From rforno at infowarrior.org Sat Sep 1 22:32:34 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 01 Sep 2007 18:32:34 -0400 Subject: [Infowarrior] - Google Flight Simulator In-Reply-To: Message-ID: Flight Simulator Keyboard Controls This document describes the various keyboard combinations that you can use with the flight simulator features of Google Earth. To enter the flight simulator mode, press Ctrl + Alt + A (Command/Open Apple Key + Option + A on the Mac). Once you have entered flight simulator mode for the first time, you can re-enter the mode by choosing Tools > Enter Flight Simulator. To leave flight simulator mode, click Exit Flight Simulator in the top right corner or press Ctrl + Alt + A (Command/Open Apple Key+ Option + A on the Mac). http://earth.google.com/intl/en/userguide/v4/flightsim/index.html From rforno at infowarrior.org Sun Sep 2 00:24:32 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 01 Sep 2007 20:24:32 -0400 Subject: [Infowarrior] - BitTorrent Continues to Dominate Internet Traffic Message-ID: BitTorrent Continues to Dominate Internet Traffic Written by Ernesto on September 01, 2007 http://torrentfreak.com/bittorrent-dominates-internet-traffic-070901/ A recent analysis of the latest P2P trends wordwide shows that BitTorrent is still the most popular filesharing protocol. BitTorrent traffic is still on the rise and responsible for 50-75% of all P2P traffic and roughly 40% of all Internet traffic. BitTorrent Continues to Dominate Internet TrafficP2P traffic stats always cause quite a bit of controversy. In 2004 several respectable sources were reporting that BitTorrent was responsible for 35% of all internet traffic. This was probably a huge overestimation at the time, today this figure sounds more realistic. Ipoque reports in a preview of their 2007 P2P survey that BitTorrent is generating between 50-75% of all P2P traffic. P2P traffic is responsible for 50%-90% of all Internet traffic which means that BitTorrent traffic is generating somewhere between 25% and 65% of all Internet traffic. However, there is quite a bit of regional variance in the use of P2P applications according to Ipoque: ?eDonkey exhibits a regionally varying popularity with shares between 5-50% of all P2P. In certain regions, other protocols have gained a significant importance. In the Baltic States, for instance, DirectConnect has a proportion of about 30% of all P2P traffic? Ipoque reports that all P2P traffic is still growing. Joost is not yet posing a threat to ISPs, but media streaming services and VoIP applications show significant growth. For example, Ipoque reports that Skype generates up to 2% of the overall traffic in certain networks. It is probably good to know that this Internet traffic research is often conducted by companies that offer broadband management and optimization solutions. It is in their best interest to overestimate these figures because they design the traffic shaping applications that help ISPs to manage their precious bandwidth. The 2007 P2P survey will be presented at Technology Review?s Emerging Technologies Conference at MIT, more details later. From rforno at infowarrior.org Sun Sep 2 00:28:50 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 01 Sep 2007 20:28:50 -0400 Subject: [Infowarrior] - Enquiry in America Today Message-ID: September 1 / 2, 2007 The Don't Show Me State Enquiry in America Today http://www.counterpunch.org/tripp09012007.html By BEN TRIPP The quality of enquiry, or quirth, is one that has largely evaporated from American life, like the water set to boil in a pot of frogs intended to demonstrate that frogs don't know they're being boiled if you raise the temperature slowly enough. Vestiges of that spirit (of enquiry, not frog boiling) endure, but they have become almost nonsensical: take Missouri's motto "The Show Me State", for example, which is not the condition of latent homosexual voyeurism it seems to describe, rampant among Republican senators in public lavatories; rather it is an expression of skepticism. Show me proof, and then we can talk. Not a bad sentiment. Unfortunately one no longer found in most quarters of the United States. This may come from the explosion of information to which we are subjected, in the form of advertising and storytelling (or the amalgamation of both, in the case of televised programming). 500 channels, we are promised. 500 channels of what? We now have an acronym for it, TMI, which stands for either "Too Much Information" or "Trombone Meat Infringement" if you prefer acronyms made up of random words. It is hard to formulate sensible questions when a million answers have been thrust upon one before the first question had a chance to get out. Some years ago, the nuclear energy industry in put out a preemptive "educational campaign" to allay fears expressed by the millions of Americans that lived alongside the railway routes by which said industry had decided to move nuclear waste. The industry patiently and unrelentingly answered all question about the safety of this program by saying, "this spent fuel" (they call it "spent fuel" because "nuclear waste" sounds, oh, you know, so negative) "this spent fuel cannot, and will not, explode." But can it get into the air or the groundwater? It will not explode. Can it be flung by that commonplace railway accident, the impact of two trains, out of its containers and into the sorts of places a fellow is likely to come in contact with it? Is not a single flesh-rotting molecule of the stuff an absolute guarantee of death? Hush, little commoners. It will not, cannot explode. You know what? I have no idea if they're shipping spent doomfuel around on trains these days, There were too many other things going on around then, and the subject just got swallowed up along with the fate of Joanie Loves Chachi or Twin Peaks or whether Boy George could stay off heroin-- I don't even remember what the distraction de jour was. I suppose they do ship the stuff by train; the old system with donkeys was hopelessly outmoded even then. The point is that I haven't even thought about it, me who prides himself on quirth in abundance. Jesus, I can't even remember what I was going to ask my fianc?e when I go downstairs with an unmatched sock and a necktie in my hand. It's too much to imagine I'm also going to remember to ask what's happening to the nuclear waste, let alone demand an answer to whatever I asked last time. But is the only problem that we Americans suffer from Trombone Meat Infringement? I think there's something else, as expressed in a motto ginned up by the Clinton people: "Don't ask, don't tell". If ever there was a rubbishy catchphrase dredged up from the large intestine of a Madison Avenue disinformation factory, this is it. Are you gay? Don't ask, Sergeant. And Private Danglers, whatever you're thinking in those lathery showers, think away, but don't tell. Let's all pretend the issue isn't even there. Homophobia is one of the most pervasive and pointless problems facing us today: if a certain congressional poofter that recently made headlines with his clumsy solicitations to an undercover policemen had merely been able to say, "gold dang, I'm as queer as bull tits", he might still have a career. Instead, he was forced to make an elaborate defense of his solicitations by describing in nauseating detail every peculiarity of his seated bathroom habits (TMI) in an attempt to answer the explicit police report filed by the officer to whom he made the advances (whose name has not been released to the press, but apparently he goes by the moniker "Swingin' Hammer"). What I mean to say is Americans now expect to find something horrible under every Rock Hudson. [Note to editor: remove previous cheap gag and replace with simple word "rock"]. Ask the most innocuous question, like "when we inevitably do leave Iraq, what is our plan for doing so?" and the hideous truth flashes out like the fangs of a hideous truth: there is no plan. This all began when someone said, "is that pop combo Milli Vanilli really singing?" It's been downhill since then. Ask any question regarding the American Gertztramufiner('sup, yo') and if an answer is forthcoming, it will certainly be what you least want to hear. One finds oneself not asking. Then of course there's the explosion of faith-based thinking. We have started to think Word is better than word. The abstract authority of the preacher or the evangelist president, the simple demand that they be trusted, believed, is deadly to any spirit of free thinking, of doubt, and even the ability to absorb basic information that doesn't quite line up with what the Daddy Figure is telling you. You add that to the endless streams of falsehoods and fudging in which every American is bathed today, you got yourself a nation of dupes. So have we seen the end of the American tradition of self-reliant doubt? Will we, as a nation, ever work up the gumption to question the word of the 'expert', the 'authority', the 'talking head' out loud, even if we secretly lack any faith that we're being told the truth? It appears, I regret to say, that we're in for a further spell of incuriosity. Maybe it started with the Reaganite anti-intellectual vogue, or earlier, when Joe McCarthy turned inquiry into inquisition. It could be the decline of such subjects as rhetoric, or the decline of schooling in general. Maybe it was Trivial Pursuit. I (by which I mean me, or the guy most people think is me, because who can ever really know anybody?) hope we can restart that useful skepticism that helped us rebuff the blandishments of kings and courtiers. There are signs this is happening. Only a handful of truly damaged individuals still believe what the government is telling them any more. A lot of people are profoundly discouraged by the energy wasted on the fad for 9/11 conspiracy theories, replete with invisible airplanes, missiles disguised as jumbo jets, and a host of demolitions experts coordinated by a White House that couldn't organize a birthday party if the kid brought his own cake. This line of questioning may be misguided, but at least it's questioning, and I'm glad the doubt is there. Building seven: why did it drop? I don't know, but Bush sure as hell wasn't behind it. He couldn't drop his own pants. The Iran war is going to be a much harder sell than Iraq was, for an example of progress. You can already see the White House people getting out of breath just trying to keep the media drumbeat going, regardless of how compliant the reporting is. There are a million other distractions, for one thing; for the neocons it's like trying to write a best-selling novel while being eaten alive by locusts. It's not the media asking the questions, it's the American public. This is encouraging. If we imagine Wolf Blitzer or that most closeted of closeteers, Anderson Cooper, is going to pitch anything but the slowest of softballs to the evil sods destroying this and other nations, our imaginations have up and quit on us. But ordinary people, meaning consumers, consumers, and voters, in that order, are asking tougher questions. They're taking less on faith. They're starting to experience the thrill of quirth, that feeling of not believing an unproven answer, of not letting someone else ask the wrong question and trying to pretend the answer will suffice. Will it turn into a change in the national character? I don't know. Disco was just a fad, thank fuck, and probably the intense Evangelical frenzy gripping certain segments of the population will wear off once old-time religion turns out to be of less utility than Disco. One can hope. I'll take a slight decrease in the level of bovine credulity. Hey, Nancy, why are you really so determined not to oppose Bush? First ask the question, then question the answer, and at last you'll have a better idea of what the real question is. For me, it's enough that I remembered why I was boiling a pan of frogs on the stove. Ben Tripp, author of Square in the Nuts, is a hack in many mediums. He may be reached at credel at earthlink.net. Creative commons copyright 2007 by Ben Tripp From rforno at infowarrior.org Sun Sep 2 19:56:10 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 02 Sep 2007 15:56:10 -0400 Subject: [Infowarrior] - CMU Privacy Study Request For Participation Message-ID: (c/o IP List) Carnegie Mellon University researchers are conducting a web-based survey about online privacy concerns. If you complete this survey, you could win a $250 gift certificate for Amazon.com! Odds of winning depend on the number of entrants but are guaranteed 1:1000 or better. The study takes about 15 minutes. To participate in this survey, go to: http://cups.cs.cmu.edu/survey-0807/ Thank you for your participation! From rforno at infowarrior.org Mon Sep 3 00:05:14 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 02 Sep 2007 20:05:14 -0400 Subject: [Infowarrior] - U.S. may invoke 'state secrets' to squelch suit against Swift Message-ID: U.S. may invoke 'state secrets' to squelch suit against Swift By Eric Lichtblau Friday, August 31, 2007 http://iht.com/articles/2007/08/31/america/swift.php WASHINGTON: The Bush administration is signaling that it plans to turn once again to a favorite legal tool known as the "state secrets" privilege to try to shut down a lawsuit brought against a Belgium banking cooperative that secretly supplied millions of private financial records to the U.S. government, court documents show. The lawsuit against the banking consortium, which is known as Swift, threatens to disrupt the operations of a vital national security program and to reveal "highly classified information" if it is allowed to continue, the Justice Department said in several recent court filings asserting its strong interest in seeing the lawsuit dismissed. A hearing on the future of the lawsuit was scheduled for Friday in federal court in Alexandria, Virginia. The "state secrets" privilege, allowing the government to shut down public litigation on national security grounds, was once a rarely used tool. But the Bush administration has turned to it dozens of times in terrorism-related cases in seeking to end public discussion of everything from an FBI whistle-blower's claims to the abduction of a German terrorism suspect. Most notably, the Bush administration has sought to use the state secrets assertion to kill numerous lawsuits against telecommunications carriers over the National Security Agency's domestic eavesdropping program, but a judge in California rejected that claim. The issue is now pending before an appeals court, where judges in a hearing two weeks ago expressed skepticism about the administration's claims. Asserting the state secrets privilege requires the certification of both the director of national intelligence and the attorney general about the potential harm to national security. If the administration makes good on its intention to invoke the secrets claim in the lawsuit against Swift, it would be one of the most significant cases to test the claim. Swift is considered the nerve center of the global banking industry, routing trillions of dollars each day between banks, brokerages and other financial institutions. The group's partnership with the U.S. government, first revealed in media reports in June 2006, gave officials at the CIA access to millions of records on international banking transactions in an effort to trace money that investigators believed might be linked to terrorist financing. Swift agreed to turn over large chunks of its database in response to a series of unusually broad subpoenas issued by the Treasury Department beginning months after the attacks of Sept. 11, 2001. Bush administration officials have defended the banking data program as an important tool in its war on terror, but European regulators and privacy advocates were quick to denounce the program as improper and possibly illegal, and the pressure forced Swift and U.S. officials earlier this year to agree to tighter restrictions on how the data could be used. Two U.S. banking customers sued Swift on invasion-of-privacy grounds. Many legal and financial analysts expected that the lawsuit would be thrown out because U.S. banking privacy laws are considered much more lax than those in much of Europe. But to the surprise of many, a judge refused to throw out the lawsuit in a ruling in June. From rforno at infowarrior.org Mon Sep 3 02:14:55 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 02 Sep 2007 22:14:55 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?Software_via_the_Internet=3A_Micro?= =?iso-8859-1?q?soft_in_=8C_Cloud_=B9_Computing?= Message-ID: September 3, 2007 Software via the Internet: Microsoft in ?Cloud? Computing By JOHN MARKOFF http://www.nytimes.com/2007/09/03/technology/03cloud.html?pagewanted=print SAN FRANCISCO, Sept. 2 ? The empire is preparing to strike back ? again. In 1995, Microsoft added a free Web browser to its operating system in an attempt to fend off new rivals, an effort ultimately blocked by the courts. This week, it plans to turn that strategy upside down, making available free software that connects its Windows operating system to software services delivered on the Internet, a practice increasingly referred to as ?cloud? computing. The initiative is part of an effort to connect Windows more seamlessly to a growing array of Internet services. The strategy is a major departure for Microsoft, which primarily sells packaged software for personal computers. With this new approach, Microsoft hopes to shield its hundreds of millions of software customers from competitors like Google and Salesforce.com, which already offer software applications through the Internet. Microsoft?s new Windows Live software suite includes an updated electronic mail program, a photo-sharing application and a writing tool designed for people who keep Web logs. The new service is an indication that Microsoft plans to compete head-on against archrival Google and others, and not only in the search-engine business where it is at a significant disadvantage. Instead, Microsoft will try to outmaneuver its challengers by becoming the dominant digital curator of all a user?s information, whether it is stored on a PC, a mobile device or on the Internet, industry executives and analysts said. Millions of PC users already rely on Web applications that either provide a service or store data. For instance, Yahoo and Google do their own forms of cloud computing, offering popular e-mail programs and photo-sharing sites that are accessible through a Web browser. The photos or the e-mail messages are stored on those companies? servers. The data is accessible from any PC anywhere. Hundreds of companies in Silicon Valley are offering every imaginable service, from writing tools to elaborate dating and social networking systems, all of which require only a Web browser and each potentially undermining Microsoft?s desktop monopoly. Google, the most visible example, took cloud computing a step further last October and directly challenged Microsoft by offering a suite of free word-processing and spreadsheet software over a browser. ?To the extent that the industry is moving toward an on-demand business model, it poses a threat to Microsoft,? said Kenneth Wasch, president of the Software and Information Industry Association and a longtime Microsoft adversary. Microsoft is a late entrant to a set of businesses that are largely defined as Web 2.0, but the company is counting on its ability to exploit its vast installed base of more than one billion Windows-based personal computers. It plans to give away some of its services, like photo-sharing and disk storage, while charging for others like its computer security service and a series of business-oriented services aimed at small and medium-size organizations. ?I think Microsoft is going beyond search to a more sophisticated set of services,? said Shane Robison, executive vice president and chief strategy and technology officer at Hewlett-Packard. ?It will be a race, and who knows who will get there first?? Brian Hall, general manager for Microsoft?s Windows Live services, said, ?We?re taking the communications and sharing components and creating a set of services that become what we believe is the one suite of services and applications for personal and community use across the PC, the Web and the phone.? He said the software would be the first full release of Windows Live that is intended to produce a ?relatively seamless? experience between the different services and applications. The Windows Live service ? which will be found at www.live.com ? includes new versions of the company?s Hotmail and Messenger communications services as well as Internet storage components. Microsoft executives said there were roughly 300 million active users each on the Hotmail and Messenger services, with some overlap. The software release will offer PC users the option of downloading a set of the services with a single Unified Installer program, or as separate components. The individual services are Windows Live Photo Gallery, Windows Live Mail, Windows Live Messenger 8.5 and Windows Live OneCare Family Safety, a computer security program. The release, though it includes the Windows Live Writer blogging application, carefully avoids cannibalizing two of Microsoft?s mainstays, the Word and Excel programs. Windows Live services also underscore Microsoft?s desire to become the manager for a user?s data wherever it is located. Although they will not be included in the initial test release, the company?s recently announced SkyDrive online data storage service and its FolderShare service are being folded into Windows Live. SkyDrive currently gives test users 500 megabytes of free Internet storage, while FolderShare makes it possible to synchronize between multiple computers ? including Apple?s Macintosh computers. ?When you think storage, think Windows Live,? Bill Gates said in an interview this summer. Microsoft is moving to create an experience that will divorce a user?s information from the particular device the person is working with at any moment, he said. Microsoft?s new approach is in many ways a mirror image of the strategy used during the 1990s in defeating Netscape Communications when the start-up threatened Microsoft?s desktop dominance. Microsoft tried to tie the Internet to Windows by bundling its Internet Explorer Web browser as an integral part of its desktop operating system. The company lost an antitrust lawsuit in 2000 brought by the Justice Department in response to this bundling strategy. Today, that strategy has been flipped with the growing array of Web services that are connected to Windows. But the new approach, which the company refers to as ?software plus services,? is once again beginning to draw industry charges of unfair competition from competitors. To head off that challenge, Microsoft has been participating in various international organizations that are setting standards over a wide range of services: from those aimed at consumers, like blog-editing and photo-sharing applications, to automated business processes like Web-based customer relationship management systems for sales staff and automatic ordering and logistics applications. Last week, for example, Microsoft executives were put on the defensive after the company?s efforts to gain international adoption for a Microsoft-designed document format known as Open Office XML, led to charges of vote-buying in an international standards vote in Sweden. After the charges received international publicity during the week, the Swedish Standards Institute reversed its position and decided to abstain on the issue, and a Microsoft executive apologized publicly for the gaffe. On Wednesday, Jason Matusow, Microsoft?s senior director for intellectual property and interoperability, wrote on his Web site: ?I understand the concern raised by this error in judgment by an MS employee. The only thing I can say is that the right things were done as the issue was identified. The process and vote at S.I.S. were not affected.? Microsoft did not specify what actually had transpired. While the industry dispute over document formats was visible last week, several Microsoft competitors were quietly pointing to another standards issue that may prove to be a significant advantage for software giant in the future. A set of Web services standards that have emerged from the World Wide Web Consortium might give Microsoft a performance advantage, according to industry executives at three companies, who declined to be identified because they are Microsoft business partners. Microsoft?s standards efforts have angered its competitors because four years ago the software publisher argued publicly against adding compression features that are designed to improve performance to industry Web services standards. Now, however, Microsoft has developed its own compression standards that will potentially make its versions of Web services perform better than those of their competitors. ?They?re playing the game right,? said a rival. ?The idea is to offer a solution that works better in an all-Microsoft environment.? On Friday, a spokesman for Microsoft said that services that take advantage of the Web standards effort like Silverlight, a new system for displaying multimedia content via a Web browser that competes with Adobe?s Flash media player, would not be included in the first release of Windows Live, but would be added in the future. From rforno at infowarrior.org Sun Sep 2 00:31:07 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 01 Sep 2007 20:31:07 -0400 Subject: [Infowarrior] - Feds to Restrict Volunteers at Disasters Message-ID: Feds to Restrict Volunteers at Disasters http://www.nytimes.com/aponline/us/AP-Disaster-IDs.html By THE ASSOCIATED PRESS Published: September 1, 2007 Filed at 7:56 p.m. ET NEW YORK (AP) -- Retiree Gene O'Brien hurried to the World Trade Center site after Sept. 11, 2001, as a volunteer helping to shuttle supplies to police and fire workers. Some days, his only ID to get into the disaster site was a tattoo on his forearm. ''A couple times I showed them my Marine tattoo, and they said go ahead,'' recalled O'Brien, adding that he and other volunteers also came up with their own makeshift identification cards. ''We didn't forge anything, we just made them up with our own pictures and at one point we copied a UPC code off a Pepsi can and they were as good as gold,'' said the Scarsdale resident. It might not be so easy the next time disaster strikes. In an effort to provide better control and coordination, the federal government is launching an ambitious ID program for rescue workers to keep everyday people from swarming to a disaster scene. A prototype of the new first responder identification card is already being issued to fire and police personnel in the Washington, D.C., area. Proponents say the system will get professionals on scene quicker and keep untrained volunteers from making tough work more difficult. But they also know it is a touchy subject, particularly for those devoted to helping in moments of crisis. ''Wow, how in the world do we say this without love and respect in our hearts?'' said deputy assistant U.S. Fire Administrator Charlie Dickinson. ''Everybody wants to come to the fight, so to speak, and no one wants to step back and say 'No, I can't do this.' The final coup de grace was the World Trade Center. Hundreds came that were never asked,'' Dickinson said. ''Good intentions, good hearts, and it was extremely difficult for the fire department and the other departments to deal with them.'' The Federal Emergency Management Agency came up with the idea after the World Trade Center attack and Hurricane Katrina in 2005, when countless Americans rushed to help -- unasked, undirected, and sometimes unwanted. Many of those volunteers angrily dispute the notion they were a burden. They insist that in many instances they were able to deliver respirators, hard hats, and protective boots to workers when no one else seemed able. Ground zero volunteer Rhonda Shearer and her daughter launched a fast-moving supply system that bypassed regular channels, often infuriating city officials. Even as she delivered box trucks packed with supplies over months of recovery work, she increasingly ended up in a cat-and-mouse game with New York City's police and emergency management agency. Shearer, 53, said the experience convinced her that agencies are ill-equipped to handle major disasters -- but don't want outsiders pointing out their failings. Similar frustrations arose after Katrina, when people were shocked that the government struggled to take basic supplies such as water to the worst areas. ''They're more worried about keeping volunteers out than doing an analysis of what really went wrong,'' Shearer said. ''Independent citizens need to be involved, where we have no ax to grind or cross to bear. But we will tell the truth, and we will tell what we see and bear witness to the incompetence.'' Dickinson, the federal fire official, said the government is not trying to discourage volunteers, but he thinks there should come a time, within a few days of a disaster, when civilians step back and let the professionals take control. Supporters say the ID cards could be checked at a disaster area with a card-reader device and used to verify a person's unique skills. For example, if police officers have been trained to handle hazardous materials, officials at the scene could deploy them to an area where their skills would be best put to use. For reasons ranging from general safety to protection from lawsuits, construction and demolition companies want to see a disaster ID card program succeed. Mike Taylor, executive director of the National Demolition Association, said his industry is talking with aides to Gov. Arnold Schwarzenegger about putting it in place in his state. ''If California goes ahead and does that, it will flow across the country. This is a really smart idea by someone in the Bush administration to be able to control access to the site and frankly, make sure there are no untrained people,'' Taylor said. ''If somebody goes running down to the site, you have to stop and ask them, wait, are they certified to do this work?'' From rforno at infowarrior.org Mon Sep 3 16:29:30 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 03 Sep 2007 12:29:30 -0400 Subject: [Infowarrior] - Microsoft Blames WGA Meltdown on Human Error Message-ID: Microsoft Blames WGA Meltdown on Human Error Gregg Keizer http://www.computerworld.com/action/article.do?command=viewArticleBasic&tax onomyName=operating_systems&articleId=301978&taxonomyId=89&intsrc=kc_top September 03, 2007 (Computerworld) -- Microsoft Corp. last week blamed ?human error? on the part of its IT staff for a server problem that caused the company?s Windows Genuine Advantage (WGA) validation service to incorrectly tag legitimate users of Windows XP and Windows Vista as software pirates. The software vendor also promised that internal changes are being made to avoid a repeat of the glitch, which affected users for nearly 20 hours on Aug. 24 and 25. Users whose copies of Windows erroneously failed WGA?s antipiracy tests were prevented from downloading most software from Microsoft?s Web site. And those with Vista were unable to use some of the operating system?s features. Alex Kochis, Microsoft?s senior WGA product manager, wrote in a blog posting that the troubles began after ?preproduction code? was installed on live servers. Those systems had yet to be upgraded with another code change designed to enable stronger encryption and decryption of product keys, Kochis added. As a result, ?the production servers declined activation and validation requests that should have passed,? he wrote. A quick code rollback fixed the problem on the product-activation servers within 30 minutes, according to Kochis. But it didn?t reset the validation servers, which handle legitimacy checks on downloads and other transactions. ?We now realize that we didn?t have the right monitoring in place to be sure the fixes had the intended effect,? Kochis wrote. He also said that Microsoft is taking steps ?such as increasing the speed of escalations and adding checkpoints before changes can be made to production servers.? Earlier last week, Microsoft said that fewer than 12,000 systems were affected worldwide. But users lit up the company?s support forums with more than 450 messages about the snafu. ?A system that?s not totally reliable really should not be so punitive,? said Gartner Inc. analyst Michael Silver. Michael Cherry, an analyst at Directions on Microsoft in Kirkland, Wash., said he was surprised that it was even possible to accidentally load the wrong code onto live servers. ?It just begs the question of, what other things have they not done?? Cherry said. From rforno at infowarrior.org Sat Sep 1 15:20:36 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 01 Sep 2007 11:20:36 -0400 Subject: [Infowarrior] - Google Flight Simulator Message-ID: Flight Simulator Keyboard Controls This document describes the various keyboard combinations that you can use with the flight simulator features of Google Earth. To enter the flight simulator mode, press Ctrl + Alt + A (Command/Open Apple Key + Option + A on the Mac). Once you have entered flight simulator mode for the first time, you can re-enter the mode by choosing Tools > Enter Flight Simulator. To leave flight simulator mode, click Exit Flight Simulator in the top right corner or press Ctrl + Alt + A (Command/Open Apple Key+ Option + A on the Mac). http://earth.google.com/intl/en/userguide/v4/flightsim/index.html From rforno at infowarrior.org Tue Sep 4 19:01:27 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 04 Sep 2007 15:01:27 -0400 Subject: [Infowarrior] - Microsoft Loses Vote on XML File Standards Message-ID: Microsoft Loses Vote on File Standards By THE ASSOCIATED PRESS http://www.nytimes.com/aponline/technology/AP-Europe-Microsoft-Software-Stan dards.html?pagewanted=print Filed at 1:48 p.m. ET BRUSSELS, Belgium (AP) -- Microsoft Corp. has failed in a first step to win enough support to make the data format behind its flagship Office software a global standard, the International Standards Organization said Tuesday. This weekend's vote by national standards agencies from 104 nations did not provide the two-thirds majority needed to give Microsoft's format the ISO stamp of approval. But they will meet again in February to try to seek a consensus, and Microsoft could win them over at last. ISO approval for Microsoft's Open Office XML would encourage governments and libraries to recognize the format for archiving documents, which in turn could help ensure that people using different technologies in the future could still open and read documents written today in Open Office XML. Approval of its system as a standard would also help Microsoft tamp down competition from the OpenDocument Format, created by open source developers and pushed by such Microsoft rivals as IBM Corp. Massachusetts state government stirred huge interest in the matter when it advocated saving official documents for long-term storage in the nonproprietary ODF format. That prompted Microsoft to seek recognition of Open XML by the global standards body. The company has offered to license Open Office XML for free to anyone who wants to build products that access information stored in Office documents. It claims the format is richer than ODF because, being based on XML computer language, it can store the layout of spreadsheets and legal documents created with Office 2007. But Shane Coughlan of the Free Software Foundation Europe, a group of open source developers, questioned whether Open Office XML would truly live up to its name and be open to all. Coughlan said it was unclear whether some of the code requires Microsoft's permission to be used. ''It is important that everyone owns their data, that access does not depend on any one company,'' he said. ''Any serious corporation or government should be dubious about using it if the legality is unclear.'' Publishing an open standard means it will be available to everyone, a sort of Rosetta stone that makes sure the key documents of today -- whether they be legal texts, novels-in-progress or accounting spreadsheets -- don't become unreadable hieroglyphics to future generations. Despite losing the initial round of voting with ISO, Microsoft was confident of future success, saying many of the ISO members that did not vote for the format said they would do so when certain criticisms have been addressed. ''This preliminary vote is a milestone for the widespread adoption of the Open XML formats around the world for the benefit of millions of customers,'' said Microsoft's general manager for interoperability, Tom Robertson. ''We believe that the final tally in early 2008 will result in the ratification of Open XML as an ISO standard.'' According to ISO, Microsoft had 53 percent of the votes in favor -- instead of the 66 percent it needed. The ISO process is essentially a debate that tries to fix outstanding problems so a format can win sufficient support. But Coughlan said Microsoft's heavy lobbying for Open Office XML had showed that ISO selection needs to be reviewed to make sure one voice could not shout louder than others. Coughlan and others have alleged that Microsoft unduly influenced the industry committees that advise national standards bodies on ISO votes. From rforno at infowarrior.org Tue Sep 4 19:06:00 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 04 Sep 2007 15:06:00 -0400 Subject: [Infowarrior] - Pushing the impossible Message-ID: Pushing the impossible Movie studios believe they can create the perfect copy protection system. But it would be easier to go faster than the speed of light, says Cory Doctorow * Cory Doctorow * Guardian Unlimited * Tuesday September 4 2007 http://www.guardian.co.uk/technology/2007/sep/04/lightspeed Ask a certain kind of security-minded geek about "copy protection" technology and chances are they'll tell you that it's flat out impossible. They might even avow it with the same certainty that physicists employ when they say you can't travel faster than the speed of light. That level of certainty can be a little daunting, especially since our intuition tells us something different. We can imagine accelerating and accelerating and accelerating until our speed exceeds 299,792,458 m/s ? hey, just rev the old spaceship up to 299,792,457 m/s, open up the throttle a little and voila? we've just proven generations of physicists wrong. The thing is that when they say that you can't travel faster than the speed of light, they're talking about the fundamental principles of physics: it's impossible to get beyond lightspeed, even if science fiction movies help us conceptualise it. In the same way, we can imagine building progressively better software locks for movies, music, ebooks, and software until we hit on one that even the wiliest hacker can't defeat. But, just like the physicists, the geeks who say that DRM can never reach this point are speaking about fundamental principles of information science. It's impossible to get that far. To understand this, you need to understand a little bit about cryptography - the mathematics of scrambling and descrambling information. Modern industrial cryptography consists of three crucial components: first, a "cipher" - a system for scrambling messages. These are always public and never secret or proprietary. Banks, spies, retailers, child pornographers and your web browser all use the same basic set of ciphers. That's because the only way to prove that a cipher works is to expose it to public scrutiny and see if any clever bastard can spot a flaw in it. It's a little counterintuitive to think of full disclosure as a prerequisite for security, but it is a basic tenet of cryptography ? and it has been so ever since Alan Turing and the lads at Bletchley Park broke the Nazi ciphers and spent the rest of the war reading Hitler's secret dispatches and snickering to themselves. Second, there is a "ciphertext" - a blob of data that has been encrypted with the cipher. Finally, and crucially, there's the "key". This is a very small piece of information - usually less than 1000 characters - that is kept secret from all but the legitimate senders and receivers of the information. The key is the secret bit of information that the cipher uses to unscramble the ciphertext. As a system, it works brilliantly. You can download an email privacy program that uses standard, public encryption algorithms to scramble your email so that only its intended recipients can read them. You know that messages can only be read by the authorised sender and the authorised receiver because you are the only ones who know have the key. It's great for email, but it can never work for movies, TV shows or music, because in the case of "copy protection" the receiver is also the person that the system is meant to guard itself against. Say I sell you an encrypted DVD: the encryption on the DVD is supposed to stop you (the DVD's owner) from copying it. In order to do that, it tries to stop you from decrypting the DVD. Except it has to let you decrypt the DVD some of the time. If you can't decrypt the DVD, you can't watch it. If you can't watch it, you won't buy it. So your DVD player is entrusted with the keys necessary to decrypt the DVD, and the film's creator must trust that your DVD player is so well-designed that no one will ever be able to work out the key. This is a fool's errand. Because the DVD player has the key, it's always possible that it can be extracted by academics, hardened hackers ? or just kids who are in it for the glory. One hacker known as Muslix64 got the keys to the HD-DVD system he owned. Then he did the same trick again with a Blu-Ray player ? this time without ever being in the same room as it. He just had a mate email him the contents of the computer's memory, captured while it was playing a Blu-ray disc. Muslix64 reasoned that if the computer was unscrambling the Blu-ray disc, it must have the key in its memory somewhere. He did a quick search of the file and hey presto, Blu-ray was broken. And the thing is that if a DRM is broken once, it's useless. The breaker can put his copy of the movie, music, ebook, or software online on a peer to peer network or fileserver, and from there anybody can "break" the copy protection simply by downloading a copy. It's a one-shot deal. DRM is supposed to force those unwilling to pay into buying, rather than nicking, their media - but once the cheapskates can search for a cracked copy on Google, it is meaningless. This means that ultimately, DRM only affects people who buy media honestly, rather those who nick, borrow or cheat their way to it. In turn that means that the people who ultimately bear the inconvenience, cost and insult of DRM are the paying customers, not the pirates. There are some fundamental truths in the universe. We cannot travel faster than light, and we cannot make a copy protection system that is uncrackable. The only question is: how long will paying customers stay when the companies they're buying from treat them as attackers? ? Cory Doctorow is an activist, science fiction author and co-editor of the blog Boing Boing. From rforno at infowarrior.org Tue Sep 4 23:41:07 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 04 Sep 2007 19:41:07 -0400 Subject: [Infowarrior] - Feds Tell Secret Spying Court to Keep Opinions Secret Message-ID: Feds Tell Secret Spying Court to Keep Opinions Secret By Ryan Singel EmailSeptember 04, 2007 | 12:52:40 PMCategories: NSA, Sunshine and Secrecy, Surveillance The Justice Department told a secret spying court Friday that the court lacked the power to even hear the ACLU's request for it to release court opinions about the government's so-called Terrorist Surveillance Program. Although the Foreign Intelligence Surveillance Court mostly confines itself to issuing thousands of secret wiretap orders a year, the ACLU asked the court in August to release opinions that dealt with a controversial program, saying that the orders were more akin to rulings setting out the law of the land than individual spy orders. < - > http://blog.wired.com/27bstroke6/2007/09/feds-tell-secre.html From rforno at infowarrior.org Tue Sep 4 23:43:56 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 04 Sep 2007 19:43:56 -0400 Subject: [Infowarrior] - 2007 Secrecy Report Card Message-ID: (c/o SecrecyNews) By most available quantitative measures, government secrecy continues to grow in problematic ways, according to a new annual survey from the advocacy coalition OpenTheGovernment.org. While the creation of new secrets (termed "original classification decisions") actually declined in the past year, total classification activity grew significantly, as did the use of controls on unclassified information, and the costs of maintaining the apparatus of national security classification. "The current administration has increasingly refused to be held accountable to the public, including through the oversight responsibilities of Congress," said Patrice McDermott, Director of OpenTheGovernment.org. See "Secrecy Report Card 2007," September 2007: http://www.openthegovernment.org/otg/SRC2007.pdf From rforno at infowarrior.org Wed Sep 5 02:57:40 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 04 Sep 2007 22:57:40 -0400 Subject: [Infowarrior] - Wikis Prove Tricky for PR Firms Message-ID: Wikis Prove Tricky for PR Firms Source: PR Week, August 31, 2007 Thanks to WikiScanner, more PR firms are coming under fire for making anonymous edits to Wikipedia that favored their clients. "Freud Communications' London office was caught making edits" on articles about Pizza Hut and Carphone Warehouse, reports PR Week. Freud Communications' Oliver Wheeler said the edits were "very factual" and "perfectly justifiable." Ketchum's vice-president of new media strategy, Gur Tsabar, said his firm advises clients to edit discussion pages only (not articles themselves), and to disclose their affiliations. The Center for Media and Democracy has used WikiScanner to track edits made on computers at Hill & Knowlton's UK office. The edits whitewashed human rights abuses by the government of the Maldives, which retained the firm in 2003. CMD has also found Wikipedia activity by other PR firms. See how you can join in the fun on our "Tracking attempts to spin Wikipedia" project page on SourceWatch. http://www.prwatch.org/node/6413 From rforno at infowarrior.org Wed Sep 5 13:07:12 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Sep 2007 09:07:12 -0400 Subject: [Infowarrior] - Is Comcast's BitTorrent filtering violating the law? Message-ID: Is Comcast's BitTorrent filtering violating the law? Posted by Chris Soghoian September 4, 2007 12:06 PM PDT http://www.cnet.com/8301-13739_1-9769645-46.html Disclaimer: I am not a lawyer. I'm a cyber-security PhD student and take classes in the Indiana University law school, but this in no way makes me a legal expert. Caveat Lector. Within the last few weeks, there have been a number of reports by Comcast customers claiming that their BitTorrent downloads and uploads have been capped or worse, blocked. Torrent Freak recently reported that Comcast, a major US cable company, is using an application from Sandvine to throttle such connections. Many ISPs routinely filter the traffic on their networks. Many forbid customers from running email servers, web servers, and when the ISP detects that a customer's computer has been hacked, they often sever the Internet connection until the machine has been patched. Thus, the fact that a major ISP is now filtering yet another class of Internet traffic should not be major news--except for two factors: BitTorrent traffic accounts for upwards of 25% of US Internet traffic, and the techniques used by Comcast are essentially the same as those used by the Great Firewall of China. Before we get deeply into this issue, let us step back for a brief, and high-level lesson in TCP/IP, and Internet filtering technologies. Most Internet applications use the TCP protocol to communicate. This protocol uses a three-way handshake to establish a connection. The very first step in a three-way handshake involves the client sending a SYN packet to the receiving party. Modern firewalls block this packet for banned types of traffic--that is, they prevent the recipient from receiving it, and as such, the connection can never be established. Your home firewall does this, as well as those used by Comcast and other ISPs to prevent you from sending millions of email spam messages from their network. Assuming that the SYN packet goes through, the three-way handshake is allowed to happen, then the two hosts will be able to begin communicating. Your ISP can still kill the connection later, should they wish to, merely by blocking the transmission of future packets. According to Torrent Freak, Comcast is not doing this. They are instead sending a reset (or RST) packet to the Comcast customer, pretending to be from the host at the end of the BitTorrent connection. This RST packet is the TCP equivalent of stating "I don't want to talk to you anymore, please terminate the connection". It is extremely important to note that when Comcast creates and sends this packet, they do not identify themselves as the the source of packet, but instead impersonate one of the parties involved in the BitTorrent connection. This is where things get rather shady. Last year, researchers from Cambridge University analyzed the Great Firewall of China and found that it used falsified RST packets to terminate connections that matched keyword filters. They were able to determine that users could evade the Chinese government's censorship system by ignoring these reset packets. Ok, so the Chinese government and Comcast are using the same censorship techniques. Why should we care? The Chinese government doesn't have to pay attention to US law, but Comcast, being a US company, does. Many states make it illegal to impersonate others. New York, a state notorious for its aggressive pro-consumer office of the Attorney General, makes it a crime for someone to "[impersonate] another and [do] an act in such assumed character with intent to obtain a benefit or to injure or defraud another." (See: NY Sec. 190.25: Criminal impersonation in the second degree). I do not believe that it would be too difficult to prove that Comcast obtains a benefit by impersonating others to eliminate or reduce BitTorrent traffic. Less torrent data flowing over their network will lead to an overall reduction in their bandwidth bill, and thus a huge cost savings. New York is not the only state with such a law. Several other states including Connecticut and Alabama have similar laws on the books. Should any state AG's office decide to go after Comcast, it is quite possible that Comcast could be looking at a world of regulatory pain. Comcast is perfectly within its right to filter the Internet traffic that flows over its network. What it is not entitled to do, is to impersonate its customers and other users, in order to make that filtering happen. Dropping packets is perfectly OK, while falsifying sender information in packet headers is not. From rforno at infowarrior.org Wed Sep 5 18:31:58 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Sep 2007 14:31:58 -0400 Subject: [Infowarrior] - Lessig: A big victory: Golan v. Gonzales Message-ID: A big victory: Golan v. Gonzales September 5, 2007 4:05 AM - comments (10) http://www.lessig.org/blog/2007/09/a_big_victory_golan_v_gonzales.html The 10th Circuit decided our appeal in Golan v. Gonzales today. In a unanimous vote, the Court held that the "traditional contours of copyright protection" described in Eldred as the trigger for First Amendment review extend beyond the two "traditional First Amendment safeguards" mentioned by the Court in that case. It thus remanded the case to the District Court to evaluate section 514 of the Uruguay Round Agreements Act (?URAA?) under the First Amendment, which removed material from the public domain. This is a very big victory. The government had argued in this case, and in related cases, that the only First Amendment review of a copyright act possible was if Congress changed either fair use or erased the idea/expression dichotomy. We, by contrast, have argued consistently that in addition to those two, Eldred requires First Amendment review when Congress changes the "traditional contours of copyright protection." In Golan, the issue is a statute that removes work from the public domain. In a related case now on cert to the Supreme Court, Kahle v. Gonzales, the issue is Congress's change from an opt-in system of copyright to an opt-out system of copyright. That too, we have argued, is a change in a "traditional contour of copyright protection." Under the 10th Circuit's rule, it should merit 1st Amendment review as well. I suspect this decision will weigh heavily in the Supreme Court's determination whether to grant review in the Kahle case. It also nicely demonstrates the wisdom in this part of the Eldred decision (don't get me started on the Progress Clause part of the decision...) The rule of Eldred, as interpreted by the 10th Circuit (and by us) is that Congress gets a presumption of First Amendment constitutionality when it legislates consistent with its tradition. But when it changes that tradition, its changes must be scrutinized under the First Amendment. This is an interesting constitutional argument -- echoing some of Justice Scalia's jurisprudence, as we argue in the cert petition. And it also makes a great deal of sense: practices unchanged for 200 years are less likely to raise First Amendment problems (but see ...); but whether or not immunity is justified for them, it is certainly not justified for practices that deviate from Congress' tradition. The opinion by Judge Henry is well worth the read. The argument was one the best I have seen. All three judges knew the case cold. It is a measure of how good courts can be that they took such care to review this case. Thanks to everyone on our team that made this possible. First the clients -- Lawrence Golan, the Richard Kapp Estate, S.A. Publishing, Symphony of the Canyons, Ron Hall and John McDonough (all of whom use and build upon material in the public domain; all of whom were negatively affected by Congress's removal of material from the public domain). But also and especially to the gaggle of fantastic lawyers who supported us in the case -- the Denver firm of Wheeler, Trigg, Kennedy, and Stanford CIS lawyers Chris Sprigman, Ed Lee, Jennifer Granick, David Olson, David Levine, Colette Vogel, Elizabeth Rader and Lauren Gelman (Tony Falzone came on afterwards). From rforno at infowarrior.org Thu Sep 6 12:26:50 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 06 Sep 2007 08:26:50 -0400 Subject: [Infowarrior] - Quick admin note Message-ID: FYI I do *not* subscribe to Linkedin, ConstantContact, Quetchup, or any of the professional social networking services. If you receive an e-mail allegedly from me via such service asking you to "join my network" please ignore it -- it did not come from me. Thanks Rick From rforno at infowarrior.org Thu Sep 6 18:05:38 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 06 Sep 2007 14:05:38 -0400 Subject: [Infowarrior] - Judge Strikes Down Part of Patriot Act Message-ID: Judge Strikes Down Part of Patriot Act By LARRY NEUMEISTER The Associated Press Thursday, September 6, 2007; 12:25 PM http://www.washingtonpost.com/wp-dyn/content/article/2007/09/06/AR2007090600 999_pf.html NEW YORK -- A federal judge struck down parts of the revised USA Patriot Act on Thursday, saying investigators must have a court's approval before they can order Internet providers to turn over records without telling customers. U.S. District Judge Victor Marrero said the government orders must be subject to meaningful judicial review and that the recently rewritten Patriot Act "offends the fundamental constitutional principles of checks and balances and separation of powers." The American Civil Liberties Union had challenged the law, complaining that it allowed the FBI to demand records without the kind of court order required for other government searches. The ACLU said it was improper to issue so-called national security letters, or NSLs _ investigative tools used by the FBI to compel businesses to turn over customer information _ without a judge's order or grand jury subpoena. Examples of such businesses include Internet service providers, telephone companies and public libraries. Yusill Scribner, a spokeswoman for the U.S. attorney's office, said prosecutors had no immediate comment. Jameel Jaffer, who argued the case for the ACLU, said the revised law had wrongly given the FBI sweeping authority to control speech because the agency was allowed to decide on its own _ without court review _ whether a company receiving an NSL had to remain silent or whether it could reveal to its customers that it was turning over records. In 2004, ruling on the initial version of the Patriot Act, the judge said the letters violate the Constitution because they amounted to unreasonable search and seizure. He found that the nondisclosure requirement _ under which an Internet service provider, for instance, would not be allowed to tell customers that it was turning over their records to the government _ violated free speech. After he ruled, Congress revised the Patriot Act in 2005, and the 2nd U.S. Circuit Court of Appeals directed that Marrero review the law's constitutionality a second time. The ACLU complained that Congress' revision of the law didn't go far enough to protect people because the government could still order companies to turn over their records and remain silent about it, if the FBI determined that the case involved national security. The law was written "reflects an attempt by Congress and the executive to infringe upon the judiciary's designated role under the Constitution," Marrero wrote. ? 2007 The Associated Press From rforno at infowarrior.org Thu Sep 6 18:44:43 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 06 Sep 2007 14:44:43 -0400 Subject: [Infowarrior] - DOJ Report: Terrorist Screening Database Marred by Errors Message-ID: Report: Terrorist Screening Database Marred by Errors By Ellen Nakashima Washington Post Staff Writer Thursday, September 6, 2007; 1:56 PM http://www.washingtonpost.com/wp-dyn/content/article/2007/09/06/AR2007090601 386_pf.html The government's terrorist screening database, the master watch list used to scrutinize 270 million people each month, continues to be marred by errors and inconsistencies that can result in the detention of innocent people and increase the chances a terrorist could slip through, according to a Justice Department report released today. The Terrorist Screening Center (TSC), which operates the growing database, also took an excessive amount of time to resolve complaints from passengers who believed they were included on the watch list by mistake, Inspector General Glenn A. Fine said in the report. "It is critical that the TSC further improve the quality of its watch list data because of the consequences of inaccurate or missing information," Fine said. "Inaccurate, incomplete and obsolete watch list information can increase the risk of not identifying known or suspected terrorists, and it can also increase the risk that innocent persons will be stopped or detained." The database contained more than 720,000 records as of April, more than four times its size when it was created in 2004. It is growing at a rate of more than 20,000 records a month, the report said. The audit found that the TSC had stepped up efforts to ensure the quality of watch list data and opened a redress office. But its watch list management "continues to have significant weaknesses," the report found. Specifically, the inspector general's staff identified 20 watch list records on suspected or known terrorists that were not made available to frontline screening agents, such as border patrol officers, visa application reviewers and police who use the list during routine traffic stops. In an examination of 105 records, the auditors found that 38 percent contained errors or inconsistencies that were not identified through the TSC's quality assurance efforts. The report also found that nearly half the initial matches against the consolidated watch list turned out to be misidentifications, suggesting that the government should develop policies to address that, Fine said. As of April, the TSC had recorded nearly 72,000 initial matches -- more than half turned out to be actual matches. The Washington Post reported last month that the consolidated watch list yielded almost 20,000 initial or actual matches in 2006 and that the vast majority of those resulted in people being questioned and released, with few arrests. Government officials said the purpose of the database is not solely to produce arrests; it also is used to monitor suspicious individuals who may pose a terror threat to the country. The report is a follow-up to a 2005 audit that found the TSC had not done enough to ensure the accuracy of database information. It also found problems with the TSC's management of information technology, a crucial facet of the terrorist-screening process. The TSC, created in December 2003 at the president's direction and run jointly by the FBI and the Department of Homeland Security, is intended to be the government's single point of contact for law enforcement authorities requesting aid in identifying people with possible ties to terrorism. The TSC database is the consolidation of a dozen government watch lists, including the Transportation Security Administration's No-Fly list, the State Department's Consular Lookout and Support System and the FBI's Violent Gang and Terrorist Organizations File. In a reply to the inspector general, Willie T. Hulon, executive assistant director of the FBI's National Security Branch, said that "the FBI remains committed to ensuring the timely and accurate collection of watchlisting data." He said a TSC priority is to ensure that the database is "accurate, current and thorough." When the consolidated watch list was created, he said, agencies and departments provided all possible data to serve as a foundation, much of which had not been reviewed. Since that time, he said, the quality of the data "has vastly improved." For example, as of July, the TSC has completely vetted the TSA's No-Fly list, reducing the list by about half. He said the TSC is developing procedures to address the report's concerns. From rforno at infowarrior.org Thu Sep 6 19:34:25 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 06 Sep 2007 15:34:25 -0400 Subject: [Infowarrior] - Steve Jobs Open Letter on iPhone Price Cuts Message-ID: http://www.apple.com/hotnews/openiphoneletter/ To all iPhone customers: I have received hundreds of emails from iPhone customers who are upset about Apple dropping the price of iPhone by $200 two months after it went on sale. After reading every one of these emails, I have some observations and conclusions. First, I am sure that we are making the correct decision to lower the price of the 8GB iPhone from $599 to $399, and that now is the right time to do it. iPhone is a breakthrough product, and we have the chance to 'go for it' this holiday season. iPhone is so far ahead of the competition, and now it will be affordable by even more customers. It benefits both Apple and every iPhone user to get as many new customers as possible in the iPhone 'tent'. We strongly believe the $399 price will help us do just that this holiday season. Second, being in technology for 30+ years I can attest to the fact that the technology road is bumpy. There is always change and improvement, and there is always someone who bought a product before a particular cutoff date and misses the new price or the new operating system or the new whatever. This is life in the technology lane. If you always wait for the next price cut or to buy the new improved model, you'll never buy any technology product because there is always something better and less expensive on the horizon. The good news is that if you buy products from companies that support them well, like Apple tries to do, you will receive years of useful and satisfying service from them even as newer models are introduced. Third, even though we are making the right decision to lower the price of iPhone, and even though the technology road is bumpy, we need to do a better job taking care of our early iPhone customers as we aggressively go after new ones with a lower price. Our early customers trusted us, and we must live up to that trust with our actions in moments like these. Therefore, we have decided to offer every iPhone customer who purchased an iPhone from either Apple or AT&T, and who is not receiving a rebate or any other consideration, a $100 store credit towards the purchase of any product at an Apple Retail Store or the Apple Online Store. Details are still being worked out and will be posted on Apple's website next week. Stay tuned. We want to do the right thing for our valued iPhone customers. We apologize for disappointing some of you, and we are doing our best to live up to your high expectations of Apple. Steve Jobs Apple CEO From rforno at infowarrior.org Thu Sep 6 19:49:08 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 06 Sep 2007 15:49:08 -0400 Subject: [Infowarrior] - FW: DoJ opposes Net Neutrality In-Reply-To: <20070906194710.GH14617@reznor.com> Message-ID: (c/o AJR) http://news.yahoo.com/s/ap/20070906/ap_on_hi_te/internet_fees_justice_depart ment Feds OK fee for priority Web traffic AP Thu Sep 6, 12:22 PM ET The Justice Department on Thursday said Internet service providers should be allowed to charge a fee for priority Web traffic. The agency told the Federal Communications Commission, which is reviewing high-speed Internet practices, that it is opposed to "Net neutrality," the principle that all Internet sites should be equally accessible to any Web user. Several phone and cable companies, such as AT&T Inc., Verizon Communications Inc. and Comcast Corp., have previously said they want the option to charge some users more money for loading certain content or Web sites faster than others. The Justice Department said imposing a Net neutrality regulation could hamper development of the Internet and prevent service providers from upgrading or expanding their networks. It could also shift the "entire burden of implementing costly network expansions and improvements onto consumers," the agency said in its filing. Such a result could diminish or delay network expansion and improvement, it added. The agency said providing different levels of service is common, efficient and could satisfy consumers. As an example, it cited that the U.S. Postal Service charges customers different guarantees and speeds for package delivery, ranging from bulk mail to overnight delivery. "Whether or not the same type of differentiated products and services will develop on the Internet should be determined by market forces, not regulatory intervention," the agency said in its filing. The agency's stance comes more than two months after Federal Trade Commission Chairwoman Deborah Platt Majoras cautioned policy makers to enact Net neutrality regulation. Such a regulation could prevent rather than promote Internet investment and innovation and have "significant negative effects for the economy and consumers," the Justice Department said in the filing. Supporters of Internet regulation have said that phone and cable companies could discriminate against certain Web site and services. However, the agency said it will continue to monitor and enforce any anticompetitive conduct to ensure a competitive broadband marketplace. From rforno at infowarrior.org Fri Sep 7 01:31:40 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 06 Sep 2007 21:31:40 -0400 Subject: [Infowarrior] - Chertoff shows off his mad Newspeak skillz Message-ID: Knowing the abyssmal state of USG and state-level cybersecurity, Hysterical Security Czar Chertoff is asking us to fork over our PII into a single point of failure and vulnerability, and this is "good" for us? How long before some laptop escapes a DMV office containing identity information? Or if the "database" gets hacked? What does THAT do for enhancing our privacy? War is peace, vulnerable is secure, illusions are real. *shudder* ....from his recent Hill testimony: < - > "Personal privacy will be protected by states issuing REAL ID driver?s licenses. Our proposal requires that each state conduct name-based and fingerprint-based criminal history record checks on DMV employees who will be involved in REAL ID in relevant ways. Through REAL ID, we?re not only preserving people?s privacy but strengthening it. By improving the quality of our ID documents, we?re protecting against one of the fastest growing crimes in America today ? the crime of identity theft. There is no greater violation of privacy than when criminals gain total access to personal information in the process of stealing someone?s identity. In the same vein, REAL ID should also offset the cost of reissuing new licenses through the savings that people will realize by the reduction of identity theft crimes." < - > http://homeland.house.gov/SiteDocuments/20070905140841-10943.pdf I refer you to a summer op-ed I co-authored with Bruce Schneier opposing the REAL ID concept, appearing at NEWS.COM: http://news.com.com/National+ID+card+a+disaster+in+the+making/2010-7348_3-61 80835.html I remain unconvinced that REAL ID is a good idea or good for providing effective security and identity assurance for the citizens of this country -rf From rforno at infowarrior.org Fri Sep 7 01:33:49 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 06 Sep 2007 21:33:49 -0400 Subject: [Infowarrior] - RIAA pays its penalty to Ms Foster, but screws that up, too Message-ID: RIAA Sends Check in Capitol v. Foster But Dispute Erupts Over Form and Amount of Check In Capitol v. Foster, the RIAA sent a check purporting to satisfy the $68,685.23 attorneys fees judgment that had been entered against it, but failed to follow Ms. Foster's attorneys' payment instructions, and failed to include the interest that had accrued on the judgment. Ms. Foster's attorneys have moved for an order amending the judgment and the RIAA has moved for an order deeming the judgment to have been satisfied. [Ed. Note: It is highly unusual for a judgment debtor's attorneys not to follow the judgment creditor's attorney's payment instructions] < - > http://recordingindustryvspeople.blogspot.com/2007/09/riaa-sends-check-in-ca pitol-v-foster.html From rforno at infowarrior.org Fri Sep 7 15:46:06 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 07 Sep 2007 11:46:06 -0400 Subject: [Infowarrior] - Industry: Fair use is not a consumer right Message-ID: Fair use is not a consumer right By Patrick Ross http://news.com.com/Fair+use+is+not+a+consumer+right/2010-1030_3-6205977.htm l Story last modified Thu Sep 06 10:00:01 PDT 2007 The Computer and Communications Industry Association in August implored the Federal Trade Commission in a filing to parse through language found in copyright warnings appearing before movies, television sporting events and other places. In a column, one of its executives, Maura Corbett, recently defended that action on behalf of CCIA. Despite the fact that we've been reading and hearing these copyright notices for decades, in CCIA's view, Western civilization is now suddenly in jeopardy. Corbett made the same argument CCIA's president offered at the press conference announcing the FTC filing: "If we were to believe what they tell us, discussing Barry Bonds' home runs around the water cooler would put us all in jail." Really? The last few weeks I have been completely unable to avoid hearing about Barry Bonds, whether around the proverbial water cooler, on call-in sports radio programs, in idle moments on 24-hour cable news channels, or even during local weather reports ("there's only a low chance for a rainout for tonight's game, and Bonds could have a bit of a boost--a natural one, not artificial--for that next home run with a strong 15-mile-per-hour wind from the east; we'll keep you posted, Ken"). Sometimes I wish speech about Barry Bonds could in fact, be stifled. These warnings do exactly what they're meant to do--notify consumers in a succinct fashion that infringement has legal consequences. But let's look beyond the hyperbole. CCIA has offered no demonstration of harm caused by copyright notices; if they had any they would surely have included it in their FTC filing, but it's eerily silent on that point. So what do they really want? They say they want additional wording explaining ways copyrighted works could be used without authorization, because fair use is a "consumer right." This misleading statement presents considerable irony, given the fact that CCIA is filing a complaint alleging deceptive language. Fair use, as CCIA must surely know, is not a "consumer right," but rather an affirmative defense. And this is an important difference. It's true that copyright law contains some exemptions, such as commentary and criticism, where one may be able to use a copyrighted work without authorization, but the full extent of those exceptions is intentionally not defined in the statute. (In one example of fair use, CNET is free to report and comment on newsworthy events and to offer informative consumer reviews of new products.) Court decisions have further delineated what some of those cases of fair use might be. Under fair use, if I take without permission and make use of your copyrighted work, and you sue me, I can assert, "Hey, I know I didn't ask you, and you're quite upset about my use, but I firmly believe it's legal." Then a judge decides whether my use was an infringement or instead an unauthorized use that turned out to be exempt under fair use. Many unauthorized uses of copyrighted works are criminal and infringing, and copyright notices help remind people that there are consequences to these uses. A few uses may be able to pass muster as fair use before a judge. Still others, including some uses within the home, may not be specifically designated fair use by a court, and may or may not qualify if put to the test, but are generally not the subject of legal challenges by a copyright owner. So, how exactly would the FTC rewrite these copyright notices to reflect a consumer's ability to attempt a fair use defense? Should they paste in all of the above language? We're wading into the area of providing legal advice, and these examples aren't sufficiently detailed for that. We could have an IP lawyer fold in a treatise on fair use, and baseball announcers could start reading it at the seventh-inning stretch to make sure they finish it before the end of the game. I don't think we want copyright warnings to become a fair use public service announcement. No, these warnings do exactly what they're meant to do--notify consumers in a succinct fashion that infringement has legal consequences. Going further has risks; for example, describing fair use merely as a "consumer right" can lead otherwise well-meaning individuals to infringe on content and face civil or criminal liabilities, because they only paid attention to the misleading disclaimer forced into the notice and acted in a way that wasn't covered under "fair use" as legally defined. There is no question that in the Digital Age, consumers need a better understanding of both the rights of creators as well as the limits on those rights through fair use. Education is the right approach, and one to which the Copyright Alliance is dedicated. But asking the federal government to regulate free speech is not the best way to proceed. Now if FTC officials instead want to hold a public meeting on the significance of Barry Bonds' new home run record, they are of course welcome to do so under the law. I think I'll skip it, though. From rforno at infowarrior.org Sat Sep 8 14:21:58 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 08 Sep 2007 10:21:58 -0400 Subject: [Infowarrior] - A US CERT reminder: The net is an insecure place Message-ID: A US CERT reminder: The net is an insecure place World's biggest websites no match for decade-old web bug By Dan Goodin in San Francisco ? More by this author Published Saturday 8th September 2007 04:19 GMT http://www.theregister.co.uk/2007/09/08/security_group_warns_of_web_vulnerab ity/ If you use Gmail, eBay, MySpace, or any one of dozens of other web-based services, the United States Computer Emergency Readiness Team wants you to know you're vulnerable to a simple attack that could give an attacker complete control over your account. Five weeks after we reported this sad reality, US CERT on Friday warned that the problem still festers. It said, the world's biggest websites have yet to fix the gaping security bug, which can bite even careful users who only log in using the secure sockets layer protocol, which is denoted by an HTTPS in the beginning of browser address window. US CERT warned that Google, eBay, MySpace, Yahoo, and Microsoft were vulnerable, but that list is nowhere near exhaustive. Just about any banking website, online social network or other electronic forum that transmits certain types of security cookies is also susceptible. The vulnerability stems from websites' use of authentication cookies, which work much the way an ink-based hand stamp does at your favorite night club. Like the stamp, the cookie acts as assurance to sensitive web servers that the user has already been vetted by security and is authorized to tread beyond the velvet rope. The thing is just about every website transmits these digital hand stamps in the clear, which leaves them wide open to snoops monitoring public Wi-Fi traffic or some other type of network. Once attackers have the cookie, they gain complete access to the victim's account, and depending on the way many cookies are crafted, those privileges may continue in perpetuity - even if the victim changes the account password. A Microsoft spokesman said the company is "investigating new public claims of a possible vulnerability involving sending authentication tokens over unencrypted channels." New? Evidently, Microsoft security people attending Black Hat sat out the Errata Security presentation. And eBay spokesman Hani Durzy said: "This vulnerability is a well known weakness within the HTTP protocol itself. If the user logs out, it will clear the session. Beyond that, the only thing that can be done about it would be to turn the entire site into SSL - which would be prohibitive on several fronts, including usability." Indeed, awareness of this man-in-the-middle vulnerability is by no means new. For more than a decade people have known that authentication cookies could be manipulated, but somehow it took the folks at Errata Security to make a presentation at Black Hat to remind the world that the risks continue. It's also true that cloaking an entire site behind SSL would require significantly more processing power and would also slow many users' browsing experience by a considerable measure. But you'd think the collective brainpower and considerable pursestrings at the world's most elite tech companies would by now have found a way to tackle a problem that leaves attackers free to rifle through their users' most intimate details. It begs the question: is this problem unsolvable or are these guys simply uninterested in figuring it out? "What David Maynor and Robert Graham are finding is actually very important for the community to pick up and reanalyze," said security researcher Robert Hansen, referring to the two Errata Security researchers who presented at Black Hat. "Even though it's been around forever it's not something we can ignore." If you're waiting for a fix, we recommend you pack a very large lunch. And beyond that, where possible you might switch to Google, which has already gone a long way to closing the hole. As the only web-based email service we know of that offers a start-to-finish SSL session, the service is among the most resilient to cookie hijacking. Unfortunately, Gmail doesn't enable persistent SSL by default, and has done little to educate its users about its benefits. The company also offers SSL for its calendar, search history, documents and reader services, and a Google spokesman said security engineers "are actively working to expand capacity to enable HTTPS encryption for all users." In the meantime, a Firefox extension called CustomizeGoogle provides a simple way to ensure that all sessions with the above-mentioned Google services are automatically protected by SSL. ? From rforno at infowarrior.org Sat Sep 8 20:49:39 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 08 Sep 2007 16:49:39 -0400 Subject: [Infowarrior] - Spy Satellites Turned on the U.S. Message-ID: Spy Satellites Turned on the U.S. Dems Call for Moratorium on Program, Expressing Privacy and Legal Concerns By JASON RYAN Sept. 6, 2007 ? http://abcnews.go.com/TheLaw/story?id=3567635 Traditionally, powerful spy satellites have been used to search for strategic threats overseas ranging from nuclear weapons to terrorist training camps. But now the Department of Homeland Security has developed a new office to use the satellites to secure U.S. borders and protect the country from natural disasters. Department of Homeland Security officials testified Thursday before the House Homeland Security Committee about the program and faced extensive criticism about the privacy and civil liberty concerns of the new office, called the National Applications Office. The purpose of the National Applications Office is to provide the Department of Homeland Security and civil, state and local emergency planners with imagery and data from satellites run by the National Reconnaissance Office and the National Geospatial Intelligence Agency. Homeland Security Chief Intelligence Officer Charlie Allen said overhead imagery was used extensively after Hurricanes Katrina and Rita in 2005, and has been used by the Secret Service for security preparations for events such as the Super Bowl. "Some Homeland Security and law enforcement users also in the past routinely accessed imagery and other technical intelligence directly from the intelligence community, especially in response to national disasters such as hurricanes and forest fires," Allen said. Committee members expressed concern about abuse of the satellite imagery, charging that Homeland Security had not informed the oversight committee about the program. "What's most disturbing is learning about it from The Wall Street Journal," said Committee Chairman Rep. Bennie Thompson, D-Miss. The lawmakers also expressed concern about using military capabilities for U.S. law enforcement and Homeland Security operations, potentially a violation of the Posse Comitatus Act, which bars the military from serving as a law enforcement body within the United States, except where specifically authorized by Congress or the Constitution. In written testimony, Dan Sutherland, the Homeland Security officer for Civil Rights and Civil Liberties, assured the committee, "We will assist the NAO by keeping a watchful eye on several key civil liberties issues." Department of Homeland Security officials said that the National Applications Office would review requests from agencies such as the FBI and the border patrol for the imagery. "We will not be able to penetrate buildings & there could be some infrared capabilities," Allen said. Committee members said that in addition to not being informed about the National Applications Office program, they had not yet been provided with documents defining the limits and legal guidance about the program. Late Thursday, top Democrats on the committee sent a letter to Homeland Security saying, "We are so concerned that, as the department's authorizing committee, we are calling for a moratorium on the program." Homeland Security Committee Chairman Thompson, along with subcommittee chairs Reps. Jane Harman, D-Calif., and Chris Carney, D-Pa., also wrote, "Today's testimony made clear that there is effectively no legal framework governing the domestic use of satellite imagery for the various purposes envisioned by the department. & The use of geospatial information from military intelligence satellites may turn out to be a valuable tool in protecting the homeland." The committee members have asked that Homeland Security provide the committee with legal documents and the standard operating procedures for the program before they consider the issue further. Referring to the recent controversy over the potential abuse of the National Security Agency's warrantless wiretapping program, Rep. Harman said at Thursday's hearing that the Bush administration "has been making security policy in the executive branch without full regard for the laws that Congress has passed." Allen said the National Applications Office would operate "in accordance with the laws." Although Homeland Security had notified the appropriations committee of the program, Allen apologized to the members of the Homeland Security Committee for not being more forward with them. "You briefed the appropriators, not the authorizers," Thompson charged. Copyright ? 2007 ABC News Internet Ventures From rforno at infowarrior.org Sat Sep 8 20:50:31 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 08 Sep 2007 16:50:31 -0400 Subject: [Infowarrior] - Comcast cuts Internet service to bandwidth hogs Message-ID: Shutting down big downloaders Comcast cuts Internet service to bandwidth hogs By Kim Hart The Washington Post Updated: 2:11 a.m. ET Sept 7, 2007 The rapid growth of online videos, music and games has created a new Internet sin: using it too much. Comcast has punished some transgressors by cutting off their Internet service, arguing that excessive downloaders hog Internet capacity and slow down the network for other customers. The company declines to reveal its download limits. "You have no way of knowing how much is too much," said Sandra Spalletta of Rockville, whose Internet service was suspended in March after Comcast sent her a letter warning that she and her teenage son were using too much bandwidth. They cut back on downloads but were still disconnected. She said the company would not tell her how to monitor their bandwidth use in order to comply with the limits. "You want to think you can rely on your home Internet service and not wake up one morning to find it turned off," said Spalletta, who filed a complaint with the Montgomery County Office of Cable and Communication Services. "I thought it was unlimited service." As Internet service providers try to keep up with the demand for increasingly sophisticated online entertainment such as high-definition movies, streaming TV shows and interactive games, such caps could become more common, some analysts said. How many have been cut off? It's unclear how many customers have lost Internet service because of overuse. So far, only Comcast customers have reported being affected. Comcast said only a small fraction of its customers use enough bandwidth to warrant pulling the plug on their service. Cable companies are facing tough competition from telephone giants like AT&T and Verizon, which are installing new cables capable of carrying more Internet traffic. The cable companies collectively spent about $90 billion in the past decade to improve their networks. And on cable networks, several hundred subscribers often share an Internet connection, so one high-traffic user could slow the rest of a neighborhood's connections. Phone lines are run directly to each home, so a single bandwidth hog will not slow other connections. As Internet users make more demands of the network, cable companies in particular could soon end up with a critically short supply of bandwidth, according to a report released this month by ABI Research, a New York market-research firm. This could lead to a bigger crackdown on heavy bandwidth users, said the report's author, Stan Schatt. "These new applications require huge amounts of bandwidth," he said. Cable "used to have the upper hand because they basically enjoyed monopolies, but there are more competitive pressures now." To trigger a disconnection warning, customers would be downloading the equivalent of 1,000 songs or four full-length movies every day. Comcast spokesman Charlie Douglas declined to reveal specific bandwidth limits. "It's our responsibility to make sure everyone has the best service possible," he said, "so we have to address abusive activities so they won't damage the experience for other customers. " Companies have argued that if strict limits were disclosed, customers would use as much capacity as possible without tipping the scale, causing networks to slow to a crawl. Some aware, some not Some customers are unaware they are using so much capacity, sometimes because neighbors are covertly connecting through unsecured wireless routers. When they are told of that possibility, many curb their use after an initial warning, Douglas said. Others, however, may be running bandwidth-hungry servers intended for small businesses from their homes, which can bog down a network serving a neighborhood. Comcast said it gives customers a month to fix problems or upgrade to business accounts before shutting off their Internet service. Joe Nova of North Attleboro, Mass., lost Internet service after Comcast told him that he was using too much bandwidth to watch YouTube videos, listen to Internet radio stations and chat using a Web camera. He and other customers who complained of being shut off said they were not running servers from their homes. "Sure, I'm online a lot, but there's no way I could have been consuming that much capacity," Nova said. Other Internet service providers, including Time Warner Cable, Verizon and AT&T, say they reserve the right to manage their networks, but have not yet suspended service to subscribers. Smaller Internet service providers RCN in Herndon, Leros Technologies in Fairfax and OpenBand in Dulles said they do not cap bandwidth use. Some AT&T customers use disproportionately high amounts of Internet capacity, "but we figure that's why they buy the service," said Michael Coe, a spokesman for the company. Cox Communications, which provides Internet and cable services to parts of Northern Virginia and Maryland, said the bandwidth demand on its network has doubled every year for the past six years. It has boosted its speeds twice in the past 18 months to keep up and offers tiered service plans for heavier users, spokesman Alex Horwitz said. "We don't spend a lot of time enforcing [bandwidth] caps, but we contact customers when their usage is egregious enough for it to impact the network," he said. "Instances are few and far between." 'Unfair and arbitrary' When Comcast canceled service to Frank Carreiro, who lives in a Salt Lake City suburb, he started a blog about the experience. His wife and six children then relied on sluggish dial-up Internet access until a phone company offered DSL service in his neighborhood. "For a lot of people, it's Comcast or it's nothing," he said. Bob Williams, director of HearUsNow.org, a consumer Web site run by Consumers Union, said the vagueness of Comcast's rules is "unfair and arbitrary." "They're cutting service off to the people who want to use it the most," he said. Schatt, the ABI Research analyst, said he expects cable companies to spend about $80 billion over the next five years to increase network capacity. In addition, they may acquire airwaves at an upcoming federal auction and could lay fiber-optic lines over their existing cables. Switching to digital-only programming could also help conserve capacity. Comcast, Cox and Time Warner say they have more than enough capacity to meet demand and are adding new technologies to strengthen signals. Bruce McGregor, senior analyst at Current Analysis, a research firm in Sterling, said the bandwidth bottleneck is not yet a crisis for cable companies, but it could intensify with competition from phone companies. Companies like Comcast "need to address people who are major drains on the network" without angering consumers, he said. "They're not the only game in town anymore." ? 