mar 22 17:47:33 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2007 13:47:33 -0400 Subject: [Infowarrior] - More on FBI illegalities... Message-ID: (c/o Declan's site) http://www.politechbot.com/2007/03/20/fbi-illegal-use/ FBI illegal use of eavesdropping powers: not just national security letters So we've all heard about the FBI's misuse of national security letters. The Justice Department's inspector general came out with a report on March 9 describing "serious misuse" of the letters, which are secret subpoena-like documents that can be sent to businesses including banks, telephone companies, and ISPs: http://www.usdoj.gov/oig/special/s0703b/final.pdf I wrote about the inspector general's report here: http://news.com.com/2100-1028_3-6166015.html And in fact the inspector general, Glenn Fine, is going to be testifying about them in the Senate on Wednesday at 10am ET: http://judiciary.senate.gov/hearing.cfm?id=2616 Fine showed up before a House committee on Tuesday and faced a hostile audience -- not that the FBI's illegal acts are his fault, mind you, but Bush administration officials seem oddly reluctant to testify in public under oath nowadays: http://www.washingtonpost.com/wp-dyn/content/article/2007/03/20/AR2007032000 921.html The odd thing is that everyone, or nearly everyone, seems to think this is entirely unexpected. In fact, it's a natural consequence of giving the federal government more and more power over the years (national security letters were made much more powerful by the Patriot Act). Incentives matter, and the FBI has plenty of incentives to expand its power and surveillance ability and precious few incentives to preserve Americans' constitutional liberties. To give credit to EPIC, they realized this and sent a letter to the Senate in June 2006 asking for more oversight: http://www.epic.org/privacy/surveillance/sen_iob_letter.pdf So have libertarian writers, who for years have called national security letters "the ultimate constitutional farce," which is about right. The letters represent FBI agents _authorizing themselves_ to seize information without bothering to get a judge's approval, after all: http://www.lewrockwell.com/orig6/napolitano2.html Occasionally other evidence about illegal FBI eavesdropping comes to light, which is what I described in an article published two days before the DOJ's report: http://news.com.com/2100-1039_3-6165067.html That article outlines how FBI agent Scott Wenther submitted a 42-page sworn affidavit that was intentionally designed to mislead the court into approving what a judge called an "illegal" wiretap. I've put the some of the court documents here: http://politechbot.com/docs/fbi.agent.scott.wenther.affidavit.030607.txt http://politechbot.com/docs/fbi.wenther.opinion.030607.pdf http://politechbot.com/docs/fbi.wenther.defendant.brief.030607.pdf This is of course the same federal police agency that is using our tax dollars to lobby Congress to mandate data retention, which should make us think twice about how _that_ nice part of the surveillance apparatus will be used and misused: http://www.politechbot.com/2007/01/24/not-just-isps/ -Declan From rforno at infowarrior.org Fri Mar 23 00:33:25 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2007 20:33:25 -0400 Subject: [Infowarrior] - Oracle sues rival SAP for hacking their systems Message-ID: Oracle Sues Rival SAP for Alleged Theft Thursday March 22, 8:29 pm ET By Michael Liedtke, AP Business Writer Oracle Sues German Rival SAP for Alleged Theft of Secret Product Information SAN FRANCISCO (AP) -- Oracle Corp. on Thursday accused SAP AG of hacking into its computers to heist secret product information in a lawsuit that escalates the animosity that had already been building between two of the world's largest business software makers. ADVERTISEMENT "This is about more than just protecting intellectual property," said Forrester Research analyst Ray Wang. "This is about product support and the art of war." The complaint, filed in a San Francisco federal court, alleges that Germany-based SAP resorted to high-tech skullduggery in a desperate attempt to maintain its leadership in business applications software -- programs that help companies manage a wide range of administrative tasks. < - > But the suit alleges that SAP didn't have enough information or adequate resources to support Oracle's software, triggering the clandestine raids on Oracle's computers beginning last September and continuing through at least January of this year. SAP TN infiltrated Oracle's systems by using the log-in information of defecting customers and then concealed its true identity by using phony phone numbers and fake e-mail addresses such as test(at)testyomamma.com, the lawsuit alleged. Oracle said it has uncovered more than 10,000 illegal downloads of material from SAP computers, with much of the activity being traced to an Internet protocol, or IP, address in SAP TN's Bryan, Texas, headquarters. "If these allegations are true, shame on SAP," Wang said. < - > http://biz.yahoo.com/ap/070322/oracle_sap.html?.v=7 From rforno at infowarrior.org Fri Mar 23 02:23:45 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2007 22:23:45 -0400 Subject: [Infowarrior] - Here we go again: XM sued for copyright infringement Message-ID: Music publishers accuse XM of copyright infringement By Anne Broache http://news.com.com/Music+publishers+accuse+XM+of+copyright+infringement/210 0-1047_3-6169844.html Story last modified Thu Mar 22 18:06:03 PDT 2007 An association of music publishers late on Thursday filed a lawsuit that accuses XM Satellite Radio of refusing to stop "widespread infringement" of popular copyrighted songs. In a complaint filed in New York federal court, the National Music Publishers Association (NMPA) argues that the satellite radio operator's "XM + MP3" music service skirts copyright laws by allowing radio listeners to make permanent copies of on-air tracks through devices like the Pioneer Inno player without permission and without properly compensating songwriters. The service "constitutes pervasive and willful copyright infringement to the overwhelming detriment of copyright holders, legitimate online music services and, ultimately, consumers," lead attorney Debra Wong Yang said in a statement. The legal action by the music publishers arrives about two months after a federal judge ruled a similar legal challenge lodged by record labels could proceed. In that dispute, XM argued that its listeners are legally allowed to record music off the radio for personal use under the Home Recording Act of 1992. Federal courts have upheld users' rights to record music from over-the-air radio for some purposes. The music industry argues that the "iPod-like" devices marketed by XM are closer to being music download services akin to Apple's iTunes Store, which falls under a different copyright licensing regime, and that they have been cheating musicians out of royalties. NMPA President David Israelite characterized his organization's legal action as a "last resort" that followed months of discussions between the entities over compensation for music creators. XM spokesman Chance Patterson dismissed the suit as "a negotiating tactic to gain an advantage in our ongoing business discussions." "XM pays royalties to writers and composers who are also compensated by our device manufacturers," he said in an e-mailed statement. "We are confident that the lawsuit is without merit and that we will prevail." The music publishers are seeking an injunction that would stop the allegedly infringing behavior. They are also requesting a maximum of $150,000 in damages for each work allegedly infringed by XM. The complaint lists more than 175 well-known songs--ranging from "Let it Be" to "Like A Prayer" to "That's the Way (I Like It)"--whose rights belong to a number of large and small music publishers. The group claims those tunes represent a "small fraction" of those being illegally distributed through the XM + MP3 service. A controversial recording industry-backed bill in Congress would require satellite and Internet radio services to restrict the ability of their listeners to record and replay individual songs. The so-called Perform Act, reintroduced this year by Sen. Dianne Feinstein (D-Calif.) has been marketed as a way to ensure that those services pay "fair market value" for the use of copyright music, but critics, including consumer groups and the electronics industry, argue that the proposal would unduly limit listeners' home-recording rights. The suit could pose an additional hurdle as XM seeks approval of an estimated $13 billion union with Sirius Satellite Radio. During congressional hearings on the subject last month, some politicians questioned how the merged entity would reconcile reportedly different approaches to copyright matters. Copyright ?1995-2007 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Fri Mar 23 13:55:12 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Mar 2007 09:55:12 -0400 Subject: [Infowarrior] - Bounty placed on MPAA's "sniffer" dogs (no, really!) Message-ID: Bounty offered to kill sniffer dogs March 23, 2007 http://abclocal.go.com/wtvg/story?section=local&id=5143430 KUALA LUMPUR, Malaysia (AP) - Lucky and Flo, the two Labradors who helped sniff out nearly 1 million illegal discs last week within days of joining Malaysia's anti-piracy effort, have been moved to a safe house, a news report said Thursday. The New Straits Times reported that a source had tipped off officials about a bounty offered for killing the sniffer dogs, who are on loan for a month from the Motion Picture Association of America. The amount was not disclosed. "The dogs are a genuine threat to the pirated disc syndicates, thus the instruction to eliminate them," Firdaus Zakaria, the enforcement director of the Ministry of Domestic Trade and Consumer Affairs, was quoted as saying. He did not elaborate on the information received by the ministry. Firdaus and senior ministry officials could not be immediately reached for further details on the report. A spokesman contacted by The Associated Press declined to comment. Lucky and Flo, who were pressed into service on March 13, gained fame after they sniffed out a massive shipment of pirated movie DVDs in office complex in southern Johor state on March 19. The canines detected the discs hidden behind locked doors, which officials broke open with crowbars to reveal a cache of nearly 1 million discs worth $2.8 million. Five Malaysians and a Vietnamese man also were arrested in the operation. It is the first time dogs have been used by authorities anywhere in the world to detect contraband discs, according to Mike Ellis, regional director for the MPAA. The MPAA says its members - including top Hollywood studios Paramount Pictures, Warner Bros., 20th Century Fox and Universal - lost $1.2 billion to Asia-Pacific movie pirates in 2006. Lucky and Flo are trained to detect polycarbonates - chemicals used in the disc manufacturing process. They cannot tell the difference between real and pirated discs, but can detect discs hidden in shipments or concealed places. Malaysia is among the world's top illegal movie producers and exporters, Washington and the MPAA have said. It is one of 36 countries on a U.S. watch list of serious copyright violators. Officials say 5 million discs were seized in more than 2,000 raids in the Southeast Asian nation last year, and 780 people were arrested. China remains at the top of the MPAA's movie piracy list. (Copyright 2007 by The Associated Press. All Rights Reserved.) From rforno at infowarrior.org Fri Mar 23 17:13:58 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Mar 2007 13:13:58 -0400 Subject: [Infowarrior] - Feds mandates 'secure' Windows set-up Message-ID: Feds mandates 'secure' Windows set-up One registry setting to rule them all By John Leyden ? More by this author Published Thursday 22nd March 2007 20:03 GMT http://www.theregister.co.uk/2007/03/22/us_common_security_config/ Changes in US government purchasing policies due to come into effect this summer could have a huge effect on computer security, particularly for Windows desktops. A White House directive to federal chief information officers issued this week calls for all new Windows PC acquisitions, beginning 30 June, to use a common "secure configuration". Applications (such as anti-virus, email etc) loaded onto systems remain flexible but what will be specified in the registry settings and which services would be turned on or off by default. Even more importantly, the directive calls for suppliers (integrators and software vendors) to certify that the products they supply operate effectively using these more secure configurations. The federal government scheme builds on the "comply or don't connect" program of the US Air Force. The principal targets are Windows XP and Vista client systems but the same ideas might be applied in Unix and Windows Servers environments over time. The schedule for introduction gives application developers building applications for Windows Vista to test against. The incentives for developers to get this right will be huge. "No Vista application will be able to be sold to federal agencies if the application does not run on the secure version of Vista," explained Alan Paller, director of research at The SANS Institute. "XP application vendors will also be required to certify that their applications run on the secure configuration of Windows XP. Common, secure configurations reduce the effort required to patch systems. Such configurations directly block certain modes of attack. Improved security is likely to save money for application developers and integrators because it reduces support costs in the long-run, Paller told El Reg. "Organizations that have made the move report that it actually saves money rather than costs money." "The principal frustration has been you can't always patch systems quickly because they might break applications. Software developers point out that they can't test against every different configuration as user might have. >From summer developers will be able to make sure their patches work on more securely configured systems, reducing the patching headache and saving costs," he explained. The purchasing power attached to the $65bn federal IT spending budget means that suppliers will have no choice but to take notice. Paller said the scheme is likely to be adopted by large organisations outside government. Kit purchased by governments needs to meet common criteria standards and this will remain the case even after the new programme kicks off in the summer. Paller said that common criteria is a measure of the design documentation of products. "This, on the other hand, specifies that the kit will be set up in the right way. The two approaches are complementary but different," he added. ? From rforno at infowarrior.org Fri Mar 23 17:15:39 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Mar 2007 13:15:39 -0400 Subject: [Infowarrior] - WaPo: My National Security Letter Gag Order Message-ID: http://www.washingtonpost.com/wp-dyn/content/article/2007/03/22/AR2007032201 882_pf.html It is the policy of The Washington Post not to publish anonymous pieces. In this case, an exception has been made because the author -- who would have preferred to be named -- is legally prohibited from disclosing his or her identity in connection with receipt of a national security letter. The Post confirmed the legitimacy of this submission by verifying it with the author's attorney and by reviewing publicly available court documents. My National Security Letter Gag Order Friday, March 23, 2007; A17 The Justice Department's inspector general revealed on March 9 that the FBI has been systematically abusing one of the most controversial provisions of the USA Patriot Act: the expanded power to issue "national security letters." It no doubt surprised most Americans to learn that between 2003 and 2005 the FBI issued more than 140,000 specific demands under this provision -- demands issued without a showing of probable cause or prior judicial approval -- to obtain potentially sensitive information about U.S. citizens and residents. It did not, however, come as any surprise to me. Three years ago, I received a national security letter (NSL) in my capacity as the president of a small Internet access and consulting business. The letter ordered me to provide sensitive information about one of my clients. There was no indication that a judge had reviewed or approved the letter, and it turned out that none had. The letter came with a gag provision that prohibited me from telling anyone, including my client, that the FBI was seeking this information. Based on the context of the demand -- a context that the FBI still won't let me discuss publicly -- I suspected that the FBI was abusing its power and that the letter sought information to which the FBI was not entitled. Rather than turn over the information, I contacted lawyers at the American Civil Liberties Union, and in April 2004 I filed a lawsuit challenging the constitutionality of the NSL power. I never released the information the FBI sought, and last November the FBI decided that it no longer needs the information anyway. But the FBI still hasn't abandoned the gag order that prevents me from disclosing my experience and concerns with the law or the national security letter that was served on my company. In fact, the government will return to court in the next few weeks to defend the gag orders that are imposed on recipients of these letters. Living under the gag order has been stressful and surreal. Under the threat of criminal prosecution, I must hide all aspects of my involvement in the case -- including the mere fact that I received an NSL -- from my colleagues, my family and my friends. When I meet with my attorneys I cannot tell my girlfriend where I am going or where I have been. I hide any papers related to the case in a place where she will not look. When clients and friends ask me whether I am the one challenging the constitutionality of the NSL statute, I have no choice but to look them in the eye and lie. I resent being conscripted as a secret informer for the government and being made to mislead those who are close to me, especially because I have doubts about the legitimacy of the underlying investigation. The inspector general's report makes clear that NSL gag orders have had even more pernicious effects. Without the gag orders issued on recipients of the letters, it is doubtful that the FBI would have been able to abuse the NSL power the way that it did. Some recipients would have spoken out about perceived abuses, and the FBI's actions would have been subject to some degree of public scrutiny. To be sure, not all recipients would have spoken out; the inspector general's report suggests that large telecom companies have been all too willing to share sensitive data with the agency -- in at least one case, a telecom company gave the FBI even more information than it asked for. But some recipients would have called attention to abuses, and some abuse would have been deterred. I found it particularly difficult to be silent about my concerns while Congress was debating the reauthorization of the Patriot Act in 2005 and early 2006. If I hadn't been under a gag order, I would have contacted members of Congress to discuss my experiences and to advocate changes in the law. The inspector general's report confirms that Congress lacked a complete picture of the problem during a critical time: Even though the NSL statute requires the director of the FBI to fully inform members of the House and Senate about all requests issued under the statute, the FBI significantly underrepresented the number of NSL requests in 2003, 2004 and 2005, according to the report. I recognize that there may sometimes be a need for secrecy in certain national security investigations. But I've now been under a broad gag order for three years, and other NSL recipients have been silenced for even longer. At some point -- a point we passed long ago -- the secrecy itself becomes a threat to our democracy. In the wake of the recent revelations, I believe more strongly than ever that the secrecy surrounding the government's use of the national security letters power is unwarranted and dangerous. I hope that Congress will at last recognize the same thing. From rforno at infowarrior.org Fri Mar 23 18:10:42 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Mar 2007 14:10:42 -0400 Subject: [Infowarrior] - XviD fully functional on Apple TV Message-ID: XviD fully functional on Apple TV We've gotten Perian installed on the Apple TV, as well as an SSH client. Surely Apple could have come up with a more clever password than "frontrow"? < - > http://digg.com/apple/XviD_fully_functional_on_Apple_TV You know Apple's going to try and shut this page down, so if interested, check it out: http://forums.somethingawful.com/showthread.php?s=&threadid=2391956 From rforno at infowarrior.org Fri Mar 23 20:57:02 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Mar 2007 16:57:02 -0400 Subject: [Infowarrior] - Book: Global Surveillance and Democracy in the Post-9/11 World Message-ID: Illusions of Security: Global Surveillance and Democracy in the Post-9/11 World Are you scared yet? By Wendy M. Grossman ? More by this author Published Friday 23rd March 2007 19:27 GMT http://www.theregister.co.uk/2007/03/23/illusions_review/ Book review The World Trade Centre was still smoking when US lawmakers hastily passed the PATRIOT Act; in the UK, it wasn't much longer before Parliament enacted the comparable Anti-Terrorism, Crime, and Security Act) Objections to the PATRIOT Act are legion, and they have been well documented. Less well documented ? until now ? is how the PATRIOT Act and the mindset accompanying it have played themselves out in the lives of real people. Canadian human rights lawyer and activist Maureen Webb begins Illusions of Security with the chilling tale of Ottawa resident Maher Arac, whose life was taken apart because