From rforno at infowarrior.org Thu Nov 1 12:06:15 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 01 Nov 2007 08:06:15 -0400 Subject: [Infowarrior] - ICANN Council Rejects Domain Owner Anonymity Message-ID: ICANN Council Rejects Domain Owner Anonymity By David Kravets EmailOctober 31, 2007 | 2:36:31 PMCategories: Privacy http://blog.wired.com/27bstroke6/2007/10/icann-council-s.html The Internet Corporation for Assigned Names and Numbers voted down a proposal Wednesday to grant internet domain owners anonymity. Instead, the ICANN council voted 17-7 to continue studying whether it should abandon its policy requiring domain site owners' personal or proxy information to appear on a Whois search. After nearly two hours of debate, the group voted to investigate formulating a policy that ensures "appropriate privacy safeguards for natural persons, lawful access to data for rights enforcement, consumer protection, law enforcement and anti-crime purposes." The council for the governing body of domain registrations, voted down a measure that would have allowed Whois reporting requirements to expire at the end of 2008. From rforno at infowarrior.org Thu Nov 1 12:11:31 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 01 Nov 2007 08:11:31 -0400 Subject: [Infowarrior] - Flee from the 11/11 Digital Jihad Message-ID: (take as you will, consider the source and the substance.........rf) http://www.debka.com/headline.php?hid=4723 In a special Internet announcement in Arabic, picked up DEBKAfile?s counter-terror sources, Osama bin Laden?s followers announced Monday, Oct. 29, the launching of Electronic Jihad. On Sunday, Nov. 11, al Qaeda?s electronic experts will start attacking Western, Jewish, Israeli, Muslim apostate and Shiite Web sites. On Day One, they will test their skills against 15 targeted sites expand the operation from day to day thereafter until hundreds of thousands of Islamist hackers are in action against untold numbers of anti-Muslim sites. DEBKAfile?s counter-terror sources report that, shortly after the first announcement, some of al Qaeda?s own Web sites went blank, apparently crashed by the American intelligence computer experts tracking them. The next day, Oct. 30, they were up again, claiming their Islamic fire walls were proof against infidel assault. They also boasted an impenetrable e-mail network for volunteers wishing to join up with the cyber jihad to contact and receive instructions undetected by the security agencies in their respective countries. Our sources say the instructions come in simple language and are organized in sections according to target. They offer would-be martyrs, who for one reason or another are unable to fight in the field, to fulfill their jihad obligations on the Net. These virtual martyrs are assured of the same thrill and sense of elation as a jihadi on the ?battlefield.? In effect, say DEBKAfile?s counter-terror experts, al Qaeda is retaliating against Western intelligence agencies? tactics, which detect new terrorist sites and zap them as soon as they appear. Until now, the jihadists kept dodging the assault by throwing up dozens of new sites simultaneously. This kept the trackers busy and ensured that some of the sites survived, while empty pages were promptly replaced. But as al Qaeda?s cyber wizards got better at keeping its presence on the Net for longer periods, so too did Western counter-attackers at knocking them down. Now Bin Laden?s cyber legions are fighting back. The electronic war they have declared could cause considerable trouble on the world?s Internet. From rforno at infowarrior.org Thu Nov 1 12:13:46 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 01 Nov 2007 08:13:46 -0400 Subject: [Infowarrior] - Schneier: The War on the Unexpected (Good Read) Message-ID: (agree 110% with his sentiments...........rf) The War on the Unexpected http://www.schneier.com/blog/archives/2007/11/the_war_on_the.html We've opened up a new front on the war on terror. It's an attack on the unique, the unorthodox, the unexpected; it's a war on different. If you act different, you might find yourself investigated, questioned, and even arrested -- even if you did nothing wrong, and had no intention of doing anything wrong. The problem is a combination of citizen informants and a CYA attitude among police that results in a knee-jerk escalation of reported threats. This isn't the way counterterrorism is supposed to work, but it's happening everywhere. It's a result of our relentless campaign to convince ordinary citizens that they're the front line of terrorism defense. "If you see something, say something" is how the ads read in the New York City subways. "If you suspect something, report it" urges another ad campaign in Manchester, UK. The Michigan State Police have a seven-minute video. Administration officials from then-attorney general John Ashcroft to DHS Secretary Michael Chertoff to President Bush have asked us all to report any suspicious activity. The problem is that ordinary citizens don't know what a real terrorist threat looks like. They can't tell the difference between a bomb and a tape dispenser, electronic name badge, CD player, bat detector, or a trash sculpture; or the difference between terrorist plotters and imams, musicians, or architects. All they know is that something makes them uneasy, usually based on fear, media hype, or just something being different. Even worse: after someone reports a "terrorist threat," the whole system is biased towards escalation and CYA instead of a more realistic threat assessment. Watch how it happens. Someone sees something, so he says something. The person he says it to -- a policeman, a security guard, a flight attendant -- now faces a choice: ignore or escalate. Even though he may believe that it's a false alarm, it's not in his best interests to dismiss the threat. If he's wrong, it'll cost him his career. But if he escalates, he'll be praised for "doing his job" and the cost will be borne by others. So he escalates. And the person he escalates to also escalates, in a series of CYA decisions. And before we're done, innocent people have been arrested, airports have been evacuated, and hundreds of police hours have been wasted. This story has been repeated endlessly, both in the U.S. and in other countries. Someone -- these are all real -- notices a funny smell, or some white powder, or two people passing an envelope, or a dark-skinned man leaving boxes at the curb, or a cell phone in an airplane seat; the police cordon off the area, make arrests, and/or evacuate airplanes; and in the end the cause of the alarm is revealed as a pot of Thai chili sauce, or flour, or a utility bill, or an English professor recycling, or a cell phone in an airplane seat. Of course, by then it's too late for the authorities to admit that they made a mistake and overreacted, that a sane voice of reason at some level should have prevailed. What follows is the parade of police and elected officials praising each other for doing a great job, and prosecuting the poor victim -- the person who was different in the first place -- for having the temerity to try to trick them. For some reason, governments are encouraging this kind of behavior. It's not just the publicity campaigns asking people to come forward and snitch on their neighbors; they're asking certain professions to pay particular attention: truckers to watch the highways, students to watch campuses, and scuba instructors to watch their students. The U.S. wanted meter readers and telephone repairmen to snoop around houses. There's even a new law protecting people who turn in their travel mates based on some undefined "objectively reasonable suspicion," whatever that is. If you ask amateurs to act as front-line security personnel, you shouldn't be surprised when you get amateur security. We need to do two things. The first is to stop urging people to report their fears. People have always come forward to tell the police when they see something genuinely suspicious, and should continue to do so. But encouraging people to raise an alarm every time they're spooked only squanders our security resources and makes no one safer. We don't want people to never report anything. A store clerk's tip led to the unraveling of a plot to attack Fort Dix last May, and in March an alert Southern California woman foiled a kidnapping by calling the police about a suspicious man carting around a person-sized crate. But these incidents only reinforce the need to realistically asses, not automatically escalate, citizen tips. In criminal matters, law enforcement is experienced in separating legitimate tips from unsubstantiated fears, and allocating resources accordingly; we should expect no less from them when it comes to terrorism. Equally important, politicians need to stop praising and promoting the officers who get it wrong. And everyone needs to stop castigating, and prosecuting, the victims just because they embarrassed the police by their innocence. Causing a city-wide panic over blinking signs, a guy with a pellet gun, or stray backpacks, is not evidence of doing a good job: it's evidence of squandering police resources. Even worse, it causes its own form of terror, and encourages people to be even more alarmist in the future. We need to spend our resources on things that actually make us safer, not on chasing down and trumpeting every paranoid threat anyone can come up with. This essay originally appeared in Wired.com EDITED TO ADD (11/1): Some links didn't make it into the original article. There's this creepy "if you see a father holding his child's hands, call the cops" campaign, this story of an iPod found on an airplane, and this story of an "improvised electronics device" trying to get through airport security. This is a good essay on the "war on electronics." From rforno at infowarrior.org Thu Nov 1 13:23:15 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 01 Nov 2007 09:23:15 -0400 Subject: [Infowarrior] - The "Merc" Magazine In-Reply-To: <59D80F19824FA04485DC48C6CBECC0B60D271A@XMBIL123.northgrum.com> Message-ID: http://www.serviammagazine.com/about.htm Serviam?s mission is to provide accurate and actionable information about private sector solutions to promote global stability. We address users and consumers of private goods and services in the humanitarian relief, national development, security and military sectors; government and private providers of such goods and services; and government entities involved in decisions that determine or influence trends in this growing industry. The magazine shares useful information and provokes thoughtful dialogue about complex global security and stability problems, such as: * maintaining stability and security in the aftermath of natural and man-made catastrophes; * delivering humanitarian relief to victims of poverty, conflict and disaster; * deterring and responding to domestic and international terrorist threats; * force and mission augmentation and logistics in hot conflicts; and * innovating and developing technologies and training to ensure mission success. From rforno at infowarrior.org Thu Nov 1 14:21:11 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 01 Nov 2007 10:21:11 -0400 Subject: [Infowarrior] - Endangered Species - The Child's Chemistry Set Message-ID: Endangered Species - The Chemistry Set What do Islamofacism, methamphetamine production, tort lawyers, and homemade fireworks have in common? The answer is that they are all part of the seemingly inevitable process of destroying the childhood Chemistry Set. A.C. Gilbert, in 1918 was titled the ?Man who Saved Christmas? with his innovative ideas of packaging a few glass tubes and some common chemicals into starter kits that enabled a generation to learn the joy of experimentation, and the basis for the scientific method of thought. < - > http://tinyurl.com/2ufrwv From rforno at infowarrior.org Fri Nov 2 18:47:17 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Nov 2007 14:47:17 -0400 Subject: [Infowarrior] - TSA Exposed Its Undcover People Message-ID: TSA Exposed Its Undcover People http://www.nytimes.com/aponline/us/AP-TSA-Tip-Off.html?_r=1&oref=slogin By THE ASSOCIATED PRESS Published: November 2, 2007 Filed at 2:21 p.m. ET WASHINGTON (AP) -- The Transportation Security Administration touts its programs to ensure security by using undercover operatives to test its airport screeners. In one instance, however, the agency thwarted such a test by alerting screeners across the country that it was under way, even providing descriptions of the undercover agents. The government routinely runs covert tests at airports to ensure that security measures in place are sufficient to stop a terrorist from bringing something dangerous onto an airplane. Alerting screeners when the undercover officer is coming through and what the person looks like would defeat the purpose. But that's exactly what happened on April 28, 2006, according to an e-mail from a top TSA official who oversees security operations. In an e-mail to more than a dozen recipients, including airport security staff, the TSA official warned that ''several airport authorities and airport police departments have recently received informal notice'' of security testing being carried out by the Department of Transportation and the Federal Aviation Administration. The e-mail from Mike Restovich, assistant administrator of TSA's Office of Security Operations, relayed an alert that described a couple who were testing security. The woman is white but has ''an oriental woman's picture'' on her identification card, it stated. ''They will print a boarding pass from a flight, change the date, get through security (if not noticed) and try to board a flight and place a bag in the overhead.'' Because the pair had altered the date on a boarding pass, the e-mail advised: ''Alert your security line vendors to be aware of subtle alterations to date info.'' The TSA inspector general is investigating the incident, and the agency would not discuss details of the case because it's part of an ongoing investigation. TSA spokeswoman Ellen Howe said, ''We are confident in the overall integrity of the program. Tip-offs are not a systemic problem because we do so much testing.'' Lawmakers are asking for more details on the incident as well. ''Any effort to undermine the integrity of covert testing of TSA's screening checkpoints is unacceptable,'' Rep. Bennie Thompson, D-Miss., wrote in a letter Thursday to TSA Administrator Kip Hawley. Thompson chairs the House Homeland Security Committee. From rforno at infowarrior.org Fri Nov 2 18:52:10 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Nov 2007 14:52:10 -0400 Subject: [Infowarrior] - Scepticism over cyber-jihad rumours Message-ID: Scepticism over cyber-jihad rumours al-Qaeda (still) can't hack By John Leyden ? More by this author Published Friday 2nd November 2007 15:56 GMT http://www.theregister.co.uk/2007/11/02/cyber_jihad_rumours/ Islamist hackers are reportedly making preparations to launch a cyber-jihad against Israeli and Western websites beginning on 11 November. Experts are split over whether to take the attacks seriously or not. Rumours of the putative attack first surfaced in Israeli intelligence magazine DEBKAfile earlier this week. It reported that an Islamist website was calling on true believers to mount an attack on the forces of Western, Jewish, Israeli, Muslim apostate and Shiite Websites. The rumoured attack will supposedly focus on 15 websites initially before expanding its reach as "hundreds of thousands of Islamist hackers" join in. DEBKAfile has a history of producing edgy stories about the defence and security landscape from an Israeli perspective that sometimes get it wrong. In 2003, for example, it reported former Iraqi dictator Saddam Hussein would use weapons of mass destruction against US forces, SC Magazine notes. Nonetheless some experts such as Paul Henry, vice president of technology-evangelism at Secure Computing, are taking the threat seriously. Rather than launching the supposed assault without notice and through a network of compromised machines, the Islamists are reportedly looking to rally recruits to download a package called Electronic Jihad Version 2.0. Instructions on how to use the malign version of Seti at Home for would-be cyber-jihadis will be made available across an impenetrable email network, the organisers of the effort reportedly claim. "There are people claiming that the software has been written by a Saudi national and we don't know how many people have downloaded it," Henry said. "Today an attack using the tool is limited to only a DDoS attack. It is not difficult to repel a basic DDoS attack, but if enough users participate, it will fill your pipe." Would-be combatants are being instructed that hurling malign packets at the forces of Zionism and Crusader Imperialism TM is every bit as "honourable" as taking up arms, DEBKAfile reports. "Our sources say the instructions come in simple language and are organized in sections according to target. They offer would-be martyrs, who for one reason or another are unable to fight in the field, [the chance] to fulfil their jihad obligations on the Net. These virtual martyrs are assured of the same thrill and sense of elation as a jihadi on the 'battlefield'," it said. Whether the thrills in line for "virtual martyrs" involve the fabled 72 virgins is not noted. DEBKAfile speculates that the attack is a response to Western agencies' efforts to take down, or otherwise disrupt, the operations of Islamist websites. It's not the first time rumours of a forthcoming cyber-jihad have surfaced. In December 2006, the US Department of Homeland Security warned banks and infrastructure firm of a possible electronic attack. Nothing happened. The DHS might argue that the warning caused the attack to be aborted or defences to be put in place in time. Security expert Gadi Evron, who studied the recent cyberattacks in Estonia, is doubtful about danger or even newsworthingness of the supposed attack. "Even if an attack is planned, it would likely be nothing new," Evron told IDG. "Cyber-jihad on the level of attacking websites happens every day for numerous causes by enthusiasts. The content of this warning is doubtful. There are not hundreds of thousands of infosec workers worldwide, not to mention working for al-Qaeda." ? 9 comments posted ? From rforno at infowarrior.org Sat Nov 3 03:46:26 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Nov 2007 23:46:26 -0400 Subject: [Infowarrior] - Task force aims to improve US cybersecurity Message-ID: http://www.theregister.co.uk/2007/11/02/us-cybersecurity_task_force/ Task force aims to improve US cybersecurity By Robert Lemos, SecurityFocus Published Friday 2nd November 2007 21:23 GMT A blue-ribbon panel of three dozen security experts hopes to craft a strategy to improve the United States' cybersecurity by the time the next president takes office, the Center for Strategic and International Studies (CSIS), and the task force's Congressional sponsors, announced on Tuesday. The bipartisan Commission on Cyber Security for the 44th Presidency will be tasked with creating a plan to secure the nation's computers and critical infrastructure and presenting that plan to the next president. The task force is headed by Representatives Jim Langevin (D-RI) and Michael McCaul (R-TX), Microsoft's vice president for Trustworthy Computing Scott Charney and retired Navy admiral Bobby Inman. The commission will have at least four major meetings over the next year to hash out an agenda, investigate the issues and make recommendations, James Lewis, senior fellow at the Center for Strategic and International Studies (CSIS), which is funding the commission. "This is not a tech focus; it is a Washington focus," Lewis said. "You always have an opportunity, when a new administration comes in, to do some quick fixes and that is what we are trying to do with this commission." Cybersecurity has not been a major priority for past administrations. In 1998, President Clinton signed Presidential Decision Directive No. 63 (http://www.securityfocus.com/news/164), which required agencies to take steps to protect eight critical infrastructures. In 2000, the Clinton Administration unveiled its National Plan to Protect Critical Infrastructure (http://www.news.com/Clinton-launches-plan-to-protect-IT-infrastructure/2100 -1023_3-235352.html?tag=item), but failed to fund (http://www.securityfocus.com/news/85) critical programs to push federal agencies to secure their systems. While many of those agencies have slowly improved their security compliance scores (http://www.securityfocus.com/news/11458) under the Federal Information System Management Act (FISMA) of 2002, the Bush Administration has also largely failed (http://www.securityfocus.com/brief/605) to create strong recommendations or requirements to improve cybersecurity. This year, the House Subcommittee on Emerging Threats, Cyber Security and Science and Technology has taken an increasing interest (http://www.securityfocus.com/news/11472) in federal agencies' failure to protect themselves against online attacks. The Department of State acknowledged (http://www.securityfocus.com/brief/250) in June 2006 that attackers had installed remote access software on systems in the agency and abroad, stolen passwords and targeted information on China and North Korea. In October 2006, the Department of Commerce took hundreds of computers (http://www.securityfocus.com/brief/324) offline following a series of attacks aimed at federal employees' computer accounts by online thieves that appear to be based in China. "I believe the government, across all levels, is too complacent when it comes to protecting their digital assets and this needs to change,? commission co-chair Rep. Langevin, who also heads the Homeland Security Subcommittee on Emerging Threats, Cyber Security and Science and Technology, said in a statement. The commission aims to be nonpartisan and brings together 32 security experts, apart from the four people heading the panel. Among the experts are Idaho National Laboratories' infrastructure protection strategist Michael Assante, Oracle's chief technology officer Mary Ann Davidson, Princeton University professor of computer science Edward Felten, IBM Internet Security System's CEO Tom Noonan, and Verizon's executive director for national security policy Marcus Sachs. As of yet, there is not firm agenda for the commission, said Sachs. "There are no assumptions," he said. "Lets just get the cybersecurity experts together and see what comes out as an agenda." Whether online attacks could constitute terrorism is still a matter of contention today, but the ability of Internet attackers to affect financial networks, power system, and infrastructure critical to the U.S. economy is not. For example, since March, the Department of Homeland Security has been showing power companies a video of a simulated attack (http://www.securityfocus.com/brief/597) against a power plant using a real vulnerability. In the video, a turbine dramatically overheats while smoke pours out. "While cybersecurity in the U.S. has improved in the last five years, the threat model continues to change and the risks to U.S. security and economic well-being are steadily increasing," Microsoft's Charney, one of the four co-chairs of the commission, said in a statement sent to SecurityFocus. "Therefore, much still needs to be done." The commission plans to have a report outlining their recommendations to give to the next president's transitional team in December 2008. ?The next President and their administration must be prepared to hit the ground and protect America?s cyber networks,? Rep. McCaul, the ranking member of the Homeland Security Subcommittee on Emerging Threats, Cyber Security and Science and Technology, said in a statement. ?As it stands now this nation is severely challenged by current cyber attacks." This article originally appeared in Security Focus (http://www.securityfocus.com/news/11494). Copyright ? 2007, SecurityFocus (http://www.securityfocus.com/) From rforno at infowarrior.org Sat Nov 3 03:50:51 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 Nov 2007 23:50:51 -0400 Subject: [Infowarrior] - Verizon 'revises' wireless broadband T&Cs Message-ID: Verizon updates T&Cs to further redefine "unlimited" data usage After Verizon's ambiguousness ended up hitting it right where it hurts (read: the wallet), the carrier cleaned up its act a bit and redefined "unlimited" in a hot-off-the-press version of its Terms & Conditions. While perusing through the legalese, you'll notice that checking out "continuous web camera posts or broadcasts / automatic data feeds (RSS)" are strictly prohibited, right along with P2P sharing or using your BroadbandAccess as a "substitute or backup for private lines or dedicated data connections." Moving on, you'll also see that exceeding 5GB of usage during any single billing period gives Verizon the right to "reduce throughput speeds of any application that would otherwise exceed such speed to a maximum of approximately 200Kbps." It gets worse -- these speeds are (unsurprisingly) "subject to change," so it sounds like your connection can be throttled right on down to a crawl should you pass the 5GB barrier. Have fun!* http://www.engadget.com/2007/11/02/verizon-updates-tandcs-to-further-redefin e-unlimited-data-usage/ From rforno at infowarrior.org Sat Nov 3 04:01:37 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 03 Nov 2007 00:01:37 -0400 Subject: [Infowarrior] - Has the U.S. met its match in airport-security craziness? Message-ID: http://www.salon.com/tech/col/smith/2007/11/02/askthepilot252/print.html Has the U.S. met its match in airport-security craziness? By Patrick Smith Nov. 02, 2007 | Come to find out, America is not the only crazy country when it comes to airport security. Based on what happened to me in London a few days ago, I'd say the U.K. is a close runner-up. Working a trip from Gatwick, I was forced to remove my shoes and put my liquids into a Ziploc bag. This is routine for passengers, but I was in full uniform at a crew-only checkpoint. My Rollaboard and flight case were hand-searched top to bottom, and a nearly empty, 5-ounce tube of toothpaste was confiscated from my toiletries bag. The Brits are jittery, and not entirely without reason. The 2006 liquid bomb cabal (daft as its scheme may have been) was organized here, and it wasn't that long ago that Pan Am 103 lifted off from Heathrow with its deadly Toshiba radio. I'm willing to grant some slack, but I draw the line at seizing empty containers from pilots. "Why are you taking that?" I ask the guard. "There's almost nothing in there." "I don't know that for sure," she replies. "I can't tell how much is inside." The rule is 100 milliliters. I stare down at the rolled and emaciated tube. It can't contain more than three brushings' worth of paste. I wanted to ask this woman how she could say a thing like that and continue to take herself, and her job, seriously. Still, though, while it's tempting to award first prize to our European cousins, it's our own United States that retains the crown for loopiest behavior. Any argument was put to rest earlier this fall, when the U.S. Department of Homeland Security presented the latest version of its "Secure Flight" anti-terrorism program, requesting that governments hand over a docket of personal data on all foreign airline passengers bound for the United States. (This would affect not only commercial flights arriving in the United States but those merely overflying U.S. territory -- an Air Canada plane, say, flying between Toronto and the Caribbean.) This data may include, among other things, a flier's union affiliations, reading preferences and -- look it up yourself if you don't believe me -- sexual habits. What somebody's sex life might have to do with blowing up a plane is something I can't begin to fathom; how any government might actually get wind of this information is even more troubling. Fortunately, others feel the same way, and the details of this proposal have provoked the ire of certain lawmakers. It remains to be seen how much of it becomes policy. This would be the second dose of bad press for the Homeland Security hacks in recent weeks. Last month, you might remember, the Transportation Security Administration (TSA is a branch of DHS) got a media scolding after it came to light that TSA airport screeners had failed to detect up to 75 percent of phony bomb components smuggled through terminal checkpoints during tests. I don't normally rush to the defense of TSA, but am I the only one who finds this revelation overblown and irrelevant? This is a clear-cut case of workers being asked to do the impossible, then criticized when they fall short. Think for a moment about the countless ways in which dangerous materials can be smuggled through security. A bomb component, no different from a knife, a gun or a dangerous liquid, can be hidden, disassembled, improvised from and/or disguised any number of ways -- most of them undetectable. Attempting to ferret out every potential weapon is a lost cause from the beginning. I've said it before: The dirty work of keeping terrorists away from planes takes place out of view -- as the job of intelligence agencies and law enforcement. Airport screening exists as a last resort, and it should not be held responsible for failing to meet absurd and useless standards of zero tolerance. Not everybody agrees, I know. I'm continually startled by the number of otherwise smart and reasonable people who believe that concourse security actually needs to be more intrusive and rigorous. I was dismayed by a recent installment of the PBS television show "America's Investigative Reports," for example, which ran an expos? about after-hours airport workers not receiving tough-enough checkpoint scrutiny. PBS's Friday night lineup has gone sharply downhill since the departure of Bill Moyers, but this was an especially disappointing segment. Instead of an expos? on how easy the system is to skirt, how about one on how misguided it is to start with? For those who agree with me, I urge you to take a more active role. Write a letter; complain to your representative in Congress; and when you can, speak up. It remains my philosophy that if more people don't protest the silliness of current procedures, things are never going to change. Contrary to what some people think, voicing your opposition will not get you shipped to Guant?namo or placed on a no-fly list. I confess to having initiated my share of robust and provocative discussions at various airport checkpoints. The latest of these took place a week ago at a major airport on the East Coast, when yet again I was faced with the annoying requirement that airline crew members be in uniform in order to bypass the shoe inspection -- a policy discussed here a couple of weeks ago. With my credentials prominently displayed and my sneakers still on, I head for the metal detector, hoping for some of that special treatment I'd seen on PBS. "Hold it," snarls a guard. "You gotta take your shoes off." "But I'm a crew member," I answer, showing the gentleman my I.D. badge and pilot certificates. "Yeah, but if you wanna keep your shoes on, you have to be in uniform." "Well, OK, but how come? What difference does it make?" "Those are the rules." "Why, though? Am I not a crew member?" "Those are the rules." "I know that. But can you tell me why?" "Those are the rules." "Right, I know. I'm curious what the reason is. Why does having my uniform on matter? If I take a white shirt from luggage and put it on, suddenly my shoes aren't dangerous anymore?" "It's protocol." "But that's not a reason." And that's all he's going to take. "Supervisor!" he bellows. "Su-per-vis-or!" His voice is much louder than it needs to be, and is obviously designed to intimidate me. I'm reminded of a child calling for his mother to ward off a bully. "Su-per-vis-or!" Over comes the supervisor. He's a tall, well-built guy who looks like an ex-Marine. I introduce myself. "I just have a question, that's all." He nods and shakes my hand. "This guy won't take his shoes off," interrupts the guard. "He says we have to give him a reason." The word "reason" is snarled and sarcastic. "Excuse me," I answer. "First, I didn't refuse to take my shoes off. I was asking a question. And this is the United States of America. If you're going to search a person or make him remove articles of clothing, then yes, I think you do need to give him a reason." I'm startled when the supervisor lets me through. "It's OK, he can pass." His lackey gives me a look, then pulls away like he wants to go hide under the X-ray machine. I spend a minute or so talking with the supervisor. "I wasn't trying to be a jerk," I tell him. "I'm just mystified as to why a uniform is more important than actual credentials. Or maybe there is a legitimate reason ..." "You're supposed to be in uniform, technically," he says. "But it doesn't make any sense, I know." He shrugs and shakes his head. "Look, this is the government. You're dealing with the government." I have to say, that was the most refreshingly frank thing I've ever heard from a TSA employee. From rforno at infowarrior.org Sat Nov 3 04:07:41 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 03 Nov 2007 00:07:41 -0400 Subject: [Infowarrior] - Big Brother Eyes German Journalists Message-ID: SPIEGEL ONLINE - November 1, 2007, 05:48 PM URL: http://www.spiegel.de/international/germany/0,1518,514872,00.html PRESS FREEDOM UNDER ATTACK Big Brother Eyes German Journalists By Markus Brauck, Marcel Rosenbach and Markus Verbeet In the wake of 9/11, European countries have been busy enacting controversial mandatory data retention laws. Now draft legislation by the German government would make it easier to monitor virtually all communications by journalists -- effectively ending source confidentiality and press freedom. Press freedom in Germany is under attack. DPA Press freedom in Germany is under attack. It may soon no longer be a good idea to tell a journalist something confidential over the phone in Germany. It would also perhaps be prudent to avoid sending e-mails, faxes or text messages. In the future, sources might be better off furtively intercepting reporters on their way home, writing letters, or sending smoke signals. As of Jan. 1, 2008, this kind of cautious behavior may be advisable -- that is if the German parliament, the Bundestag, approves a bill next week that would effectively remove all protection of journalists' sources when it comes to telecom and Internet communications. If this happens, all newspapers and magazines will perhaps also be well advised to print warnings like the labels found on pharmaceutical and cigarette packaging: "Caution -- an effective protection of sources can no longer be guaranteed." < -- > http://www.spiegel.de/international/germany/0,1518,druck-514872,00.html From rforno at infowarrior.org Sat Nov 3 04:08:34 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 03 Nov 2007 00:08:34 -0400 Subject: [Infowarrior] - Is U.S. stuck in Internet's slow lane? Message-ID: Is U.S. stuck in Internet's slow lane? 'We're now in the middle of the pack of developed countries' says expert By Peter Svensson The Associated Press updated 8:54 p.m. ET, Tues., Oct. 30, 2007 NEW YORK - The United States is starting to look like a slowpoke on the Internet. Examples abound of countries that have faster and cheaper broadband connections, and more of their population connected to them. What's less clear is how badly the country that gave birth to the Internet is doing, and whether the government needs to step in and do something about it. The Bush administration has tried to foster broadband adoption with a hands-off approach. If that's seen as a failure by the next administration, the policy may change. In a move to get a clearer picture of where the U.S. stands, the House Energy and Commerce Committee on Tuesday approved legislation that would develop an annual inventory of existing broadband services ? including the types, advertised speeds and actual number of subscribers ? available to households and businesses across the nation. The bill, introduced by Rep. Ed Markey, D-Mass., is intended to provide policy makers with improved data so they can better use grants and subsidies to target areas lacking high-speed Internet access. He said in a statement last week that promoting broadband would help spur job growth, access to health care and education and promote innovation among other benefits. The inventory wouldn't cover other countries, but a cursory look shows the U.S. lagging behind at least some of them. In South Korea, for instance, the average apartment can get an Internet connection that's 15 times faster than a typical U.S. connection. In Paris, a "triple play" of TV, phone and broadband service costs less than half of what it does in the U.S. The Organization for Economic Co-operation and Development ? a 30-member club of nations ? compiles the most often cited international comparison. It puts the U.S. at 15th place for broadband lines per person in 2006, down from No. 4 in 2001. The OECD numbers have been vigorously attacked by anti-regulation think tanks for making the U.S. look exceedingly bad. They point out that the OECD is not very open about how it compiles the data. It doesn't count people who have access to the Internet at work, or students who have access in their dorms. "We would never base other kinds of policy on that kind of data," said Scott Wallsten, director of communications policy studies at the Progress and Freedom Foundation, a think tank that favors deregulation over government intervention. But the OECD numbers are in line with other international measures. Figures from the British research firm Point-Topic Ltd. put the U.S., with 55 percent of its households connected, in 17th place for adoption rates at the end of June (excluding some very small countries and territories like Macau and Hong Kong). "We're now in the middle of the pack of developed countries," said Dave Burstein, telecom gadfly and the editor of the DSL Prime newsletter, during a sometimes tense debate at the Columbia Business School's Institute for Tele-Information. Burstein says the U.S. is lagging because of low levels of investment by the big telecom companies and regulatory failure. Several of the European countries that are doing well have forced telephone companies to rent their lines to Internet service providers for low fees. The ISPs use them to run broadband Digital Subscriber Lines, or DSL, often at speeds much higher than those available in the U.S. The U.S. Federal Communications Commission went down this regulatory road a few years ago, but legal challenges from the phone companies forced it to back away. In 2004, President Bush called for nationwide broadband access by 2007, to be nurtured by an absence of taxation and little regulation. The U.S. is very close to Bush's goal, thanks to the availability of satellite broadband across the lower 48 states. But the Internet by satellite is expensive and slow. Nearly everyone may have access to the Internet, but that doesn't mean they're plugging in. Part of the problem may be that people don't see fast Internet access as an essential part of modern life, and may need more of a push to get on. The U.S. does have wider income disparities than many of the countries that are outdoing it in broadband, and people in poverty may have other priorities for their money. Dan Correa, research analyst at the Information Technology and Innovation Foundation, believes the U.S. needs a more "proactive" broadband policy, and compares the lack of government involvement in the field with the situation in other utilities, which are mostly heavily regulated. "In the 1930s, we recognized that electricity was essential. We're not quite at that level in broadband," Correa said. An FCC chairman appointed by a Democratic president in 2009 may agree. Current Democratic Commissioner Michael J. Copps has said broadband availability could be encouraged with tax incentives and loans to rural utilities. The United States doesn't look set to catch up to South Korea or even Canada (with 65 percent of households connected to broadband, according to Point-Topic) by then, because broadband adoption is slowing down after an initial growth spurt. In the last few weeks, the U.S.'s three largest Internet service providers reported adding 1.2 million subscribers in the third quarter, down from 1.54 million in the same quarter last year, according to a tally by UBS analyst John Hodulik. But the U.S. does have a few aces up its sleeve. Apart from satellite broadband it has widespread cable networks, which provide an alternative to DSL. Cable has some technical advantages over phone lines, and a new cable modem technology called Docsis 3.0 could allow U.S. Internet speeds to leapfrog those in countries dominated by DSL in a few years. On the phone side, the country's second largest telecommunications company, Verizon Communications Inc., is spending $23 billion to connect homes directly with super-fast fiber optics. "Twenty percent of the U.S. is getting a decent network," Burstein acknowledges. The new network can match or outdo the 100 megabits per second Internet service widely available in Japan and Korea, but Verizon isn't yet selling service at that speed. ___ AP Business Writer Dibya Sarkar contributed to this report from Washington, D.C. Copyright 2007 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. URL: http://www.msnbc.msn.com/id/21549824/ MSN Privacy . Legal ? 