2007 The Washington Post Company URL: http://www.msnbc.msn.com/id/20633771/ From rforno at infowarrior.org Sat Sep 8 23:16:11 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 08 Sep 2007 19:16:11 -0400 Subject: [Infowarrior] - F.B.I. Data Mining Reached Beyond Initial Targets Message-ID: September 9, 2007 F.B.I. Data Mining Reached Beyond Initial Targets By ERIC LICHTBLAU http://www.nytimes.com/2007/09/09/washington/09fbi.html?hp=&pagewanted=print WASHINGTON, Sept. 8 ? The F.B.I. cast a much wider net in its terrorism investigations than it has previously acknowledged by relying on telecommunications companies to analyze phone-call patterns of the associates of Americans who had come under suspicion, according to newly obtained bureau records. The documents indicate that the Federal Bureau of Investigation used secret demands for records to obtain data not only on individuals it saw as targets but also details on their ?community of interest? ? the network of people that the target in turn was in contact with. The bureau stopped the practice early this year in part because of broader questions raised about its aggressive use of the records demands, which are known as national security letters, officials said Friday after being asked about it. The community of interest data sought by the F.B.I. is central to a data-mining technique intelligence officials call link analysis. Since the attacks of Sept. 11, 2001, American counterterrorism officials have turned more frequently to the technique, using communications patterns and other data to identify suspects who may not have any other known links to extremists. The concept has strong government proponents who see it as a vital tool in predicting and preventing attacks, and it is also thought to have helped the National Security Agency identify targets for its domestic eavesdropping program. But privacy advocates, civil rights leaders and even some counterterrorism officials warn that link analysis can be misused to establish tenuous links to people who have no real connection to terrorism but may be drawn into an investigation nonetheless. Typically, community of interest data might include an analysis of which people the targets called most frequently, how long they generally talked and at what times of day, sudden fluctuations in activity, geographic regions that were called, and other data, law enforcement and industry officials said. The F.B.I. declined to say exactly what data had been turned over. It was limited to people and phone numbers ?once removed? from the actual target of the national security letters, said a government official who spoke on condition of anonymity because of a continuing review by the Justice Department. Mike Kortan, a spokesman for the F.B.I., said in a statement Saturday in response to an article posted on The Times?s Web site on the bureau?s use of the community-of-interest requests that ?it is important to emphasize that it is no longer being used pending the development of an appropriate oversight and approval policy, was used infrequently and was never used for e-mail communications.? The scope of the demands for information could be seen in an August 2005 letter seeking the call records for particular phone numbers that had come under suspicion. The letter closed by saying: ?Additionally, please provide a community of interest for the telephone numbers in the attached list.? The requests for such data showed up a dozen times, using nearly identical language, in records from one six-month period in 2005 obtained by a nonprofit advocacy group, the Electronic Frontier Foundation, through a Freedom of Information Act lawsuit that it brought against the government. The F.B.I. recently turned over 2,500 pages of documents to the group. The boilerplate language suggests the requests may have been used in many of more than 700 emergency or ?exigent? national security letters. Earlier this year, the bureau banned the use of the exigent letters because they had never been authorized by law. The bureau declined to discuss any aspect of the community of interest requests because it said the issue was part of an investigation by the Justice Department inspector general?s office into national security letters. An initial review in March by the inspector general found widespread violations and possible illegality in the F.B.I.?s use of the letters, but did not mention the use of community of interest data. The government official who spoke on condition of anonymity said the F.B.I. recently stopped asking the telecommunications companies for the community of interest data. The exact time of and reason for the suspension is unclear, but it appears to have been set off in part by the questions raised earlier this year by the inspector general?s initial review into abuses in the use of national security letters. The official said the F.B.I. itself was examining the use of the community of interest requests to get a better understanding of how and when they were used, but he added that they appeared to have been used in a relatively small percentage of the tens of thousand of the records requests each year. ?In an exigent circumstance, that?s information that may be relevant to an investigation,? the official said. A federal judge in Manhattan last week struck down parts of the USA Patriot Act that had authorized the F.B.I.?s use of the national security letters, saying that some provisions violated the First Amendment and the constitutional separation of powers guarantee. In many cases, the target of a national security letter whose records are being sought is not necessarily the actual subject of a terrorism investigation and may not be suspected at all. Under the Patriot Act, the F.B.I. must assert only that the records gathered through the letter are considered relevant to a terrorism investigation. Some legal analysts and privacy advocates suggested that the disclosure of the F.B.I.?s collection of community of interest records ? extending the link even further beyond an actual suspect in a terrorism investigation ? offered another example of the bureau exceeding the substantial powers already granted it by Congress. ?This whole concept of tracking someone?s community of interest is not part of any established F.B.I. authority,? said Marcia Hofmann, a lawyer for the Electronic Frontier Foundation, which provided the records from its lawsuit to The New York Times. ?It?s being defined by the F.B.I. And when it?s left up to the F.B.I. to decide what information is relevant to their investigations, they can vacuum up almost anything they want.? Matt Blaze, a professor of computer and information science at the University of Pennsylvania and a former researcher for AT&T, said the telecommunications companies could have easily provided the F.B.I. with the type of network analysis data it was seeking because they themselves had developed it over many years, often using sophisticated software like a program called Analyst?s Notebook. ?This sort of analysis of calling patterns and who the communities of interests are is the sort of things telephone companies are doing anyway because it?s central to their businesses for marketing or optimizing the network or detecting fraud,? said Professor Blaze, who has worked with the F.B.I. on technology issues. Such ?analysis is extremely powerful and very revealing because you get these linkages between people that wouldn?t be otherwise clear, sometimes even more important than the content itself? of phone calls and e-mail messages, he said. ?But it?s also very invasive. There?s always going to be a certain amount of noise,? with data collected on people who have no real links to suspicious activity, he said. Officials at other American intelligence agencies, like the National Security Agency and the Central Intelligence Agency, have explored using link analysis to trace patterns of communications sometimes two, three or four people removed from the original targets, current and former intelligence officials said. But critics assert that the further the links are taken, the less valuable the information proves to be. Some privacy advocates said they were troubled by what they saw as the F.B.I.?s over-reliance on technology at the expense of traditional investigative techniques that rely on clearer evidence of wrongdoing. ?Getting a computer to spit out a hundred names doesn?t have any meaning if you don?t know what you?re looking for,? said Michael German, a former F.B.I. agent who is now a lawyer for the American Civil Liberties Union. ?If they?re telling the telephone company, ?You do the investigation and tell us what you find,? the relevance to the investigation is being determined by someone outside the F.B.I.? From rforno at infowarrior.org Sun Sep 9 19:14:20 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 09 Sep 2007 15:14:20 -0400 Subject: [Infowarrior] - Nyah, Nyah to the NFL... Message-ID: As is common during football season, I just heard the following on TV: "This telecast is copyrighted by the NFL for the private use of our audience. Any other use of this telecast or any pictures, descriptions, or accounts of the game without the NFL's consent is prohibited." [1] [2] As such, I would like to distribute the following information: "The Washington Redskins are playing the Miami Dolphins at FEDEX Field in Washington, DC. The weather at FEDEX Field is a blamy 88 degrees and humid. The game started at 1:00PM Eastern Time on Sunday and is being broadcast on CBS..There are cheerleaders on the sidelines and the stadium looks to have a lot of people there. The grass is green, and the Redskins are wearing burgandy colored uniforms while the Dolphins are wearing green. The Redskins are being coached by Joe Gibbs. They are playing American-style football, and based on the crowd noise, the home team just made a great play. Also, I would like to point out that there are commercials being shown during the televised game from sponsors buying airtime to advertise their products." Dear NFL: Nyah, nyah. Get a clue. -rick Infowarrior.org [1] Something I've always questioned in terms of its far-reaching assertions, and I'm glad Wendy Seltzer has taken up the cause: See http://tinyurl.com/yu6f2u for more information. Thank you, Wendy, for being a voice of sanity in this era of corporate lunacy and DMCA abuse. [2] NFL Orders YouTube to Remove Copy of Its Own Copyright Notice http://tinyurl.com/2hh3u9. Yes, the NFL is that effing stupid. D-D-D! From rforno at infowarrior.org Sun Sep 9 19:27:25 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 09 Sep 2007 15:27:25 -0400 Subject: [Infowarrior] - More on - A US CERT reminder: The net is an insecure place In-Reply-To: Message-ID: From: security curmudgeon Date: Sun, 9 Sep 2007 00:36:01 +0000 (UTC) : A US CERT reminder: The net is an insecure place : http://www.theregister.co.uk/2007/09/08/security_group_warns_of_web_vulnerab ity/ : If you use Gmail, eBay, MySpace, or any one of dozens of other web-based : services, the United States Computer Emergency Readiness Team wants you : to know you're vulnerable to a simple attack that could give an attacker : complete control over your account. Didn't CERT warn us about 'sniffing' fifteen years ago? http://www.cert.org/advisories/CA-1994-01.html Given today's networked environments, CERT recommends that sites concerned about the security and integrity of their systems and networks consider moving away from standard, reusable passwords. CERT has seen many incidents involving Trojan network programs (e.g., telnet and rlogin) and network packet sniffing programs. These programs capture clear-text hostname, account name, password triplets. Intruders can use the captured information for subsequent access to those hosts and accounts. This is possible because 1) the password is used over and over (hence the term "reusable"), and 2) the password passes across the network in clear text. : Five weeks after we reported this sad reality, US CERT on Friday warned Wow, you warned us five weeks ago, which was only fifteen years after CERT warned us originally? Even longer that other security professionals were saying it was a problem? : US CERT warned that Google, eBay, MySpace, Yahoo, and Microsoft were : vulnerable, but that list is nowhere near exhaustive. Just about any : banking website, online social network or other electronic forum that : transmits certain types of security cookies is also susceptible. This is alarmist FUD at best. Yes, every site should be using secure practices surrounding authentication. Yes, most sites aren't willing to deal with the overhead and hassle when the information being protected is your blog (MySpace) or information not deemed quite as sensitive. Looking at eBay since it is the first on the list that involves money transactions: - http://www.ebay.com/ - Click 'Sign In' takes you to a HTTPS page. - You can check a box saying "Keep me signed in on this computer for one day, unless I sign out" which is bad, giving users a chance to quickly choose session persistence over security. - Click the 'Sign in Securely' button without checking the above. The cookie that is set is done over SSL : The vulnerability stems from websites' use of authentication cookies, : which work much the way an ink-based hand stamp does at your favorite : night club. Like the stamp, the cookie acts as assurance to sensitive : web servers that the user has already been vetted by security and is : authorized to tread beyond the velvet rope. : The thing is just about every website transmits these digital hand : stamps in the clear, which leaves them wide open to snoops monitoring MySpace is done in the clear. Google (gmail) is done over SSL. So two out of three from the above list are using encrypted communications to set cookies. Gmail sets the cookie secure, Ebay sets some as HttpOnly (but not secure) etc. : A Microsoft spokesman said the company is "investigating new public : claims of a possible vulnerability involving sending authentication : tokens over unencrypted channels." New? Evidently, Microsoft security : people attending Black Hat sat out the Errata Security presentation. Evidently, Microsoft spokespeople are not hip to security 101. : But you'd think the collective brainpower and considerable pursestrings : at the world's most elite tech companies would by now have found a way to : tackle a problem that leaves attackers free to rifle through their : users' most intimate details. It begs the question: is this problem : unsolvable or are these guys simply uninterested in figuring it out? The solution is there. Either use SSL and fork over the money for more hardware, or use SSL for sensitive information only. : As the only web-based email service we know of that offers a : start-to-finish SSL session, the service is among the most resilient to : cookie hijacking. Unfortunately, Gmail doesn't enable persistent SSL by : default, and has done little to educate its users about its benefits. The Gmail I just logged into (gmail.com -> mail.google.com) sets cookies after the login POST request via SSL, the subsequent GET request via SSL and then at least four more request/responses that set cookies *not* over SSL. That is not a "start-to-finish" SSL session but the authentication cookies are set securely. As noted, it is not enabled by default and the 'Settings' don't have any obvious way to change this behavior. From rforno at infowarrior.org Mon Sep 10 12:49:14 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Sep 2007 08:49:14 -0400 Subject: [Infowarrior] - 9/11 + 6: Is the U.S. Ready to Get Serious About Terrorism? Message-ID: Are we safer today? Six Years After 9/11 and Three Years After the 9/11 Report, Is the U.S. Ready to Get Serious About Terrorism? Thomas H. Kean and Lee H. Hamilton are the former chairman and vice chairman of the 9/11 commission. http://www.washingtonpost.com/wp-dyn/content/article/2007/09/07/AR2007090702 050_pf.html Sunday, September 9, 2007; B01 Are we safer today? Two years ago, we and our colleagues issued a report card assessing the U.S. government's progress on the bipartisan recommendations in the 9/11 commission report. We concluded that the nation was not safe enough. Our judgment remains the same today: We still lack a sense of urgency in the face of grave danger. The U.S. homeland confronts a "persistent and evolving terrorist threat," especially from al-Qaeda, according to a National Intelligence Estimate issued in July. Six years after the attacks, following a series of ambitious reforms carried out by dedicated officials, how is it possible that the threat remains so dire? The answer stems from a mixed record of reform, a lack of focus and a resilient foe. Progress at home -- in our ability to detect, prevent and respond to terrorist attacks -- has been difficult, incomplete and slow, but it has been real. Outside our borders, however, the threat of failure looms. We face a rising tide of radicalization and rage in the Muslim world -- a trend to which our own actions have contributed. The enduring threat is not Osama bin Laden but young Muslims with no jobs and no hope, who are angry with their own governments and increasingly see the United States as an enemy of Islam. Four years ago, then-Defense Secretary Donald H. Rumsfeld famously asked his advisers: "Are we capturing, killing or deterring and dissuading more terrorists every day than the madrassas and the radical clerics are recruiting, training and deploying against us?" The answer is no. U.S. foreign policy has not stemmed the rising tide of extremism in the Muslim world. In July 2004, the 9/11 commission recommended putting foreign policy at the center of our counterterrorism efforts. Instead, we have lost ground. Our report warned that it was imperative to eliminate terrorist sanctuaries. But inside Pakistan, al-Qaeda "has protected or regenerated key elements of its homeland attack capability," according to the National Intelligence Estimate. The chief threat to Afghanistan's young democracy comes from across the Pakistani border, from the resurgent Taliban. Pakistan should take the lead in closing Taliban camps and rooting out al-Qaeda. But the United States must act if Pakistan will not. We are also failing in the struggle of ideas. We have not been persuasive in enlisting the energy and sympathy of the world's 1.3 billion Muslims against the extremist threat. That is not because of who we are: Polling data consistently show strong support in the Muslim world for American values, including our political system and respect for human rights, liberty and equality. Rather, U.S. policy choices have undermined support. No word is more poisonous to the reputation of the United States than Guantanamo. Fundamental justice requires a fair legal process before the U.S. government detains people for significant periods of time, and the president and Congress have not provided one. Guantanamo Bay should be closed now. The 9/11 commission recommended developing a "coalition approach" for the detention and treatment of terrorists -- a policy that would be legally sustainable, internationally viable and far better for U.S. credibility. Moreover, no question inflames public opinion in the Muslim world more than the Arab-Israeli dispute. To empower Muslim moderates, we must take away the extremists' most potent grievance: the charge that the United States does not care about the Palestinians. A vigorous diplomatic effort, with the visible, active support of the president, would bolster America's prestige and influence -- and offer the best prospect for Israel's long-term security. And finally, no conflict drains more time, attention, blood, treasure and support from our worldwide counterterrorism efforts than the war in Iraq. It has become a powerful recruiting and training tool for al-Qaeda. Beyond all our problems in the Muslim world, we must not neglect the most dangerous threat of all. The 9/11 commission urged a "maximum effort" to prevent the nightmare scenario: a nuclear weapon in the hands of terrorists. The recent National Intelligence Estimate says that al-Qaeda will continue to try to acquire weapons of mass destruction and that it would not hesitate to use them. But our response to the threat of nuclear terrorism has been lip service and little action. The fiscal 2008 budget request for programs to control nuclear warheads, materials and expertise is a 15 percent real cut from the levels two years ago. We are in dire need of leadership, resources and sustained diplomacy to secure the world's loose nuclear materials. President Bush needs to knock heads and force action. Military power is essential to our security, but if the only tool is a hammer, pretty soon every problem looks like a nail. We must use all the tools of U.S. power -- including foreign aid, educational assistance and vigorous public diplomacy that emphasizes scholarship, libraries and exchange programs -- to shape a Middle East and a Muslim world that are less hostile to our interests and values. America's long-term security relies on being viewed not as a threat but as a source of opportunity and hope. At home, the situation is less dire, but progress has been limited. Some badly needed structures have been built. In 2004, Congress created a director of national intelligence to unify the efforts of the 16 agencies that make up the U.S. intelligence community. The new DNI, Mike McConnell, must now take charge and become the dynamic, bold leader the commission envisioned, rather than just another bureaucratic layer. He has recognized the importance of sharing intelligence, of moving from a culture based on the "need to know" to one based on the need to share, as we recommended in our report. But he is still struggling to gain control of budgets and personnel. No DNI will be able to make reform last without significant time in the job and strong support from the president. Congress also created the National Counterterrorism Center, where CIA analysts, FBI agents and other experts from across the government sit side by side and share intelligence continuously. This is a clear improvement over the pre-9/11 way of doing business, but those inside the center still face restrictions on what they can share with their home agency -- a disturbing echo of failed practices. State and local officials also complain that they are not getting the information they need. In 2004, George J. Tenet, then the director of central intelligence, testified that it would take five years to fix the CIA. Three years later, we have seen signs of progress, but it is not fixed yet. Flush with resources, the CIA is investing heavily in training intelligence analysts and improving its ability to collect information on terrorist targets, particularly by agents on the ground. Disappointingly, despite recruitment drives, only 8 percent of the CIA's new hires have the ethnic backgrounds and language skills most needed for counterterrorism. A wider problem is that, because of intelligence failures (notably involving Iraq and 9/11) and controversial policies (notably about abuse and interrogation), the public lacks confidence in the CIA. That is not good for the agency or the country. We recognize that intelligence agencies must keep many secrets, but more candor and openness are the only ways to win sustained public support for the reforms we still need. The FBI, the agency responsible for domestic intelligence, also has much more to do. The number of bureau intelligence analysts has more than doubled since 9/11 (to about 2,100), but they are still second-class citizens in the FBI's law-enforcement culture. Modern 21st-century information systems are not yet in place, and top positions are turning over too often. Six years after 9/11, the FBI's essential unit on weapons of mass destruction is just beginning its work. When it comes to transportation security -- the failure so basic to 9/11 -- we have seen some successes. For example, the Terrorist Screening Center has a football-field-size room filled with a giant electronic board and dozens of experts who track the flight manifests of 2,500 international flights arriving in the United States each day. But the prescreening of passengers is still left to the airlines, which lack access to complete watch lists of suspected terrorists. Congress mandated national standards for secure driver's licenses but has not given states the money to make it happen. Moreover, technological improvement has been far too slow. A pilot program of high-tech explosive-detecting "puffer devices" at airports is of doubtful effectiveness and has been delayed indefinitely. Advanced baggage-screening systems will not be in place until 2024. That timeline may work for our grandchildren, but it won't work for us. Nor will the pace of efforts to prepare the country to respond to future attacks. Congress passed a better formula for distributing federal homeland-security grants to the states on the basis of risk and vulnerability, rather than pork and politics. But the new law still allows the broadcast industry until February 2009 to hand over the prime slice of the broadcast spectrum that police and firefighters need to beam radio messages through concrete and steel. Disaster could well strike before then. We also lack a legal framework for fighting terrorism without sacrificing civil liberties. The Privacy and Civil Liberties Oversight Board created in response to our recommendations has been missing in action. The board has raised no objections to wiretaps without warrants and to troubling detention and interrogation practices. It even let the White House edit its annual report. Now strengthened by a new law, the board must become a firm public voice in support of civil liberties. Finally, there's the question of Congress. Three years ago, we said that strengthening congressional oversight of counterterrorism was among the most difficult and important of our recommendations. Congressional oversight of homeland security and intelligence must be robust and effective. It is not. Three years ago, the 9/11 commission noted that the Department of Homeland Security reported to 88 congressional committees and subcommittees -- a major drain on senior management and a source of contradictory guidance. After halfhearted reforms followed by steps backward, that number is now 86. Those are just the main items on our list of concerns. Six years later, we are safer in a narrow sense: We have not been attacked, and our defenses are better. But we have become distracted and complacent. We call on the presidential candidates to spell out how they would organize their administrations and act urgently to address the threat. And we call on ordinary citizens to demand more leadership from our elected representatives. The terrible losses our country suffered on 9/11 should have catalyzed efforts to create an America that is safer, stronger and wiser. We still have a long way to go. Thomas H. Kean and Lee H. Hamilton are the former chairman and vice chairman of the 9/11 commission. From rforno at infowarrior.org Mon Sep 10 18:11:48 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Sep 2007 14:11:48 -0400 Subject: [Infowarrior] - Rogue Nodes Turn Tor Anonymizer Into Eavesdropper's Paradise In-Reply-To: <8F81722D72ADF240B38F024F9DE92CB23005CF@ausx3mps310.aus.amer.dell.com> Message-ID: http://www.wired.com/politics/security/news/2007/09/embassy_hacks Rogue Nodes Turn Tor Anonymizer Into Eavesdropper's Paradise By Kim Zetter Email 09.10.07 | 2:00 AM A security researcher intercepted thousands of private e-mail messages sent by foreign embassies and human rights groups around the world by turning portions of the Tor internet anonymity service into his own private listening post. A little over a week ago, Swedish computer security consultant Dan Egerstad posted the user names and passwords for 100 e-mail accounts used by the victims, but didn't say how he obtained them. He revealed Friday that he intercepted the information by hosting five Tor exit nodes placed in different locations on the internet as a research project. Tor is a sophisticated privacy tool designed to prevent tracking of where a web user surfs on the internet and with whom a user communicates. It's endorsed by the Electronic Frontier Foundation and other civil liberties groups as a method for whistleblowers and human-rights workers to communicate with journalists, among other uses. It's also used by law enforcement and other government agencies to visit websites anonymously to read content and gather intelligence without exposing their identity to a website owner. But Egerstad says that many who use Tor mistakenly believe it is an end-to-end encryption tool. As a result, they aren't taking the precautions they need to take to protect their web activity. He believes others are likely exploiting this oversight as well. "I am absolutely positive that I am not the only one to figure this out," Egerstad says. "I'm pretty sure there are governments doing the exact same thing. There's probably a reason why people are volunteering to set up a node." Victims of Egerstad's research project included embassies belonging to Australia, Japan, Iran, India and Russia. Egerstad also found accounts belonging to the foreign ministry of Iran, the United Kingdom's visa office in Nepal and the Defence Research and Development Organization in India's Ministry of Defence. In addition, Egerstad was able to read correspondence belonging to the Indian ambassador to China, various politicians in Hong Kong, workers in the Dalai Lama's liaison office and several human-rights groups in Hong Kong. Egerstad says it wasn't just e-mail that was exposed but instant messages passed internally between workers and any other web traffic that crossed the network. Among the data he initially collected was e-mail from an Australian embassy worker with the subject line referring to an "Australian military plan." "It kind of shocked me," he says. Tor has hundreds of thousands of users around the world, according to its developers. The largest numbers of users are in the United States, the European Union and China. Tor works by using servers donated by volunteers around the world to bounce traffic around en route to its destination. Traffic is encrypted through most of that route, and routed over a random path each time a person uses it. Under Tor's architecture, administrators at the entry point can identify the user's IP address, but can't read the content of the user's correspondence or know its final destination. Each node in the network thereafter only knows the node from which it received the traffic, and it peels off a layer of encryption to reveal the next node to which it must forward the connection. (Tor stands for "The Onion Router.") But Tor has a known weakness: The last node through which traffic passes in the network has to decrypt the communication before delivering it to its final destination. Someone operating that node can see the communication passing through this server. The Tor website includes a diagram showing that the last leg of traffic is not encrypted, and also warns users that "the guy running the exit node can read the bytes that come in and out of there." But Egerstad says that most users appear to have missed or ignored this information. Unless they're surfing to a website protected with SSL encryption, or use encryption software like PGP, all of their e-mail content, instant messages, surfing and other web activity is potentially exposed to any eavesdropper who owns a Tor server. This amounts to a lot of eavesdroppers -- the software currently lists about 1,600 nodes in the Tor network. Egerstad discovered the problem about two months ago when he signed up five servers he owns in Sweden, the United States and Asia to be Tor nodes, and started peeking at the traffic. He was surprised to discover that 95 percent of the traffic that passed through his Tor nodes was not encrypted. Even more surprising was the number of embassies and other government agencies that were using Tor, and using it incorrectly. That prompted Egerstad to narrow his search to e-mail correspondence with a focus on government agencies. He wrote a script to search for .gov domains and keywords such as "embassy," "war" and "military," and focused on sniffing port-25 traffic, the port through which e-mail passes. He collected between 200 and 250 accounts belonging to embassies and government agencies that were sending passwords and the content of correspondence in the clear. None of them belonged to U.S. embassies or government agencies. Among the data he found in the correspondence was a spreadsheet listing passport numbers and personal information about the passport holders, as well as sensitive details about meetings and activities among government officials. Egerstad contacted one account holder about his vulnerability but was ignored, he says. So on Aug. 30 he posted 100 of the accounts and passwords online to get the word out, but kept largely mum about how he'd obtained the information. Since posting the data, he says only one victim has contacted him to find out what they were doing wrong and learn how to fix it: Iran. In addition to Iran's Ministry of Foreign Affairs, the country's embassies in Ghana, Kenya, Oman and Tunisia were swept up by Egerstad's experimental surveillance. Shava Nerad, the development director for the nonprofit group that supports Tor, admits the group needs to produce better documentation for users to make the risks of the system clearer. But she adds that people in high-risk environments, such as embassies, should understand those risks already and should be encrypting their communication on their own. "If you're in a position like that handling sensitive data and you're working for the government," she says, "it is irresponsible to send that data unencrypted. They should institute practices that educate their users and ensure the privacy of the data by going through encrypted VPNs." Egerstad says he has shut down his Tor nodes. From rforno at infowarrior.org Tue Sep 11 01:32:51 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Sep 2007 21:32:51 -0400 Subject: [Infowarrior] - ISPs turn blind eye to million-machine malware monster Message-ID: Original URL: http://www.theregister.co.uk/2007/09/10/isps_ignore_strorm_worm_and_other_ma lware/ ISPs turn blind eye to million-machine malware monster By Dan Goodin in San Francisco Published Monday 10th September 2007 06:02 GMT Several weeks ago, security researcher Lawrence Baldwin dispatched an urgent email to abuse handlers at OptimumOnline, the broadband provider owned by Cablevision, warning that one of its customers stood to lose more than $60,000 to cyber crooks. "He's got a keylogger on his system . . . below is a log of the miscreant viewing the info that was logged from his system while accessing his [Bank of America] accounts," Baldwin's email read. "Looks like he's got nearly $60K in there, so a lot at stake. Can you get someone to phone me that might be able to establish contact with this customer?" The email, which was addressed to a specific handler's email address and was also copied to OptimumOnline's abuse desk, went on to provide the user's IP address and enough specifics to suggest Baldwin's claim of a keylogger was probably accurate. Yet, more than three weeks later, Baldwin still hasn't heard back from the company. "Normally, I don't bother because I think this is going to be a complete waste of time," says Baldwin, who is chief forensics officer for myNetWatchman.com. "The abuse and security department at an ISP is the bastard step-child component of a service provider. In some sense, they're doomed to failure by design." Absentee Landlords Talk to anyone who makes a living sniffing out online fraud, and you'll hear the same story over and over. Researcher uncovers the source of a massive amount of spam, identifies an IP address that is part of a botnet or stumbles upon a phishing site that's spoofing a trusted online brand. Researcher dutifully reports the incident to the internet service provider whose network is being used, only to find the bad behavior continues unabated for days, weeks and even months. A lack of engagement from ISPs is nothing new, but it has continued even as the malware scourge makes steady gains. No one really knows exactly how many infected PCs are out there, but just about everyone agrees the number is high and growing. Accepting even conservative estimates that 10 percent of machines are part of a botnet means that tens of millions of systems are actively sending spam, launching denial-of-service attacks, and spewing all sorts of other malicious traffic across networks owned by the world's biggest ISPs. According to figures from researcher Peter Gutmann (http://seclists.org/fulldisclosure/2007/Aug/0520.html), the Storm Worm alone is believed to comprise from 1m to 10m CPUs, creating one of the world's most powerful computers. "This may be the first time that a top 10 supercomputer has been controlled not by a government or mega-corporation but by criminals," Gutmann says. To be fair, legal liability and economic realities sometimes make it hard for ISPs to respond to the threat in a meaningful way. But in light of the surging malware problem, their frequent inaction looks more and more like complicity. Although some ISPs are more active than others in policing their networks, absentee abuse departments and a lack of enforcement seems to be the rule. The Register spent several weeks calling ISPs large and small, including Comcast, OpimumOnline, Verizon, Earthlink and Road Runner. Many didn't bother to return our repeated calls. And all declined our requests for an interview with a member of their security team to discuss what steps they take to ensure their networks are not used as a launch pad for computer attacks. The Worst of the Lot The criticisms go well beyond abuse handlers who don't answer their email. According to this list (http://cbl.abuseat.org/domain.html) from antispam organization Spamhaus, Deutsche Telekom users accounted for an estimated 2.2 percent of all compromised systems on the internet. The dubious distinction ranks the German ISP as the 11th most bot-infested provider, just narrowly edging out Verizon, which accounted for an estimated 1.97 percent. (Spamhaus Figures, which change frequently, were current as of time of writing). Other European and US-based providers with unfavorable ratings include Telecom Italia, Comcast, Arcor, France Telecom and Road Runner, which together provided net access for an estimated 4.2 percent of the world's infected hosts. Take a gander at other lists that track spam origins and you'll find many of the same names. According to the Trend Micro's Network reputation ranking (https://nssg.trendmicro.com/nrs/reports/rank.php), subscribers from Verizon, Telecom Italia, France Telecom, BT, Road Runner, Telefonica Data Espana and Tiscoli, AT&T, Cableinet Telewest Broadband and Comcast are some of the most prodigious senders of spam. Because almost all spam is generated by bot-infected PCs, the rankings are a strong indication that those networks are home to a large number of zombies under the control of criminal gangs. Comcast and Road Runner declined to comment. Verizon turned down requests for an interview with a security engineer, but a spokeswoman said officials are aware of the rankings and are working to put new measures in place by the end of the year to curb the spam flowing out of its network. "We are concerned about it," the spokeswoman, Bobbi Hensen, said. "We don't like spam. We are aggressively working on that." A chief cause of rampant spam is the refusal of many ISPs to block port 25, which is commonly used for traffic being sent to remote mail servers. Baldwin, of myNetWatchman.com, says his own experience with Comcast is illustrative of the problem. As a security researcher, he regularly runs malware that sends Spam over the ISP's network. "It was very depressing because I would purposely let things run for days and I would call Comcast abuse on myself," he explained. And yet, even after telling support people he had reason to believe he himself was sending huge amounts of spam, Baldwin was told there were no issues. Finally, Baldwin woke up one morning to find his test machines could no longer send spam through the ISP, a development he saw as "an extremely positive step for Comcast." Alas, the change didn't last. Comcast inexplicably stopped the block, leaving Baldwin's machines free to spam once more. Into the Rubber Room One name you won't see rise to the top of any of these lists is Cox Communications, a US-based provider with 3.5m high-speed customers. In much the same way that hospitals put deranged patients in rubber rooms to protect them from doing harm to themselves or others, Cox quarantines infected customers into environments where internet access is severely limited. That allows the customer to download antivirus software and other applications designed to clean up their systems, but prevents them from sending spam or connecting with nefarious servers that may be trying to siphon personal information. "When you get a customer on the phone, sure they're angry at first that they're taken off line, but once they realize that someone else was in control of their computer - pulling their social security number and credit card number off their computer - they're generally pretty grateful," says Matt Carothers, a senior security engineer for Cox. "Taking people off line seems a little harsh, but when you get down to it, you're doing it for their own good, and most customers recognize that." In 2004, Cox put about 22,500 customers into one of these padded rooms, compared with 8,000 in 2005 and 2,000 last year. The sharp decline is largely the result of mechanisms Cox has put in place that prevent many Trojans from being able to phone home to command and control servers. Cox only disconnects customers whose infections manifest in abusive behavior. Another ISP that takes an active role in patrolling its network is Internet Texoma (http://texoma.net/). With fewer than 10,000 subscribers, the managers from the rural North Texas provider are able to dote personalized attention on their customers in a way the eludes its larger competitors. Several weeks ago, for instance, the company received data indicating that six of its subscribers were infected with malware related to Storm Worm that was causing them to send spam and actively try to infect others. By the end of the day, managers had helped two of them to disinfect their machines. The other four were not able to be reached, so Texoma disconnected those machines. It's all part of Texoma's zero-tolerance approach when it comes to malware. "The ISPs should do everything possible to prevent the transmission of malware through its network," says Larry Vaden, a co-founder of Texoma. "It is not good for our upstream friends to notice us. It's like having a cousin who robbed a bank. You don't want that sort of family member." The Money Argument Listening to Vaden wax on about the responsibility of ISPs is like stepping into a Utopian world where providers have unlimited resources to lavish on any customer who needs it. The reality is that these days most ISPs are barely eking out a profit. For many, asking them to play custodian to the malware-riddled PCs of millions of customers scattered over large geographic locations is untenable. "They can't play traffic cop, cleanup expert and mother to people who are using their services," says Bill Stearns, a security expert who also works as an incident handler for the SANS Internet Storm Center. He says he likes the idea of ISPs collectively combating the malware menace but says such an approach is fraught with problems. For one, about the only way to disinfect a badly contaminated machine is to reformat the hard drive and reinstall the operating system - a laborious task for those who are technically inclined that is beyond the ability of average users. Asking already-struggling ISPs to take on such a Herculean task simply isn't realistic. One of the few other options for ISPs is to simply disconnect customers or confine them to a highly restricted environment. That is fraught with liability, since more and more customers depend on their net connections for access to emergency services and other essential services. Pulling the plug on infected machines also requires ISPs to turn away paying customers. But those who absolve ISPs for their inaction may also be ignoring financial realities. Botnets are the single largest threat facing ISP infrastructure, according to a recently conducted survey conducted by Arbor Networks of security engineers for network operators. As such, they represent a huge liability. They translate into other substantial costs that result from lost bandwidth and ISPs getting blacklisted by other providers. While largely defending ISPs' lack of involvement, Stearns also laments it as the loss of a key opportunity. "The frustrating part is they're one of the few places where we can put in filters and automatic detection tools to identify zombies," he says. "Part of me says if we could only get the bigger ISPs to put in blocks for certain types of malicious activity, that'd be great. The other part says, who gets to say what's malicious?" ISPs are also uniquely positioned to provide protection to infected net users because they have the name and contact details of their customers. Randal Vaughn, a professor of information systems at Baylor University and a specialist in tracking and shutting down sources of malware, also admits to being torn over the issue. On the one hand, he says, the magnitude of the malware problem "kind of puts the impetus into the ISPs' lap to do something." But he quickly adds it's not that simple. "We've got tainted water going through the pipe, and we're blaming the pipe," he says. "The ISPs and the networks aren't the problem. The problem is we've got a tainted water supply. ISPs can't really be a solution. They might be able to play a part in the solution, but how are they going to pay for it?" ? From rforno at infowarrior.org Tue Sep 11 12:12:07 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Sep 2007 08:12:07 -0400 Subject: [Infowarrior] - Breaking News: Television is Broken! Message-ID: Breaking News: Television is Broken! Richard Forno First published on 2007-09-10. (c) 2007 by author. Permission granted to reproduce with appropriate credit. Three years ago in my book "Weapons of Mass Delusion" I commented on the sad state of the American news media and described how it failed to provide usable information to the public despite the news industry's oft-proclaimed committment to the "public good." That hasn't changed much -- but now I'd like to expand my thoughts on the American television media to include television programming in a broader sense. However, to appreciate fully the comments in this article, you must share two fundamental beliefs: first, that contemporary commercial television is primarily a venue for advertising or product placement, and that the competitive commercial television industry is based on profits and shareholder value as a function, and that any other considerations -- including the "public good" -- are subordinate to those desires. As you might expect, my observations and comments below both recognize and challenge these beliefs -- and yes, this indeed is a long-overdue infowarrior.org rant. While many readers know that generally I avoid most commercial television, having spent the last week recovering from a cold sprawled on my living room couch, I had an opportunity to remind myself again why most commercial television has turned me off. Having said that, let's examine some of the reasons why I feel modern commercial television sucks and why quality program delivery apparently doesn't matter anymore. < - > http://infowarrior.org/articles/cable-tv-rant.html From rforno at infowarrior.org Tue Sep 11 16:39:30 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Sep 2007 12:39:30 -0400 Subject: [Infowarrior] - Identity Management: Tiers of Trust Consortium Message-ID: (good leadership and a well-rounded industry consortium here to address a fundamental need for first responders.......rf) Former US Cybersecurity Advisor Spearheads Consortium to Help First Responders Prepare for Crisis Situations Tiers of TrustTM Consortium Aims to Solve Problems Experienced by Law Enforcement, Fire Departments, and Paramedics During 9/11 and Hurricane Katrina Washington, DC ? September 11, 2007 ? Howard A. Schmidt, former US Cybersecurity Advisor, today announced the Tiers of Trust consortium to assist First Responders such as the New York Fire Department, International Red Cross, State of California Public Health, and Verizon in successfully preparing for crisis situations. First Responders are the backbone of America?s critical infrastructure, including law enforcement, fire, hazmat, rescue and public health organizations as well as private sector utilities, communications and transportation companies responsible for responding to national and local emergency situations. The consortium aims to solve problems experienced by these organizations during 9/11 and Hurricane Katrina. For more information about the Tiers of Trust go to www.TiersofTrust.com. Why? Some of the major problems during past crisis situations were due to unreliable identification of First Responders. During the 9/11 attacks over 300 First Responders in New York were lost because officials could not account for who entered and left the scene. While in DC, response officials rushing to the Pentagon were denied entry because their identities and privileges could not be verified. During the Hurricane Katrina recovery, hundreds of licensed medical personnel were not deployed effectively because they could not prove their credentials and certifications. To fix problem such as these, the government developed new identification requirements through Homeland Security Presidential Directive-12 (HSPD-12) and the Federal Information Processing Standard (FIPS 201) for federal employees and contractors. ?While this regulation has the right intentions, the implementations to date have exceeded the budgets within these First Responder groups, making compliance impossible,? said Howard A. Schmidt. ?Our goal is to enable First Responders to meet the federal requirements at a fraction of the cost, allowing them to spend budgets on much needed equipment and training.? How? Tiers of Trust enables First Responders to implement graduated privileges based on identities. The consortium grants registered First Responders free access to high-tech software to create identification credentials with contactless smart cards, using the mandatory FIPS 201 fields of the FASC-N (Federal Agency Smart Card Number), CHUID (Card Holder Unique Identifier), and expiration date. Homeland Security Presidential Directive ? 