a month after 9/11 he had lunch with a co-workers's brother. Unfortunately for Arac, the Royal Canadian Mounted Police had been monitoring his acquaintance since 1998, and under 9/11-fuelled pressure the RCMP's desire just to talk to Arac as a possible witness turned him into a suspect. When Arac flew back early from a family holiday via New York in September 2002, he was detained, questioned, and finally deported to Syria, the country he had left at 17. There, he was imprisoned and tortured for ten months before finally being released and returned to Canada. Meanwhile, the Bush Administration embarked on a secret programme of warrantless eavesdropping, even though it's officially illegal in the US. Under orders, the National Security Agency began surveilling and datamining all sorts of communications ? voice conversations, email, fax. When Bush was eventually challenged, he defended the practice by saying that one end of the communication must be outside the US, and that the NSA was working on "probable cause" standards. Foreigners have not done well under this regime. A visitor to the US can now expect to be fingerprinted (all ten digits), registered, and monitored. More than 80,000 people were registered in the first year of the National Security Entry-Exit Registration System (NSEERS), which requires registrants to report changes of address, employment and other details. At the same time the US government ethnically profiled and rounded up Arab and South Asian men, often for trivial reasons. In one case Webb notes, a man was arrested after casually saying he'd like to learn to fly one day. More than 13,000 people were detained and put into deportation hearings in NSEERS' first year. These tales are the tip of the iceberg. Many countries, including the UK, are shifting to biometric passports (if not ID cards) and putting in the infrastructure for a global surveillance system. The much-maligned Total Information Awareness programme that proposed to mine commercial and government databases never really went away; instead its spirit lives on in programmes such as the National Intelligence Program and Secure Flight. The key to understanding all this a major shift in thinking to "pre-emption of risk". Instead of waiting for a crime to be committed and suspects to be investigated, prosecuted, and convicted, the US government adopted the idea of preempting and disrupting terrorism. Such a profound policy shift justifies any amount of surveillance or guilt by association. And it isn't just the US: governments share suspects, intelligence operation, and policing, and are willing to jettison democracy in return. The preemptive model means our liberty and lives can be removed at any time on the most uncertain evidence, denied any right to face our accusers, and presumed guilty. Is that greater security? Not to Webb. ? Illusions of Security: Global Surveillance and Democracy in the Post-9/11 World By: Maureen Webb Publisher: City Lights (www.citylights.com) ISBN 978-0-87286-476-4 Price: $16.95 From rforno at infowarrior.org Sun Mar 25 03:54:04 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 Mar 2007 23:54:04 -0400 Subject: [Infowarrior] - US Terror Database Has Quadrupled In Four Years Message-ID: Terror Database Has Quadrupled In Four Years U.S. Watch Lists Are Drawn From Massive Clearinghouse By Karen DeYoung Washington Post Staff Writer Sunday, March 25, 2007; A01 http://www.washingtonpost.com/wp-dyn/content/article/2007/03/24/AR2007032400 944_pf.html Each day, thousands of pieces of intelligence information from around the world -- field reports, captured documents, news from foreign allies and sometimes idle gossip -- arrive in a computer-filled office in McLean, where analysts feed them into the nation's central list of terrorists and terrorism suspects. Called TIDE, for Terrorist Identities Datamart Environment, the list is a storehouse for data about individuals that the intelligence community believes might harm the United States. It is the wellspring for watch lists distributed to airlines, law enforcement, border posts and U.S. consulates, created to close one of the key intelligence gaps revealed after Sept. 11, 2001: the failure of federal agencies to share what they knew about al-Qaeda operatives. But in addressing one problem, TIDE has spawned others. Ballooning from fewer than 100,000 files in 2003 to about 435,000, the growing database threatens to overwhelm the people who manage it. "The single biggest worry that I have is long-term quality control," said Russ Travers, in charge of TIDE at the National Counterterrorism Center in McLean. "Where am I going to be, where is my successor going to be, five years down the road?" TIDE has also created concerns about secrecy, errors and privacy. The list marks the first time foreigners and U.S. citizens are combined in an intelligence database. The bar for inclusion is low, and once someone is on the list, it is virtually impossible to get off it. At any stage, the process can lead to "horror stories" of mixed-up names and unconfirmed information, Travers acknowledged. The watch lists fed by TIDE, used to monitor everyone entering the country or having even a casual encounter with federal, state and local law enforcement, have a higher bar. But they have become a source of irritation -- and potentially more serious consequences -- for many U.S. citizens and visitors. In 2004 and 2005, misidentifications accounted for about half of the tens of thousands of times a traveler's name triggered a watch-list hit, the Government Accountability Office reported in September. Congressional committees have criticized the process, some charging that it collects too much information about Americans, others saying it is ineffective against terrorists. Civil rights and privacy groups have called for increased transparency. "How many are on the lists, how are they compiled, how is the information used, how do they verify it?" asked Lillie Coney, associate director of the Washington-based Electronic Privacy Information Center. Such information is classified, and individuals barred from traveling are not told why. Sen. Ted Stevens (R-Alaska) said last year that his wife had been delayed repeatedly while airlines queried whether Catherine Stevens was the watch-listed Cat Stevens. The listing referred to the Britain-based pop singer who converted to Islam and changed his name to Yusuf Islam. The reason Islam is not allowed to fly to the United States is secret. So is the reason Maher Arar, a Syrian-born Canadian, remains on the State Department's consular watch list. Detained in New York while en route to Montreal in 2002, Arar was sent by the U.S. government to a year of imprisonment in Syria. Canada, the source of the initial information about Arar, cleared him of all terrorism allegations last September -- three years after his release -- and has since authorized $9 million in compensation. TIDE is a vacuum cleaner for both proven and unproven information, and its managers disclaim responsibility for how other agencies use the data. "What's the alternative?" Travers said. "I work under the assumption that we're never going to have perfect information -- fingerprints, DNA -- on 6 billion people across the planet. . . . If someone actually has a better idea, I'm all ears." 'Thousands of Messages' The electronic journey a piece of terrorism data takes from an intelligence outpost to an airline counter is interrupted at several points for analysis and condensation. President Bush ordered the intelligence community in 2003 to centralize data on terrorism suspects, and U.S. agencies at home and abroad now send everything they collect to TIDE. It arrives electronically as names to be added or as additional information about people already in the system. The 80 TIDE analysts get "thousands of messages a day," Travers said, much of the data "fragmentary," "inconsistent" and "sometimes just flat-out wrong." Often the analysts go back to the intelligence agencies for details. "Sometimes you'll get sort of corroborating information," he said, "but many times you're not going to get much. What we use here, rightly or wrongly, is a reasonable-suspicion standard." Each TIDE listee is given a number, and statistics are kept on nationality and ethnic and religious groups. Some files include aliases and sightings, and others are just a full or partial name, perhaps with a sketchy biography. Sunni and Shiite Muslims are the fastest-growing categories in a database whose entries include Saudi financiers and Colombian revolutionaries. U.S. citizens -- who Travers said make up less than 5 percent of listings -- are included if an "international terrorism nexus" is established. A similar exception for the administration's warrantless wiretap program came under court challenge from privacy and civil rights advocates. Information Sharing Every night at 10, TIDE dumps an unclassified version of that day's harvest -- names, dates of birth, countries of origin and passport information -- into a database belonging to the FBI's Terrorist Screening Center. TIDE's most sensitive information is not included. The FBI adds data about U.S. suspects with no international ties for a combined daily total of 1,000 to 1,500 new names. Between 5 and 6 a.m., a shift of 24 analysts drawn from the agencies that use watch lists begins a new winnowing process at the center's Crystal City office. The analysts have access to case files at TIDE and the original intelligence sources, said the center's acting director, Rick Kopel. Decisions on what to add to the Terrorist Screening Center master list are made by midafternoon. The bar is higher than TIDE's; total listings were about 235,000 names as of last fall, according to Justice Department Inspector General Glenn A. Fine. The bar is then raised again as agencies decide which names to put on their own watch lists: the Transportation Security Administration's "no-fly" and "selectee" lists for airlines; Consular Lookout and Support System at the State Department; the Interagency Border and Inspection System at the Department of Homeland Security; and the Justice Department's National Crime Information Center. The criteria each agency use are classified, Kopel said. Some information may raise a red flag for one agency but not another. "There's a big difference between CLASS and no-fly," Kopel said, referring to State's consular list. "About the only criteria CLASS has is that you're not a U.S. person. . . . Say 'a Mohammed from Syria.' That's useless for me to watch-list here in the United States. But if I'm in Damascus processing visas . . . that might be enough for someone to . . . put a hold on the visa process." All of the more than 30,000 individuals on the TSA's no-fly list are prohibited from entering an aircraft in the United States. People whose names appear on the longer selectee list -- those the government believes merit watching but does not bar from travel -- are supposed to be subjected to more intense scrutiny. With little to go on beyond names, airlines find frequent matches. The screening center agent on call will check the file for markers such as sex, age and prior "encounters" with the list. The agent might ask the airlines about the passenger's eye color, height or defining marks, Kopel said. "We'll say, 'Does he have any rings on his left hand?' and they'll say, 'Uh, he doesn't have a left hand.' Okay. We know that [the listed person] lost his left hand making a bomb." If the answers indicate a match, that "encounter" is fed back into the FBI screening center's files and ultimately to TIDE. Kopel said the agent never tells the airline whether the person trying to board is the suspect. The airlines decide whether to allow the customer to fly. TSA receives thousands of complaints each year, such as this one released to the Electronic Privacy Information Center in 2004 under the Freedom of Information Act: "Apparently, my name is on some watch list because everytime I fly, I get delayed while the airline personnel call what they say is TSA," wrote a passenger whose name was blacked out. Noting that he was a high-level federal worker, he asked what he could do to remove his name from the list. The answer, Kopel said, is little. A unit at the screening center responds to complaints, he said, but will not remove a name if it is shared by a terrorism suspect. Instead, people not on the list who share a name with someone listed can be issued letters instructing airline personnel to check with the TSA to verify their identity. The GAO reported that 31 names were removed in 2005. A Process Under Fire A recent review of the entire Terrorist Screening Center database was temporarily abandoned when it proved too much work even for the night crew, which generally handles less of a workload. But the no-fly and selectee lists are being scrubbed to emphasize "people we think are a danger to the plane, and not for some other reason they met the criteria," Kopel said. A separate TSA system that would check every passenger name against the screening center's database has been shelved over concern that it could grow into a massive surveillance program. The Department of Homeland Security was rebuked by Congress in December for trying to develop a risk-assessment program to profile travelers entering and leaving the United States based on airline and financial data. Kopel insisted that private information on Americans, such as credit-card records, never makes it into the screening center database and that "we rely 100 percent on government-owned information." The center came in for ridicule last year when CBS's "60 Minutes" noted that 14 of the 19 Sept. 11 hijackers were listed -- five years after their deaths. Kopel defended the listings, saying that "we know for a fact that these people will use names that they believe we are not going to list because they're out of circulation -- either because they're dead or incarcerated. . . . It's not willy-nilly. Every name on the list, there's a reason that it's on there." From rforno at infowarrior.org Sun Mar 25 03:59:21 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 Mar 2007 23:59:21 -0400 Subject: [Infowarrior] - Mozilla: Hackers control bug disclosure Message-ID: Mozilla: Hackers control bug disclosure By Joris Evers http://news.com.com/Mozilla+Hackers+control+bug+disclosure/2100-1002_3-61702 19.html Story last modified Sat Mar 24 13:39:00 PDT 2007 WASHINGTON, DC--Software makers are at the mercy of bug hunters when it comes to flaw disclosure, Mozilla's security chief said Saturday. The software industry for years has pushed guidelines for vulnerability disclosure. Those "responsible disclosure" efforts have had some effect, but security researchers maintain control over the process, Mozilla security chief Window Snyder said in a panel discussion at the ShmooCon hacker event here. "The researcher has all the power," Snyder said. "They control when they disclose it, and they control the idea whether or not the vendor responds in time." Releasing vulnerability details has been hot topic for years. The software industry advocates private disclosure of a bug and time to fix it before a researcher goes public, a practice the industry calls responsible disclosure. After all, early release could help criminals to launch cyberattacks and damage a vendor's reputation. Security researchers who follow the industry's guidelines are often frustrated by a lack of response from software makers. Another frequent point of criticism is the time it takes for a fix to be released and for the researcher to get credit in a security alert. "Vendors have a real responsibility to respond to what's reported to them," said Snyder, who previously worked at Microsoft. But not everyone buys into responsible disclosure. It is a trap set by software makers, said panel member Dave Aitel, of security software firm Immunity. "Responsible disclosure is a marketing term," he said. "Responsible disclosure plays into the hands of Microsoft and other big vendors...they are trying to control the process." Instead of disclosing a flaw to the vendor, Aitel wants bug hunters to sell vulnerability information to him. Immunity pays bug hunters for details on security vulnerabilities and uses those in his company's products, which include penetration-testing tools that can be used to break into computers and networks. Chris Wysopal, CTO and founder of security review company Veracode, disagreed that bug hunters are always in charge. "We see a lot of threats," he said. "Being on the receiving end of legal threats isn't an easy thing." If a company unleashes its legal wrath onto a security researcher, then that's an example of a company that doesn't know what it is doing, said Rohit Dhamankar, manager of security research at TippingPoint, a seller of intrusion prevention products. "There are sophisticated vendors like Mozilla and Microsoft, and there are vendors who have no clue about good process," Dhamankar said. TippingPoint, which also pays security researchers for bugs, was threatened with a lawsuit recently by a Web portal software maker, he said. To gain a competitive advantage over rivals, companies such as Immunity and TippingPoint pay bug hunters for flaws. By purchasing bug information, their products can detect problems before any other product can and before an official patch is available. Ultimately, flaws don't get fixed without public disclosure, Wysopal said. "The responsible thing is to send it to the vendor, but then you get stuck with the vendor not doing anything about it if there isn't the threat that it will be publicly disclosed," he said. "Public disclosure is the only way to actually get things fixed." Mozilla's Snyder said 30 days is a good timeframe to give a software maker to come up with a fix and called on bug hunters to follow responsible disclosure guidelines. "I appreciate the work that's going on and I appreciate a little heads up before the whole world finds out (about a security vulnerability)...I would appreciate 30 days, but I will take what I can get." Copyright ?1995-2007 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Sun Mar 25 04:10:47 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Mar 2007 00:10:47 -0400 Subject: [Infowarrior] - N.Y. Police Spied Broadly Before G.O.P. Convention Message-ID: March 25, 2007 N.Y. Police Spied Broadly Before G.O.P. Convention By JIM DWYER http://www.nytimes.com/2007/03/25/nyregion/25infiltrate.html?_r=1&hp=&oref=s login&pagewanted=print For at least a year before the 2004 Republican National Convention, teams of undercover New York City police officers traveled to cities across the country, Canada and Europe to conduct covert observations of people who planned to protest at the convention, according to police records and interviews. >From Albuquerque to Montreal, San Francisco to Miami, undercover New York police officers attended meetings of political groups, posing as sympathizers or fellow activists, the records show. They made friends, shared meals, swapped e-mail messages and then filed daily reports with the department?s Intelligence Division. Other investigators mined Internet sites and chat rooms. >From these operations, run by the department?s ?R.N.C. Intelligence Squad,? the police identified a handful of groups and individuals who expressed interest in creating havoc during the convention, as well as some who used Web sites to urge or predict violence. But potential troublemakers were hardly the only ones to end up in the files. In hundreds of reports stamped ?N.Y.P.D. Secret,? the Intelligence Division chronicled the views and plans of people who had no apparent intention of breaking the law, the records show. These included members of street theater companies, church groups and antiwar organizations, as well as environmentalists and people opposed to the death penalty, globalization and other government policies. Three New York City elected officials were cited in the reports. In at least some cases, intelligence on what appeared to be lawful activity was shared with police departments in other cities. A police report on an organization of artists called Bands Against Bush noted that the group was planning concerts on Oct. 11, 2003, in New York, Washington, Seattle, San Francisco and Boston. Between musical sets, the report said, there would be political speeches and videos. ?Activists are showing a well-organized network made up of anti-Bush sentiment; the mixing of music and political rhetoric indicates sophisticated organizing skills with a specific agenda,? said the report, dated Oct. 9, 2003. ?Police departments in above listed areas have been contacted regarding this event.? Police records indicate that in addition to sharing information with other police departments, New York undercover officers were active themselves in at least 15 places outside New York ? including California, Connecticut, Florida, Georgia, Illinois, Massachusetts, Michigan, Montreal, New Hampshire, New Mexico, Oregon, Tennessee, Texas and Washington, D.C. ? and in Europe. The operation was mounted in 2003 after the Police Department, invoking the fresh horrors of the World Trade Center attack and the prospect of future terrorism, won greater authority from a federal judge to investigate political organizations for criminal activity. To date, as the boundaries of the department?s expanded powers continue to be debated, police officials have provided only glimpses of its intelligence-gathering. Now, the broad outlines of the preconvention operations are emerging from records in federal lawsuits that were brought over mass arrests made during the convention, and in greater detail from still-secret reports reviewed by The New York Times. These include a sample of raw intelligence documents and of summary digests of observations from both the field and the department?s cyberintelligence unit. Paul J. Browne, the chief spokesman for the Police Department, confirmed that the operation had been wide-ranging, and said it had been an