2007 MSNBC.com From rforno at infowarrior.org Sat Nov 3 18:34:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 03 Nov 2007 14:34:29 -0400 Subject: [Infowarrior] - Yes, You Are Old Message-ID: Blackboard | The Top 10 List Yes, You Are Old http://www.nytimes.com/2007/11/04/education/edlife/beloit.html?ref=edlife&pa gewanted=print For the last 10 years, Beloit College in lower Wisconsin has issued the Mindset List. The creation of Tom McBride, a humanities professor, and Ron Nief, the public affairs director, the popular list is distributed at the start of each academic year to faculty and staff (and the world at large) to remind them of the perspective of each year?s entering freshmen. Below are a few items from the decade?s lists. Class of 2010 ? ?The Phantom of the Opera? has always been on Broadway. ? A stained blue dress is as famous to them as a third-rate burglary was to their parents. ? Brides have always worn white for a first, second or third wedding. Class of 2009 ? For their daily caffeine emergencies, a Starbucks outlet has always been around the corner. ? They have always entered the Louvre through a pyramid. ? Snowboarding has always been a popular winter pastime. Class of 2008 ? They were born as the last Playboy Club was on its way out. ? They have always watched night games at Wrigley Field. ? AZT has always been an answer to AIDS. Class of 2007 ? Paul Newman has always sold salad dressing. ? Bert and Ernie are old enough to be their parents. ? What?s leaded gas? Class of 2006 ? A hotline is a consumer service rather than a phone used to avoid accidental nuclear war. ? They grew up in minivans. ? They grew up with cyberspace. Class of 2005 ? They were born about the same time as the PC and Mac. ? The Social Security system has always been on the brink. ? There has always been a hole in the ozone layer. Class of 2004 ? They have never heard a phone ?ring.? ? There have always been ATMs at banks. ? They neither know who Billie Joe was, nor ever wonder what he was doing on the Tallahatchie Bridge. Class of 2003 ? They never knew Madonna when she was like a virgin. ? They have no idea how big a breadbox is. ? Travel to space has always been accomplished in reusable spacecraft. Class of 2002 ? They have always cooked popcorn in the microwave. ? The expression ?You sound like a broken record? means nothing to them. ? They have no idea when or why Jordache jeans were cool. From rforno at infowarrior.org Sun Nov 4 03:47:23 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 03 Nov 2007 23:47:23 -0400 Subject: [Infowarrior] - Verizon Overrides Internet Searches With Its Own Results Message-ID: Verizon Overrides Internet Searches With Its Own Results Web search "tinkering" raises net neutrality concerns by Martin H. Bosworth ConsumerAffairs.Com November 3, 2007 http://www.consumeraffairs.com/news04/2007/11/verizon_search.html Subscribers to Verizon's high-powered fiber-optic Internet service (FiOS) are reporting that when they mistype a Web site address, they get redirected to Verizon's own search engine page -- even if they don't have Verizon's search page set as their default. The change has been advertised by Verizon as a way to help users reach the site they were trying to get to, but some are concerned that it's done more to gain revenue from advertisements placed on the Verizon search site. "It was the very first thing I noticed when Verizon finally got FiOS installed here the other day. Very annoying and hardly in the spirit of net neutrality, eh?," wrote one Webmaster World user, who originally had Google set as his default search engine. Verizon first rolled out what it calls its "Advanced Web Search" for FiOS subscribers in the Midwest in June 2007. The search redirects a mistyped Web site address, such as "comsumerafairs.com" rather than "consumeraffairs.com", to Verizon's own search page, containing a list of similar Web site addresses and advertisements powered by Google rivals such as Yahoo and Ask.com. Verizon, or any other Internet provider that uses a similar system, could generate revenue from the users visiting the pages, even if they don't click on the ads--or if they never intended to visit the site in the first place. Technology forums such as Broadband Reports and WebMasterWorld are reporting that Verizon has now extended its "Advanced Web Search" feature to FiOS subscribers in Maryland and Virginia as well. "How common is this - ISPs profitting from direct navigation failures? If it isn't then this is likely the wave of the future," wrote one peeved Web surfer. If you don't want to have your search results interfered with, Verizon has set up an "opt out" procedure to reset your DNS settings. Make sure to follow the directions carefully and run several test searches with mistyped addresses to make sure you get the right--or wrong, in this case--result. The Shape Of Things To Come? Using mistyped domain names to redirect users to search pages full of ads has been tried before, by Internet providers such as Cox and Earthlink. In order to redirect the user to the search sites, the user's Domain Name Service (DNS) settings are altered, which can interfere with previously set network security and safe Internet browsing features. It also raises the question of whether or not an Internet provider that automatically redirects a user's searches without telling them will also shape the results they do get, such as filtering their searches to get specific results. Preferential results from Internet providers is a prime concern for supporters of "net neutrality," the principle that all content on the Internet should be accessesd freely and equally. Supporters of net neutrality believe that Internet providers may redirect users from their preferred Web pages or content to content the provider favors--such as redirecting a user from Google's search page to Verizon's. Although Verizon opposes net neutrality, it has also said repeatedly that it would not block content or favor its own offerings over rivals--although it now appears to be doing just that. The telecom giant recently got into hot water over its blocking of text messages from abortion rights group NARAL, leading to a quick reversal. From rforno at infowarrior.org Sun Nov 4 15:06:50 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 04 Nov 2007 11:06:50 -0400 Subject: [Infowarrior] - DHS Retreats From Facets of 'Real ID' Message-ID: Homeland Security Retreats From Facets of 'Real ID' By Spencer S. Hsu Washington Post Staff Writer Sunday, November 4, 2007; A07 http://www.washingtonpost.com/wp-dyn/content/article/2007/11/03/AR2007110300 890_pf.html The Bush administration is easing its demand for tough national standards for driver's licenses, acting at the behest of state officials who say the "Real ID" plan is unworkable and too costly, officials familiar with the new policy said. While Homeland Security Secretary Michael Chertoff hailed an agreement with New York last week on more secure state identification cards for citizens as a sign that "the tide is moving more rapidly in favor of Real ID," his department is preparing to extend deadlines for the second time in a year and ease or take over responsibility for new security measures, the officials said. Chertoff had earlier announced that DHS would waive the original May 2008 deadline and set a new target of 2013 for getting all 245 million U.S. driver's licenses to comply with a national standard. Now, DHS may extend the original deadline by a decade, to 2018 for drivers older than 40 or 50 to reduce the costs associated with a projected surge of customers at state motor vehicle departments, the officials said. In a recent meeting, DHS policy official Richard C. Barth told state officials to expect Real ID's price tag to fall by "billions of dollars" as DHS eases previous demands that the new licenses be renewed every five years, that expensive, tamper-resistant materials be used to create the ID cards, and that each state develop its own document verification systems, those officials said. In an interview Friday, Barth's boss, DHS Assistant Secretary for Policy Stewart A. Baker, said the department is finalizing long-awaited regulations for a 90-day White House budget review, and has "listened hard to the states' concerns about possible costs and disruptions to their licensing procedures, and we are going to make changes in response to those concerns . . . and still provide the security the country expects." Extending Real ID deadlines to align with how state agencies register and renew license holders can shorten lines, reduce hiring and slash costs, Baker said. The changes also will make the process easier for older drivers, who are viewed as less of a security risk but are sometimes unable to provide reliable source documents such as birth certificates. Analysts inside and outside of government say the changes reflect the difficulties facing DHS, which has less experience in managing identification programs than the states do. The analysts said that the changes also reflect the high cost of Real ID and worries that the program already is opposed from the left and the right as a potential threat to individual privacy. Timothy Sparapani, senior legislative counsel for the American Civil Liberties Union, said DHS is weakening the program in a desperate bid to keep it alive. The ACLU and conservative libertarian groups that oppose Real ID view it as a de facto national ID with Orwellian implications. Eight states have passed legislation to opt out of the program, nine others have passed resolutions in opposition, and more will consider doing so this winter. "DHS is doing back flips in order to get states to say they are complying with Real ID," Sparapani said. "It was flawed in principle from the beginning, and DHS is attempting a 'Hail Mary' pass to try to coerce and convince states that what they are doing under existing statutes is acceptable." Brian Zimmer, president of the Coalition for a Secure Driver's License, a nonprofit advocacy group, said DHS "is doing its very best to manage the trade-offs between security, travel facilitation, cost for states and practical consideration in implementation." In 2005, Congress passed legislation mandating Real ID to standardize information that must be included on licenses, including a digital photograph, a signature and machine-readable features such as a bar code. Under the law, states also must verify applicants' citizenship status, check identity documents such as birth certificates, and cross-check information with other states and with Social Security, immigration and State Department databases. The new licenses must include features to thwart forgery and fraud, and drivers born after 1935 will have to present birth certificates or passports to obtain them. Supporters noted that all but one of the Sept. 11 hijackers acquired, legitimately or by fraud, IDs that allowed them to board planes, rent cars and move through the country. Congress approved $40 million in grants to states to cover some of the expenses this year. By comparison, the National Governors Association wants $1 billion next year as a down payment for states' start-up costs. From rforno at infowarrior.org Sun Nov 4 15:07:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 04 Nov 2007 11:07:29 -0400 Subject: [Infowarrior] - E.U. Seeks Data on American Passengers Message-ID: E.U. Seeks Data on American Passengers Airlines Would Report Personal Details of Europe-Bound Travelers By Ellen Nakashima Washington Post Staff Writer Sunday, November 4, 2007; A18 http://www.washingtonpost.com/wp-dyn/content/article/2007/11/03/AR2007110300 956_pf.html American travelers' personal data would for the first time be exported to all European Union states by airline carriers flying to Europe under a proposal to be announced this week. The data, including names, telephone numbers, credit card information and travel itinerary, would be sent to E.U. member states so they could assess passenger risk for counterterrorism purposes, according to a draft copy obtained by The Washington Post. The European Commission proposal would allow the data to be kept for 13 years or longer if used in criminal investigations and intelligence operations. It would cover all passengers flying into and out of Europe, not just Americans. Airlines already share data with U.S. authorities on passengers entering the United States. A handful of countries, including Canada and Australia, have similar laws. The European proposal was apparently modeled after an agreement signed in July between the United States and Europe dealing with passenger data from European flights entering and leaving the United States. Under the proposal by Franco Frattini, European commissioner for freedom, security and justice, airlines or computerized reservation systems would send at least 19 pieces of data on each passenger to data-analysis units set up by each state. The data fields also would include e-mail addresses, names of accompanying passengers and open ones for such special requests as meals or medical service. Under the proposal, no personal data that could reveal race, ethnicity, political opinions, religion, trade union membership or health or sex-life information could be transmitted. Any such data that was shared would have to be deleted immediately by the data-analyzing units, the proposal says. The proposal must be approved by all 27 E.U. states to become a Europe-wide law, though individual states could introduce their own programs. It would affect about 30 million people who fly from North America to Europe each year. The move is part of an effort to combat terrorism by sharing information globally, and it is fueling concerns of loss of privacy and control over personal data. "It almost becomes an arms race with one country adopting a data-gathering system without reflecting on whether or not the system is necessary," said Allison Knight, staff counsel for the Electronic Privacy Information Center. Frattini has made clear that he believes a policy requiring Passenger Name Record data from airlines would be beneficial to combating terrorism in light of terror attacks in Madrid and London. "The Union is at least as much a potential target of a terrorist attack as the United States, and the use and analysis of passenger name records is an important law enforcement tool to protect our citizens," Frattini told the European Parliament in September. The U.S. is "definitely open to the idea," Department of Homeland Security spokeswoman Laura Keehner said. "It would be fair of the Europeans to ask the same information of us that we're asking of them. We are open to finding ways to make our respective homelands secure." The U.S.-E.U. pact was opposed by civil libertarians and liberal politicians, many of whom have said they do not favor an E.U. equivalent. But some have suggested retaliating with a mirror policy. Sophie in 't Veld, a member of Parliament from the Netherlands, said Frattini's proposal would "undermine the credibility" of the E.U., which criticized the E.U.-U.S. pact. "We still do not have sufficient evidence of how effective the use of these data are in the fight against terrorists," she said. The European countries' units would analyze the data to identify people and their associates who may be involved in terrorism or organized crime. It would also create and update "risk indicators" for assessing them and provide intelligence on travel patterns and other trends relating to terrorist offenses and organized crime, according to the proposal. The data could be used in criminal investigations and prosecutions. James Harrison, a Sacramento attorney and director of the Identity Project, a privacy organization, said that the prospect of analyzing the data to create risk assessments is "alarming." "Congress forbids the U.S. from conducting algorithms on passenger data domestically," he said, referring to a ban on testing algorithms assigning risk to passengers not on government watch lists. "That is exactly what they are talking about here." E.U. officials said that all non-Europeans would be protected under the scheme by European states' data-protection laws, while U.S. privacy laws apply only to U.S. citizens. In the case of passenger data, the United States has extended administrative Privacy Act protections to non-U.S. citizens. The Department of Homeland Security also has an online redress site open to all. But, in 't Veld said, "Even if there were 27 excellent data protection schemes, if you are an American citizen, and travel around Europe for a month, who will you turn to? Ask yourself: How good is your Hungarian?" Another difference between the U.S.-E.U. pact and the European proposal deals with sensitive information such as religion, sexual orientation and union membership. Under the U.S.-E.U. deal, that information can be used in exceptional cases, "where the life of a data subject or of others could be imperiled or seriously impaired." Douglas Lavin, regional vice president North America for the International Air Transport Association, called the European proposal "a positive step" in terms of harmonizing data-sharing policies, but said he is concerned about an international patchwork dealing with passenger data. "We don't want to be faced with conflicting laws in this area," he said. From rforno at infowarrior.org Sun Nov 4 18:31:05 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 04 Nov 2007 14:31:05 -0400 Subject: [Infowarrior] - Comcast: Competion means we have to raise rates Message-ID: Corporate Doublespeak: By Forcing Competition On The Market, We Will Need To Raise Prices http://www.techdirt.com/articles/20071101/145432.shtml Earlier this week we wrote about plans by the FCC to ban deals that gave a single service provider exclusivity to an apartment building or housing development. Service providers (particularly the cable companies who locked many of them up) loved these deals as they were granted a guaranteed monopoly. Of course, most of us realize that monopolies are bad for consumers and lead to higher prices (monopoly rents and all). Yet, now that they're gone, Comcast is responding to the deal by saying that it's actually competition that will cause them to raise prices. Reader slide23 writes in to point out Comcast's corporate doublespeak: The following statement may be attributed to Sena Fitzmaurice, Senior Director of Corporate Communications and Government Relations: "Consumers in apartment buildings and condos across the nation received a blow today from the action taken by the FCC. The result of this decision is likely to be higher prices for services and years of litigation and uncertainty for consumers. The significant concessions building owners have been able to bargain for on behalf of their residents will be lost." Yes, Comcast is going to use the fact that they now have to compete within apartment buildings to raise prices. Or, so they say. Somehow, you get the feeling that once the local DSL providers starts offering faster/cheaper service, Comcast will have a change of heart on the matter. More seriously, perhaps what Comcast really means is that it believes these kinds of services are natural monopolies, which may actually be a defensible position. Of course, Comcast probably doesn't want to go down that path at all. Once you admit you're in a space where a natural monopoly makes sense, then you open yourself up to forced line sharing and (more importantly for Comcast...) regulations barring any kind of traffic discrimination. Given last week's Comcast kerfuffle over traffic jamming, the last thing the company should be doing is suggesting that competition hurts the space, because that just gives politicians all the ammunition needed to put network neutrality laws in place. The company can't really have it both ways. It can't go around saying it can run its network like a private company in a competitive market that doesn't need any regulation out one side of its mouth, while at the same time claiming that it's facing a natural monopoly where competition hurts the market out of the other side. From rforno at infowarrior.org Mon Nov 5 01:27:03 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 04 Nov 2007 21:27:03 -0400 Subject: [Infowarrior] - Apple ready to disable iPhones again Message-ID: Apple Set to Disable iPhone Apps ? Again http://apple20.blogs.fortune.cnn.com/2007/11/04/apple-set-to-disable-iphone- apps-again/ British reviewers who have tested the Apple (AAPL) iPhone that goes on sale in the U.K. Friday report that it comes pre-installed with a software update ? 1.1.2 ? that disables third-party applications. According to the British gadget website T3, the update closes the so-called TIFF exploit ? the software loophole used by hackers to ?jailbreak? version 1.1.1. This loophole allowed iPhone owners to install dozens of third-party apps, including such popular add-ons as Navizon (a location finder), Voice Notes (a voice recorder) and instant-messaging programs like Apollo and Mobile Chat. Thanks to one-click installations scripts like AppSnapp, these unauthorized iPhone add-ons have become almost mainstream. AppSnapp?s developers report that their software was downloaded 144,000 times in its first three days ? which suggests that as many as 1 in 10 iPhone owners could be in for a rude surprise when they upgrade their software next weekend. Some Apple bloggers ? led by Quincy Pince-Nez at 9to5 Mac ? advocate holding-off any iTunes and iPhone updates until programmers can find another way to install their apps. Apple would undoubtedly prefer that everybody wait until it releases its official iPhone software developers kit (SDK) in February, and Apple-sanctioned apps start to flow in. The update is also likely to disable ? and perhaps re-brick ? iPhones unlocked to work with cellular providers other than Apple?s official carriers (AT&T in the U.S., O2 in the U.K., T-Mobile in Germany and Orange in France). From rforno at infowarrior.org Mon Nov 5 11:41:25 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 05 Nov 2007 07:41:25 -0400 Subject: [Infowarrior] - ENISA: Security Issues and Recommendations for Online Social Networks Message-ID: Security Issues and Recommendations for Online Social Networks ENISA Position Paper : Security Issues and Recommendations for Online Social Networks (.pdf, 454 kB) 25 October 2007 Social Networking is like a ?digital cocktail party?: a powerful mixture of human social instincts and web 2.0 technology which is revolutionising the Internet. In this position paper, ENISA emphasises the many benefits of Social Networking but identifies 14 important threats. This leads to 17 recommendations on how Social Networking can be made safer. http://tinyurl.com/2gwjkg From rforno at infowarrior.org Mon Nov 5 11:50:13 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 05 Nov 2007 07:50:13 -0400 Subject: [Infowarrior] - No email privacy rights under Constitution, US gov claims Message-ID: Original URL: http://www.theregister.co.uk/2007/11/04/4th-amendment_email_privacy/ No email privacy rights under Constitution, US gov claims By Mark Rasch, SecurityFocus Published Sunday 4th November 2007 12:02 GMT On October 8, 2007, the United States Court of Appeals for the Sixth Circuit in Cincinnati granted the government's request for a full-panel hearing in United States v. Warshak case centering on the right of privacy for stored electronic communications. At issue is whether the procedure whereby the government can subpoena stored copies of your email - similar to the way they could simply subpoena any physical mail sitting on your desk - is unconstitutionally broad. This appears to be more than a mere argument in support of the constitutionality of a Congressional email privacy and access scheme. It represents what may be the fundamental governmental position on Constitutional email and electronic privacy - that there isn't any. What is important in this case is not the ultimate resolution of that narrow issue, but the position that the United States government is taking on the entire issue of electronic privacy. That position, if accepted, may mean that the government can read anybody's email at any time without a warrant. What is Privacy? In a seminal case (Katz v. United States in 1963) the US Supreme Court, over the strenuous objections of the US government, upheld the right of the user of a payphone to claim a right to privacy in the contents of those communications. The Court held that the Fourth Amendment right to be secure in your "persons, house, places and effects" against unreasonable searches and seizures protected people, not just places. Thus, to determine whether you had a right against unreasonable seizure - a kind of privacy right - the court adopted a two-pronged test: did you think what you were doing was private and is society willing to accept your belief as objectively reasonable? The method you use to communicate can effect both your subjective expectation of privacy and society's willingness to consider that expectation as "reasonable." Shouting a "private" conversation into a megaphone at Times Square would neither be subjectively nor objectively reasonable, if you wanted the conversation to be confidential. "Broadcasting" the conversation over the radio is likewise unreasonable. But, what about "broadcasting" it over an unsecured Wi-Fi router, analog cell phone, or cordless telephone? While certain statutes may make the interception of such communications unlawful, absent such statutes is there a Constitutional prohibition on listening in? Put more narrowly, if the cops listen in on your baby monitor, do they violate your "right to privacy," or do you give up your right by knowingly putting the monitor in little Timmy's room in the first place? Partial Waiver Do you have a "reasonable expectation of privacy" in the contents of email you send and receive at work, using a work computer, over a company supplied network, where the company has a "business use only" policy, and an employee monitoring policy that states that any communications may be monitored? Think about it. Indeed, the policy will go further and says "users have no expectation of privacy." But is this true? Or, is it even a good idea? Remember Katz? The Constitution only protects reasonable expectations of privacy. If you have no reasonable expectation of privacy in your email, then the examination of the contents of your email by anyone for any purposes is not an invasion of privacy and raises no Fourth Amendment concerns. What you really mean in your policy is that your employer (your supervisor, the IT staff, HR, legal, etc.) may examine the contents of your e-mail for legitimate reasons and if they choose to, disclose the contents to whatever third parties they deem reasonable. Fair enough. But, it also means that you can't read your bosses' email or your co-workers' email, just because you are curious. Why not? Because they have an "expectation of privacy" in their email. Privacy is not like virginity - you either have it or you don't. You can have privacy rights with respect to some uses by some people and not with respect to other uses by other people. Right? Well, not according to the government. No Constitutional Privacy In arguing that the government did not necessarily need a wiretap order to obtain the contents of Mr. Warshak's email from his ISP, the government argued that the Fourth Amendment did not preclude a mere subpoena because users of ISPs don't have a reasonable expectation of privacy. The government argued: ... any expectation of privacy can be waived [citing case holding that a privacy disclaimer on a bulletin board "defeats claims to an objectively reasonable expectation of privacy."] Many employees are provided with e-mail and Internet services by their employers. Often, those employees are required to waive any expectation of privacy in their email each time they log on to their computers. [Court] orders directed to the email of employees who have waived any possible expectation of privacy do not violate the Fourth Amendment. Now, we are not talking about cases where the employer reads someone's email and decides to give it to the government, or where the employer consents to the search by the FBI. Essentially, the Justice Department is arguing that when you give up your privacy rights in an e-mail policy vis-a-vis your employer, you waive any Constitutional claim to privacy if the government decides to just take it - even without the knowledge or consent of the employer. Once you give up privacy in an email policy, the game is over. Since the Fourth Amendment only protects legitimate privacy rights, and you have no privacy in email, theoretically (absent a statute that prohibits it) the government could constitutionally walk in and just take anyone's files. Wow. But then the government goes on: they note "some email accounts are abandoned, as when an account holder stops paying for the service and the account is cancelled." There "can be no reasonable expectation of privacy in such accounts." Oh really? So if I decide not to keep paying Comcast, then not only to I potentially lose Internet service, but the government can then read every email I ever wrote or received? Better pay the bill, then. When I terminate my service, I am terminating my right of use - not "abandoning" my privacy rights. A few years ago, when an US soldier was killed in Fallujah, Yahoo had to decide whether his parents could legally access the email in his account, an account that Yahoo's policy terminated at the soldier's death. The case was resolved with a consented to court order allowing such access, but the government's argument would be that when you die your account terminates and your email is up for grabs. In other words, don't die with email in your account and don't get any email after you die. The government again goes on: ... hackers may obtain internet services and email accounts using stolen credit cards. Hackers maintain no reasonable expectation of privacy in such accounts. So the privacy of your communications may be determined by the legitimacy of the method by which you pay for such communications? Bounce a check to the phone company and the government can listen in to your phone calls? Or buy a cell phone with a stolen credit card, and the government can read your text messages? The most distressing argument the government makes in the Warshak case is that the government need not follow the Fourth Amendment in reading emails sent by or through most commercial ISPs. The terms of service (TOS) of many ISPs permit those ISPs to monitor user activities to prevent fraud, enforce the TOS, or protect the ISP or others, or to comply with legal process. If you use an ISP and the ISP may monitor what you do, then you have waived any and all constitutional privacy rights in any communications or other use of the ISP. For example, the government notes with respect to Yahoo! (which has similar TOS): Because a customer acknowledges that Yahoo! has unlimited access to her email, and because she consents to Yahoo! disclosing her email in response to legal process, compelled disclosure of email from a Yahoo! account does not violate the Fourth Amendment. The government relied on a Supreme Court case where a bank customer could not complain when the government subpoenaed his cancelled checks from the bank itself and where the Court noted: The checks are not confidential communications but negotiable instruments to be used in commercial transactions. All of the documents obtained, including financial statements and deposit slips, contain only information voluntarily conveyed to the banks and exposed to their employees in the ordinary course of business. In essence, the government is arguing that the contents of your emails have been voluntarily conveyed to your ISP and that you therefore have no privacy rights to it anymore. In a previous proceeding in Warshak, the government went even further, arguing that automated spam filters, antivirus software, and other automated processes that examine the contents of your email, establish that you cannot possibly expect your communications to be private. What is silly about this is the fact that, at least for the government, the argument is unnecessary. The Fourth Amendment protects against "unreasonable" invasions of privacy interests. The government could effectively argue that, by obtaining a subpoena or other court order for the records which are relevant to a legitimate investigation, the search or seizure is reasonable, and therefore comports with the Fourth Amendment. All subpoenas and demands for documents infringe some privacy interest, and unless overbroad, they are generally reasonable. The statute which permits government access to stored communication pursuant to a mere subpoena may likewise be perfectly reasonable and may withstand constitutional scrutiny. But that doesn't mean that the Constitution doesn't apply. No, the government is seeking to eliminate any Constitutional privacy interest in email. Under this standard, if the FBI walked into your employer or ISP, and simply took your email (no warrant, no court order, no probable cause, no nothing), you would have no constitutional argument about the seizure, because you had abandoned your expectation of privacy. This appears to be more than a mere argument in support of the constitutionality of a Congressional email privacy and access scheme. It represents what may be the fundamental governmental position on Constitutional email and electronic privacy - that there isn't any. And that, frankly, scares me. This article originally appeared in Security Focus (http://www.securityfocus.com/columnists/456). Copyright ? 2007, SecurityFocus (http://www.securityfocus.com/) Mark D. Rasch, J.D., is a former head of the Justice Department's computer crime unit, and specializes in computer crime, computer security, incident response, forensics and privacy matters as Managing Director of Technology for FTI Consulting, Inc. From rforno at infowarrior.org Mon Nov 5 12:27:24 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 05 Nov 2007 08:27:24 -0400 Subject: [Infowarrior] - UCLA Law School joins others to pry into judicial secrecy Message-ID: UCLA Law School joins others to pry into judicial secrecy By Henry Weinstein, Los Angeles Times Staff Writer November 3, 2007 http://www.latimes.com/news/local/la-me-secrecy3nov03,1,1247556.story?coll=l a-headlines-california&ctrack=2&cset=true UCLA Law School and the Rand Corp. launched an alliance Friday to study secrecy in the nation's civil justice system. Attorneys and legal scholars spent the day at a conference at the law school debating just how much secrecy there is and whether any of it is justified. "This subject could not be more timely," said UCLA Law School Dean Michael Schill. "Transparency in our civil justice system is incredibly important for its legitimacy." At the same time, he said, privacy trumps transparency on some occasions. Michael Rich, Rand's executive vice president, expressed dismay that in recent years the civil justice system has seemed to be moving away from public scrutiny, with fewer trials being held, more private judges operating outside the normal court system and a proliferation of cases settled with confidentiality agreements. "If the system is more opaque, it makes policy analysis more difficult and makes the system more susceptible to ideology," Rich said. Los Angeles plaintiffs' lawyer Tom Girardi talked at length about the difficulties of deciding whether to settle cases confidentially. Girardi said he is troubled by a confidentiality agreement he signed 25 years ago on behalf of a boy who alleged he was molested by a Catholic priest. As a Catholic who attended Catholic schools for his entire education, Girardi said he had doubts about the client's claims at the time. Then when the massive pedophilia scandal in the Catholic Church came to public light, Girardi said he learned that the priest had molested 17 kids. "My confidentiality agreement" probably had negative consequences for all of these kids, Girardi acknowledged. The rate of resolution by trial for federal court cases in 2002 was less than a sixth of what it was in 1962, according to an initial description of the project handed out at the conference. Speakers also discussed just how big an effect private judging, also known as alternative dispute resolution, is having. Kenneth R. Feinberg, who served as the special master of the federal September 11 Victim Compensation Fund, scoffed at the idea that private judging "is going to replace the civil justice system." But U.S. District Judge Terry J. Hatter Jr., who has been on the federal bench in Los Angeles for nearly 30 years, said, "I do worry. I see a two-tier system," in which well-heeled litigants opt for private judging rather than waiting for their cases to be heard in federal courts. Girardi said he uses public trials as well as private judges. But Hatter countered: "Most people can't get to you. Most people who use Danny are not economically deprived," he said referring to Daniel Weinstein, a highly regarded private judge with JAMS in San Francisco, who also was a panelist Friday. Cynthia Lebow, who practices law in Westwood, urged representatives of Rand and the law school to come to grips with the problems ordinary consumers face when they get involved in a dispute with a large corporation. "Virtually every time you go to a doctor now in California, you are asked to sign a mandatory arbitration agreement" when you go in for services, Lebow said. "Most of the time you don't even know it. You are signing a bunch of papers on a clipboard and you are being put into a system with no transparency and tremendous ethical issues." California Chief Justice Ronald George delivered the keynote address at lunch. He said "courts increasingly have recognized that secrecy should be kept to a minimum." In the past decade, the state Judicial Council has adopted rules that "expressly presume that the press and the public are entitled to court records," he said. "Any sealing of court records must be narrowly defined." On the other hand, he noted that a crumbling infrastructure hurts public involvement in the court system. He said a number of California courthouses are in terrible condition. Without better conditions, George said, "It is difficult to imagine a court system that the public can know, understand and appreciate, or that by any measure can be effectively transparent in its operations." henry.weinstein at latimes.com From rforno at infowarrior.org Mon Nov 5 13:01:04 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 05 Nov 2007 09:01:04 -0400 Subject: [Infowarrior] - Waterboarding Ignorance Message-ID: It's time for a quick political rant. It's shameful that "America" and "torture" have become national-level policy debates, and it's something I'm embarrassed at my country for allowing even become an issue. I still can't believe we're actually discussing this. It's also shameful that politicians can claim such woeful ignorance to a 'technique' that is at the center of a national controversy, and expect that *anyone* would believe they're as clueless as they let on. One would think if it was a DC sex scandal, they'd be falling over themselves burning up the phones, libraries, and Intertubes to find out all they could about the matter. But no -- they continue to insult our intelligence.....to wit: General says waterboarding could save U.S. lives http://www.ajc.com/metro/content/news/stories/2007/11/02/Honore_1103.html Army General Russell Honore recently told 900 Georgia middle schoolers, "the general public shouldn't be so quick to condemn the use of waterboarding as an interrogation technique." He added "I don't know much about it, but I know we're dealing with terrorists who do some very awful things to people." State Department Legal Advisor: http://www.guardian.co.uk/usa/story/0,,2205187,00.html "One would have to apply the facts to the law to determine whether any technique, whatever happened, would cause severe physical pain or suffering," Bush Lauds Attorney General Nominee http://www.washingtonpost.com/wp-dyn/content/article/2007/11/03/AR2007110300 290.html "Mukasey has called waterboarding personally offensive, but in response to questions from senators, he said he didn't know enough about it to legally define it as torture." Sen Fred Thompson on Meet The Press yesterday http://www.msnbc.msn.com/id/21623208/ "You?re talking about techniques. We?re having a big public debate now on a technique which I know very little about. It sounds very gruesome to me." ...and so on, and on, and on. Okay, folks -- here's a simple explanation of "torture" as defined by Rick: "If you wouldn't want something done to you against your will because it'd hurt you, kill you, or make you wish you were dead or unconscious, it's probably torture as definated by any reasonable national or international convention (if not also standard of human decency.)" But since they're all are so blatantly ignorant to the methods involved, may I suggest they check out these links: http://en.wikipedia.org/wiki/Waterboarding http://abcnews.go.com/WNT/print?id=1322866 http://current.com/pods/controversy/PD04399 (video demonstration) ... And if theyre really desparate for knowledge, http://www.google.com/search?q=waterboarding And if that's not enough, and if Mukasey, Honore, and any number of politicos around town remain confused as to what waterboarding is, may I suggest they conduct their own research and test the waters themselves. Quit embarrassing our society and disgracing our country -- nobody's buying your story or believing your ignorance. -rick Infowarrior.org From rforno at infowarrior.org Mon Nov 5 20:41:16 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 05 Nov 2007 15:41:16 -0500 Subject: [Infowarrior] - EPIC is hiring Message-ID: Job Announcement Position: Staff Counsel Deadline: November 30, 2007 The Electronic Privacy Information Center (EPIC) is a leading privacy and civil liberties organization, based in Washington, D.C., working to protect the public interest and to promote the Public Voice in decisions concerning the future of the Internet. EPIC pursues public interest litigation, conducts public education, testifies in Congress, organizes conferences, coordinates grassroots advocacy, and publishes books, reports, and an online newsletter. EPIC maintains several well-regarded web sites, such as privacy.org, thepublicvoice.org, and privacycoalition.org. EPIC is seeking a smart, energetic, hard working, and creative individual to serve as full-time Staff Counsel in our Washington, D.C. offices. EPIC is committed to diversity in the workplace and an equal opportunity employer. How to Apply: Send a cover letter, resume, legal writing sample (5 to 7 pages), and three references by e-mail to jobs AT epic.org with the subject line: Staff Counsel Position. Or by postal mail to: Lillie Coney, Associate Director RE: Staff Counsel Position Electronic Privacy Information Center 1718 Connecticut Avenue NW, Suite 200 Washington, DC 20009 Qualifications: * A law degree and legal license in at least one jurisdiction * Strong academic background, such as GPAs of 3.3 or higher on a 4.0 scale and a law review position * Knowledge of emerging issues concerning privacy, technology, consumer rights, civil liberties, civil rights, human rights, identity management, and government surveillance * Excellent legal writing and advocacy skills * Strong oral communication skills * Ability to produce quality work product in short time frames * Ability to work independently and as part of a team * Dedication to protecting the public interest in privacy, civil liberties, civil rights, and consumer issues Responsibilities: * Research and gain experience and authority in consumer protection, database security, identity management and other electronic privacy issues * Research, prepare, and edit legal briefs, memos, and analytical reports on such issues in a variety of forms including: agency comments, Congressional testimony, agency complaints, newsletter articles, books, and Web pages * Submit and manage projects related to the Freedom of Information Act as part of EPIC's Open Government Project * Engage and educate journalists, legislators, students, and the general public on electronic privacy issues through public speaking engagements and on-air interviews * Work in harmony with staff and clerks * Work independently and as part of a team to complete assignments within deadlines * Contribute to and manage other tasks as assigned that support EPIC's mission to educate and inform the public, policymakers, academics, and the media on privacy, civil liberty, civil rights, human rights, and consumer protection issues Salary and Benefits: Salary is commensurate with experience and skills and begins at $40,000. EPIC also offers an excellent benefits package including health, vision, and dental insurance. Deadline: Applications will be accepted until November 30, 2007. EPIC Home Page Last Updated: October 30, 2007 Page URL: http://www.epic.org/epic/jobs.html From rforno at infowarrior.org Mon Nov 5 20:41:55 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 05 Nov 2007 15:41:55 -0500 Subject: [Infowarrior] - Briefing: Panic in the music industry Message-ID: Briefing: Panic in the music industry http://theweekdaily.com/news_opinion/briefing/28194/briefing_panic_in_the_mu sic_industry.html As young people download singles off the Internet and CD sales collapse, record companies are scrambling for new ways to make money. But are the companies?and the CDs they sell?already obsolete? What has happened to the big record companies? They?ve become casualties of the digital age. As recently as 1999, the recorded-music business was booming, with revenues totaling $14.6 billion in the U.S. alone. But when all music became available in digital form, it became easy to copy it or steal it and share it on the Internet. By 2006, U.S. revenues had plummeted to $11.5 billion, and the decline shows every indication of accelerating. Through the first half of this year, CD sales are running a full 20 percent below last year. One stark sign of the collapse is the new definition of a ?hit.? In the old days?that is, seven years ago?an album would have to sell about 500,000 copies to reach No. 1. But Johnny Cash?s posthumous release last June reached the top of the Billboard charts after selling only 88,000 copies. In today?s highly fragmented market, hit records also have far less staying power than when albums such as Michael Jackson?s Thriller held the top spot for months at a time. ?Almost every core operating principle in the recorded-music business has been shaken or challenged,? said Edgar Bronfman, chairman of Warner Music Group. Is music losing its popular appeal? Not in the slightest. But the digital revolution has turned the business upside down. Thanks to music-downloading sites on the Web, young people are spending more time than ever listening to music on their computers and iPods. The problem is that many of them either are not paying for the tunes or are paying a lot less than they would be if they were still buying full albums on CD. One study found that consumers downloaded 50 billion songs in 2006, most of them illegally?costing the industry $12.5 billion in lost revenue. But it?s not just paying customers who are deserting the record companies. A growing number of musicians, including some big stars, have concluded that they no longer require the record companies? services. What are they doing instead? They?re cutting out the middleman?the record companies?and taking their work directly to customers. It started a few years ago, when such artists as feminist folkie Ani DiFranco began handling their own recording and distribution. Now, a handful of superstars have also decided they can live without a major label. Madonna just left Warner Music, her label for 25 years, to sign a $120 million deal with concert promoter Live Nation, which will oversee everything from record distribution and live performances to merchandise sales. For their most recent albums, Paul McCartney and Joni Mitchell turned over their distribution to a distinctly nontraditional player in the music biz: Starbuck?s. ?It?s a new world now,? McCartney explained. ?People are thinking of new ways to reach the people.? How is the industry responding? Not very effectively so far. The industry seems to have devoted most of its energy to largely futile efforts to prevent illegal downloading. It can claim some legal victories, most recently in October, when an industry association successfully sued Jammie Thomas, a 30-year-old single mother in Minnesota, for downloading 24 songs. She was ordered to pay damages of $220,000?or $9,250 per song. But while it?s understandable that an industry would want to crack down on people stealing its product, the notion of big companies hunting and suing single moms and students has been a public-relations disaster. Besides, as one music executive told the Los Angeles Times, piracy is impossible to stop. ?You can?t stomp it out. People are going to get it one way or another.? What can record companies do? The record industry has to find new ways of making money that do not depend on selling CDs for $16 apiece. Most companies now sell at least some of their catalog through iTunes, while some labels are experimenting with offering free downloads through their Web sites, hoping to entice consumers to buy some of an artist?s or band?s other songs. At the same time, the companies are devoting more resources to parts of the business that just a few years ago were mere afterthoughts or that didn?t even exist. Indeed, some record-industry visionaries say the future won?t have much to do with making physical ?records? at all. So what would music labels sell? Music?but through a more ?holistic? approach, tapping all kinds of revenue sources. The labels are already trying to re-create themselves as full-service firms that can help recording artists produce revenue in the form of CDs and downloads, concert tickets, merchandising, and licensing fees from movies and television, advertising, and mobile-phone ringtones. Ringtones, in fact, are now the fastest-growing source of music-industry revenue. ?I find myself, when I?m signing a record deal now, asking, ?Can this sell as a ringtone??? said Steve Rifkind, president of SRC, a label affiliated with Universal. It remains to be seen whether such alternative strategies will save the day. ?Everybody?s still hoping for the best,? said Joe Nardone, owner of Gallery of Sound, a chain of Pennsylvania record stores. ?But the best ain?t what it used to be.? From rforno at infowarrior.org Tue Nov 6 15:07:25 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 06 Nov 2007 10:07:25 -0500 Subject: [Infowarrior] - Political QOTD Message-ID: During (yesterday's) today?s White House press briefing, spokeswoman Dana Perino condemned Gen. Pervez Musharraf?s declaration of ?emergency rule? in Pakistan. She said that the administration is ?deeply disappointed? by the measure, which suspends the country?s constitution, and believes it is never ?reasonable? to ?restrict constitutional freedoms in the name of fighting terrorism?: Q: Is it ever reasonable to restrict constitutional freedoms in the name of fighting terrorism? MS. PERINO: In our opinion, no. *snarfs coffee* Source, and add'l information: http://thinkprogress.org/2007/11/05/musharraf-freedom/ Yes, TP is a left-leaning entity, I realize that...but this was too 'amusing' of a quote not to pass along.....