12 (HSPD-12) outlines policy for a common identification standard for federal employees and contractors. With regard to secure and reliable forms of identification, HSPD-12 states ?The Standard will include graduated criteria, from least secure to most secure, to ensure flexibility on selecting the appropriate level of security for each application.? The Tiers of Trust program implements this risk-based concept initially for first responders, realizing that not all first responders will ever need to gain ?physical access to federally controlled facilities and logical access to federally controlled information systems?. Thus careful classification of roles and privilege levels may yield a significant headcount where a significant cost savings is not only prudent, but advisable. "Right now, it is cheaper to rebuild everybody's house rather than to give First Responders a smart card," said Jon Callas, CTO and CSO of PGP Corporation. "Tiers of Trust is changing this." What? Howard A. Schmidt is spearheading the Tiers of Trust consortium with leading security organizations including HID, SNS (Secure Network Systems), PGP Corporation, OMNIKEY, Catcher, TX Systems and Clear Government Solutions.......(more) < - > http://www.tiersoftrust.com/ From rforno at infowarrior.org Wed Sep 12 12:28:00 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Sep 2007 08:28:00 -0400 Subject: [Infowarrior] - Your loss of privacy is a package deal Message-ID: David Lazarus: Consumer Confidential Your loss of privacy is a package deal September 12 2007 http://www.latimes.com/business/la-fi-lazarus12sep12,0,827991,full.column?co ll=la-home-business The all-you-can-eat packages of voice, video and Internet services offered by phone and cable companies may be convenient, but they represent a potentially significant threat to people's privacy. Take, for example, Time Warner Cable, which has about 2 million customers in Southern California. The company offers a voice-video-Net package called "All the Best" for $89.85 for the first 12 months. But for anyone who has the wherewithal to read Time Warner's 3,000-word California privacy policy, you discover that not only does the company have the ability to know what you watch on TV and whom you call, but also that it can track your online activities, including sites you visit and stuff you buy. Remember all the fuss when it was revealed last year that Google Inc. kept voluminous records of people's Web searches, and that federal authorities were demanding a peek under the hood? Multiply that privacy threat by three. Internet, TV, phone -- it's hard to imagine a more revealing glimpse of your private life. "All your eggs are in one communications basket," said Beth Givens, director of the Privacy Rights Clearinghouse in San Diego. "If a company wants to, it can learn a great deal about you -- and it probably wants to." More often than not, it'll also want to turn a fast buck by selling at least a portion of that info to marketers. All leading telecom companies are aggressively pushing these bundled service plans after investing billions of dollars in high-speed digital networks. For consumers, the upside is often a hefty savings compared with acquiring the same services from multiple providers. The downside is that you're making intimate details of virtually all your network activities available to a single company -- and possibly government officials. Earlier this month, a federal judge shot down a section of the USA Patriot Act that allowed warrantless access to telecom companies' databases. He didn't seem impressed that few phone companies and Internet providers had fought government efforts to get consumers' data. For the moment, it's direct marketers, not the Department of Justice, that consumers have to fear. Satellite broadcaster DirecTV Group Inc. offers video and Internet access. Its privacy policy says the company "may share customer information, including programming purchases, with selected media, entertainment and other similar service providers." These companies, the policy acknowledges, "may use this customer information to market products or services to you." However, it's the service providers with a pipeline into your home -- the phone and cable companies -- that have the ability to amass the greatest trove of customer data. Just think for a moment about the calls you made yesterday, the shows you watched, the websites you surfed. Put together, how do you think they make you look? There are red flags to be found in each telecom provider's privacy policy. A close reading of Time Warner's policy reveals: * Along with knowing juicy details of your calling and viewing habits -- those 900 numbers, say, or that subscription to the Playboy Channel -- the company keeps track of "Internet addresses you contact and the duration of your visits to such addresses." * Time Warner not only compiles "information about how often and how long" you're online, but also "purchases that you have made" via the company's Road Runner portal, which provides access to thousands of goods. * On top of that, the company may monitor "information you publish" via the Road Runner portal, which should send a chill through anyone who accesses his or her e-mail through Time Warner's servers. That's not to say Time Warner or any other service provider is reading people's e-mail or invading users' privacy in any other way. The point is, they're explicitly saying they could. No less troubling, you have to wade more than halfway into Time Warner's privacy policy before you're finally informed that the company also reserves the right "to disclose personally identifiable information to others, such as advertisers and direct mail or telemarketers, for non-cable purposes." Craig Goldberg, Time Warner's chief privacy officer, said the company used to sell customers' info to marketers but had no plans at the moment to resume the practice. "It's something we haven't done for some time," he said. "But if we do decide to do it, we give people a chance to opt out." Easier said than done. Time Warner requires customers to opt out in writing. Its privacy policy doesn't include a mailing address. Telecom giant AT&T offers a TV service called U-Verse, which includes high-speed Internet access in conjunction with Yahoo Inc. The company's privacy policy says it tracks "pages you view, how much time you spend on each page, the links you click and other actions taken" when visiting AT&T Yahoo sites. It also says AT&T compiles info on "viewing, game, recording and other navigation choices that you and those in your household make" when using the company's TV services. Asked to elaborate, John Britton, an AT&T spokesman, said the policy spoke for itself. "It fully complies with all legal requirements for disclosure of our privacy practices, and it is in line with the policies of our industry peers and other major corporations," he said. For its part, Verizon Communications Inc.'s TV service, dubbed FiOS, also tracks users' activities. Much of that data isn't personally identifiable, the company's privacy policy declares. "However, in order to carry out a request to watch a pay-per-view program or video on demand," it says, "the FiOS TV system may collect certain personally identifiable information, such as your account information, in addition to the product or service purchased, so that you may be properly billed for the program." A Verizon spokesman confirmed that the company knew what you were watching when you watched pay-per-view programming. Should you be worried? Despite the obstacles, consumers should be diligent about trying to opt out of service providers being able to share personal data. There's not much else you can do. "We're a bit closer to the Orwellian '1984,' " said Givens at the Privacy Rights Clearinghouse. "But that was a government eye, and this is a corporate eye." At least you don't have to worry about these companies knowing things about you after you take your business elsewhere, right? Wrong. Near the very bottom of Time Warner's privacy policy, the company discloses that it maintains personally identifiable info about people "as long as you are a subscriber and up to 15 additional years." This, it says, is for tax and accounting purposes. All in all, you may want to spend a bit more time with the Disney Channel and the Nickelodeon website. Consumer Confidential runs Wednesdays and Sundays, and frequently in between. Send your tips or feedback to david.lazarus at latimes.com. From rforno at infowarrior.org Wed Sep 12 12:34:35 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Sep 2007 08:34:35 -0400 Subject: [Infowarrior] - Copyright is always Government Intervention Message-ID: Copyright is always Government Intervention http://williampatry.blogspot.com/2007/09/copyright-is-always-government.html The Copyright Alliance is a recently formed Washington, D.C. organization financially funded by content owners and their trade associations. The alliance seeks, among other things: ?To promote the progress of science and creativity, as enumerated in the U.S. Constitution, by upholding and strengthening copyright law and preventing its diminishment.? (Principle 2). To this end, the group holds press conferences, sponsors seminars, and lobbies members of Congress and the Administration. Most ambitiously, the Alliance has designed programs for schools such as "IP Assemblies & On-Line Curriculum for Grades 3-12." If one has been around long enough, one has seen a great many such groups as well as efforts to equate ?respect? for copyright with a high level of rights. The copyright to which one asked to respect is of a special kind, though. It is limited to strong enforcement of content owners? rights as well as agreement with content owners? expansive interpretations of those provisions. And, it includes a promise to ?prevent diminishment? of rights, as the Copyright Alliance put it. Respect for copyright is thus narrowly regarded and unidirectional: ever expanding rights and greater penalties. (The use of the term ?diminishment? is a classic conceptual metaphor in which less has negative associations, while, conversely, ?expansive? has positive associations. George Lakoff has explored such uses in a number of books, see here). Title 17, however, also includes the limitations on subject matter protection contained in Section 102(b), the lack of protection for U.S. government works in Section 105, fair use (107), library photocopying (108), first sale (109), performances for educational and other purposes (110), copying for the blind (121), and well as compulsory licenses, the safe harbors of Section 512, and the personal copying defense in Section 1008. Copyright further includes judge-created doctrines like permitting de minimis or non-substantial uses, independent creation, the idea-expression dichotomy, merger, scenes a faire, and defenses such as misuse and substantial non-infringing uses for secondary liability. As Justice O?Connor wrote the Supreme Court in rejecting another metaphor (?you shouldn?t reap what you haven?t sown? as applied to copying facts), ?it is not unfair to permit the fruits of another's labor to be used by others without compensation: ?this is not ?some unforeseen byproduct of a statutory scheme.? ? It is, rather, ?the essence of copyright,? and a constitutional requirement? This result is neither unfair nor unfortunate. It is the means by which copyright advances the progress of science and art.? If respect for copyright is going to be one?s pass into society, then we should be far more rounded and inclusive about copyright is: copyright does not end with Section 106; not even chapter 1 of title ends with Section 106; there are 16 sections that follow, limiting copyright owners? rights dramatically. One thing should be beyond dispute, and that is copyright is always an act of government intervention. Without Congress enacting title 17, there would be no (federal) law at all, as the Supreme Court held in its very first (1834) opinion in a copyright case, Wheaton v. Peters. Copyright in the U.S. is, therefore, in its very essence, an act by Congress interfering with an inherent lack of rights: every grant of rights represents government intervention. I support such intervention when it is responsible, as it has been for much of our countries? history, at least until 1998, when in my opinion things ran permanently off the rails with term extension and the sui generis DMCA provisions of chapter 12. All of this brings me to a recent exchange between the Executive Director of the Copyright Alliance (Patrick Ross) and the Digital Freedom organization (founded by the Consumer Electronics Association, with a number of partner organizations such as CCIA, EFF, and Public Knowledge). As reported in Politico, Digital Freedom,? is pushing legislation that would allow consumers to legally unlock DRM software to send content around their homes ? to stream DVDs, for example. The bill would still forbid copying. However, it would eliminate the $150,000 penalty per infringement that could cost a person $1.5 million for copying a 10-track CD, said Michael Petricone, the association?s chief lobbyist.? This effort prompted a response from the Copyright Alliance, reported as follows by Politico: Digital Freedom?s position on digital copyright is akin to demanding that the government mandate standards that all electronic devices work together, Ross said. ?Gary Shapiro [CEA?s head], do you want government intervening to tell you that your devices are interoperable so I can move my works from one device to another?? Ross asked. ?Government intervention is bad for copyright owners and device manufacturers in this case.? Mr. Ross qualified his dislike of government intervention to ?this case,? but it is hard to believe that even he believes what he said, namely that it is government intervention that is the source of the faults he sees. Content owners, after all have been the biggest advocates of government intervention against consumers: When the RIAA wanted government dictated standards for DAT tapes, it got them in the 1992 AHRA. When content owners en masse wanted them for the Internet, they got them big-time in the DMCA. When the RIAA wanted immunity for trashing your hard-drive in searching for P2P downloads, it didn?t hesitate to call in the feds. When MPAA wanted to give theater owners immunity from state law prosecution for hunting out and seizing camcorders from theater viewers, it got a federal law passed. The MPAA, as I recently noted, wants the federal government to pay for Customs Service dogs to sniff your luggage and car for DVD. If these are not acts of government intervention, I don?t know what is. Nor is this the first time content owners have opposed legislation favoring consumers by alleging that reliance on the marketplace is preferable and by decrying government regulation. A joint statement issued by the Recording Industry Association of America, the Business Software Alliance, and the Computer Systems Policy Project in January 2003 stated in part: ?How companies satisfy consumer expectations is a business decision that should be driven by the marketplace, and should not be legislated or regulated.? The joint statement was made in response to a bill introduced by Congressman Rick Boucher called the ?Digital Media Consumers' Rights Act of 2002? and a different bill introduced by Congresswoman Zoe Lofgren in called the ?Digital Choice and Freedom Act of 2002.? Those bills would have, inter alia, required truthful labeling of CDs containing copy-protection schemes, and provided rights for researchers and those wanting to engage in fair use to do so free of liability under the DMCA; in other words to restore things to what they were before the government?s intervention via the DMCA. All copyright is government intervention; in any given situation, that intervention may be warranted, but let?s discuss the merits of proposals and not whether the government being involved is a good idea or not. Digital Freedom?s proposals, for example, are principally for amendment to the highly interventionist DMCA provisions: how can amendments to interventionist provisions be objected to as interventionist? Lets skip the flatulent rhetoric about government intervention and get down to the real issue: finding the policy that does the most good for the most people; and when we do we?ll be thankful to have the government intervene. From rforno at infowarrior.org Wed Sep 12 12:56:08 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Sep 2007 08:56:08 -0400 Subject: [Infowarrior] - Free iPhone unlock code published Message-ID: iPhone Free Software Unlock Confirmed (Death Star Explodes) http://tinyurl.com/2caylg From rforno at infowarrior.org Wed Sep 12 13:00:44 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Sep 2007 09:00:44 -0400 Subject: [Infowarrior] - NYT: Who Needs Hackers? (good read) Message-ID: (very well-said, and is what competent security experts have been preaching to mostly-deaf ears for years........rf) September 12, 2007 Who Needs Hackers? By JOHN SCHWARTZ http://www.nytimes.com/2007/09/12/technology/techspecial/12threat.html?_r=1& oref=slogin&pagewanted=print NOTHING was moving. International travelers flying into Los Angeles International Airport ? more than 17,000 of them ? were stuck on planes for hours one day in mid-August after computers for the United States Customs and Border Protection agency went down and stayed down for nine hours. Hackers? Nope. Though it was the kind of chaos that malevolent computer intruders always seem to be creating in the movies, the problem was traced to a malfunctioning network card on a desktop computer. The flawed card slowed the network and set off a domino effect as failures rippled through the customs network at the airport, officials said. Everybody knows hackers are the biggest threat to computer networks, except that it ain?t necessarily so. Yes, hackers are still out there, and not just teenagers: malicious insiders, political activists, mobsters and even government agents all routinely test public and private computer networks and occasionally disrupt services. But experts say that some of the most serious, even potentially devastating, problems with networks arise from sources with no malevolent component. Whether it?s the Los Angeles customs fiasco or the unpredictable network cascade that brought the global Skype telephone service down for two days in August, problems arising from flawed systems, increasingly complex networks and even technology headaches from corporate mergers can make computer systems less reliable. Meanwhile, society as a whole is growing ever more dependent on computers and computer networks, as automated controls become the norm for air traffic, pipelines, dams, the electrical grid and more. ?We don?t need hackers to break the systems because they?re falling apart by themselves,? said Peter G. Neumann, an expert in computing risks and principal scientist at SRI International, a research institute in Menlo Park, Calif. Steven M. Bellovin, a professor of computer science at Columbia University, said: ?Most of the problems we have day to day have nothing to do with malice. Things break. Complex systems break in complex ways.? When the electrical grid went out in the summer of 2003 throughout the Eastern United States and Canada, ?it wasn?t any one thing, it was a cascading set of things,? Mr. Bellovin noted. That is why Andreas M. Antonopoulos, a founding partner at Nemertes Research, a technology research company in Mokena, Ill., says, ?The threat is complexity itself.? Change is the fuel of business, but it also introduces complexity, Mr. Antonopoulos said, whether by bringing together incompatible computer networks or simply by growing beyond the network?s ability to keep up. ?We have gone from fairly simple computing architectures to massively distributed, massively interconnected and interdependent networks,? he said, adding that as a result, flaws have become increasingly hard to predict or spot. Simpler systems could be understood and their behavior characterized, he said, but greater complexity brings unintended consequences. ?On the scale we do it, it?s more like forecasting weather,? he said. Kenneth M. Ritchhart, the chief information officer for the customs and border agency, agreed that complexity was at the heart of the problem at the Los Angeles airport. ?As we move from stovepipes to interdependent systems,? he said, ?it becomes increasingly difficult to identify and correct problems.? At first, the agency thought the source of the trouble was routers, not the network cards. ?Many times the problems you see that you try to correct are not the root causes of the problem,? he said. And even though his department takes the threat of hacking and malicious cyberintruders seriously, he said, ?I?ve got a list of 16 things that I try to address in terms of outages ? only one of them is cyber- or malicious attacks.? Others include national power failures, data corruption and physical attacks on facilities. In the case of Skype, the company ? which says it has more than 220 million users, with millions online at any time ? was deluged on Aug. 16 with login attempts by computers that had restarted after downloading a security update for Microsoft?s Windows operating system. A company employee, Villu Arak, posted a note online that blamed a ?massive restart of our users? computers across the globe within a very short time frame? for the 48-hour failure, saying it had overtaxed the network. Though the company has software to ?self-heal? in such situations, ?this event revealed a previously unseen software bug? in the program that allocates computing resources. As computer networks are cobbled together, said Matt Moynahan, the chief executive of Veracode, a security company, ?the Law of the Weakest Link always seems to prevail.? Whatever flaw or weakness allows a problem to occur compromises the entire system, just as one weak section of a levee can inundate an entire community, he said. This is not a new problem, of course. The first flight of the space shuttle in 1981 was delayed minutes before launching because of a previously undetected software problem. The ?bug heard round the world,? as a former NASA software engineer, John B. Garman, put it in a technical paper, came down to a failure that would emerge only if a certain sequence of events occurred ? and even then only once in 64 times. He wrote: ?It is complexity of design and process that got us (and Murphy?s Law!). Complexity in the sense that we, the ?software industry,? are still na?ve and forge into large systems such as this with too little computer, budget, schedule and definition of the software code.? In another example, the precursor to the Internet known as the Arpanet collapsed for four hours in 1980 after years of smooth functioning. According to Dr. Neumann of SRI, the collapse ?resulted from an unforeseen interaction among three different causes? that included what he called ?an overly lazy garbage collection algorithm? that allowed the errors to accumulate and overwhelm the fledgling network. Where are the weaknesses most likely to have grave consequences? Every expert has a suggestion. Aviel D. Rubin, a professor of computer science at Johns Hopkins University, said that glitches could be an enormous problem in high-tech voting machines. ?Maybe we have focused too much on hackers and not on the possibility of something going wrong,? he said. ?Sometimes the worst problems happen by accident.? Dr. Rubin, who is director of the Center for Correct, Usable, Reliable, Auditable and Transparent Elections, a group financed by the National Science Foundation to study voting issues, noted that glitches had already shown up in many elections using the new generation of voting machines sold to states in the wake of the Florida election crisis in 2000, when the fate of the national election came down to issues like hanging chads on punch-card ballots. Dr. Bellovin at Columbia said he also worried about what might happen with the massively complex antimissile systems that the government is developing. ?It?s a system you can?t really test until the real thing happens,? he said. There are better ways. Making systems strong enough to recover quickly from the inevitable glitches and problems can keep disruption to a minimum. The customs service came under some of the most heated criticism for not having a backup plan that could quickly compensate for the network flameout; eventually, airport officials had to provide fuel to the planes so that the airlines could run the air-conditioning, and provided food, beverages and diapers to the trapped passengers. Mr. Ritchhart said it was unfair to characterize his department as having no backup plan. In fact, there were two ? but neither addressed the problem. The main backup plan envisions a shutdown of the national customs network, and allows local networks to function independently. Since it was the local network that was in trouble at Los Angeles, he said, that backup plan did not work. The other fallback involves setting up customs agents with laptops that are equipped to scan the millions of names on the watchlists and to perform other functions. That system was put in place, he said, but the laptops operate at one-third the speed of the computer network, and the delays persisted. The agency is reviewing its policies to improve its response, he said, and if a similar slowdown occurs, is considering having agents call colleagues in other cities to perform searches on functioning parts of the network. The best answer, Dr. Neumann says, is to build computers that are secure and stable from the start. A system with fewer flaws also deters hackers, he said. ?If you design the thing right in the first place, you can make it reliable, secure, fault tolerant and human safe,? he said. ?The technology is there to do this right if anybody wanted to take the effort.? He was part of an effort that began in the 1960s to develop a rock-solid network-operating system known as Multics, but those efforts gave way to more commercially successful systems. Multics? creators were so farsighted, Dr. Neumann recalled, that its designers even anticipated and prevented the ?Year 2000? problem that had to be corrected in other computers. That flaw, known as Y2K, caused some machines to malfunction if they detected dates after Jan. 1, 2000. Billions of dollars were spent to prevent problems. Dr. Neumann, who has been preaching network stability since the 1960s, said, ?The message never got through.? Pressures to ship software and hardware quickly and to keep costs at a minimum, he said, have worked against more secure and robust systems. ?We throw this together, shrink wrap it and throw it out there,? he said. ?There?s no incentive to do it right, and that?s pitiful.? From rforno at infowarrior.org Thu Sep 13 03:08:17 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Sep 2007 23:08:17 -0400 Subject: [Infowarrior] - Bastille Linux domain commandeered by squatter Message-ID: http://bastille-linux.sourceforge.net/press-release-newname.html >Dear Bastille Linux Users, > > On the morning of September 11th, 2007, alerted by handlers from the Internet > Storm Center, I learned that one Mykhaylo Perebiynis purchased our Bastille > Linux domain and is demanding $10,000 to return it to the project. He appears > to be in business as a domain squatter. I'll post more information about this > soon - refresh this page later today (9/12/07) for more information. > > That's the bad news. Now time for the good news and our future plans. > > First, the squatter hasn't focused on having a functional website. He isnt > hosting any downloads: Trojan horses or otherwise. He seems to just be in it > for the money. The Bastille Linux downloads were always hosted at Sourceforge, > where they continue to be available. > > Second, the lawyers tell me that we shouldnt have trouble getting the domain > back. It will take a bit of time, but both legal action and the domain > arbitration process should prove effective. We have an existing trademark on > the domain dating back to 1999. This will simply take some time. > > Third, the real Bastille Linux website has always been available, along with > our downloads, via the http://bastille-linux.sourceforge.net site, similar to > every other Sourceforge project. This is where the www.Bastille-Linux.org site > used to virtual host to, so it's ready and tested. We'll be updating the major > software index sites with this URL over the course of the next week. > > Now for our future plans. > > We're going to take this event as an opportunity. Bastille Linux has been > running on two non-Linux platforms for years, Mac OSX and HP-UX. Hewlett > Packard packages Bastille by default with HP-UX, integrates it with their > installer, and provides technical support to their customers for it. Much like > Douglas Adams' increasingly mis-counted Hitchhikers' Guide to the Galaxy > trilogy, Bastille Linux is now two non-Linuxes past its name. We've been > considering a name change to reflect this for some time. So... > > Bastille Linux is now Bastille Unix! > > We've purchased the Bastille-Unix.org domain and will set the > Bastille-Linux.org website to transparently forward to the Bastille-Unix.org > website once we get the domain back. > > I'll write more soon, but I wanted to get the word out as quickly as possible. > Please use the the new domain now: > > www.Bastille-Unix.org > > Thank you for all the support, gratitude, and code/idea/testing contributions > over the years. I'm optimistic for the future. > > Sincerely, > Jay Beale > > Project Lead and Original Author, Bastille Linux / Bastille Unix > Co-Founder and Senior Security Consultant, Intelguardians Network > Intelligence, LLC > > P.S. I'd like to take this opportunity to circulate my PGP fingerprint. I'll > use this key to sign any downloads and critical e-mail announcements from now > on. > > pub 1024D/03C52606 2006-12-01 > Key fingerprint = B1E1 F7AE 6DAF 5943 BCFA 3143 40B8 85EC 03C5 2606 > uid Jay Beale (Jay Intelguardians Key Generated 12/2006) From rforno at infowarrior.org Thu Sep 13 12:04:52 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Sep 2007 08:04:52 -0400 Subject: [Infowarrior] - Scientists Use the "Dark Web" to Snag Extremists and Terrorists Online Message-ID: Press Release 07-118 Scientists Use the "Dark Web" to Snag Extremists and Terrorists Online http://www.nsf.gov/news/news_summ.jsp?cntn_id=110040&org=NSF September 10, 2007 Terrorists and extremists have set up shop on the Internet, using it to recruit new members, spread propaganda and plan attacks across the world. The size and scope of these dark corners of the Web are vast and disturbing. But in a non-descript building in Tucson, a team of computational scientists are using the cutting-edge technology and novel new approaches to track their moves online, providing an invaluable tool in the global war on terror. Funded by the National Science Foundation and other federal agencies, Hsinchun Chen and his Artificial Intelligence Lab at the University of Arizona have created the Dark Web project, which aims to systematically collect and analyze all terrorist-generated content on the Web. This is no small undertaking. The speed, ubiquity, and potential anonymity of Internet media--email, web sites, and Internet forums--make them ideal communication channels for militant groups and terrorist organizations. As a result, terrorists groups and their followers have created a vast presence on the Internet. A recent report estimates that there are more than 5,000 Web sites created and maintained by known international terrorist groups, including Al-Qaeda, the Iraqi insurgencies, and many home-grown terrorist cells in Europe. Many of these sites are produced in multiple languages and can be hidden within innocuous-looking Web sites. Because of its vital role in coordinating terror activities, analyzing Web content has become increasingly important to the intelligence agencies and research communities that monitor these groups, yet the sheer amount of material to be analyzed is so great that it can quickly overwhelm traditional methods of monitoring and surveillance. This is where the Dark Web project comes in. Using advanced techniques such as Web spidering, link analysis, content analysis, authorship analysis, sentiment analysis and multimedia analysis, Chen and his team can find, catalogue and analyze extremist activities online. According to Chen, scenarios involving vast amounts of information and data points are ideal challenges for computational scientists, who use the power of advanced computers and applications to find patterns and connections where humans can not. One of the tools developed by Dark Web is a technique called Writeprint, which automatically extracts thousands of multilingual, structural, and semantic features to determine who is creating 'anonymous' content online. Writeprint can look at a posting on an online bulletin board, for example, and compare it with writings found elsewhere on the Internet. By analyzing these certain features, it can determine with more than 95 percent accuracy if the author has produced other content in the past. The system can then alert analysts when the same author produces new content, as well as where on the Internet the content is being copied, linked to or discussed. Dark Web also uses complex tracking software called Web spiders to search discussion threads and other content to find the corners of the Internet where terrorist activities are taking place. But according to Chen, sometimes the terrorists fight back. "They can put booby-traps in their Web forums," Chen explains, "and the spider can bring back viruses to our machines." This online cat-and-mouse game means Dark Web must be constantly vigilant against these and other counter-measures deployed by the terrorists. Despite the risks, Dark Web is producing tangible results in the global war on terror. The project team recently completed a study of online stories and videos designed to help train terrorists in how to build improvised explosive devices (IEDs). Understanding what information is being spread about IED methods and where in the world it is being downloaded can improve countermeasures that are developed to thwart them. Dark Web is also a major research testbed for understanding the propaganda, ideology, communication, fundraising, command and control, and recruitment and training of terrorist groups. The Dark Web team has used the tools at their disposal to explore the content and impact of materials relating to "virtual imams" on the Internet, as well as terrorist training and weapons manuals. Dark Web's capabilities are also being used to study the online presence of extremist groups and other social movement organizations. Chen sees applications for this Web mining approach for other academic fields. "What we are doing is using this to study societal change," Chen says. "Evidence of this change is appearing online, and computational science can help other disciplines better understand this change." -NSF- Media Contacts Dana W. Cruikshank, NSF (703) 292-8070 dcruiksh at nsf.gov Program Contacts Maria Zemankova, NSF (703) 292-8930 mzemanko at nsf.gov Principal Investigators Hsinchun Chen, Artificial Intelligence Lab, University of Arizona (520) 621-6219 hchen at eller.arizona.edu Related Websites Dark Web Project Web Site: http://ai.arizona.edu/research/terror/index.htm NSF's Division of Information & Intelligent Systems (IIS): http://www.nsf.gov/div/index.jsp?div=IIS The National Science Foundation (NSF) is an independent federal agency that supports fundamental research and education across all fields of science and engineering, with an annual budget of $5.92 billion. NSF funds reach all 50 states through grants to over 1,700 universities and institutions. Each year, NSF receives about 42,000 competitive requests for funding, and makes over 10,000 new funding awards. The NSF also awards over $400 million in professional and service contracts yearly. From rforno at infowarrior.org Thu Sep 13 16:32:14 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Sep 2007 12:32:14 -0400 Subject: [Infowarrior] - Microsoft updates Windows without users' consent Message-ID: (c/o RK) Microsoft updates Windows without users' consent By Scott Dunn http://windowssecrets.com/comp/070913/#story1 Microsoft has begun patching files on Windows XP and Vista without users' knowledge, even when the users have turned off auto-updates. Many companies require testing of patches before they are widely installed, and businesses in this situation are objecting to the stealth patching. Files changed with no notice to users In recent days, Windows Update (WU) started altering files on users' systems without displaying any dialog box to request permission. The only files that have been reportedly altered to date are nine small executables on XP and nine on Vista that are used by WU itself. Microsoft is patching these files silently, even if auto-updates have been disabled on a particular PC. It's surprising that these files can be changed without the user's knowledge. The Automatic Updates dialog box in the Control Panel can be set to prevent updates from being installed automatically. However, with Microsoft's latest stealth move, updates to the WU executables seem to be installed regardless of the settings ? without notifying users. When users launch Windows Update, Microsoft's online service can check the version of its executables on the PC and update them if necessary. What's unusual is that people are reporting changes in these files although WU wasn't authorized to install anything. This isn't the first time Microsoft has pushed updates out to users who prefer to test and install their updates manually. Not long ago, another Windows component, svchost.exe, was causing problems with Windows Update, as last reported on June 21 in the Windows Secrets Newsletter. In that case, however, the Windows Update site notified users that updated software had to be installed before the patching process could proceed. This time, such a notice never appears. For users who elect not to have updates installed automatically, the issue of consent is crucial. Microsoft has apparently decided, however, that it doesn't need permission to patch Windows Updates files, even if you've set your preferences to require it. < - more details and file listings - > http://windowssecrets.com/comp/070913/#story1 From rforno at infowarrior.org Thu Sep 13 17:08:43 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Sep 2007 13:08:43 -0400 Subject: [Infowarrior] - Eavesdropping: Spy Master Admits Error Message-ID: URL: http://www.msnbc.msn.com/id/20749773/site/newsweek/ Spy Master Admits Error Intel czar Mike McConnell told Congress a new law helped bring down a terror plot. The facts say otherwise. WEB EXCLUSIVE By Michael Isikoff and Mark Hosenball Newsweek Updated: 6:38 p.m. ET Sept 12, 2007 Sept. 12, 2007 - In a new embarrassment for the Bush administration's top spymaster, Director of National Intelligence Mike McConnell is withdrawing an assertion he made to Congress this week that a recently passed electronic-surveillance law helped U.S. authorities foil a major terror plot in Germany. The temporary measure, signed into law by President Bush on Aug. 5, gave the U.S. intelligence community broad new powers to eavesdrop on telephone and e-mail communications overseas without seeking warrants from the surveillance court. The law expires in six months and is expected to be the subject of intense debate in the months ahead. On Monday, McConnell?questioned by Sen. Joe Lieberman?claimed the law, intended to remedy what the White House said was an intelligence gap, had helped to ?facilitate? the arrest of three suspects believed to be planning massive car bombings against American targets in Germany. Other U.S. intelligence-community officials questioned the accuracy of McConnell's testimony and urged his office to correct it. Four intelligence-community officials, who asked for anonymity discussing sensitive material, said the new law, dubbed the "Protect America Act,? played little if any role in the unraveling of the German plot. The U.S. military initially provided information that helped the Germans uncover the plot. But that exchange of information took place months before the new ?Protect America? law was passed. After questions about his testimony were raised, McConnell called Lieberman to clarify his statements to the Senate Committee on Homeland Security and Governmental Affairs, an official said. (A spokeswoman for Lieberman confirmed that McConnell called the senator Tuesday but could not immediately confirm what they spoke about.) Late Wednesday afternoon, McConnell issued a statement acknowledging that "information contributing to the recent arrests [in Germany] was not collected under authorities provided by the 'Protect America Act'." The developments were cited by Democratic critics on Capitol Hill as the latest example of the Bush administration's exaggerated claims?and contradictory statements?about ultrasecret surveillance activities. In the face of such complaints, the administration has consistently resisted any public disclosure about the details of the surveillance activities?even though McConnell himself has openly talked about some aspects of them. The Justice Department, for example, just two weeks ago filed a brief opposing the public release of secret legal opinions about the program?even in redacted form?on the grounds that any disclosure beyond a one-sentence comment earlier this year by Attorney General Alberto Gonzales would ?cause serious damage to the national security of the United States.? (The existence of one of those rulings was first disclosed by NEWSWEEK this summer and publicly confirmed by McConnell in an interview with the El Paso Times in August. The ACLU last month filed an unprecedented motion with the Foreign Intelligence Surveillance Court seeking public release of its rulings about the surveillance program.) The flap over McConnell?s latest statements is especially sensitive because many Democrats have said they felt the White House and the director of national intelligence stampeded them into passing the new surveillance law?claiming it was needed on an ?emergency? basis to protect the country against a future terror attack. Speaking Wednesday at a meeting of the Council on Foreign Relations in Washington, Rep. Jane Harman, who was ranking Democrat on the House Intelligence Committee until she was bumped from the committee earlier this year, charged that McConnell had politicized negotiations over the bill. He "appeared to be taking orders from the White House, negotiating for the White House," said Harman. The role he played, "whether he intended it or not, appeared to be political," she said. "Hey?Jane to Mike," she said, "don't become a political actor." McConnell's testimony that the new law helped in the German case was especially striking?since it seemed to contradict public statements by American and German officials about how the plot was exposed. About 10 months ago?long before the new law was put into effect?guards at a U.S. military base near Frankfurt noted a suspicious individual conducting surveillance outside the facility. U.S. military officials tipped off German authorities, who quickly identified the individual and several accomplices as militants affiliated with the Islamic Jihad Union, a violent Al Qaeda-linked group. The Germans kept the group under surveillance for months and discovered evidence that the militants?some of whom had been to an Islamic Jihad Union training camp in Pakistan?were assembling chemicals for bombing attacks on American military installations in Germany. (The U.S. Embassy in Berlin issued a public warning last April that it had received intelligence reporting about threats against U.S. personnel in that country.) One U.S. intelligence official described the law-enforcement operation as a case of "good old-fashioned police work." Yet when McConnell testified before the Senate Governmental Affairs Committee, he cited the German case as an example of how the new Protect America Act was working. The law, he started to say, "allowed us to see and understand all the connections with ..." At that point, Lieberman, the committee chair, interrupted McConnell. Lieberman expressed surprise that the law might have contributed to the German counterterror operation. "The newly adopted law facilitated that during August?" he asked. "Yes, sir, it did," McConnell responded. ?The connections to Al Qaeda, the connections specifically to what's referred to as IJU, the Islamic Jihad Union, an affiliate of Al Qaeda. Because we could understand it, we could help our partners through a long process of monitoring and observation. And so at the right time, when Americans and German facilities were being targeted, the German authorities decided to move." Counterterrorism officials familiar with the background of McConnell's testimony said they did not believe the intel czar made inaccurate statements intentionally as part of any strategy by the administration to goad Congress into making the new eavesdropping law permanent. Officials said they believed McConnell gave the wrong answer because he was overwhelmed with information and merely mixed up his facts. Nonetheless, some officials said, as news of McConnell's misstatements spread, it would be in the intelligence director's best interests to correct his testimony?advice he is now heeding. URL: http://www.msnbc.msn.com/id/20749773/site/newsweek/ MSN Privacy . Legal ? 