essential part of the preparations for the huge crowds that came to the city during the convention. ?Detectives collected information both in-state and out-of-state to learn in advance what was coming our way,? Mr. Browne said. When the detectives went out of town, he said, the department usually alerted the local authorities by telephone or in person. Under a United States Supreme Court ruling, undercover surveillance of political groups is generally legal, but the police in New York ? like those in many other big cities ? have operated under special limits as a result of class-action lawsuits filed over police monitoring of civil rights and antiwar groups during the 1960s. The limits in New York are known as the Handschu guidelines, after the lead plaintiff, Barbara Handschu. ?All our activities were legal and were subject in advance to Handschu review,? Mr. Browne said. Before monitoring political activity, the police must have ?some indication of unlawful activity on the part of the individual or organization to be investigated,? United States District Court Judge Charles S. Haight Jr. said in a ruling last month. Christopher Dunn, the associate legal director of the New York Civil Liberties Union, which represents seven of the 1,806 people arrested during the convention, said the Police Department stepped beyond the law in its covert surveillance program. ?The police have no authority to spy on lawful political activity, and this wide-ranging N.Y.P.D. program was wrong and illegal,? Mr. Dunn said. ?In the coming weeks, the city will be required to disclose to us many more details about its preconvention surveillance of groups and activists, and many will be shocked by the breadth of the Police Department?s political surveillance operation.? The Police Department said those complaints were overblown. On Wednesday, lawyers for the plaintiffs in the convention lawsuits are scheduled to begin depositions of David Cohen, the deputy police commissioner for intelligence. Mr. Cohen, a former senior official at the Central Intelligence Agency, was ?central to the N.Y.P.D.?s efforts to collect intelligence information prior to the R.N.C.,? Gerald C. Smith, an assistant corporation counsel with the city Law Department, said in a federal court filing. Balancing Safety and Surveillance For nearly four decades, the city, civil liberties lawyers and the Police Department have fought in federal court over how to balance public safety, free speech and the penetrating but potentially disruptive force of police surveillance. After the Sept. 11 attacks, Raymond W. Kelly, who became police commissioner in January 2002, ?took the position that the N.Y.P.D. could no longer rely on the federal government alone, and that the department had to build an intelligence capacity worthy of the name,? Mr. Browne said. Mr. Cohen contended that surveillance of domestic political activities was essential to fighting terrorism. ?Given the range of activities that may be engaged in by the members of a sleeper cell in the long period of preparation for an act of terror, the entire resources of the N.Y.P.D. must be available to conduct investigations into political activity and intelligence-related issues,? Mr. Cohen wrote in an affidavit dated Sept. 12, 2002. In February 2003, the Police Department, with Mayor Michael R. Bloomberg?s support, was given broad new authority by Judge Haight to conduct such monitoring. However, a senior police official must still determine that there is some indication of illegal activity before an inquiry is begun. An investigation by the Intelligence Division led to the arrest ? coincidentally, three days before the convention ? of a man who spoke about bombing the Herald Square subway station. In another initiative, detectives were stationed in Europe and the Middle East to quickly funnel information back to New York. When the city was designated in February 2003 as the site of the 2004 Republican National Convention, the department had security worries ? in particular about the possibility of a truck bomb attack near Madison Square Garden, where events would be held ? and logistical concerns about managing huge crowds, Mr. Browne said. ?We also prepared to contend with a relatively small group of self-described anarchists who vowed to prevent delegates from participating in the convention or otherwise disrupt the convention by various means, including vandalism,? Mr. Browne said. ?Our goal was to safeguard delegates, demonstrators and the general public alike during the convention.? In its preparations, the department applied the intelligence resources that had just been strengthened for fighting terrorism to an entirely different task: collecting information on people participating in political protests. In the records reviewed by The Times, some of the police intelligence concerned people and groups bent on causing trouble, but the bulk of the reports covered the plans and views of people with no obvious intention of breaking the law. By searching the Internet, police investigators identified groups that were making plans for demonstrations. Files were created on their political causes, the criminal records, if any, of the people involved and any plans for civil disobedience or disruptive tactics. >From the field, undercover officers filed daily accounts of their observations on forms known as DD5s that called for descriptions of the gatherings, the leaders and participants, and the groups? plans. Inside the police Intelligence Division, daily reports from both the field and the Web were summarized in bullet format. These digests ? marked ?Secret? ? were circulated weekly under the heading ?Key Findings.? Perceived Threats On Jan. 6, 2004, the intelligence digest noted that an antigentrification group in Montreal claimed responsibility for hoax bombs that had been planted at construction sites of luxury condominiums, stating that the purpose was to draw attention to the homeless. The group was linked to a band of anarchist-communists whose leader had visited New York, according to the report. Other digests noted a planned campaign of ?electronic civil disobedience? to jam fax machines and hack into Web sites. Participants at a conference were said to have discussed getting inside delegates? hotels by making hair salon appointments or dinner reservations. At the same conference, people were reported to have discussed disabling charter buses and trying to confuse delegates by switching subway directional signs, or by sealing off stations with crime-scene tape. A Syracuse peace group intended to block intersections, a report stated. Other reports mentioned past demonstrations where various groups used nails and ball bearings as weapons and threw balloons filled with urine or other foul liquids. The police also kept track of Richard Picariello, a man who had been convicted in 1978 of politically motivated bombings in Massachusetts, Mr. Browne said. At the other end of the threat spectrum was Joshua Kinberg, a graduate student at Parsons School of Design and the subject of four pages of intelligence reports. For his master?s thesis project, Mr. Kinberg devised a ?wireless bicycle? equipped with cellphone, laptop and spray tubes that could squirt messages received over the Internet onto the sidewalk or street. The messages were printed in water-soluble chalk, a tactic meant to avoid a criminal mischief charge for using paint, an intelligence report noted. Mr. Kinberg?s bicycle was ?capable of transferring activist-based messages on streets and sidewalks,? according to a report on July 22, 2004. ?This bicycle, having been built for the sole purpose of protesting during the R.N.C., is capable of spraying anti-R.N.C.-type messages on surrounding streets and sidewalks, also supplying the rider with a quick vehicle of escape,? the report said. Mr. Kinberg, then 25, was arrested during a television interview with Ron Reagan for MSNBC?s ?Hardball? program during the convention. He was released a day later, but his equipment was held more than a year. Mr. Kinberg said Friday that after his arrest detectives with the terrorism task force asked if he knew of any plans for violence. ?I?m an artist,? he said. ?I know other artists, who make T-shirts and signs.? He added: ?There?s no reason I should have been placed on any kind of surveillance status. It affected me, my ability to exercise free speech, and the ability of thousands of people who were sending in messages for the bike to exercise their free speech.? New Faces in Their Midst A vast majority of several hundred reports reviewed by The Times, including field reports and the digests, described groups that gave no obvious sign of wrongdoing. The intelligence noted that one group, the ?Man- and Woman-in-Black Bloc,? planned to protest outside a party at Sotheby?s for Tennessee?s Republican delegates with Johnny Cash?s career as its theme. The satirical performance troupe Billionaires for Bush, which specializes in lampooning the Bush administration, was described in an intelligence digest on Jan. 23, 2004. ?Billionaires for Bush is an activist group forged as a mockery of the current president and political policies,? the report said. ?Preliminary intelligence indicates that this group is raising funds for expansion and support of anti-R.N.C. activist organizations.? Marco Ceglie, who performs as Monet Oliver dePlace in Billionaires for Bush, said he had suspected that the group was under surveillance by federal agents ? not necessarily police officers ? during weekly meetings in a downtown loft and at events around the country in the summer of 2004. ?It was a running joke that some of the new faces were 25- to 32-year-old males asking, ?First name, last name?? ? Mr. Ceglie said. ?Some people didn?t care; it bothered me and a couple of other leaders, but we didn?t want to make a big stink because we didn?t want to look paranoid. We applied to the F.B.I. under the Freedom of Information Act to see if there?s a file, but the answer came back that ?we cannot confirm or deny.? ? The Billionaires try to avoid provoking arrests, Mr. Ceglie said. Others ? who openly planned civil disobedience and expected to be arrested ? said they assumed they were under surveillance, but had nothing to hide. ?Some of the groups were very concerned about infiltration,? said Ed Hedemann of the War Resisters League, a pacifist organization founded in 1923. ?We weren?t. We had open meetings.? ?If the police want to infiltrate and waste their time ? well, it?s a waste of taxpayer money,? Mr. Hedemann said. The war resisters announced plans for a ?die-in? at Madison Square Garden. They were arrested two minutes after they began a silent march from the World Trade Center site. The charges were dismissed. The sponsors of an event planned for Jan. 15, 2004, in honor of the Rev. Dr. Martin Luther King Jr.?s birthday were listed in one of the reports, which noted that it was a protest against ?the R.N.C., the war in Iraq and the Bush administration.? It mentioned that three members of the City Council at the time, Charles Barron, Bill Perkins and Larry B. Seabrook, ?have endorsed this event.? The report said others supporting it were the New York City AIDS Housing Network, the Arab Muslim American Foundation, Activists for the Liberation of Palestine, Queers for Peace and Justice and the 1199 Bread and Roses Cultural Project. Many of the 1,806 people arrested during the convention were held for up to two days on minor offenses normally handled with a summons; the city Law Department said the preconvention intelligence justified detaining them all for fingerprinting. Mr. Browne said that 18 months of preparation by the police had allowed hundreds of thousands of people to demonstrate while also ensuring that the Republican delegates were able to hold their convention with relatively few disruptions. ?We attributed the successful policing of the convention to a host of N.Y.P.D. activities leading up to the R.N.C., including 18 months of intensive planning,? he said. ?It was a great success, and despite provocations, such as demonstrators throwing faux feces in the faces of police officers, the N.Y.P.D. showed professionalism and restraint.? From rforno at infowarrior.org Sun Mar 25 16:07:02 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Mar 2007 12:07:02 -0400 Subject: [Infowarrior] - Must read.... Terrorized by 'War on Terror' Message-ID: Terrorized by 'War on Terror' How a Three-Word Mantra Has Undermined America http://www.washingtonpost.com/wp-dyn/content/article/2007/03/23/AR2007032301 613_pf.html By Zbigniew Brzezinski Sunday, March 25, 2007; B01 The "war on terror" has created a culture of fear in America. The Bush administration's elevation of these three words into a national mantra since the horrific events of 9/11 has had a pernicious impact on American democracy, on America's psyche and on U.S. standing in the world. Using this phrase has actually undermined our ability to effectively confront the real challenges we face from fanatics who may use terrorism against us. The damage these three words have done -- a classic self-inflicted wound -- is infinitely greater than any wild dreams entertained by the fanatical perpetrators of the 9/11 attacks when they were plotting against us in distant Afghan caves. The phrase itself is meaningless. It defines neither a geographic context nor our presumed enemies. Terrorism is not an enemy but a technique of warfare -- political intimidation through the killing of unarmed non-combatants. But the little secret here may be that the vagueness of the phrase was deliberately (or instinctively) calculated by its sponsors. Constant reference to a "war on terror" did accomplish one major objective: It stimulated the emergence of a culture of fear. Fear obscures reason, intensifies emotions and makes it easier for demagogic politicians to mobilize the public on behalf of the policies they want to pursue. The war of choice in Iraq could never have gained the congressional support it got without the psychological linkage between the shock of 9/11 and the postulated existence of Iraqi weapons of mass destruction. Support for President Bush in the 2004 elections was also mobilized in part by the notion that "a nation at war" does not change its commander in chief in midstream. The sense of a pervasive but otherwise imprecise danger was thus channeled in a politically expedient direction by the mobilizing appeal of being "at war." To justify the "war on terror," the administration has lately crafted a false historical narrative that could even become a self-fulfilling prophecy. By claiming that its war is similar to earlier U.S. struggles against Nazism and then Stalinism (while ignoring the fact that both Nazi Germany and Soviet Russia were first-rate military powers, a status al-Qaeda neither has nor can achieve), the administration could be preparing the case for war with Iran. Such war would then plunge America into a protracted conflict spanning Iraq, Iran, Afghanistan and perhaps also Pakistan. The culture of fear is like a genie that has been let out of its bottle. It acquires a life of its own -- and can become demoralizing. America today is not the self-confident and determined nation that responded to Pearl Harbor; nor is it the America that heard from its leader, at another moment of crisis, the powerful words "the only thing we have to fear is fear itself"; nor is it the calm America that waged the Cold War with quiet persistence despite the knowledge that a real war could be initiated abruptly within minutes and prompt the death of 100 million Americans within just a few hours. We are now divided, uncertain and potentially very susceptible to panic in the event of another terrorist act in the United States itself. That is the result of five years of almost continuous national brainwashing on the subject of terror, quite unlike the more muted reactions of several other nations (Britain, Spain, Italy, Germany, Japan, to mention just a few) that also have suffered painful terrorist acts. In his latest justification for his war in Iraq, President Bush even claims absurdly that he has to continue waging it lest al-Qaeda cross the Atlantic to launch a war of terror here in the United States. Such fear-mongering, reinforced by security entrepreneurs, the mass media and the entertainment industry, generates its own momentum. The terror entrepreneurs, usually described as experts on terrorism, are necessarily engaged in competition to justify their existence. Hence their task is to convince the public that it faces new threats. That puts a premium on the presentation of credible scenarios of ever-more-horrifying acts of violence, sometimes even with blueprints for their implementation. That America has become insecure and more paranoid is hardly debatable. A recent study reported that in 2003, Congress identified 160 sites as potentially important national targets for would-be terrorists. With lobbyists weighing in, by the end of that year the list had grown to 1,849; by the end of 2004, to 28,360; by 2005, to 77,769. The national database of possible targets now has some 300,000 items in it, including the Sears Tower in Chicago and an Illinois Apple and Pork Festival. Just last week, here in Washington, on my way to visit a journalistic office, I had to pass through one of the absurd "security checks" that have proliferated in almost all the privately owned office buildings in this capital -- and in New York City. A uniformed guard required me to fill out a form, show an I.D. and in this case explain in writing the purpose of my visit. Would a visiting terrorist indicate in writing that the purpose is "to blow up the building"? Would the guard be able to arrest such a self-confessing, would-be suicide bomber? To make matters more absurd, large department stores, with their crowds of shoppers, do not have any comparable procedures. Nor do concert halls or movie theaters. Yet such "security" procedures have become routine, wasting hundreds of millions of dollars and further contributing to a siege mentality. Government at every level has stimulated the paranoia. Consider, for example, the electronic billboards over interstate highways urging motorists to "Report Suspicious Activity" (drivers in turbans?). Some mass media have made their own contribution. The cable channels and some print media have found that horror scenarios attract audiences, while terror "experts" as "consultants" provide authenticity for the apocalyptic visions fed to the American public. Hence the proliferation of programs with bearded "terrorists" as the central villains. Their general effect is to reinforce the sense of the unknown but lurking danger that is said to increasingly threaten the lives of all Americans. The entertainment industry has also jumped into the act. Hence the TV serials and films in which the evil characters have recognizable Arab features, sometimes highlighted by religious gestures, that exploit public anxiety and stimulate Islamophobia. Arab facial stereotypes, particularly in newspaper cartoons, have at times been rendered in a manner sadly reminiscent of the Nazi anti-Semitic campaigns. Lately, even some college student organizations have become involved in such propagation, apparently oblivious to the menacing connection between the stimulation of racial and religious hatreds and the unleashing of the unprecedented crimes of the Holocaust. The atmosphere generated by the "war on terror" has encouraged legal and political harassment of Arab Americans (generally loyal Americans) for conduct that has not been unique to them. A case in point is the reported harassment of the Council on American-Islamic Relations (CAIR) for its attempts to emulate, not very successfully, the American Israel Public Affairs Committee (AIPAC). Some House Republicans recently described CAIR members as "terrorist apologists" who should not be allowed to use a Capitol meeting room for a panel discussion. Social discrimination, for example toward Muslim air travelers, has also been its unintended byproduct. Not surprisingly, animus toward the United States even among Muslims otherwise not particularly concerned with the Middle East has intensified, while America's reputation as a leader in fostering constructive interracial and interreligious relations has suffered egregiously. The record is even more troubling in the general area of civil rights. The culture of fear has bred intolerance, suspicion of foreigners and the adoption of legal procedures that undermine fundamental notions of justice. Innocent until proven guilty has been diluted if not undone, with some -- even U.S. citizens -- incarcerated for lengthy periods of time without effective and prompt access to due process. There is no known, hard evidence that such excess has prevented significant acts of terrorism, and convictions for would-be terrorists of any kind have been few and far between. Someday Americans will be as ashamed of this record as they now have become of the earlier instances in U.S. history of panic by the many prompting intolerance against the few. In the meantime, the "war on terror" has gravely damaged the United States internationally. For Muslims, the similarity between the rough treatment of Iraqi civilians by the U.S. military and of the Palestinians by the Israelis has prompted a widespread sense of hostility toward the United States in general. It's not the "war on terror" that angers Muslims watching the news on television, it's the victimization of Arab civilians. And the resentment is not limited to Muslims. A recent BBC poll of 28,000 people in 27 countries that sought respondents' assessments of the role of states in international affairs resulted in Israel, Iran and the United States being rated (in that order) as the states with "the most negative influence on the world." Alas, for some that is the new axis of evil! The events of 9/11 could have resulted in a truly global solidarity against extremism and terrorism. A global alliance