--rf From rforno at infowarrior.org Tue Nov 6 15:16:05 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 06 Nov 2007 10:16:05 -0500 Subject: [Infowarrior] - CFP: ICIW 2008 In-Reply-To: Message-ID: ICIW 2008 3rd International Conference on Information Warfare and Security Peter Kiewit Institute, University of Nebraska, Omaha, USA 24-25 April 2008 Hello This is the final call for papers for the 3rd International Conference on Information Warfare and Security which will be held at the Peter Kiewit Institute, University of Nebraska, Omaha, USA on the 24-25th April 2008. Please read the full http://academic-conferences.org/iciw/iciw2008/iciw08-call-papers.htm . Abstract submissions are due on 15th November. You can find full details on the conference website at http://academic-conferences.org/iciw/iciw2008/iciw08-home.htm If you would like a .pdf copy of the call for papers for your notice board, please email me. Please feel free to circulate this message to any colleagues or contacts you think may be interested. Kind regards Sue Nugus Conference Director From rforno at infowarrior.org Tue Nov 6 20:57:24 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 06 Nov 2007 15:57:24 -0500 Subject: [Infowarrior] - File-sharing pirates attempt new software standard Message-ID: File-sharing pirates attempt new software standard http://news.yahoo.com/s/nm/20071106/wr_nm/pirates_software_dc&printer=1;_ylt =Ajzp5o8ZmOMth_65fW4BHl0h2.cA By Jim Finkle1 hour, 7 minutes ago A Swedish Web site that promotes trading of pirated movies is developing a new software standard for Internet downloads in a move that could make it easier to swap media files, which is illegal in many countries. The Pirate Bay, http://thepiratebay.org, is the biggest ad-supported site using the software of BitTorrent Inc. The program has been a good match for Internet denizens looking to pick up free downloads of copyrighted media, from Harry Potter movies to Xbox 360 video games. But BitTorrent has seen some long-awaited success in working with major media companies, and as its ties with the industry grow, it might add features to discourage trading pirated materials, said Pirate Bay's co-founder, Peter Sunde. "If they go and do something stupid, it will affect a lot of people," Sunde said in an interview, noting the site gets 1.5 million visitors on a typical day. He said he hopes to have the first version of the software ready early next year and has asked for developers to pitch in at Web site http://securep2p.com. BitTorrent says it has little to lose. "We are not really disappointed here," Ashwin Navin, president and co-founder of BitTorrent, told Reuters. "The pirate community has never paid us a dime." He estimates there are about 150 million people using the technology. The company last month launched an Internet distribution service for media companies that he bets will boost users to about 1 billion over the next 18 to 24 months. Its first customer is Brightcove, a Web distributor of video for CBS Corp, News Corp's Fox Entertainment Group, Viacom Inc and New York Times Co. Eric Garland, chief executive of BigChampagne, a company that tracks file sharing, said it is reasonable for Pirate Bay to feel threatened by such deals. "Future development (of BitTorrent software) will almost certainly be focused on things that do not benefit or further the aims of the pirate," Garland said. Somebody will definitely develop a standard that is better for sharing files than BitTorrent, said Garland, who has watched such programs come and go over the years. If pirates play their cards right, they could be the ones to do it, he added. PIRACY PROWESS In May of last year the Motion Picture Association of America claimed victory over Pirate Bay after Swedish authorities confiscated the site's computers. But the site was back online three days after the raid, in a stark example of pirates' ability to survive. Pirate Bay then moved their servers to secret locations. "Even we don't know where they are. They are spread across Europe," Sunde said. He and his partners thumb their noses at U.S. and European copyright laws in letters to studios and game makers, who send them cease-and-desist letters that they post on their site. "Sweden is not a state in the United States," says one. "It is the opinion of us and our lawyers that you are ... morons." BitTorrent software was developed six years ago and sought to reduce costs of distributing files over the Web. Sites like Pirate Bay post blueprints of files, rather than the files themselves, and instruct downloading computers where to find the material on machines potentially scattered around the globe. A single file can be downloaded in pieces from many machines, which keeps congestion down and speeds delivery. Pirate Bay also wants to raise $50,000 to buy an island and create its own nation-state where piracy would be legal. So far it has about $20,000, Sunde said. Its three founders face criminal charges related to piracy, but they're not worried because the stiffest sentence they could get in Sweden if found guilty is a $300 fine, Sunde said. "I don't believe what we are doing is a crime," he said. "It is a stupid game," he added, referring to the legal proceedings. (Editing by Brian Moss and Braden Reddall) From rforno at infowarrior.org Tue Nov 6 20:58:28 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 06 Nov 2007 15:58:28 -0500 Subject: [Infowarrior] - Battle over PATRIOT Act appeal brews Message-ID: Battle over PATRIOT Act appeal brews as critical testimony is gagged By Ryan Paul | Published: November 06, 2007 - 10:43AM CT http://arstechnica.com/news.ars/post/20071106-battle-over-patiot-act-appeal- brews-as-critical-testimony-is-gagged.html The government has appealed a September federal court ruling that struck down the National Security Letter (NSL) provision of the PATRIOT Act. The NSL provision, which can be used without probable cause or judicial oversight, gives the FBI the ability to secretly demand access to the private records of libraries, Internet service providers, and other organizations. National Security Letters also impose gag restrictions on recipients, which forbid them from disclosing that they have received the letter. In a strongly-worded ruling issued earlier this year in a lawsuit brought by the American Civil Liberties Union on behalf of an anonymous Internet service provider, federal court judge Victor Marrero wrote that the NSL provision of the PATRIOT Act represents an unconstitutional deprivation of First Amendment rights and threatens to undermine the Separation of Powers doctrine by expanding the executive branch's authority to the detriment of governmental accountability. The government has now appealed Marerro's ruling and will continue to fight for the preservation of the PATRIOT Act in court. "If Congress were able not only to enact the substance of legislation, but also to prescribe the precise corresponding rule telling the courts what level of scrutiny to apply in properly gauging the constitutionality of the statute's application in practice," wrote Marerro in his ruling, "the barriers against government abuse that the principles of separation and balance of powers were designed to erect could be severely compromised, and may eventually collapse, with consequential diminution of the judiciary's function, and hence potential dire effects to individual freedoms." Critics of the controversial NSL provision argue that it enables law enforcement agents to circumvent due process. This criticism is particularly significant in light of recent revelations of troubling irregularities discovered by the Office of the Inspector General during an investigation of the FBI's NSL practices. Critics also point out that the NSL gag orders conflict with basic First Amendment rights by censoring affected parties and preventing them from participating in any debate about the implications of the PATRIOT Act. In a statement issued yesterday by the American Civil Liberties Union, a representative of an ISP voiced concerns about the National Security Letter gag orders and expressed frustration at being unable to testify during recent Congressional inquiry regarding the involvement of telecommunications companies in the NSA wiretap program. As a result of the gag order, the speaker is forced to remain anonymous and cannot disclose specific details regarding the National Security Letters that his company has received. "Perhaps the most harmful consequence of the gag provisions is that they make it difficult or impossible for people like me?people who have firsthand experience with the NSL statute?to discuss their specific concerns with the public, the press, and Congress. This seems to be counterintuitive to everything I assumed about this country's commitment to free speech and the value of political discourse," the ISP representative wrote. "It has been especially frustrating to be operating under a gag order while Congress is considering whether to grant immunity to telecommunication companies that illegally disclosed information to the NSA. It is unfathomable to me that Congress is considering granting immunity to these companies that acted illegally while those who resisted illegal demands are prohibited even from identifying themselves or explaining their actions publicly." Advocacy groups like the ACLU hope that the courts will uphold Judge Marrero's ruling so that National Security Letter provision can be eliminated and the FBI will be forced to adhere to the rule of law as it pursues future investigations. From rforno at infowarrior.org Wed Nov 7 00:14:23 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 06 Nov 2007 19:14:23 -0500 Subject: [Infowarrior] - Prince threatens to sue his fans over online images Message-ID: Prince threatens to sue his fans over online images Owen Gibson, media correspondent Wednesday November 7, 2007 The Guardian http://music.guardian.co.uk/news/story/0,,2206460,00.html He's a singer who has made some odd career moves in his time, from changing his name to an unpronounceable love symbol to scrawling "slave" on his cheek in protest at his record company. But industry experts yesterday warned that Prince's latest decision might be the most controversial of all. He has threatened to sue thousands of his biggest fans for breach of copyright, provoking an angry backlash and claims of censorship. His lawyers have forced his three biggest internet fansites to remove all photographs, images, lyrics, album covers and anything linked to the artist's likeness. A legal letter asks the fansites to provide "substantive details of the means by which you propose to compensate our clients [Paisley Park Entertainment Group, NPG Records and AEG] for damages". Article continues The singer himself is believed to take a close interest in unofficial use of his image and music, monitoring websites from his sprawling Paisley Park studio complex in Minneapolis. A coalition named Prince Fans United, representing Housequake.com, Princefans.com and Prince.org, has been formed by the website organisers to fight back. They said they would contest the action on the basis that it was an attempt "to stifle all critical commentary about Prince". They added that the "cease and desist" notices went as far as calling for the removal of pictures taken by fans of their Prince tattoos and their vehicles carrying Prince-inspired licence plates. "It's a really short-sighted and futile move," said Nicola Slade, editor of the industry newsletter Record of the Day. "Prince has got a lot of fans and as he's decided to take a more leftfield approach to releasing his material, he should be nurturing the relationship. I'm shocked, really." The singer had been considered to be in the vanguard of efforts by some artists to cut record labels out of the equation and forge their own relationships with fans through the web and live concerts, having been one of the first to sell music directly to fans via his website. He recently completed a 21-night residency at London's O2 arena, effortlessly mixing up the setlist each night to draw on a rich back catalogue that includes Purple Rain, Raspberry Beret, Kiss and Sign o' the Times, and was lauded for a genius marketing move in giving away his CD to concertgoers and with copies of the Mail on Sunday. Alex Burmaster, an analyst at Nielsen Online, said: "It's a paradox that a musician who has done so much to bring himself closer to his fans, particularly with his 'them and us' crusade against the record labels, should be engaging in a course of action that effectively removes the raison d'etre of fansites. "But it's the mark of the man who always goes against the grain that he should be doing this at a time when other artists and their labels are suddenly embracing the social media phenomenon." In 1993, amid a bitter dispute with the record label, Prince changed his name to an unpronounceable "love symbol" as a step towards his "ultimate goal of emancipation from the chains" that he said tied him to Warner Bros. Yesterday's move follows an earlier declaration of war on copyrighted material hosted by web giants such as YouTube and eBay. In September, he appointed the internet company Web Sheriff to police the removal of up to 2,000 clips from YouTube. Web Sheriff managing director, John Giacobbi, said at the time that the singer wanted "to create a template for other artists". "Prince doesn't really want to go around suing people - he'd much rather people just respected his rights. He will be victorious," he said. Controversy followed this decision, too, when a mother from Pennsylvania posted a clip of her baby dancing to his 1984 hit Let's Go Crazy and Prince's lawyers demanded it was taken down. Lawyers at the Electronic Frontier Foundation have vowed to contest the claim on her behalf, saying the song is hardly audible and constitutes fair use. By going after the Google-owned YouTube, Prince was merely following the lead of a handful of other big rights owners - including MTV-owner Viacom, the estate of Elvis Presley and the Premier League - that believe the video sharing site makes advertising revenue off the back of their copyrighted content. But while some artists have resorted to the law in an attempt to persuade websites or internet providers to remove pirated songs and there have been disputes over lyrics, most decided long ago that it was counterproductive to attempt to get fans to remove images and album covers. "You can get things taken down, the legal tools are there to do it," said Caroline Kean, a partner at the law firm Wiggin. "The reason people don't is partly practical, because there are so many images, but also due to the bad publicity you get from going after your biggest fans. Most people soon realised it was counter-productive." A spokeswoman for the fans' campaign said the sites had always tried to work with Prince's management. But it appeared that Prince wanted to edit his past and there was "no sign" of his lawyers backing down, she said. "He's trying to control the internet 100% and you can't do that without infringing people's freedom of speech," she added. From rforno at infowarrior.org Wed Nov 7 00:16:22 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 06 Nov 2007 19:16:22 -0500 Subject: [Infowarrior] - FBI Data Mined Grocery Stores Message-ID: "Total Falafel Awareness" anyone???? First Pizza, Now Falafel as Tell-Tale Sign of Terror By Noah Shachtman EmailNovember 06, 2007 When word broke in 2002 that the feds were picking out terror suspects based on what they ordered for dinner, most observers figured it was a glitch during the War on Terror's beta test -- a one-time overreach. Turns out the strategy has been employed again. "The FBI sifted through customer data collected by San Francisco-area grocery stores in 2005 and 2006, hoping that sales records of Middle Eastern food would lead to Iranian terrorists," CQ's Jeff Stein reports. The idea was that a spike in, say, falafel sales, combined with other data, would lead to Iranian secret agents in the south San Francisco-San Jose area. The brainchild of top FBI counterterrorism officials Phil Mudd and Willie T. Hulon, according to well-informed sources, the project didn?t last long. It was torpedoed by the head of the FBI?s criminal investigations division, Michael A. Mason, who argued that putting somebody on a terrorist list for what they ate was ridiculous ? and possibly illegal. But at least it's refinement to the 2002 version of the technique. Back then, federally-employed data-mining software labeled someone as a potential terrorist "if you were a person who frequently ordered pizza and paid with a credit card." < - > http://blog.wired.com/defense/2007/11/httpblogsabcnew.html From rforno at infowarrior.org Wed Nov 7 18:52:07 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 07 Nov 2007 13:52:07 -0500 Subject: [Infowarrior] - Orwell Comes To America Conference Message-ID: http://www.thereyougoagain.org/conference.html here You Go Again: Orwell Comes to America invites historians, linguists, cognitive experts, journalists, government officials, and political consultants to assess the current state of public discourse ? and journalism?s response to it ? one year before a hotly contested presidential election. The panels explore the past, present, and future of deceptive political speech, and assess what can be done to bring more realism and honesty into the conduct of America?s public affairs. Location New York Public Library Celeste Bartos Forum Humanities and Social Sciences Library 5th Avenue and 42nd Street Hosted by Live from the NYPL www.nypl.org/live Detailed Program THE CONFERENCE CONSISTS OF THREE CONNECTED SESSIONS. YOU ARE STRONGLY ADVISED TO RESERVE SEATING FOR ALL THREE. REGISTER HERE. SESSIONS BEGIN PROMPTLY AT 10 A.M., 2 P.M., AND 4 P.M. This program is subject to change. Please review prior to the conference. 10:00 A.M. Welcome Paul Holdengr?ber, Director, LIVE from the NYPL Overview Andr?s Sz?nt?, Project Director Introduction Orville Schell, Arthur Ross Director, Center on U.S.-China Relations, Asia Society; former dean, UC Berkeley Graduate School of Journalism I. PROPAGANDA THEN AND NOW: WHAT ORWELL DID AND DIDN?T KNOW MODERATOR: Orville Schell PANELISTS: Konstanty Gebert, Warsaw-based former Solidarity activist; columnist and international reporter, Gazeta Wyborcza Masha Gessen, Moscow-based author and journalist; contributor to The New York Times, The New Republic, and US News & World Report Jack Miles, senior fellow for religious affairs, Pacific Council on International Policy; distinguished professor of English and religious studies, UC Irvine George Soros, chair of Soros Fund Management LLC; philanthropist and author 12:00 P.M. Lunch Break Welcome Remarks Paul Leclerc, President of The New York Public Library 2:00 P.M. Afternoon Overview Andr?s Sz?nt? II. DECEIVING IMAGES: THE SCIENCE OF MANIPULATION MODERATOR: Nicholas Lemann, dean and Henry R. Luce Professor, The Journalism School, Columbia University PANELISTS: George Lakoff, Co-Founder and Senior Fellow, Rockridge Institute and the Goldman Distinguished Professor of Cognitive Science and Linguistics, UC Berkeley Frank Luntz, political pollster and consultant; author of Words That Work: It?s Not What You Say, It?s What People Hear Deborah Tannen, University Professor and professor of linguistics, Georgetown University; author of fourteen books on language, communication, and perception Drew Westen, professor of psychology/psychiatry and behavioral sciences, Emory University; author of The Political Brain: The Role of Emotion in Deciding the Fate of the Nation 3:30 P.M. Coffee break 4:00 P.M. Introduction Joshua S. Fouts, Director, USC Center on Public Diplomacy at the Annenberg School III. SOLUTIONS: THE FUTURE POLITICAL LANDSCAPE MODERATOR: Ernest J. Wilson III, dean and Walter Annenberg Chair in Communication, Annenberg School for Communication at the University of Southern California PANELISTS: Michael J. Copps, commissioner, Federal Communications Commission Charlayne Hunter-Gault, broadcast journalist, former CNN bureau chief, and chief national correspondent, The Newshour with Jim Lehrer Josh Marshall, publisher of Talking Points Memo, TPMmuckraker, TPM Election Central and TPMCafe Alessandra Stanley, television critic and former Moscow-bureau co-chief, The New York Times In collaboration with graduate schools of journalism at Columbia University, UC Berkeley, and the Annenberg School for Communication at the University of Southern California Presented by Live from the NYPL With support from the Open Society Institute The conference is accompanied by: What Orwell Didn?t Know: Propaganda and the New Face of American Politics Anthology published by Public Affairs (Nov. 2007) From rforno at infowarrior.org Wed Nov 7 19:14:52 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 07 Nov 2007 14:14:52 -0500 Subject: [Infowarrior] - DVD-CCA Targets Kaleidescape (Again) Message-ID: Why DRM on Video Will Persist: DVD-CCA Targets Kaleidescape (Again) Posted by Fred von Lohmann http://www.eff.org/deeplinks/2007/11/why-drm-video-will-persist-dvd-cca-targ ets-kaleidescape-again As we've said many times before, DRM is not about preventing piracy, it's about giving entertainment companies control over disruptive innovation. Here's the latest example: tomorrow DVD-CCA (the entity that controls the CSS encryption standard for DVDs) will be voting on an amendment to the CSS license that is designed to put a disruptive innovator, Kaleidescape, out of business (read Kaleidescape's letter about it here). As everyone knows, CSS has been broken for years, and despite early lawsuits against products like DeCSS and DVD X Copy, easy-to-use DVD copying software remains available for free from many sources online (the print magazine MacWorld reviews one of them, Handbrake, in this month's issue). Yet despite the fact that CSS has been reduced to a joke as a bar against DVD ripping, movie studios continue to embrace it, using it on every commercial DVD release. Why? Because by using CSS, the movie studios (acting through DVD-CCA) can force technology companies to sign a license agreement before they build anything that can decrypt a DVD movie. This gives the movie studios unprecedented power to influence the pace and nature of innovation in the world of DVDs. Any new feature (like copying to a hard drive) must first pass muster in the 3-way "inter-industry" negotiation (movie studios, incumbent consumer electronic companies, and big computer companies) that is DVD-CCA. In other words, you must get permission (from your adversaries and competitors!) before you innovate. If these had been the rules in the past, there would never have been a Betamax or an iPod. So this brings us back to Kaleidescape, which makes a highly-acclaimed digital "jukebox" for DVD movies. It's expensive (~$20,000), and certainly won't move the needle when it comes to unauthorized DVD ripping in a world that already has plenty of free DVD ripper software. Kaleidescape played by the rules, obtaining a DVD-CCA license to use CSS. Yet DVD-CCA sued anyway, but lost (the judge concluded that the CSS license was so convoluted that the "no persistent copies" requirement wasn't even part of the agreement). Now three motion picture companies (Fox, Warner, Disney) have introduced an amendment that would change the CSS license to put Kaleidescape out of business. Cloaked as an amendment to permit "Managed Copies," it tells innovators "sure, you can add a copying feature, but only if you do it our way." But (always read the fine print), movie studios are not obligated to "enable" Managed Copying on any of their movies. So the only sure thing that the amendments will accomplish is to exclude Kaleidescape from the CSS license. And that's the lesson for today: it doesn't matter whether DRM is effective at stopping unauthorized copying (it's not), so long as it gives the entertainment industry the ability to veto (retroactively, in Kaleidescape's case) disruptive innovation in the mainstream marketplace. And that's why we're likely to be stuck with DRM on movies for some time to come, whether or not their DRM systems (CSS, AACS, or BD+) are broken. From rforno at infowarrior.org Wed Nov 7 20:50:20 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 07 Nov 2007 15:50:20 -0500 Subject: [Infowarrior] - DC DMV explores RFID on drivers licenses Message-ID: http://tinyurl.com/yv2gx7 DMV explores SmarTrip chips D.C. Department of Motor Vehicles is planning an initiative to embed SmarTrip computer chips inside every new D.C. driver?s license as the most efficient way to pay for transit service. Michael Neibauer, The Examiner 2007-11-06 08:00:00.0 Current rank: # 97 of 6,557 WASHINGTON - Privacy advocates are alarmed by a D.C. Department of Motor Vehicles initiative to embed SmarTrip computer chips inside every new D.C. driver?s license, making it easier than ever to track D.C. residents on their travels through the transit system. The DMV will spend $830,000 a year to install SmarTrip chips in all driver?s licenses and identification cards starting in October 2008. SmarTrip ?is the most efficient way of paying for transit service,? according to DMV documents, and lodging the chips in about 440,000 licenses ?will allow all District residents access to SmarTrip cards and encourage transit use.? DMV spokeswoman Janis Hazel said there was no plan to increase the cost of a driver?s license to offset the costs of the chip. SmarTrip does, however, provide Metro and the government with a system to follow users, though Hazel said the agency ?has no intention to track [a] person?s movements on the Metro system.? ?If you?re paying your fare with it, they?re going to have the ability to know by name who entered each Metro station at what time and who exited a Metro station at what time,? said Paul Stephens, director of policy and advocacy with the Privacy Rights Clearinghouse. ?That can be used by the government to track your comings and goings. It?s an absolutely awful idea.? Metro?s policy is to release Smar-Trip information to law enforcement purposes, or at a cardholder?s request. A Metro spokesman said the transit agency?s privacy rules are ?very strict.? The SmarTrip technology allows users to breeze through fare gates at Metrorail stations, to park at a Metro garage or to pay their fares on a Metrobus. SmarTrip cards usually cost $5 to buy. Expanding SmarTrip into driver?s licenses offers ?yet another opportunity to reduce vehicular traffic in the downtown area,? said D.C. Council Chairman Vincent Gray, whose government ID badge has a SmarTrip built in. But Melissa Ngo with the D.C.-based Electronic Privacy Information Center said D.C. is ?setting up an infrastructure where the government can track you all the time.? Combining a license, smart card, credit card and ID badge into one ?leaves you open to identity theft on a variety of levels,? she said. ?It?s just not good security,? Ngo said. The Maryland Motor Vehicle Administration has discussed a similar initiative, a spokesman said. It is unknown where Virginia stands. mneibauer at dcexaminer.com From rforno at infowarrior.org Thu Nov 8 14:55:03 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 08 Nov 2007 09:55:03 -0500 Subject: [Infowarrior] - AT&T gave feds access to all Web, phone traffic, ex-tech says Message-ID: AT&T gave feds access to all Web, phone traffic, ex-tech says By Ellen Nakashima The Washington Post http://tinyurl.com/2yb2gp WASHINGTON ? His first inkling that something was amiss came in summer 2002, when he opened the door to admit a visitor from the National Security Agency (NSA) to an AT&T office in San Francisco. "What the heck is the NSA doing here?" Mark Klein, a former AT&T technician, said he asked himself. A year or so later, he stumbled upon documents that, he said, show the agency gained access to massive amounts of e-mail, Web search and other Internet records of more than a dozen global and regional telecom providers. AT&T allowed the agency to hook into its network and, according to Klein, many of the other telecom companies probably knew nothing about it. Klein will be on Capitol Hill today to share his story in the hope it will persuade Congress not to grant legal immunity to telecommunications firms that helped the government in its warrantless anti-terrorism efforts. Klein, 62, said he may be the only person in a position to discuss firsthand knowledge of an important aspect of the Bush administration's domestic surveillance. He is retired, so he isn't worried about losing his job. He carried no security clearance, and the documents in his possession were not classified, he said. He has no qualms about "turning in," as he put it, the company where he worked for 22 years until he retired in 2004. "If they've done something massively illegal and unconstitutional ? well, they should suffer the consequences," Klein said. In an interview this week, he alleged that the NSA set up a system that vacuumed up Internet and phone-call data from ordinary Americans with the help of AT&T and without obtaining a court order. Contrary to the government's depiction of its surveillance program as aimed at overseas terrorists, Klein said, much of the data sent through AT&T to the NSA was purely domestic. Klein said he thinks the NSA was analyzing the records for usage patterns and for content. He said the NSA built a special room in San Francisco to receive data streamed through an AT&T Internet room containing "peering links," or major connections to other telecom providers. Other so-called secret rooms reportedly were constructed at AT&T sites in Seattle, Los Angeles, San Diego and San Jose, Calif. Klein's documents and his account form the basis of one of the first lawsuits filed against the telecom companies after the government's warrantless-surveillance program was disclosed by The New York Times in December 2005. Claudia Jones, an AT&T spokeswoman, said she had no comment on Klein's allegations. "AT&T is fully committed to protecting our customers' privacy. We do not comment on matters of national security," she said. The NSA and the White House also declined to comment. Klein is urging Congress not to block Hepting v. AT&T, a class-action suit pending in federal court in San Francisco, and 37 other lawsuits charging carriers with illegally collaborating with the NSA program. He and the Electronic Frontier Foundation, which filed Hepting v. AT&T in 2006, are urging key lawmakers to oppose a pending White House-endorsed immunity provision that effectively would wipe out the lawsuits. The Senate Judiciary Committee is expected to take up the measure today. In summer 2002, Klein was working in an office responsible for Internet equipment when an NSA representative arrived to interview a management-level technician for a special, secret job. The job entailed building a "secret room" in another AT&T office 10 blocks away, he said. By coincidence, in October 2003, Klein was transferred to that office. He asked a technician about the secret room on the sixth floor, and the technician told him it was connected to the Internet room a floor above. The technician handed him wiring diagrams. "That was my 'aha' moment," Klein said. "They're sending the entire Internet to the secret room." The diagram showed splitters glass prisms that split signals from each network into two identical copies. One copy fed into the secret room. The other proceeded to its destination, he said. "This splitter was sweeping up everything, vacuum-cleaner-style," he said. "The NSA is getting everything. These are major pipes that carry not just AT&T's customers but everybody's." One of Klein's documents listed links to 16 entities, including Global Crossing, a large provider of voice and data services in the United States and abroad; UUNet, a large Internet provider now owned by Verizon; Level 3 Communications, which provides local, long-distance and data transmission in the United States and overseas; and more familiar names, such as Sprint and Qwest. It also included data exchanges MAE-West and PAIX, or Palo Alto Internet Exchange, facilities where telecom carriers hand off Internet traffic to each other. "I flipped out," he said. "They're copying the whole Internet. There's no selection going on here. Maybe they select out later, but at the point of handoff to the government, they get everything." Qwest has not been sued because of media reports last year that said the company declined to participate in an NSA program to build a database of domestic phone-call records out of concern that it may have been illegal. What the documents show, Klein said, is that the NSA apparently was collecting several carriers' communications, probably without their consent. Another document showed that the NSA installed in the room a Narus semantic traffic analyzer, which Klein said indicated the NSA was doing content analysis. Steve Bannerman, Narus' marketing vice president, said the NarusInsight system can track a communication's origin and destination, as well as its content. He declined to comment on AT&T's use of the system. Klein said he went public after President Bush defended the NSA's surveillance program as limited to collecting phone calls between suspected terrorists overseas and people in the United States. Klein said the documents show that the scope was much broader. Details on other secret sites were provided by The Seattle Times archives. Copyright ? 2007 The Seattle Times Company From rforno at infowarrior.org Thu Nov 8 16:09:47 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 08 Nov 2007 11:09:47 -0500 Subject: [Infowarrior] - AT&T to Get Tough on Piracy Message-ID: AT&T to Get Tough on Piracy It wants to incorporate antipiracy technology to protect video content and attract advertisers, but runs the risk of enraging privacy advocates and others http://www.businessweek.com/print/technology/content/nov2007/tc2007116_14598 4.htm by Peter Burrows AT&T (T) may soon beef up its antipiracy arsenal. The biggest U.S. telephone company is considering technology that could give it a heads-up when customers are watching partners' copyrighted video, BusinessWeek has learned. AT&T is in talks with NBC Universal and Walt Disney (DIS) about using the knowhow to guard against illegal distribution of their shows and films. By embedding the technology, a so-called content recognition system made by tiny Vobile, AT&T could prevent users of its network from distributing or viewing copyrighted material or force them to watch it in ways sanctioned by the content owner. In effect, the company would create a kind of no-piracy zone where studios and producers would feel safe distributing content, knowing they'd be paid for its use. BusinessWeek has also learned that AT&T, NBC, and Disney have invested a combined $10 million in Vobile. Piracy-Fighting Bandwagon AT&T said in June that it would work with Hollywood and the music industry to develop filtering technology to prevent copyright infringement. Adopting Vobile would be one of the first signs of progress. In an age when a piece of video content?from a 30-second home movie to a $100 million feature-length film?can be zipped around the Internet in a mouse click or two, content creators are demanding assurances that their handiwork won't be ripped off. That's got Internet companies and telecommunications providers scrambling for foolproof ways to guard against unlawful distribution, and thereby free up more content to be sold in more ways. Seven months after it was hit with a $1 billion suit from Viacom (VIA), Google (GOOG) released its own content recognition system designed to scout out pirated clips (BusinessWeek.com, 10/16/07) on its YouTube site. Days later, a consortium of media and Internet companies including Disney, Microsoft (MSFT), News Corp. (NWS), and General Electric's (GE) NBC issued guidelines for how Internet sites should fight piracy. Slippery Slope AT&T's approach is likely to raise the hackles of privacy advocates, who have already slammed the phone company for its role in helping the Bush Administration tap citizens' phone lines. "They better be very careful," warns Lee Tien, a staff attorney with the Electronic Frontier Foundation. "This is serious, serious stuff, to basically invade the privacy of all of your subscribers." Backers of so-called Net neutrality, who fear that carriers will restrict or impose higher fees for some forms of traffic, probably will also raise a ruckus. That's because the recognition system potentially could be used to shut off or slow down traffic?say, content owned by a rival, or a controversial documentary. (AT&T has denied it would use any technology in this way.) Some detractors also question the effectiveness of content recognition systems. "I think that would be a pretty unfortunate development, mostly because it would be futile," says Fred Van Lohmann, another EFF lawyer. "Every technology person who has thought about this thinks that the moment such a technology is deployed, all the file-sharing stuff will just be encrypted?driving it further underground." "DNA" Tracker AT&T confirms it has invested in Vobile, but a spokesperson says the company has "not selected or endorsed any specific technology" for its antipiracy efforts, and didn't confirm talks with Disney or NBC. In an Oct. 19 interview with BusinessWeek, AT&T CEO Randall Stevenson said the company had been looking at some startups with promising technology and was talking to movie studios and other content producers. "We're doing a lot of work in this area," Stephenson said. "If you look at what's driving massive amounts of traffic on our network, a lot of it is illegal content." Sources say few details of how the initiative will work have been nailed down, and that it would be put into commercial use in late 2008 at the earliest. But the general idea is that NBC Universal and Disney would agree to let AT&T maintain a database of some of their movies, shows, and other content. Vobile's technology does two things: It extracts a string of bits from each digital file?what it calls "video DNA"?that serve as digital IDs for each piece of video. Then, traffic on AT&T's network is run through racks of Vobile servers, which look for matches. In a recent bake-off held by the Motion Picture Association of America, sources say Vobile tested better than a dozen or so other systems when it came to identifying pirated content?even clips that had been altered by hackers hoping to avoid detection. It did so without generating many false positives or instances where it claimed piracy when none had occurred. That's considered critical for any filtering system, as Net service providers fear the backlash that would occur if they wrongly accused customers. Customer Appeal Soon after the June ending of the MPAA bake-off, Disney and NBC Universal got interested. AT&T first learned of the Santa Clara startup through its chairman, Vernon Altman, a senior partner at Bain & Co., who also knows CEO Stevenson. Sources say AT&T's Stevenson, Disney CEO Bob Iger, and NBC Universal's Jeff Zucker have been involved personally in the discussions. AT&T is proceeding cautiously. Sources say it has been testing Vobile's technology since early spring. But besides the laborious job of tuning the technology to work inside a massive network, AT&T is also working on a plan for marketing the approach to consumers. One possibility is to focus at first on using the technology as a way to filter illegal content, such as child pornography. "This could make it all seem a lot more innocent," says Forrester Research (FORR) analyst James McQuivey. Proponents also could argue that the technology could give consumers access to higher-quality content. Rather than mess with virus-infested video from illegal file-sharing sites, consumers who ask for a given show might be invited to buy a higher-resolution copy from a legal site. Exclusive Content But clearly, the focus of the effort is more about business than law enforcement or creating a virus-free Web. And Ma Bell is likely to argue that it will free up huge amounts of bandwidth now taken up by pirated content. This could reduce the amount AT&T would need to invest to continue expanding network capacity, and possibly boost download speeds. AT&T also stands to get a reliable content recognition system that would help it stand out from the scores of phone companies, cable providers, and Internet service providers trying to land content deals. What's more, if AT&T can convince consumers to let it monitor what they're watching through so-called opt-in agreements, it could offer far more detailed information on their likes and dislikes, in turn enabling AT&T and its partners to land lucrative deals with advertisers hungry for such data. Sounds simple, but the reality might be far different?and marked by lawsuits rather than win-win business deals. Having full knowledge of what's on the network could make distributors more liable to copyright lawsuits, say some legal experts. And while AT&T may think it's going to win over hordes of consumers by striking exclusive content deals, it may lose just as many who don't want Ma Bell acting like Big Brother, says EFF's Van Lohmann, citing research that almost 20 million Americans?and one in five Net users?engages in file-sharing. He adds, "Certainly, you're going to have a lot of unhappy customers." Burrows is a senior writer for BusinessWeek, based in Silicon Valley . From rforno at infowarrior.org Fri Nov 9 13:59:00 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 09 Nov 2007 08:59:00 -0500 Subject: [Infowarrior] - Hushmail Spills to Feds Message-ID: Encrypted E-Mail Company Hushmail Spills to Feds By Ryan Singel EmailNovember 07, 2007 | 6:39:41 PMCategories: Crime, Hacks and Cracks Hushmail, a longtime provider of encrypted web-based email, markets itself by saying that "not even a Hushmail employee with access to our servers can read your encrypted e-mail, since each message is uniquely encoded before it leaves your computer." But it turns out that statement seems not to apply to individuals targeted by government agencies that are able to convince a Canadian court to serve a court order on the company. A September court document (.pdf) from a federal prosecution of alleged steroid dealers reveals the Canadian company turned over 12 CDs worth of e-mails from three Hushmail accounts, following a court order obtained through a mutual assistance treaty between the U.S. and Canada. The charging document alleges that many Chinese wholesale steroid chemical providers, underground laboratories and steroid retailers do business over Hushmail. The court revelation demonstrates a privacy risk in a relatively-new, simple webmail offering by Hushmail, which the company acknowledges is less secure than its signature product. A subsequent and refreshingly frank e-mail interview with Hushmail's CTO seems to indicate that government agencies can also order their way into individual accounts on Hushmail's ultra-secure web-based e-mail service, which relies on a browser-based Java encryption engine. < - > http://blog.wired.com/27bstroke6/2007/11/encrypted-e-mai.html From rforno at infowarrior.org Fri Nov 9 14:00:40 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 09 Nov 2007 09:00:40 -0500 Subject: [Infowarrior] - Senate confirms Mukasey as attorney general Message-ID: Senate confirms Mukasey as attorney general By Richard B. Schmitt, Los Angeles Times Staff Writer November 9, 2007 http://tinyurl.com/yoz9do WASHINGTON -- The Senate voted Thursday night to confirm the nomination of Michael B. Mukasey as attorney general, despite often emotional opposition from Democrats who said his refusal to disavow a controversial interrogation method made him an unsuitable leader for the U.S. Justice Department. The vote was 53 to 40, with six Democrats -- including Sen. Dianne Feinstein of California -- and one independent supporting the nominee. The 66-year-old retired federal judge from New York is expected to be sworn in today as the third attorney general of the Bush presidency. Among the challenges he will face in the next 14 months is the perception that the department was heavily influenced by political considerations under his predecessor, Alberto R. Gonzales. The late-night vote came after a procession of Democrats took to the Senate floor to denounce Mukasey -- and the Bush administration -- as failing to take a firm stand against the use of torture in questioning terrorism suspects. Mukasey in particular has come under fire for refusing to say whether he believed that waterboarding -- an interrogation technique simulating drowning that dates to the Spanish Inquisition -- was unlawful. American interrogators are believed to have resorted to the technique in questioning some high-value terrorism suspects captured after the Sept. 11, 2001, attacks, but the administration has refused to say whether it was ever employed. Democrats chided the nominee Thursday night for refusing to acknowledge what they said was an obvious and long-standing truth, and they said his reticence raised questions about whether he would act as an independent check on President Bush. "We need an attorney general to tell this king that he is wrong and that the rule of law will apply," said Sen. Tom Harkin (D-Iowa). Harkin said Mukasey "may run a good department" if confirmed but expressed doubt that Mukasey would stand up to Bush. "There is no question that this time will be remembered as a dark chapter in America's otherwise steady march toward justice," said Senate Majority Leader Harry Reid (D-Nev.). "But for now, all we can do is . . . turn the page to a brighter day. What we can do today is reject this nomination." The margin of confirmation -- narrower than that for either Gonzales or John Ashcroft, Bush's first attorney general -- was hardly the vote of confidence that the White House or even Senate Democrats expected when Bush tapped Mukasey in mid-September to succeed Gonzales. Gonzales and Ashcroft were confirmed with "yes" votes of 60 and 58, respectively. With 18 years on the federal bench and experience as a federal