2007 MSNBC.com From rforno at infowarrior.org Fri Sep 14 12:56:49 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Sep 2007 08:56:49 -0400 Subject: [Infowarrior] - Document Tracks Changes to FISA Since 2001 Message-ID: Document Tracks Changes to FISA Since 2001 By Kim Zetter EmailSeptember 13, 2007 | 1:42:04 PMCategories: NSA, Surveillance, The Courts Doj For those who have been tracking changes to the Foreign Intelligence Surveillance Act, David Kris, former associate deputy attorney general at the Department of Justice, has made it easier with a helpful new document (see below) showing the original FISA law from 1978 and all of the changes that have been made to it since 9/11 through the Patriot Act and other legislation. The changes are color-coded so you can see exactly which subsequent legislation was responsible for which amendments to FISA. Kris, now a senior vice president and chief ethics and compliance officer at Time Warner, made headlines last year when he released a lengthy memo (PDF) that challenged the government's legal arguments asserting that the president had the power to authorize warrantless surveillance. < - > http://blog.wired.com/27bstroke6/2007/09/document-tracks.html From rforno at infowarrior.org Fri Sep 14 12:59:47 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Sep 2007 08:59:47 -0400 Subject: [Infowarrior] - Microsoft downplays stealth Windows Update file updates Message-ID: Microsoft downplays stealth Windows Update file updates Posted by Robert Vamosi http://www.news.com/8301-10784_3-9778152-7.html?part=rss&subj=news&tag=2547- 1_3-0-20 Microsoft sought today to downplay the recent, but unpublicized, automatic update of system files on Windows XP and Vista machines as "normal behavior." ZDNet blogger Adrian Kingsley-Hughes has been writing the last two days about a "stealth" update that occurred on his and other machines in late August, even though those machines are set to not install automatic updates. "I just don't like the idea of having updates foisted upon systems without being aware that they are coming in and having the option to postpone them," he wrote. A Microsoft spokesperson said, "Windows Update automatically updates itself from time to time to ensure that it is running the most current technology, so that it can check for updates and notify customers that new updates are available." "The point of this explanation is not to suggest that we were as transparent as we could have been; to the contrary, people have told us that we should have been clearer on how Windows Update behaves when it updates itself," said Nate Clinton, Program Manager Windows Update, in a blog today. Clinton went on to say, "WU does not automatically update itself when Automatic Updates is turned off, this only happens when the customer is using WU to automatically install upgrades or to be notified of updates." That would explain what happened on the machines that Adrian Kingsley-Hughes observed. According to his blog each were set to be notified of any updates. For the curious, the updated files on Vista are: * wuapi.dll * wuapp.exe * wuauclt.exe * wuaueng.dll * wucltux.dll * wudriver.dll * wups.dll * wups2.dll * wuwebv.dll And on XP SP2: * cdm.dll * wuapi.dll * wuauclt.exe * wuaucpl.cpl * wuaueng.dll * wucltui.dll * wups.dll * wups2.dll * wuweb.dll All nine files are system files related to the XP and Vista versions of Windows Update (WU) itself. From rforno at infowarrior.org Fri Sep 14 14:05:16 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Sep 2007 10:05:16 -0400 Subject: [Infowarrior] - National Emergency....? Message-ID: While I've not read the law and official definition of the phrase, I'm certain this declaration is needed more for some political or budgetary purpos than anything else. Granted, this is not the first President to have a national emergency declaration extended for a prolonged period, but does anyone else feel that declaring a "national emergency" is a bit of a stretch nowdays? If one believes that the US is under a constant, if not perpetual, threat of an attack by terrorists, doesn't that suggest that a "national emergency" will be a permenant state of American existence? If someone moves to South Florida, they know they're at-risk for a hurricane.....it's part of what you deal with by virtue of living down there. Living in America now you should realize there is always the potential for a(nother) attack on US soil. That said, if we get attacked again, would that suddenly require a "super-duper national emergency" declaration that's even more critical than the routine state of "national emergency"? Just wondering out loud on a Friday.... -rf http://www.whitehouse.gov/news/releases/2007/09/20070912-2.html > Notice: Continuation of the National Emergency with Respect to Certain > Terrorist Attacks > > Consistent with section 202(d) of the National Emergencies Act (50 U.S.C. > 1622(d)), I am continuing for 1 year the national emergency I declared on > September 14, 2001, in Proclamation 7463, with respect to the terrorist > attacks at the World Trade Center, New York, New York, the Pentagon, and > aboard United Airlines flight 93, and the continuing and immediate threat of > further attacks on the United States. > > Because the terrorist threat continues, the national emergency declared on > September 14, 2001, last extended on September 5, 2006, and the powers and > authorities adopted to deal with that emergency, must continue in effect > beyond September 14, 2007. Therefore, I am continuing in effect for an > additional year the national emergency I declared on September 14, 2001, with > respect to the terrorist threat. > > This notice shall be published in the Federal Register and transmitted to the > Congress. > From rforno at infowarrior.org Fri Sep 14 15:56:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Sep 2007 11:56:29 -0400 Subject: [Infowarrior] - TD Ameritrade says hacker stole customer info Message-ID: TD Ameritrade says hacker stole customer info By Josh Funk, Associated Press http://www.usatoday.com/tech/news/2007-09-14-ameritrade-hacked_N.htm OMAHA ? TD Ameritrade (AMTD) said Friday that one of its databases was hacked and contact information for its more than 6.3 million customers was stolen. A spokeswoman for the brokerage said more sensitive information in the same database, including Social Security numbers and account numbers, does not appear to have been taken. The company would not share many details of its investigation, including when the hack took place, because it is still looking into the theft and is cooperating with investigators from the FBI. Ameritrade's customers have received unwanted e-mail ads because of the data theft. Spokeswoman Katrina Becker said there is no evidence that any customer suffered financial losses or was a victim of identity theft. Ameritrade plans to notify customers about the data theft Friday, and the brokerage posted information about it on its website. FIND MORE STORIES IN: Social Security numbers | Ameritrade "While the financial assets our clients hold with us were never touched, and there is no evidence that our clients' Social Security Numbers were taken, we understand that this issue has increased unwanted SPAM, which is annoying and inconvenient for them," Chief Executive Joe Moglia said. "We sincerely apologize for that and any added concern this may have caused." Ameritrade said it is confident that it identified how this information was taken and has changed its computer code enough to prevent the theft from recurring. It added that any new client who opened an account after July 18 was not affected. Copyright 2007 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Fri Sep 14 20:10:33 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Sep 2007 16:10:33 -0400 Subject: [Infowarrior] - Think DOD wastes money? Try DOJ's lobster dinner and $4 meatballs Message-ID: Lobster dinners and cookies among top-dollar snacks at pricey U.S. Justice Department conferences The Associated Press Friday, September 14, 2007 http://www.iht.com/articles/ap/2007/09/14/america/NA-GEN-US-Justice-Dept-Pri cey-Snacks.php WASHINGTON: An internal U.S. Justice Department audit, released Friday, showed the department spent nearly $7 million (?5 million) to plan, host or send employees to 10 conferences over the last two years. This included paying $4 (?2. 90) per meatball at one lavish dinner and spreading an average of $25 (?18) worth of snacks around to each participant at a movie-themed party. There was plenty, too, for those needing to satisfy a sweet tooth. More than $13,000 (?9,380) was spent on cookies and brownies for 1,542 people who attended a four-day conference in August 2005, according to the audit by Justice Department Inspector General Glenn A. Fine. And a "networking" session replete with butterfly shrimp, coconut lobster skewers and Swedish meatballs at a Community Oriented Policing Services conference in July 2006 cost more than $60,000 (?43,290). Ironically, the cheapest meeting on Fine's list was the only one held outside the United States: $181,648 (?131,060) to send FBI agents to a conference in Cambodia in March 2006. Most of the price tag ? $172,327 (?124,335) ? paid travel costs for the agents. The report, which looked at the 10 priciest Justice Department conferences between October 2004 and September 2006, was ordered by the Senate Appropriations Committee. It also found that three-quarters of the employees who attended the conferences demanded daily reimbursement for the cost of meals while traveling ? effectively double-dipping into government funds. Auditors "found that using appropriated funds to pay for expensive meals and snacks at certain DOJ conferences, while allowable, appear to have been extravagant," the report concluded. Responding, the Justice Department's management and administration office promised to prevent future extravagances of the sort that Fine's auditors turned up. A Justice Department spokesman had no immediate comment Friday. Six of the 10 conferences were approved by the department's Office of Justice Programs, whose assistant attorney general, Regina Schofield, resigned this week. It could not immediately be determined whether the report had anything to do with her resignation. Sen. Barbara Mikulski, who chairs the Senate panel that oversees Justice spending, said the audit raises concerns about how the department uses taxpayer dollars. "I will continue to fight for legislation that insists on discipline and vigorous oversight in the Justice Department," Mikulski, a Democrat, said in a statement. The most expensive conference on the list was a $1.4 million (?1 million) meeting, in 2006 in the western state Colorado, to discuss Project Safe Neighborhood. The program, designed to crack down on guns, gangs and drugs, was a top priority for resigning Attorney General Alberto Gonzales. Planners spent $143,469 (?103,510) on microphones, video screens and other technical equipment; $108,866 (?78,550) on food and drinks; and $638,371 (?460,585) on travel costs to send employees to the conference, the audit showed. In all, the department spent $6.9 million (?5 million) on the 10 conferences reviewed. The audit did not compare Justice's conference costs to those at other government agencies. Despite the expense, the audit showed the department's has spent less on conferences over the last several years. The price tag for all Justice conferences during the two years came to $81 million (?58.4 million) ? down from $110 million (?79.4 million) in 2003-04. ___ The audit by the Justice Department's inspector general can be found at: http://www.usdoj.gov/oig/reports/plus/a0742/final.pdf From rforno at infowarrior.org Fri Sep 14 20:14:56 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Sep 2007 16:14:56 -0400 Subject: [Infowarrior] - SCO Group files for bankruptcy protection Message-ID: Good riddance to Darl & Co.........rf September 14, 2007 12:51 PM PDT SCO Group files for bankruptcy protection Posted by Stephen Shankland http://www.news.com/8301-13580_3-9778778-39.html?part=rss&subj=news&tag=2547 -1_3-0-20 Three and a half years after launching a high-profile legal attack on Linux, The SCO Group has filed for Chapter 11 bankruptcy protection. The company long has maintained that it had enough money to fight its costly lawsuits against IBM, Novell, Red Hat (which sued SCO proactively), AutoZone and DaimlerChrysler. But on Friday, a month after losing on a crucial legal ruling, the company admitted a grimmer picture. "The Board of Directors of the SCO Group have unanimously determined that Chapter 11 reorganization is in the best long-term interest of SCO and its subsidiaries, as well as its customers, shareholders and employees," the company said in a statement. Added Chief Executive Darl McBride, "We want to assure our customers and partners that they can continue to rely on SCO products, support and services for their business critical operations." Chapter 11 protects a company's assets from creditors during a reorganization. The SCO Group has a complicated history. It went public as Linux seller Caldera Systems, then acquired the Unix business from the Santa Cruz Operation and renamed itself the SCO Group. It then scrapped its Linux business and sued IBM and others, alleging that Big Blue violated its Unix contract by moving proprietary Unix technology into open-source Linux. However, the company's legal case was dealt a crushing blow in August when the federal judge overseeing its case, Dale Kimball, concluded "that Novell is the owner of the Unix and UnixWare copyrights." In the meantime, the SCO Group has been trying to enliven its ever-shrinking business selling its UnixWare software and to expand into the mobile device software market. From rforno at infowarrior.org Sat Sep 15 12:38:32 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Sep 2007 08:38:32 -0400 Subject: [Infowarrior] - OpEd: Whatever happened to 'The War on Terror' Message-ID: NEIL MACDONALD: Whatever happened to 'The War on Terror' Sept. 11, 2007 http://www.cbc.ca/news/reportsfromabroad/macdonald/20070911.html It appears the Global War on Terror is coming to an end. It may even be over. No armistice, no surrender ceremony, just a rhetorical adjustment, and the clash of civilizations shrinks and shifts and morphs, and emerges as ? a struggle. Members of Congress noticed it on Monday as Gen. David Petraeus, the commander of the U.S. forces in Iraq, trod Capitol Hill on President George W. Bush's behalf. He was trying to assure the legislators who control the public's money that all the slaughter notwithstanding, things are looking cheerier in Iraq. Petraeus, an immensely self-possessed man so decorated with brass and medals that he seems to sit with a stoop, used crisp, unemotional language to describe the vicious civil conflict in Iraq that he's trying to dampen. There was no florid talk about meeting and defeating the forces of evil and terror on the battlefield of history. Ethnic and sectarian violence will continue, he said. Shia death squads are still active. And, as he put it, elements of "the global Islamic extremist movement" are there in force. Global Islamic extremist movement? The phrasing was not overlooked. "I find it absolutely astonishing that after three and a half hours of testimony that I can't recall anyone saying 'International War on Terrorism,'" observed Congressman Gary Ackerman, a New York Democrat who heads the House subcommittee on the Middle East. "Because that is why we were supposed to be fighting there. So they're not fighting here." The big buildup Ackerman's confusion is understandable. Like other Americans, he has been listening to his president and his president's officials say for years that this nation is at war ? a Global War on Terror ? in which Iraq is the "central front." As Ackerman noted, Americans were told repeatedly that they had to take the War on Terror to the terrorists, to keep the terrorists from bringing the War on Terror here. "Make no mistake about it," said President Bush in Texas on August 4, 2005. "We are at war. We're at war with an enemy that attacked us on September 11, 2001." He used the phrase "War on Terror" five times during that address, and hundreds, if not thousands of times since the attacks of 9/11. It worked pretty well, too. The whole country internalized it. Everybody started using it, even the Democrats. Fox News and, to a lesser extent, CNN seemed to have "WAR ON TERROR" permanently plastered across the bottom of their TV broadcasts. Bumper stickers blared it. Anyone who questioned it was regarded as subversive. Bush referred to himself as a "war president" and insisted, successfully, on special wartime powers. These included: warrantless wiretapping of American citizens; "extraordinary renditions;" and powers of arbitrary detention that flouted the U.S. Constitution. Who exactly is the enemy? Of course, the brilliance of the War on Terror, as a political device at least, was its imprecision. Who was the enemy? In the end, the enemy was anyone the administration said was the enemy, and often that information was classified. Soldiers went off to fight in Iraq, Afghanistan as well as uncounted secret battles worldwide as special forces descended on places like Somalia. Secret prisons were set up as well. And Congress paid up, making hundreds of billions of dollars available to the president. "Terrorists" were everywhere in those first few years after 9/11. Nests of them were uncovered and arrested in the U.S. and in Canada, too. Some of them seemed dangerous. Others seemed clownish, people clearly incapable of actually carrying out any attacks ? some were even homeless. But no matter. Terrorism in the American discourse had become a state of mind, an intent and an attitude as much as an action. The already murky definition of terrorist expanded far beyond those who slaughter innocents to advance an agenda. Government officials began describing those who attacked American troops in their own countries as terrorists. Entire towns and cities in Iraq were deemed to be teeming with terrorists. Battles against terrorists lasted days and convulsed cities. Other national leaders picked up on it, too, and who could blame them? Governments from the Mideast to Eastern Europe and Asia found new legitimacy in often brutal efforts to crush opponents. The War on Terror conferred a licence that could not be argued with. Even Stephen Harper, in Canada saw the power in the phrase. "Canada," Harper declared in January 2006, "has made an important contribution to the war on terror in Afghanistan." Re-branding a war But six 9/11s have now passed since the original. And, as Congressman Ackerman noted, the phrase War on Terror is out of vogue. British leaders stopped using it a while ago. And even here in the U.S., as a political tool, it's clearly exhausted. Because, as the people who run focus groups here are no doubt telling their masters, the average citizen expects some sort of resolution to a war. You win a war, or you lose a war. At some point, though, and that point has clearly come in the U.S., people start asking when they can reasonably expect a VE Day. Or in this case, VT Day. The answer to that, of course, is maybe never. Certainly not in this lifetime. Because the phenomenon the West commonly calls terrorism is not militarily defeatable. It stems from ethnic nationalism, tribalism and religion, forces as powerful and primordial as sex. And when governments all over the world are calling their political opponents terrorists, the word loses its impact and, eventually, even its meaning. The Pentagon knows that very well and has been trying to modify its message for some time. The U.S. military dropped the phrase "the long war" last spring, and, as Ackerman noted this week, it generally avoids "War on Terror," too. In 2005, at the behest of the military, then defence secretary Donald Rumsfeld tried to phase out War on Terror and test drove the phrase "global struggle against extremism" instead. It didn't take. His boss smacked it down in that Texas speech a few days later. Now, though, even President Bush has come around. He's still clearly fond of Global War on Terror, and uses it from time to time, but "global struggle against extremists," or a variation on that theme, is now making it into his speeches, too. It popped up in a speech in Washington in June, then in his remarks at Montebello, Que., in August and in Sydney, Australia, last week, at the Asia-Pacific meeting. Perhaps it's seen as a less alarming term. It invokes something less apocalyptic and, importantly, more long-term. You can, after all, struggle forever, and the struggle itself remains a noble endeavour. This rhetorical shift at the top can seem a bit rich to journalists, many of whom had reservations about using the term War on Terror, or even the word terrorist, in the first place. Many reporters preferred to use words like, yes, "extremists," and took tremendous blasts of heat from conservative and special interest groups for doing so in the early years following 9/11. Some of those groups fight on. A group called Freedom's Watch, for example, placed a full-page ad in the New York Times today, throwing President Bush's old rhetoric back at him and at Gen. Petreaus: "WE ARE FIGHTING A GLOBAL WAR AGAINST TERRORISM. SURRENDER TO TERRORISTS IS NOT AN OPTION. VICTORY IS AMERICA'S ONLY CHOICE." It had an almost nostalgic ring to it. From rforno at infowarrior.org Sat Sep 15 18:26:09 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Sep 2007 14:26:09 -0400 Subject: [Infowarrior] - Biggest Ever BitTorrent Leak: MediaDefender Internal Emails Go Public Message-ID: The Biggest Ever BitTorrent Leak: MediaDefender Internal Emails Go Public Written by Enigmax & Ernesto on September 15, 2007 When TorrentFreak reported that Media Defender (MD) was behind the video site MiiVi, they cast doubt on us. Now, in what is surely the biggest BitTorrent leak ever, nearly 700mb of MD?s emails have gone public. When MD?s Randy Saaf found out we rumbled MiiVi he said, ?This is really fucked.? This is too, but much more so. When we reported in July that an Anti-Piracy Gang Launches their own Video Download Site to Trap People and that the company was called Media Defender and, as anyone who aims to be a credible news resource would, we checked and double checked our sources. We said, with some confidence: Media Defender, a notorious anti piracy gang working for the MPAA, RIAA and several independent media production companies, just launched their very own video upload service called ?miivi.com?. The sole purpose of the site is to trap people into uploading copyrighted material, and bust them for doing so. However, in comments made to Ars technica, Media Defender?s Randy Saaf chose to rubbish our claims, calling it an ?accidentally un-secured internal project?. >From the emails we cannot be sure that it?s an entrapment site or that it is related to the MPAA (perhaps it?s a legit a P2P video client?), but it does look suspicious. Unfortunately for Media Defender - a company dedicated to mitigating the effects of internet leaks - they can do nothing about being the subject of the biggest BitTorrent leak of all time. Over 700mb of their own internal emails, dating back over 6 months have been leaked to the internet in what will be a devastating blow to the company. Many are very recent, having September 2007 dates and the majority involve the most senior people in the company. Apparently this is not the first time that a MediaDefender email leaked onto the Internet. According to the .nfo file posted with the Mbox file the emails were obtained by a group called ?MediaDefender-Defenders?. It states: ?By releasing these emails we hope to secure the privacy and personal integrity of all peer-to-peer users. The emails contains information about the various tactics and technical solutions for tracking p2p users, and disrupt p2p services,? and ?A special thanks to Jay Maris, for circumventing there entire email-security by forwarding all your emails to your gmail account? < - > http://torrentfreak.com/mediadefender-emails-leaked-070915/ From rforno at infowarrior.org Sat Sep 15 19:40:11 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Sep 2007 15:40:11 -0400 Subject: [Infowarrior] - AOL/Hotmail Blocking Truthout Communications? Message-ID: "...the Microsoft-Hotmail administrators inform us that they are blocking our communications to Truthout subscribers on their systems due to what they describe as our "reputation."" Knowing that any American-based email provider is censoring/blocking political discourse --regardless of viewpoint-- is disturbing. For shame! -rf http://www.truthout.org/docs_2006/091307Z.shtml# ?? ?UPDATE: 09.14.07:12:noon:pdt: ????We are receiving numerous reports from readers that our communications to them are affected. The reader comments posted below provide valuable additional information. ????The most frequent question we are hearing right now is: "What can I do?" NOTHING works better than public pressure. They can ignore us; they can't ignore you. ????AOL/Microsoft-Hotmail Preventing Delivery of Truthout Communications ????Thursday 13 September 2007 ????Currently, AOL- and Microsoft-related email providers, including Hotmail, are preventing delivery of a range of Truthout communications to thousands of our subscribers. Such communications include Truthout's regular newsletters and notifications to our subscribers from individual workstations of Truthout administrators informing those subscribers that they are affected. ????For the most part, all other ISPs appear to be delivering Truthout communications normally. ????While AOL has been largely evasive and silent about their reasons for blocking communications, our server logs and complaints from subscribers illustrate a clear pattern of interference. Microsoft-Hotmail, while not being forthcoming about their actions to the subscribers involved, have stated to our administrators that they are in fact "throttling" and "blocking" our communications. Further, the Microsoft-Hotmail administrators inform us that they are blocking our communications to Truthout subscribers on their systems due to what they describe as our "reputation." ????We believe that you - not your Internet Service Provider - should decide what you will read. In an effort to restore service and send a clear message to the ISPs involved, we ask you to do the following: ????1.) Keep us informed. Let us know if your newsletters suddenly stop arriving. We have set up a special email address for those complaints. ????2.) It is critically important if it does become clear that you are still on our list, and we are sending to you, that you demand your rights. The only rights you have are the ones you exercise. ????We are deeply sorry to all of you affected. But we are confident that this problem can be addressed working hand-in-hand. ????Good luck, ????Marc Ash, Executive Director - t r u t h o u t From rforno at infowarrior.org Sun Sep 16 02:00:38 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Sep 2007 22:00:38 -0400 Subject: [Infowarrior] - The Ringtones Racket Message-ID: A rather comprehensive article discussing the 'scam' of selling ringtones http://daringfireball.net/2007/09/the_ringtones_racket From rforno at infowarrior.org Sun Sep 16 16:19:22 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Sep 2007 12:19:22 -0400 Subject: [Infowarrior] - More on - AOL/Hotmail Blocking Truthout Communications? In-Reply-To: <20070916142951.GA26064@gsp.org> Message-ID: ------ Forwarded Message From: RK There is no censorship involved here -- "reputation" in this context is based solely on the reputation of the SMTP orgination point's IP address, domain name, networko block/AS, and other technical factors. Heavily glossing, the gist is "if your mail server emits spam or appears to be located in a network neighborhood that emits spam, then your reputation score may tilt toward the spammy end of the scale; if your mail server doesn't emit spam or appears to be located in a non-spamming emitting network neighborhood, then your score may tilt toward the non-spammy end of the scale". The basic problem here (which I happen to know 'cause I'm on one of truthout's lists) is that they don't run their mail system or their mailing lists properly. I just sent a message to one of their listed domain contacts offering to fix that -- for free, provided they actually do what I'm going to tell them to do -- but it bounced back 'cause that contact address doesn't exist, according to truthout's own mail server. *That* in itself is an issue, since it's entirely possible that one of those providers has been trying to tell them about this issue but hasn't been able to reach them. (I'll try another contact as well as their postmaster address.) From rforno at infowarrior.org Mon Sep 17 01:03:41 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Sep 2007 21:03:41 -0400 Subject: [Infowarrior] - State-secret overreach Message-ID: State-secret overreach http://www.latimes.com/news/printedition/opinion/la-op-siegel16sep16,1,78681 13.story?track=rss For too long, judges have allowed the government to hide mistakes behind national security. By Barry Siegel September 16, 2007 On Aug. 15, before an overflow crowd at the federal courthouse at 7th and Mission in San Francisco, three judges from the U.S. 9th Circuit Court of Appeals listened to lawyers argue whether the once-obscure "state secrets privilege" gives the government an absolute right to withhold documents, bury evidence and block lawsuits. The government claimed the privilege in connection with two cases challenging the Bush administration's domestic surveillance programs, including its controversial warrantless wiretapping operation. Deputy Solicitor General Gregory Garre, arguing for the government, maintained that the cases should be dismissed instantly, no questions asked, because a trial would endanger national security. Presenting any evidence in a courtroom, he said, would put the country at "exceptionally grave harm." When it comes to national security, Garre said, judges must give the executive branch the "utmost deference." After listening to such claims for a while, the senior judge on the appellate panel, Harry Pregerson, asked Garre whether the state secrets privilege meant that the courts must simply "rubber stamp" the decisions of the executive. "The bottom line here is the government declares something is a state secret, that's the end of it," Pregerson said. "The king can do no wrong." "This seems to put us in the 'trust us' category," said Judge M. Margaret McKeown, referring to government assurances that the surveillance program didn't violate the law. "We don't do it. Trust us. And don't ask us about it." This apparent skepticism on the part of Pregerson and his fellow judges was highly unusual and may signal a new willingness to question government assertions about national security. In recent years, as the Bush administration has relied more heavily on the state secrets privilege to have cases thrown out of court, judges have generally been willing to concede meekly to the government's argument. Could it be that the government has finally overplayed its hand? The battles over the state secrets privilege go back more than 50 years. Close your eyes and it could be Aug. 9, 1950. In a federal courthouse in Washington that humid day, others faced a similar issue during litigation over the crash of an Air Force B-29 two years earlier near Waycross, Ga. A lawyer for the widows of three civilian engineers who died in that crash wanted the Air Force's accident report, expecting it would shed light on the cause of the disaster. An assistant U.S. attorney balked, arguing that the report could not be released without seriously hampering national security. He presented Air Force affidavits that said the plane was "engaged in a highly secret mission" and "carried confidential equipment." In response, a skeptical U.S. District Judge William Kirkpatrick said, "I only want to know where your argument leads." The assistant U.S. attorney made plain where it led: "We contend that the findings of the [executive branch] are binding . . . upon the judiciary. You cannot review it or interpret it. That is what it comes down to." Kirkpatrick did not agree. He found the government in default and awarded the widows damages. A three-judge panel of the U.S. 3rd Circuit Court of Appeals unanimously affirmed his decision. But when the matter came before the U.S. Supreme Court, it reversed the lower courts, for the first time formally recognizing a state secrets privilege in the landmark ruling U.S. vs. Reynolds. The government shouldn't have absolute autonomy, wrote Chief Justice Fred Vinson in his 1953 opinion, but if the government can satisfy the court that a "reasonable danger" to national security exists, judges should defer and not force the government to produce documents -- not even for private examination in the judge's chambers. So it began. Slowly and haltingly, at first, then not so slowly. Between 1953 and 1976, the government invoked the privilege in only five cases; between 1977 and 2001, in 59 cases. In the last six years, the Bush administration has invoked it 39 times, according to the best available count -- or more than six times every year. Along with the numbers, the scope and definition of what constitutes a state secret has expanded -- now including what one judicial decision described as "bits and pieces of seemingly innocuous information" that might form a revealing "mosaic." Government lawyers have found that merely waving the Reynolds flag in the background for effect gains them deference from judges. Rarely has a court rejected a government claim of privilege. As a result, Vietnam War protesters subjected to surveillance and wiretapping have not been allowed to sue, blocked by rulings in 1978 and 1982. The retreat of the judiciary has also meant that accused enemy combatants and victims of "extraordinary rendition," such as Maher Arar and Khaled El-Masri, have not been able to protest their treatment in court. Nor have a variety of penalized whistle-blowers and federal employees making discrimination claims against the government. Nor have contractors embroiled in business conflicts with the military, a scientist defamed by accusations of espionage or a sixth-grade boy investigated by the FBI for corresponding with foreign countries during a school project. Over time, the desire to protect military secrets has started to look a good deal like the impulse to cover up mistakes, avoid embarrassment and gain insulation from liability. How to know, though? Most often, judges rule blindly, without looking at the disputed documents underlying the state secrets claims. Since 1993, they have required in-camera review in less than an eighth of cases. They choose, instead, to trust the government -- the ultimate act of faith. They opt for deference; deference lets them off the hook. No one wants to be the judge whose decision leads to an apocalyptic disaster. Better to say, we're not equipped, we can't tell whether it implicates national security, we need to leave this to those who know. This is understandable: In an ominous world full of national security threats, it is hard indeed to deny the government. Yet the Bush administration may finally have escalated the dubious use of the state secrets privilege to a point of resistance. In the summer of 2006, U.S. District Judge Vaughn R. Walker in San Francisco and District Judge Anna Diggs Taylor in Detroit ventured to deny government state secrets claims in the domestic surveillance and eavesdropping cases. "It is important to note that even the state secrets privilege has its limits," Walker wrote. "While the court recognizes and respects the executive's constitutional duty to protect the nation from threats, the court also takes seriously its constitutional duty to adjudicate the disputes that come before it. . . . To defer to a blanket assertion of secrecy here would be to abdicate that duty." It is Walker's opinion (along with one from Oregon) that came on appeal before the three-judge U.S. 9th Circuit panel last month. By then, the U.S. 6th Circuit had already reversed Taylor's decision, ruling that the plaintiffs there had no legal standing because the state secrets privilege prevented them from learning if they'd been targets of wiretapping. Now, the government wanted Walker's opinion reversed too. But judicial deference, for once, did not seem to be in the air. According to news reports, Pregerson (a President Carter appointee) sounded downright irritated; judges McKeown and Michael Daly Hawkins (President Clinton appointees) at the least were doubtful. Pregerson wondered what roles judges were to play when the executive branch invoked state secrets: "Who decides whether something is a state secret or not?" Hearing the deputy solicitor general talk of "ultimate deference" due the executive branch, Pregerson asked: "What does 'ultimate deference' mean? Bow to it?" That, above all, is the question before the members of the 9th Circuit panel. As they ponder, they would do well to consider Judge Kirkpatrick's response to the same question in August 1950 -- and to what we now know about the government's state secrets claim those many years ago. Declassified half a century later, the disputed B-29 accident report turned out to tell a tale of military negligence -- maintenance failures, missing heat shields, cockpit confusion -- not one of national security secrets about a radar guidance system. The government, it seems, was seeking to cover its embarrassment and hide its mistakes, not to protect the country's security. This revelation has helped fuel calls for reform by legal scholars, public interest groups and the American Bar Assn. It should also inspire the 9th Circuit panel in the current cases to think long and hard before trusting the government or accepting its claims. In a system of three separate but equal powers of government, it's time for the judges to do their job. Barry Siegel, a former Times national correspondent, directs the literary journalism program at UC Irvine. His book on U.S. vs. Reynolds and the state secrets privilege, "Claim of Privilege," will be published next year. From rforno at infowarrior.org Mon Sep 17 11:40:26 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Sep 2007 07:40:26 -0400 Subject: [Infowarrior] - FW: [ISN] Beware of Zombies ?? Message-ID: Anyone care to tell me how Strassman can say with such "engineering precision" that there were "exactly" 735,598 zombified computers in the US on a given day, and that ALL those systems were zombified exclusively by Chinese activity? Unless there is 100% confirmation that the software used by this zombification was of Chinese origin and under Chinese operational control, how would these statistics be changed if it was determined that there were zombified systems created by Russia that use the same zombie software as the purported Chinese-controlled ones? And how does Strassman's statistic deal with man-in-the-middle controllers that may be in another country besides China? Sure, DOD (and USG) has it's bad cyber-days, but given their penchant for hyping meaningless statistics on cyberspace activitiy over the years I have a hard time believing Strassman's "precision" here..... -rf Attack of the Chinese Zombies By Bob Brewin GovExec.com September 17, 2007 The wave of cyberprobes or cyberattacks against Pentagon networks and government computer systems in France, Germany, New Zealand and the United Kingdom this summer appears to emanate from China, but no one in authority in the Defense Department or any of the other countries that have been victimized seems willing to finger the Chinese government or military as the culprit. Paul Strassmann -- who served as director of Defense information in the early 1990s, the acting chief information officer of NASA from 2002 to 2003, and now serves as a Defense senior adviser -- declines to point fingers, either. He prefers, instead, to focus on one startling fact about Chinese activity in cyberspace: As of the morning of Sept. 14, there were exactly (remember, Strassmann is an engineer and likes precision) 735,598 computers in the United States infested by Chinese zombies, he said. Zombies are those small programs that infect computers at the root level and allow the computers to be controlled by remote Users. < - > http://www.govexec.com/story_page.cfm?articleid=38027 From rforno at infowarrior.org Mon Sep 17 12:03:04 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Sep 2007 08:03:04 -0400 Subject: [Infowarrior] - EU: Microsoft Must Share Code With Rivals Message-ID: Microsoft Must Share Code With Rivals By MATT MOORE The Associated Press Monday, September 17, 2007; 7:48 AM http://www.washingtonpost.com/wp-dyn/content/article/2007/09/17/AR2007091700 235_pf.html LUXEMBOURG -- Microsoft lost its appeal of a European antitrust order Monday that obliges the technology giant to share communications code with rivals, sell a copy of Windows without Media Player and pay a $613 million fine _ the largest ever by EU regulators. The EU Court of First Instance ruled against Microsoft on both parts of the case, saying the European Commission was correct in concluding that Microsoft was guilty of monopoly abuse in trying to use its power over desktop computers to muscle into server software. It also said regulators had clearly demonstrated that selling media software with Windows had damaged rivals. "The court observes that it is beyond dispute that in consequence of the tying consumers are unable to acquire the Windows operating system without simultaneously acquiring Windows Media Player," it said. "In that regard, the court considers that neither the fact that Microsoft does not charge a separate price for Windows Media Player nor the fact that consumers are not obliged to use that Media Player is irrelevant." But it did overturn regulators' decision to appoint a monitoring trustee to watch how Microsoft had complied with the ruling, saying the Commission had exceeded its powers by ordering Microsoft to pay for all the costs of the trustee. Microsoft, which made $14.07 billion in profits during its last fiscal year, can appeal the decision to the EU's highest court, the European Court of Justice, within two months. "I don't want to talk about what will come next," said Microsoft lawyer Brad Smith in answer to questions about the possibility of an appeal. "We need to read the ruling before we make any decision." European Union Competition Commissioner Neelie Kroes urged Microsoft to act on the 2004 antitrust ruling. "The court has upheld a landmark Commission decision to give consumers more choice in software markets," Kroes said in a statement. "Microsoft must now comply fully with its legal obligations to desist from engaging in anticompetitive conduct. The Commission will do its utmost to ensure that Microsoft complies swiftly." Kroes called the decision "bittersweet," saying software customers still have no more choice than they did three years ago. "The court has confirmed the Commission's view that consumers are suffering at the hands of Microsoft," she said. She refused to say if EU regulators would follow up antitrust worries they flagged last year with Microsoft's new Vista operating system, saying only that "if it is not in line with our policy, then we will act." The ruling showed that handing over key interoperability code that helped rivals make compatible products was required in the software market, she said. The European Committee for Interoperable Systems called the ruling a good result. "It's a very good day, for it signals that there will be fair competition for the sector," said Maurits Dolmans, a lawyer for the group. In its 248-page ruling, the court upheld both the Commission's argument and its order for Microsoft to hand over information on server protocols to rivals. Microsoft had claimed these were protected by patents and the Commission was forcing it to give away valuable intellectual property at little or no cost. The court confirmed "that the necessary degree of interoperability required by the Commission is well founded and that there is no inconsistency between that degree of interoperability and the remedy imposed by the Commission. ___ On the Net: Court Ruling: http://tinyurl.com/3x2pze ? 