of moderates, including Muslim ones, engaged in a deliberate campaign both to extirpate the specific terrorist networks and to terminate the political conflicts that spawn terrorism would have been more productive than a demagogically proclaimed and largely solitary U.S. "war on terror" against "Islamo-fascism." Only a confidently determined and reasonable America can promote genuine international security which then leaves no political space for terrorism. Where is the U.S. leader ready to say, "Enough of this hysteria, stop this paranoia"? Even in the face of future terrorist attacks, the likelihood of which cannot be denied, let us show some sense. Let us be true to our traditions. Zbigniew Brzezinski, national security adviser to President Jimmy Carter, is the author most recently of "Second Chance: Three Presidents and the Crisis of American Superpower" (Basic Books). From rforno at infowarrior.org Sun Mar 25 16:09:35 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Mar 2007 12:09:35 -0400 Subject: [Infowarrior] - RIAA Insists on Deposing 10-year-old Message-ID: RIAA Insists on Deposing Tanya Andersen's 10-year-old daughter The RIAA is insisting on deposing Tanya Andersen's 10-year-old daughter in Atlantic v. Andersen, in Oregon. The child was 7 years old at the time of the alleged infringement. The record labels insisting on taking the child's deposition are: -Atlantic Recording -Priority Records -Capitol Records -UMG Music and -BMG Music. < - > http://recordingindustryvspeople.blogspot.com/#964459867713969746 From rforno at infowarrior.org Mon Mar 26 01:29:59 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Mar 2007 21:29:59 -0400 Subject: [Infowarrior] - Vonage woes In-Reply-To: Message-ID: (c/o Monty S) ....good riddance to a company whose IPO shenangians I understand were quite controversial, and whose TV commercials can "woo-woo-woo" themselves into oblivion for their annoyance value alone. -rf ------ Forwarded Message Ruling May Be End for Vonage Judge Enjoins Use Of Key Technology By Alan Sipress Washington Post Staff Writer Saturday, March 24, 2007; D01 A federal judge yesterday dealt a potentially fatal blow to Vonage Holdings, the Internet-phone service that offers one of the few alternatives to traditional carriers, by ordering it to stop using a technology that connects its network to the public telephone system. U.S. District Judge Claude Hilton approved the request by Verizon Communications for a permanent injunction two weeks after a jury in Alexandria found that three of its patents had been infringed by Vonage, including one for the technology allowing the Internet company's 2.2 million customers to call regular phones. Hilton said the ban would not take effect before he holds another hearing in two weeks on Vonage's request for reprieve through a stay. The company said customers will not be affected by the court's decision, although analysts are skeptical the company will be able to sustain service if the ruling is not overturned. This is the latest setback in Vonage's troubled history, which has included some regulatory losses and a shareholder suit stemming from its public offering. Vonage, which has never generated a profit, helped popularize online calling as a cheaper alternative to traditional phone service, waging a flashy marketing campaign on prime-time television and over the Internet. But some industry analysts said its flat-rate service was already starting to lose its luster next to new offerings from phone and cable companies selling combined telephone, Internet and cable television services. The impact of the court's decision on other providers of Internet phone services, known as voice-over-Internet protocol, or VoIP, remains unclear, analysts said. This could depend on whether Verizon wants to shut down Vonage or sell its licenses for the technology. Vonage, which was ordered by the jury to pay $58 million in damages, has vowed to appeal the verdict and seek a stay from the federal appeals court if Hilton does not grant one. In his ruling, Hilton said that the financial award alone was not enough because it "does not prevent continued erosion of the client base and customer base" of Verizon. ... http://www.washingtonpost.com/wp-dyn/content/article/2007/03/23/AR2007032300 986.html From rforno at infowarrior.org Mon Mar 26 13:44:28 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Mar 2007 09:44:28 -0400 Subject: [Infowarrior] - Two interviews: NSA leadership on DOD IA Message-ID: Security Guide: Operationalizing the IA Component of the GIG http://www.military-information-technology.com/article.cfm?DocID=1932 Assurance Provider: Designing a Roadmap for Information Security http://www.military-information-technology.com/article.cfm?DocID=1294 From rforno at infowarrior.org Mon Mar 26 13:48:09 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Mar 2007 09:48:09 -0400 Subject: [Infowarrior] - NYC Asks Court Not to Unseal Police Spy Files Message-ID: March 26, 2007 City Asks Court Not to Unseal Police Spy Files By JIM DWYER http://www.nytimes.com/2007/03/26/nyregion/26infiltrate.html?_r=1&oref=slogi n&pagewanted=print Lawyers for the city, responding to a request to unseal records of police surveillance leading up to the 2004 Republican convention in New York, say that the documents should remain secret because the news media will ?fixate upon and sensationalize them,? hurting the city?s ability to defend itself in lawsuits over mass arrests. In papers filed in federal court last week, the city?s lawyers also say that the documents could be ?misinterpreted? because they were not intended for the public. ?The documents were not written for consumption by the general public,? wrote Peter Farrell, senior counsel in the city?s Law Department. ?The documents contain information filtered and distilled for analysis by intelligence officers accustomed to reading intelligence information.? Because the materials have not yet been used to decide or argue any issues in the civil lawsuits, Mr. Farrell said, ?there is no right of public access.? The documents show that the Police Department?s Intelligence Division sent undercover detectives around the city, the country and the world to collect information on political activists and others planning to demonstrate at the 2004 convention, according to a sampling of records reviewed by The New York Times that were the subject of an article yesterday. The records included intelligence digests and field reports from detectives, known as DD5s. Those records showed that some of the surveillance was conducted on groups that planned to disrupt the convention, but the bulk of it was on groups and people who expressed no apparent intention to break the law. In at least some cases, the reports were shared with other law enforcement agencies. Before monitoring political activity, the police must have some indication of wrongdoing, a federal court judge has said. Yesterday a spokesman for the Police Department reiterated an earlier statement that the surveillance was conducted lawfully and that the preparations helped keep order when large crowds of demonstrators gathered in the city the week of the convention. Christopher Dunn, the associate legal director of the New York Civil Liberties Union, said the revelations of widespread surveillance would increase pressure for the records? release. ?People all over the country will want these documents to see if they were spied upon,? he said. ?That will make the debate about releasing them all the more important.? In late January, the city turned over about 600 pages of intelligence digests to the civil liberties union and other lawyers suing the city on behalf of people who say they were wrongly arrested and detained during the convention. The documents are under court seal, but Mr. Dunn and a lawyer for The Times have asked a federal court magistrate to make them public. City lawyers have described the intelligence documents as central to the city?s defense. ?They detail what information the N.Y.P.D. relied on in formulating its policies,? Gerald C. Smith, an assistant corporation counsel with the Law Department, wrote in a letter filed in federal court last month. He said the intelligence helped the police forecast how many people were coming to New York for the convention and had spoken about breaking the law. Moreover, Mr. Smith wrote, the intelligence showed the city was justified in applying intensive scrutiny to the 1,806 people arrested during the convention, including fingerprinting more than a thousand people who faced charges no more serious than traffic tickets. Some were detained as long as two days for minor offenses. ?The decisions to adopt those policies were based in large part upon intelligence that had been gathered regarding the number of individuals planning to attend the R.N.C. in some capacity and the number of groups and individuals intending to, or at least professing to intend to, engage in unlawful behavior,? Mr. Smith wrote. In ruling that some of that information could be used by the city for its defense, a federal magistrate judge said that a debate over security and First Amendment rights would come to a head in the litigation. ?The questions posed by these cases have great public significance,? the judge, James C. Francis IV of Federal District Court in Manhattan, wrote on March 12. ?At issue is the proper relationship between the free speech rights of protesters and the means used by law enforcement officials to maintain public order.? One group that learned it had been the subject of an intelligence report, Billionaires for Bush, offered a lighthearted response to the news. The group, a satirical troupe, dresses in tuxedos and gowns to provide faux endorsements of the administration. Marco Ceglie, a national co-chairman who performs as Monet Oliver DePlace, said a member of the group known as Meg A. Buck had issued a statement: ?We suspect they were looking for stock tips.? From rforno at infowarrior.org Mon Mar 26 16:09:52 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Mar 2007 12:09:52 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?Maryland_begins_=B3_homeland_secur?= =?iso-8859-1?q?ity_=B2_shakedowns?= Message-ID: I guess in MD, "homeland security" is whatever you want it to be when you're the ones with the guns, dogs, and badges?? -rf Maryland begins ?homeland security? shakedowns By Michael Hampton Posted: March 25, 2007 7:05 pm http://www.homelandstupidity.us/2007/03/25/maryland-begins-homeland-security -shakedowns/ Maryland state police conducted what they call a ?homeland security? operation Wednesday near the MARC commuter rail station in Brunswick. So, if it?s about homeland security, why did the police have drug dogs sniffing cars? Police have been secretive about the purpose of the operation, which lasted several hours Wednesday afternoon according to an eyewitness, whose father?s restaurant was in view of the checkpoint and lost lunch and dinner business. State police spokesman Greg Shipley did say that they made two arrests, one for driving on a suspended license, and the other on drug charges, issued 27 traffic tickets and 60 warnings, and ran their drug sniffing dogs around more than 100 cars. ?We were not there for a threat on the Brunswick station,? he said. ?We were there for Homeland Security in Maryland.? Agencies included the Brunswick, Amtrak, Maryland Transit and Transportation police departments and the state Fire Marshal office. The MARC train is an area that needs to be monitored, Shipley said. Some residents may be concerned by the police activity but the efforts were not done to alarm them ? it was done to protect them. ?Maryland State Police (troopers) are out there working with other law enforcement agencies with the goal of keeping Maryland secure,? Shipley said. ? Frederick News-Post You shouldn?t be alarmed when you see a police checkpoint up ahead. You should be glad that the police are out there protecting you. Because, as we all know, homeland security requires you to submit to whatever the government demands. After all, you are the threat. You could hurt yourself with an evil marijuana plant or something. So, what do these checkpoints have to do with security? They have nothing to do with your security. They are about securing the state. That is, after all, what ?homeland security? means ? state security. Especially security against the people, who must remain subjugated and controlled at all times. Don?t forget, if you have a bad thought, turn yourself in! From rforno at infowarrior.org Mon Mar 26 16:26:27 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Mar 2007 12:26:27 -0400 Subject: [Infowarrior] - DHS: Drones could defend airports Message-ID: (I'm not sure what's worse --- this entire concept or the fact it's named after a pop-culture, pro-torture TV program..........rf) Drones could defend airports By Mimi Hall, USA TODAY http://www.usatoday.com/travel/news/2007-03-22-unmanned-drones_N.htm The Homeland Security Department and the military this summer will test whether drones flying 65,000 feet above the nation's busiest airports could be used to protect planes from being shot down by terrorists with shoulder-fired missiles. Dubbed "Project Chloe" after a character on Homeland Security Secretary Michael Chertoff's favorite TV show, 24, the anti-missile strategy is the latest to be explored by government leaders looking to thwart potential missile threats at commercial airports. Other methods are being considered, but Homeland Security officials say they may be too costly or impractical. The drones, to be tested over the Patuxent River Naval Air Station outside Washington, would be outfitted with missile-warning systems and possibly anti-missile lasers that could send plane-bound missiles veering off course, says Kerry Wilson, a deputy administrator of Homeland Security's anti-missile program. An unmanned plane's warning indicators could pick up the ultraviolet plume from a missile's rocket booster and trigger an anti-missile laser, which could be shot from the drone or from a site on the ground. That laser would lock on to the missile, essentially blinding it. The tests follow four years of research on anti-missile laser systems that could be mounted on the bellies of planes for $1 million or more per plane. Those systems, regularly used by the military, are being tested on nine Federal Express cargo planes to see how well they hold up. Early military tests showed they broke down after 300-400 hours of use, a failure rate that's problematic for commercial use. Concerns about those systems prompted officials to look for a less expensive, more reliable solution, and using unmanned aerial vehicles "is an idea worth looking at," Wilson said. Project Chloe has critics in Congress and in private industry. Rep. Steve Israel, D-N.Y., says the government should share the cost of installation and maintenance of the more expensive systems with the airline industry. "It's been four years of trying to figure out how to get this cheaper," he says. "But it's just a matter of time before a shoulder-fired missile becomes the biggest blow to our economy." Aviation groups have expressed concerns about drones in civilian airspace. Chris Dancy of the Aircraft Owners and Pilots Association says there would be no problem with drones flying at 65,000 feet, well above the altitude of commercial jets. He said he was concerned, however, about how airspace would be restricted when the drones take off and land. Inexpensive, widely available shoulder-fired missiles have been used against passenger and cargo planes overseas. Although no one has tried to take down a plane in the USA, Homeland Security is concerned about the possibility. From rforno at infowarrior.org Mon Mar 26 16:27:41 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Mar 2007 12:27:41 -0400 Subject: [Infowarrior] - DMCA architect lambasts music moguls Message-ID: DMCA architect lambasts music moguls It's your fault we're back to the Mozart era By John Leyden ? More by this author Published Monday 26th March 2007 14:35 GMT http://www.theregister.co.uk/2007/03/26/dmca_pants/ Bruce Lehman, key architect of the controversial Digital Millennium Copyright Act (DMCA), has admitted that copyright protection law is failing. The Clinton-era assistant secretary of commerce and commissioner of patents and trademarks put most of the blame for the DMCA's shortcomings on the recording industry. He said music industry "moguls" failed to adapt and create an attractive marketplace for music in the late 1990s. Recording industry execs had little idea about technology development and were reluctant to embrace new distribution technologies, Lehman argued. Lehman made his comments during a panel discussion during a conference on copyright in Montreal last week (extended video clip here). During the presentation, he explained the DMCA was designed to create a framework for copyright that brought existing laws up to date, protecting intellectual property rights, in the expectation that hi-tech jobs would become the mainstay of the US economy. Measures in the DMCA, which Lehman acknowledged were controversial, made it an offence to circumvent copyright-protection technology. "Unfortunately, at least in some areas, our policies haven't worked out too well and it's not for the want of trying," he said. "Our attempts at copyright control have been unsuccessful. At least in terms of music, I think we're entering a 'post-copyright era'." Copyright was a good model for compensating artists, but music thrived before modern copyright law, Lehman notes. He suggested new economic models based more heavily on concert revenue, t-shirts sales, and other sources of revenue need to be developed. Broadcasters like XM and Sirius might "commission" songs, he added. The film industry, unlike the music industry, didn't put out its works in unencrypted form so it is in a better position to use technology in protecting its work, according to Lehman. ? From rforno at infowarrior.org Mon Mar 26 18:00:14 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Mar 2007 14:00:14 -0400 Subject: [Infowarrior] - Diebold has no shame... Message-ID: Voting device pact at issue Firm sues over snub by state By Sean P. Murphy, Globe Staff | March 26, 2007 Diebold Election Systems Inc. , one of the country's largest manufacturers of voting machines, is scheduled to argue in court today that the Office of the Secretary of State wrongly picked another company to supply thousands of voting machines for the disabled. Diebold says it will ask a judge to overturn the selection of AutoMARK , a Diebold business competitor, because the office of Secretary of State William F. Galvin failed to choose the best machine. (RFF -- in other words, one made by diebold) The contract is valued at about $9 million. < - > http://www.boston.com/news/local/massachusetts/articles/2007/03/26/voting_de vice_pact_at_issue/ From rforno at infowarrior.org Tue Mar 27 01:27:37 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Mar 2007 21:27:37 -0400 Subject: [Infowarrior] - Internet Review for Patents Draws Near Message-ID: Internet Review for Patents Draws Near Alan Sipress http://blog.washingtonpost.com/posttech/ With the agency responsible for issuing patents now planning to throw open its review process to the Internet, the latest word is that this wiki-type experiment is expected to start around June 1. New York Law School Professor Beth Simone Noveck, who heads a team designing the pilot project, outlined the schedule for a lunchtime seminar today on Capitol Hill. She also previewed the Web site that members of the public can use to submit information they believe is relevant to evaluating whether inventions deserve a patent or not. The site itself will enter beta testing in early April, she said. The Information Technology and Innovation Foundation, a Washington think tank that hosted the session, said Noveck's screenshots would be posted shortly on its own Web site. Under the pilot project, individuals and companies requesting patents can volunteer to have the U.S. Patent and Trademark Office post their applications on the Internet for public input. Anyone who may have technical material related to the application, for instance journal articles, prior patents and software code, can upload these on to the site along with an explanation about why this information is relevant. Participants will vote on a top-ten list of submissions to forward to the patent office examiners, who can then use the material in evaluating the applications. The project will start with 250 applications for software patents. Noveck and her team have already lined up some of the country's most prominent tech companies, including Microsoft and IBM, to volunteer their applications. But, she added, the initiative also includes an incentive that could make it appealing to small entrepreneurs: a guarantee that their applications will jump to the front of the queue for consideration. Now, the average waiting time for a software or computer-related patent is four years. The U.S. patent office is not alone in opening its long secretive deliberations to the Internet. Just back from London, Noveck said the United Kingdom's patent office is moving ahead with a similar "peer-to-patent" review process. From rforno at infowarrior.org Tue Mar 27 03:05:28 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Mar 2007 23:05:28 -0400 Subject: [Infowarrior] - Ordinary Customers Flagged as Terrorists Message-ID: Ordinary Customers Flagged as Terrorists By Ellen Nakashima Washington Post Staff Writer Tuesday, March 27, 2007; A01 http://www.washingtonpost.com/wp-dyn/content/article/2007/03/26/AR2007032602 088_pf.html Private businesses such as rental and mortgage companies and car dealers are checking the names of customers against a list of suspected terrorists and drug traffickers made publicly available by the Treasury Department, sometimes denying services to ordinary people whose names are similar to those on the list. The Office