prosecutor and private lawyer, Mukasey impressed lawmakers with his legal acumen and judgment during his confirmation hearing before the Senate Judiciary Committee last month. From the start, he was considered a compromise choice by the White House, calculated to avoid a prolonged confirmation battle, and he was recommended by Sen. Charles E. Schumer (D-N.Y.), one of the Senate's most liberal thinkers. Ultimately, Schumer and Feinstein gave Mukasey the votes needed to move his nomination from the committee to the Senate floor. Feinstein said Thursday night that Mukasey was being treated unfairly and that her fellow Democrats should focus more on shoring up the embattled Justice Department than "pounding our chests" against torture. She noted that the White House indicated it would not nominate another candidate if the Senate rejected Mukasey. "Some people, I think, want to keep the issue [of torture] alive rather than solve the problem. I am not one of those people," Feinstein said. "This is the only chance that is going to be offered to put new leadership in the Department of Justice. If you believe it is in disarray, there is only one action to take." rick.schmitt at latimes.com From rforno at infowarrior.org Fri Nov 9 21:21:59 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 09 Nov 2007 16:21:59 -0500 Subject: [Infowarrior] - StumbleUpon = Corporate Spammers Message-ID: A good securitygeek friend joined the free StumbleUpon service this afternoon. Soon after StumbleUpon spammed everyone in his address book with invitations to sign up -- to include mailing lists, family, friends, and more. (I got 2 myself) My friend is now apologizing profusely across the Internet because of this incident, and I feel sorry for his inconvenience on a lazy Friday afternoon. More importantly, as with others who get caught up in such gimmicks, I wonder what it does to peoples' e-mail address reputation when such services arbitrarily make their new customers look like spammers to e-mail servers around the world....will they be blocked as a result of multiple reports of them as 'spammers' resulting from this incident? Not only is such "social networking spam" intolerable and completely antithetical to common courtesy and places innocent net users at risk of further e-mail problems down the road, but their HTML-laced message was poorly-formatted as well. Triple-whammy, in my view. For those curious, according to their spam, StumbleUpon "allows you to channel surf the internet and discover great websites and web content you might never have found. Whether it's a website, video, picture, game, blog, or wiki, StumbleUpon helps you find interesting stuff recommended by like-minded people with just a single click of the Stumble! button." Sounds *totally* awesome......that is, of course, if you don't mind your contact list being harvested and used for spamming purposes (and who knows what else) first. Be warned -- use StumbleUpon and other such techno-cretin companies at your own risk! -Rick From rforno at infowarrior.org Sat Nov 10 00:50:43 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 09 Nov 2007 19:50:43 -0500 Subject: [Infowarrior] - MySpace Overcome By Severe Phishing 'Epidemic' Message-ID: MySpace Overcome By Severe Phishing 'Epidemic' http://wcbstv.com/technology/macys.myspace.phishing.2.564526.html By STEVE FINK, WCBSTV.COM NEW YORK (CBS) ? Social networking giant MySpace stumbled to its knees at the hands of a cyber superbug recently, falling ill to a severe phishing epidemic that is plaguing a vast and vulnerable segment of its membership. The viral scam, which targets the site's younger users, promises victims a free $500 Macy's gift card. It sounds like a steal. And actually, it is. It's the stealing of a member's identity. The spam scam involves users unknowingly sending their MySpace friends e-mails and posting comments on their profiles that plug a ploy for the supposedly free gift card that they'll never actually see, touch, or spend. In fact, to lead the younger members on, the ads are written in "kids-speak." One such posting starts off by telling the victim, "Hey dude, check it out! You ain't gunna believe this!" Another one reads: "i'm just hittin you up, as a friend, to fill you in on this exclusive deal to get a FREE $500 Macy's Gift Card, yes, FREE! just answer a question or two and BOOM you got a shopping spree lol!" Members fall into the phishing net by clicking on a provided link in the posting, which in some cases comes in the form of what looks like a video featuring a scantily-clad young woman. After clicking on the link, the member is taken to a faux MySpace login page where the user is asked to re-enter his or her username and password. That information, however, is actually being sent to the "phisher," a third party illegally acquiring the member's personal information. The pain and suffering begins immediately and will continue until either the phisher is caught or the member changes his or her password, mainly because victims simply have no clue they're sending the e-mails until someone finally tells them. "It is an epidemic on MySpace," PC Magazine Executive Editor Jeremy Kaplan tells wcbstv.com. "It is a big problem particularly because of the pervasiveness of MySpace. If you're in junior high, high school, college -- half the world seems to have MySpace pages -- so the younger you are, the more frequently you use it and the more likely you are to encounter this thing. It is a huge problem." Kaplan says members are sending the spam without their knowledge because once their information is obtained, the phisher uses a robotic program to log onto the victim's account and then disseminate the ad to every single person on that member's "friends" list. It has spread so fast and so thoroughly that the site has become, for many, an absolute nightmare to be a part of. There's no way to tell for sure just how many users have been victimized, but the number is likely to be well into the thousands by now. Just browsing through various members' profiles, it doesn't take long to happen upon one that advertises the gift card scam. "I was pretty upset, basically because I don't want people to think I would treat them that way," says Brad Engler, a 28-year-old musician from Baltimore whose account was infiltrated by the phisher. "I hoped that everyone would realize it wasn't me trying to get them to shop at Macy's." In fact, Engler's friends are so tired of receiving his e-mails, which he says have continued for about two weeks, that his profile is highlighted by a barrage of comments from them scolding him for the spam. Placed atop his profile now is a banner that reads: "NO - I DIDN'T MEAN TO SPAM YOU." PC Magazine's Kaplan says he doesn't think MySpace has done much to help solve the problem. "It's gonna be interesting to see how MySpace reacts to the issue. They were very slow to deal with the MySpace predator problem -- it took a couple of weeks, months to address that -- and so with this crisis, maybe they'll move a little bit quicker," he says. And move quickly the site claims it has. A MySpace official asserted to wcbstv.com that it has already corrected the problem. "Individuals who try to spam or phish our members are violating the law and are not welcome on MySpace," Chief Security Officer Hemanshu Nigam said in a statement. "We have identified and stopped the primary source of the Macy's Gift Card spam and are making every effort to identify and block the future spreading of this spam." Nigam would not reveal details of the source's identity nor what, if any, charges have been filed, citing the fact there is an ongoing investigation. Oddly enough, though, it seems that Macy's, which has joined MySpace to fight the phishing scam, is not aware the primary source has been stopped. In a statement to wcbstv.com, a spokesperson for the company made no mention of anyone being caught. "We are extremely concerned that individuals are being targeted in our name, and when we learn that another person or company is using our brand without consent, we work hard to stop it. However, this can take time, and it also can be difficult to do. Consequently we are advising consumers to protect themselves," the official said. So how can you protect yourself from the phishing scam? First and foremost, if you think you're a victim, you should change your password immediately. But MySpace offers this advice to prevent phishing scams as well: * Install the latest operating system and auto-install for critical updates. * Use a firewall. * Use anti-virus and anti-spyware software and keep them updated. Macy's has also posted a consumer alert on its Web site. Click here to read the alert. And of course, there's simple common sense. If the deal looks too good to be true, experts say, don't believe the hype. It probably is. (? MMVII, CBS Broadcasting Inc. All Rights Reserved.) From rforno at infowarrior.org Sat Nov 10 03:06:57 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 09 Nov 2007 22:06:57 -0500 Subject: [Infowarrior] - German Bundestag Decides to Implement Data Retention Message-ID: 9. November 2007 German Bundestag Decides to Implement Data Retention Starting next year, all communication providers in Germany will have to store all connection data for six months. This includes: * Phone calls: Date, time, length and involved numbers of all phone calls (landline, mobile or VoIP) * In case of mobile phones additionally the location of the phone at the time of the call, the IMSI code of the phone and SMS connection data * Internet access: IP address, date, time and length of the connection, and the line which was used * E-mail: e-mail-addresses involved and the header of each e-mail The content of the communications is not stored. The bill had been heavily criticized. Privacy advocated had organized demonstrations agains the bill in all major German cities at the beginning of this week. In October there had already been a large domonstration with thousands of participants in Germany?s capital Berlin. All opposition parties voted against the bill. Several members of the opposition and several hundred private protesters announced a constitutional complaint. http://www.kreativrauschen.com/blog/2007/11/09/german-bundestag-decides-to-i mplement-data-retention/ From rforno at infowarrior.org Sat Nov 10 03:09:45 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 09 Nov 2007 22:09:45 -0500 Subject: [Infowarrior] - =?iso-8859-1?q?Blu-ray_=B9_s_DRM_crown_jewel_tarn?= =?iso-8859-1?q?ished_with_crack_of_BD+?= Message-ID: Blu-ray?s DRM crown jewel tarnished with crack of BD+ By Eric Bangeman | Published: November 08, 2007 - 10:53AM CT http://arstechnica.com/news.ars/post/20071108-blu-rays-drm-crown-jewel-tarni shed-with-crack-of-bd.html One advantage that backers of Blu-ray have touted in the format battle with HD DVD is its extra helping of "unbreakable" DRM called BD+. It's not unbreakable after all. SlySoft, makers of AnyDVD, have released a new beta of their AnyDVD HD disc ripping application that it claims can successfully crack and rip Blu-ray discs protected by BD+. That didn't take long. Just last week the company said that a crack was imminent, with full support for decrypting discs with BD+ protection coming by the end of the year. According to a SlySoft employee's post in the company forums, the AnyDVD 6.1.9.6 beta has full support for playback of Blu-ray discs with BD+. "All available BD+ titles can be copied with AnyDVD ripper, or can be watched on HTPC without HDCP using PowerDVD 3104 and AnyDVD," reads Tom's post. Finalized in June 2007, BD+ uses a small virtual machine that launches when a Blu-ray disc is inserted and runs in the background while the disc is playing in order to keep the disc's content locked down. If it finds evidence of tampering or copying, playback can be disabled. The code is specific to each disc, which is intended to make it more difficult to crack, and is erased from memory once the disc is ejected. The end result is an additional layer of protection in addition to the AACS encryption used by both Blu-ray and HD DVD, which was cracked back in April. Unlike the cracking community that defeated AACS, SlySoft will keep its crack under tight wraps. The company relies on sales of its products to fund its anti-DRM activities. Releasing the code in the wild would allow other developers to benefit from SlySoft's effort, something that they company says it can't afford. The cracking of BD+ is an indication that the VM that runs the BD+ code has been successfully reverse-engineered by AnyDVD. The Blu-ray Disc Association has not yet commented on the reported hack, but it can't be pleased that the extra layer of security it has touted as a key differentiator between it and HD DVD has apparently been compromised within months of its official launch. This isn't game over by any means: the studios are bound and determined to lock down the precious HD content as tightly as possible. But the news of BD+'s apparent defeat demonstrates that industry is going to have to devote significant time, money, and manpower to it as it attempts to stay ahead of hackers. From rforno at infowarrior.org Sun Nov 11 18:29:41 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Nov 2007 13:29:41 -0500 Subject: [Infowarrior] - US intel official: Say goodbye to privacy Message-ID: Intel official: Say goodbye to privacy By Associated Press Sunday, November 11, 2007 - Added 43m ago http://tinyurl.com/36xb8t WASHINGTON - A top intelligence official says it is time people in the United States changed their definition of privacy. Privacy no longer can mean anonymity, says Donald Kerr, the principal deputy director of national intelligence. Instead, it should mean that government and businesses properly safeguards people?s private communications and financial information. Kerr?s comments come as Congress is taking a second look at the Foreign Surveillance Intelligence Act. Lawmakers hastily changed the 1978 law last summer to allow the government to eavesdrop inside the United States without court permission, so long as one end of the conversation was reasonably believed to be located outside the U.S. The original law required a court order for any surveillance conducted on U.S. soil, to protect Americans? privacy. The White House argued that the law was obstructing intelligence gathering. The most contentious issue in the new legislation is whether to shield telecommunications companies from civil lawsuits for allegedly giving the government access to people?s private e-mails and phone calls without a court order between 2001 and 2007. Some lawmakers, including members of the Senate Judiciary Committee, appear reluctant to grant immunity. Suits might be the only way to determine how far the government has burrowed into people?s privacy without court permission. The committee is expected to decide this week whether its version of the bill will protect telecommunications companies. The central witness in a California lawsuit against AT&T says the government is vacuuming up billions of e-mails and phone calls as they pass through an AT&T switching station in San Francisco. Mark Klein, a retired AT&T technician, helped connect a device in 2003 that he says diverted and copied onto a government supercomputer every call, e-mail, and Internet site access on AT&T lines. ? Copyright 2007 Associated Press. All rights reserved. This material may not be published, broadcast, rewritten, or redistributed. From rforno at infowarrior.org Mon Nov 12 12:43:30 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Nov 2007 07:43:30 -0500 Subject: [Infowarrior] - Press, media, politicians overhype Web safety issues Message-ID: The Net is a circuit of safety concerns http://www.usatoday.com/tech/news/internetprivacy/2007-11-07-online-dangers_ N.htm By Janet Kornblum, USA TODAY If you watch TV or read the news, you know sexual predators hang out on the Internet, looking for underage victims. Dateline NBC's "To Catch a Predator" features men being lured by the promise of meeting underage girls. Several state attorneys general recently have called on social-networking sites MySpace and Facebook to ban registered sex offenders and make their sites safer. Newspapers have been filled with stories about the dangers children face when they post too much personal information. And victims have testified recently at congressional hearings. Some worry that parents are falling victim to "predator panic" and overreacting to unlikely dangers, unintentionally turning children off to safety messages altogether. "One of the misunderstandings that we think is widespread is that what sex offenders are doing is picking out kids (online) and stalking them and deceiving them and abducting them and raping them," says David Finkelhor, director of the Crimes Against Children Research Center at the University of New Hampshire. "That's not what's going on." Abductions by strangers are so rare that many experts can't name a single case in which a predator attacked after only seeing a child's profile online. 'Grooming' their victims In most cases, predators seek out vulnerable teens ? those who post sexually suggestive pictures of themselves, talk about sex online or frequent places where hook-ups are made, Finkelhor says. They spend weeks, even months, forging a relationship and gaining the teens' trust. Usually, those who become victims eventually agree to meet the perpetrator face to face; often they know that the person they're meeting is older. But by the time they meet him (usually it's a man), they often think they are in love. It's a process called "grooming," Finkelhor says. "It's the kids who respond to somebody and start talking about sex that puts them at risk ? or kids who use sites to communicate with lots of people they don't know, or put very sexualized images online," he says. The Internet allows predators "to form supportive relationships with emotionally vulnerable teens," says Nancy Willard, author of Cyber-Safe Kids, Cyber-Savvy Teens: Helping Young People Learn to Use the Internet Safely and Responsibly. Though there are no comprehensive national annual figures on Internet crimes against children, Finkelhor says, overall sex crimes against children are down, with the notable exception of child pornography. Sexual abuse cases were down 51% from 1990 to 2005 ? from 22.8 per 10,000 to 11.3 per 10,000 children, he says. Feeling safe doesn't make it so Studies show that most teens feel relatively safe online. A Pew Internet & American Life Project report last month showed that though children, especially girls, who posted pictures of themselves on social networks were more likely to be contacted by strangers, only 7% of online teens said they had ever had an interaction with a stranger that made them feel scared or uncomfortable. And a report out last year by Finkelhor's center found that from 2000 through 2005, the number of children ages 10 to 17 who received unwanted solicitations online declined from 19% to 13%. But calls to the National Center for Missing & Exploited Children's hotline have been on the rise, says president Ernie Allen. In 2005, there were 2,660 reports of online enticement of children; in 2006, there were 6,374. In the first eight months of 2007, there were 9,533. Some of the increase can be attributed to greater Internet use and increased awareness of the hotline, Allen says. He agrees that education is a key to Internet safety. But he says the Internet does make it easier to prey on children. "Just like in the physical world, those people who seek to prey upon kids go to where the kids are," Allen says. "We don't think the sky is falling, but there (are) adults hiding behind the relative anonymity of the Internet to try to achieve what they either can't achieve or can only achieve with great risk in the physical world. America's moms and dads really need to catch up." Though it's good to educate children and parents about dangers, some experts worry that the message may backfire. "If you are petrified of predators but are not worrying about cyber-bullies, loss of reputation, spending too much time online and the other less frightening but more likely dangers of online use, then you are misplacing your energy," says Larry Magid, co-director of ConnectSafely.org. "You're petrified of something that's probably not going to happen and failing to pay attention to the dangers that are far more likely." Allen says messages should be balanced, but parents do need to stay aware of the problems. "The good news is that the vast majority of America's kids are much smarter and much more aware. ? "But the bad news is, there are a lot of (predators) out there who are still seeking, overwhelmingly for grooming and seduction. This remains a significant problem." From rforno at infowarrior.org Mon Nov 12 13:54:55 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Nov 2007 08:54:55 -0500 Subject: [Infowarrior] - Space Defense Program Gets Extra Funding Message-ID: Space Defense Program Gets Extra Funding By Walter Pincus Monday, November 12, 2007; A19 http://www.washingtonpost.com/wp-dyn/content/article/2007/11/11/AR2007111101 173_pf.html While wrestling with wars in Iraq and Afghanistan, the Pentagon is preparing weapons to fight the next battle from space, according to information in the 621-page, House-Senate conference report on the fiscal 2008 defense appropriations bill. The $459 billion bill, which awaits President Bush's signature, provides $100 million for a new "prompt global strike" program that could deliver a conventional, precision-guided warhead anywhere in the world within two hours. It takes funds away from development of a conventional warhead for the Navy's submarine-launched Trident Intercontinental Ballistic Missile and from an Air Force plan for the Common Aero Vehicle. The new program, dubbed Falcon, for "Force Application and Launch from CONUS," centers on a small-launch-vehicle concept of the Defense Advanced Research Projects Agency. The agency describes Falcon as a "a reusable Hypersonic Cruise Vehicle (HCV) capable of delivering 12,000 pounds of payload at a distance of 9,000 nautical miles from [the continental United States] in less than two hours." Hypersonic speed is far greater than the speed of sound. The reusable vehicle being contemplated would "provide the country with significant capability to conduct responsive missions with quick turn-around sortie rates while providing aircraft-like operability and mission-recall capability," according to DARPA. The vehicle would be launched into space on a rocket, fly on its own to a target, deliver its payload and return to Earth. In the short term, a small launch rocket is being developed as part of Falcon. It eventually would be able to boost the hypersonic vehicle into space. But in the interim, it will be used to launch small satellites within 48 hours' notice at a cost of less than $5 million a shot. Conferees added $100 million above the Bush administration's request for nearly $200 million to accelerate "space situational awareness." That is code for protecting U.S. satellites in space and being able to attack the enemy's satellites. "Enhancing these capabilities is critical, particularly following the Chinese anti-satellite-weapons demonstration last January," the conferees wrote in their report. They were referring to a Jan. 11 incident in which a Chinese guided missile destroyed an aging weather satellite in orbit. "Counterspace systems" that would warn of impending threats to U.S. satellites, destroy or defend against attackers, and interrupt enemy satellites are in the Bush budget for $53 million. Conferees gave them another $10 million. One research project of $7 million in that category is directed at "offensive counterspace," described in the Pentagon's presentation to Congress as designing "the means to disrupt, deny, degrade or destroy an adversary's space systems, or the information they provide." Another $18 million would go for research into a second-generation counter-satellite-communications system; it would explore and develop capabilities "to provide disruption of satellite communications signals in response to U.S. Strategic Command requirements," according to the Pentagon congressional presentation. The first-generation system is already operational, and an upgrade of those capabilities is in production. The conferees want to increase funds for the Rapid Identification Detection and Reporting System, which already had $28 million in the Bush budget. This system is designed to provide "attack detection, threat identification and characterization, and support rapid mission impact assessments on U.S. space systems." Its first-generation system is scheduled for initial operation at the end of next year, while the new funds will allow continuation of research on a second generation, which began this year. Part of the funding will also go toward work on integrating this system, which detects enemy threats to U.S. satellites, with the offensive counterspace and counter-satellite-communications programs. Eventually, they would be linked with U.S. command-and-control systems "in support of space control and the counterspace mission areas," according to the Pentagon's presentation to Congress. Integration of these developing counterspace missions with a current command-and-control system is expected by the middle of 2008, according to documents provided to Congress. From rforno at infowarrior.org Mon Nov 12 15:14:31 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Nov 2007 10:14:31 -0500 Subject: [Infowarrior] - A quick note.... Message-ID: ....to say thanks and send best wishes to all servicepeople on this list, both currently-serving and retired, for their efforts over the years in the service to our country, and to those through the years who have paid the highest price to be called Americans. Additional recognition goes to their families and close friends who both support (and worry about) them during their deployments -- their own respective burdens and dedication to national service deserve special mention on this day as well. Happy Veterans Day, and Thanks. Rick -infowarrior.org From rforno at infowarrior.org Wed Nov 14 12:59:15 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Nov 2007 07:59:15 -0500 Subject: [Infowarrior] - Bush Allows Clearances for N.S.A. Inquiry Message-ID: My only question is -- "why now, all of a sudden?" ---rf Bush Allows Clearances for N.S.A. Inquiry By SCOTT SHANE http://www.nytimes.com/2007/11/14/washington/14justice.html?hp=&pagewanted=p rint WASHINGTON, Nov. 13 ? Just four days after Michael B. Mukasey was sworn in as attorney general, Justice Department officials said Tuesday that President Bush had reversed course and approved long-denied security clearances for the Justice Department?s ethics office to investigate the National Security Agency?s warrantless surveillance program. The department?s inspector general has been investigating the department?s involvement with the N.S.A. program for about a year, but the move suggested both that Mr. Mukasey wanted to remedy what many in Congress saw as an improper decision by the president to block the clearances and that the White House chose to back him. Tony Fratto, a White House spokesman, and Brian Roehrkasse, a Justice Department spokesman, declined to say whether Mr. Mukasey had pressed Mr. Bush on the clearances for the department?s Office of Professional Responsibility. Mr. Mukasey himself had indicated in a written answer to senators on Oct. 30, before his confirmation, that the clearance issue had been resolved. But Democrats said they thought Mr. Mukasey deserved credit. ?It seems the new attorney general understands that his responsibility is to the American people and the rule of law and not to any particular person, including the president,? said Representative Maurice D. Hinchey, Democrat of New York, who had first demanded the internal Justice Department investigation. In response to appeals from Mr. Hinchey and other members of Congress, the head of the Office of Professional Responsibility, H. Marshall Jarrett, said in February 2006 that he had opened an investigation of the conduct of department lawyers in approving and overseeing the N.S.A. program. But three months later he said the inquiry had been dropped because his staff had been denied the necessary high-level clearances. The Justice Department later said that Alberto R. Gonzales, the attorney general at the time, had recommended that the clearances be granted but that Mr. Bush declined to approve them. Mr. Roehrkasse said the Office of Professional Responsibility?s investigation ?will focus on whether the D.O.J. attorneys who were involved complied with their ethical obligations of providing competent legal advice to their client and of adhering to their duty of candor to the court.? Officials said it was unlikely that either of the inquiries would address directly the question of the legality of the N.S.A. program itself : whether eavesdropping on American soil without court warrants violated the Foreign Intelligence Surveillance Act. They said that decision had been left to the courts. Under the program, which began after the Sept. 11 attacks and ended in January, the National Security Agency intercepted without court warrants the international phone calls and e-mail messages of Americans and others in the United States suspected of ties to Al Qaeda. The Office of Legal Counsel at the Justice Department initially approved the program in late 2001. But the head of the office, Jack Goldsmith, decided in 2004 that part of the program violated the law and declined to reauthorize it. Mr. Bush agreed to change the program to satisfy the legal objections. From rforno at infowarrior.org Wed Nov 14 13:38:03 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Nov 2007 08:38:03 -0500 Subject: [Infowarrior] - OT: DC "trousers" judge loses job Message-ID: Good Riddance to Bad Rubbish!!! --rf http://tinyurl.com/24qh9v Judge Who Sued Over Pants Loses Job 8 hours ago WASHINGTON (AP) ? A judge who lost a $54 million lawsuit against his dry cleaner over a pair of missing pants has lost his job, District of Columbia officials said. Roy Pearson's term as an administrative law judge expired May 2 and the D.C. Commission on Selection and Tenure of Administrative Law Judges has voted not to reappoint him, Lisa Coleman, the city's general counsel, wrote Nov. 8 in response to a Freedom of Information Act request from The Associated Press. Pearson was one of about 30 judges who worked in the Office of Administrative Hearings, which handles disputes involving city agencies. He had held his position for two years. The Washington Post and The (Washington) Examiner, citing sources familiar with the case, reported the commission's decision last month. Pearson's lawsuit in D.C. Superior Court claimed Custom Cleaners, owned by South Korean immigrants, did not live up to Pearson's expectations of "Satisfaction Guaranteed," as advertised in store windows. Pearson demanded repayment for the lost pants, as well as damages for inconvenience, mental anguish and attorney's fees for representing himself. He calculated his losses initially at $67 million but lowered his request to $54 million. Pearson did not immediately respond to an e-mail from The Associated Press requesting comment. From rforno at infowarrior.org Wed Nov 14 13:58:00 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Nov 2007 08:58:00 -0500 Subject: [Infowarrior] - VeriSign to Drop Units Message-ID: About time.....for 6 years now I've been trying to figure their business plan out. Seemed way too hodgepodged for my liking....maybe a back-to-the-basics approach will be a good thing for them. -rf VeriSign to Drop Units By TSC Staff 11/14/2007 8:26 AM EST URL: http://www.thestreet.com/newsanalysis/technet/10390045.html VeriSign (VRSN) said it would part ways with some of its operations in order to focus on expanding its Web naming, site certification and identity protection businesses. The company said Wednesday that it plans to shed a number of units, such as communications, billing and commerce. VeriSign is best known for registering sites with the .com, .net and .tv Internet suffixes. The company also offers Web certificates, or Secure Sockets Layer certificates that protect transmissions on the Internet, and identity protection services. "The combination of focus and disciplined execution will provide the foundation we need to generate improved shareholder returns," CEO Bill Roper said in a press release. "We have leadership positions in great businesses with high growth, attractive economic returns and significant barriers to entry." From rforno at infowarrior.org Wed Nov 14 21:06:40 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Nov 2007 16:06:40 -0500 Subject: [Infowarrior] - UK Wants Net Companies to Fight Terror Message-ID: UK Wants Net Companies to Fight Terror Wednesday November 14, 3:26 pm ET By Raphael G. Satter, Associated Press Writer Britain's Prime Minister Says He Will Enlist Internet Companies to Fight Online Terror http://biz.yahoo.com/ap/071114/britain_terrorism_online.html?.v=2 LONDON (AP) -- British Prime Minister Gordon Brown wants Internet companies to help stifle online terrorist propaganda, he told lawmakers Wednesday, as officials say they plan to meet leading service providers to find ways of putting a lid on extremist content. But the providers argue they already do all they can to fight illegal terrorist material online, and experts say even powerful filters cannot block determined users from getting their message out. "Fundamentally, it's a losing proposition," said Ian Brown, a research fellow at the Oxford Internet Institute, noting that even countries such as China and Myanmar have had trouble with their online censorship efforts. The prime minister's proposal comes as the European Union considers ways to sanction Web sites that display terror propaganda or recruit for terrorist groups. Addressing lawmakers, the prime minister said Home Secretary Jacqui Smith was "inviting the largest global technology and Internet companies to work together to ensure that our best technical expertise is galvanized to counter online incitement to hatred." The Home Office said it would meet leading British Internet service providers to examine ways of curbing online propaganda, but said Brown's plan had not yet been considered in detail. Not clear, for instance, was whether the plan would require new laws or different ways of enforcing existing regulations. British law already forbids the publication of statements likely to be seen as encouraging terrorism or the dissemination of terrorist material, such as bomb-making information, according to the Internet Watch Foundation, an EU-funded body that works with the British government to monitor and remove illegal online content. Under so-called "notice and take down" procedures, authorities, companies and individuals can demand that Internet service providers remove content considered to be unlawful. That includes child pornography, as well libelous, obscene or terrorist material, the group said. Although the removal of child pornography is relatively uncontroversial, service providers have expressed unhappiness at having to shut down their customers' sites over, for example, allegations of libel, where guilt is difficult to determine at a glance. They are unlikely to welcome similar demands over material that allegedly glorifies terrorism. Besides taking down their own customers' sites, service providers also might be pressured to block ones hosted abroad. The government might draw up a list of banned sites, similar to one the Internet Watch Foundation has maintained since 2004 and updates twice daily to block Britons from visiting child pornography sites hosted overseas. Another method might be to persuade search engines like Google Inc. or Yahoo Inc. to filter out prohibited content from their search results, or manage their searches so that the words "bomb," "al-Qaida," or "video" did not lead users to terrorist-related sites. But both these measures would do little to deter the computer-literate youth being targeted by al-Qaida, Ian Brown said. He noted that users could still swap terror-related content through file-sharing networks, discussion forums, or access material through sophisticated proxy servers and programs that allow users to browse the Net anonymously. Efforts to use Internet service providers to police online content amounted to a "censorship proposal" and was bound to be problematic, said John Gage, vice president and chief researcher for Sun Microsystems Inc. "It's one of these things that's going to be very difficult to implement," he said. Associated Press Writer Michael Astor in Rio de Janeiro, Brazil, contributed to this story. From rforno at infowarrior.org Thu Nov 15 04:44:34 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Nov 2007 23:44:34 -0500 Subject: [Infowarrior] - UK's 53 questions for all traveller anti-terror scan Message-ID: (all 53 questions are shown in a graphic on the article's webpage. Some of them are downright creepy -- 21, 22, 31, and 45 in particular.....not to mention the bit about possibly preventing those with unpaid speeding tickets from leaving the country....unbelievable over-reaching in the name of anti-terrorism..rf) Terror crackdown as passengers forced to answer 53 questions in airport inquisition http://www.dailymail.co.uk/pages/live/articles/news/news.html?in_article_id= 493912&in_page_id=1770 By JAMES SLACK - More by this author ? Last updated at 01:11am on 15th November 2007 Travellers face price hikes and confusion after the Government unveiled plans to take up to 53 pieces of information from anyone entering or leaving Britain. For every journey, security officials will want credit card details, holiday contact numbers, travel plans, email addresses, car numbers and even any previous missed flights. The e-borders system will monitor every passenger travelling into or out of the country The information, taken when a ticket is bought, will be shared among police, customs, immigration and the security services for at least 24 hours before a journey is due to take place. Anybody about whom the authorities are dubious can be turned away when they arrive at the airport or station with their baggage. Those with outstanding court fines, such as a speeding penalty, could also be barred from leaving the country, even if they pose no security risk. The information required under the "e-borders" system was revealed as Gordon Brown announced plans to tighten security at shopping centres, airports and ports. This could mean additional screening of baggage and passenger searches, with resulting delays for travellers. The e-borders scheme is expected to cost at least ?1.2billion over the next decade. Travel companies, which will run up a bill of ?20million a year compiling the information, will pass on the cost to customers via ticket prices, and the Government is considering introducing its own charge on travellers to recoup costs. Scroll down for more... graphic Critics warned of mayhem at ports and airports when the system is introduced, beginning in earnest from mid-2009. By 2014 every one of the predicted 305million passenger journeys in and out of the UK will be logged, with details stored about the passenger on every trip. The scheme will apply to every way of leaving the country, whether by ferry, plane, or small aircraft. It would apply to a family having a day out in France by Eurotunnel, and even to a yachtsman leaving British waters during the day and returning to shore. The measure applies equally to UK residents going abroad and foreigners travelling here. The information will be stored for as long as the authorities believe it is useful, allowing them to build a complete picture of where a person has been over their lifetime, how they paid and the contact numbers of who they stayed with. The Home Office, which yesterday signed a contract with U.S. company Raytheon Systems to run the computer system, said e-borders would help to keep terrorists and illegal immigrants out of the country. For the first time since embarkation controls were scrapped in 1998, they will also have a more accurate picture of who is in the UK at any one time. The personal information stored about every journey could prove vital in detecting a planned atrocity, officials insist. But the majority - around 60 per cent - of the journeys logged will be made by Britons, mostly going on family holidays or business trips. Ministers are also considering the creation of a list of "disruptive" passengers, so that authorities know in advance of any potential troublemaker, such as an abusive drunk. David Marshall of the Association of British Travel Agents said: "We are staggered at the projected costs. <>"It could also act as a disincentive to people wanting to travel, and we are sure that is not what the Government intends." Phil Booth, of the NO2ID group, warned travellers would pay a "stealth tax" on travel to pay for the scheme. He added: "This is a huge and utterly ridiculous quantity of personal information. This type of profiling will throw up many distressing errors and problems for innocent people. "We have already seen planes turned around mid-flight because a passenger's surname matches that of somebody on a watch list. "When the Government talks about e-borders, it gives the impression it is about keeping bad people out. In fact, it is a huge grab of personal information, and another move towards the database state." A pilot of the "e-borders" technology, known as Project Semaphore, has already screened 29million passengers. Immigration Minister Liam Byrne said: "Successful trials of the new system have already led to more than 1,000 criminals being caught and more than 15,000 people of concern being checked out by immigration, customs or the police." But Nick Clegg, Liberal Democrat Home Affairs spokesman, said: "The Government must not use legitimate fears or dangers to crop vast amounts of private information without proper safeguards." John Tincey, of the Immigration Service Union, said: "The question is are there going to be the staff to respond to the information that is produced? "In reality people could be missed. Potential terrorists could be coming through if there are not enough staff to check them." Shadow Home Secretary David Davis said: "While e-borders could be a useful tool to secure our borders it will not be up and running for at least another seven years. "And given the Government's woeful record on delivering IT based projects, it may well be over budget and over time. "In the meantime our borders remain porous. The Government should take practical measures to secure our borders, such as answering our call to establish a dedicated UK border police force." ? Restrictions on hand luggage carried on to passenger planes will be lifted from January. "Starting with several airports in the New Year, we will work with airport operators to ensure all UK airports are in a position to allow passengers to fly with more than one item of hand luggage," Gordon Brown said. The single bag rule was introduced in August last year after police said they foiled a plot to blow up U.S.