2007 The Associated Press From rforno at infowarrior.org Mon Sep 17 12:47:15 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Sep 2007 08:47:15 -0400 Subject: [Infowarrior] - Blackwater License Being Pulled in Iraq In-Reply-To: Message-ID: Blackwater License Being Pulled in Iraq By BASSEM MROUE The Associated Press Monday, September 17, 2007; 7:16 AM BAGHDAD -- The Interior Ministry said Monday that it was pulling the license of an American security firm allegedly involved in the fatal shooting of civilians during an attack on a U.S. State Department motorcade in Baghdad. The ministry said it would prosecute any foreign contractors found to have used excessive force in the Sunday incident. Interior Ministry spokesman Abdul-Karim Khalaf said eight people were killed and 13 were wounded when security contractors working for Blackwater USA opened fire in a predominantly Sunni neighborhood of western Baghdad. "We have canceled the license of Blackwater and prevented them from working all over Iraqi territory. We will also refer those involved to Iraqi judicial authorities," Khalaf said. Blackwater, based in North Carolina, provides security for many U.S. civilian operations in the country. Phone messages left early Monday at Blackwater's office in North Carolina and with a company spokeswoman were not immediately returned. < - > http://www.washingtonpost.com/wp-dyn/content/article/2007/09/17/AR2007091700 238_pf.html From rforno at infowarrior.org Mon Sep 17 13:04:27 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Sep 2007 09:04:27 -0400 Subject: [Infowarrior] - Michael Mukasey to be nominated for Attorney General Message-ID: Bush to Name Ex-Judge as Successor to Gonzales By SHERYL GAY STOLBERG and PHILIP SHENON http://www.nytimes.com/2007/09/17/washington/17attorney.html?_r=1&hp=&oref=s login&pagewanted=print WASHINGTON, Sept. 16 ? President Bush has decided to nominate Michael B. Mukasey, a former federal judge from New York who has presided over some high-profile terrorism trials, as his next attorney general and is expected to announce the selection Monday, according to several people familiar with the decision. Should the Senate confirm him, Mr. Mukasey (pronounced mew-KAY-see) would become the third attorney general to serve under Mr. Bush. As the top law enforcement officer in the United States, he would preside over a Justice Department that has been buffeted by Congressional inquiries into the firing of federal prosecutors and the resignation of the previous attorney general, Alberto R. Gonzales. Unlike Mr. Gonzales, Mr. Mukasey is not a close confidant of the president. Nor is he a Washington insider. But people in both political parties say he possesses the two qualities that Mr. Bush has been looking for in a nominee: a law-and-order sensibility that dovetails with the president?s agenda for the fight against terror, and the potential to avoid a bruising confirmation battle with the Democrats who now run the Senate. With 16 months left in office, Mr. Bush can ill afford a drawn-out confirmation fight. One of those Democrats, Senator Charles E. Schumer of New York, who led the fight to oust Mr. Gonzales, issued a statement on Sunday evening praising Mr. Mukasey ? a suggestion that Democrats, who are already challenging Mr. Bush over the war in Iraq, have little appetite for another big fight. ?While he is certainly conservative,? Mr. Schumer said, ?Judge Mukasey seems to be the kind of nominee who would put rule of law first and show independence from the White House, our most important criteria. For sure we?d want to ascertain his approach on such important and sensitive issues as wiretapping and the appointment of U.S. attorneys, but he?s a lot better than some of the other names mentioned and he has the potential to become a consensus nominee.? Mr. Mukasey?s handling of the case of Jose Padilla, an American citizen suspected of membership in Al Qaeda, has attracted particular notice from critics of the Bush administration. Although Mr. Mukasey backed the White House by ruling that Mr. Padilla could be held as an enemy combatant ? a decision overturned on appeal ? he also defied the administration by saying Mr. Padilla was entitled to legal counsel. Some critics cite the decision as a sign of Mr. Mukasey?s independence, and such issues will undoubtedly be front and center during confirmation hearings. Beyond Mr. Schumer, who in 2003 suggested Mr. Mukasey as a possible Supreme Court nominee, the former judge is not well known on Capitol Hill, and it is impossible to predict how the hearings would go. When another Democrat, Senator Joseph R. Biden Jr. of Delaware, was asked on Sunday about him, he said Mr. Mukasey would have to prove he was ?not just the president?s lawyer, but the country?s lawyer? as well. ?He has to pass that test for me, go through that filter,? Mr. Biden said on Fox News Sunday. White House officials refused to discuss the selection on Sunday. But Mr. Mukasey spent the afternoon at the White House, and by evening the news that he would be the nominee spilled out. Some White House allies spoke about the selection as if Mr. Bush had already announced it. ?I think the president, by reaching outside the inner circle, by reaching outside the usual suspects, is bringing someone who is really going to restore a lot of integrity to the department,? said Jay Lefkowitz, a former domestic policy adviser to Mr. Bush who now practices law in New York. Mr. Mukasey, 66, was appointed to the federal bench by President Ronald Reagan in 1987, and retired last year to go into private practice. He spent 19 years as a federal judge in New York, including as chief judge of the United States District Court for the Southern District of New York, which includes Manhattan. Before that, he was a prosecutor in Manhattan when Rudolph W. Giuliani was the United States attorney there. He and his son, Marc, are advisers to Mr. Giuliani?s presidential campaign. But Mr. Mukasey is not viewed as a political partisan, which has troubled conservatives, many of whom were hoping the president would select Theodore B. Olson, the former solicitor general, as his nominee. Mr. Olson seemed to be moving to the top of the president?s short list last week until Senator Harry Reid, the Democratic leader, said Mr. Olson could not be confirmed. Over the weekend, the White House appeared to be floating Mr. Mukasy?s name with conservatives. A sign that he would pass muster with them came Saturday night, when William Kristol, the editor of The Weekly Standard, a conservative magazine, endorsed Mr. Mukasey. In 1993, Mr. Mukasey presided over the trial of Omar Abdel Rahman, the so-called Blind Sheik, whom he sentenced to life in prison for his role in a plot to blow up New York landmarks and tunnels. Mr. Mukasey had a reputation for decisions that were largely supportive of law enforcement that often brought criticism from civil-liberty advocates. He has spoken in support of provisions of the Patriot Act, and last month wrote an op-ed piece in The Wall Street Journal on ?the inadequacy of the current approach to terrorism prosecutions,? a view that the Bush administration has expressed. Still, he has garnered praise in some surprising quarters. Glenn Greenwald, a frequent critic of the administration who writes about legal issues for Salon.com, assessed Mr. Mukasey?s part in the Padilla case in an article over the weekend and praised him as ?very smart and independent, not part of the Bush circle.? From rforno at infowarrior.org Mon Sep 17 13:06:04 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Sep 2007 09:06:04 -0400 Subject: [Infowarrior] - Apple's new iPod checksum cracked Message-ID: Apple's new iPod checksum cracked by GtkPod coders By Ryan Paul | Published: September 16, 2007 - 10:00PM CT A few days ago, WinAmp iPod plugin developer Will Fisher wrote a blog entry about the changes Apple made to the iPod music database format that break compatibility with third-party software. Although the iPod has never officially supported open music management, the database format used by the device was previously relatively straightforward. The new database format uses a checksum value that locks the database to a specific device and prevents third-party database modification. If the device's internal database is modified by a third-party program in any way, it will refuse to play any of the content and report that the device contains 0 songs, even if the database is still completely intact in every other respect. Related Stories * Friday afternoon Apple links * iPod Linux project aims to reverse-engineer new iPod games * Embedded device developers prefer homegrown Linux over commercial solutions * First look: Ubuntu 7.10 Tribe 2 with Compiz Fusion Fortunately, community members have alerted us that a GtkPod developer has cracked the checksum and successfully tested the new database format support on two devices. Those who are already locked into Apple's ecosystem will now be able to continue using the software of their choice with their iPods. < - > http://arstechnica.com/news.ars/post/20070916-gtkpod-coders-crack-apples-new -ipod-checksum.html From rforno at infowarrior.org Mon Sep 17 13:21:28 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Sep 2007 09:21:28 -0400 Subject: [Infowarrior] - Windows Vista attacked by 13-year-old virus Message-ID: Vista attacked by 13-year-old virus http://www.theregister.co.uk/2007/09/17/vista_hit_by_stoned_angelina/ By Kelly Fiveash ? More by this author Published Monday 17th September 2007 11:22 GMT A batch of laptops pre-installed with Windows Vista Home Premium was found to have been infected with a 13-year-old boot sector virus. Those of you with a long memory will vividly recall the year 1994: Nirvana's lead singer Kurt Cobain died, South Africa held its first multi-racial elections, and Tony Blair became leader of the Labour party. Oh, and Microsoft's operating system was the quaint, pre-NT Windows for Workgroups. But it was a year that also saw the arrival of a boot sector computer virus known as Stoned.Angelina which moved the original master boot record to cylinder 0, head 0, sector 9. It would appear that this teenage virus has not yet been consigned to the history books. According to Virus Bulletin, the consignment of infected Medion laptops ? which could number anything up to 100,000 shipments ? had been sold in Danish and German branches of retail giant Aldi. The computers had been loaded with Microsoft's latest operating system Vista and Bullguard's anti-virus software, which failed to detect and remove the malware. Although the infection itself is harmless, Stoned.Angelina will undoubtedly have left Microsoft and Bullguard execs blushing with embarrassment about the apparent flaws in their software which allowed an ancient virus to slip through the back door. On its website Bullguard offered some reassurance to Medion customers hit by the virus: "Stoned.Angelina is a low-risk boot virus that infects the MBR (Master Boot Record) of hard disks. This is a very old virus. Apart from its ability to spread from computer to computer, it carries no payload (damage) to the systems it infects." It added that the virus commonly spreads by being booted from an infected floppy disk, and causes no damage to the operating system. Virus Bulletin technical consultant John Hawes said: "This is a reminder that old viruses never really die. "Malware that's been off the radar for years often pops up when least expected, after someone digs out an old floppy or boots up an ancient system, and security firms have a duty to maintain protection against older threats for just this kind of eventuality." ? From rforno at infowarrior.org Mon Sep 17 23:26:15 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Sep 2007 19:26:15 -0400 Subject: [Infowarrior] - Pentagon's Counterspies: The Counterintelligence Field Activity (CIFA) In-Reply-To: <69iqb5$ej4dse@iron2-listserv.tops.gwu.edu> Message-ID: National Security Archive Update, September 17, 2007 THE PENTAGON'S COUNTERSPIES: THE COUNTERINTELLIGENCE FIELD ACTIVITY (CIFA) Documents Describe Organization and Operations of Controversial Agency and Database For more information contact: Jeffrey Richelson - 202/994-7000 http://www.nsarchive.org Washington D.C., September 17, 2007 - Today the National Security Archive publishes a collection of documents concerning the organization and operations of the Pentagon's Counterintelligence Field Activity and the TALON/CORNERSTONE database it has maintained. As the Defense Department announced on August 21, today that database will be terminated while work on new procedures for reporting of threats to the Defense Department and its facilities continues. In the interim, threat reports will be transmitted to the FBI. The declassified documents published today include the key Department of Defense directive on the collection of information about Americans, as well as documents on the organization and missions of CIFA, an evaluation of charges of mismanagement by CIFA executives, and examples of data collected about protest activities as part of the Threat And Local Observation Notice (TALON) system. Central to the collection are documents that show the internal and public response by the Defense Department to questions raised about the propriety of the data base ? specifically, its collection and retention of data on political protests. Also, included is a DoD Inspector General report on the operation of the TALON system, identifying a number of problems in operation of the system. Visit the Web site of the National Security Archive for more information about today's posting. http://www.nsarchive.org From rforno at infowarrior.org Tue Sep 18 01:43:39 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Sep 2007 21:43:39 -0400 Subject: [Infowarrior] - ACLU Surveillance Soceity Clock Campaign Message-ID: http://www.aclu.org/privacy/spying/surveillancesocietyclock2.html The reality is we are fast approaching a genuine surveillance society in the United States - a dark future where our every move, our every transaction, our every communication is recorded, compiled, and stored away, ready to be examined and used against us by the authorities whenever they want. The ACLU has created this Surveillance Clock to symbolize just how close we are to a "midnight" of a genuine surveillance society. But it's not too late - there is still time to save our privacy. WHY THE SURVEILLANCE CLOCK? ? Powerful new technologies ? Weakening privacy laws ? The "War on Terror" ? Courts that let privacy rights slip away ? A president who thinks he can ignore the law ? Big corporations becoming extensions of the surveillance state From rforno at infowarrior.org Tue Sep 18 11:52:07 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Sep 2007 07:52:07 -0400 Subject: [Infowarrior] - New York Times to end paid Internet service Message-ID: New York Times to end paid Internet service Mon Sep 17, 2007 8:37pm EDT http://www.reuters.com/article/internetNews/idUSWEN101120070918?feedType=RSS &feedName=internetNews&rpc=22&sp=true By Robert MacMillan NEW YORK (Reuters) - The New York Times Co said on Monday it will end its paid TimesSelect Web service and make most of its Web site available for free in the hopes of attracting more readers and higher advertising revenue. TimesSelect will shut down on Wednesday, two years after the Times launched it, which charges subscribers $7.95 a month or $49.95 a year to read articles by columnists such as Maureen Dowd and Thomas Friedman. The trademark orange "T's" marking premium articles will begin disappearing Tuesday night, said the Web site's Vice President and General Manager Vivian Schiller. The move is an acknowledgment by The Times that making Web site visitors pay for content would not bring in as much money as making it available for free and supporting it with advertising. "We now believe by opening up all our content and unleashing what will be millions and millions of new documents, combined with phenomenal growth, that that will create a revenue stream that will more than exceed the subscription revenue," Schiller said. Figuring out how to increase online revenue is crucial to the Times and other U.S. newspaper publishers, which are struggling with a drop in advertising sales and paying subscribers as more readers move online. "Of course, everything on the Web is free, so it's understandable why they would want to do that," said Alan Mutter a former editor at the San Francisco Chronicle and proprietor of a blog about the Internet and the news business called Reflections of a Newsosaur. "The more page views you have, the more you can sell," he said. "In the immediate moment it's a perfectly good idea." The longer-term problem for publishers like the Times is that they must find ways to present content online rather than just transferring stories and pictures from the newspaper. Most U.S. news Web sites offer their contents for free, supporting themselves by selling advertising. One exception is The Wall Street Journal which runs a subscription-based Web site. TimesSelect generated about $10 million in revenue a year. Schiller declined to project how much higher the online growth rate would be without charging visitors. The company expects to record a "substantially increased number of unique users referred to and accessing the site" once TimesSelect disappears, it said in a statement. TimesSelect includes online access to 23 news and opinion columnists as well as several tools to customize the Web site. It also offers access to the Times archives back to 1851. Starting on Wednesday, access to the archives will be available for free back to 1987, and as well as stories before 1923, which are in the public domain, Schiller said. Users can buy articles between 1923 and 1986 on their own or in 10-article packages, the company said. Some stories, such as film reviews, will be free, she said. American Express will be the first sponsor of the opened areas on the site, and will have a "significant advertising presence" on the homepage and in the opinion and archives sections, the company said. Schiller declined to say what the financial impact would be on the Times. No employees would lose their jobs, she said. TimesSelect had about 227,000 paying subscribers as of August. People who receive the paper at home get access to it for free, as do students. In total, about 787,400 people have access to TimesSelect now, the company said. The number of subscribers met the paper's expectations, Schiller said. "We consider TimesSelect very successful," she said. Paying TimesSelect subscribers will receive a pro-rated refund on their credit cards, she added. ? Reuters2007All rights reserved From rforno at infowarrior.org Tue Sep 18 14:02:05 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Sep 2007 10:02:05 -0400 Subject: [Infowarrior] - Copyright Czar: DMCA Is A Good Law Message-ID: http://techdirt.com/articles/20070917/165119.shtml Peters is a self-declared "Luddite" and admits that she doesn't even have a computer at home. In other words, one of the people most responsible for setting up the rules that impact copyright in a new digital age has almost no clue how the market is changing thanks to new technologies. Combine that with putting Hollywood's own politician in charge of the Congressional committee that deals with copyright laws and guess what you get? It's certainly not an approach to copyright that acknowledges what's actually happening in the marketplace. Instead, it's an approach that focuses on setting up artificial rules and barriers designed to enforce a business model from two decades ago that has long since been made obsolete by new technologies. And, in fact, the end result isn't even helping the very industry she so thinks needs protecting. Instead, the old record labels that rely on the DMCA are dying, and it's those who are embracing new business models who are figuring out ways to profit and aren't screaming over the threat of piracy. From rforno at infowarrior.org Tue Sep 18 23:34:13 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Sep 2007 19:34:13 -0400 Subject: [Infowarrior] - USAF Establishes USAF Cyber Command Message-ID: US Air Force sets up Cyber Command Sep 18 04:11 PM US/Eastern http://tinyurl.com/3bsk5r Cyber Command Center Set Up To Stop Online Terorrism The US Air Force established a provisional Cyber Command Tuesday as part of an expanding mission to prepare for wars in cyberspace, officials said. The move comes amid concerns over the vulnerability of the US communications and computer networks to cyber attack in a conflict, as well as the military's desire to exploit the new medium. Air Force Secretary Michael Wynne announced the creation of the new command at Barksdale Air Force Base in Louisiana, where the air force's existing cyber warfare operations are centered. Officials said the provisional command will pave the way within a year for the creation of the air force's first major command devoted to cyberwarfare operations. The full Air Force Cyber Command "will train and equip forces to conduct sustained global operations in and through cyberspace, fully integrated with air and space operations," said Major General Charles Ickes. The US 8th Air Force, headquartered at Barksdale, will continue to conduct day-to-day cyber operations until the Cyber Command is fully operational, officials said. Copyright AFP 2007, AFP stories and photos shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium From rforno at infowarrior.org Tue Sep 18 23:53:17 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Sep 2007 19:53:17 -0400 Subject: [Infowarrior] - USAF Establishes USAF Cyber Command. Message-ID: US Air Force sets up Cyber Command Sep 18 04:11 PM US/Eastern http://tinyurl.com/3bsk5r Cyber Command Center Set Up To Stop Online Terorrism The US Air Force established a provisional Cyber Command Tuesday as part of an expanding mission to prepare for wars in cyberspace, officials said. The move comes amid concerns over the vulnerability of the US communications and computer networks to cyber attack in a conflict, as well as the military's desire to exploit the new medium. Air Force Secretary Michael Wynne announced the creation of the new command at Barksdale Air Force Base in Louisiana, where the air force's existing cyber warfare operations are centered. Officials said the provisional command will pave the way within a year for the creation of the air force's first major command devoted to cyberwarfare operations. The full Air Force Cyber Command "will train and equip forces to conduct sustained global operations in and through cyberspace, fully integrated with air and space operations," said Major General Charles Ickes. The US 8th Air Force, headquartered at Barksdale, will continue to conduct day-to-day cyber operations until the Cyber Command is fully operational, officials said. Copyright AFP 2007, AFP stories and photos shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium From rforno at infowarrior.org Wed Sep 19 11:35:24 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Sep 2007 07:35:24 -0400 Subject: [Infowarrior] - Internet security moving toward "white list" Message-ID: Internet security moving toward "white list" A sea change in how computers are guarded is on the way, with anti-virus vendors looking to reverse their protection philosophy September 17, 2007 By Peter Nowak, CBC News http://www.cbc.ca/news/background/tech/privacy/white-list.html Internet security is headed toward a major reversal in philosophy, where a "white list" which allows only benevolent programs to run on a computer will replace the current "black list" system, which logs and blocks an ever-growing list of malevolent applications, internet security giant Symantec Corp. says. The number of malicious software attacks, including viruses, Trojans, worms and spam, is rising exponentially, dwarfing the number of new benevolent programs being developed, making it increasingly difficult for security firms to keep up. The solution, according to Symantec's Canadian vice-president and general manager, Michael Murphy, is to reverse how protection against such attacks is provided. Under the current system, a security firm discovers a new threat, adds it to its black-list database and updates its customers' anti-virus software to combat the problem. A "white list" would instead compile every known legitimate software program, including applications such as Microsoft Word and Adobe Acrobat, and add new ones as they are developed. Every program not on the list would simply not be allowed to be function on a computer. "This is the future of security technology," Murphy said at a presentation of the company's twice-yearly security report on Friday. The trick is to develop a "global seal of approval." A white list would likely require co-operation and funding from a majority of players in the technology industry. Industry observers think it is a good idea, but it raises several issues. The oversight body would have to be neutral, mindful of open-source software ? which is quickly and often modified ? and speedy in its approval process. "The bad guys are moving quickly and the good guys are moving quickly and the innovators are moving quickly. If the judges are taking months to judge things, then that's not fair to anybody," says Bill Munson, vice-president of the Information Technology Association of Canada. "That's not in the industry's or society's interest." In its security report, Symantec said the incidence of malicious code was up drastically in the first six months of 2007. Symantec found more than 212,000 new malicious code threats, up 185 per cent from the last six months of 2006. Trojans, or programs that appear to perform one function in order to hide a malicious one, made up 54 per cent of the volume of the top 50 malicious code reports, up 45 per cent over the prior six months. Trojans are particularly on the rise in North America, Murphy said, because Canadian and U.S. internet markets are more highly developed and thus protected from less-sophisticated and easy-to-identify attacks, such as spam and basic viruses. Hackers beginning to steal from victims The other big trend, Murphy said, is that hackers are no longer perpetrating attacks just for fun. Rather, these people are increasingly looking to extract money from their victims. "This is a sea change," he said. ""It's not just a pimply-faced boy in his parents' basement. That certainly may be part of the situation, but now it's for profit." Would-be hackers can buy software toolkits that allow them to create their own phishing attacks, where the criminal tricks a person into disclosing sensitive information such as a bank account number, for about $1,250. The black market for stolen information gleaned through such an attack can be lucrative, with an e-mail password selling for up to $350 US while a bank account number can fetch up to $400 US, Murphy said. In the first six months of 2007, Symantec found 8,011 distinct credit cards being advertised for sale on the black market, but that number represented only a small portion of the total being sold. The advertised card numbers are used only to attract buyers, who then purchase numbers in bulk, which are not advertised. Symantec said about 85 per cent of the stolen card numbers in circulation are American in origin, but did not disclose how many came from Canada. Overall, Canada has fared well in combating malicious attacks, particularly spam. In the past, Canada has ranked as high as fifth in the world in terms of the volume of spam that is received, but internet service providers here have done an excellent job of attacking it, Murphy said, with the country dropping to 12th in the latest study. However, the bad news is that spam still accounts for 61 per cent of the world's e-mail, up from 59 per cent in the previous period. From rforno at infowarrior.org Wed Sep 19 11:37:12 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Sep 2007 07:37:12 -0400 Subject: [Infowarrior] - FUD Alert: MPAA wants ISP help in online piracy fight Message-ID: September 18, 2007 7:13 AM PDT MPAA wants ISP help in online piracy fight Posted by Anne Broache http://www.news.com/8301-10784_3-9780401-7.html?part=rss&subj=news&tag=2547- 1_3-0-20 WASHINGTON--If the movie industry gets its way, then your Internet service provider may one day start playing a greater role in keeping pirated content off its networks. Motion Picture Association of America Chairman and CEO Dan Glickman said Tuesday that his industry has been attempting to "deepen our relationship" with telephone, cable and Internet companies "because we're all in this together." "Their revenue bases depend on legitimate operations of their networks and more and more they're finding their networks crowded with infringed material, bandwidth space being crowded out," Glickman told an audience composed mainly of attorneys at a daylong seminar called "Legal Risk Management in the Web 2.0 World." "Many of them are actually getting into the content business directly or indirectly. This is not an us-versus-them issue." For awhile, somewhat of an "adversarial relationship" existed between his industry and the ISPs, Glickman said, but "that's changing." He didn't elaborate much further when asked by a reporter in the audience for more details. Perhaps those tensions go back to Web hosts' duties under a 1998 federal law known as the Digital Millennium Copyright Act. The law says they aren't generally liable for infringing activity on the part of their users, provided that they don't condone copyright infringement, that they remove infringing material when notified and that they aren't deriving financial benefit from it. Even before Glickman's speech on Monday, the MPAA has already hinted it would like Internet service providers to be more active on the antipiracy front. In a filing with the Federal Communications Commission a few months ago, the organization cautioned against making Net neutrality regulations that would forbid network operators from prioritizing content. Its reasoning? Such rules might needlessly prevent ISPs from filtering pirated content and inhibit attempts at development of anitpiracy technologies. The general counsel of NBC Universal, an MPAA member, has also suggested that federal regulators require ISPs to police their networks more proactively for pirated wares. The entertainment industry is now hoping to work with ISPs to "unlock new services and choices for consumers and see if there aren't new ways to encourage legal behavior," Glickman said. His mantra in that process: offering consumers "hassle-free, reasonable, content-protected materials." But he indicated the movie industry may not be so willing to be flexible about using technologies to manipulate copyrighted works--for example, through mashups. "People just don't have the right to take (copyrighted works) at their pleasure," he said. From rforno at infowarrior.org Wed Sep 19 11:44:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Sep 2007 07:44:29 -0400 Subject: [Infowarrior] - MS license statistics FUD? Message-ID: Just because a license for a product is "sold" doesn't mean it's being used --- MS could sell millions of licenses to a PC OEM for preinstallation bundling (so yes, they do record the sale and that does means something to MS) ... But just because a license is SOLD, that does not mean the licensed product actually is being USED. I know of at least 6 people with licensed copies of Windows Vista on nice new computers who are running XP instead. So saying you've sold 71 million licenses of a product doesn't mean you've got 71 million active users of your product --- but nobody ever asks that question! That 71 million claim is a meaningless metric, IMHO. --rf http://www.neowin.net/index.php?act=view&id=42679 < - > In response to IBM?s September 18 announcement, Microsoft released the following comment from Jacob Jaffe, Director of Microsoft Office. ?Customers continue to tell us that our solutions deliver the ease of use, reliability and security that they need. This is validated by the strong adoption and usage seen by Microsoft Office having sold more than 71 million licenses in just the last Microsoft fiscal year. Our long history in meeting the complex needs of enterprise customers, a partner ecosystem that has grown 43% on the Office platform since last year and our current and future investments in the software + services arena will deliver even more flexibility to customers.? From rforno at infowarrior.org Wed Sep 19 12:23:03 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Sep 2007 08:23:03 -0400 Subject: [Infowarrior] - NYT Ends TimeSelect pay-wall Message-ID: ...about time, too. ----rf Effective September 19, 2007, TimesSelect has ended. Content previously published for TimesSelect is available free to all NYTimes.com visitors. http://www.nytimes.com/marketing/ts/ From rforno at infowarrior.org Wed Sep 19 17:07:17 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Sep 2007 13:07:17 -0400 Subject: [Infowarrior] - CyberCIEGE game for USG/DOD infosec training Message-ID: CyberCIEGE A few years ago, the U.S. Navy helped produce an interactive computer-based-training (CBT) tool covering an array of network security and information assurance issues. Designed in the form of a three-dimensional computer simulation (with a more than passing resemblance to The Sims), the resulting ?game?, ?CyberCIEGE?, provides a deceptively simple-looking tool for teaching students and staff the finer real-world nuances of computer (and physical) security. While the introductory, tutorial scenarios require little more than common sense to complete successfully, the difficulty increases dramatically as you progress through the program. < - > A somewhat out-of-date ?demo? version of the program is available here, on the Naval Postgraduate School?s website; it doesn?t allow you to save your progress, nor play more than twenty minutes. (Some of the scenarios can take several hours to complete successfully.) A copy of the full, unrestricted program, nominally for use by military and government employees (and educational institutions) only, has thoughtfully been made available for download here (85MB .exe installer) or here (85MB zipped tarball of the installer, should you not be able to download executables.) Ah, you are a government employee or student, right? :) < - > http://www.slugsite.com/archives/566 From rforno at infowarrior.org Wed Sep 19 23:58:30 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Sep 2007 19:58:30 -0400 Subject: [Infowarrior] - Harvard Coop Discourages Notetaking in Bookstore Message-ID: Coop Discourages Notetaking in Bookstore Published On Wednesday, September 19, 2007 2:53 AM By GABRIEL J. DALY Crimson Staff Writer http://www.thecrimson.com/article.aspx?ref=519564 Taking notes in class may be encouraged, but apparently it can get you kicked out of the Coop. Jarret A. Zafran ?09 said he was asked to leave the Coop after writing down the prices of six books required for a junior Social Studies tutorial he hopes to take. ?I?m a junior and every semester I do the same thing. I go and look up the author and the cost and order the ones that are cheaper online and then go back to the Coop to get the rest,? Zafran said. ?I?m not a rival bookstore, I?m a student with an I.D.,? he added. Coop President Jerry P. Murphy ?73 said that while there is no Coop policy against individual students copying down book information, ?we discourage people who are taking down a lot of notes.? The apparent new policy could be a response to efforts by Crimsonreading.org?an online database that allows students to find the books they need for each course at discounted prices from several online booksellers?from writing down the ISBN identification numbers for books at the Coop and then using that information for their Web site. Murphy said the Coop considers that information the Coop?s intellectual property. Crimson Reading disagrees. ?We don?t think the Coop owns copyright on this information that should be available to students,? said Tom D. Hadfield ?08, a co-creator of the site. According to UC President Ryan A. Petersen ?08, discussions with an intellectual property lawyer have confirmed Crimson Reading?s position. ISBN data is similar to phone book listings, which are not protected by intellectual property law, Petersen added. Every book title has a unique ISBN number, short for ?international standard book number.? The alleged new rule is just the latest hurdle for Crimsonreading.org. During a meeting of the Committee on Undergraduate Education last March, Petersen proposed creating a centralized database of ISBN numbers for all courses, streamlining the process for professors and cutting the costs for the Coop. The proposal, which could have also made it easier for Crimson Reading to collect information, was nixed. ?There?s a very lucrative and sensitive relationship between the Coop and University Hall that is stopping students from saving money on textbooks,? Hadfield said. Zafran, after his altercation with the Coop, does not feel much sympathy for the store. ?If they want to get their revenue up they should slash their prices,? Zafran said. ?I think if anything, this policy will have the reverse effect because if students aren?t allowed to comparison-shop, students will just get all their books online,? he said. ?Staff writer Gabriel J. Daly can be reached at gdaly at fas.harvard.edu. From rforno at infowarrior.org Thu Sep 20 02:30:06 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Sep 2007 22:30:06 -0400 Subject: [Infowarrior] - Tens of thousands of CCTV cameras, yet 80% of crime unsolved Message-ID: Tens of thousands of CCTV cameras, yet 80% of crime unsolved By Justin Davenport, Evening Standard 19.09.07 http://www.thisislondon.co.uk/news/article-23412867-details/Tens+of+thousand s+of+CCTV+cameras%2C+yet+80%25+of+crime+unsolved/article.do London has 10,000 crime-fighting CCTV cameras which cost ?200 million, figures show today. But an analysis of the publicly funded spy network, which is owned and controlled by local authorities and Transport for London, has cast doubt on its ability to help solve crime. A comparison of the number of cameras in each London borough with the proportion of crimes solved there found that police are no more likely to catch offenders in areas with hundreds of cameras than in those with hardly any. In fact, four out of five of the boroughs with the most cameras have a record of solving crime that is below average. The figures were obtained by the Liberal Democrats on the London Assembly using the Freedom of Information Act. Dee Doocey, the Lib-Dems' policing spokeswoman, said: "These figures suggest there is no link between a high number of CCTV cameras and a better crime clear-up rate. "We have estimated that CCTV cameras have cost the taxpayer in the region of ?200million in the last 10 years but it's not entirely clear if some of that money would not have been better spent on police officers. "Although CCTV has its place, it is not the only solution in preventing or detecting crime. "Too often calls for CCTV cameras come as a knee-jerk reaction. It is time we engaged in an open debate about the role of cameras in London today." The figures show: ? There are now 10,524 CCTV cameras in 32 London boroughs funded with Home Office grants totalling about ?200million. ? Hackney has the most cameras - 1,484 - and has a better-than-average clearup rate of 22.2 per cent. ? Wandsworth has 993 cameras, Tower Hamlets, 824, Greenwich, 747 and Lewisham 730, but police in all four boroughs fail to reach the average 21 per cent crime clear-up rate for London. ? By contrast, boroughs such as Kensington and Chelsea, Sutton and Waltham Forest have fewer than 100 cameras each yet they still have clear-up rates of around 20 per cent. ? Police in Sutton have one of the highest clear-ups with 25 per cent. ? Brent police have the highest clear-up rate, with 25.9 per cent of crimes solved in 2006-07, even though the borough has only 164 cameras. The figures appear to confirm earlier studies which have thrown doubt on the effectiveness of CCTV cameras. A report by the criminal justice charity Nacro in 2002 concluded that the money spent on cameras would be better used on street lighting, which has been shown to cut crime by up to 20 per cent. Scotland Yard is trying to improve its track record on the use of CCTV and has set up a special unit which collects and circulates CCTV images of criminals. A pilot project is running in Southwark and Lambeth and is expected to be rolled out across the capital. The figures only include state-funded cameras. The true number, once privately run units and CCTV at rail and London Underground stations are taken into account, will be significantly higher. From rforno at infowarrior.org Thu Sep 20 02:34:57 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Sep 2007 22:34:57 -0400 Subject: [Infowarrior] - Run away the ray-gun is coming : We test US army's new secret weapon Message-ID: Run away the ray-gun is coming : We test US army's new secret weapon By MICHAEL HANLON - More by this author ? Last updated at 23:21pm on 18th September 2007 http://www.dailymail.co.uk/pages/live/articles/technology/technology.html?in _article_id=482560&in_page_id=1965 "Where do I put my finger? There ... OK? Nothing's happening ... is it on?" "Yes, it's on. Move your finger a bit closer." "Er ... ow! OW!" Not good. I try again. "OWWW!" I pull my hand away sharpish. My finger is throbbing, but seems undamaged. I was told people can take it for a second, maximum. No way, not for a wimp like me. I try it again. It is a bit like touching a red-hot wire, but there is no heat, only the sensation of heat. There is no burn mark or blister. Its makers claim this infernal machine is the modern face of warfare. It has a nice, friendly sounding name, Silent Guardian. I am told not to call it a ray-gun, though that is precisely what it is (the term "pain gun" is maybe better, but I suppose they would like that even less). And, to be fair, the machine is not designed to vaporise, shred, atomise, dismember or otherwise cause permanent harm. But it is a horrible device nonetheless, and you are forced to wonder what the world has come to when human ingenuity is pressed into service to make a thing like this. Silent Guardian is making waves in defence circles. Built by the U.S. firm Raytheon, it is part of its "Directed Energy Solutions" programme. What it amounts to is a way of making people run away, very fast, without killing or even permanently harming them. That is what the company says, anyway. The reality may turn out to be more horrific. I tested a table-top demonstration model, but here's how it works in the field. A square transmitter as big as a plasma TV screen is mounted on the back of a Jeep. When turned on, it emits an invisible, focused beam of radiation - similar to the microwaves in a domestic cooker - that are tuned to a precise frequency to stimulate human nerve endings. It can throw a wave of agony nearly half a mile. Because the beam penetrates skin only to a depth of 1/64th of an inch, it cannot, says Raytheon, cause visible, permanent injury. But anyone in the beam's path will feel, over their entire body, the agonising sensation I've just felt on my fingertip. The prospect doesn't bear thinking about. "I have been in front of the full-sized system and, believe me, you just run. You don't have time to think about it - you just run," says George Svitak, a Raytheon executive. Silent Guardian is supposed to be the 21st century equivalent of tear gas or water cannon - a way of getting crowds to disperse quickly and with minimum harm. Its potential is obvious. "In Iraq, there was a situation when combatants had taken media as human shields. The battalion commander told me there was no way of separating combatants from non-combatants without lethal force," Mr Svitak tells me. He says this weapon would have made it possible because everyone, friend or foe, would have run from it. In tests, even the most hardened Marines flee after a few seconds of exposure. It just isn't possible to tough it out. This machine has the ability to inflict limitless, unbearable pain. What makes it OK, says Raytheon, is that the pain stops as soon as you are out of the beam or the machine is turned off. But my right finger was tingling hours later - was that psychosomatic? So what is the problem? All right, it hurts, but then so do tear gas and water cannon and they have been used by the world's police and military for decades. Am I being squeamish? One thing is certain: not just the Silent Guardian, but weapons such as the Taser, the electric stun-gun, are being rolled out by Britain's police forces as the new way of controlling people by using pain. And, as the Raytheon chaps all insist, you always have the option to get out of the way (just as you have the option to comply with the police officer's demands and not get Tasered). But there is a problem: mission creep. This is the Americanism which describes what happens when, over time, powers or techniques are used to ends not stated or even imagined when they were devised. With the Taser, the rules in place in Britain say it must be used only as an alternative to the gun. But what happens in ten or 20 years if a new government chooses to amend these rules? It is so easy to see the Taser being used routinely to control dissent and pacify - as, indeed, already happens in the U.S. And the Silent Guardian? Raytheon's Mac Jeffery says it is being looked at only by the "North American military and its allies" and is not being sold to countries with questionable human rights records. An MoD spokesman said Britain is not planning to buy this weapon. In fact, it is easy to see the raygun being used not as an alternative to lethal force (when I can see that it is quite justified), but as an extra weapon in the battle against dissent. Because it is, in essence, a simple machine, it is easy to see similar devices being pressed into service in places with extremely dubious reputations. There are more questions: in tests, volunteers have been asked to remove spectacles and contact lenses before being microwaved. Does this imply these rays are not as harmless as Raytheon insists? What happens when someone with a weak heart is zapped? And, perhaps most worryingly, what if deployment of Silent Guardian causes mass panic, leaving some people unable to flee in the melee? Will they just be stuck there roasting? Raytheon insists the system is set up to limit exposure, but presumably these safeguards can be over-ridden. Silent Guardian and the Taser are just the first in a new wave of "non-lethal" weaponry being developed, mostly in the U.S. These include not only microwave ray-guns, but the terrifying Pulsed Energy Projectile weapon. This uses a powerful laser which, when it hits someone up to 11/2 miles away, produces a "plasma" - a bubble of superhot gas - on the skin. A report in New Scientist claimed the focus of research was to heighten the pain caused by this semi-classified weapon. And a document released under the U.S. Freedom of Information Act talks of "optimal pulse parameters to evoke peak nociceptor activation" - i.e. cause the maximum agony possible, leaving no permanent damage. Perhaps the most alarming prospect is that such machines would make efficient torture instruments. They are quick, clean, cheap, easy to use and, most importantly, leave no marks. What would happen if they fell into the hands of unscrupulous nations where torture is not unknown? The agony the Raytheon gun inflicts is probably equal to anything in a torture chamber - these waves are tuned to a frequency exactly designed to stimulate the pain nerves. I couldn't hold my finger next to the device for more than a fraction of a second. I could make the pain stop, but what if my finger had been strapped to the machine? Dr John Wood, a biologist at UCL and an expert in the way the brain perceives pain, is horrified by the new pain weapons. "They are so obviously useful as torture instruments," he says. "It is ethically dubious to say they are useful for crowd control when they will obviously be used by unscrupulous people for torture." We use the word "medieval" as shorthand for brutality. The truth is that new technology makes racks look benign. From rforno at infowarrior.org Thu Sep 20 02:47:15 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Sep 2007 22:47:15 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?Senate_Blocks_Detainees_=B9_Rights?