of Foreign Asset Control's list of "specially designated nationals" has long been used by banks and other financial institutions to block financial transactions of drug dealers and other criminals. But an executive order issued by President Bush after the Sept. 11, 2001, attacks has expanded the list and its consequences in unforeseen ways. Businesses have used it to screen applicants for home and car loans, apartments and even exercise equipment, according to interviews and a report by the Lawyers' Committee for Civil Rights of the San Francisco Bay area to be issued today. "The way in which the list is being used goes far beyond contexts in which it has a link to national security," said Shirin Sinnar, the report's author. "The government is effectively conscripting private businesses into the war on terrorism but doing so without making sure that businesses don't trample on individual rights." The lawyers' committee has documented at least a dozen cases in which U.S. customers have had transactions denied or delayed because their names were a partial match with a name on the list, which runs more than 250 pages and includes 3,300 groups and individuals. No more than a handful of people on the list, available online, are U.S. citizens. Yet anyone who does business with a person or group on the list risks penalties of up to $10 million and 10 to 30 years in prison, a powerful incentive for businesses to comply. The law's scope is so broad and guidance so limited that some businesses would rather deny a transaction than risk criminal penalties, the report finds. "The law is ridiculous," said Tom Hudson, a lawyer in Hanover, Md., who advises car dealers to use the list to avoid penalties. "It prohibits anyone from doing business with anyone who's on the list. It does not have a minimum dollar amount. . . . The local deli, if it sells a sandwich to someone whose name appears on the list, has violated the law." Molly Millerwise, a Treasury Department spokeswomen, acknowledged that there are "challenges" in complying with the rules but said that the department has extensive guidance on compliance, both on the OFAC Web site and in workshops with industry representatives. She also said most businesses can root out "false positives" on their own. If not, OFAC suggests contacting the firm that provided the screening software or calling an OFAC hotline. "So the company is not only sure that they are complying with the law," she said, "but they're also being good corporate citizens to make sure they're doing their part to protect the U.S. financial system from abuse by terrorists or [weapons] proliferators or drug traffickers." Tom Kubbany is neither a terrorist nor a drug trafficker, has average credit and has owned homes in the past, so the Northern Californian mental health worker was baffled when his mortgage broker said lenders were not interested in him. Reviewing his loan file, he discovered something shocking. At the top of his credit report was an OFAC alert provided by credit bureau TransUnion that showed that his middle name, Hassan, is an alias for Ali Saddam Hussein, purportedly a "son of Saddam Hussein." The record is not clear on whether Ali Saddam Hussein was a Hussein offspring, but the OFAC list stated he was born in 1980 or 1983. Kubbany was born in Detroit in 1949. Under OFAC guidance, the date discrepancy signals a false match. Still, Kubbany said, the broker decided not to proceed. "She just talked with a bunch of lenders over the phone and they said, 'No,' " he said. "So we said, 'The heck with it. We'll just go somewhere else.' " Kubbany and his wife are applying for another loan, though he worries that the stigma lingers. "There's a dark cloud over us," he said. "We will never know if we had qualified for the mortgage last summer, then we might have been in a house now." Saad Ali Muhammad is an African American who was born in Chicago and converted to Islam in 1980. When he tried to buy a used car from a Chevrolet dealership three years ago, a salesman ran his credit report and at the top saw a reference to "OFAC search," followed by the names of terrorists including Osama bin Laden. The only apparent connection was the name Muhammad. The credit report, also by TransUnion, did not explain what OFAC was or what the credit report user should do with the information. Muhammad wrote to TransUnion and filed a complaint with a state human rights agency, but the alert remains on his report, Sinnar said. Colleen Tunney-Ryan, a TransUnion spokeswoman, said in an e-mail that clients using the firm's credit reports are solely responsible for any action required by federal law as a result of a potential match and that they must agree they will not take any adverse action against a consumer based solely on the report. The lawyers' committee documented other cases, including that of a couple in Phoenix who were about to close on their first home, only to be told the sale could not proceed because the husband's first and last names -- common Hispanic names -- matched an entry on the OFAC list. The entry did not include a date or place of birth, which could have helped distinguish the individuals. In another case, a Roseville, Calif., couple wanted to buy a treadmill from a home fitness store on a financing plan. A bank representative told the salesperson that because the husband's first name was Hussein, the couple would have to wait 72 hours while they were investigated. Though the couple eventually received the treadmill, they were so embarrassed by the incident they did not want their names in the report, Sinnar said. James Maclin, a vice president at Mid-America Apartment Communities in Memphis, which owns 39,000 apartment units in the Southeast, said the screening has become "industry standard" in the apartment rental business. It began about three years ago, he said, spurred by banks that wanted companies they worked with to comply with the law. David Cole, a Georgetown University law professor, has studied the list and at one point found only one U.S. citizen on it. "It sounds like overly cautious companies have started checking the list in situations where there's no obligation they do so and virtually no chance that anyone they deal with would actually be on the list," he said. "For all practical purposes, landlords do not need to check the list." Still, Neil Leverenz, chief executive of Automotive Compliance Center in Phoenix, a firm that helps auto dealers comply with federal law, said he spoke to the general manager of a Tucson dealership who tearfully told him that if he had known to check the OFAC list in late summer of 2001, he would not have sold the car used by Mohamed Atta, who went on to fly a plane into the World Trade Center. Staff researchers Bob Lyford and Richard Drezen contributed to this report. From rforno at infowarrior.org Tue Mar 27 14:07:23 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Mar 2007 10:07:23 -0400 Subject: [Infowarrior] - Creepy RFID monitoring Message-ID: (Interesting and it could have a benefit in some locations, but creepy anyway......rf) New RFID System Takes Security to Heart The new security system from Third Eye alerts casinos, banks or convenience stores if an employee's heart begins racing, indicating a possible robbery or theft in progress. By Claire Swedberg March 23, 2007?Portable surveillance systems company Third Eye has released a Security Alert Tracking System (SATS) that allows casinos, banks or convenience stores to be alerted if one of their employees' hearts begins racing. The purpose is to add intelligence to security and surveillance, alerting management to the fact that an employee is under stress and could be in an emergency situation, or even planning a theft against the business. < - > http://www.rfidjournal.com/article/view/3170/ From rforno at infowarrior.org Tue Mar 27 15:09:33 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Mar 2007 11:09:33 -0400 Subject: [Infowarrior] - Disable integrated iSight cameras Message-ID: (I'm not sure if DOD front-desk security folks would know whether or not they could approve this -- in their eyes the presence of a camera, even if it's been disabled electronically or physically, still means it's a camera and likely prohibited....but I pass this tidbit along anyway........rf) 10.4: Disable integrated iSight cameras http://www.macosxhints.com/article.php?story=20070323094959262 I've been moved to action on this because of a recent NSA security document that states that it is not possible to disable the iSight cameras integrated into Apple computers without also disabling things like USB keyboards and mice. This is simply not true. When a program from OS X (Tiger at least) needs to access the integrated iSight camera, it has to call the QuickTimeUSBVDCDIgitizer.component. This file is located in the /System ? Library ? QuickTime folder. Simply deleting this file will prevent any program from being able to access it. Instead, the system will simply display a message stating that the hardware is already in use by another program, and that it recommends you quit that program in order to use the camera. The beauty to all of this is that any program on your Mac that needs to verify the iSight at the hardware level can still do so. This allows things like Skype and iMovie to continue functioning, but without use of the camera. I've been using this on over 200+ MacBooks and iMacs at our Academy, and it works beautifully without causing other issues. From rforno at infowarrior.org Tue Mar 27 17:34:10 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Mar 2007 13:34:10 -0400 Subject: [Infowarrior] - Best Buy Acquires Speakeasy Message-ID: Best Buy Acquires Speakeasy http://www.neowin.net/index.php?act=view&id=39053 Speakeasy, one of the largest DSL providers in the United States, has been acquired by Best Buy for $97 million, which the companies put at 20% greater than Speakeasy's 2006 revenues. Best Buy?s plan is to promote Speakeasy Small Business DSL through the company?s lesser-known Best Buy for Business program. Current Speakeasy customers are unlikely to be affected, at least in the short term. The deal won't even go down until the first quarter of 2008, and even then the plan is to run Speakeasy as an independent subsidiary of Best Buy. "We have a high regard for Speakeasy's employees, their culture, and their valued relationships with customers and vendors.They have a strong customer service-oriented approach, which is an excellent fit with Best Buy's culture and direction,? said Darren Jackson, Best Buy executive vice president and CFO. Bruce Chatterley, President and CEO wrote the following in an email sent to the service's customers: "It is important to note that though Speakeasy will now be a wholly owned subsidiary of Best Buy, we will continue to operate as a standalone, independent operating division with headquarters in Seattle. Speakeasy will be an important part of the Best Buy For Business service that delivers simple, reliable, and affordable technology solutions to small businesses. Speakeasy's array of broadband voice, data and managed services offerings will be the focal point of the Best Buy For Business communications solutions.? From rforno at infowarrior.org Tue Mar 27 19:39:00 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Mar 2007 15:39:00 -0400 Subject: [Infowarrior] - Run Linux? HP voids your hardware warranty Message-ID: ChangeLog: Run Linux, lose warranty Friday March 23, 2007 (03:01 PM GMT) By: Joe Barr http://enterprise.linux.com/article.pl?sid=07/03/23/1430204&from=rss Laura Breeden bought a new Compaq Presario C304NR notebook in January. She bought it because she wanted to get rid of Windows and all the malware that surrounds it and move to Linux, and her old laptop lacked the memory and power to run Ubuntu Edgy. The salespeople assured her that the C304NR was "Linux ready." But they didn't tell her that running Linux would void her warranty. Until recently, she's been happy with it, and with Ubuntu Edgy. But a couple of weeks ago she began having keyboard problems. The keyboard is misbehaving when she begins to type quickly: keys are sticking and the space bar does not always respond when pressed. When she called Compaq -- the unit comes with a one-year warranty on the hardware -- they asked what operating system she was running. When she told them Linux, they said, "Sorry, we do not honor our hardware warranty when you run Linux." In order to get warranty service, she was told, she would have to remove Linux and reinstall the original OS. Laura is not a software engineer, but she failed to see how her choice of operating system could damage the keyboard. Furthermore, there isn't a word about the subject on the Compaq C304NR Web page -- nothing to alert consumers to the fact that if they chose a reliable, secure operating system like Linux instead of Windows, they would lose their rights to service under warranty. She bought the notebook from Best Buy, and they did their best to sell her a maintenance contract ($200 for three years). But since the notebook only cost $549, she thought that was a lot of money to add to the purchase price, and she also thought that she could depend on the Compaq warranty. I've been tracking this story for a couple of weeks with a PR rep from Hewlett-Packard Customer Service, who has been trying to "do the right thing" by Laura. There has been some discussion of swapping her unit with an HP notebook which is available with Linux preinstalled, but after a couple of weeks of back and forth, nothing has changed. The PR rep told me, after wading through all the terms and conditions attached to the notebook's warranty, that "it is impossible to anticipate every single issue that a customer can face, so the terms and conditions of warranties can't list every possible scenario. Usually if a customer installs a different OS, it has a big impact on the PC and will void the warranty. However, since the OS couldn't have been responsible for keys sticking on a notebook keyboard, I think this is an exception to the rule." She also asserts that Compaq's "warranty terms and conditions are in line with the rest of the industry." I have a feeling that she is correct about that. Gateway and Dell have both declined to respond to queries about their own warranty coverage in a similar scenario. Tier one manufacturers like Dell and HP are locked up in double-blind secrecy about their marketing deals with Microsoft, like the ones that keep them from offering preinstalled Linux like their customers are demanding, or even from offering machines without an OS installed at all. Laura's problem will probably come to a satisfactory end: the return of the merchandise for a full refund, or a swap for a unit that is offered with Linux in the first place. But the bigger problem is that Microsoft's tentacles are still obvious in choking a free marketplace, and the tier one manufacturers are still submissive to and complicit in Microsoft's enterprise. From rforno at infowarrior.org Wed Mar 28 03:46:23 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Mar 2007 23:46:23 -0400 Subject: [Infowarrior] - RIAA folds after defendant threatens w/malicious prosecution suit Message-ID: RIAA Backs Down After Receiving Letter from Defendant's Lawyer Threatening Malicious Prosecution; Voluntarily Dismisses Case In SONY v. Merchant in California, after receiving a sternly worded letter from the defendant's lawyer, Merl Ledford III, of Visalia, California, threatening a malicious prosecution lawsuit, the RIAA immediately withdrew its lawsuit: < - > http://recordingindustryvspeople.blogspot.com/2007/03/riaa-backs-down-after- receiving-letter.html From rforno at infowarrior.org Wed Mar 28 12:42:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Mar 2007 08:42:29 -0400 Subject: [Infowarrior] - Metasploit Framework version 3.0 Released Message-ID: March 27th, 2007 -- Metasploit is pleased to announce the immediate, free availability of the Metasploit Framework version 3.0 from http://framework.metasploit.com/. The Metasploit Framework ("Metasploit") is a development platform for creating security tools and exploits. Version 3.0 contains 177 exploits, 104 payloads, 17 encoders, and 3 nop modules. Additionally, 30 auxiliary modules are included that perform a wide range of tasks, including host discovery, protocol fuzzing, and denial of service testing. Metasploit is used by network security professionals to perform penetration tests, system administrators to verify patch installations, product vendors to perform regression testing, and security researchers world-wide. The framework is written in the Ruby programming language and includes components written in C and assembler. Metasploit runs on all modern operating systems, including Linux, Windows, Mac OS X, and most flavors of BSD. Metasploit has been used on a wide range of hardware platforms, from massive Unix mainframes to the tiny Nokia n800 handheld. Users can access Metasploit using the tab-completing console interface, the command line scripting interface, or the AJAX-enabled web interface. The Windows version of Metasploit includes all software dependencies and a selection of useful networking tools. The latest version of the Metasploit Framework, as well as screen shots, video demonstrations, documentation and installation instructions for many platforms, can be found online at http://framework.metasploit.com/ Metasploit 3 is a from-scratch rewrite of Metasploit 2 using the Ruby scripting language. The development process took nearly two years to complete and resulted in over 100,000 lines of Ruby code. As such, there are some notable differences between version 2.7 and 3.0: * The Fs, Sys, Net, and Process extensions in the Metasploit 2.7 Meterpreter have been combined into a single extension that is automatically loaded in Metasploit 3. The "stdapi" extension can be used to manipulate files, list and manage processes, migrate the payload into a new process, edit a file on the server, forward a port, execute a command, and many other tasks. The "priv" extension (accessible by the "use priv" command) provides the hashdump command for dumping password hashes and the timestomp command for erasing file system timestamps. * The Meterpreter shell provides an "irb" command thats allows interactive scripting of a compromised system. One of the features of the Metasploit client API is the the ability to read and write the memory of any accessible process on the exploited system, all from inside a Ruby shell. When combined with a Meterpreter script (started with the "run" command from inside Meterpreter), this feature can be used to backdoor running applications or steal in-memory credentials. * The Metasploit console provides an "irb" command (on Unix systems only) thats allows direct access to the Ruby internals at runtime. This can be used to modify the behavior of the framework, interact with existing connections, and as a development environment for plugins. * The Metasploit console interface has a new "route" command that allows all network connections to a given subnet to be routed through an existing session. This can be used in conjunction with the Meterpreter payload to relay attacks through exploited systems. * Database support is provided via a set of plugins and a standard command interface. The database can be used to track host information during a penetration test and launch automated attacks against a network (db_autopwn). The current release can import both Nessus NBE files and Nmap XML output files. Data provided by these tools can be used to cross-reference open ports and vulnerabilities with Metasploit modules. * User options have been separated into three types: standard, advanced, and evasion. Evasion options allow the user to bypass IDS and IPS systems by specifying how exploit data is generated and delivered. Evasion options are available for most exploits, with particular attention paid to the SMB, DCERPC, and HTTP protocols. * A plugin system allows developers to add their own commands to the console interface, hook framework events, and extend the framework at runtime without having to modify the base code. Examples plugins have been included in the "plugins" subdirectory of the framework. Example plugins include an "auto-tagger", a socket filter, a telnet service, and a number of database and debugging plugins. * An event subscription system allows modules and plugins to wait for specific events and automatically perform different actions. This feature can be used to hook socket operations, filter data flows, and automated post-exploitation tasks. * Metasploit modules can import methods and behaviors from a huge library of Ruby Mixins. This release includes support for protocols such as SMB, DCERPC, FTP, IMAP, NDMP, SMTP, and SUNRPC. Mixins are also provided for developing brute force exploits, creating egghunters, injecting user-land payloads from the Windows kernel, exploiting SEH overwrites, sniffing network traffic, and injecting raw WiFi frames. * Metasploit modules are now organized in a directory structure instead of a single flat directory. A caching system provides faster loading times. The result is a scalable system that can manage hundreds of different modules at a time (over 300 alone in this release). * The web interface (msfweb) is a Ruby on Rails application that uses the Prototype JavaScript Framework to provide in-browser windowing support. Asynchronous JavaScript is used to provide as-you-type search results for any module type and provide tab completion for the web console interface. * Thanks to Ruby's in-process threading support, it is possible to share a single Metasploit instance with other users, exploit multiple hosts at the same time, and run persistent background services, while only consuming the system resources of a single process. The msfd plugin adds a telnet interface to an existing Metasploit instance. * The new Auxiliary module type allows the development of almost any form of security or attack