-bound airliners. It caused chaos at Heathrow Airport and drew complaints from airlines. Restrictions on carrying liquids are expected to continue. From rforno at infowarrior.org Thu Nov 15 04:49:23 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Nov 2007 23:49:23 -0500 Subject: [Infowarrior] - Comcast Sued Over BitTorrent Blocking Message-ID: Comcast Sued Over BitTorrent Blocking - UPDATED By Ryan Singel EmailNovember 14, 2007 | 3:19:26 PMCategories: Copyrights and Patents http://blog.wired.com/27bstroke6/2007/11/comcast-sued-ov.html California man filed suit in state court Tuesday against internet service provider Comcast, arguing that the company's secret use of technology to limit peer-to-peer applications such as BitTorrent violates federal computer fraud laws, their user contracts and anti-fraudulent advertising statutes. Plaintiff Jon Hart, represented by the Lexington Law Group, argues that Comcast's promises of providing internet connections that let users "Download at Crazy Fast Speeds" are false and misleading since Comcast limits downloads by transmitting "unauthorized hidden messages to the computers of customers" who use peer-to-peer file sharing software. Hart wants the court to force Comcast to stop interfering with the traffic. He also wants the court to certify the suit as a class action and force Comcast to pay damages to himself and all other Comcast internet subscribers in California The suit (.pdf), which also claims the BitTorrent blocking is an unfair business practice, was filed in California Superior Court in Alameda County. Defendants have disseminated and continues to disseminate advertising, that they know or should reasonably know is false and misleading. This conduct includes, but is not limited to, promoting and advertising the fast speeds that apply to the Service without limitation, when, in fact, Defendants severely limit the speed of the Service for certain applications. It further includes Defendant's misrepresentations that their customers will enjoy "unfettered access" to all internet applications, when, in fact, Defendants not only fetter certain applications, but completely block them. Defendants know or reasonably should know that this advertising is false and misleading. In the suit, Hart says he upgraded to Comcast's Performance Plus service in September specifically to use the "blocked applications," and that nothing in the 22-page terms of agreement with Comcast indicated that the company throttles traffic. Though Comcast has yet to see the suit, Comcast spokesman Charlie Douglas pointed THREAT LEVEL to the company's FAQs about its traffic shaping and issued the following statement Comcast does not, has not, and will not block any websites or online applications, including peer-to-peer services. Our customers use the Internet for downloading and uploading files, watching movies and videos, streaming music, sharing digital photos, accessing numerous peer-to-peer sites, VOIP applications like Vonage, and thousands of other applications online. We have a responsibility to provide all of our customers with a good Internet experience and we use the latest technologies to manage our network so that they can continue to enjoy these applications. Comcast refuses to plainly explain what it does to control BitTorrent traffic, but independent analyses have shown that Comcast is severely throttling internet traffic that is using the popular file sharing protocol BitTorrent by sending fake "I'm finished" messages to users' BitTorrent programs. Those fake packets are also alleged to affect users of the mainstream business application Lotus Notes. The lawsuit charges those fake packets violate the federal Computer Fraud and Abuse Act. The BitTorrent protocol is used for sharing large files -- from pirated films to open-source OSs -- by having downloaders also serve as uploaders, even when they have only downloaded a portion of the file. Though almost nothing is publicly known about aggregate internet traffic, BitTorrent protocol traffic is often estimated to constitute 35% to 40% of internet traffic. ISP discrimination against certain kinds of traffic also violates established Federal Communications Commission policies on Net Neutrality, the suit argues. Comcast has yet to be served with the suit, according to Lexington Law Group attorney Mark Todzo. The firm is waiting to get an official copy of the suit back from the court and expects to serve Comcast later this week. Comcast will then have 30 days to answer the complaint or seek dismissal of the suit. The case is Hart v. Comcast. UPDATE: Comcast was working on an answer to THREAT LEVEL's questions when the story was posted, and their response was added as soon as the company got back to us. From rforno at infowarrior.org Thu Nov 15 04:52:22 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Nov 2007 23:52:22 -0500 Subject: [Infowarrior] - Feingold Targets Immunity For Telecoms Message-ID: Feingold Targets Immunity For Telecoms By Daniel W. Reilly Nov 14, 2007 http://www.cbsnews.com/stories/2007/11/14/politics/politico/thecrypt/main350 3457.shtml (The Politico) Sen. Russ Feingold (D-Wis.) will offer an amendment tomorrow to remove protections in an update of the Foreign Intelligence Surveillance Act for telecommunications companies that allegedly helped the administration monitor electronic communication in the wake of Sept. 11. Feingold's measure sets up another potential clash over President Bush?s electronic surveillance program. ?Granting retroactive immunity for companies that allegedly went along with this illegal program is unjustified and undermines the rule of law,? Feingold said in a statement. ?Not only would retroactive immunity set the terrible precedent that breaking the law is permissible and companies need not worry about the privacy of their customers, but it would likely prevent courts from ruling on the President?s illegal warrantless wiretapping program.? The amendment will be offered as the Senate Judiciary Committee takes up an update of the Foreign Intelligence Surveillance Act. Feingold?s amendment, however, faces several significant hurdles after the FISA legislation passed out of the Senate Select Intelligence Committee?which has shared jurisdiction on the measure--- with the immunity provisions still intact. However, Feingold has plenty of allies in his caucus, including Sen. Chris Dodd (D-Conn.), who has vowed to place a hold on the bill if it includes the immunity language. Copyright 2007 POLITICO From rforno at infowarrior.org Thu Nov 15 12:33:36 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Nov 2007 07:33:36 -0500 Subject: [Infowarrior] - Schneier: Did NSA Put a Secret Backdoor in New Encryption Standard? Message-ID: Did NSA Put a Secret Backdoor in New Encryption Standard? Commentary by Bruce Schneier Email 11.15.07 | 12:00 AM http://www.wired.com/politics/security/commentary/securitymatters/2007/11/se curitymatters_1115 Random numbers are critical for cryptography: for encryption keys, random authentication challenges, initialization vectors, nonces, key-agreement schemes, generating prime numbers and so on. Break the random-number generator, and most of the time you break the entire security system. Which is why you should worry about a new random-number standard that includes an algorithm that is slow, badly designed and just might contain a backdoor for the National Security Agency. Generating random numbers isn't easy, and researchers have discovered lots of problems and attacks over the years. A recent paper found a flaw in the Windows 2000 random-number generator. Another paper found flaws in the Linux random-number generator. Back in 1996, an early version of SSL was broken because of flaws in its random-number generator. With John Kelsey and Niels Ferguson in 1999, I co-authored Yarrow, a random-number generator based on our own cryptanalysis work. I improved this design four years later -- and renamed it Fortuna -- in the book Practical Cryptography, which I co-authored with Ferguson. The U.S. government released a new official standard for random-number generators this year, and it will likely be followed by software and hardware developers around the world. Called NIST Special Publication 800-90 (.pdf), the 130-page document contains four different approved techniques, called DRBGs, or "Deterministic Random Bit Generators." All four are based on existing cryptographic primitives. One is based on hash functions, one on HMAC, one on block ciphers and one on elliptic curves. It's smart cryptographic design to use only a few well-trusted cryptographic primitives, so building a random-number generator out of existing parts is a good thing. But one of those generators -- the one based on elliptic curves -- is not like the others. Called Dual_EC_DRBG, not only is it a mouthful to say, it's also three orders of magnitude slower than its peers. It's in the standard only because it's been championed by the NSA, which first proposed it years ago in a related standardization project at the American National Standards Institute. The NSA has always been intimately involved in U.S. cryptography standards -- it is, after all, expert in making and breaking secret codes. So the agency's participation in the NIST (the U.S. Commerce Department's National Institute of Standards and Technology) standard is not sinister in itself. It's only when you look under the hood at the NSA's contribution that questions arise. Problems with Dual_EC_DRBG were first described in early 2006. The math is complicated, but the general point is that the random numbers it produces have a small bias. The problem isn't large enough to make the algorithm unusable -- and Appendix E of the NIST standard describes an optional work-around to avoid the issue -- but it's cause for concern. Cryptographers are a conservative bunch: We don't like to use algorithms that have even a whiff of a problem. But today there's an even bigger stink brewing around Dual_EC_DRBG. In an informal presentation (.pdf) at the CRYPTO 2007 conference in August, Dan Shumow and Niels Ferguson showed that the algorithm contains a weakness that can only be described a backdoor. This is how it works: There are a bunch of constants -- fixed numbers -- in the standard used to define the algorithm's elliptic curve. These constants are listed in Appendix A of the NIST publication, but nowhere is it explained where they came from. What Shumow and Ferguson showed is that these numbers have a relationship with a second, secret set of numbers that can act as a kind of skeleton key. If you know the secret numbers, you can predict the output of the random-number generator after collecting just 32 bytes of its output. To put that in real terms, you only need to monitor one TLS internet encryption connection in order to crack the security of that protocol. If you know the secret numbers, you can completely break any instantiation of Dual_EC_DRBG. The researchers don't know what the secret numbers are. But because of the way the algorithm works, the person who produced the constants might know; he had the mathematical opportunity to produce the constants and the secret numbers in tandem. Of course, we have no way of knowing whether the NSA knows the secret numbers that break Dual_EC-DRBG. We have no way of knowing whether an NSA employee working on his own came up with the constants -- and has the secret numbers. We don't know if someone from NIST, or someone in the ANSI working group, has them. Maybe nobody does. We don't know where the constants came from in the first place. We only know that whoever came up with them could have the key to this backdoor. And we know there's no way for NIST -- or anyone else -- to prove otherwise. This is scary stuff indeed. Even if no one knows the secret numbers, the fact that the backdoor is present makes Dual_EC_DRBG very fragile. If someone were to solve just one instance of the algorithm's elliptic-curve problem, he would effectively have the keys to the kingdom. He could then use it for whatever nefarious purpose he wanted. Or he could publish his result, and render every implementation of the random-number generator completely insecure. It's possible to implement Dual_EC_DRBG in such a way as to protect it against this backdoor, by generating new constants with another secure random-number generator and then publishing the seed. This method is even in the NIST document, in Appendix A. But the procedure is optional, and my guess is that most implementations of the Dual_EC_DRBG won't bother. If this story leaves you confused, join the club. I don't understand why the NSA was so insistent about including Dual_EC_DRBG in the standard. It makes no sense as a trap door: It's public, and rather obvious. It makes no sense from an engineering perspective: It's too slow for anyone to willingly use it. And it makes no sense from a backwards-compatibility perspective: Swapping one random-number generator for another is easy. My recommendation, if you're in need of a random-number generator, is not to use Dual_EC_DRBG under any circumstances. If you have to use something in SP 800-90, use CTR_DRBG or Hash_DRBG. In the meantime, both NIST and the NSA have some explaining to do. - - - Bruce Schneier is CTO of BT Counterpane and author of Beyond Fear: Thinking Sensibly About Security in an Uncertain World. From rforno at infowarrior.org Thu Nov 15 14:19:53 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Nov 2007 09:19:53 -0500 Subject: [Infowarrior] - BSG's Ron Moore on the WGA Strike Message-ID: Jane Hamsher found this article by the Ron Moore, who is the showrunner for the great Battlestar Gallactica. It explains a lot. ?I had a situation last year on Battlestar Galactica where we were asked by Universal to do webisodes [Note: Moore is referring to The Resistance webisodes which ran before Season 3 premiered], which at that point were very new and ?Oooh, webisodes! What does that mean?? It was all very new stuff. And it was very eye opening, because the studio?s position was ?Oh, we?re not going to pay anybody to do this. You have to do this, because you work on the show. And we?re not going to pay you to write it. We?re not going to pay the director, and we?re not going to pay the actors.? At which point we said ?No thanks, we won?t do it.?? ?We got in this long, protracted thing and eventually they agreed to pay everybody involved. But then, as we got deeper into it, they said ?But we?re not going to put any credits on it. You?re not going to be credited for this work. And we can use it later, in any fashion that we want.? At which point I said ?Well, then we?re done and I?m not going to deliver the webisodes to you.? And they came and they took them out of the editing room anyway ? which they have every right to do. They own the material ? But it was that experience that really showed me that that?s what this is all about. If there?s not an agreement with the studios about the internet, that specifically says ?This is covered material, you have to pay us a formula - whatever that formula turns out to be - for use of the material and how it?s all done,? the studios will simply rape and pillage.? < - > http://www.crooksandliars.com/2007/11/14/battlestar-galacticas-ron-moore-on- the-wga-strike/ From rforno at infowarrior.org Thu Nov 15 14:22:08 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Nov 2007 09:22:08 -0500 Subject: [Infowarrior] - Vista in danger of being bypassed by businesses Message-ID: http://tinyurl.com/2ynlkm Vista in danger of being bypassed by businesses With many companies waiting for Vista SP1 and the next version of Windows due to be released in late 2009, Microsoft faces having businesses skip Vista completely By Elizabeth Montalbano, IDG News Service November 14, 2007 It will be one year that Windows Vista has been available to businesses on Nov. 30, yet many companies still are waiting until the release of Vista's first service pack to upgrade. But with Microsoft planning to release the next version of Windows, code-named Windows 7, in late 2009 or 2010, there remains a strong possibility that companies might skip over Vista altogether in favor of the next release of Windows. Microsoft provided an optimistic update on the state of Vista on Wednesday now that third-party companies have released more drivers and applications for the OS, smoothing over compatibility issues that plagued early adopters. According to Mike Nash, a vice president of product management for Windows client, the experience of running Vista on hardware that is certified for it "is a lot better today than it was a month ago and certainly a lot better than it was [last November]." Microsoft has said it will release a roll-up of updates for Vista, Windows Vista SP (Service Pack) 1, in the first quarter of next year, the same time frame in which it will release Windows Server 2008. Microsoft is hoping businesses upgrade to both products simultaneously, and it's expected that many companies that have factored Vista into their enterprise planning budgets will do just that. Nash said that Microsoft signed the highest number of enterprise licenses for Windows desktop ever at the end of fiscal year 2007, a fact he said bodes well for Vista enterprise adoption. "They wouldn't be licensing Windows desktop if they didn't have the intent to deploy Vista," he said. But despite Microsoft's rosy view on the future of business adoption of Vista, users of the OS said there are still enough problems with it that some companies may opt to wait until Windows 7 to update their worker desktops. Microsoft has said little about Windows 7 except it's in the works and should be out about three years after Vista, which was released to consumers in January following its business rollout. Users complain that Vista doesn't run well with older hardware -- either on PCs or with connected devices like printers that are a year or two old. Even on PCs that are supposedly meant to be optimized for Vista, there are still odd performance and compatibility issues with certain devices, applications, and OS features that make using it a less than optimal experience. For this reason, one East Coast IT consultant who specializes in Microsoft products said that unless Windows Vista SP1 really smooths over the problems people are having with Vista, "there's a good chance many people will hold on to XP until the next version of Windows." "They're just so many little usability issues," said the consultant, who asked not to be named, but who has nearly 20 years of experience with Microsoft software. "I can just imagine when the next one comes out, Microsoft will actually get it right and everyone will breathe a sigh of relief." Michael Cherry, an analyst with Directions on Microsoft who said he has experienced his own frustrations with Vista's quirky performance issues, agreed that if Microsoft releases Windows 7 on schedule, there may be "less of a need to upgrade to Vista" for businesses that follow the typical "every other release" rule for Windows. In Cherry's opinion, Windows XP Service Pack 2, a major security release for XP, was less a service pack than an upgrade to Windows. Businesses running this version of Windows may choose to bypass Vista and opt to install Windows 7 instead if it is released in the next few years, depending on where they are in their hardware upgrade cycle. The release of a third service pack for XP, which Microsoft has confirmed is in the works, supports this theory, since it adds "a couple more years" to the viability of XP in the enterprise. Still, one Microsoft partner thought that the possibility that businesses won't be adopting Vista in droves until 2008 means it may be Windows 7 that will be skipped over, not Vista. Brian Randell, a senior consultant with MCW Technologies in Los Angeles, acknowledged it was initially rough going with Vista because of hardware incompatibility problems. However, he said that these issues were more the fault of hardware vendors not preparing their products for Vista than Microsoft doing anything wrong. "Microsoft delivered a really solid OS," he said. "The fact is, for as long as Vista was in beta, the hardware vendors didn't seem to have their act together." Randell said that even companies that work closely with Microsoft have heard little about Windows 7 and that most are concerned more with what effect Vista SP1 will have on business adoption of the OS than on any future releases. From rforno at infowarrior.org Thu Nov 15 14:24:39 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Nov 2007 09:24:39 -0500 Subject: [Infowarrior] - Most at NYU say their vote has a price Message-ID: http://www.politico.com/news/stories/1107/6892.html Most at NYU say their vote has a price By: Lily Quateman - Washington Square News November 14, 2007 07:29 PM EST Two-thirds say they'll do it for a year's tuition. And for a few, even an iPod touch will do. That's what NYU students said they'd take in exchange for their right to vote in the next presidential election, a recent survey by an NYU journalism class found. Only 20 percent said they'd exchange their vote for an iPod touch. But 66 percent said they'd forfeit their vote for a free ride to NYU. And half said they'd give up the right to vote forever for $1 million. But they also overwhelmingly lauded the importance of voting. Ninety percent of the students who said they'd give up their vote for the money also said they consider voting "very important" or "somewhat important"; only 10 percent said it was "not important." Also, 70.5 percent said they believe that one vote can make a difference ? including 70 percent of the students who said they'd give up their vote for free tuition. The class ? "Foundations of Journalism," taught by journalism department chairwoman Brooke Kroeger ? polled more than 3,000 undergraduates between Oct. 24 and 26 to assess student attitudes toward voting. "The part that I find amazing is that so many folks think one vote can make a difference," Sociology Department Chairman Dalton Conley said. He added, "If we take them at their word, then perhaps they really think votes matter, and that's why someone might pay a year's tuition to buy theirs." Sixty percent of the students who said they'd give up their vote for tuition also described their families' income as upper-middle or high. Their reasons for giving up their votes varied. "At the moment, no candidate who truly represents my political beliefs has a chance of winning a presidential election," one male junior studying film and television at the Tisch School of the Arts wrote on the survey. "It is very easy to convince myself that my vote is not essential," wrote a female CAS sophomore. "After all, I'm from New York, which will always be a blue state." Other students wrote that they were disgusted by the thought. "I would be reversing history ? a lot of people fought so that every citizen could be enfranchised," said a female in her second year at the Stern School of Business. One CAS junior went even further, writing that "anyone who'd sell his lifelong right to vote should be deported." Lily Quateman reports for New York University's Washington Square News. Washington Square News is partnering with Campus Politico for the 2008 elections. From rforno at infowarrior.org Thu Nov 15 19:37:51 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Nov 2007 14:37:51 -0500 Subject: [Infowarrior] - 1.8 million pages of federal case law to become freely available Message-ID: 1.8 million pages of federal case law to become freely available. http://public.resource.org/case_law_announcement.html WASHINGTON, D.C. / SEBASTOPOL, CA?November 14, 2007?Public.Resource.Org and Fastcase, Inc. announced today that they will release a large and free archive of federal case law, including all Courts of Appeals decisions from 1950 to the present and all Supreme Court decisions since 1754. The archive will be public domain and usable by anyone for any purpose. ?The U.S. judiciary has allowed their entire work product to be locked up behind a cash register,? said Carl Malamud, CEO of Public.Resource.Org. ?Law is the operating system of our society and today's agreement means anybody can read the source for a substantial amount of case law that was previously unavailable.? Fastcase, the leading developer of next-generation American legal research, has agreed to provide Public.Resource.Org with 1.8 million pages of federal case law. This is a marked departure for the online legal research industry, which traditionally has charged expensive subscription fees to access this information. ?For eight years, Fastcase has been ahead of the market curve, working to democratize access to the law,? said Ed Walters, CEO of Fastcase, Inc. ?At the same time, we have been advancing the science of search, combining the precision of traditional legal research with the simplicity of Web-based searches.? Fastcase has reversed the traditional subscription model for lawyers, contracting directly with 11 state bar associations to make the national law library free for lawyers in their states. ?Through this agreement with Public.Resource.Org, we are proud to expand our efforts beyond lawyers, and to make more of the law available to the general public at no cost,? Walters said. The agreement calls for definitive paperwork approved by both parties within 30 days with Public.Resource.Org making developer snapshots of the archive available in early 2008. Public.Resource.Org is represented by the Electronic Frontier Foundation in this transaction. The cases will be marked with a new Creative Commons mark?CC-??that signals that there are no copyrights or other related rights attached to the content. This transaction represents a one-time purchase of a copy of data. This corpus will be integrated into the ongoing public services from organizations such as AltLaw and the Legal Information Institute, thus providing continuity of coverage into the future. Further announcements will be forthcoming on the availability of other case law, including Federal District and pre-1949 Appellate decisions. Public.Resource.Org intends to perform an initial transformation on the federal case law archive obtained from Fastcase using open source ?star? mapping software, which will allow the insertion of markers that will approximate page breaks based on user-furnished parameters such as page size, margins, and fonts. ?Wiki? technology will be used to allow the public to move around these ?star? markers, as well as add summaries, classifications, keywords, alternate numbering systems for citation purposes, and ratings or ?diggs? on opinions. Media Contacts Lisa Miller Carl Malamud Fleishman-Hillard/Fastcase, Inc. Public.Resource.Org +1.202.857.2209 +1.707.827.7290 lisa.miller at fleishman.com carl at media dot org About Fastcase Fastcase is the leading American provider of next-generation legal research, making the law accessible to more people by providing the national law library at a fraction of the cost of traditional companies. Using patented software that combines the best of legal research with the best of Web search, Fastcase helps busy legal professionals sift through the clutter, ranking the best cases first and enabling users to re-sort results to find answers fast. Founded in 1999, Fastcase has more than 275,000 paid subscribers from around the world. It is an American company based in Washington, D.C. For more information, visit www.fastcase.com. About Public.Resource.Org Public.Resource.Org was founded in 2007 to spearhead the creation of public works projects for the Internet. A 501(c)(3) registered public charity, Public.Resource.Org has worked across all three branches of the U.S. government to enhance the public domain. ?1110? From rforno at infowarrior.org Fri Nov 16 04:04:13 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Nov 2007 23:04:13 -0500 Subject: [Infowarrior] - DHS sponsoring CCTV Privacy Workshop Message-ID: http://cryptome.org/dhs111307.htm [Federal Register: November 13, 2007 (Volume 72, Number 218)] [Notices] [Page 63918-63919] >From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr13no07-76] ======================================================================= ----------------------------------------------------------------------- DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Notice Announcing Public Workshop AGENCY: Privacy Office, Department of Homeland Security (DHS). ACTION: Notice Announcing Public Workshop. ----------------------------------------------------------------------- SUMMARY: The Department of Homeland Security Privacy Office will host a public workshop, CCTV: Developing Privacy Best Practices. DATES: The two-day workshop will be held on December 17, 2007, from 8:30 a.m. to 5 p.m. and on December 18, 2007, from 8:30 a.m. to 12:30 p.m. ADDRESSES: The workshop will be held in the Gallery Ballroom at the Hilton Arlington Hotel, Arlington, VA (Ballston Metro). FOR FURTHER INFORMATION CONTACT: Toby Milgrom Levin, DHS Privacy Office, Department of Homeland Security, Washington, DC 20528; by telephone 703-235-0780; by facsimile 703[dash]235-0790; or by e-mail at privacyworkshop at dhs.gov. SUPPLEMENTARY INFORMATION: The Department of Homeland Security (DHS) Privacy Office is holding a public workshop to bring together leading government, academic, policy, and international experts to discuss the impact on privacy and civil liberties of closed circuit television (CCTV). This workshop will provide a forum to begin a discussion to inform development of best practices for the use of CCTV by government agencies. This public workshop is particularly timely given that government agencies at all levels are expressing interest in the use of CCTV, and DHS has awarded a number of grants that have been used to facilitate its use. The workshop will explore how CCTV technology can be used in a manner that respects the privacy and civil liberties of the American public. Development of best practices for the use of this technology will aid in building public trust that privacy and civil liberties will be considered when making decisions to use CCTV. The two-day workshop will consist of a series of panel discussions exploring a variety of perspectives regarding the use of CCTV, including technology, law enforcement, community, international, and legal and policy perspectives. The workshop will culminate in a panel discussion on best practices for CCTV, during which panelists will share their various perspectives and individual recommendations. Workshop attendees will have an opportunity to ask questions after each panel. The workshop is open to the public, and no fee is required for attendance. Topics for Comment: To develop a comprehensive record regarding best practices for CCTV, the DHS Privacy Office also invites interested parties to submit written comments as described below. Comments should be received on or before Friday, November 30, 2007, and should be as specific as possible. The Privacy Office is particularly interested in receiving comments on the following topics: 1. Are there existing state, local, or international programs that have developed privacy and civil liberties guidelines for CCTV that can serve as resources for the development of best practices? 2. How can CCTV systems be designed in a manner that respects privacy and civil liberties? 3. What measures are necessary to protect privacy and civil liberties when governments have the ability to link into privately owned CCTV networks or have access to images and footage that such networks have captured? 4. How can Privacy Impact Assessments (PIAs) be used as a means of protecting privacy in this area? What would make for an effective PIA? How can government agencies incorporate the findings of PIAs into their CCTV networks and guidelines? 5. What are the privacy and civil liberties best practices you would recommend for government use of CCTV? All submissions received must include the docket number: DHS-2007- 0076. Written comments may be submitted by any one of the following methods: E-mail: privacyworkshop at dhs.gov. Include ``CCTV Workshop Comment'' in the subject line of the message. Facsimile: 703-235-0442. Mail: Toby Milgrom Levin, Department of Homeland Security, Washington, DC 20528. All written comments received will be posted without alteration on the http://www.dhs.gov/privacy Web page for this workshop, including any personal contact information provided. Registration: In order to assist us in planning for the workshop, we ask that attendees register in advance. To register, please send an e-mail to privacyworkshop at dhs.gov with ``CCTV Workshop Registration'' in the subject line, and your name and organizational affiliation, if any, in the body of the e-mail. Alternatively, you may call 703-235- 0780 to register and to provide the DHS Privacy Office with your name and organizational affiliation, if any. The Privacy Office will only use this information for purposes of planning this workshop and to contact you in the event of any logistical changes. An agenda and logistical information will be posted on the workshop web page shortly before the event. A written transcript will be posted on the web page following the event. Special Assistance: Persons with disabilities who require special assistance should indicate this in their [[Page 63919]] registration request and are encouraged to identify anticipated special needs as early as possible. Dated: November 5, 2007. Hugo Teufel III, Chief Privacy Officer, Department of Homeland Security. [FR Doc. E7-22127 Filed 11-9-07; 8:45 am] BILLING CODE 4410-10-P From rforno at infowarrior.org Fri Nov 16 12:42:38 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Nov 2007 07:42:38 -0500 Subject: [Infowarrior] - Panel Drops Immunity From Eavesdropping Bill Message-ID: Panel Drops Immunity From Eavesdropping Bill By JAMES RISEN http://www.nytimes.com/2007/11/16/washington/16nsa.html?_r=1&oref=slogin&pag ewanted=print WASHINGTON, Nov. 15 ? Reflecting the deep divisions within Congress over granting legal immunity to telephone companies for cooperating with the Bush administration?s program of wiretapping without warrants, the Senate Judiciary Committee approved a new domestic surveillance law on Thursday that sidestepped the issue. By a 10 to 9 vote, the committee approved an overhaul of the Foreign Intelligence Surveillance Act that dropped a key provision for immunity for telecommunications companies that another committee had already approved. The Senate leadership will have to decide how to deal with the immunity question on the Senate floor. On Thursday night, the House voted 227 to 189, generally along party lines, to approve its own version of the FISA bill, which also does not include immunity. But the administration has made clear that President Bush will veto any bill that does not include what it considers necessary tools for government eavesdropping, including the retroactive immunity for phone carriers that took part in the National Security Agency?s wiretapping program after the Sept. 11 attacks. Since the N.S.A. program was disclosed nearly two years ago, the major telephone companies have been sued by civil liberties groups and others, who argue that the companies violated the privacy rights of millions of Americans. After lobbying by the telecommunications industry and the White House, the Senate Select Committee on Intelligence agreed to the legal protection last month. Under a complicated legislative process, the Intelligence Committee?s bill had to be considered by the Judiciary Committee before it could go to the floor of the Senate for a vote. Because the two committees could not agree, Senator Harry Reid of Nevada, the majority leader, will determine which proposals will be considered by the full Senate, said a spokeswoman for the Judiciary Committee. ?The full Senate will yet need to resolve the immunity issue,? Senator Patrick J. Leahy, the Vermont Democrat who is chairman of the Judiciary Committee, said in a statement after the committee vote. Even as Mr. Leahy sent the bill to the full Senate without dealing with the immunity issue, there were efforts by leading Democrats and Republicans to strike a compromise. Senator Arlen Specter of Pennsylvania, the ranking Republican on the panel, is pushing a plan that would substitute the federal government as the defendant in the lawsuits against the telecommunications companies. That would mean that the government, not the companies, would pay damages in successful lawsuits. Senator Sheldon Whitehouse, Democrat of Rhode Island, said in an interview after the vote Thursday that he would support a compromise along the lines of the Specter proposal. Mr. Whitehouse was one of two Democrats who voted against an amendment proposed by Senator Russ Feingold, Democrat of Wisconsin, that would have banned immunity for the companies. ?I think there is a good solution somewhere in the middle,? Mr. Whitehouse said. Senator Dianne Feinstein, a California Democrat who also opposed Mr. Feingold?s measure, pleaded with Mr. Leahy to defer the immunity issue because she wants more time to consider several compromise proposals. In the House, Republicans complained before the vote on Thursday that Democrats had blocked efforts to change the final bill through parliamentary procedures. Representative Dan Lungren, Republican of California, said the Democrats were playing ?political games? on ?one of the single most important issues we will deal with this year or this Congress.? The plan, Mr. Lungren charged, would tie the hands of the N.S.A. and give ?greater protection to Osama bin Laden than an American citizen? by preventing intelligence officials from disseminating intercepts that had been inadvertently collected. But Democrats and said their bill struck the right balance between protecting the United States from another terrorist attack and protecting the rights of Americans. The vote, said Representative Rush D. Holt of New Jersey, was ?another chance to get things right? after what he characterized as the flawed bill that was hurriedly passed by Congress in August before its summer recess. The Senate Intelligence Committee?s bill was the result of a compromise between Senator John D. Rockefeller IV, the West Virginia Democrat who is chairman of the panel, and the White House. Mr. Rockefeller agreed to the immunity measure, and in exchange won the administration?s support for other provisions that would provide greater court oversight of the government?s eavesdropping operations. From rforno at infowarrior.org Sat Nov 17 00:35:58 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Nov 2007 19:35:58 -0500 Subject: [Infowarrior] - Anti-P2P college bill advances in House Message-ID: Anti-P2P college bill advances in House By Anne Broache http://www.news.com/Anti-P2P-college-bill-advances-in-House/2100-1028_3-6218 834.html Story last modified Thu Nov 15 16:16:39 PST 2007 WASHINGTON--The U.S. House of Representatives has taken a step toward approving a Hollywood-backed spending bill requiring universities to consider offering "alternatives" and "technology-based deterrents" to illegal peer-to-peer file sharing. In the House Education and Labor Committee's mammoth College Opportunity and Affordability Act (PDF) lies a tiny section, which dictates universities that participate in federal financial aid programs "shall" devise plans for "alternative" offerings to unlawful downloading, such as subscription-based services, or "technology-based deterrents to prevent such illegal activity." The committee unanimously approved the bill Thursday. Supporters and opponents of the proposal disagree, however, on what the penalty would be for failure to comply with the new rules. The proposed requirements would be added to a section of existing federal law dealing with federal financial aid. Some university representatives and fair-use advocates worry that schools run the risk of losing aid for their students if they fail to come up with the required plans. "The language in the bill appears to be clear that failure to carry out the mandates would make an institution ineligible for participation in at least some part of Title IV (which deals with federal financial aid programs)," Steven Worona, director of policy and networking programs for the group Educause, said in a telephone interview Thursday. Worona acknowledged that "there does appear to be a great deal of confusion with respect to what penalties would be involved in not carrying out the mandates in this bill." Still, Educause, which represents college and university network operators, continues to "strongly oppose these mandates," he said. House committee aides respond that failure to craft those antipiracy plans would not imperil financial aid awards. A fact sheet distributed by the committee this week attempts to dispel "myths" that it argues are being circulated by "supporters of intellectual property theft." "The provisions do ask colleges, to the extent practicable, to develop plans for offering students alternative legal ways to file share, as well as plans to prevent file sharing, but this would not be included in the financial aid program participation agreements colleges enter into with the U.S. Department of Education," committee spokeswoman Rachel Racusen told CNET News.com in an e-mail after Thursday's vote. "Contrary to what critics are saying, these provisions would not put students or colleges at risk for losing financial aid." Nor would the bill strip away financial aid if schools fail to stop piracy on their campuses, to sign up for "legal" subscription media services like Ruckus.com and Napster for their student body, to report student violations, or to implement any specific antipiracy policies, Racusen said. The only piracy-related information that schools would have to provide to their students and employees in conjunction with their financial aid agreements is a description of "the policies and procedures related to the illegal downloading and distribution of copyrighted materials," Racusen said. If institutions fail to heed the new rules, it would be up to the Department of Education to decide the consequences, a committee aide said. For related reporting requirements, such as school safety plans, that has typically involved simply keeping after universities to provide the mandated information, the aide added. That reporting requirement was also the core of an amendment offered by Senate Majority Leader Harry Reid and approved this summer as part of his chamber's counterpart higher education bill. University representatives have called that provision a "reasonable compromise." But in an earlier draft of that amendment, Reid also wanted to require the Secretary of Education to devise a list of the 25 schools with the highest levels of illegal peer-to-peer file sharing, based on entertainment industry statistics. For those 25 institutions, their financial aid would have been conditioned on devising "a plan for implementing a technology-based deterrent to prevent the illegal downloading or peer-to-peer distribution of intellectual property," according to university groups that opposed the measure. That means the House provision, by expanding that requirement to all schools, not just the 25 on the watch-list, is seemingly broader than the original Senate amendment, according to Educause's Worona. After an outcry from universities, Reid ultimately scrapped that idea. Opponents question fairness, privacy issues The Association of American Universities wrote a letter to House committee leaders last week urging them not to revive that idea in their own forthcoming higher education bill. The letter was signed by the chancellor of the University of Maryland system, the president of Stanford University, the general counsel of Yale University, and the president of Pennsylvania State University. "Such an extraordinarily inappropriate and punitive outcome would result in all students on that campus losing their federal financial aid--including Pell grants and student loans that are essential to their ability to attend college, advance their education, and acquire the skills necessary to compete in the 21st-century economy," they wrote last week. "Lower-income students, those most in need of federal financial aid, would be harmed most under the entertainment industry's proposal." An AAU spokesman said Thursday that his organization still has concerns about the final provision in the approved House bill but declined to elaborate, indicating the group is prioritizing other areas of the bill that cause schools greater heartburn. Other opponents of the antipiracy provisions argue that merely requiring such a plan from universities at all, regardless of the penalties involved, is misguided. The Electronic Frontier Foundation, for instance, argued that pressuring schools to strike deals with content providers could indirectly raise the cost of students' tuition, as schools will inevitably pass the costs of legal download services on to students in some fashion. Another concern from opponents is the possibility of privacy invasions brought on by the technology-based deterrents schools would be encouraged--albeit not explicitly required--to adopt. In addition to the "plan" requirement, one section of the bill would offer voluntary grants over the next five years for schools, in partnership with outside organizations, to use toward efforts to concoct effective, reasonably priced antipiracy technology tools. Opponents argue those tools amount to spying on students' network activities. Gigi Sohn, president of Public Knowledge, a group that advocates for preservation of fair-use rights, said she doesn't buy the committee's arguments that no penalties will arise if universities don't develop antipiracy plans. "If it had no teeth, (the Motion Picture Association of America) would be criticizing it," she said in a telephone interview. The MPAA, for its part, has heartily endorsed the provisions, with CEO Dan Glickman saying in a statement upon the bill's introduction: "We are pleased to see that Congress is taking this step to help keep our economy strong by protecting copyrighted material on college campuses." From rforno at infowarrior.org Sat Nov 17 00:42:16 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Nov 2007 19:42:16 -0500 Subject: [Infowarrior] - Hacking the iPhone Message-ID: Hacking the iPhone Just how vulnerable is your iPhone if someone wants to intercept your email or record your conversations? Pretty vulnerable. http://www.fastcompany.com/articles/2007/11/hacking-the-iphone.html -- Video iPhone Hack Demonstration: Watch security expert Rik Farrow steal emails, bug conversations, and read web-browsing histories using his laptop. http://www.fastcompany.com/multimedia/2007/11/hacking-the-iphone.html From rforno at infowarrior.org Sat Nov 17 00:49:40 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Nov 2007 19:49:40 -0500 Subject: [Infowarrior] - Ruling Blocks Challenge to Wiretapping Message-ID: Ruling Blocks Challenge to Wiretapping By ERIC LICHTBLAU Published: November 16, 2007 http://www.nytimes.com/2007/11/16/washington/16cnd-nsa.html?_r=1&hp&oref=slo gin WASHINGTON, Nov. 16 ? A federal appeals court said today that secrecy laws forced it to exclude critical evidence about the National Security Agency?s domestic eavesdropping program from being used by an Islamic charity in a lawsuit even though the mere existence of the program could no longer be considered a ?state secret.? The complex ruling was a victory for the Bush administration and signaled trouble for civil rights groups that are trying to show that the eavesdropping program was unconstitutional and to hold telecommunications companies liable for carrying it out. The Al-Haramain Islamic Foundation, a charity in Oregon, had perhaps the best evidence of anyone that it had been a target of the wiretapping program, based on a top secret document mistakenly given to the group in 2004. But the ruling by the United States Court of Appeals for the Ninth Circuit, based in San Francisco, found that evidence about the document could not be introduced in court because it fell under the ?state secrets? privilege invoked by the government. The court, reversing a lower court ruling, said the trial judge had made ?a commendable effort to thread the needle? but that its final ruling in allowing the evidence was flawed. However, the appeals court split off from its ruling a separate claim made by more than 40 groups against the telecommunications companies, and it has yet to rule on whether those lawsuits were covered by the state secrets privilege as well. A lawyer for the group leading that part of the lawsuit, the Electronic Frontier Foundation, said in an interview that he was heartened by the appeals court?s clear rejection of the government?s claim everything involved in the eavesdropping program should be considered a state secret. That could bode well for the remaining piece of the case, said the lawyer, Kevin Bankston. Indeed, the appeals court spent most of its 27-page ruling explaining why the eavesdropping program should not be considered a state secret. It listed numerous public statements, including those by President Bush, former attorney general Alberto R. Gonzales, and the director of the Central Intelligence Agency, Michael V. Hayden, about details of the program. And it said: ?In light of extensive government disclosures? about the Terrorist Surveillance Program, ?the government is hard-pressed to sustain its claim that the very subject matter of the litigation is a state secret.? The judges on the panel were M. Margaret McKeown, Michael Daly Hawkins and Harry Pregerson. Judges McKeown and Hawkins were nominated by President Bill Clinton, which Judge Pregerson was a nominee of President Jimmy Carter. In presenting the charity case before the lower court, its lawyers had also argued that warrantless eavesdropping of telephone conversations between its directors and lawyers violated the Foreign Intelligence Surveillance Act, which established a secret court to issue top secret surveillance warrants authorized by a judge, The Associated Press reported. Today, the appeals court did keep the charity?s lawsuit alive, if barely, by sending the lawsuit back to a trial court in Portland, Ore., to determine if that law governing the wiretapping of suspected terrorists trumps the state secrets law. The appeals court said that ?the F.I.S.A. issue remains central to Al-Haramain?s ability to proceed with this lawsuit.? More Articles in Washington ? From rforno at infowarrior.org Sat Nov 17 16:56:43 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 Nov 2007 11:56:43 -0500 Subject: [Infowarrior] - Cox also disrupting P2P Traffic (via DSLReports) In-Reply-To: <20071117162757.GA2483@gsp.org> Message-ID: ------ Forwarded Message From: Rich K (Credit to Mike Masnick of techdirt.com for pointing this out.) http://www.dslreports.com/shownews/Cox-Also-Disrupting-P2P-Traffic-89481 From rforno at infowarrior.org Sun Nov 18 01:43:13 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 Nov 2007 20:43:13 -0500 Subject: [Infowarrior] - Crypto: Adding Math to List of Security Threats Message-ID: November 17, 2007 Adding Math to List of Security Threats By JOHN MARKOFF http://www.nytimes.com/2007/11/17/technology/17code.html?