= =?iso-8859-1?q?_Bill_=28Habeus_Corpus_Restoration_Act=29?= Message-ID: Senate Blocks Detainees? Rights Bill By CARL HULSE Published: September 20, 2007 http://www.nytimes.com/2007/09/20/washington/20detain.html?_r=1&hp&oref=slog in WASHINGTON, Sept. 19 ? Senate Republicans on Wednesday blocked an effort to give terrorism detainees the right to appeal their detention to federal courts, rejecting complaints that a new law denying that option ran against the nation?s principles. Senators voted 56 to 43 to cut off debate on the proposal, 4 votes short of the 60 needed to overcome a filibuster. The result put an end for now to the legislative effort to reverse a provision in a 2006 antiterror law; the matter is also before the Supreme Court. The proposal, part of a broad Pentagon policy bill, was backed by Senators Patrick J. Leahy of Vermont, the Democratic chairman of the Judiciary Committee, and Arlen Specter of Pennsylvania, the senior Republican on the committee. The two senators argued that the decision to strip the right of habeas corpus from detainees, including those at Guant?namo Bay, Cuba, was a major mistake that merited quick correction. Mr. Leahy dismissed the suggestion that giving detainees access to the federal courts amounted to what critics called a terrorist bill of rights that would put the nation at risk. ?The truth is, casting aside the time-honored protection of habeas corpus makes us more vulnerable as a nation because it leads us away from our core American values and calls into question our historic role as a defender of human rights around the world,? Mr. Leahy said. Opponents of the provision said that it went far beyond the rights traditionally granted to hostile combatants and that it could lead to the disclosure of classified information in trials. They also said it was an impractical attempt to extend the courtroom to the battlefield. ?This is purely a matter of Congressional policy and national policy on how we want to conduct warfare now and in the future,? said Senator Jeff Sessions, Republican of Alabama. ?Are we going to do it in a way that allows those we capture to sue us?? Others said Congress should await the Supreme Court review of the rights of detainees to assess whether the court agrees with the new law or overturns it. ?The court will say that the right exists, and nothing we do is going to affect that,? said Senator Jon Kyl, Republican of Arizona. ?But if the court confirms that we are right, then it would be not only unnecessary but wrong for us to change the law.? Six Republicans sided with 50 Democrats in trying to force a final vote on the provision, which had widespread backing among advocates for human rights. Forty-two Republicans and Senator Joseph I. Lieberman, independent of Connecticut, opposed cutting off debate. But Mr. Specter said momentum appeared to be growing for restoring the right of habeas corpus, noting that the proposal attracted more support than it did in a previous attempt. He said he expected that he and other proponents would continue to pursue the goal legislatively even as the issue was considered by the courts. ?I don?t think this is the end of the line,? Mr. Specter said of the Senate vote. From rforno at infowarrior.org Thu Sep 20 12:05:59 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Sep 2007 08:05:59 -0400 Subject: [Infowarrior] - Weird Russian Mind-Control Research Behind a DHS Contract Message-ID: The Weird Russian Mind-Control Research Behind a DHS Contract By Sharon Weinberger Email 09.20.07 | 2:00 AM http://www.wired.com/print/politics/security/news/2007/09/mind_reading A dungeon-like room in the Psychotechnology Research Institute in Moscow is used for human testing. The institute claims its technology can read the subconscious mind and alter behavior. Photo: Nathan Hodge MOSCOW -- The future of U.S. anti-terrorism technology could lie near the end of a Moscow subway line in a circular dungeon-like room with a single door and no windows. Here, at the Psychotechnology Research Institute, human subjects submit to experiments aimed at manipulating their subconscious minds. Elena Rusalkina, the silver-haired woman who runs the institute, gestured to the center of the claustrophobic room, where what looked like a dentist's chair sits in front of a glowing computer monitor. "We've had volunteers, a lot of them," she said, the thick concrete walls muffling the noise from the college campus outside. "We worked out a program with (a psychiatric facility) to study criminals. There's no way to falsify the results. There's no subjectivism." The Department of Homeland Security (DHS) has gone to many strange places in its search for ways to identify terrorists before they attack, but perhaps none stranger than this lab on the outskirts of Russia's capital. The institute has for years served as the center of an obscure field of human behavior study -- dubbed psychoecology -- that traces it roots back to Soviet-era mind control research. What's gotten DHS' attention is the institute's work on a system called Semantic Stimuli Response Measurements Technology, or SSRM Tek, a software-based mind reader that supposedly tests a subject's involuntary response to subliminal messages. SSRM Tek is presented to a subject as an innocent computer game that flashes subliminal images across the screen -- like pictures of Osama bin Laden or the World Trade Center. The "player" -- a traveler at an airport screening line, for example -- presses a button in response to the images, without consciously registering what he or she is looking at. The terrorist's response to the scrambled image involuntarily differs from the innocent person's, according to the theory. Gear for testing MindReader 2.0 software hangs on a wall at the Psychotechnology Research Institute in Moscow. Marketed in North America as SSRM Tek, the technology will soon be tested for airport screening by a U.S. company under contract to the Department of Homeland Security. Photo: Nathan Hodge "If it's a clean result, the passengers are allowed through," said Rusalkina, during a reporter's visit last year. "If there's something there, that person will need to go through extra checks." Rusalkina markets the technology as a program called Mindreader 2.0. To sell Mindreader to the West, she's teamed up with a Canadian firm, which is now working with a U.S. defense contractor called SRS Technologies. This May, DHS announced plans to award a sole-source contract to conduct the first U.S.-government sponsored testing of SSRM Tek. The contract is a small victory for the Psychotechnology Research Institute and its leaders, who have struggled for years to be accepted in the West. It also illustrates how the search for counter-terrorism technology has led the U.S. government into unconventional -- and some would say unsound -- science. All of the technology at the institute is based on the work of Rusalkina's late husband, Igor Smirnov, a controversial Russian scientist whose incredible tales of mind control attracted frequent press attention before his death several years ago. Smirnov was a Rasputin-like character often portrayed in the media as having almost mystical powers of persuasion. Today, first-time visitors to the institute -- housed in a drab concrete building at the Peoples Friendship University of Russia -- are asked to watch a half-hour television program dedicated to Smirnov, who is called the father of "psychotronic weapons," the Russian term for mind control weapons. Bearded and confident, Smirnov in the video explains how subliminal sounds could alter a person's behavior. To the untrained ear, the demonstration sounds like squealing pigs. Elena Rusalkina demonstrates the terrorist-screening tool. She says it works faster than a polygraph and can be used at airports. Photo: Nathan Hodge According to Rusalkina, the Soviet military enlisted Smirnov's psychotechnology during the Soviet Union's bloody war in Afghanistan in the 1980s. "It was used for combating the Mujahideen, and also for treating post-traumatic stress syndrome" in Russian soldiers, she says. In the United States, talk of mind control typically evokes visions of tinfoil hats. But the idea of psychotronic weapons enjoys some respectability in Russia. In the late 1990s, Vladimir Lopatin, then a member of the Duma, Russia's parliament, pushed to restrict mind control weapons, a move that was taken seriously in Russia but elicited some curious mentions in the Western press. In an interview in Moscow, Lopatin, who has since left the Duma, cited Smirnov's work as proof that such weaponry is real. "It's financed and used not only by the medical community, but also by individual and criminal groups," Lopatin said. Terrorists might also get hold of such weapons, he added. After the fall of the Soviet Union, Smirnov moved from military research into treating patients with mental problems and drug addiction, setting up shop at the college. Most of the lab's research is focused on what it calls "psychocorrection" -- the use of subliminal messages to bend a subject's will, and even modify a person's personality without their knowledge. The slow migration of Smirnov's technology to the United States began in 1991, at a KGB-sponsored conference in Moscow intended to market once-secret Soviet technology to the world. Smirnov's claims of mind control piqued the interest of Chris and Janet Morris -- former science-fiction writers turned Pentagon consultants who are now widely credited as founders of the Pentagon's "non-lethal" weapons concept. In an interview last year, Chris Morris recalled being intrigued by Smirnov -- so much so that he accompanied the researcher to his lab and allowed Smirnov to wire his head up to an electroencephalograph, or EEG. Normally used by scientists to measure brain states, Smirnov peered into Morris's EEG tracings and divined the secrets of his subconscious, right down to intimate details like Morris' dislike of his own first name. The underlying premise of the technology is that terrorists would recognize a scrambled terrorist image like this one without even realizing it, and would be betrayed by their subconscious reaction to the picture. Photo: Nathan Hodge "I said, 'gee, the guys back at home have got to see this,'" Morris recalled. The Morrises shopped the technology around to a few military agencies, but found no one willing to put money into it. However, in 1993 Smirnov rose to brief fame in the United States when the FBI consulted with him in hope of ending the standoff in Waco with cult leader David Koresh. Smirnov proposed blasting scrambled sound -- the pig squeals again -- over loudspeakers to persuade Koresh to surrender. But the FBI was put off by Smirnov's cavalier response to questions. When officials asked what would happen if the subliminal signals didn't work, Smirnov replied that Koresh's followers might slit each other's throats, Morris recounted. The FBI took a pass, and Smirnov returned to Moscow with his mind control technology. "With Smirnov, the FBI was either demanding a yes or a no, and therefore our methods weren't put to use, unfortunately," Rusalkina said, taking a drag on her cigarette. Igor Smirnov, founder of the Psychotechnology Research Institute, died of a heart attack in 2005. Smirnov is best known in the United States for consulting with the FBI during the 1993 Waco siege. Photo: Nathan Hodge Smirnov died in November 2004, leaving the widowed Rusalkina -- his long-time collaborator -- to run the institute. Portraits of Smirnov cover Rusalkina's desk, and his former office is like a shrine, the walls lined with his once-secret patents, his awards from the Soviet government, and a calendar from the KGB's cryptographic section. Despite Smirnov's death, Rusalkina predicts an "arms race" in psychotronic weapons. Such weapons, she asserts, are far more dangerous than nuclear weapons. She pointed, for example, to a spate of Russian news reports about "zombies" -- innocent people whose memories had been allegedly wiped out by mind control weapons. She also claimed that Russian special forces contacted the institute during the 2003 Moscow theater siege, in which several hundred people were held hostage by Chechen militants. "We could have stabilized the situation in the concert hall, and the terrorists would have called the whole thing off," she said. "And naturally, you could have avoided all the casualties, and you could have put the terrorists on trial. But the Alfa Group" -- the Russian equivalent of Delta Force -- "decided to go with an old method that had already been tested before." The Russians used a narcotic gas to subdue the attackers and their captives, which led to the asphyxiation death of many of the hostages. These days, Rusalkina explained, the institute uses its psychotechnology to treat alcoholics and drug addicts. During the interview, several patients -- gaunt young men who appeared wasted from illness -- waited in the hallway. But the U.S. war on terror and the millions of dollars set aside for homeland security research is offering Smirnov a chance at posthumous respectability in the West. Smirnov's technology reappeared on the U.S. government's radar screen through Northam Psychotechnologies, a Canadian company that serves as North American distributor for the Psychotechnology Research Institute. About three years ago, Northam Psychotechnologies began seeking out U.S. partners to help it crack the DHS market. For companies claiming innovative technologies, the past few years have provided bountiful opportunities. In fiscal year 2007, DHS allocated $973 million for science and technology and recently announced Project Hostile Intent, which is designed to develop technologies to detect people with malicious intentions. One California-based defense contractor, DownRange G2 Solutions, expressed interest in SSRM Tek, but became skeptical when Northam Psychotechnologies declined to make the software available for testing. "That raised our suspicion right away," Scott Conn, CEO and president of DownRange, told Wired News. "We weren't prepared to put our good names on the line without due diligence." (When a reporter visited last year, Rusalkina also declined to demonstrate the software, saying it wasn't working that day.) While Conn said the lack of testing bothered him, the relationship ended when he found out Northam Psychotechnologies went to SRS Technologies, now part of ManTech International Corp. Semyon Ioffe, the head of Northam Psychotechnologies, who identifies himself as a "brain scientist," declined a phone interview, but answered questions over e-mail. Ioffe said he signed a nondisclosure agreement with Conn, and had "a few informal discussions, after which he disappeared to a different assignment and reappeared after (the) DHS announcement." As for the science, Ioffe says he has a Ph.D in neurophysiology, and cited Smirnov's Russian-language publications as the basis for SSRM Tek. However, not everyone is as impressed with Smirnov's technology, including John Alexander, a well-known expert on non-lethal weapons. Alexander was familiar with Smirnov's meetings in Washington during the Waco crisis, and said in an interview last year that there were serious doubts then as now. "It was the height of the Waco problem, they were grasping at straws," he said of the FBI's fleeting interest. "From what I understand from people who were there, it didn't work very well." Geoff Schoenbaum, a neuroscientist at the University of Maryland's School of Medicine, said that he was unaware of any scientific work specifically underpinning the technology described in SSRM Tek. "There's no question your brain is able to perceive things below your ability to consciously express or identify," Schoenbaum said. He noted for example, studies showing that images displayed for milliseconds -- too short for people to perceive consciously -- may influence someone's mood. "That kind of thing is reasonable, and there's good experimental evidence behind it." The problem, he said, is that there is no science he is aware of that can produce the specificity or sensitivity to pick out a terrorist, let alone influence behavior. "We're still working at the level of how rats learn that light predicts food," he explained. "That's the level of modern neuroscience." Developments in neuroscience, he noted, are followed closely. "If we could do (what they're talking about), you would know about it," Schoenbaum said. "It wouldn't be a handful of Russian folks in a basement." In the meantime, the DHS contract is still imminent, according to those involved, although all parties declined to comment on the details, or the size of the award. Rusalkina did not respond to a recent e-mail, but in the interview last year, she confirmed the institute was marketing the technology to the United States for airport screening. Larry Orloskie, a spokesman for DHS, declined to comment on the contract announcement. "It has not been awarded yet," he replied in an e-mail. "It would be premature to discuss any details about the pending contract with DHS and I will be happy to do an interview once the contract is in place," Ioffe, of Northam Psychotechnologies, wrote in an e-mail. Mark Root, a spokesman for ManTech, deferred questions to DHS, noting, "They are th From rforno at infowarrior.org Thu Sep 20 12:11:00 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Sep 2007 08:11:00 -0400 Subject: [Infowarrior] - Privacy: U.S. Airport Screeners Are Watching What You Read Message-ID: U.S. Airport Screeners Are Watching What You Read By Ryan Singel Email 09.20.07 | 2:00 AM http://www.wired.com/print/politics/onlinerights/news/2007/09/flight_trackin g International travelers concerned about being labeled a terrorist or drug runner by secret Homeland Security algorithms may want to be careful what books they read on the plane. Newly revealed records show the government is storing such information for years. Privacy advocates obtained database records showing that the government routinely records the race of people pulled aside for extra screening as they enter the country, along with cursory answers given to U.S. border inspectors about their purpose in traveling. In one case, the records note Electronic Frontier Foundation co-founder John Gilmore's choice of reading material, and worry over the number of small flashlights he'd packed for the trip. The breadth of the information obtained by the Gilmore-funded Identity Project (using a Privacy Act request) shows the government's screening program at the border is actually a "surveillance dragnet," according to the group's spokesman Bill Scannell. "There is so much sensitive information in the documents that it is clear that Homeland Security is not playing straight with the American people," Scannell said. The documents show a tiny slice of the massive airline-record collection stored by the government, as well as the screening records mined for the controversial Department of Homeland Security passenger-rating system that assigns terrorist scores to travelers entering and leaving the country, including U.S. citizens. The so-called Automated Targeting System scrutinizes every airline passenger entering or leaving the country using classified rules that tell agents which passengers to give extra screening to and which to deny entry or exit from the country. The system relies on data ranging from the government's 700,000-name terrorism watch list to data included in airline-travel database entries, known as Passenger Name Records, which airlines are required to submit to the government. According to government descriptions, ATS mines data from intelligence, law enforcement and regulatory databases, looking for linkages in order to identify "high-risk" targets who may not already be on terrorist watchlists. ATS was started in the late 1990s, but was little known until the government issued a notice about the system last fall. The government has subsequently modified the proposed rules for the system, shortening the length of time data is collected and allowing individuals to request some information used by the scoring system. The government stores the PNRs for years and typically includes destinations, phone and e-mail contact information, meal requests, special health requests, payment information and frequent-flier numbers. The Identity Project filed Privacy Act requests for five individuals to see the data stored on them by the government. The requests revealed that the PNRs also included information on one requester's race, the phone numbers of overseas family members given to the airlines as emergency contact information, and a record of a purely European flight that had been booked overseas separately from an international itinerary, according to snippets of the documents shown to Wired News. The request also revealed the screening system includes inspection notes from earlier border inspections. One report about Gilmore notes: "PAX (passenger) has many small flashlights with pot leaves on them. He had a book entitled 'Drugs and Your Rights.'" Gilmore is an advocate for marijuana legalization. Another inspection entry noted that Gilmore had "attended computer conference in Berlin and then traveled around Europe and Asia to visit friends. 100% baggage exam negative. Resides 554 Clay Street , San Francisco, CA. PAX is self employed 'Entrepreneur' in computer software business." "They are noting people's race and they are writing down what people read," Scannell said. It doesn't matter that Gilmore was reading a book about drugs, rather than Catcher in the Rye, according to Scannell. "A book is a book," Scannell said. "This is just plain wrong." The documents, which will be posted to an Identity Project website, have also turned Scannell against the Department of Homeland Security's proposal for screening airline passengers inside the United States. That project, known as Secure Flight, will take watchlist screening out of the hands of airlines, by having the airlines send PNR data to the government ahead of each flight. While earlier versions included plans to rate passenger's threat level using data purchased from private companies, DHS now proposes only to compare data in the PNR against names on the watchlist, which largely disarmed civil libertarians' opposition to the program. That's changed for Scannell now, who sees Secure Flight as just another version of ATS. "They want people to get permission to travel," Scannell said. "They already instituted it for leaving and entering the country and now they want to do it to visit your Aunt Patty in Cleveland." The Department of Homeland Security did not respond to a request for comment. From rforno at infowarrior.org Thu Sep 20 15:30:57 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Sep 2007 11:30:57 -0400 Subject: [Infowarrior] - False security: Is Bank of America lying to its customers? Message-ID: September 20, 2007 6:15 AM PDT False security: Is Bank of America lying to its customers? Posted by Chris Soghoian http://www.news.com/8301-10784_3-9776757-7.html?part=rss&subj=news&t ag=2547-1_3-0-20 A bank that guarantees its online users safety and security has direct evidence that its Web-based banking system may not be 100 percent bullet-proof. Should that bank tells its customers? And if it doesn't, is it misleading, or even worse, lying, to them? Bank of America, like many other financial institutions in the U.S., has jumped on the "two-factor" authentication bandwagon. Instead of having its customers log in with just a user name and password, these new schemes require some third bit of information. Some banks choose to issue their customers a cryptographic hardware token (a keychain with a digital display that spits out a new random number every 60 seconds). Others, especially those banks with less profitable customers, have opted to instead adopt software solutions. The advantage of this, of course, being that they don't have to spend any money to send widgets out to their customers. BofA's SiteKey two-factor authentication system is essentially a rebadged version of the PassMark system sold by RSA/EMC. Other banks that have licensed the technology include Pentagon Federal Credit Union, Vanguard, and U.K.-based bank Alliance & Leicester. Users of SiteKey and similar systems select a graphical image and phrase, which are then displayed to them every time they login to the Bank of America Web site from "trusted" computer (that is, one that BofA has seen before). According to Bank of America's own numbers (PDF), over 21 million customers use their online banking system. BofA's Web site promises customers that the SiteKey system will keep them safe, stating: "You know it's really us--when you see your SiteKey, you can be certain you're at the valid Online Banking Web site at Bank of America, and not a fraudulent look-alike site. Only enter your Passcode when you see the SiteKey image and image title you selected." How SiteKey Works (Credit: Bank of America) The problem is that all of these schemes--every single one of them--is vulnerable to a form of deception known as a man-in-the-middle (MITM) attack. Russian phishers launched a sophisticated MITM attack against the hardware-token-based, two-factor authentication scheme used by Citibank. Another group of hackers was able to rip off customers of the Dutch bank ABN Amro, which also issued hardware tokens. On multiple occasions in 2005 and 2006, security researchers raised the alarm regarding the false promises of two-factor authentication, and in particular, Bank of America's SiteKey system. Finally in April 2007, Professor Markus Jakobsson and I announced a working demo of a successful man-in-the-middle attack against SiteKey. Based on advice from lawyers, we did not release an easy-to-use version of the system, nor were we able to provide access to the demo to others online. To provide the factual support for our claims and to demonstrate how relatively easy such an attack would be to perform, we released a screen-captured video of the demo, as well as source code that would allow an advanced user to download the SiteKey image from any remote, untrusted machine. Our demo got quite a bit of press attention, with mentions in The Register, ZDNet and The Washington Post. One of the main points we tried to make when we put our demo online is that Bank of America is promising its customers something impossible. By telling users that the SiteKey image guarantees they are visiting BofA's Web site--and not a phishing page--Bank of America is giving its users a false sense of security. Were BofA to instead acknowledge the risks of phishing and man-in-the-middle attacks, users might be more cautious when logging into suspect Web sites. Shortly after we released the demo, Louie Gasparini, chief technology officer for RSA's Site to User Authentication group was interviewed by Brian Krebs at The Washington Post. He said that our attack demo "overlooks a number of back-end technologies that financial institutions use to detect fraudulent transactions." "What they're critiquing is just the most visible piece to this technology," Gasparini added. "There is a whole bunch of risk management and fraud detection that goes on behind the scenes so that even if a user's account does get compromised, the bank can still protect that person." Gasparini's comments mirror those of Betty Riess, a spokeswoman for Bank of America with whom I chatted on Tuesday. Reiss made it a point to mention that SiteKey is just one part of BofA's multipronged approach to security. However, she declined to comment further when specifically asked if the text on the SiteKey page is misleading, or if Bank of America has a responsibility to be honest with its users about the risks of man-in-the-middle attacks. Customers expect some companies to lie to them. Very few people expect cosmetics and skin creams to actually make them look 20 years younger. Likewise, few would be surprised if the salads at fast-food restaurants are actually full of calories and fat. However, when a bank tells its customers that its online banking system is safe and secure, most people would be shocked to find out otherwise. Thus, a major question remains: Is Bank of America lying to its customers when it tells them that they can be "certain (they're) at the valid Online Banking Web site" when they see the SiteKey image? Do banks have a responsibility to acknowledge the risks, and to inform consumers of them? Watch our video of the man-in-the-middle attack against the SiteKey system, read Bank of America's promises of safety and security on its Web site, and decide for yourself. Christopher Soghoian, a graduate student in the school of Informatics at Indiana University, delves into the areas of security, privacy and e-crime. He is a member of the CNET Blog Network. From rforno at infowarrior.org Thu Sep 20 17:54:44 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Sep 2007 13:54:44 -0400 Subject: [Infowarrior] - British Police's New Spy Drone Message-ID: British Police's New Spy Drone By David Hambling EmailSeptember 20, 2007 | 7:37:20 AMCategories: Crime, Drones, Gadgets and Gear, Homeland Security, Video Fix In my 2005 book Weapons Grade I predicted that police would soon be using micro air vehicles developed for the military. I didn?t realize it would happen quite so soon. British police are now using the Microdrone from German company Microdrones GmbH in trials. According to The Times it was used to police a rock festival this summer, and there has also been interest from "MI5, the Metropolitan police, and Soca, the Serious Organised Crime Agency " As the video below shows, its something of a contrast to the Honeywell craft we looked at earlier on in the week. It's battery powered, so it's quieter -- apparently at 350 feet it is rarely noticed from the ground -- but more limited in terms of performance. Although it might seem flimsy, the video shows how stable it is in flight. It is said to be quite rugged and can return to base even if it loses two of its four rotor blades. One unusual feature is a speaker so that police can give instructions to those on the ground. The video style is also a contrast. It contains some footage shot from a Microdrone, which gives an impressive display of its powers. Zooming in on a sunbather in a bikini as a demonstration is not likely to allay fears about how intrusive this technology might be. And the ability to hover outside a window and peer in is one which is equally open to use and abuse. Using these devices for military purposes is one thing, but when the police have them the discussion is completely different. Although in principle it won't allow them to spy on anything that couldn't already be seen from a helicopter, small and cheap MAVs are likely to be much more common. And, crucially, unlike a helicopter you will not be able to tell when one is watching you. < - > http://blog.wired.com/defense/2007/09/british-polices.html From rforno at infowarrior.org Thu Sep 20 17:37:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Sep 2007 13:37:29 -0400 Subject: [Infowarrior] - Google Wants to Track Your Medical History -- And Your Genome Message-ID: Google Wants to Track Your Medical History -- And Your Genome By Jesse Reynolds, AlterNet Posted on September 20, 2007, Printed on September 20, 2007 http://www.alternet.org/story/62847/ In a recent review of 23 internet companies by a consumer watchdog group, Privacy International, Google was the only one to receive the lowest grade, reserved for those with "comprehensive consumer surveillance and entrenched hostility to privacy." With that low mark in mind, you might find the idea of Google's having its virtual hands on your medical history a bit disturbing. The company, and its rival Microsoft, are each taking the first steps toward the burgeoning, and lucrative, industry of electronic health-records management. Having your medical records in an accessible, searchable and consistent format is certainly appealing. But you, and your doctor, would also become a magnet for advertisers offering services based on your particular medical history. Eminent technology investor and pundit Esther Dyson isn't worried about privacy policies, her personal records being hacked, or these companies cooperating with the National Security Agency. In fact, she wants you to turn over not just your medical records, but your personal genetic sequence as well. In a recent interview on Charlie Rose, Dyson explained that she's among ten people about to put their health histories and genetic sequences on the internet for public viewing. She optimistically predicts that lots of us will soon entrust such information to online companies, albeit in private accounts. Although Dyson acknowledged some of the troubling questions this prospect raises, she quickly dismissed them: "Like it or not, it's gonna happen." Her rhetorical dodge is unfortunate. The convergence of biotechnology, the web, and big business is, in fact, quite alarming. Here's the scenario: After signing up online, you receive a kit in the mail. In your home, you provide a saliva sample in the supplied cup and ship it off to a lab. For a few hundred dollars, much of your genome is sequenced, and the company places it on a website. It's then linked to your complete medical history, also online. At this point, the company says, you can learn about your predispositions to diseases, conditions for which you carry a recessive gene, and genealogical information. The website offers medical advice, along with advertisements for potentially useful products and services. You can even communicate with people with similar genetic characteristics, making "friends" and forming "groups." That seems to be the plan of a Silicon Valley start-up, 23andMe, named for the 23 pairs of chromosomes that hold your genome. Google, Genentech, and venture capital firms have invested at least $10 million in 23andMe. Its founder recently married one of Google's founders. Ms. Dyson is also an investor and board member -- something that didn't come up during her interview. The cost of genetic sequencing is rapidly falling. Though a complete sequence still goes for about a hundred thousand dollars, federal grants -- and even a privately backed $10 million prize -- are pushing down the cost. Some analysts believe that a complete genome will be sequenced for just a thousand dollars in five years. For now, 23andMe would rely just on key segments of your genome. Its service should launch within a year. So what's the problem? First, important private information will move outside of your control. If divulged, your genome and medical history can impact critical decisions by prospective employers, insurers and even spouses. Are you ready to entrust this deeply personal information to a company that gets an "F" in privacy? Second, this data will be a goldmine, but only the corporations will get a cut. Researchers currently spend millions trying to discover genes that correlate with medical conditions. With thousands of genomes and health records to compile and compare, 23andMe's technicians and statisticians will be in a position to compete with more traditional researchers. The genetic correlations they uncover will be patented, and remedies for associated ailments sold at a premium. For example, the test for genes related to breast cancer costs $3,000 -- instead of a few hundred -- largely due to patents held by Myriad Genetics, a biotech company founded by a publicly funded researcher. Will you get a share of the patents, and profits, on genes discovered by this service? You relinquished any claim when you clicked "I accept" to a long, and generally unread, term of agreement. Finally, the exact implications and potential inaccuracies of what we may learn are likely to be lost. How might you or I react upon discovering that we have the gene for a fatal, untreatable condition? How will the company make it clear that such a gene may be merely a tendency to develop the disease? What if a father learns that he is not genetically related to his child? What if these results are inaccurate? Such profound discoveries can be difficult to process in isolation from a broader medical context and counseling resources, a challenge that we are already confronting with the rise of at-home genetic tests. 23andMe plans to offer recommendations to help form social groups based on the aggregated information of thousands of users. This "Web 2.0" model has worked well for Amazon and MySpace. But in its race to transform the falling price of genetic sequencing into a dubious consumer product, the company fails to realize that your medical history and personal genome are fundamentally different than your reading habits, and "patients" are not synonymous with "consumers." In the end, the underlying view of Google and 23andMe doesn't depart significantly from traditional Silicon Valley culture: that we can depend on technology to solve the world's social problems. But given Google's privacy record, Big Biotech's aggressive patenting of the human genome, and the importance of our medical and genetic information, we should think twice about transferring this model to health care. Contrary to Dyson's claim, this future is not inevitable. Jesse Reynolds is the director of the project on Biotechnology in the Public Interest at the Center for Genetics and Society, a nonprofit advocacy organization, and a contributor to its Biopolitical Times blog. ? 