tool. Auxiliary modules have complete access to the Metasploit attack and protocol libraries and can be used to quickly develop research tools and proof-of-concepts. * Subversion is now used for online updates and version control. This allows users to easily switch between the development and stable version of the framework and obtain online updates using any transport supported by Subversion. * This release includes three exploit modules that exploit WiFi driver vulnerabilities in the Windows kernel. Combined with the kernel user-land payload stager, this allows any Metasploit payload to be used with ring-0 exploits on the Windows platform. A handful of auxiliary modules are included that trigger denial of service conditions in WiFi drivers across a variety of platforms. * Metasploit is now released under the Metasploit Framework License. This license allows anyone to use the framework for almost anything, but prevents commercial abuse and outright code theft. The Metasploit Framework License helps keep the platform stable and still allows module developers to choose their own licensing terms for their code (commercial or open source). For more information, please see the license document included in the distribution. * The Rex library, which provides most of the utility methods and protocol support for the framework, has been released under the 3-clause BSD license. Ruby developers can use this code to build open source or commercial applications that are not subject to the restrictions of the Metasploit Framework License. Enjoy! - The Metasploit Staff From rforno at infowarrior.org Wed Mar 28 12:47:28 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Mar 2007 08:47:28 -0400 Subject: [Infowarrior] - Children could be monitored for signs of criminal behaviour Message-ID: Children could be monitored for signs of criminal behaviour Last updated at 17:15pm on 27th March 2007 http://www.dailymail.co.uk/pages/live/articles/news/news.html?in_article_id= 444860&in_page_id=1770 All children could face compulsory checks to discover if they are at risk of turning into criminals, the Prime Minister announced today. The controversial proposal came as part of a wide-ranging review of crime and security policy published by 10 Downing Street. It said the checks could take place at existing important stages in a child's life, such as the move from primary to secondary school. The Government's plan to prevent crime said: "Establish universal checks throughout a child's development to help service providers to identify those most at risk of offending. "These checks should piggyback on existing contact points such as the transition to secondary schools." The document did not outline at what age the checks should begin, nor did it detail whether police or probation officers would be involved in the process. It was also unclear whether the check would involve a personal interview with a child, or if it would simply comprise a review of school and police records. Other proposals set out in the policy review included: ? Publishing efficiency data on the courts for the first time, with the prospect of poor-performing courts facing measures to force improvements; ? Extending the police's ability to seize non-cash assets from criminals, such as plasma screen televisions, jewellery and laptop computers; ? Encouraging businesses to make their products "crime proof", such as introducing fingerprint activation on MP3 players such as iPods, because the devices are partly behind a rise in street crime; ? Placing restrictions on prolific criminals after they are released from prison, which would lead to up to three years in jail if breached; ? Immigrants coming to Britain temporarily could be asked to take out "adequate health insurance" rather than using NHS resources; ? Developing technology could also lead to the introduction of "crowd scanners" able to detect bombs, and the use of "automatic facial recognition" to spot criminals on CCTV images. The review also appeared to advocate further expansion of the DNA database when it suggested including "all suspected offenders who come into contact with the police". Currently anyone arrested for a recordable offence in England and Wales must give a DNA sample - w From rforno at infowarrior.org Wed Mar 28 18:11:21 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Mar 2007 14:11:21 -0400 Subject: [Infowarrior] - FBI Made Mistakes, Mueller Said Message-ID: FBI Made Mistakes, Mueller Said FBI Director Robert S. Mueller admitted that the bureau made mistakes when gathering information on Americans. FBI Director Robert S. Mueller admitted "mistakes, carelessness, confusion, lack of training, lack of guidance and lack of adequate oversight" that resulted in misuse of national security letters, which authorized the FBI to gather personal information on about 40,000 to 60,000 Americans from 2003 to 2005. Speaking to the Senate Judiciary Committee, Mueller said poor organization led to the mishandling of the letters. However, the FBI didn't deliberately break the law by improperly obtaining thousands of Americans' phone, e-mail and financial records, Mueller insisted. The letters allowed the department gain access to private information on American citizens from third parties such as telephone, Internet providers and credit card companies. The Patriot Act, passed after the Sept. 11 terrorist attacks, gave the FBI the authority to request this information without a court order to combat international terrorism. "I am responsible for those shortcomings and for taking the steps to ensure that they do not happen again," Mueller said. A report issued last week said the FBI didn't get proper authorization for all of its letter requests and gave Congress inaccurate reports of how many were issued. The Senate panel's ranking Republican, Arlen Specter of Pennsylvania, said: "The question arises as to whether any director can handle this job and whether the bureau itself can handle the job." http://www.torontodailynews.com/index.php/WorldNews/2007032803fbi-made-mist akes From rforno at infowarrior.org Wed Mar 28 19:15:31 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Mar 2007 15:15:31 -0400 Subject: [Infowarrior] - Hackers build private IM to keep the law out Message-ID: (certainly nothing groundbreaking per se, just an informative item........rf) Hackers build private IM to keep the law out CarderIM helps hackers sell personal information; product's distribution is limited http://www.infoworld.com/article/07/03/28/HNhackersprivateIM_1.html By Jeremy Kirk, IDG News Service March 28, 2007 Hackers have built their own encrypted IM (instant-message) program to shield themselves from law enforcement trying to spy on their communication channels. The application, called CarderIM, is a sophisticated tool hackers are using to sell information such as credit-card numbers or e-mail addresses, part of an underground economy dealing in financial data, said Andrew Moloney, business director for financial services for RSA, part of EMC Corp., during a presentation at the International e-crime Congress in London on Wednesday. CarderIM exemplifies the increased effort hackers are making to obscure their activities while continuing to use the Internet as a means to communicate with other criminals. "They're even investing in their own custom tools, their own places to work," Moloney said. CarderIM's logo is humorous: two overlapping half suns in the same red-and-yellow tones as MasterCard International Inc.'s logo. The name, CarderIM, is a reference to the practice of "carding," or converting stolen credit-card details into cash or goods. Often, the hackers who obtain credit-card numbers aren't interested in trying to convert the data into cash. But other people are. On the Internet, the two can meet. But the data buyers and sellers are constantly on the lookout for the "rippers" -- security experts or police who are gathering data on them, Moloney said. It's not known how widely CarderIM is being used, but its distribution appears to be limited, Moloney said. Searches through Google uncover a few passing but incomplete references to the program. It's also not easy to find a copy of it. "To get ahold of it [CarderIM] you need to be part of one of the trusted groups, which we have agents within," Moloney said. During his presentation, Moloney showed a screenshot of an advertisement for CarderIM, which addressed the need to "secure the scene." The application supposedly uses encrypted servers that are "offshore" and does not record IM conversations. Hackers may have needed a more secure IM application, since most of the free ones, such as ICQ, transmit messages in clear text, which can be intercepted, Moloney said. "They know that we watch and listen," Moloney said. From rforno at infowarrior.org Wed Mar 28 19:37:00 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Mar 2007 15:37:00 -0400 Subject: [Infowarrior] - US 'no longer technology king' Message-ID: US 'no longer technology king' http://news.bbc.co.uk/1/hi/business/6502725.stm The US has lost its position as the world's primary engine of technology innovation, according to a report by the World Economic Forum. The US is now ranked seventh in the body's league table measuring the impact of technology on the development of nations. A deterioration of the political and regulatory environment in the US prompted the fall, the report said. The top spot went for the first time to Denmark, followed by Sweden. Innovation Countries were judged on technological advancements in general business, the infrastructure available and the extent to which government policy creates a framework necessary for economic development and increased competitiveness. The Networked Readiness Index, the sixth of its kind published by the World Economic Forum with Insead, the Paris-based business school, scrutinised progress in 122 economies worldwide. Despite losing its top position, the US still maintained a strong focus on innovation, driven by one of the world's best tertiary education systems and its high degree of co-operation with industry, the report said. NETWORKED READINESS INDEX RANKINGS 2006 (2005) 1: Denmark (3) 2: Sweden (8) 3: Singapore (2) 4: Finland (5) 5: Switzerland (9) 6: Netherlands (12) 7: US (1) 8: Iceland (4) 9: UK (10) 10: Norway (13) Source: WEF The country's efficient market environment, conducive to the availability of venture capital, and the sophistication of financial markets, was also given recognition. Nordic crown Denmark is now regarded as the world leader in technological innovation and application, with its Nordic neighbours Sweden, Finland and Norway claiming second, fourth and 10th place respectively. "Denmark, in particular, has benefited from the very effective government e-leadership, reflected in early liberalisation of the telecommunications sector, a first-rate regulatory environment and large availability of e-government services," said Irene Mia, senior economist at World Economic Forum. European countries to make the top 20 included Switzerland in fifth place, the Netherlands, one of the most improved in sixth, the UK (nine), Germany (16), Austria (17) and Estonia (20). While countries from Asia and the Pacific continued to progress, the powerhouse economies of China and India both showed a downward trend. India was four positions down on last year to 44th, suffering from weak infrastructure and a very low level of individual usage of personal computers and the internet. China was knocked to 59th place, nine positions down, with information technology uptake in Chinese firms lagging. Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/1/hi/business/6502725.stm Published: 2007/03/28 15:57:02 GMT ? BBC MMVII From rforno at infowarrior.org Thu Mar 29 02:08:00 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Mar 2007 22:08:00 -0400 Subject: [Infowarrior] - Military beefs up Internet arsenal Message-ID: Military beefs up Internet arsenal By Jim Michaels, USA TODAY WASHINGTON ? The U.S. military is quietly expanding capabilities to attack terrorist computer networks, including websites that glorify insurgent attacks on U.S. forces in Iraq, military officials and experts say. The move comes as al-Qaeda and other groups fighting in Iraq and elsewhere have expanded their activities on the Internet and increased the sophistication and volume of their videos and messages. Much of the material is designed to raise money and recruit fighters for Iraq. "You should not let them operate uncontested" on the Internet and elsewhere in cyberspace, said Marine Brig. Gen. John Davis, who heads a military command located at the National Security Agency. The command was established to develop ways to attack computer networks. Davis and other officials declined to say whether the military has actually attacked any networks, which would require presidential authorization. The techniques are highly classified. Pentagon contract documents show the military asks companies to develop a "full spectrum ? of computer network attack techniques." Run by the Air Force Research Laboratory, this program aims to spend $40 million over four years, documents show. The growth in offensive capabilities signals a shift in military thinking from just monitoring terrorist websites for intelligence to attacking those sites. "The offensive is increasingly on leaders' minds," said John Arquilla, a professor at the Naval Postgraduate School who also works for the Defense Department on cyberwar issues. Some officials say cyberattacks can result in losing critical intelligence. "You always have the built-in tension between the operator who wants to destroy the target and the intelligence officer who wants to use the target to gain more information," said Lani Kass, director of the Air Force's cyberspace task force. "Our opponents do a heck of a lot more than just watch us in cyberspace," Davis said. "They are acting in cyberspace. We need to develop options so that we can ? dominate cyberspace." Cyberattacks can take different forms, including eliminating terrorist websites and creating doubts among insurgents about their networks' security, said Arquilla, who favors an offensive approach he calls a "virtual scorched-earth policy." Armed groups in Iraq videotape nearly all of their attacks on U.S. forces to help magnify their impact. "Everything they do in Iraq and Afghanistan is geared toward propaganda," said Rep. Jim Saxton, R-N.J., who's on the House Armed Services Committee. The videos and messages are "getting more and more professional," said Andretta Summerville of iDefense, a private contractor that monitors terrorist activity on the Internet. Some sites find recruits and push "them toward a pipeline that ends in suicide attacks," said Lt. Col. Matthew McLaughlin, a spokesman for Central Command, which runs the wars in Iraq and Afghanistan. Attacking websites may have limited value, said Ben Venzke of IntelCenter, a contractor that monitors terrorist websites and Internet forums. "The problem is the nature of the Internet itself," he said. "It can always come back up in 10 seconds." Find this article at: http://www.usatoday.com/news/washington/2007-03-28-cyber-war_N.htm?csp=34 From rforno at infowarrior.org Thu Mar 29 02:11:04 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Mar 2007 22:11:04 -0400 Subject: [Infowarrior] - Second university refuses to hand student info to RIAA Message-ID: http://www.mainecampus.com/home/index.cfm?event=displayArticlePrinterFriendl y&uStory_id=3950c334-f676-4ee9-a6d6-dd4dda699135 UMS refuses to hand student info to RIAA By: Tony Reaves Posted: 3/26/07 The University of Maine System has refused a request from the Recording Industry Association of America to produce names of students who allegedly downloaded copyrighted materials. The system has also opted not to forward the RIAA's pre-litigation letters offering settlements to those students, although the schools those students attend will inform their students of the letters and give them a chance to pick up the letters if they so choose. At the University of Maine, students with pending RIAA lawsuits were told on Friday. "It's not the university's role to, in effect, serve papers on our students for another party," John Diamond, spokesman for the university system, said of the decision. At the same time, the university has ensured those students get a chance to settle. "We want our students to be aware of it, but we do not feel that it is our obligation to be the arm of the RIAA beyond simply sharing the information," Diamond said. On Wednesday, the RIAA sent 27 letters to the UMS to forward to its students offering settlements before their alleged music piracy could go to court. The letters direct students to the Web site http://www.p2plawsuits.com, where students can admit guilt and settle for an amount far lower than the RIAA could get in court. Of the 27 letters, 14 went to UMaine students. The remaining 13 went to students at every other UMS school except Farmington and Augusta. The RIAA sent the system only the numerical Internet addresses of students the industry has accused of copyright violations. They asked the UMS to provide the names of those students. Diamond said the RIAA's request for student information asks the system to violate the Family Educational Rights and Privacy Act, which bars the UMS from divulging information not considered public. The Internet addresses the university assigns to students accessing the network is not public. Despite this, some institutions have given up their students' names to avoid court fees. "The only way the RIAA can get that information is if the RIAA takes us to court to get those names," Diamond said. According to Jon Ippolito, a UMaine new media professor and associate curator of media arts at the Guggenheim Museum, the university has taken a principled stance. "[The RIAA] have so many lawyers that they can afford to send frivolous subpoenas right and left, and the mere threat to do so has caused some universities to cave right away," said Ippolito, an expert on digital media. On Thursday, Ippolito sent a letter to the university system urging administrators not to reveal students' identities to the RIAA. Ippolito said the practice of subpoenaing universities won't necessarily hold water in court, and was critical of the RIAA's newest tactics with colleges, a policy he called "mafia-like." "They want to bully universities into exposing students and also bully students directly into signing onto a discount," Ippolito said. "There's no legal process and that's the end of the story." According to the Digital Millennium Copyright Act, a 1998 bill meant to protect copyrighted material in the digital age, the university is not responsible for copyright violations on its network. The university system needs only to make sure students delete any copyrighted works found by an outside agency such as the RIAA. ? Copyright 2007 Maine Campus From rforno at infowarrior.org Thu Mar 29 02:14:34 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Mar 2007 22:14:34 -0400 Subject: [Infowarrior] - Vista launch: a 'resounding' success? Message-ID: Somehow I don't think Vista is as successful as MS would like us to believe, either. There's been mostly lukewarm press about it and the term "no compelling reason to upgrade" has been cited frequently by reviewers.......-rf Vista launch: a 'resounding' success? By ElectricNews.Net ? More by this author 28 Mar 2007 21:34 http://www.channelregister.co.uk/2007/03/28/ms_vista_shipments_claims/ Microsoft has released its first sales figures for its new operating system Vista - and has declared the launch a resounding success. More than 20 million units of the new OS have been shipped since its launch, more than double the number Windows XP managed to sell in its first month. Microsoft is keeping tight-lipped on the regional breakdown for these figures, so there is no way to tell as yet whether the new software has found a definite fanbase in Europe. However, the overall figures may not be as spectacular as they first seem. The 20 million being bandied about by Microsoft includes copies of the product sold as an upgrade, a standalone product, and shipped with new PCs and laptops. It probably doesn't take into account those who have reverted to their old XP system after experiencing problems with Vista. The internet is full of angry posts about how installing Vista caused devices to stop working, caused programs to slow down or simply that the software was buggy. In addition to these facts, it has been noted by several analysts that the PC market is significantly larger than it was when XP was launched five years ago. Adjusting the figures to take this into account, it seems that Vista could simply be matching XP sales. Meanwhile, it seems Microsoft is trying to entice more users to take up Vista by cutting prices. The discount scheme the tech firm currently offers to US small businesses and home users buying extra Vista licences has now been extended to Europe. From 26 March, EMEA users can use the Windows Vista Additional Licence programme to install the same edition of Windows Vista on up to five additional PCs owned by the original licence holder at a 10 per cent discount on the suggested retail price. The availability of the new scheme was announced on the Windows Vista Team Blog by Nick White, product manager on the Vista launch team. The question is if the discount will go far enough. The post on the Vista blog was followed by a number of complaints arguing for a greater discount. "Honestly, it leaves much to be desired (and I speak not as a Linux or Apple zealot), especially as you can easily find Vista discounted by 5-7 percent at Amazon.com or marked down by about that much at retail stores like Best Buy," said one poster. "In fact, with the sales tax rate in most states, it may actually be cheaper to buy it at Amazon than at a 10 percent discount from Microsoft." Microsoft may yet have some work to do to convince the tech industry - and their customers - that Vista is a resounding success. Copyright ? 