_r=1&oref=slogin&pa gewanted=print SAN FRANCISCO, Nov. 16 ? One of the world?s most prominent cryptographers issued a warning on Friday about a hypothetical incident in which a math error in a widely used computing chip places the security of the global electronic commerce system at risk. Adi Shamir, a professor at the Weizmann Institute of Science in Israel, circulated a research note about the problem to a small group of colleagues. He wrote that the increasing complexity of modern microprocessor chips is almost certain to lead to undetected errors. Historically, the risk has been demonstrated in incidents like the discovery of an obscure division bug in Intel?s Pentium microprocessor in 1994 and, more recently, in a multiplication bug in Microsoft?s Excel spreadsheet program, he wrote. A subtle math error would make it possible for an attacker to break the protection afforded to some electronic messages by a popular technique known as public key cryptography. Using this approach, a message can be scrambled using a publicly known number and then unscrambled with a secret, privately held number. The technology makes it possible for two people who have never met to exchange information securely, and it is the basis for all kinds of electronic transactions. Mr. Shamir wrote that if an intelligence organization discovered a math error in a widely used chip, then security software on a PC with that chip could be ?trivially broken with a single chosen message.? Executing the attack would require only knowledge of the math flaw and the ability to send a ?poisoned? encrypted message to a protected computer, he wrote. It would then be possible to compute the value of the secret key used by the targeted system. With this approach, ?millions of PC?s can be attacked simultaneously, without having to manipulate the operating environment of each one of them individually,? Mr. Shamir wrote. The research note is significant, cryptographers said, in part because of Mr. Shamir?s role in designing the RSA public key algorithm, software that is widely used to protect e-commerce transactions from hackers. ?The remarkable thing about this note is that Adi Shamir is saying that RSA is potentially vulnerable,? said Jean-Jacques Quisquater, a professor and cryptographic researcher at the Universit? Catholique de Louvain in Belgium. Mr. Shamir is the S in RSA; he, Ronald Rivest and Leonard Adleman developed it in 1977. Because the exact workings of microprocessor chips are protected by laws governing trade secrets, it is difficult, if not impossible, to verify that they have been correctly designed, Mr. Shamir wrote. ?Even if we assume that Intel had learned its lesson and meticulously verified the correctness of its multipliers,? he said, ?there are many smaller manufacturers of microprocessors who may be less careful with their design.? The class of problem that Mr. Shamir described has been deeply explored by cryptography experts, said Paul Kocher, who is president of Cryptography Research, a consulting and design firm in San Francisco. However, he added that it illustrated how small flaws could subvert even the strongest security. An Intel spokesman noted that the flaw was a theoretical one and something that required a lot of contingencies. ?We appreciate these and we look at everything,? said George Alfs, an Intel spokesman. In e-mail correspondence after he sent the note, Mr. Shamir said he had no evidence that anyone is using an attack like the one he described. From rforno at infowarrior.org Mon Nov 19 01:18:10 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Nov 2007 20:18:10 -0500 Subject: [Infowarrior] - Comment on e-mail footers Message-ID: This from an anonymous friend; I agree 100% with his sentiments and will also add my pet peeve being those 2-paragraph email footers that get quoted and requoted and nauseum within the same message as part of an email discussion. Competent professionals know these footers are meaningless, yet they continue to be used with reckless abandon. Come to think of it, whoever said "first kill all the lawyers" might be on to something..........rf < - from my friend - > Over the past few days I have received some emails from employees of Deloitte. These emails have a disclaimer on the bottom, which is pretty silly to begin with, but the Deloitte disclaimer includes the line "Any disclosure, copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. [v.E. 1]" If I can't take any action after receiving your message, **why the hell are you writing to me?** Is Deloitte saying that I'm not allowed to copy your message into my "saved messages" folder? What if the message was, "Get out! There's a murderer in the house!" Am I allowed to leave my house? Or does Deloitte require me to stay put? Can we please, for the love of all things sane, get rid of work mandated legally toothless email footers? From rforno at infowarrior.org Mon Nov 19 01:43:45 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Nov 2007 20:43:45 -0500 Subject: [Infowarrior] - More on....stupid email disclaimers Message-ID: (definitely worth a repost........rf) Stupid E-mail Disclaimers and the Stupid Users that Use Them Wed Oct 4 16:24:32 EDT 2006 http://attrition.org/security/rants/z/disclaimers.html From rforno at infowarrior.org Mon Nov 19 03:08:19 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Nov 2007 22:08:19 -0500 Subject: [Infowarrior] - Americans close the book on recreational reading Message-ID: Americans close the book on recreational reading By Greg Toppo, USA TODAY http://www.usatoday.com/news/education/2007-11-18-reading-decline_N.htm WASHINGTON ? Despite rising education levels, a decade of Harry Potter and the near-ubiquity of big-chain bookstores, Americans of every age are reading less and less for pleasure these days, according to an analysis being released today by the National Endowment for the Arts. The decline, the study warns, could have grim consequences as people tune out books, tune in popular culture and become less socially and civically engaged. "We've got a public culture which is almost entirely commercial- and novelty-driven," says NEA chairman Dana Gioia. "I think it's letting the nation down." The study gathers decades of data on Americans' reading habits and finds that, at every age group, we're reading less. Most of the data have appeared in private, government and university surveys, but today's report is the first to combine them into a single portrait. It suggests that the demands of school, work and family ? and the ascendancy of other forms of entertainment ? have marginalized recreational reading for millions of Americans. Among the findings: ?Only 38% of adults in 2006 said they had spent time reading a book for pleasure the previous day. ?65% of college freshmen in 2005 said they read little or nothing for pleasure. ?30% of 13-year-olds in 2004 said they read for fun "almost every day," down from 35% in 1984. Gioia, a poet, calls the decline "probably the single most important social issue in the United States today." The findings, he says, should be a wake-up call to educators to change the way they teach literature at every level. "There used to be the assumption that if someone went to college, they would become a lifelong reader ? and the numbers bore it out. What we're seeing right now is that we're no longer producing readers. We're producing B.A.s and M.A.s and Ph.D.s." Gioia also wants mainstream media to wake up to how they can promote good books in unlikely ways. He notes that when a character in the 1994 film Four Weddings and a Funeral recited a few lines of W.H. Auden's poem Funeral Blues, the poet briefly became a best seller. "I guarantee that if we could expand the coverage in the media, you'd immediately see people responding," he says. "People are looking for things to do that aren't dumb. I don't think that Americans are dumber than before, but I do believe our public culture is." From rforno at infowarrior.org Mon Nov 19 03:15:49 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Nov 2007 22:15:49 -0500 Subject: [Infowarrior] - UK: A putsch on civil liberties and freedoms? Message-ID: We must not tolerate this putsch against our freedoms http://www.guardian.co.uk/commentisfree/story/0,,2212990,00.html A few journalists and MPs are prepared to fight the government's sinister anti-libertarianism. More people should join them Henry Porter Sunday November 18, 2007 The Observer Welcome to Fortress Britain, a fortress that will keep people in as well as out. Welcome to a state that requires you to answer 53 questions before you're allowed to take a day trip to Calais. Welcome to a country where you will be stopped, scanned and searched at any of 250 railways stations, filmed at every turn, barked at by a police force whose behaviour has given rise to a doubling in complaints concerning abuse and assaults. Three years ago, this would have seemed hysterical and Home Office ministers would have been writing letters of complaint. But it is a measure of how fast and how far things have gone that it does nothing more than describe the facts as announced last week. We now accept with apparent equanimity that the state has the right to demand to know, among other things, how your ticket has been paid for, the billing address of any card used, your travel itinerary and route, your email address, details of whether your travel arrangements are flexible, the history of changes to your travel plans plus any biographical information the state deems to be of interest or anything the ticket agent considers to be of interest. There is no end to Whitehall's information binge. The krill of personal data is being scooped up in ever-increasing quantities by a state that harbours a truly bewildering fear of the free, private and self-determined individual, who may want to take himself off to Paris without someone at home knowing his movements or his credit card number. Combined with the ID card information, which comes on stream in a few years' time, the new travel data means there will be very little the state won't be able to find out about you. The information will be sifted for patterns of travel and expenditure. Conclusions will be drawn from missed planes, visits extended, illness and all the accidents of life, and because this is a government database, there will be huge numbers of mistakes that will lead to suspicion and action being taken against innocent people. Those failing to provide satisfactory answers will not be allowed to travel and then it will come to us with a leaden regret that we have in practice entered the era of the exit visa, a time when we must ask permission from a security bureaucrat who insists on further and better particulars in the biographical section of the form. Ten, 15 or more years on, we will be resigned to the idea that the state decides whether we travel or not. Who pays for the ?1.2bn cost over the next decade? You will, with additional charges made by your travel agent and in a new travel tax designed to recoup the cost of the data collection. But much of the money will go to Raytheon Systems, the US company that developed the cruise missile and which, no coincidence, has embedded itself in Labour's information project by supporting security research at the party's favourite think-tank, the Institute for Public Policy Research. The odour that arises from the Home Office contract with Raytheon is as nothing compared to that created last week when the Home Secretary and Prime Minister used the announcement of the 'E-borders' scheme as well as increased security at shopping centres, airports and railway stations to create an atmosphere that would push MPs to double the time a terrorist suspect can be held without trial. It also helped to divert attention from the mess in another Home Office database concerning upwards of 10,000 security guards who may be illegal immigrants. On detention without trial, no new arguments have been produced by Gordon Brown. He won't say how many days he wants and he won't answer David Davis, the shadow Home Secretary, who points out that all the necessary powers to keep people in jail after a large-scale attack are provided in the Civil Contingencies Act 2004. To this, Brown replies that declaring a state of emergency would give terrorists 'the oxygen of publicity'. How does he square this absurd statement with the high alert being sounded by police, politicians and spies over the past two weeks, which has given the greatest possible publicity to the power of the Muslim extremists to change our lives? The truth is that while his government limps, heaves and splutters with an incompetence only matched by its unearthly sense of entitlement, the Prime Minister has become fixated with this issue as though it were a virility test. So his chief Security Minister, Lord West of Spithead, who had voiced his doubts about raising detention without trial on Radio 4, was hauled into Number 10 to have his thoughts rearranged. Less than an hour later, he appeared like an off-duty ballroom dancing champion and adjusted his conviction as though it was no more than a troublesome knot in his very plump, very yellow silk tie. He will not resign of course. What is a mere principle placed against his recent elevation to the Lords and the thrilling proximity to power? How have we allowed this rolling putsch against our freedom? Where are the principled voices from left and right, the outrage of playwrights and novelists, the sit-ins, the marches, the swelling public anger? We have become a nation that tolerates a diabetic patient collapsed in a coma being tasered by police, the jailing of a silly young woman for writing her jihadist fantasies in verse and an illegal killing by police that was prosecuted under health and safety laws. Is it simply that the fear of terrorism has stunned us? The threat is genuine and the government is right to step up some security measures, but let us put it into perspective by reminding ourselves that in the period since 7/7, about 6,000 people have been killed on our roads. And let's not forget the bombings, assassinations, sieges, machine-gunning of restaurants and slaughter that occurred on mainland Britain during the IRA campaign. We survived these without giving up our freedoms . Or is there some greater as yet undefined malaise that allows a sinister American corporation to infiltrate the fabric of government and supply a system that will monitor everyone going abroad? I cannot say, but I do know that an awful lot depends on the 40 or so Labour MPs needed to defeat Brown's proposals on pre-trial detention. They should be given every encouragement to defy the whips on the vote, which is expected within the next fortnight It is important that the press has moved to the side of liberty. The Daily Mail, which I wrongly excluded from the roll of honour last week, attacked Jacqui Smith for 'her utter contempt for privacy' and warned against the travel delays and inevitable failure of another expensive government database. And Timothy Garton Ash, who has so far stayed above the fray, wrote in the Guardian last week that 'we have probably diminished our own security by overreacting, alienating some who might not otherwise have been alienated'. Labour MPs should listen to these voices. The Prime Minister is found of quoting Churchill, so I will again: 'If you will not fight for the right when you can easily win without bloodshed, if you will not fight when your victory will be sure and not costly, you may come to the moment when you will have to fight with all the odds against you and only precarious chance for survival.' henry.porter at observer.co.uk From rforno at infowarrior.org Mon Nov 19 13:57:16 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Nov 2007 08:57:16 -0500 Subject: [Infowarrior] - RIAA told to show cause why .edu subpoenas shouldn't be quashed Message-ID: RIAA told to show cause why .edu subpoenas shouldn't be quashed By Eric Bangeman | Published: November 18, 2007 - 10:49PM CT http://arstechnica.com/news.ars/post/20071118-riaa-told-to-show-cause-why-ed u-subpoenas-shouldnt-be-quashed.html A federal judge in Washington, DC, has handed the RIAA another setback in its campaign against on-campus file-sharing. In Arista v. Does 1-19, a case brought against 19 George Washington University students by the Big Four record labels, Judge Colleen Kollar-Kotelly has ordered the RIAA to show cause why the ex parte subpoenas issued to GWU shouldn't be quashed. Judge Kollar-Kotelly's order comes in response to a motion filed by Doe number three last week. In that motion, the unnamed student asked the judge to quash the subpoena, arguing that the RIAA was relying on the wrong law to obtain the subpoena, and furthermore, that there was no applicable law that authorized the issue of ex parte subpoenas to colleges and universities. The RIAA typically relies on the Cable Communications Policy Act to obtain the names and addresses of suspected file-sharers in its lawsuits. Doe three argued that, since GWU is a university and not a cable provider, the CCPA could not be used to authorize a subpoena. Doe three's argument followed a ruling in Interscope v. Does 1-7, a case brought against seven students at the College of William and Mary. The judge in that case told the RIAA that the CCPA wasn't applicable, and that the only avenue available to it was the DMCA. One problem: the RIAA never issued any takedown notices, which are required by the DMCA before a lawsuit can be filed. And it looks like there's no way a DMCA notice could be issued in a campus file-sharing case. Only entities that host, cache, or transmit infringing content can be served with DMCA takedown notices, and GWU did none of the above. As a result, Doe three argues, the RIAA should be unable to obtain the subpoenas at all. Judge Kollar-Kotelly has apparently found the student's argument compelling. Her Order to Show Cause (available from the Recording Industry vs The People), directs the RIAA to submit a motion to convince her why she shouldn't quash all 19 of the subpoenas. The judge notes the opinion in Interscope v. Does 1-7, also mentioning a ruling in RIAA v. Verizon in which the Court of Appeals for the DC Circuit ruled that the DMCA was not applicable to file-sharing cases. With few exceptions, the music industry has largely had its way in court with its over 25,000 file-sharing lawsuits. Colleges have been a different matter entirely, however, and if judges in the various on-campus file-sharing cases find the arguments made in Arista v. Does 1-19 and Interscope v. Does 1-7 convincing, it could have the effect of putting the brakes on the RIAA's lawsuits against college students. From rforno at infowarrior.org Mon Nov 19 17:08:54 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Nov 2007 12:08:54 -0500 Subject: [Infowarrior] - Apple Secretly Tracking iPhone IMEI and Usage Message-ID: EXCLUSIVE: Apple Secretly Tracking iPhone IMEI and Usage (with proof) http://uneasysilence.com/archive/2007/11/12686/ As I sit here applying a new layer of Reynolds tin foil to my international hat of conspiracy, its been proven that Apple tracks iPhone usage and tracks IEMI numbers of all their iPhones worldwide. Hidden in the code of the ?Stocks? and ?Weather? widgets is a string that sends the IMEI of your phone to a specialized URL that Apple collects. When the widgets perform a query an IMEI is handed off to Apple?s servers: dgw?imei=%@&apptype=finance This let[s] Apple knows which app you are using when connecting with your iPhone. Obviously, they know the IP address you were using, the stocks companies you are interested [in], and so they can track down their customers all around the world. This also proves that there are probably other apps that do the same. Weather.app is also acting the same way. (Offset 13AE0) Any attempts to modify the URL to exclude the IMEI information will not allow you to retrieve any information in the ?Stocks? and ?Weather? apps. It is still unknown if any other applications leak information to Apple HQ. And did you know you actually consented to this gross invasion of privacy? When you interact with Apple, we may collect personal information relevant to the situation, such as your name, mailing address, phone number, email address, and contact preferences; your credit card information and information about the Apple products you own, such as their serial numbers and date of purchase; and information relating to a support or service issue. Obviously ?Weather? is kinda benign, but Apple knowing your Stock habits, isn?t that a little personal? What?s next, they read your email too? Now who thinks I?m crazy? From rforno at infowarrior.org Mon Nov 19 17:51:48 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Nov 2007 12:51:48 -0500 Subject: [Infowarrior] - WH Homeland Security Adviser Resigns Message-ID: November 19, 2007 Homeland Security Adviser Resigns By BRIAN KNOWLTON http://www.nytimes.com/2007/11/19/washington/19cnd-townsend.html?hp=&pagewan ted=print WASHINGTON, Nov. 19 ? Frances Fragos Townsend, the White House adviser on terrorism and homeland security, whose tough and aggressive approach had made her one of President George W. Bush?s most trusted aides, has resigned. In a statement issued by the White House this morning, the president said that Ms. Townsend ?has played an integral role in the formation of the key strategies and policies my administration has used to combat terror and protect Americans.? ?We are safer today because of her leadership,? he said. The statement gave no reason for Ms. Townsend?s departure. Ms. Townsend, 45, a street-wise onetime mob prosecutor in Manhattan whose hard-driving style led coworkers to call her ?The Hurricane,? has been the homeland security adviser since May 28, 2004, serving during a time of bitter debate over the Iraq war and its impact on the fight against terrorism, and the remaking of American intelligence agencies. Mr. Bush gave her the task of ensuring that the prickly bureaucracies at the F.B.I., the Central Intelligence Agency and the Pentagon changed their ways after expert panels studying the Sept. 11 attacks concluded that as a group the American spy agencies were dysfunctional. While Ms. Townsend?s tenure saw no major terror attacks on United States soil, it also yielded scant progress in fighting the Al Qaeda leadership in Pakistan, a failure that Ms. Townsend acknowledged this summer. Even before the latest political crisis in Pakistan, a vital ally, American officials were expressing doubts that the government of General Pervez Musharraf was losing the fight in the rugged northwest region where Osama bin Laden is thought to be hiding. Her departure is the latest in a series by top Bush advisers and confidants this year, including the president?s political adviser, Karl Rove; his senior adviser, Dan Bartlett; his spokesman, Tony Snow; his attorney general and former White House counsel, Alberto Gonzales; and from a post in the State Department, Mr. Bush?s longtime friend and communications adviser, Karen Hughes. Ms. Townsend grew up in Wantagh, N.Y., a Long Island suburb, and graduated from American University and the University of San Diego Law School. She returned to New York to take a job in the Brooklyn district attorney?s office, where she gained the attention and support of two prominent federal prosecutors: Louis J. Freeh, who later served as F.B.I. director, and Rudolph W. Giuliani, who became mayor of New York and is now running for president. While he was United States attorney, Mr. Giuliani recruited Ms. Townsend to run his office?s organized-crime unit, where she impressed peers with her tough face-to-face interviews of reputed mob figures. She then moved to the Justice Department in Washington for 13 years, becoming a trusted adviser in the Clinton administration to Attorney General Janet Reno. When Mr. Bush became president, the new attorney general, John Ashcroft, dropped her, presumably for being too close to Ms. Reno, and in the summer of 2001, she became the Coast Guard?s intelligence chief. It was a ?backwater? job, she quipped at the time ? until the attacks of Sept. 11 propelled it, and her, to greater prominence, and ultimately into the president?s circle of advisors. From rforno at infowarrior.org Mon Nov 19 21:26:56 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Nov 2007 16:26:56 -0500 Subject: [Infowarrior] - More on... Apple Secretly Tracking iPhone IMEI and Usage Message-ID: > From: "Jens" > Hi! > > Maybe that info isn?t correct after all. Check this blog: > http://docpool.org/iphone/Apple%20does%20NOT%20SEND%20the%20IMEI.en.html > > It seems that he IMEI string also appears in the old OS X widgets (on Tiger > and Leopard) and also in the iPod Touch widgeds... > > For some reason there seems to be a bit of a which hunt going on right now, > doesn?t it? > I don?t want to defend Apple for some grave mistakes they may have done, > like having all apps run as root on the iPhone, but somehow it seems that > all of a sudden the whole Apple thing went from a beautiful advanced system > to something worse than Windows... > > Don?t think so... > > Regards, > Jens > > PS: And one of the readers in the uneasysilence blog has the right idea in > my opinion: why not sniffer the communication to see what?s really being > transmitted instead of simply assuming that the string MUST mean that Apple > checks which stock markets and weather forecasts people are interested in... > I?ve ordered my iPhone (and am looking forward to it) and I will surely > check who it talks to and what. From rforno at infowarrior.org Sun Nov 25 17:25:09 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Nov 2007 12:25:09 -0500 Subject: [Infowarrior] - Questions and Answers on Terrorist List Message-ID: Questions and Answers on Terrorist List http://tinyurl.com/2yyoq3 By MICHAEL J. SNIFFEN and EILEEN SULLIVAN ? Nov 9, 2007 WASHINGTON (AP) ? Watch-list screening is best known ? and widely reviled ? for putting Sen. Ted Kennedy, Rep. John Lewis, the wife of Sen. Ted Stevens, a few infants and thousands of innocent U.S. residents through extensive searching and questioning before they were allowed to fly. Since the terrorist attacks of 2001, the government has stepped up its screening of travelers to try to find possible terrorists. The key weapon has been the watch list, and it's barred hundreds of suspected terrorists from entering the country. Federal officials combined a dozen different lists into one unified terrorist watch list and the number of names on it soared from 12 on Sept. 11, 2001, to more than 880,000 today. That contributed to the extra questioning of Democrats Kennedy of Massachusetts and Lewis of Georgia and the wife of Stevens, an Alaska Republican. It also has led to a growing backlog of appeals for relief from people who are on the list or are being mistaken for similarly named people on the list. But there's widespread public confusion about how the system works and how it's used by different agencies across the country. Q: Who is on the terrorist watch list? A: There are about 300,000 people on the watch list who the government knows or suspects may have links to terrorism. Less than 5 percent of these people are U.S. citizens or foreigners legally living in the country. Some confusion and problems stem from the fact that these 300,000 individuals are represented by 880,000 different names on the list, because a separate record is created for each alias or alternate ID. Even different spellings can create a separate record. Q: How does someone get on the list? A: Any agency can nominate a person to the list, but the FBI and CIA screen all nominations and make the final decisions. The FBI has said if there is enough evidence against a person to open a preliminary FBI investigation because of suspected terrorist links, that name will be placed on the list. An anonymous phone call about someone isn't enough by itself. The CIA has said its standards are somewhat subjective. Q: How does someone get off the list? A: If an FBI investigation determines a person has no link to terrorism, that name will be removed from the list. The CIA has refused to tell congressional investigators its standards for removal. Q. Who operates the list? A. The FBI's Terrorist Screening Center maintains and distributes the list, or parts of it, to other federal agencies that use it to screen travelers and even to 750,000 state and local police who can access it to check people they stop. Q: Is the terrorist watch list the same as other programs, such as the ones used in airports for air travel? A: Not exactly. The no-fly list which can keep a traveler from boarding a plane and the selectee list which tags domestic airline passengers for extra searching and questioning at airports are much smaller portions of the terrorist watch list. It takes more evidence of terrorist links to get on these smaller sections of the list than it does to get on the full list. Q: Do any other agencies use the list? A: Yes. The State Department consular service, which issues travel visas to foreigners who want to visit the U.S., gets a version of the list that includes everyone but U.S. citizens and legal immigrants. The Customs and Border Protection agency uses the full list to screen arriving and departing international travelers on planes and ships. Q: Are there ways to get off these lists? A: Yes, there are ways to get off the full watch list and the smaller portions of it used by Homeland Security Department agencies like the Transportation Security Administration. The FBI's Terrorist Screening Center has a redress program where people can request to be removed from the list. But that process takes an average of 67 days. The Homeland Security Department's redress program, DHS TRIP, processes appeals as well. Since that office opened Feb. 26, it has received 16,000 requests for redress, and 7,400 of those have been completed. Each request takes about 44 days to process, and people can track the progress of their requests online. Most of the people who appeal are not actually on the terrorist watch list, but they were misidentified at the airport usually because they have a name similar to someone who is on the watch list. Q: Is there any relief for those people who are constantly being stopped because authorities are confusing them with someone on a version of the list? A: The DHS TRIP program puts such people on a so-called cleared list that is circulated to the airlines. Customs and Border Protection operates its own cleared list for international travelers, called Primary Lookout Override. It's a computerized system that automatically suppresses a match on Customs computers at the borders the next time a person who previously generated a false match is encountered (unless new derogatory information has come in). >From inception in February 2006 through September 2007, Customs has put 71,487 names on the override list. Q. With all these checks, why do so many people get mistakenly stopped or questioned ? sometimes repeatedly ? trying to board domestic airplane flights? A. Matching names without biometric identifiers like fingerprints will always generate some mistakes. In addition, screening for domestic air travelers is now done by each airline. They don't all have immediate access to the most updated no-fly or selected lists or cleared lists, and they have different procedures. Q. Can't this be improved? A. DHS says its proposed Secure Flight program would be a substantial improvement. The government would take over matching passenger names with watch lists from the airlines. DHS says then screeners would all use up-to-date lists and the same procedures and standards for everyone. Q. When will Secure Flight begin? A. It was scheduled to begin its testing this fall but is short of money. DHS says if Congress doesn't approve the $74 million President Bush has requested for the program, it will have to delay tests, suspend contracts and postpone the rollout. With prompt funding, DHS says it could implement Secure Flight sometime next year. Q: Has the watch list led to arrests of terrorists? A: Yes, a few. But the government has never issued a precise figure on the number. It also has led to arrests of people for other crimes. And it has barred people from entering the United States, including in 2006 alone, 269 foreigners judged to present an unacceptable risk of committing a terrorist act. From rforno at infowarrior.org Sun Nov 25 17:29:21 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Nov 2007 12:29:21 -0500 Subject: [Infowarrior] - =?iso-8859-1?q?The_Secret_Strategies_Behind_Many_?= =?iso-8859-1?q?=B3_Viral_=B2_Videos?= Message-ID: The Secret Strategies Behind Many ?Viral? Videos Dan Ackerman Greenberg This guest post was written by Dan Ackerman Greenberg, co-founder of viral video marketing company The Comotion Group and lead TA for the Stanford Facebook Class. Dan will graduate from the Stanford Management Science & Engineering Masters program in June. Have you ever watched a video with 100,000 views on YouTube and thought to yourself: ?How the hell did that video get so many views?? Chances are pretty good that this didn?t happen naturally, but rather that some company worked hard to make it happen ? some company like mine. When most people talk about ?viral videos,? they?re usually referring to videos like Miss Teen South Carolina, Smirnoff?s Tea Partay music video, the Sony Bravia ads, Soulja Boy - videos that have traveled all around the internet and been posted on YouTube, MySpace, Google Video, Facebook, Digg, blogs, etc. - videos with millions and millions of views. Over the past year, I have run clandestine marketing campaigns meant to ensure that promotional videos become truly viral, as these examples have become in the extreme. In this post, I will share some of the techniques I use to do my job: to get at least 100,000 people to watch my clients? ?viral? videos. < - > http://www.techcrunch.com/2007/11/22/the-secret-strategies-behind-many-viral -videos/ From rforno at infowarrior.org Sun Nov 25 17:31:22 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Nov 2007 12:31:22 -0500 Subject: [Infowarrior] - More on...comment on e-mail footers In-Reply-To: <3.0.5.32.20071121232025.00c97048@pop.fuse.net> Message-ID: ------ Forwarded Message From: David K http://www.realtime-itcompliance.com/privacy_and_compliance/2007/10/email_se curity_and_privacy_ny.htm >>>> Email Security and Privacy: NY Hospital Retention Ruling Points Out Importance of Policies and Awareness On October 17, 2007, there was a very interesting ruling regarding a doctor's email communications sent to an attorney and the associated attorney privilege. In the matter of Scott v Beth Israel Med. Ctr. Inc. the New York Supreme Court found that the doctor's email messages to his attorneys using the hospital network were not privileged and could be retained by the hospital even though the doctor wanted the hospital to stop retaining his messages and delete all emails related to his communications with his lawyers. Some key points from the case: * Every message Dr. Scott's lawyers sent to Dr. Scott's BI email address contained the following message: "This message is intended only for the use of the Addressee and may contain information that is privileged and confidential. If you are not the intended recipient, you are hereby notified that any dissemination of this communication is strictly prohibited. If you have received this communication in error, please erase all copies of the message and its attachments and notify us immediately." However, the court was not impressed by this; with regard to this they ruled, "However, even the New York State Bar Association has stated, "a lawyer who uses technology to communicate with clients must use reasonable care with respect to such communication, and therefore must assess the risks attendant to the use of that technology and determine if the mode of transmission is appropriate under the circumstances."" From rforno at infowarrior.org Sun Nov 25 17:35:05 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Nov 2007 12:35:05 -0500 Subject: [Infowarrior] - Cellphone Tracking Granted Without Probable Cause Message-ID: Cellphone Tracking Powers on Request Secret Warrants Granted Without Probable Cause By Ellen Nakashima Washington Post Staff Writer Friday, November 23, 2007; A01 http://www.washingtonpost.com/wp-dyn/content/article/2007/11/22/AR2007112201 444_pf.html Federal officials are routinely asking courts to order cellphone companies to furnish real-time tracking data so they can pinpoint the whereabouts of drug traffickers, fugitives and other criminal suspects, according to judges and industry lawyers. In some cases, judges have granted the requests without requiring the government to demonstrate that there is probable cause to believe that a crime is taking place or that the inquiry will yield evidence of a crime. Privacy advocates fear such a practice may expose average Americans to a new level of government scrutiny of their daily lives. Such requests run counter to the Justice Department's internal recommendation that federal prosecutors seek warrants based on probable cause to obtain precise location data in private areas. The requests and orders are sealed at the government's request, so it is difficult to know how often the orders are issued or denied. The issue is taking on greater relevance as wireless carriers are racing to offer sleek services that allow cellphone users to know with the touch of a button where their friends or families are. The companies are hoping to recoup investments they have made to meet a federal mandate to provide enhanced 911 (E911) location tracking. Sprint Nextel, for instance, boasts that its "loopt" service even sends an alert when a friend is near, "putting an end to missed connections in the mall, at the movies or around town." With Verizon's Chaperone service, parents can set up a "geofence" around, say, a few city blocks and receive an automatic text message if their child, holding the cellphone, travels outside that area. "Most people don't realize it, but they're carrying a tracking device in their pocket," said Kevin Bankston of the privacy advocacy group Electronic Frontier Foundation. "Cellphones can reveal very precise information about your location, and yet legal protections are very much up in the air." In a stinging opinion this month, a federal judge in Texas denied a request by a Drug Enforcement Administration agent for data that would identify a drug trafficker's phone location by using the carrier's E911 tracking capability. E911 tracking systems read signals sent to satellites from a phone's Global Positioning System (GPS) chip or triangulated radio signals sent from phones to cell towers. Magistrate Judge Brian L. Owsley, of the Corpus Christi division of the Southern District of Texas, said the agent's affidavit failed to focus on "specifics necessary to establish probable cause, such as relevant dates, names and places." Owsley decided to publish his opinion, which explained that the agent failed to provide "sufficient specific information to support the assertion" that the phone was being used in "criminal" activity. Instead, Owsley wrote, the agent simply alleged that the subject trafficked in narcotics and used the phone to do so. The agent stated that the DEA had " 'identified' or 'determined' certain matters," Owsley wrote, but "these identifications, determinations or revelations are not facts, but simply conclusions by the agency." Instead of seeking warrants based on probable cause, some federal prosecutors are applying for orders based on a standard lower than probable cause derived from two statutes: the Stored Communications Act and the Pen Register Statute, according to judges and industry lawyers. The orders are typically issued by magistrate judges in U.S. district courts, who often handle applications for search warrants. In one case last month in a southwestern state, an FBI agent obtained precise location data with a court order based on the lower standard, citing "specific and articulable facts" showing reasonable grounds to believe the data are "relevant to an ongoing criminal investigation," said Al Gidari, a partner at Perkins Coie in Seattle, who reviews data requests for carriers. Another magistrate judge, who has denied about a dozen such requests in the past six months, said some agents attach affidavits to their applications that merely assert that the evidence offered is "consistent with the probable cause standard" of Rule 41 of the Federal Rules of Criminal Procedure. The judge spoke on condition of anonymity because of the sensitivity of the issue. "Law enforcement routinely now requests carriers to continuously 'ping' wireless devices of suspects to locate them when a call is not being made . . . so law enforcement can triangulate the precise location of a device and [seek] the location of all associates communicating with a target," wrote Christopher Guttman-McCabe, vice president of regulatory affairs for CTIA -- the Wireless Association, in a July comment to the Federal Communications Commission. He said the "lack of a consistent legal standard for tracking a user's location has made it difficult for carriers to comply" with law enforcement agencies' demands. Gidari, who also represents CTIA, said he has never seen such a request that was based on probable cause. Justice Department spokesman Dean Boyd said field attorneys should follow the department's policy. "We strongly recommend that prosecutors in the field obtain a warrant based on probable cause" to get location data "in a private area not accessible to the public," he said. "When we become aware of situations where this has not occurred, we contact the field office and discuss the matter." The phone data can home in on a target to within about 30 feet, experts said. Federal agents used exact real-time data in October 2006 to track a serial killer in Florida who was linked to at least six murders in four states, including that of a University of Virginia graduate student, whose body was found along the Blue Ridge Parkway. The killer died in a police shooting in Florida as he was attempting to flee. "Law enforcement has absolutely no interest in tracking the locations of law-abiding citizens. None whatsoever," Boyd said. "What we're doing is going through the courts to lawfully obtain data that will help us locate criminal targets, sometimes in cases where lives are literally hanging in the balance, such as a child abduction or serial murderer on the loose." In many cases, orders are being issued for cell-tower site data, which are less precise than the data derived from E911 signals. While the E911 technology could possibly tell officers what building a suspect was in, cell-tower site data give an area that could range from about three to 300 square miles. Since 2005, federal magistrate judges in at least 17 cases have denied federal requests for the less-precise cellphone tracking data absent a demonstration of probable cause that a crime is being committed. Some went out of their way to issue published opinions in these otherwise sealed cases. "Permitting surreptitious conversion of a cellphone into a tracking device without probable cause raises serious Fourth Amendment concerns especially when the phone is in a house or other place where privacy is reasonably expected," said Judge Stephen William Smith of the Southern District of Texas, whose 2005 opinion on the matter was among the first published. But judges in a majority of districts have ruled otherwise on this issue, Boyd said. Shortly after Smith issued his decision, a magistrate judge in the same district approved a federal request for cell-tower data without requiring probable cause. And in December 2005, Magistrate Judge Gabriel W. Gorenstein of the Southern District of New York, approving a request for cell-site data, wrote that because the government did not install the "tracking device" and the user chose to carry the phone and permit transmission of its information to a carrier, no warrant was needed. These judges are issuing orders based on the lower standard, requiring a showing of "specific and articulable facts" showing reasonable grounds to believe the data will be "relevant and material" to a criminal investigation. Boyd said the government believes this standard is sufficient for cell-site data. "This type of location information, which even in the best case only narrows a suspect's location to an area of several city blocks, is routinely generated, used and retained by wireless carriers in the normal course of business," he said. The trend's secrecy is troubling, privacy advocates said. No government body tracks the number of cellphone