2007, ElectricNews.Net From rforno at infowarrior.org Thu Mar 29 03:28:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Mar 2007 23:28:29 -0400 Subject: [Infowarrior] - Senate's Bold Proposal for Iraq: Sugar Beets and Rural Schools Message-ID: Wouldn't it be grand to find a way to force Congress to include ONLY the items related to the title of the proposed legislation? IE, if the bill is an 'emergency' authorization for Iraq funding, don't load it up with domestic spending programs. If the bill is to fund the Pentagon for the next fiscal year, don't tack on a national identification card as an amendment, etc, etc. Ahhh, the joys of life in Washington..... -rf Senate's Bold Proposal for Iraq: Sugar Beets and Rural Schools -- in the U.S. http://www.washingtonpost.com/wp-dyn/content/article/2007/03/28/AR2007032802 091_pf.html By Dana Milbank Thursday, March 29, 2007; A02 Midway through the Senate debate yesterday over the "emergency" spending bill for Iraq, Barbara Boxer rose to speak in favor -- of strawberries. "There's a song called 'Strawberry Fields Forever,' " the California Democrat declared on the Senate floor, as an aide displayed a poster of an icy berry patch. "This is a strawberry field," Boxer continued, seeking funds for frostbitten fruit farmers. "It looks like an ice rink. The strawberries are somewhere in there; they are destroyed. I also want to show you oranges. . . . Here you can see the icicles near the avocados." < - > It's common for lawmakers to complain that a spending bill is "loaded up like a Christmas tree" with pet projects. But the Iraq Emergency Supplemental Appropriations Act going through the Senate this week is unusual in that it is loaded up with Christmas trees. Specifically, it includes $40 million for a Tree Assistance Program that provides help for Christmas trees and ornamental shrubs. Also in the Senate's version of the Iraq bill: $24 million for sugar beets, $3 million for Hawaiian sugar cane, $13 million for the Ewe Lamb Replacement and Retention Program, $100 million in compensation for dairy losses, $165.9 million for fisheries disaster relief, and money for numerous other "emergencies." This offended the patriotism of a few senators, such as Jim DeMint (R-S.C.), who called on his fellow citizens to "stand up as Americans, not as spinach growers, not as milk producers, not as tree farmers." Most of his colleagues disagreed. They voted, 73 to 24, to keep the agricultural go From rforno at infowarrior.org Thu Mar 29 12:25:52 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Mar 2007 08:25:52 -0400 Subject: [Infowarrior] - Why the RIAA doesn't want defendants exonerated Message-ID: Why the RIAA doesn't want defendants exonerated By Eric Bangeman | Published: March 29, 2007 - 12:35AM CT http://arstechnica.com/news.ars/post/20070329-why-the-riaa-doesnt-want-defen dants-exonerated.html Litigation is always a risky endeavor. One can never be entirely sure how a judge will interpret case law and rule, and should the case proceed to trial, juries are even harder to read. Filing over a thousand lawsuits, therefore, is even riskier. Should a handful of rulings go the wrong way, it could jeopardize the numerous other cases currently in the system. This is a dilemma faced by the RIAA in its war against suspected file sharers. The hundreds of cases filed have all proceeded along the same lines, with which most of us are all too familiar. The music industry's exit strategy from cases it deems undesirable to pursue?due to mistaken identity, poor likelihood of winning, or other factors?has been just as consistent. The record labels file for a dismissal with prejudice and everybody goes their own ways, footing their own legal bills, and no one is officially cleared of wrong-doing. Recent events may be casting a shadow over the wisdom of the RIAA's strategy. A new tactic One such event is yesterday's news from the world of file-sharing litigation. Faced with the prospect of having to pay attorneys' fees in cases it has no interest in pursuing, the RIAA appears to be trying a new tactic. In the case of Warner Bros. v. Tallie Stubbs, the record labels have said that they "now covenant not to pursue claims against Defendant" for copyright infringement and that the defendant's counterclaim should be dismissed. Tallie Stubbs was sued by the RIAA last year after the trade group's investigators traced a Kazaa shared folder back to her with the help of an ISP. After what it described as "further investigation," the record labels apparently concluded that they had either misidentified her or didn't have sufficient evidence to proceed with the case, and decided to move for dismissal without prejudice. When contacted by Ars and asked the reasons behind the dismissal, the RIAA declined to comment. But Stubbs wanted something more than a mere dismissal: complete exoneration. She filed a counterclaim seeking a declaratory judgment that she had not infringed on the record labels' copyrights. Earlier this month, Judge Vicki Miles-LaGrange split the difference. She granted the plaintiffs' motion to dismiss without prejudice while denying their motion to dismiss the counterclaim, ruling that "there are independent bases for subject matter jurisdiction over Defendant's declaratory judgment counterclaim." In other words, the defendant can seek to have her name cleared of any wrongdoing, regardless of the plaintiff's decision to dismiss. By promising not to sue Stubbs again and keeping the dismissal without prejudice on the books, RIAA hopes to avoid the same fate it met in Capitol v. Foster (Debbie Foster is being represented by the same attorney as Tallie Stubbs) and faces in Elektra v. Santangelo: a ruling that the defendant is the prevailing party and therefore entitled to attorneys' fees. In Warner v. Stubbs, the labels are arguing that since they are promising never to sue her for infringement again, there is no need to continue the legal wrangling and the judge should therefore dismiss Stubbs' counterclaim. In other words, no harm, no foul. Risky business In choosing this course of action, the RIAA is taking a calculated risk. Dismissing a case without prejudice while promising not to bring further legal action could be interpreted as the functional equivalent of a dismissal with prejudice. As a result, the judge may very well decide to dismiss the case with prejudice after all. She could also then dismiss Stubbs' counterclaim, as a dismissal with prejudice would mean that she is the prevailing party and leave the labels vulnerable to an attorneys' fees awards. Last week, we noted that the RIAA found itself in a difficult situation with Elektra v. Santangelo because the judge had ruled that Patti Santangelo was entitled to a shot at vindication, either via trial or a dismissal with prejudice. If Judge Miles-LaGrange issues a ruling exonerating Tallie Stubbs of infringement, it would be a worrisome trend for the RIAA. The music industry has become accustomed to having its way with those it accuses of file-sharing, quietly dropping cases it believes it can't win. It looks as though the courts may be ready to stop the record labels from just walking away from litigation when it doesn't like the direction it is taking and give defendants justice by fully exonerating them of any wrongdoing. From rforno at infowarrior.org Thu Mar 29 17:48:00 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Mar 2007 13:48:00 -0400 Subject: [Infowarrior] - Yahoo Groups hit by massive duplicate e-mail bug Message-ID: Yahoo Groups hit by massive duplicate e-mail bug March 29, 2007 9:02 AM PDT http://news.com.com/2061-10811_3-6171648.html?part=rss&tag=2547-1_3-0-20&sub j=news A major bug in Yahoo's mailing list software has deluged in-boxes around the world with duplicate messages. Yahoo Groups confirmed the glitch in a brief statement on Wednesday evening. CNET News.com reader David H. reported in e-mail that the problems started early on Wednesday. He said: "What is incredible to me is that 17 hours later, Yahoo has neither solved the problem nor rolled back their 'upgrade' -- despite hundreds of messages from irritated group managers, some of whom have been automatically unsubscribed from their own groups by Yahoo's anti-flood-detection software." Comments posted on Yahoo's official blog said that messages often were arriving faster than users could delete them, with up to 25 duplicates arriving for each original message. Some mailing list operators responded by enabling emergency moderation, and others reported additional glitches such as messages not appearing that should have. Over 1,500 comments were posted. In a revised statement released at 8 a.m. on Thursday, Yahoo said: "A fix was pushed at midnight (PT) that we believe has resolved the problem for messages submitted after that time. However, it is possible that some users of some groups may have continued to receive duplicates of messages that were posted before midnight." It was not immediately clear whether the glitch was due to Yahoo announcing earlier in the day on Wednesday that it would open its e-mail interface to outside software developers. From rforno at infowarrior.org Thu Mar 29 17:54:16 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Mar 2007 13:54:16 -0400 Subject: [Infowarrior] - AT&T, Verizon, Qwest Can Bid on $20 Billion USG Contract Message-ID: AT&T, Verizon, Qwest Can Bid on $20 Billion Contract (Update2) By Molly Peterson http://www.bloomberg.com/apps/news?pid=20601087&sid=a_XnOkroR3GI&refer=home March 29 (Bloomberg) -- AT&T Inc., Verizon Communications Inc. and Qwest Communications International Inc. won the right to bid on orders under a government contract worth at least $20 billion, the biggest-ever federal telecommunications award. Sprint Nextel Corp. was denied participation in the biggest part of the so-called Networx acquisition program, which lasts 10 years, the General Services Administration said today at a press conference. The decision will end the Reston, Virginia-based company's 18-year run as a government-wide contractor. ``It's clearly a disappointment,'' for Sprint, said David Kaut, an analyst at Stifel Nicolaus & Co. in Washington. The companies will compete for business from as many as 135 federal agencies in thousands of locations worldwide. The services provided will cover everything from Internet-based telephone and video access to data-network security upgrades. The announcement marks the first time the U.S. has picked more than two groups of companies to bid on a government-wide telecommunications contract, a deal spanning its whole operations. The contract replaces an arrangement with Verizon and Sprint. San Antonio-based AT&T hasn't held a government-wide contract since 1999, and Denver-based Qwest has never had one. ``The three awardees best meet our needs,'' said John Johnson, a General Services Administration assistant commissioner overseeing the program, in response to a question about why Sprint wasn't picked. Shut Out The program had been especially critical for Sprint, which gets several hundred million dollars each year for federal network services and has lost consumer customers in recent months. The company, which runs the third-largest U.S. wireless service, said in January it plans to cut 5,000 jobs this year as sales trail analysts' estimates. Sprint said in a statement it will support a bridge contract to continue its work with government customers for as many as 40 additional months. The company said it is confident it will be found eligible to bid on a second, smaller part of the Networx contract that will be announced in May. Sprint also requested a debriefing with GSA next week and will decide after that meeting whether it will protest its exclusion, the company said in an e-mail. The company's shares pared gains after the announcement, rising 25 cents to $18.76 at 1:38 p.m. in New York Stock Exchange composite trading after earlier climbing as high as $18.98. Shares of AT&T rose 4 cents to $38.99, Verizon shares advanced 12 cents to $37.35 and Qwest shares gained 10 cents to $8.95. Lots of Work The program was designed as a plan to help government agencies upgrade to Internet-based systems, add more wireless networks and adopt technologies that will emerge in the next 10 years. The government also wants to tighten network security and improve agencies' ability to communicate with one another, particularly during emergencies. The phone companies say they have spent millions of dollars preparing for the contract in the past three years, assigning thousands of employees to the job. Today's announcement is ``a step in the process,'' said Don Herring, president of AT&T's government business. ``Lots of work needs to be done for what happens next.'' Qwest spokeswoman Diane Reberger called the win ``another example of how far Qwest has come over the past few years.'' Verizon said in a statement that it has invested in technology to continue its work with federal agencies. All four carriers formed teams with technology and defense companies to meet the program's requirements. Sprint had planned to work with a group that includes Lockheed Martin Corp., while New York-based Verizon teamed up with Hewlett-Packard Co., General Dynamics Corp. and Computer Sciences Corp. Northrop Grumman Corp. and Electronic Data Systems Corp. are on AT&T's team, and Qwest's team includes BearingPoint Inc. and SAIC Inc. To contact the reporter on this story: Molly Peterson in Washington at mpeterson9 at bloomberg.net Last Updated: March 29, 2007 13:40 EDT From rforno at infowarrior.org Thu Mar 29 17:56:07 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Mar 2007 13:56:07 -0400 Subject: [Infowarrior] - Apple iTunes offers 'Complete My Album' Message-ID: Thursday, March 29, 2007 ? Last updated 9:46 a.m. PT Apple iTunes offers 'Complete My Album' By MAY WONG AP TECHNOLOGY WRITER http://seattlepi.nwsource.com/business/1700AP_Apple_ITunes_Albums.html SAN JOSE, Calif. -- Apple Inc., the company that popularized selling songs online for 99 cents apiece, now hopes to buoy interest in albums, giving customers credit for purchases of full albums from which they have bought individual tracks. Apple introduced the "Complete My Album" feature Thursday on its iTunes Store. It now gives a full credit of 99 cents for every track the user previously purchased and applies it toward the purchase of the complete album. For instance, most albums on iTunes cost $9.99 so a customer who already bought three tracks can download the rest of the album for $7.02. Previously, users who bought singles and later opted to buy the album had to pay the full price of the album and ended up with duplicates of those songs. The album price reduction is good for only 180 days after the initial purchase of individual tracks. Eddy Cue, Apple's vice president of iTunes, said the new feature should help eliminate the resistance that customers, including himself, may have felt in buying an album after they had already bought a single from it. advertising "Once we bought a song, we wondered why we had to buy it again if we wanted the album," Cue said. "We hope it helps us sell more songs ultimately, and from the customer point of the view, we think it's the right thing to do." About 45 percent of the nearly 2.5 billion songs sold on iTunes were purchased as albums, Cue said. For a limited period of 90 days, Apple said it will make the "Complete My Album" offer retroactive to users who purchased tracks dating back to the launch of the iTunes Store four years ago. Apple dominates the online music market and is a leading music retailer worldwide behind only Wal-Mart Stores Inc., Best Buy Co. and Target Corp. Shares of Apple climbed 1 cent to $93.25 in afternoon trading on the Nasdaq Stock Market. From rforno at infowarrior.org Thu Mar 29 19:12:14 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Mar 2007 15:12:14 -0400 Subject: [Infowarrior] - Symposium: Internet Governance and Security Message-ID: Internet Governance and Security: Exploring Global and National Solutions May 17, 2007 2:00 pm ? 6:00 pm Swiss Embassy 2900 Cathedral Ave. N.W. (Metro: Red Line, Woodley) Washington, DC This symposium on Internet Governance and Internet security will explore the relationship between global and national Solutions to problems of cyber crime and cyber security. The meeting will focus on the tensions and complementarities between global and national policy making for issues related to the security and privacy of commerce and communication on the Internet. The panelists and audience are technical experts, academics, and U.S. and international decision-makers in government and industry. They will identify and discuss Internet governance issues such as the security of the domain name system (DNSSEC), spam and cybercrime, identity and identification, and private sector security regimes. The program is organized by the Syracuse University School of Information Studies; the George Mason University Law School?s Critical Infrastructure Protection Program; and the Swiss Federal Institute of Technology at Lausanne. Panel 1: Securing the Root: The Politics and Economics of DNSSEC Panel 2: Taking Charge: Public Sector Plans and Private Sector Priorities Panel 3: National Interest, Global Governance: Which Suits the Internet? For RSVP, contact: Kathy Allen Syracuse University School of Information Studies kallen02 at syr.edu For more information contact: Dr. Milton Mueller Syracuse University School of Information Studies Mueller at syr.edu From rforno at infowarrior.org Thu Mar 29 19:18:11 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Mar 2007 15:18:11 -0400 Subject: [Infowarrior] - 2006 Operating System Vulnerability Summary Message-ID: 2006 Operating System Vulnerability Summary Overview Computer security is a precarious business both from a product development and administrative standpoint. Operating system vendors are forced to constantly patch their software to keep consumers protected from the latest digital threats. But which operating systems are the most secure? A recent report by Symantec hints that Windows currently presents fewer security holes than its commercial competitors.1 To that, a typical consultant would respond "well, that depends," as security auditors generally take such statements with a grain of salt. It depends on the configurations of the hosts, the breadth of the included binaries and the scope of what "commercial competitors" entails. Differing opinions on this interpretation lead to different conclusions. SecurityFocus, for instance, shows that various overall vulnerabilities surged in 2006 while ISS (Internet Security Systems) reports that operating system specific exploits declined.2,3 The summarized coverage of 2006 vulnerabilities by SANS showed the most prevalent attack vectors were not directly against the operating systems themselves.4 However, this article approaches the operating system as an entity in and of itself for analysis of only the vulnerabilities of core features. As such, vulnerability scans were conducted against 2006's flagship operating systems in various configurations to determine weakness from the moment of installation throughout the patching procedure. From Microsoft, testing included Windows XP, Server 2003 and Vista Ultimate. Examinations against Apple included Mac OS9, OSX Tiger and OSX Tiger server.5 Augmenting Apple's UNIX representation, security tests were also performed on FreeBSD 6.2 and Solaris 10. Rounding up the market share, Linux security testing included Fedora Core 6, Slackware 11, SuSE Enterprise 10 and Ubuntu 6.10. Before delving into the specifics of the vulnerabilities, it is helpful to understand the security scene of 2006. < - > http://www.omninerd.com/2007/03/26/articles/74 From rforno at infowarrior.org Fri Mar 30 11:44:11 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Mar 2007 07:44:11 -0400 Subject: [Infowarrior] - Apple TV: an in-depth review In-Reply-To: Message-ID: ------ Forwarded Message From: Monty Solomon Apple TV: an in-depth review By Jacqui Cheng, Clint Ecker March 27, 2007 Ars Technica Introduction At Macworld in January of this year, Apple formally announced the Apple TV (previously known as the "iTV"), an iTunes-compatible streaming media device meant to revolutionize the way we watch television. The announcement of the Apple TV also came at a time when Apple unveiled the iPhone and officially changed the company name from Apple Computer to Apple Inc.-a move that indicated Apple's seriousness in focusing more on lifestyle products for the general consumer than on traditional computers. Today's Apple wants into every facet of our lives, including our living rooms. And so, after several delays attributed mostly (among the rumor mill) to unfinished software, the Apple TV finally started shipping on March 20. Fans and critics alike have eagerly looked forward to its release so that we can decide once and for all how Apple could compete in the quickly-saturating downloads-to-TV market. We're approaching the Apple TV from a slightly different perspective than most of Apple's prospective customers. We've had a Mac mini hooked up to our TV ever since the mini's launch in 2005 and acting as an HTPC-like device for all of our non-live-TV needs. Our mini, which we upgraded to a Mac mini core solo last year, is able to stream music and video content through iTunes from other Macs and PCs in the house-just as the Apple TV can-but it can also play a wide variety of other files. The mini acts as a DVD player, and it can function as a DVR with the use of an Elgato eyeTV. It is a full-fledged computer, after all, with the TV as its monitor. But there are some limits to using the mini in this way. With the G4 mini, we had to use an external mouse and keyboard to control the computer (and since we're lazy and want to plant our butts on the couch the whole time, they had to be wireless). However, all the way from the couch, it was hard at times to read the screen of the mini while searching for files or going through playlists in iTunes. The Intel mini came with Front Row, which made it easier for me to stream iTunes content from elsewhere in the house, with the big, swooping menus. So what does the Apple TV have to offer us-people who have been slightly spoiled with the use of a seemingly more versatile device for years now? We tried to examine both how the Apple TV would fare among my family members who are intimidated by even the slightest hint of technology, but also how it would fare among fellow geeks. To do this, we decided to spend some quality time using our Apple TVs before reviewing it, and we seeded our staff with a few units to get feedback from both PC and Mac users, from both HD videophiles and standard definition users. This probably isn't the first Apple TV review you've read, but we also spent much more time going over everything than was possible last week. ... http://arstechnica.com/reviews/hardware/appletv.ars From rforno at infowarrior.org Fri Mar 30 11:49:40 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Mar 2007 07:49:40 -0400 Subject: [Infowarrior] - Internet Agency Rejects .xxx Domain Message-ID: Internet Agency Rejects .xxx Domain http://www.nytimes.com/aponline/technology/AP-Internet-Pornography.html?