location orders sought or obtained. Congressional oversight in this area is lacking, they said. And precise location data will be easier to get if the Federal Communication Commission adopts a Justice Department proposal to make the most detailed GPS data available automatically. Often, Gidari said, federal agents tell a carrier they need real-time tracking data in an emergency but fail to follow up with the required court approval. Justice Department officials said to the best of their knowledge, agents are obtaining court approval unless the carriersprovide the data voluntarily. To guard against abuse, Congress should require comprehensive reporting to the court and to Congress about how and how often the emergency authority is used, said John Morris, senior counsel for the Center for Democracy and Technology. Staff researcher Richard Drezen contributed to this report. From rforno at infowarrior.org Sun Nov 25 17:37:54 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Nov 2007 12:37:54 -0500 Subject: [Infowarrior] - UK 2017: under surveillance Message-ID: UK 2017: under surveillance By Neil Mackay http://www.sundayherald.com/news/heraldnews/display.var.1741454.0.uk_2017_un der_surveillance.php IT is a chilling, dystopian account of what Britain will look like 10 years from now: a world in which Fortress Britain uses fleets of tiny spy-planes to watch its citizens, of Minority Report-style pre-emptive justice, of an underclass trapped in sink-estate ghettos under constant state surveillance, of worker drones forced to take on the lifestyle and values of the mega-corporation they work for, and of the super-rich hiding out in gated communities constantly monitored by cameras and private security guards. This Orwellian vision of the future was compiled on the orders of the UK's information commissioner - the independent watchdog meant to guard against government and private companies invading the privacy of British citizens and exploiting the masses of information currently held on each and every one of us - by the Surveillance Studies Network, a group of academics. On Friday, this study, entitled A Report on the Surveillance Society, was picked over by a select group of government mandarins, politicians, police officers and academics in Edinburgh. It is unequivocal in its findings, with its first sentence reading simply: "We live in a surveillance society." The information commissioner, Richard Thomas, endorses the report. He says: "Today, I fear that we are, in fact, waking up to a surveillance society that is already all around us." The academics who compiled the study based their vision of the future not on wild hypotheses but on existing technology, statements made about the intentions of government and private companies and studies by other think tanks, regulators, professional bodies and academics. The report authors say that they believe the key theme of the future will be "pervasive surveillance" aimed at tracking and controlling people and pre-empting behaviour. The authors also say that their glimpse of the future is "fairly conservative. The future spelled out in the report is nowhere near as dystopian and authoritarian as it could be." Here's how 2017 might look... BorderGuard The Jones family are returning to Britain from holiday in America. "It's hard to know the difference between the two countries by what the family experience at the border," say the Surveillance Report authors. Britain, America, all EU countries and all members of the G10 have outsourced their immigration and border control services to massive private companies. In this vignette, the futurologists give the company the name BorderGuard. Thanks to the never-ending war on terror, these governments have developed "smart borders" using hidden surveillance technologies. Cameras and scanners at passport control monitor faces, irises and fingerprints checking them off against records of biometric passports, or the British ID card system. BorderGuard has access to state and transnational databases and can also data-mine information on individuals - such as consumer transactions - via a paid-for service provided by specialist companies trading in information held on every individual in the land. For families like the Joneses, crossing borders is relatively swift and painless. The wealth of information held on them means they can be quickly identified and processed. But citizens of nations not signed up to the BorderGuard scheme face hostile and lengthy investigations while crossing frontiers. Racial profiling is now the norm. Asian features inevitably mean being pulled to one side - whether or not you carry a biometric passport or ID card. Brandscapes Retail chains and mega-malls now use huge shared databases - which began with data-mining reward card information - to create a "brandscape" for every shopper. Smart tags buried in a shopper's clothing "talk" to scanners in shops. The system then connects to consumer databases, revealing where the clothing was bought and by whom and what other purchases the person has made. The system knows who you are, where you live, what you like and don't like. Intelligent billboards at eye level then immediately flash up adverts dove-tailed to the consumer profile of the individual. The wealthiest consumer-citizen can even become a "cashless shopper". For ?200, a chip can be implanted in the human body which is loaded with a person's bank and credit details. From then on, it's their arm that will be scanned in a shop, not their credit card. "Cashless shoppers" also get first-class service in mega-malls, with special lounges, spas and massage facilities reserved only for them. Urban myths, however, are springing up that muggers are targeting these elite consumers and cutting the chip from their arms. There are also concerns about hackers being able to upload viruses to the chip or empty the chipholder's account. Tagged Kids Scandals about child abductions and murders during school hours mean teachers prefer tagging a child to facing legal liability for their injury in a court. Drug testing in schools has also become an accepted part of life following pressure by the government to identify problem children earlier and earlier in life. What children eat in schools is also monitored by parents, as boys and girls are required to swipe their school card every time they visit the canteen. The card contains information on school attendance, academic achievement, drug-test results, internet access and sporting activities. The card's records are used to assess whether the child has passed or failed their citizenship programme. Shops are also monitoring children in order to tap into the lucrative youth market."Children," the report says, "are gradually becoming socialised into accepting body surveillance, location tracking and the remote monitoring of their dietary intake as normal." Elites and Proles Most cities are divided between gated private communities, patrolled by corporate security firms (which keep insurance costs to a minimum) and high-crime former council estates. On most estates, private companies are tasked to deal with social evils. Offenders have the option of having a chip voluntarily implanted in their arm so they can be monitored at home using scanners and sensors. Estates can be subject to "area-wide curfews", following outbursts of antisocial behaviour, which ban anyone under 18 from entering or leaving the estate from dusk until dawn. Community wardens armed with Tasers enforce the law. CCTV cameras can be viewed by residents at home on their television's security channel. In gated communities, meanwhile, no-one can get in or out unless their car's number plate is authorised by the automatic number plate recognition (ANPR) devices located on gates. There are now so many ANPR cameras across the land that it's almost impossible to drive the length of a street without details of your car being logged by the state. The aesthetics of surveillance Security has been "aestheticised" - incorporated into the design of architecture and infrastructure - so that it is almost unnoticeable now. "It is ubiquitous but it has disappeared," the report authors say. Anti-suicide-bomber bollards outside embassies and government buildings are secreted in the ground, only being activated in an emergency when passers-by breach the range of security sensors. Anti-government protesters are monitored by small remote-control spy-planes, which were introduced for the 2012 London Olympics but remained a permanent fixture. CCTV is now embedded at eye level in lamp-posts to enable the use of facial recognition technology. Protest and virtual surveillance Following protests, individual demonstrators can be monitored by camera until private security contractors for the local authority in which the demo took place get a chance to question them. Helmet-mounted cameras scan the biometrics of anyone being questioned. All guards and police are also now monitored by surveillance devices in their handheld computers. Ironically, this has triggered civil liberties concerns within the police union. The report uses two "protesters", Ben and Aaron, as an example of how police might treat dissenters. When they are taken into custody by private security guards in Westminster, Ben undergoes the usual DNA swab, which is analysed instantaneously, and hands over his ID card for scanning. ID cards are still theoretically voluntary, but not having one makes life almost impossible. Aaron is a refusenik and doesn't own a card. That means he can't apply for a government job or claim benefits or student loans. He can't travel by plane or even train. To make matters worse, Aaron is a young black man - meaning he is deemed a "high category suspect" and is routinely stopped and brought in to the nearest police station for questioning. Once Ben is released, police monitoring systems piggy-back on his hand-held device to track him as he travels across the city. He's also been put on a communications watchlist which means all his internet and e-mail traffic is saved by his ISP and passed to police. As most phone calls are online now, police also get access to these communications as well. Call centre drones Call centres monitor everything that staff do and surveillance information is used to recruit staff. Potential employees are subjected to biometric and psychometric testing, as well as lifestyle surveys. "Their lives outside work," the authors say, "and their background, are the subject of scrutiny. It is felt to be increasingly important that the lifestyle profile of the employee match those of the customers to ensure better customer service." Recruitment consultants now frequently discard any CV which does not contain volunteered health information. Once hired, staff are subjected to sporadic biometric testing which point to potential health and psychological problems. Thanks to iris-scanning at a gym connected to the company, employees can be pulled up at annual assessments for not maintaining their health. Periodic psychometric testing also reveals if staff attitudes have changed and become incompatible with company values. Big Brother is looking after you Homes in the ever-growing number of retirement villages are fitted with the "telecare" system, with motion detectors in every room, baths with inbuilt heart monitors, toilets which measure blood sugar levels and all rooms fitted with devices to detect fire, flood and gas leaks. Panic buttons are also installed in every room. Fridges have RFID scanners which tell the neighbourhood grocery store that pensioners are running short on provisions. The goods are then delivered direct to the doorstep. Huge databases in hospitals are able to compare tests on patients throughout the country. This allows doctors to red-flag risk factors earlier than ever before, meaning that a patient's statistical risk of suffering, for example, a heart attack, are predicted with much greater accuracy. The NHS will be locked in a battle with insurance companies who want access to health information for commercial purposes. The temptation for the NHS is the large amounts of money on offer. The authors point out that Iceland sold its national DNA database to private companies for research and profit in 2004. The data shadow Those rich enough can sign up to "personal information management services" (Pims) which monitor all the information that exists about an individual - a person's so-called "data shadow". The Pims system corrects incorrect information held by government or private companies. Those who can't afford Pims have to live with the impact that incorrect data can have on their lives, such as faulty credit ratings. "Some are condemned to a purgatory of surveillance and an inability to access information," the report authors say. But for other people total surveillance has become an accepted way of life. Some voluntarily carry out surveillance on their whole lives - so-called "life-logging" where an individual uploads online details in realtime about everything they do. From rforno at infowarrior.org Sun Nov 25 19:41:16 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Nov 2007 14:41:16 -0500 Subject: [Infowarrior] - Hey, Young Americans, Here's a Text for You Message-ID: (Reminiscent of what I penned back in 2003 in "Weapons of Mass Delusion"..... most modern politicians DON'T want an educated populace, since they might start asking questions instead of accepting what's offered to them by others as fact/truth.........rf) Hey, Young Americans, Here's a Text for You By Naomi Wolf Sunday, November 25, 2007; B04 http://www.washingtonpost.com/wp-dyn/content/article/2007/11/23/AR2007112301 302_pf.html Is America still America if millions of us no longer know how democracy works? When I speak on college campuses, I find that students are either baffled by democracy's workings or that they don't see any point in engaging in the democratic process. Sometimes both. Not long ago, I gave a talk at a major university in the Midwest. "They're going to raze our meadows and put in a shopping mall!" a young woman in the audience wailed. "And there's nothing we can do!" she said, to the nods of young and old alike. I stared at her in amazement and asked how old she was. When she said 26, I suggested that she run for city council. Then she stared at me-- with complete incomprehension. It took me a long time to convince her and her peers in the audience that what I'd suggested was possible, even if she didn't have money, a major media outlet of her own or a political "machine" behind her. This lack of understanding about how democracy works is disturbing enough. But at a time when our system of government is under assault from an administration that ignores traditional checks and balances, engages in illegal wiretapping and writes secret laws on torture, it means that we're facing an unprecedented crisis. As the Founders knew, if citizens are ignorant of or complacent about the proper workings of a republic "of laws not of men," then any leader of any party -- or any tyrannical Congress or even a tyrannical majority -- can abuse the power they hold. But at this moment of threat to the system the Framers set in place, a third of young Americans don't really understand what they were up to. According to a recent study by the National Center for Education Statistics, only 47 percent of high school seniors have mastered a minimum level of U.S. history and civics, while only 14 percent performed at or above the "proficient" level. Middle schoolers in many states are no longer required to take classes in civics or government. Only 29 states require high school students to take a government or civics course, leaving millions of young Americans in the dark about why democracy matters. A survey released by the Intercollegiate Studies Institute in September found that U.S. high school students missed almost half the questions on a civic literacy test. Only 45.9 percent of those surveyed knew that the sentence "We hold these truths to be self-evident, that all men are created equal" is in the Declaration of Independence. Yet these same students can probably name the winner of "American Idol" in a heartbeat. The study also found that the more students increase their civic knowledge during college, the more likely they are to vote and engage in other civic activities. And vice versa -- civic illiteracy equals civic inaction. Here are some actual quotes from otherwise smart, well-meaning young Americans: "I show my true convictions by refusing to vote." "The two parties are exactly the same." "Congress is bought and paid for." "Elections are just a front for corporations." "My teacher says you shouldn't believe anything you read in the newspapers at all," a 16-year-old from affluent Menlo Park, Calif., told me last week. Even those who are politically engaged don't have much faith in our system's potential. "I was taught that it's set up for the elites and for old white men and that there's not much you can do about it," said Christopher Le, 28, who works at a suicide hotline in Austin. Le's mother was a "boat person" who fled Vietnam with her 4-month-old son so that he could be raised in freedom. But few Americans in the under-30 set have her kind of faith in the United States. As Le put it, "No one taught us that democracy was this shining, inspiring thing." The United States has been blessed with more than 200 years of a strong democracy, so it's easy to yield to a comforting -- and lazy -- conviction that it's magically self-sustaining and doesn't need to be defended, an idea that would have horrified the Founders, who knew that our democracy would be a fragile thing. In recent years, the trend away from teaching democracy to young Americans has been at least partly a consequence of the trend of teaching to the standardized tests introduced by the Bush administration. Mandated by the federal No Child Left Behind Act, the tests assess chiefly math and reading comprehension. Basic civics and history have suffered. As a result, teenagers and young adults often have no clue why the United States is different from, say, Egypt or Russia; they have little idea what liberty is. Few young Americans understand that the Second Amendment keeps their homes safe from the kind of government intrusion that other citizens suffer around the world; few realize that "due process" means that they can't be locked up in a dungeon by the state and left to languish indefinitely. This dangerous ignorance is confirmed by the Knight Foundation, which has found an alarming decline in student support for the First Amendment. In a 2004 survey, more than a third of the student respondents thought that the First Amendment went too far in guaranteeing freedom of speech and of the press. By 2006, the number who held that view had swelled to half. In the absence of strong civics training and in the presence of a "war on terror" that insistently portrays freedom and checks and balances as threats to national security, the Constitution and the Bill of Rights have become controversial for today's young people. But this distressing situation isn't just George W. Bush's fault. Young Americans have also inherited some strains of thought from the left that have undermined their awareness of and respect for democracy. When New Left activists of the 1960s started the antiwar and free speech student movements, they didn't get their intellectual framework from Montesquieu or Thomas Paine: They looked to Marx, Lenin and Mao. It became fashionable to employ Marxist ways of thinking about social change: not "reform" but "dialectic"; not "citizen engagement" but "ideological correctness"; not working for change but "fighting the man." During the Vietnam War, the left further weakened itself by abandoning the notion of patriotism. Young antiwar leaders burned the flag instead of invoking the ideals of the republic it represents. By turning their backs on the idea of patriotism -- and even on the brave men who were fighting the unpopular war -- the left abandoned the field to the right to "brand" patriotism as it own, often in a way that means uncritical support for anything the executive branch decides to do. In the Reagan era, when the Iran-contra scandal showed a disregard for the rule of law, college students were preoccupied with the fashionable theories of post-structuralism and deconstructionism, critical language and psychoanalytic theories developed by French philosophers Jacques Lacan and Jacques Derrida that were often applied to the political world, with disastrous consequences. These theories were often presented to students as an argument that the state -- even in the United States -- is only a network of power structures. This also helped confine to the attic of unfashionable ideas the notion that the state could be a platform for freedom; so much for the fusty old Rights of Man. In the 1990s and the early years of this century, theories that globalization is the ultimate evil found their ascendancy on college campuses. Young people, informed by movements against sweatshops and the World Trade Organization, have come to see democracy as a mere cosmetic gloss on the rapacious monolith of global capitalism. All of these legacies have left the young feeling depressed, cynical and powerless. And yet our democracy needs them more than ever now. Young people are always in the vanguard of any movement to sustain or advance liberty. Students led the charge for freedom in Prague and Mexico City in 1968, in Chile in 1973, in Beijing and throughout Eastern Europe in 1989. Young people helped lead the way in the U.S. civil rights movement, white college students joining with African Americans to sign up voters in the Freedom Summer of 1964. The feminist movement was revived after half a century of dormancy by a cadre of young, idealistic and politically savvy women. Same for the antiwar movement: Abbie Hoffman, Rennie Davis and Tom Hayden of the Chicago Seven were ages 17 to 22 when they were charged with conspiracy and inciting to riot while protesting at the 1968 Democratic National Convention in Chicago. When I ask young people today whether they've been taught that immense positive changes have come about because small groups of people engaged in democratic practices, many look at me with puzzlement. They need a crash course in democracy -- and a crash course in how easy it is to close down an open society if steps are taken such as those we see our government taking now. Earlier this year, I helped co-found the American Freedom Campaign to call for a national democracy movement to restore the rule of law. In response, some citizens called a national strike this month on behalf of the Constitution. It was a shaky beginning -- people showed up with their flags and their petitions, but the groups were sparse and shy and out of practice. In New York's Union Square, the sound system failed to carry one new young freedom activist's reading of the Bill of Rights very far. And yet it didn't matter. "For the first time in a long time," said Barbara Martinez as the wind whipped her scarf, "I feel hopeful." mbaldwin at chelseagreen.com Naomi Wolf is the author of "The End of America: A Letter of Warning to a Young Patriot." From rforno at infowarrior.org Sun Nov 25 21:30:37 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Nov 2007 16:30:37 -0500 Subject: [Infowarrior] - Facebook Users Complain of New Tracking Message-ID: Facebook Users Complain of New Tracking By ANICK JESDANUN and RACHEL METZ ? 4 days ago http://ap.google.com/article/ALeqM5jktmzai0_n_sMBgH_jfy6QXNS_6gD8T299HG0 NEW YORK (AP) ? Some users of the online hangout Facebook are complaining that its two-week-old marketing program is publicizing their purchases for friends to see. Those users say they never noticed a small box that appears on a corner of their Web browsers following transactions at Fandango, Overstock and other online retailers. The box alerts users that information is about to be shared with Facebook unless they click on "No Thanks." It disappears after about 20 seconds, after which consent is assumed. Users are given a second notice the next time they log on to Facebook, but they can easily miss it if they quickly click away to visit a friend's page or check e-mail. "People should be given much more of a notice, much more of an alert," said Matthew Helfgott, 20, a college student who discovered his girlfriend just bought him black leather gloves from Overstock for Hanukkah. "She said she had no idea (information would be shared). She said it invaded her privacy." The girlfriend was declining interviews, Helfgott said. An Overstock.com Inc. spokesman said no one was immediately available for comment Wednesday. Facebook has long prided itself on guarding its users' privacy, but the walls have gradually lowered. In 2006, a "news feeds" feature allowing users to track changes friends make to profiles backfired when many users denounced it as stalking and threatened protests. Facebook quickly apologized and agreed to let users turn off the feature. The new program lets companies tap ongoing conversations by alerting users about friends' activities through the feeds. About 40 Web sites have decided to embed a free tool from Facebook, known as a Beacon, to enable the marketing feeds. The idea is that if users see a friend buy or do something, they'd take that action as an endorsement for a movie, a band or a soft drink. But it also raises privacy concerns. Mike Mayer, for instance, saw a feed item saying his boyfriend, Adam Sofen, just bought tickets to "No Country For Old Man" from movie-ticket vendor Fandango. "What if I was seeing `Fred Claus'?" said Sofen, 28. "That would have been much more embarrassing. At least this was a prestigious movie." In some cases, companies can buy an ad next to the feed item with the friend's photo. Although Fandango didn't do that, Mayer, 28, still found Beacon unsettling. "If my identity is going to be used to promote something for someone else, that seems problematic," said Mayer, who was previously employed in online advertising. "It could be a misrepresentation of my purchases." Fandango officials referred inquiries to Facebook, which issued a statement defending its practices. Facebook officials have also said advertising supports the free service. "Beacon gives users an easy way to share relevant information from other sites with their friends on Facebook," the statement said. "Information is shared with a small selection of a user's trusted network of friends, not publicly on the Web or with all Facebook users. Users also are given multiple ways to choose not to share information from a participating site, both on that site and on Facebook." Users are able to decline sharing on a site-by-site basis, but can't withdraw from the program entirely. On Wednesday, Facebook launched a mechanism for users to indicate what types of news feeds they like and dislike. Individuals could possibly use that to lower the frequency of marketing items, though the company has said they won't be able to reject them completely. Liberal advocacy group MoveOn.org formed a protest group Tuesday and had more than 6,000 members by Wednesday. The group is calling on Facebook to stop revealing online purchases and letting companies use names for endorsements without "explicit permission." "We want Facebook to realize that their users are rightly concerned that private information is being made public," MoveOn spokesman Adam Green said, adding that Facebook could quell concerns by seeking "opt in" consent rather than leaving it to users to "opt out" by taking steps to decline sharing. Facebook user Nate Weiner, 23, said he uses a tool for the Firefox Web browser called BlockSite, which he says prevents sites from sending data to Facebook. "What if you bought a book on Amazon called 'Coping with AIDS' and that got published to every single one of your friends?" he said. From rforno at infowarrior.org Mon Nov 26 15:18:32 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Nov 2007 10:18:32 -0500 Subject: [Infowarrior] - The insanity of France's anti-file-sharing plan Message-ID: The insanity of France's anti-file-sharing plan: L'?tat, c'est IFPI By Eric Bangeman | Published: November 25, 2007 - 11:06PM CT http://arstechnica.com/news.ars/post/20071125-the-insanity-and-genius-of-fra nces-anti-file-sharing-plan.html It's hard to engage in file-sharing if you don't have any Internet access. That's the threat behind a new memorandum of understanding between the government, ISPs, and Big Content in France that would see repeat P2P infringers lose their Internet connections. In exchange, the French music industry would make its French-language archive freely available available sans DRM. In addition, DVDs would be on store shelves within six months of a film's theatrical release, instead of the current seven and a half months. The proposal is backed by French president Nicolas Sarkozy and arose from the findings of a independent review commission appointed by Sarkozy shortly after taking office. That commission was headed up by the chairman of French consumer electronics retailer FNAC, Denis Olivennes. Given his position, it's not surprising that Olivennes is no friend to ISPs and fans of P2P. He recently authored La gratuit?, c'est le vol: Quand le piratage tue la culture, in which he argued that P2P not only harmed retailers, as well as the music and film industries, but also directly impacted French culture by reducing the amount of tax income from movies and cable television. P2P users are killing French culture, he says. It should be no surprise, then, that the plan's trade-offs fall almost entirely in the favor of Big Content to the detriment of just about everyone else, including people who don't use P2P software. Like it or not, the total cost of Internet service will rise because French ISPs have signed on to the plan. They will now spend time and (tax) money enforcing copyright on their networks via expensive deep packet inspection (DPI) software that will monitor traffic on their networks and look for copyrighted content. Subscribers detected illicitly sharing or downloading copyrighted material will receive warnings, requiring additional administrative overhead. If the behavior continues, then Internet access would be guillotined. Most of this will be carried out by a government-funded independent authority overseen by a judge. The IFPI was effusive in its praise for the proposal. "This is the single most important initiative to help win the war on online piracy that we have seen so far," said IFPI CEO John Kennedy in a statement. "By requiring ISPs to play a role in the fight against piracy, President Sarkozy has set an example to others of how to ensure that the creative industries remain strong in difficult markets so that they can remain major economic and cultural contributors to society." French consumer advocates aren't as excited. UFC Que Choisir, which has attacked both Apple and the music industry over DRM restrictions in the past while applauding another law that calls for the end of DRM lock-ins, called the agreement "very tough, potentially destructive of freedom, antieconomic and against the tide of the digital age," in a statement seen by Reuters. The proposal looks to be an early Christmas present for the movie and music industries?and a major scrooging for French consumers. For the first time in either Europe or North America, Big Content will be able to offload the tiresome and expensive work of copyright enforcement to ISPs and the commission called for by the law. If the proposal is approved by the French parliament next year, proponents suggest it would go a long way towards slowing the torrent of P2P traffic to a trickle. Meanwhile, French Internet users will have all of their traffic subject to monitoring by ISPs to ensure that content is not being pirated; that's not good for privacy. And as is always the case with such technological measures, there's always the potential for legitimate content, including the increasing amount of legitimate P2P traffic, to be caught up in a copyright enforcement driftnet. Sure, consumers are thrown a few bones?DRM-free archives, faster DVD releases, and no more massive fines for copyright infringement?but the tradeoff is harsh since it comes with a giant government subsidy for Big Content's interests, paid for in lost privacy and an expensive oversight organization. From rforno at infowarrior.org Mon Nov 26 15:21:19 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Nov 2007 10:21:19 -0500 Subject: [Infowarrior] - DHS asks firefighters to "spy" in people's homes Message-ID: (c/o BoingBoing) The Department of Homeland Security is asking firefighters to snoop around in homes they're called to for emergencies. The DHS likes the idea because firefighters aren't bound by pesky warrants and probable cause and can therefore report on suspicious material like blueprints, anti-American literature, and potential bomb-making materials (e.g., the bedrooms of every friend I had, circa 1985). Firefighters are just the latest legion of potential snoops the DHS is leaning on -- they've also asked meter-readers to peer into our windows and sheds to find evidence of bad-guy-ery. This stuff doesn't work and won't work: amateur pecksniffs snitching on their neighbors just flood cops with bad intel, and turn the country into East Germany, a land where everyone is on alert lest they say the wrong thing and get turned in to the secret police Video: http://rawstory.com/rawreplay/?p=127 From rforno at infowarrior.org Tue Nov 27 02:42:11 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Nov 2007 21:42:11 -0500 Subject: [Infowarrior] - Montclair State Unveils Mandatory 'School Phone' Message-ID: Montclair State Unveils Mandatory 'School Phone' Students Must Carry And Pay For GPS-Based Cell Device http://wcbstv.com/technology/cell.phone.montclair.2.595976.html MONTCLAIR, N.J. (CBS) ? College students at Montclair State University are all talking about a new requirement that will require students to have a cell phone. CBS 2 HD has learned more on this required feature that is forcing students to dig into their wallets. At Montclair State, there is no excuse for being out of touch. "'School Phone' I use for campus e-mail, different things like that," freshman Angela Vuocolo said. That's right. First-year student Vuocolo said 'School Phone' -- as in a Sprint-operated cell phone -- is now mandatory for all students. It's the first program of its kind in the country. The cost: $420 a year for a base plan which is bundled into the tuition bill. It includes just 50 peak voice minutes a month, but unlimited text messaging to any carrier, unlimited campus-based data usage, and student activated emergency GPS tracking. "What it does is allow students to have an extra pair or group of people watching over them when they're going from one location to another," Montclair Police Department Chief Paul Cell said. The positive impact is already being felt across campus. "It makes me feel comfortable," MSU freshman Ricky Bodtmann said. "I guess if people want to feel safe." Added student Vanessa Adames: "It's very helpful. I have the train schedule on there. I can check my e-mail." There are various phone and call plan options, but the bottom line is you have to pick one. That could be a problem for someone with their own cell phone and their own monthly bill. "I don't see why they should be adding unnecessary fees to the students who have a hard time paying for college like I do," freshman Sury Lopez said. One mother agrees. "It's very expensive and quite honestly for the protection of the kids on campus the school should be giving that for free," Patty Carragh said. University officials say the school doesn't profit from the deal. "If you're mobile accessing the campus from anywhere with some device that's attached to your hip, the truth of the matter is, you're also avoiding a lot of costs," said Ed Chapel, Montclair State vice president of information technology. The program has another benefit -- students now have another way to call home and ask for money. This year Farleigh Dickinson University also began a mandatory cell phone program, but the school picked up the cost for all of its on-campus student residents. From rforno at infowarrior.org Tue Nov 27 13:23:25 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Nov 2007 08:23:25 -0500 Subject: [Infowarrior] - Google Plans To Offer Remote Data Storage Message-ID: (Talk about a data-mining and potentially-hellish privacy and confidentiality nightmare......count me out...rf) Google Plans To Offer Remote Data Storage http://www.247wallst.com/2007/11/google-goog-pla.html Google (GOOG) will offer PC users the chance to store data like word files and videos on its servers instead of individual computer hard drives. It is part of the company's remote computing system which allows people performing tasks on PCs to run those on the Google servers instead of taking up memory on the computer itself. Google Apps, the company's spreadsheet and word processing applications already take advantage of the system. The Google model is aimed at Microsoft (MSFT) Windows which runs its applications using the local computer memory and drives. Google sees no reason to eat up all of that power if its server farms can do the job. Aside from the normal concerns about storing private data outside the PC, the plan has another flaw. Most computer hard drives can store a lifetime of data and images, so it is not clear why the majority of PC users would even want to store material remotely. There may be the odd geek who has a billion terabytes of information, but that is probably less than 1% of the PC-owning population. The Google storage plan is a good idea without a logical customer base. Douglas A. McIntyre From rforno at infowarrior.org Tue Nov 27 23:23:17 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Nov 2007 18:23:17 -0500 Subject: [Infowarrior] - Feds Cancel Amazon Customer ID Request Message-ID: Feds Cancel Amazon Customer ID Request Email this Story Nov 27, 3:58 PM (ET) http://apnews.myway.com/article/20071127/D8T68B4O1.html By RYAN J. FOLEY MADISON, Wis. (AP) - Federal prosecutors have withdrawn a subpoena seeking the identities of thousands of people who bought used books through online retailer Amazon.com Inc. (AMZN), newly unsealed court records show. The withdrawal came after a judge ruled the customers have a First Amendment right to keep their reading habits from the government. "The (subpoena's) chilling effect on expressive e-commerce would frost keyboards across America," U.S. Magistrate Judge Stephen Crocker wrote in a June ruling. "Well-founded or not, rumors of an Orwellian federal criminal investigation into the reading habits of Amazon's customers could frighten countless potential customers into canceling planned online book purchases," the judge wrote in a ruling he unsealed last week. Seattle-based Amazon said in court documents it hopes Crocker's decision will make it more difficult for prosecutors to obtain records involving book purchases. Assistant U.S. Attorney John Vaudreuil said Tuesday he doubted the ruling would hamper legitimate investigations. Crocker - who unsealed documents detailing the showdown against prosecutors' wishes - said he believed prosecutors were seeking the information for a legitimate purpose. But he said First Amendment concerns were justified and outweighed the subpoena's law enforcement purpose. "The subpoena is troubling because it permits the government to peek into the reading habits of specific individuals without their knowledge or permission," Crocker wrote. "It is an unsettling and un-American scenario to envision federal agents nosing through the reading lists of law-abiding citizens while hunting for evidence against somebody else." Federal prosecutors issued the subpoena last year as part of a grand jury investigation into a former Madison official who was a prolific seller of used books on Amazon.com. They were looking for buyers who could be witnesses in the case. The official, Robert D'Angelo, was indicted last month on fraud, money laundering and tax evasion charges. Prosecutors said he ran a used book business out of his city office and did not report the income. He has pleaded not guilty. D'Angelo sold books through the Amazon Marketplace feature, and buyers paid Amazon, which took a commission. "We didn't care about the content of what anybody read. We just wanted to know what these business transactions were," prosecutor Vaudreuil said Tuesday. "These were simply business records we were seeking to prove the case of fraud and tax crimes against Mr. D'Angelo." The initial subpoena sought records of 24,000 transactions dating back to 1999. The company turned over many records but refused to identify the book buyers, citing their First Amendment right to keep their reading choices private. Prosecutors later narrowed the subpoena, asking the company to identify a sample of 120 customers. Assistant U.S. Attorney Daniel Graber dismissed First Amendment concerns in an April letter to the company. He said D'Angelo - not Amazon - was the seller and prosecutors needed proof he sold books online. Crocker brokered a compromise in which the company would send a letter to the 24,000 customers describing the investigation and asking them to voluntarily contact prosecutors if they were interested in testifying. Prosecutors said they obtained the customer information they needed from one of D'Angelo's computers they seized early in the investigation. Vaudreuil said computer analysts initially failed to recover the information. Still, Crocker scolded prosecutors in July for not looking for alternatives earlier. "If the government had been more diligent in looking for workarounds instead of baring its teeth when Amazon balked, it's probable that this entire First Amendment showdown could have been avoided," he wrote. The company asked Crocker to unseal the records after D'Angelo was indicted last month. Crocker granted the request over the objections of federal prosecutors, who wanted them kept secret. "Shining some sunlight on the instant dispute reassures the public that someone is watching the watchers, and that this district's federal prosecutors are part of the solution, not part of the problem," he wrote. From rforno at infowarrior.org Wed Nov 28 03:48:06 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Nov 2007 22:48:06 -0500 Subject: [Infowarrior] - Court denies new hearing in fantasy baseball suit Message-ID: Court denies new hearing in fantasy baseball suit ASSOCIATED PRESS 11/26/2007 http://www.stltoday.com/stltoday/news/stories.nsf/laworder/story/EE117B029A4 9D7508625739F007F875A?OpenDocument ST. LOUIS (AP) -- A federal appeals court denied a motion Monday to rehear the Major League Baseball Players Association's case against a fantasy baseball company that uses players' names and statistics without paying a licensing fee. The motion was filed after a panel of three judges at the 8th U.S. Circuit Court of Appeals ruled last month that CBC Distribution and Marketing Inc. doesn't have to pay the players, even though it profits by using their names and statistics. The motion was denied without explanation. The MLBPA can still appeal the case to the U.S. Supreme Court. MLBPA attorney Virginia Seitz didn't return a message seeking comment Monday evening. The MLBPA had argued that players should be paid when their names are used for fantasy baseball leagues, in the same way players are paid when their names are used to endorse products. But the court found that fantasy leagues' broad use of statistics isn't the same as faking an endorsement from a player and not paying him. Big media companies like Yahoo, ESPN and CBS operate online fantasy leagues. Fantasy league participants create fake teams comprised of real MLB players. Over the course of a season, fantasy league participants track statistics to judge how well the players on their team are performing. From rforno at infowarrior.org Wed Nov 28 04:05:35 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Nov 2007 23:05:35 -0500 Subject: [Infowarrior] - France Announces Massive Internet Surveillance by ISPs Message-ID: November 26, 2007 France Announces Massive Internet Surveillance by ISPs http://lauren.vortex.com/archive/000331.html Greetings. In a breathtaking act of arrogance reminiscent of the heyday of Louis XVI (and likely to trigger similar public reactions among many Internet users, though perhaps unfortunately absent the "equalizing" influence of la guillotine), the French government and its overseers (the entertainment industry), along with a cowering collection of gutless ISPs, have announced an agreement for ISPs to become the Internet Police Force in France. Under the agreement (see below for links) ISPs will monitor users for presumed illegal activities (read that as "file sharing") and send reports on the accused to what amounts to an anti-piracy board. This board could then mete out punishments as it sees fit, including (attempted) banishment from the Internet (via what amounts to a national blacklist). To streamline the process, the entire procedure, as I understand it right now, would operate -- at least initially -- on an extrajudicial basis, without the messy intervention of courts, judges, trials, or other post-Magna Carta niceties that might help to assure that only the truly guilty are punished. Proponents are arguing that this approach will avoid overly severe judicial judgments, but in reality it's clearly an attempt to avoid fixing broken laws, while kowtowing to entertainment industry demands. The utter idiocy and recklessness of this approach is pretty much beyond description. It is ripe for privacy abuses on a grand scale, mistaken identities, false "convictions," and a long list of other associated problems. On the positive side though, the plan is likely to speed widespread adoption of encryption, as even routine Internet communications move to secure and in some cases cloaked channels to avoid these kinds of repressive enforcement regimes. It's one thing to use the conventional legal system to enforce legitimate intellectual property rights, but it's something wholly different to deputize ISPs into Network Monitors, feeding data to what apparently could easily become a Star Chamber operating outside the normal bounds of the conventional legal system. From rforno at infowarrior.org Wed Nov 28 13:55:34 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Nov 2007 08:55:34 -0500 Subject: [Infowarrior] - OT: Today's Security Comic Message-ID: Sorry, I couldn't resist sending such a thing out at *some* time during the year. http://xkcd.com/350/ Been there, done that. :) -rick From rforno at infowarrior.org Thu Nov 29 15:23:20 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Nov 2007 10:23:20 -0500 Subject: [Infowarrior] - FUD Alert: Video Games = Huge Public Safety Threat Message-ID: (here we go again.......rf) New Report Claims Violent Video Games A Huge Public Safety Threat... But Fails To Actually Provide Evidence http://techdirt.com/articles/20071128/182630.shtml Some psychologists are getting a bunch of press today for putting out a report claiming that violent video games and TV are the greatest threat to public safety, short of cigarettes. Of course, we've been seeing claims about the threats of violent video games for years, but every time you dig into the research, you find that what the research actually found isn't at all what's being claimed. Most of the research claiming that violent video games leads to more violence has been dismantled as it usually shows that while people are playing a violent video game, they're likely to be more aggressive and emotional -- but that makes sense. You are aggressive and emotional because you're tied up in the game and you're channeling that aggression and emotion towards the game. What none of the studies seem to show is that this aggression and emotion then carry over into violent acts after the game is done. Some studies suggest people become desensitized to seeing more violence -- but again, that doesn't mean they go out and commit violent acts. In fact, as we've noted repeatedly, as violent video games have become increasingly popular, we've actually seen violent acts dropping. That, alone, isn't enough to say there's no impact, but it certainly raises questions about anyone claiming that violent video games are a threat to society. So is this new research that has finally found a link? Unfortunately, not at all. This is simply a psychologist who has published some of the dismantled research above claiming that he's "reviewed" all of the research on the topic (apparently, much of which is his own research) and declared that the sum of all that research means violent video media are the number two threat to public safety. That's pretty hard to take seriously. Basically, he's cherry picking research, much of which has already been shown not to say what he thinks it says, and then jumping to a conclusion that doesn't appear to be supported by the research. But, of course, it generates plenty of headlines. From rforno at infowarrior.org Thu Nov 29 15:24:46 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Nov 2007 10:24:46 -0500 Subject: [Infowarrior] - Congress examines Net as 'terror tool' Message-ID: http://arstechnica.com/news.ars/post/20071128-congress-to-examine-the-intern et-as-a-tool-for-homegrown-terrorism.html Congress to examine "the Internet" as a tool for homegrown terrorism By Jacqui Cheng | Published: November 28, 2007 - 10:03PM CT The House of Representatives last month passed a bill known as the Violent Radicalization and Homegrown Terrorism Prevention Act of 2007, which asks the National Commission on the Prevention of Violent Radicalization and Homegrown Terrorism to develop tools to monitor and combat "homegrown terrorism" along with the promotion of ideologically-based violence within the US. In particular, the bill cites the Internet as a tool used to facilitate "violent radicalization." Despite some of the alarmist coverage of the bill, however, there is only one mention of the 'Net. The bill was introduced earlier this year by Rep. Jane Harman (D-CA), and it passed by a 404 to 6 margin. It's off to the Senate now, where it may still stagnate and disappear. Given its heavy support in the House and focus on a hot-button issue, though, we can expect that members of the Senate will at least consider what is being proposed in the name of fighting terrorism. Here's the section of the bill that has some observers up in arms: The Internet has aided in facilitating violent radicalization, ideologically based violence, and the homegrown terrorism process in the United States by providing access to broad and constant streams of terrorist-related propaganda to United States citizens. The section quoted above is, in fact, the only specific mention of the Internet in the bill. The remainder of the "findings" only vaguely address a need to understand, prevent, and combat homegrown terrorism in the US?all of which are noble goals?with the Internet being the only tool singled out. The bill also calls on the DHS to establish a grant program to prevent radicalization, create university-based centers of excellence for the "Study of Radicalization and Homegrown Terrorism" in the US, and study the methodologies used by other countries to prevent radicalization and homegrown terrorism. It's no secret that terrorists use the Internet to aid communications?it is, after all, extremely quick and mostly anonymous. Indeed, the head of US Homeland Security, Michael Chertoff, warned us last year that terrorists can "train themselves over the Internet" without ever having to set foot in a training camp. The 'Net can be used to spread propaganda, engage in psychological warfare, recruit, network, and coordinate attacks. But so can plenty of other communications tools. Cracking down on 'Net propaganda can be difficult, too, because of the cross-border nature of the Internet, but that hasn't stopped the EU from trying to ban the distribution of bomb-making instructions online. Should this law pass, it is possible that such restrictions would be proposed for the US, but any proposals would still have to pass a Congressional vote and judicial review. The bigger bone of contention is that the law will simply fund paranoia towards dissidents and could even set off another wave of McCarthy-style hysteria over "terrorists" in the US. Because the bill leaves all definitions up to the committee, critics like Philip Giraldi worry that it will be used to target just about everyone who dislikes some aspect of government policy. Writing for the left-leaning Huffington Post, Giraldi argues that the act "could easily be abused to define any group that is pressuring the political system as 'terrorist,' ranging from polygamists, to second amendment rights supporters, anti-abortion protesters, anti-tax agitators, immigration activists, and peace demonstrators. In reality, of course, it will be primarily directed against Muslims and Muslim organizations." Similar claims are made in a lengthy piece at The Indypendent, and a follow-up piece on blogosphere reaction shows just how hyped-up the rhetoric here has become ("Stop S. 1959 or lose Internet free speech," one poster wrote). Such rhetoric seems more than a bit over the top, since the commission doesn't have the power to make laws or to rewrite the Constitution. Still, if the issue concerns you, now would be an excellent time to contact your senator. From rforno at infowarrior.org Thu Nov 29 15:25:38 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Nov 2007 10:25:38 -0500 Subject: [Infowarrior] - Judge tells US administration to release telco snooping records Message-ID: Judge tells US administration to release telco snooping records Follow the wonga By John Oram: Thursday, 29 November 2007, 12:23 PM http://www.theinquirer.net/gb/inquirer/news/2007/11/29/f-judge-tells-adminis tration A BEWIGGED lady judge told the U.S. Government to release all records of telephone industry lobbying contacts by December 10. The date is in time for a congressional debate on President Bush's push to protect largest telephone firms from suits over "secret 'Big Brother' snooping?. U.S. District Judge Susan Illston granted an injunction sought by the Electronic Frontier Foundation, which represents customers in a lawsuit against AT&T. The suit accuses the company of illegally giving a federal agency unlimited access to phone calls, e-mails and customer databases for the government's program of monitoring communications between Americans and suspected foreign terrorists. EFF's suit is also supported by the claims of whistleblower, Mark Klein, a former technician for AT&T. Klein testified before Congress earlier this month and said there are 15 to 20 rooms with dozens of people taking data directly from a splitter on the fibre. He says the White House has portrayed this as a narrow problem. When actually EVERYTHING on the Internet is being looked at by the National Security Agency. Klein is obviously opposed to changing the law to grant retroactive immunity to telecommunications companies that would protect them from such court challenges. In August of this year, EFF filed a Freedom of Information Act requesting records of recent communications on the immunity issue between the office of National Intelligence Director Michael McConnell, telecommunications companies, and members of Congress. McConnell's office has not provided any records and has told the foundation its review should be finished by December 31, which is after lawmakers are scheduled to vote on the immunity issue. Madam Illston says sooner is better than later. Her ruling showed she agreed "the administration is dragging its feet in making relevant information available," said David Sobel, a lawyer with the Electronic Frontier Foundation. The EFF suit against AT&T is just one of about two dozen suits against telecommunications companies over the wiretapping program. All those cases have been consolidated in San Francisco's Federal Appeals Court. ? From rforno at infowarrior.org Thu Nov 29 15:35:30 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Nov 2007 10:35:30 -0500 Subject: [Infowarrior] - Domestic Spying, Inc. Message-ID: Domestic Spying, Inc. by Tim Shorrock , Special to CorpWatch November 27th, 2007 A new intelligence institution to be inaugurated soon by the Bush administration will allow government spying agencies to conduct broad surveillance and reconnaissance inside the United States for the first time. Under a proposal being reviewed by Congress, a National Applications Office (NAO) will be established to coordinate how the Department of Homeland Security (DHS) and domestic law enforcement and rescue agencies use imagery and communications intelligence picked up by U.S. spy satellites. If the plan goes forward, the NAO will create the legal mechanism for an unprecedented degree of domestic intelligence gathering that would make the U.S. one of the world's most closely monitored nations. Until now, domestic use of electronic intelligence from spy satellites was limited to scientific agencies with no responsibility for national security or law enforcement. The intelligence-sharing system to be managed by the NAO will rely heavily on private contractors including Boeing, BAE Systems, L-3 Communications and Science Applications International Corporation (SAIC). These companies already provide technology and personnel to U.S. agencies involved in foreign intelligence, and the NAO greatly expands their markets. Indeed, at an intelligence conference in San Antonio, Texas, last month, the titans of the industry were actively lobbying intelligence officials to buy products specifically designed for domestic surveillance. The NAO was created under a plan tentatively approved in May 2007 by Director of National Intelligence Michael McConnell. Specifically, the NAO will oversee how classified information collected by the National Security Agency (NSA), the National Geospatial-Intelligence Agency (NGA) and other key agencies is used within the U.S. during natural disasters, terrorist attacks and other events affecting national security. The most critical intelligence will be supplied by the NSA and the NGA, which are often referred to by U.S. officials as the ?eyes? and ?ears? of the intelligence community. < - BIG SNIP - > http://www.corpwatch.org/article.php?id=14821 From rforno at infowarrior.org Thu Nov 29 15:37:18 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Nov 2007 10:37:18 -0500 Subject: [Infowarrior] - EFF Report on Comcast network blocking of BitTorrent Message-ID: A pair of new Electronic Frontier Foundation reports prove that Comcast is degrading and interfering with BitTorrent, and shows how you can use free software to test your own ISP to see if it is doing the same: In addition to providing evidence of network interference, the EFF study also explains how Comcast's selective degradation of BitTorrent traffic undermines future Internet innovation. "The Internet has enabled a cascade of innovations precisely because any programmer--whether employed by a huge corporation, a startup, or tinkering at home for fun--has been able to create new protocols and applications that operate over TCP/IP, without having to obtain permission from anyone," the EFF wrote. "Comcast's recent moves threaten to create a situation in which innovators may need to obtain permission and assistance from an ISP in order to guarantee that their protocols will operate correctly. By arbitrarily using RST packets in a manner at odds with TCP/IP standards, Comcast threatens to Balkanize the open standards that are the foundation of the Internet." The EFF also published a second report (PDF), which provides detailed technical instructions explaining how to use Wireshark to reproduce their study and test for ISP packet injection. < - > http://www.boingboing.net/2007/11/28/eff-proves-comcast-i.html From rforno at infowarrior.org Thu Nov 29 17:45:37 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Nov 2007 12:45:37 -0500 Subject: [Infowarrior] - Report: China targeting all 'enemy space vehicles' including GPS satellites Message-ID: Report: China targeting all 'enemy space vehicles' including GPS satellites http://www.worldtribune.com/worldtribune/WTARC/2007/ea_china_11_29.asp China?s anti-satellite and space warfare program includes plans to destroy or incapacitate 'every enemy space vehicle' that passes over China. The annual report of the U.S.-China Economic and Security Review Commission, released last week, listed among Beijing's goals that of ensuring that Chinese space weapons are ?conducted covertly so China can maintain a positive international image.? China has called for a ban on space weapons at the United Nations. The report said that China also is developing civilian technology that can be applied to military space programs and is acquiring the ?ability to destroy or temporarily incapacitate every enemy space vehicle when it is located above China,? the report said. The Chinese also plan to attack U.S. global positioning system (GPS) satellites through various means, including anti-satellite weapons, high-energy weapons, high-energy weather monitoring rockets and ground attacks on earth-based stations. One section of the report, based on public and classified briefings, concluded there was a need for more information about Chinese activities and intentions. Research from nearly 100 Chinese sources identified 30 proposals and recommendations by Chinese military leaders ?regarding the development of space and counter-space weapons and programs.? The military is also developing stealth satellites and a space program that will ?provide key support for Chinese combat forces.? ?Some of these proposals appear to have been implemented already, as evidenced by January?s kinetic anti-satellite test and earlier laser incidents involving American satellites,? the report said. From rforno at infowarrior.org Thu Nov 29 17:46:45 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Nov 2007 12:46:45 -0500 Subject: [Infowarrior] - TSA plan to gather more data protested Message-ID: http://www.usatoday.com/travel/flights/2007-11-29-secure-flights_N.htm TSA plan to gather more data protested By Thomas Frank, USA TODAY WASHINGTON ? A government proposal to start collecting birth dates and genders of people reserving airline flights is drawing protests from major airlines and travel agencies that say it would be invasive, confusing and "useless." The Transportation Security Administration (TSA) wants passengers to give the additional personal information ? as well as their full names ? so it can do more precise background checks that it says will result in fewer travelers being mistaken for terrorists. Travelers currently must provide only a last name and a first initial. BLOG: Vote on the new TSA proposal at OnDeadline Airlines say passengers will resist providing more details and that the process will be time-consuming. Asking a passenger's birth date and gender "would create a new level of complication for completing air reservations," United Airlines recently wrote to the TSA. "Seeking useless data carries an unacceptably high price tag." The Air Transport Association, a trade group of major U.S. airlines, the American Society of Travel Agents and Continental and Virgin airlines also opposed, in writing, the TSA asking for travelers' birth dates and genders. Opposition is not as strong for soliciting full names. TSA is seeking more personal information as part of a long-delayed plan to improve preflight background checks of the 700 million people who fly commercially each year in the USA. The plan centers on transferring the task of checking passenger backgrounds from airlines to the TSA. The transfer is required by a law enacted in 2004 and was urged by the 9/11 Commission that year. The commission said the TSA can do a better job because it can check passengers against the complete government terrorist watch lists instead of partial lists used by airlines. The TSA expects to take over background checks next year, though many airlines said the agency's plans don't give them enough time to change their reservation systems and enable the switch. Under a TSA proposal published in August, airlines and travel agents would be required to ask people reserving flights for their birth date, gender and full name. Travelers, however, would not be required to give the new information. People who don't comply could be more easily mistaken for a terrorist and "may be more likely to experience delays, be subjected to additional screening (or) be denied transport," the TSA wrote. The TSA proposal received support in recent comments from the Air Line Pilots Association and the Air Carrier Association of America, which represents low-cost airlines such as AirTran and Frontier. Getting the extra personal information "will result in fewer holdups at the check-in counters and will allow airlines greater ease in processing passengers," the carrier association wrote. From rforno at infowarrior.org Thu Nov 29 19:52:01 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Nov 2007 14:52:01 -0500 Subject: [Infowarrior] - EMI to Slash RIAA Funding, Putting RIAA on Deathwatch Message-ID: EMI to Slash RIAA Funding, Putting RIAA on Deathwatch http://tinyurl.com/ypywwa Say goodbye to the RIAA, for its days are numbered. EMI, one of the "big four" record labels that feeds $132.3 million every year to trade groups such as the RIAA and IFPI, has decided that its money could be better spent elsewhere. It's reportedly considering cutting its funding towards the trade groups significantly, which would make it a lot harder for the RIAA to sue people, invade people's privacy and generally be huge dicks. EMI is a business just like any other company, and its new owners must have realized that spending $132 million a year to alienate their customers was providing them with a really poor return on investment. I mean, it's just not good business sense. Will any of the other major labels follow suit? Time will tell, but if they do you can pretty much wave goodbye to the era of the RIAA having influence. A bittersweet victory it would be, as I'd need to find something else to bitch and moan about every day, but it'd be worth it in the end. From rforno at infowarrior.org Fri Nov 30 11:27:47 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Nov 2007 06:27:47 -0500 Subject: [Infowarrior] - Fight looms between NFL and Big Cable Message-ID: (of course, the bit about how Comcast owns and offers the Golf Channel to all customers speaks volumes.....I don't want Golf, I want Football, but to Comcrap, if THEY own the channel, they don't care what you want. Same old monopolistic cable company crapola.......rf) http://tinyurl.com/yqcbnc Fight looms between NFL and Big Cable By: Barry Horn Posted: 11/30/07 DALLAS - The NFL knew it had something special when its scheduling formula spit out a Packers-Cowboys matchup this season. While the league could never have anticipated they would rank as the top teams in the NFC, it did know the value of tradition and could document each team's enormous drawing power on national television. So when the schedule maker divvied up 2007 games among the league's television partners, it decided the Packers-Cowboys would not go to Fox, the network of the NFC, or the prime-time packages on NBC or ESPN, a trio which anted up $2.41 billion in rights fees this season. Instead, the NFL looked in the mirror and delivered the game to its own fledgling NFL Network, which will deliver the game to only one-third of the country. It's part of the league's plan to help transform an ugly duckling into a cash cow. "It's no accident we have Green Bay-Dallas," Jerry Jones, the recently appointed chairman of NFL Network, confirmed in an interview last week. "And it's no accident that there are two Dallas Cowboys appearances in the network's eight games," added Jones, who doubles as the proud Cowboys owner. The NFL hoped the promise of a Packers-Cowboys extravaganza in its second season of broadcasting games would ignite a run of viewers demanding their cable carriers offer the network. But a funny thing has happened to the most irresistible force in the sports universe. The NFL has run into an immovable object: big cable carriers. Time Warner, Dallas' cable provider with more than 2.3 million subscribers across Texas, and Comcast, the nation's largest cable provider, have proven to be All-Pro run stoppers. Along with the likes of fellow cable giants, Cablevision and Charter, they have refused to yield to the league's demands to carry NFL Network on their basic digital tiers. Comcast does offer the network but on a sports tier, a cable no-man's land. When the Packers (10-1) visit the Cowboys (10-1) at Texas Stadium on Thursday night, the game will be available in only 35 million homes across the country. Most are satellite subscribers. Throw in the home markets of Dallas-Fort Worth as well as Milwaukee and Green Bay, the only ones able to watch the game on local over-the-air TV stations, and that ups the total to about 38.7 million homes. Put another way: the game will not be available in about 74.1 million of the country's 112.8 million homes with televisions. With few exceptions, those 112.8 million homes would have had access to the game on Fox or NBC. Almost 97 million could have seen it on ESPN. Cable homes in Cowboys-crazed markets across Texas such as San Antonio, Waco and Austin will be shutout. Same for Packers fans in Wisconsin who live outside Green Bay and Milwaukee. Finger pointing Not surprisingly, the big cable companies blame the NFL for the eclipse while the NFL points its finger at Big Cable. In a battle where billions of dollars ultimately may be at stake, each has launched a public relations campaign claiming it alone is acting altruistically for the public good. In a conference call with reporters last week, NFL commissioner Roger Goodell relentlessly repeated the NFL mantra. He knows fans may be angry they will miss NFL Networks' eight-game schedule, which began Thanksgiving night and ends with what may be the New England Patriots' quest for a perfect 16-0 season. But, he maintained, the NFL Network was created simply as a vehicle to bring "more football to fans." Blame the cable carriers for not allowing it, he said. Big Cable says the NFL Network is asking it for 70 cents a month for each cable home. That cost would have to be passed on to all subscribers, including non-NFL fans. Big Cable says year-round NFL Network programming other than the eight games is pedestrian with little value to its customers. "We will protect our customers from having to pay for a network that we don't think all of them would necessarily want to view," said David Cohen, executive vice president of Comcast. Left unsaid is that Comcast charges its customers, albeit lower rates, for sports channels likeVersus and Golf Channel it distributes on the basic digital tier the NFL seeks to be placed. Comcast owns both channels. Jerry's message Since becoming NFL Network chairman soon after the start of the season, Jerry Jones has become a televangelist preacher of sorts. His demons are the cable companies. Jones has traveled the country imploring NFL fans to drop their NFL Network-less cable and embrace satellite or the telecoms such as Verizon, which offer the network. At every opportunity, he points out that 240 smaller cable companies, with a combined 8 million subscribers, are carrying the network and have not passed on increases. He's lobbied state legislators and the Federal Communications Commission on the evils of Big Cable monopolies. Jones, the league's master marketer, didn't volunteer for the duty. He was drafted by his fellow owners. "I welcomed it," Jones said. "I certainly believe what we are going to accomplish with NFL Network." Big Cable maintains that its refusal to carry NFL Network has had minimal effect. There has been no mass exodus to satellite or the telecoms. "This is a very competitive market, and we are sensitive to our customers' needs," said Ron McMillan, Time Warner vice president of governmental affairs in Texas. "We're not hearing from our customers about this." NFL options The NFL had options when it decided to implement a new eight-game, late-season, prime-time package. It could sell the rights to the games to a network as its does its Sunday and Monday night offerings, or it could keep the rights in-house and use the games to help grow the 4-year-old NFL Network. Comcast bid $400 million a year to carry the package that would help build the identity of it's Versus network. The NFL decided to network build, leaving Versus with NHL games as its major attraction. To recoup the lost rights money, the NFL needed to charge cable providers a fee, The league determined the tony 70 cents per customer per month cost for distribution on the popular basic digital tier. If the NFL could sell its network to cable companies across the country, including Comcast and Time Warner's 38 million subscribers, the rate would generate more than $300 million in subscription fees annually. That would be before a single second of commercial time was sold. Satellite providers DirecTV and Dish Network, telecables and small cable made their deals with NFL Network. Big Cable balked. Instead, it offered to put the NFL Network on their sports tiers, home of the likes of NBA TV and NHL Network. For whatever reason - lack of marketing, lack of public interest, high cost, low value - sports tiers have not captured nearly the market share that has basic digital. Bottom line: There's not nearly as much money to be made. Interestingly, when Major League Baseball launches its cable TV network in 2009, it will be on the digital basic tier that football seeks. Coincidentally, baseball has sold equity interests in its network to big cable carriers. The NFL adamantly claims it has no interest in such an arrangement. Also, baseball also offers its out-of-market "Extra Innings" package to cable and satellite. Much to cable's displeasure, the NFL's similarly conceived "Sunday Ticket" package is the exclusive property of satellite's DirecTV. The NFL and Big Cable offer different versions of how that happened. During his conference call, NFL commissioner Goodell reiterated several times that no resolution to the conflict appears imminent even if the FCC, as is expected, does takes the issue under consideration and state legislators continue to press for a solution. "We are trying to reach a compromise," Goodell repeated several times. Never considered for compromise was flexing the Packers-Cowboys and season-ending Patriots-Giants to network television. They will remain casualties of the business. It is difficult to imagine that the dispute will not be settled before the NFL's network TV contracts begin to expire after the 2010 (DirecTV) and 2011 (Fox, NBC, CBS) seasons. But what if the conflict lingers? "We anticipate broadening the number of games on NFL Network," said Jones, willing to give the cable carriers what they say they need - more solid programming. "The cable companies are screwing with our fans, if you will. And we've got to stop it." ? Copyright 2007 The Triangle From rforno at infowarrior.org Fri Nov 30 12:58:33 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Nov 2007 07:58:33 -0500 Subject: [Infowarrior] - Facebook Retreats on Online Tracking Message-ID: November 30, 2007 Facebook Retreats on Online Tracking By LOUISE STORY and BRAD STONE http://www.nytimes.com/2007/11/30/technology/30face.html?_r=1&hp=&pagewanted =print&oref=slogin Faced with its second mass protest by members in its short life span, Facebook, the enormously popular social networking Web site, is reining in some aspects of a controversial new advertising program. Within the last 10 days, more than 50,000 Facebook members have signed a petition objecting to the new program, which sends messages to users? friends about what they are buying on Web sites like Travelocity.com, TheKnot.com and Fandango. The members want to be able to opt out of the program completely with one click, but Facebook won?t let them. Late yesterday the company made an important change, saying that it would not send messages about users? Internet activities without getting explicit approval each time. MoveOn.org Civic Action, the political group that set up the online petition, said the move was a positive one. ?Before, if you ignored their warning, they assumed they had your permission? to share information, said Adam Green, a spokesman for the group. ?If Facebook were to implement a policy whereby no private purchases on other Web sites were displayed publicly on Facebook without a user?s explicit permission, that would be a step in the right direction.? Facebook, which is run by Mark Zuckerberg, 23, who created it while an undergraduate at Harvard, has built a highly successful service that is free to its more than 50 million active members. But now the company is trying to figure out how to translate this popularity into profit. Like so many Internet ventures, it is counting heavily on advertising revenue. The system Facebook introduced this month, called Beacon, is viewed as an important test of online tracking, a popular advertising tactic that usually takes place behind the scenes, where consumers do not notice it. Companies like Google, AOL and Microsoft routinely track where people are going online and send them ads based on the sites they have visited and the searches they have conducted. But Facebook is taking a far more transparent and personal approach, sending news alerts to users? friends about the goods and services they buy and view online. Charlene Li, an analyst at Forrester Research, said she was surprised to find that her purchase of a table on Overstock.com was added to her News Feed, a Facebook feature that broadcasts users? activities to their friends on the site. She says she did not see an opt-out box. ?Beacon crosses the line to being Big Brother,? she said, ?It?s a very, very thin line.? Facebook executives say the people who are complaining are a marginal minority. With time, Facebook says, users will accept Beacon, which Facebook views as an extension of the type of book and movie recommendations that members routinely volunteer on their profile pages. The Beacon notices are ?based on getting into the conversations that are already happening between people,? Mr. Zuckerberg said when he introduced Beacon in New York on Nov. 6. ?Whenever we innovate and create great new experiences and new features, if they are not well understood at the outset, one thing we need to do is give people an opportunity to interact with them,? said Chamath Palihapitiya, a vice president at Facebook. ?After a while, they fall in love with them.? Mr. Palihapitiya was referring to Facebook?s controversial introduction of the News Feed feature last year. More than 700,000 people protested that feature, and Mr. Zuckerberg publicly apologized for aspects of it. However, Facebook did not remove the feature, and eventually users came to like it, Mr. Palihapitiya said. He said Facebook would not add a universal opt-out to Beacon, as many members have requested. MoveOn.org started the anti-Beacon petition on Nov. 20, and as of last night more than 50,000 Facebook users had signed it. Other groups fighting Beacon have about 10,000 members in total. Facebook, they say, should not be following them around the Web, especially without their permission. The complaints may seem paradoxical, given that the so-called Facebook generation is known for its willingness to divulge personal details on the Internet. But even some high school and college-age users of the site, who freely write about their love lives and drunken escapades, are protesting. ?We know we don?t have a right to privacy, but there still should be a certain morality here, a certain level of what is private in our lives,? said Tricia Bushnell, a 25-year-old in Los Angeles, who has used Facebook since her college days at Bucknell. ?Just because I belong to Facebook, do I now have to be careful about everything else I do on the Internet?? Two privacy groups said this week that they were preparing to file privacy complaints about the system with the Federal Trade Commission. Among online merchants, Overstock.com has decided to stop running Facebook?s Beacon program on its site until it becomes an opt-in program. And as the MoveOn.org campaign has grown over the past week, some ad executives have poked fun at Facebook users. ?Isn?t this community getting a little hypocritical?? said Chad Stoller, director of emerging platforms at Organic, a digital advertising agency. ?Now, all of a sudden, they don?t want to share something?? Facebook users each get a home page where they can volunteer information like their age, hometown, college and religion. People can post photos and write messages on their pages and on their friends? pages. Under Beacon, when Facebook members purchase movie tickets on Fandango.com, for example, Facebook sends a notice about what movie they are seeing in the News Feed on all of their friends? pages. If a user saves a recipe on Epicurious.com or rates travel venues on NYTimes.com, friends are also notified. There is an opt-out box that appears for a few seconds, but users complain that it is hard to find. Mr. Palihapitiya said Facebook is making the boxes larger and holding them on the Web pages longer. Mr. Green of MoveOn.org said that his group would be tracking the effects of the latest changes before deciding if it would still push for a universal opt-out. The whole purpose of Beacon is to allow advertisers to run ads next to these purchase messages. A message about someone?s purchase on Travelocity might run alongside an airline or hotel ad, for example. Mr. Zuckerberg has heralded the new ads as being like a ?recommendation from a trusted friend.? But Facebook users say they do not want to endorse products. ?Just because I use a Web site, doesn?t mean I want to tell my friends about it,? said Annie Kadala, a 23-year old student at the University of North Carolina at Chapel Hill. ?Maybe I used that Web site because it was cheaper.? Ms. Kadala found out about Beacon on Thanksgiving day when her News Feed told her that her sister had purchased the Harry Potter ?Scene It?? game. ?I said, ?Susan, did you buy me this game for Christmas??? Ms. Kadala recalled. ?I don?t want to know what people are getting me for Christmas.? From rforno at infowarrior.org Fri Nov 30 12:59:41 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Nov 2007 07:59:41 -0500 Subject: [Infowarrior] - Hidden Dangers in Visiting Porn Sites Message-ID: Hidden Dangers in Visiting Porn Sites Nov 28 07:06 PM US/Eastern By JORDAN ROBERTSON AP Technology Writer http://www.breitbart.com/article.php?id=D8T6V9RG0&show_article=1 SAN JOSE, Calif. (AP) - Online pornography hunters' Internet adventures are already fraught with danger from malicious code many porn sites use to commandeer visitors' machines or steal personal data. Now comes a scheme some researchers say amounts to extortion: One site's threat to disable visitors' computers with relentless pop-up ads if they don't pay for a subscription they were automatically signed up for after a free trial. The threats, reported this week by researchers at security vendor McAfee Inc.'s Avert Labs, affect people who visit the Web site and download software to access a free three-day trial membership. Visitors do get free access for three days, but the download includes code that then generates a stream of pop-up windows, when the user is online and offline, demanding payment of roughly $80 for 90 days' worth of additional access. The windows stay open up to 10 minutes and appear once a day. They appear on top of any open windows and restore to their original size if shrunk or moved, making them impossible to ignore. They also reappear if the computer is rebooted. The site actually warns visitors they will be billed as full members?and lose full use of their computers if they don't?unless they cancel the subscription within the trial period. But the warning appears in the full terms and conditions statement, which downloaders aren't required to read. Once the fees are paid, the software can be removed with a special file. "What it appears they are doing is, in my humble opinion, a form of extortion based on the (usually correct) assumption that a person's computer will be key to many other activities in their daily life," McAfee researcher Seth Purdy wrote on the Avert Labs blog. Copyright 2007 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Fri Nov 30 13:07:21 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Nov 2007 08:07:21 -0500 Subject: [Infowarrior] - Homegrown Terrorism Prevention Act of 2007 Message-ID: The Violent Radicalization Homegrown Terrorism Prevention Act of 2007 By Matt Renner t r u t h o u t | Report Thursday 29 November 2007 http://www.truthout.org/docs_2006/112907J.shtml A month ago, the House of Representatives passed legislation that targets Americans with radical ideologies for research. The bill has received little media attention and has almost unanimous support in the House. However, civil liberties groups see the bill as a threat to the constitutionally protected freedoms of expression, privacy and protest. HR 1955, "The Violent Radicalization Homegrown Terrorism Prevention Act of 2007", apparently intended to assess "homegrown" terrorism threats and causes is on a fast-track through Congress. Proponents claim the bill would centralize information about the formation of domestic terrorists and would not impinge on constitutional rights. On October 23, the bill passed the House of Representatives by a 404-6 margin with 23 members not voting. If passed in the Senate and signed into law by George W. Bush, the act would establish a ten-member National Commission on the Prevention of Violent Radicalization and Homegrown Terrorism, to study and propose legislation to address the threat of possible "radicalization" of people legally residing in the US. Despite being written by a Democrat, the current version of the act would probably set up a Commission dominated by Republicans. By allowing Bush and Secretary of Homeland Security Michael Chertoff to each appoint one member of the Commission, and splitting the appointment of the other eight positions equally between Congressional Democrats and Republicans, the Commission would consist of six Republican appointees and four Democratic ones. The Commission would be tasked with collecting information on domestically spawned terrorism from a variety of sources, including foreign governments and previous domestic studies. The Commission would then report to Congress and recommend policy changes to address the threat. There is no opposition to this consolidation or research. However, the Commission would be given broad authority to hold hearings and collect evidence, powers that raise red flags for civil liberties groups. Civil liberties activists have criticized the bill, some comparing the Commission it would establish to the McCarthy Commission that investigated Americans for possible associations with Communist groups, casting suspicion on law-abiding citizens and ruining their reputations. The Commission would be empowered to "hold hearings and sit and act at such times and places, take such testimony, receive such evidence, and administer such oaths as the Commission considers advisable to carry out its duties." Odette Wilkens, the executive director of the Equal Justice Alliance, a constitutional watchdog group, compared the legislation to the McCarthy Commission and to the FBI's Counter Intelligence Program (COINTELPRO), which infiltrated, undermined and spied on civil rights and antiwar groups during the 1950s and 60s. "The commission would have very broad powers. It could investigate anyone. It would create a public perception that whoever is being investigated by the Commission must be involved in subversive or illegal activities. It would give the appearance that whoever they are investigating is potentially a traitor or disloyal or a terrorist, even if all they were doing was advocating lawful views," Wilkens said. In a speech on the floor of the House before the vote, Congresswoman Jane Harman (D-California), the chair of the House Homeland Security Subcommittee on Intelligence and author of the bill said, "Free speech, espousing even very radical beliefs, is protected by our Constitution - but violent behavior is not. Our plan must be to intervene before a person crosses that line separating radical views from violent behavior, to understand the forces at work on the individual and the community, to create an environment that discourages disillusionment and alienation, that instills in young people a sense of belonging and faith in the future." In the same speech, Harman explained why "homegrown" terrorists are a threat to the US. She offered the explanation that adolescents who might be susceptible to recruitment by gangs might also be potential terrorists. "Combine that personal adolescent upheaval with the explosion of information technologies and communications tools - tools which American kids are using to broadcast messages from al-Qaeda - and there is a road map to terror, a 'retail outlet' for anger and warped aspirations. Link that intent with a trained terrorist operative who has actual capability, and a 'Made in the USA' suicide bomber is born," Harman said. The bill specifically identifies the Internet as a tool of radicalization. "The Internet has aided in facilitating violent radicalization, ideologically based violence, and the homegrown terrorism process in the United States by providing access to broad and constant streams of terrorist-related propaganda to United States citizens." In a press release, Caroline Fredrickson, director of the Washington American Civil Liberties Union legislative office, took issue with this characterization. "If Congress finds the Internet is dangerous, then the ACLU will have to worry about censorship and limitations on First Amendment activities. Why go down that road?" Fredrickson asked in a press release. The ALCU has "serious concerns" about the bill. Fredrickson said, "Law enforcement should focus on action, not thought. We need to worry about the people who are committing crimes rather than those who harbor beliefs that the government may consider to be extreme." According to Wilkens, the bill, in its current form, lacks specific definitions. which would give the Commission expansive and possibly dangerous powers. The Committee would be set up to address the process of "violent radicalization," which the bill defines as "the process of adopting or promoting an extremist belief system for the purpose of facilitating ideologically based violence to advance political, religious, or social change." According to Wilkens, the bill does not adequately define "an extremist belief system," opening the door for abuse. "An 'extremist belief system' can be whatever anyone on the commission says it is. Back in the 60s, civil rights leaders and Vietnam War protesters were considered radicals. They weren't committing violence but they were considered radicals because of their belief system," Wilkens said. The bill would also create a "Center of Excellence for the Study of Violent Radicalization and Homegrown Terrorism in the United States," on an unspecified University campus. Unlike other Centers of Excellence university-based government research centers created by the Department of Homeland Security, the Center established by this bill could have a chilling effect on political activity on campus because of its specific mission to "assist Federal, State, local and tribal homeland security officials through training, education, and research in preventing violent radicalization and homegrown terrorism," according to Wilkens. "If you are on campus and the thought police are on campus are you going to want to join a political group?" Wilkens asked. Congressman and presidential candidate Dennis Kucinich (D-Ohio) was one of three Democrats who voted against the bill, but he has given no public explanation for his opposition and his office did not respond to a call for comment as of this writing. Neither the Speaker of the House Nancy Pelosi (D-California) nor Congressman John Conyers (D-Michigan), the chairman of the House Judiciary Committee, voted on the bill. The bill has been referred to the Senate Homeland Security Committee, chaired by Sen. Joseph Lieberman (I-Connecticut). With overwhelming support from the House, it is likely to pass quickly through the Senate. Matt Renner is an assistant editor and Washington reporter for Truthout.