_r=1 &hp&oref=slogin By THE ASSOCIATED PRESS Published: March 30, 2007 Filed at 6:00 a.m. ET LISBON, Portugal (AP) -- The agency that sets the Internet addressing guidelines influencing how people navigate the Web defeated a proposal Friday to give adult Web sites their own ''.xxx'' domain. Many in the adult-entertainment industry and religious groups alike had criticized the plan, which the Canadian government also warned this week could leave the Internet Corporation for Assigned Names and Numbers in the tricky business of content regulation. The 9-5 decision by ICANN's board came nearly seven years after the proposal was first floated by ICM Registry LLC. It was the third time ICANN has rejected such a bid. One member abstained from voting. ''We are extremely disappointed by the boards action today,'' said Stuart Lawley, ICM's president and chief executive. ''It is not supportable for any of the reasons articulated by the board, ignores the rules ICANN itself adopted for the RFP, and makes a mockery of ICANN by-laws' prohibition of unjustifiable discriminatory treatment.'' He added that ICM would pursue the matter energetically. Many of the board members said they were concerned about the possibility that ICANN could find itself in the content regulation business if the domain name was approved. Others criticized that, saying ICANN should not block new domains over fears like that, noting that local, state and national laws could be used to decide what is pornographic and what is not. Other board members said they believed that opposition to the domain by the adult industry, including Web masters, content providers and others, was proof that the issue was divisive and that ''.xxx'' was not a welcome domain. From rforno at infowarrior.org Fri Mar 30 13:02:40 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Mar 2007 09:02:40 -0400 Subject: [Infowarrior] - DHS wants master key for DNS Message-ID: Department of Homeland and Security wants master key for DNS http://www.heise.de/english/newsticker/news/87655 The US Department of Homeland Security (DHS), which was created after the attacks on September 11, 2001 as a kind of overriding department, wants to have the key to sign the DNS root zone solidly in the hands of the US government. This ultimate master key would then allow authorities to track DNS Security Extensions (DNSSec) all the way back to the servers that represent the name system's root zone on the Internet. The "key-signing key" signs the zone key, which is held by VeriSign. At the meeting of the Internet Corporation for Assigned Names and Numbers (ICANN) in Lisbon, Bernard Turcotte, president of the Canadian Internet Registration Authority (CIRA) drew everyone's attention to this proposal as a representative of the national top-level domain registries (ccTLDs). At the ICANN meeting, Turcotte said that the managers of country registries were concerned about this proposal. When contacted by heise online, Turcotte said that the national registries had informed their governmental representatives about the DHS's plans. A representative of the EU Commission said that the matter is being discussed with EU member states. DNSSec is seen as a necessary measure to keep the growing number of manipulations on the net under control. The DHS is itself sponsoring a campaign to support the implementation of DNSSec. Three of the 13 operators currently work outside of the US, two of them in Europe. Lars-Johan Liman of the Swedish firm Autonomica, which operates the I root server, pointed out the possible political implications last year. Liman himself nomited ICANN as a possible candidate for the supervisory function. The Internet Assigned Numbers Authority (IANA), which handles route management within the ICANN, could be entrusted with the task of keeping the keys. An ICANN/IANA solution would offer one benefit according to some experts: there would be no need to integrate yet another institution directly into operations. After all, something must be done quickly if there is a problem with the signature during operations. If the IANA retains the key, however, US authorities still have a political problem, for the US government still reserves the right to oversee ICANN/IANA. If the keys are then handed over to ICANN/IANA, there would be even less of an incentive to give up this role as a monitor. As a result, the DHS's demands will probably only heat up the debate about US dominance of the control of Internet resources. (Monika Ermert) (Craig Morris) / (jk/c't) From rforno at infowarrior.org Fri Mar 30 13:15:21 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Mar 2007 09:15:21 -0400 Subject: [Infowarrior] - Friday Funny: RIAA Lawsuit Decision Matrix Message-ID: http://www.bbspot.com/Images/News_Features/2007/03/riaa-lawsuit-matrix.jpg From rforno at infowarrior.org Fri Mar 30 18:29:08 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Mar 2007 14:29:08 -0400 Subject: [Infowarrior] - High schoolers turn in plagiarism screeners for copyright infringement Message-ID: High schoolers turn in plagiarism screeners for copyright infringement By Nate Anderson | Published: March 30, 2007 - 11:59AM CT http://arstechnica.com/news.ars/post/20070330-high-schoolers-turn-in-plagiar ism-screeners-for-copyright-infringement.html Four students from Arizona and Virginia have filed suit against plagiarism detection system Turnitin.com, arguing that the service engages in massive copyright infringement. The lawsuit, filed this week in a Virginia federal court, claims that the infringement is willful and that Turnitin's parent company iParadigms owes $150,000 for every violation. Turnitin gives school districts an automated tool to search for instances of plagiarism. Students are generally required to submit their work to the site before receiving a grade on it, and the service returns an "Originality Report" on each paper. At Virginia's McLean High School, which two of the plaintiffs attend, students have no choice: failure to submit a paper through Turnitin results in a 0. Judging by their lawsuit, students don't think much of this system. "The Turnitin system is capable of detecting only the most ignorant or lazy attempts of plagiarism by students without significant monetary resources," says the court filing, "and is ineffective if a plagiarist does anything aside from virtually exactly copying another's work, or obtains his or her paper from a pay web site." But what bothers them most is the fact that Turnitin archives submitted work in order to build up its database. These student papers are then used to look for plagiarism in future submissions. The students allege that this is copyright infringement. Turnitin has known for years that this would be a sensitive issue, and in 2002 commissioned an opinion (PDF) from law firm Foley & Lardner. The group concluded that the use of the papers constituted fair use, but admitted that "the archival of a submitted work is perhaps the most legally sensitive aspect of the TURNITIN system." The lawyers argue that because the text is not displayed or distributed to anyone, it can hardly be called "infringement." The students disagree, of course, and allege that parent company iParadigms "may send a full and complete copy of a student's unpublished manuscript to an iParadigms client anywhere in the world upon request of the client, and without the student's permission." After the McLean school adopted the system, a group of offended students banded together and hired a lawyer to send Turnitin a letter in September 2006. The letter generated a strong response: Turnitin filed for a "declaratory judgment" from a federal judge in California, looking for a ruling that its service was legal. In that case, filed in early December, the company claimed once again that it was protected by the fair use exemption, and that it was actually protectng student copyrights. "Rather than infringing intellectual property rights, iParadigms is trying to protect copyright interests by students and other authors by preventing plagiarism of the very student papers that Turnitin receives," the company wrote. iParadigms abruptly pulled the case without explanation two weeks later; according to the new filing from the students, this only occurred after the company was contacted by a Washington Post reporter. The case is now in the hands of another federal court on the other side of the country, and it will center on papers from the four students involved. That means that "DBQ1: Ancient Greek Contributions," "What Lies Beyond the Horizon," "Under a Pear Tree," and "Day is Weary"?student papers with little monetary value?could eventually cost iParadigms $600,000 should the company be found guilty. If the students prevail, the company's current business model would be substantially damaged, and a vigorous fair use defense is expected. From rforno at infowarrior.org Fri Mar 30 18:29:57 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Mar 2007 14:29:57 -0400 Subject: [Infowarrior] - DVD consortium loses court case over DVD copying Message-ID: DVD consortium loses court case over DVD copying By Eric Bangeman | Published: March 29, 2007 - 08:08PM CT http://arstechnica.com/news.ars/post/20070329-dvd-consortium-loses-court-cas e-over-dvd-copying.html A California judge handed a victory to Kaleidescape, which manufactures home media servers, ruling that the company's products do not violate the DVD industry's CSS license. The company was sued by the DVD Copy Control Association, which said that Kaleidescape's media servers violate its standard licensing contract. The Kaleidescape System is a kind of home media server on steroids. Starting at $10,000, it consists of a server, movie player, and music player. The server is designed to store all of the owner's movies and music, ripping them from their original source discs for playback at a later time. To no one's surprise, the DVD CCA took issue with that functionality, accusing Kaleidescape of opening the door to massive copyright infringement and arguing that any device that played movies from a DVD needed to have physical access to the disc in order to do so. After a week-long trial, Judge Leslie C. Nichols ruled in Kaleidescape's favor, saying that the 20-page CSS spec was not technically included as part of the license agreement. As a result, the company is in full compliance with the DVD CCA's CSS license, noting in his decision that Kaleidescape had made "good faith efforts" to ensure that its products were fully compliant. "Kaleidescape has been operating in the shadow of the DVD CCA's allegations for over three years," Michael Malcolm, CEO of Kaleidescape told Ars Technica. "We are gratified that after hearing all of the evidence, the Judge has completely vindicated our position." The complexity of the DVD CCA's licensing agreement proved to be its downfall. Witnesses during the trial characterized the license drafting process as having been carried out over a series of 100+ meetings by a group of entertainment-industry lawyers with feedback from engineers. The result was a confusing standard licensing contract, one that omitted key details about the CSS General Specification. Unfortunately for consumers, the decision is a narrow one. It looks to be applicable only to commercial home media server products that store single copies of a DVD in a copy-protected form for personal use. Kaleidescape's rips remain CSS protected on the hard drive, and Malcolm tells Ars that some parts have an "extra layer of AES-256 encryption." So those who wish to rip their own DVD libraries for personal use will continue to operate in the murky, grey intersection of the DMCA and fair use. Although no formal appeal has been filed, it is likely that the DVD CCA will ask a higher court to overturn the decision. From rforno at infowarrior.org Fri Mar 30 19:53:09 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Mar 2007 15:53:09 -0400 Subject: [Infowarrior] - TSA missed 90% of bombs at Denver airport Message-ID: Undercover agents slip bombs past DIA screeners reported by: Deborah Sherman , I-Team Reporter created: 3/29/2007 3:00:43 PM Last updated: 3/29/2007 10:38:20 PM http://www.9news.com/news/article.aspx?storyid=67166 Undercover agents slip bombs past DIA screeners. 9NEWS at 10 p.m. 3/29/07 KUSA - Checkpoint security screeners at Denver International Airport last month failed to find liquid explosives packed in carry-on luggage and also improvised explosive devices, or IED's, worn by undercover agents sources told 9NEWS. "It really is concerning considering that we're paying millions of dollars out of our budget to be secure in the airline industry," said passenger Mark Butler who has had two Army Swiss knives confiscated by screeners in the past. "Yet, we're not any safer than we were before 9/11, in my opinion." The Transportation Security Administration (TSA) screeners failed most of the covert tests because of human error, sources told 9NEWS. Alarms went off on the machines, but sources said screeners violated TSA standard operating procedures and did not hand-search suspicious luggage, wand, or pat down the undercover agents. "The good news is we have our own people probing and looking and examining the system," said Rep. Ed Perlmutter, a Democrat in the 7th congressional who sits on the House Homeland Security and transportation committees. "The bad news is they're finding weaknesses." After 9NEWS told Perlmutter about the undercover results, he requested a classified briefing from the TSA about the team. Four TSA and Homeland Security Department officials briefed the congressman last week. "The bottom line is, we've got to plug those holes," said Perlmutter. "We can't have those kinds of problems because we want to have people who fly across this nation be as safe as possible." In one test, sources told 9NEWS an agent taped an IED to her leg and told the screener it was a bandage from surgery. Even though alarms sounded on the walk-through metal detector, the agent was able to bluff her way past the screener. "If they miss something that's obvious, often times that could happen, we will pull them off the line and retrain them," said Security Director Earl Morris at TSA headquarters in Washington, D.C. "That's how we audit and keep track of which people are doing a better job than others and how we keep this whole process so that it really is one that's legitimate and factual and actually is effective." The TSA would not confirm the test results obtained by 9NEWS. The covert testers who were at DIA are part of the TSA's Red Team. The Red Team was formed by the Federal Aviation Administration after terrorists blew up Pan Am Flight 103 over Lockerbie, Scotland in 1988, killing 270 people. The Red Team tests about 100 airports nationwide every year, according to Morris. It halted testing after 9/11. Since it re-started testing in 2003, the Red Team has investigated security at approximately 735 airports. The team tested DIA once during 2006 and on February 12 to 14, said Morris. The agents act and think like terrorists to find vulnerabilities in the aviation security system. The Red Team uses very expensive chemical simulates in the test devices that look, smell and taste like real explosives, except they do not explode. To the CTX bomb detection machines at DIA, they are real explosives, according to a former Red Team leader. Sources told 9NEWS the Red Team was able to sneak about 90 percent of simulated weapons past checkpoint screeners in Denver. In the baggage area, screeners caught one explosive device that was packed in a suitcase. However later, screeners in the baggage area missed a book bomb, according to sources. "There's very little substance to security," said former Red Team leader Bogdan Dzakovic. "It literally is all window dressing that we're doing. It's big theater on TV and when you go to the airport. It's just security theater." Dzakovic was a Red Team leader from 1995 until September 11, 2001. After the terrorist attacks, Dzakovic became a federally protected whistleblower and alleged that thousands of people died needlessly. He testified before the 9/11 Commission and the National Commission on Terrorist Attacks Upon the US that the Red Team "breached security with ridiculous ease up to 90 percent of the time," and said the FAA "knew how vulnerable aviation security was." Dzakovic, who is currently a TSA inspector, said security is no better today. "It's worse now. The terrorists can pretty much do what they want when they want to do it," he said. TSA's Morris disagrees with that. "We have a very robust program of which we are very proud, in which we utilize testing at all of our airports every single day," said Morris. The security chief says he expects screeners to fail the Red Team tests because they are difficult. "We could put these tests together so that we have a 100 percent success rate every single time," said Morris. "Then, they wouldn't be challenging, they wouldn't be realistic and they really wouldn't be stretching the limits and the imagination of the Transportation Security Officer." Morris says the tests are designed to be tough so that officers can learn from their mistakes and successes. "It's a test but it's also a learning experience," said Morris. "It's a constant audit that we put on there to see where our employees are and where we need to enhance the weaknesses." Morris says other agents, not with the Red Team, test and train screeners every day at the nation's 450 airports and says screeners pass most of those tests. In those kinds of tests, he said Denver has done well in the past. However, tests done by the Department of Homeland Security's Office of Inspector General and the U.S. Government Accountability Office in 2006 found widespread failures. According to the GAO, screeners at 15 airports missed 90 percent of the explosives and guns agents tried to sneak past checkpoints. Also, a Denver woman who carries a Taser for personal protection, told 9NEWS she carried it on board airplanes last year six times. Her Taser shoots 500,000 volts of electricity. She says the TSA never caught it and stopped her. Most test results, including results from the Red Team, are secret, classified as SSI or sensitive security information. Morris says they do not make them public because they could point out holes in the system. "We're actually fighting a war on terror. Our intent is not to educate the public on how we do tests and what are tests consist of. Our sole objective is to prevent those who have intent to do us harm from being able to successfully complete their mission." Sources who leaked the test results to 9Wants to Know say they were concerned about the failures and want security improved. Morris says the screeners were told about the failures and the problems were fixed. He called 9Wants to Know's sources 'disgruntled and underachieving employees.' "Anyone who violates the rule we have in place for divulging information that is sensitive and secret, that jeopardizes the security of this country is wrong," said Morris. "They're out of line, it's not acceptable and it's not appropriate." Dzakovic, who testified that the FAA ordered the Red Team to "not write up our findings," said the TSA is also trying to hide its results. "The last thing TSA wants to do is look bad in front of congress and in front of the public, so rather than fix the problem, they'd rather just keep them quiet," said Dzakovic. Dzakovic says aviation security needs fundamental changes if it's going to improve. "If anything of value is to be achieved out of this latest round of testing in Denver, congressmen need to go into the internal mechanics of how TSA operates in order to really affect change," said Dzakovic. "Because if they don't, next year there will be another round of testing, get them same kind of results and it's just a matter of time before potentially thousands of more people get killed." While Morris said security can always get better, it's already excellent. "We understand that security is not perfect in every aspect but we understand that we go about trying to be perfect every single day and we are doing a tremendous job out there and the public should feel comfortable flying out today and quite frankly, they do," he said. Sources tell 9Wants to Know screeners failed the tests because they feel pressured to put passengers on planes quickly and say they are short-staffed. When the TSA took over screening at DIA in 2002, there were 1100 officers. However, there are only 750 today because Congress capped funding for employees. Perlmutter voted last week for a bill that gives more money for aviation security, but the President said he'll veto the bill because it includes time lines on ending the war in Iraq. (Copyright KUSA*TV. All rights reserved.)