2007 Independent Media Institute. All rights reserved. View this story online at: http://www.alternet.org/story/62847/ From rforno at infowarrior.org Thu Sep 20 17:35:47 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Sep 2007 13:35:47 -0400 Subject: [Infowarrior] - NSA to defend against hackers Message-ID: www.baltimoresun.com/news/nation/bal-te.nsa20sep20,0,7906814.story?coll=bal_ tab01_layout baltimoresun.com NSA to defend against hackers Privacy fears raised as spy agency turns to systems protection By Siobhan Gorman Sun reporter September 20, 2007 WASHINGTON In a major shift, the National Security Agency is drawing up plans for a new domestic assignment: helping protect government and private communications networks from cyberattacks and infiltration by terrorists and hackers, according to current and former intelligence officials. >From electricity grids to subways to nuclear power plants, the United States depends more than ever on Internet-based control systems that could be manipulated remotely in a terrorist attack, security specialists say. The plan calls for the NSA to work with the Department of Homeland Security and other federal agencies to monitor such networks to prevent unauthorized intrusion, according to those with knowledge of what is known internally as the "Cyber Initiative." Details of the project are highly classified. Director of National Intelligence Mike McConnell, a former NSA chief, is coordinating the initiative. It will be run by the Department of Homeland Security, which has primary responsibility for protecting domestic infrastructure, including the Internet, current and former officials said. At the outset, up to 2,000 people -- from the Department of Homeland Security, the NSA and other agencies -- could be assigned to the initiative, said a senior intelligence official who spoke on condition of anonymity. The NSA's new domestic role would require a revision of the agency's charter, the senior intelligence official said. Up to now, the NSA's cyberdefense arsenal has been used to guard the government's classified networks -- not the unclassified networks that now are the responsibility of other federal agencies. NSA officials declined to discuss specific programs but said cybersecurity is a critical component of what they do. "We have a strong history in information assurance and national security," said NSA spokeswoman Andrea Martino, who added that the agency will continue to play a role in cyberdefense. Homeland Security spokesman Russ Knocke said that "as the lead agency responsible for assuring the security, resiliency and reliability of the nation's information technology and communications infrastructure, our department is working to unify further and integrate the security framework for cyber operations throughout the federal government." Since the existence of its warrantless domestic eavesdropping program was revealed in 2005, the NSA and other U.S. intelligence agencies have been mired in a controversy over domestic intelligence activities. The Homeland Security Department recently came under fire amid Bush administration plans to broadly expand the use of satellite imagery to assist in federal, state and local law enforcement. Current and former intelligence officials, including several NSA veterans, warned that the agency's venture into domestic computer and communications networks -- even if limited to protecting them -- could raise new privacy concerns. To protect a network, the government must constantly monitor it. "This will create a major uproar," predicted Ira Winkler, a former NSA analyst who is now a cybersecurity consultant. "If you're going to do cybersecurity, you have to spy on Americans to secure Americans," said a former government official familiar with NSA operations. "It would be a very major step." A former senior NSA official said the difference between monitoring networks in order to defend them and monitoring them to collect intelligence is very small. The former officials spoke on condition of anonymity to protect relationships with intelligence agencies. Another former NSA official said that if the government wants to prevent cyberattacks, it makes sense to tap the agency's skills. "I've got to be able to at least look at something to determine: Do I have a threat or don't I have a threat?" the former NSA official said. "It's important that you have the best thinkers with the deepest experience working these problems on behalf of the nation." O. Sami Saydjari, a cybersecurity consultant, said the privacy concerns are real. He said intelligence agencies should be part of the solution, because they have the expertise needed to develop a national cybersecurity system, but that privacy advocates also should be part of the planning process. Computer specialists have warned for years about cyberattacks. But experts say efforts to guard against them have not gained momentum at the national level, at least in part because the public envisions a cyberattack as nothing more than a big computer crash. Those who monitor such threats said the danger has grown as control systems for potential terrorist targets have become increasingly connected to the Internet. A cyberattack could cut access to power, banking and telecommunications systems across much of the country, said Saydjari, president of the Cyber Defense Agency, a consulting firm. "The hostile groups have caught on to most of the things we're worried about," said Scott Borg, director of the U.S. Cyber Consequences Unit, a nonprofit research institute that advises the government and the private sector. "It's been remarkable in the last, really, two years how much all these things that people like me have been worried about have been bit by bit rediscovered and reinvented in the hacker world." Potential cyberattacks are being discussed in chat rooms in languages that include English, Arabic, Russian and Punjabi, he said. Terrorists and others already know many of the country's vulnerabilities, Borg said, adding that he is extremely concerned about the ability to hack into computer systems controlling nuclear power plants. A government task force issued a stark warning this year that the threat of a cyberattack to U.S. infrastructure, which can be launched from a computer anywhere in the world, is "very real and growing rapidly." In June, an alleged Chinese hacking effort shut down e-mail in Defense Secretary Robert M. Gates' office for several days. Simulation exercises, such as one dubbed Dark Angel and sponsored by the group Professionals for Cyber Defense, showed in 2003 how a cyberattack could shut down most of the nation's power grid, Saydjari said. There is growing interest among hackers in capturing information on "smart cards" that allow access to buildings and critical computer systems and using that information to gain access to the system, according to Borg. Cybersecurity has long been an orphaned responsibility in the federal government, with various agencies having some part in it. The NSA has largely been left out, because its focus has been on protecting military networks. Proposals to break off the NSA's information security branch and assign it a broader role beyond the intelligence agencies fell flat, former NSA officials say. Amit Yoran, the Homeland Security Department's first chief of cybersecurity, said in an interview that while the government has made progress, federal efforts have been "somewhat spotty" overall. Among the main challenges, he said, is that the Homeland Security Department has been given responsibility for the problem but lacks the authority and expertise to compel other agencies and the private sector to follow its lead. The new cybersecurity effort aims to build, in part, on an existing NSA program, code-named Turbulence, which has had a troubled start, the senior intelligence official said. siobhan.gorman at baltsun.com From rforno at infowarrior.org Fri Sep 21 11:58:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Sep 2007 07:58:29 -0400 Subject: [Infowarrior] - More on: TSA wants to know what you're reading Message-ID: Note that the last paragraph makes no reference to "possible violations of a law associated with a traveller" WHILE FLYING. Translation: You could be found reading books on terrorism or drug-making at an airport and that might "suggest" you are breaking the law somewhere, thus placing your name on a watchlist that's impossible to get off of because some idiot TSA screener felt what you were reading was possibly related to criminal activity. Perhaps I'm a conspiracy theorist here, but I'm not reassured by this official statement, and neither should you. Hospital gowns, booties, and a pre-boarding shot of Demerol -- it's coming soon. :( Sometimes dystopic movies and literature are a sobering reflection, if not prediction, of modern reality. -rf http://blog.wired.com/27bstroke6/2007/09/homeland-securi.html < - > > But the government is not interested in the books travelers read, according to > Knocke. > > "I flatly reject the premise that we care at all about the latest Tom Clancy > novel a traveler is reading," Knocke said. > > "But the fact does remain that CBP officials are going to be mindful of > whether there is anything that suggests there could be possible violations of > a law associated with a traveler or items in possession of a traveler as they > make an admissibility decision about that traveler," Knocke said. "That is > what they are charged by Congress to do." From rforno at infowarrior.org Fri Sep 21 12:18:27 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Sep 2007 08:18:27 -0400 Subject: [Infowarrior] - Free data sharing is here to stay Message-ID: Free data sharing is here to stay http://www.guardian.co.uk/technology/2007/sep/18/informationeconomy The information economy is here - but governments and business are still obsessed with 'protecting' information, rather than making it more productive * Cory Doctorow * Guardian Unlimited * Tuesday September 18 2007 Since the 1970s, pundits have predicted a transition to an "information economy". The vision of an economy based on information seized the imaginations of the world's governments. For decades now, they have been creating policies to "protect" information ? stronger copyright laws, international treaties on patents and trademarks, treaties to protect anti-copying technology. The thinking is simple: an information economy must be based on buying and selling information. Therefore, we need policies to make it harder to get access to information unless you've paid for it. That means that we have to make it harder for you to share information, even after you've paid for it. Without the ability to fence off your information property, you can't have an information market to fuel the information economy. But this is a tragic case of misunderstanding a metaphor. Just as the industrial economy wasn't based on making it harder to get access to machines, the information economy won't be based on making it harder to get access to information. Indeed, the opposite seems to be true: the more IT we have, the easier it is to access any given piece of information ? for better or for worse. It used to be that copy-prevention companies' strategies went like this: "We'll make it easier to buy a copy of this data than to make an unauthorised copy of it. That way, only the uber-nerds and the cash-poor/time-rich classes will bother to copy instead of buy." But every time a PC is connected to the internet and its owner is taught to use search tools like Google (or The Pirate Bay), a third option appears: you can just download a copy from the internet. Every techno-literate participant in the information economy can choose to access any data, without having to break the anti-copying technology, just by searching for the cracked copy on the public internet. If there's one thing we can be sure of, it's that an information economy will increase the technological literacy of its participants. As I write this, I am sitting in a hotel room in Shanghai, behind the Great Firewall of China. Theoretically, I can't access blogging services that carry negative accounts of Beijing's doings, like Wordpress, Blogspot and Livejournal, nor the image-sharing site Flickr, nor Wikipedia. The (theoretically) omnipotent bureaucrats of the local Minitrue have deployed their finest engineering talent to stop me. Well, these cats may be able to order political prisoners executed and their organs harvested for Party members, but they've totally failed to keep Chinese people (and big-nose tourists like me) off the world's internet. The WTO is rattling its sabers at China today, demanding that they figure out how to stop Chinese people from looking at Bruce Willis movies without permission ? but the Chinese government can't even figure out how to stop Chinese people from looking at seditious revolutionary tracts online. And, of course, as Paris Hilton, the Church of Scientology and the King of Thailand have discovered, taking a piece of information off the internet is like getting food colouring out of a swimming pool. Good luck with that. To see the evidence of the real information economy, look to all the economic activity that the internet enables ? not the stuff that it impedes. Look to all the commerce conducted by salarymen who can book their own flights with Expedia instead of playing blind man's bluff with a travel agent ("Got any flights after 4PM to Frankfurt?"). Look to all the garage crafters selling their goods on Etsy.com; the publishers selling obscure books through Amazon that no physical bookstore was willing to carry. Look to all the salwar kameez tailors in India selling bespoke clothes to westerners via eBay, without intervention by a series of skimming intermediaries. Look to the internet-era musicians who use the net to pack venues all over the world by giving away their recordings on social services like MySpace. Hell, look at my last barber, in Los Angeles: the man doesn't use a PC, but I found him by googling for "barbers" with my postcode. The information economy is driving his cost of customer acquisition to zero, and he doesn't even have to actively participate in it. Better access to more information is the hallmark of the information economy. The more IT we have, the more skill we have, the faster our networks get and the better our search tools get, the more economic activity the information economy generates. Many of us sell information in the information economy ? I sell my printed books by giving away electronic books, lawyers and architects and consultants are in the information business and they drum up trade with Google ads, and Google is nothing but an info-broker ? but none of us rely on curtailing access to information. Like a bottled water company, we compete with free by supplying a superior service, not by eliminating the competition. The world's governments might have bought into the old myth of the information economy, but not so much that they're willing to ban the PC and the internet. ? Cory Doctorow is an activist, science fiction author and co-editor of the blog Boing Boing. From rforno at infowarrior.org Fri Sep 21 16:31:26 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Sep 2007 12:31:26 -0400 Subject: [Infowarrior] - Australia pushes further Web censorship Message-ID: Australia pushes further Web censorship By Jo Best http://www.news.com/Australia-pushes-further-Web-censorship/2100-1028_3-6209 337.html Story last modified Fri Sep 21 08:36:38 PDT 2007 A bill introduced this week by Australia's Parliament would give the Australian federal police the power to control which sites can and cannot be viewed by Australian Web surfers. Introduced on Thursday, the bill--titled the Communications Legislation Amendment (Crime or Terrorism Related Internet Content) Bill 2007--would empower the federal police to alter the "blacklist" of sites that are currently prohibited by the Australian Communications and Media Authority. The list currently includes pornography and "offensive material." However, under the amendment, federal police would be able to add other sites to the list, including content that the AFP Commissioner "has reason to believe...is crime- or terrorism-related content." The definition of material that may be liable for censorship includes Internet content that "encourages, incites or induces," "facilitate(s)" or "has, or is likely to have, the effect of facilitating" a crime. Once such content has been identified by the AFP, Internet service providers may be responsible for blocking their users from accessing it. According to the government, the legislation is designed to target phishing and terrorist sites, among other online criminal activity. "The new arrangements will allow harmful sites to be more quickly added to software filters," said Eric Abetz, a senator for Tasmania, who introduced the bill. "Of course the best outcome is for these sites to be taken down and their hosts prosecuted. But this takes time, particularly as most of these sites are hosted overseas. "Rapid blacklisting means that the damage these sites can do can be more quickly reduced whilst takedown and prosecution processes are pursued, usually overseas," Abetz said. Privacy groups have already criticized the legislation as an attack on free speech. "This government's extremism has reached new heights today," said the chair of the Australian Privacy Foundation, Roger Clarke. "How can a politician claim the right to hold office if they set out to undermine the critical democratic right of freedom of speech, and blatantly decline to evaluate the impact of measures put before the Parliament?" Jo Best of ZDNet Australia reported from Sydney. Copyright ?1995-2007 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Fri Sep 21 16:36:53 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Sep 2007 12:36:53 -0400 Subject: [Infowarrior] - Has Google Plans to Lay a Pacific Cable? Message-ID: Has Google Plans to Lay a Pacific Cable? By Saul Hansell http://bits.blogs.nytimes.com/2007/09/21/google-plans-undersea-pacific-cable /index.html?hp Google may be the ultimate do-it-yourself company. From the start, Google?s sense of its own engineering superiority, combined with a tightwad sensibility, led it to build its own servers. It writes is own operating systems. It is now threatening to start its own wireless carrier and it is getting ready to hire ships that will lay a data communications cable across the Pacific, according to a report from Communications Day, an Australian trade news service. Google would plan to be part of a project called Unity that would also include several telecommunications companies, that hopes to have a cable in service by 2009, the publication wrote. It would own a dedicated portion of the multi-terabit cable, giving it a significant cost advantage for trans-Pacific data transmission over rival Internet companies. Barry Schnitt, a Google spokesman, didn?t confirm the plan, but did tell the publication the company is interested in the area, saying, ?Additional infrastructure for the Internet is good for users and there are a number of proposals to add a Pacific submarine cable. We?re not commenting on any of these plans.? Communications Day also noted that Google has advertised to hire people who would ?be involved in new projects or investments in cable systems that Google may contemplate to extend or grow its backbone.? Google has long been buying up data communications capacity. Its search engine works by making copies of nearly every page of the Internet in its own data centers, requiring that it move no small amount of data around the world on a regular basis. And its new plans to deliver applications over the Internet will use even more bandwidth. Dave Burstein, the editor of DSLPrime, who tipped me off to the CommDay report, explained even though there is a lot of unused fiber capacity across the Pacific, there are few players, and prices are seen as unusually high. He adds that there is a glut of cable laying ships, so the cost of building a new link to Asia has come down. This new move puts Google in competition again with Verizon, which has fought Google?s approach to the new wireless spectrum auction in the United States. Verizon is part of a group of Asian Carriers that is building a $500 million cable between the United States and China. From rforno at infowarrior.org Sat Sep 22 00:50:40 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Sep 2007 20:50:40 -0400 Subject: [Infowarrior] - N.Y. Drops Citizenship Proof For Driver's Licenses Message-ID: N.Y. Drops Citizenship Proof For Driver's Licenses Move Should Cut Down Unlicensed Illegal Immigrants http://wcbstv.com/topstories/local_story_264172034.html Andrew Kirtzman Reporting (CBS) NEW YORK They were celebrating outside the governor's office Friday as Eliot Spitzer handed a landmark victory to a half-million illegal immigrants. The state will no longer require proof of citizenship for driver's licenses. "We're changing our policy with respect to getting more people out of shadows and into the system so people don't hide they're here," Spitzer said. He said the current restrictions on non-citizens have filled the roads with unlicensed drivers five times more likely to get into accidents. But the also called it a matter of justice. "As long as I'm governor we won't pretend they don't exist, cut them off from society," Spitzer said. But the action triggered a bitter response from some 9/11 family members, who said the governor would be providing identification for potential terrorists. And a Brooklyn state senator says he'll try to overturn the decision. "This governor has chosen to give the keys to the city, the keys to the state to terrorism," Golden said. As for the public, it's clear that people have strong feelings on both sides of the issue. "I don?t think if you're here illegally you should have the same privileges people who are here legally do," office manager Cliff Hoffman said. Added legal word processor Bill Slater: "I think illegal people are getting a free ride. I don't think it's fair to other hard-working citizens who do work hard." Planning consultant John Madden said the move is also a pre-emptive strike against another type of potentially hazardous driver. "The problem is they're gonna drive anyway," Madden said. "You might as well make them legal drivers with insurance." The new rules will start to kick in at the end of the year, unless someone finds a way to put a halt to them. Under the new policy, the Department of Motor Vehicles will accept foreign passports and birth certificates from immigrants as proof of identification. They will no longer need to provide a Social Security card. From rforno at infowarrior.org Sat Sep 22 01:32:25 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Sep 2007 21:32:25 -0400 Subject: [Infowarrior] - Reminder: Do Not Call Lists Expire, Renew Your Blocks! Message-ID: http://tinyurl.com/2n854k Do Not Call Listings Aren't Forever By JENNIFER C. KERR Associated Press Writer 2:32 PM CDT, September 21, 2007 WASHINGTON The cherished dinner hour void of telemarketers could vanish next year for millions of people when phone numbers begin dropping off the national Do Not Call list. The Federal Trade Commission, which oversees the list, says there is a simple fix. But some lawmakers think it is a hassle to expect people to re-register their phone numbers every five years. Numbers placed on the registry, begun in June 2003, are valid for five years. For the millions of people who signed onto the list in its early days, their numbers will automatically drop off beginning next June if they do not enroll again. "It is incredibly quick and easy to do," Lydia Parnes, director of the FTC's bureau of consumer protection, said in an interview with The Associated Press this week. "It was so easy for people to sign up in the first instance. It will be just as easy for them to re-up." But Rep. Mike Doyle, D-Pa., says people should not be forced to re-register to keep telemarketers at bay. Doyle introduced legislation this week, with bipartisan support, to make registrations permanent. "When someone takes the time and effort to say 'I don't want these kinds of calls coming into my house,' they shouldn't have to keep a calendar to find out when they have to re-up to keep this nuisance from happening," Doyle said in an interview. The FTC built the five-year expiration date into the program to account for changes, such as people who move and switch their phone number. "Just like a regular person who needs to clean out their address book every so often, the commission felt that was something that was important to do with the registry," explained Parnes. Doyle, however, points out that the list is purged each month of numbers that have been disconnected and reassigned to new customers. He called the FTC's position on the need for an expiration date "completely bogus." People can register their home and cell phone numbers or file complaints at http://www.donotcall.gov or by calling 1-888-382-1222. The registry prohibits telemarketers from calling phone numbers on the list. Companies face fines of up to $11,000 for each violation. Organizations engaged in charitable, political or survey work are exempt. Companies that have an established business relationship with a customer also may call for up to 18 months after the last purchase, payment or delivery. In the first week of the program, people signed up 18 million numbers. The registry now has more than 149 million phone numbers. "I think it's fantastic," said Bonnie Darling of Arlington, Va. Darling placed her name on the list this year after being flooded with calls from roofing companies, chimney sweeps and construction businesses. She has not heard from those companies in months. Darling is not worried about the five-year expiration. She said she expects it to be just as easy to register as it was a couple months ago. But Eileen Feldman of Needham, Mass., thinks the expiration date is "ridiculous." "If you wanted to keep your numbers on there for a lifetime, you should have that option," said Feldman, who placed her phone number on the registry when the program first began. "There's no reason I should need to remember to register every five years." The FTC plans a consumer education program next spring on the re-registration process. While polls have shown consumers reporting far fewer unwanted phone calls, some telemarketers continue to violate the law. Since the registry began, the government has filed cases against more than 30 companies, resulting in $8.8 million in civil penalties and $8.6 million in redress to consumers and forfeitures. Most of the penalties were paid by satellite television provider DirecTV Inc., as part of the largest settlement in the program's history. DirecTV agreed to pay $5.3 million in December 2005 to settle charges that it and several telemarketing companies it hired had called numbers on the list. The company said then that it had stopped working with those telemarketers and taken steps to avoid calling numbers on the list. Telemarketers are required to pay an annual subscription fee to access the FTC list so those numbers can be blocked from their dial-out programs. The companies also must update their own calling lists every 31 days to ensure there are no numbers from the registry on them. The annual subscription fee for the list costs $62 for each area code, with a maximum cost of $17,050 for access to all U.S. numbers on the list. The FTC reported this year that 6,824 companies and other entities paid $21.7 million in fees to access the database in fiscal year 2006. All told, 15,218 entities have paid $59 million in fees to access the database since the program's inception. Most of the fees charged by the government are used to support the Do Not Call program. * __ On the Net: Information on the House bill, H.R. 3541, can be found at http://thomas.loc.gov From rforno at infowarrior.org Sat Sep 22 01:36:19 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 21 Sep 2007 21:36:19 -0400 Subject: [Infowarrior] - Germany banning digital copying, period Message-ID: Digital copies of TV programs banned By ERIK KIRSCHBAUM http://www.variety.com/article/VR1117972434.html?categoryid=19&cs=1 BERLIN ? Germany's upper house of parliament on Friday approved a controversial copyright law, which makes it all but illegal for individuals to make copies of films and music, even for their own use. The Bundesrat pushed aside criticism from consumer protection groups and passed the law, which makes it illegal for anyone to store DVDs and CDs without permission. The law also covers digital copies from IPTV and TV broadcasts. Consumer groups and the Green Party had campaigned in vain to include a "bagatelle exemption," so that the measure would not "criminalize" youths and other private users. The law is set to take effect in 2008. The law goes beyond previous legislation brought in by the German government to help the entertainment industry. Germany's federal justice minister Brigitte Zypris claimed that the legislative reform brought German law into line with European Union codes. From rforno at infowarrior.org Sat Sep 22 16:04:19 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Sep 2007 12:04:19 -0400 Subject: [Infowarrior] - Data Collection on travellers more extensive than previously known Message-ID: Collecting of Details on Travelers Documented U.S. Effort More Extensive Than Previously Known By Ellen Nakashima Washington Post Staff Writer Saturday, September 22, 2007; A01 http://www.washingtonpost.com/wp-dyn/content/article/2007/09/21/AR2007092102 347_pf.html The U.S. government is collecting electronic records on the travel habits of millions of Americans who fly, drive or take cruises abroad, retaining data on the persons with whom they travel or plan to stay, the personal items they carry during their journeys, and even the books that travelers have carried, according to documents obtained by a group of civil liberties advocates and statements by government officials. The personal travel records are meant to be stored for as long as 15 years, as part of the Department of Homeland Security's effort to assess the security threat posed by all travelers entering the country. Officials say the records, which are analyzed by the department's Automated Targeting System, help border officials distinguish potential terrorists from innocent people entering the country. But new details about the information being retained suggest that the government is monitoring the personal habits of travelers more closely than it has previously acknowledged. The details were learned when a group of activists requested copies of official records on their own travel. Those records included a description of a book on marijuana that one of them carried and small flashlights bearing the symbol of a marijuana leaf. The Automated Targeting System has been used to screen passengers since the mid-1990s, but the collection of data for it has been greatly expanded and automated since 2002, according to former DHS officials. Officials yesterday defended the retention of highly personal data on travelers not involved in or linked to any violations of the law. But civil liberties advocates have alleged that the type of information preserved by the department raises alarms about the government's ability to intrude into the lives of ordinary people. The millions of travelers whose records are kept by the government are generally unaware of what their records say, and the government has not created an effective mechanism for reviewing the data and correcting any errors, activists said. The activists alleged that the data collection effort, as carried out now, violates the Privacy Act, which bars the gathering of data related to Americans' exercise of their First Amendment rights, such as their choice of reading material or persons with whom to associate. They also expressed concern that such personal data could one day be used to impede their right to travel. "The federal government is trying to build a surveillance society," said John Gilmore, a civil liberties activist in San Francisco whose records were requested by the Identity Project, an ad-hoc group of privacy advocates in California and Alaska. The government, he said, "may be doing it with the best or worst of intentions. . . . But the job of building a surveillance database and populating it with information about us is happening largely without our awareness and without our consent." Gilmore's file, which he provided to The Washington Post, included a note from a Customs and Border Patrol officer that he carried the marijuana-related book "Drugs and Your Rights." "My first reaction was I kind of expected it," Gilmore said. "My second reaction was, that's illegal." DHS officials said this week that the government is not interested in passengers' reading habits, that the program is transparent, and that it affords redress for travelers who are inappropriately stymied. "I flatly reject the premise that the department is interested in what travelers are reading," DHS spokesman Russ Knocke said. "We are completely uninterested in the latest Tom Clancy novel that the traveler may be reading." But, Knocke said, "if there is some indication based upon the behavior or an item in the traveler's possession that leads the inspection officer to conclude there could be a possible violation of the law, it is the front-line officer's duty to further scrutinize the traveler." Once that happens, Knocke said, "it is not uncommon for the officer to document interactions with a traveler that merited additional scrutiny." He said that he is not familiar with the file that mentions Gilmore's book about drug rights, but that generally "front-line officers have a duty to enforce all laws within our authority, for example, the counter-narcotics mission." Officers making a decision to admit someone at a port of entry have a duty to apply extra scrutiny if there is some indication of a violation of the law, he said. The retention of information about Gilmore's book was first disclosed this week in Wired News. Details of how the ATS works were disclosed in a Federal Register notice last November. Although the screening has been in effect for more than a decade, data for the system in recent years have been collected by the government from more border points, and also provided by airlines -- under U.S. government mandates -- through direct electronic links that did not previously exist. The DHS database generally includes "passenger name record" (PNR) information, as well as notes taken during secondary screenings of travelers. PNR data -- often provided to airlines and other companies when reservations are made -- routinely include names, addresses and credit-card information, as well as telephone and e-mail contact details, itineraries, hotel and rental car reservations, and even the type of bed requested in a hotel. The records the Identity Project obtained confirmed that the government is receiving data directly from commercial reservation systems, such as Galileo and Sabre, but also showed that the data, in some cases, are more detailed than the information to which the airlines have access. Ann Harrison, the communications director for a technology firm in Silicon Valley who was among those who obtained their personal files and provided them to The Post, said she was taken aback to see that her dossier contained data on her race and on a European flight that did not begin or end in the United States or connect to a U.S.-bound flight. "It was surprising that they were gathering so much information without my knowledge on my travel activities, and it was distressing to me that this information was being gathered in violation of the law," she said. James P. Harrison, director of the Identity Project and Ann Harrison's brother, obtained government records that contained another sister's phone number in Tokyo as an emergency contact. "So my sister's phone number ends up being in a government database," he said. "This is a lot more than just saying who you are, your date of birth." Edward Hasbrouck, a civil liberties activist who was a travel agent for more than 15 years, said that his file contained coding that reflected his plan to fly with another individual. In fact, Hasbrouck wound up not flying with that person, but the record, which can be linked to the other passenger's name, remained in the system. "The Automated Targeting System," Hasbrouck alleged, "is the largest system of government dossiers of individual Americans' personal activities that the government has ever created." He said that travel records are among the most potentially invasive of records because they can suggest links: They show who a traveler sat next to, where they stayed, when they left. "It's that lifetime log of everywhere you go that can be correlated with other people's movements that's most dangerous," he said. "If you sat next to someone once, that's a coincidence. If you sat next to them twice, that's a relationship." Stewart Verdery, former first assistant secretary for policy and planning at DHS, said the data collected for ATS should be considered "an investigative tool, just the way we do with law enforcement, who take records of things for future purposes when they need to figure out where people came from, what they were carrying and who they are associated with. That type of information is extremely valuable when you're trying to thread together a plot or you're trying to clean up after an attack." Homeland Security Secretary Michael Chertoff in August 2006 said that "if we learned anything from Sept. 11, 2001, it is that we need to be better at connecting the dots of terrorist-related information. After Sept. 11, we used credit-card and telephone records to identify those linked with the hijackers. But wouldn't it be better to identify such connections before a hijacker boards a plane?" Chertoff said that comparing PNR data with intelligence on terrorists lets the government "identify unknown threats for additional screening" and helps avoid "inconvenient screening of low-risk travelers." Knocke, the DHS spokesman, added that the program is not used to determine "guilt by association." He said the DHS has created a program called DHS Trip to provide redress for travelers who faced screening problems at ports of entry. But DHS Trip does not allow a traveler to challenge an agency decision in court, said David Sobel, senior counsel with the Electronic Frontier Foundation, which has sued the DHS over information concerning the policy underlying the ATS. Because the system is exempted from certain Privacy Act requirements, including the right to "contest the content of the record," a traveler has no ability to correct erroneous information, Sobel said. Zakariya Reed, a Toledo firefighter, said in an interview that he has been detained at least seven times at the Michigan border since fall 2006. Twice, he said, he was questioned by border officials about "politically charged" opinion pieces he had published in his local newspaper. The essays were critical of U.S. policy in the Middle East, he said. Once, during a secondary interview, he said, "they had them printed out on the table in front of me." Researcher Julie Tate contributed to this report. From rforno at infowarrior.org Sat Sep 22 18:06:43 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Sep 2007 14:06:43 -0400 Subject: [Infowarrior] - DRM a grave threat to privacy (report from cippic) In-Reply-To: <3F182A8A-3D5D-465E-9998-53F0DE7D6020@vt.edu> Message-ID: (c/o JH) http://www.cippic.ca/uploads/CIPPIC_Report_DRM_and_Privacy.pdf Our assessment of the compliance of these DRM applications with PIPEDA led to a number of general findings: ? Fundamental privacy-based criticisms of DRM are well-founded: we observed tracking of usage habits, surfing habits, and technical data. ? Privacy invasive behaviour emerged in surprising places. For example, we observed e-book software profiling individuals. We unexpectedly encountered DoubleClick - an online marketing firm - in a library digital audio book. ? Many organizations take the position that IP addresses do not constitute "personal information" under PIPEDA and therefore can be collected, used and disclosed at will. This interpretation is contrary to Privacy Commissioner findings. IP addresses are collected by a variety of DRM tools, including tracking technologies such as cookies and pixel tags (also known as web bugs, clear gifs, and web beacons). ? Companies using DRM to deliver content often do not adequately document in their privacy policies the DRM-related collection, use and disclosure of personal information. This is particularly so where the DRM originates with a third party supplier. ? Companies using DRM often fail to comply with basic requirements of PIPEDA. From rforno at infowarrior.org Sun Sep 23 02:34:37 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Sep 2007 22:34:37 -0400 Subject: [Infowarrior] - MD high school for Homeland Security? Message-ID: Black Ops Jungle: The Academy of Military-Industrial-Complex Studies By Chris Colin September/October 2007 Issue http://www.motherjones.com/news/outfront/2007/09/black-ops-jungle.html Dedicated to everything from architecture to sports medicine, "career academies" claim to offer high school kids focus, relevancy, and solid job prospects. Now add a new kind of program to the list: homeland security high. In late August, Maryland's Joppatowne High School became the first school in the country dedicated to churning out would-be Jack Bauers. The 75 students in the Homeland Security and Emergency Preparedness magnet program will study cybersecurity and geospatial intelligence, respond to mock terror attacks, and receive limited security clearances at the nearby Army chemical warfare lab. The new school is funded and guided by a slew of federal, state, and local agencies, not to mention several defense firms. Officials say it will teach kids to understand the "new reality," though they hasten to add that the school isn't focused just on terrorism. School administrators, channeling Cheneyesque secrecy, refused to be interviewed for this story. But it's no secret that the program is seen as a model for the rest of the country, with the Pentagon and other agencies watching closely. Students will choose one of three specialized tracks: information and communication technology, criminal justice and law enforcement, or "homeland security science." David Volrath, executive director of secondary education for Harford County Public Schools, says the school also hopes to offer "Arabic or some other nontraditional, Third World-type language." The school's main goal is to get its grads jobs in the booming $24-billion-a-year homeland security industry. It's certainly in the right location: Northeast Maryland has become a mecca for the military-industrial complex. The Army's Aberdeen Proving Ground is the county's biggest employer, and all manner of defense contractors have set up shop nearby, including weapons maker Northrop Grumman. However, it's not clear how many Joppatowne grads will be on track to join the upper echelons of the intelligence community and how many will wind up as airport screeners. "We do want to encourage higher education," Volrath says. "We also want to be realistic. Some of these defense contractors will have huge security needs, and the jobs won't require four years of college." Critics see the school as a troubling landmark: a public school, possibly the first of many, that is an active participant in the war on terror. Jonathan Zimmerman, director of New York University's History of Education Program, says that if it offered students an "intellectually curious" curriculum, "I'd send my daughter there. But my fear is that they will instead teach a series of predigested truths about keeping our country safe." Volrath maintains that Joppatowne High will remain above the fray. "The school's built around the marketplace that surrounds the defense industry," he explains, "but the program's not involved in war or peace. Still, there are some realities about good guys and bad guys that will surely be discussed." From rforno at infowarrior.org Mon Sep 24 02:12:56 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Sep 2007 22:12:56 -0400 Subject: [Infowarrior] - Terror Watch: A Secret Lobbying Campaign Message-ID: Terror Watch: A Secret Lobbying Campaign The secret lobbying campaign your phone company doesn't want you to know about WEB EXCLUSIVE By Michael Isikoff and Mark Hosenball Newsweek Updated: 7:00 a.m. ET Sept 20, 2007 Sept. 20, 2007 - The nation?s biggest telecommunications companies, working closely with the White House, have mounted a secretive lobbying campaign to get Congress to quickly approve a measure wiping out all private lawsuits against them for assisting the U.S. intelligence community?s warrantless surveillance programs. The campaign?which involves some of Washington's most prominent lobbying and law firms?has taken on new urgency in recent weeks because of fears that a U.S. appellate court in San Francisco is poised to rule that the lawsuits should be allowed to proceed. If that happens, the telecom companies say, they may be forced to terminate their cooperation with the U.S. intelligence community?or risk potentially crippling damage awards for allegedly turning over personal information about their customers to the government without a judicial warrant. ?It?s not an exaggeration to say the U.S. intelligence community is in a near-panic about this,? said one communications industry lawyer familiar with the debate who asked not to be publicly identified because of the sensitivity surrounding the issue. But critics say the language proposed by the White House?drafted in close cooperation with the industry officials?is so extraordinarily broad that it would provide retroactive immunity for all past telecom actions related to the surveillance program. Its practical effect, they argue, would be to shut down any independent judicial or state inquires into how the companies have assisted the government in eavesdropping on the telephone calls and e-mails of U.S. residents in the aftermath of the September 11 terror attacks. ?It?s clear the goal is to kill our case," said Cindy Cohn, legal director of the Electronic Frontier Foundation, a San Francisco-based privacy group that filed the main lawsuit against the telecoms after The New York Times first disclosed, in December 2005, that President Bush had approved a secret program to monitor the phone conversations of U.S. residents without first seeking judicial warrants. The White House subsequently confirmed that it had authorized the National Security Agency to conduct what it called a ?terrorist surveillance program? aimed at communications between suspected terrorists overseas and individuals inside the United States. But the administration has also intervened, unsuccessfully so far, to try to block the lawsuit from proceeding and has consistently refused to discuss any details about the extent of the program?rebuffing repeated congressional requests for key legal memos about it. "They are trying to completely immunize this [the surveillance program] from any kind of judicial review,? added Cohn. ?I find it a little shocking that Congress would participate in the covering up of what has been going on." But congressional staffers said this week that some version of the proposal is likely to pass?in part because of a high-pressure lobbying campaign warning of dire consequences if the lawsuits proceed. Director of National Intelligence Mike McConnell seemed to raise the stakes recently when he contended in an interview with the El Paso Times that the private lawsuits could ?bankrupt these companies.? Among those coordinating the industry?s effort are two well-connected capital players who both worked for President George H.W. Bush: Verizon general counsel William Barr, who served as attorney general under 41, and AT&T senior executive vice president James Cicconi, who was the elder Bush's deputy chief of staff. Working with them are a battery of major D.C. lobbyists and lawyers who are providing "strategic advice" to the companies on the issue, according to sources familiar with the campaign who asked not to be identified talking about it. Among the players, these sources said: powerhouse Republican lobbyists Charlie Black and Wayne Berman (who represent AT&T and Verizon, respectively), former GOP senator and U.S. ambassador to Germany Dan Coats (a lawyer at King & Spaulding who is representing Sprint), former Democratic Party strategist and one-time assistant secretary of State Tom Donilon (who represents Verizon), former deputy attorney general Jamie Gorelick (whose law firm also represents Verizon) and Brad Berenson, a former assistant White House counsel under President George W. Bush who now represents AT&T. Because of the extreme secrecy surrounding the warrantless surveillance program, few if any of the lobbyists and lawyers are prepared to speak publicly about their role. ?My client requires me not to talk to the press,? said the normally loquacious Black when asked by NEWSWEEK about his lobbying for AT&T. Berman and Berenson also declined comment. Gorelick confirmed that she is providing "strategic advice," not lobbying for Verizon. Coats and Donilon did not respond to requests for comment. But according to three industry sources, these and other players have been conferring with each other over legislative strategy and targeting key lawmakers and staffers, especially those on the House and Senate Intelligence and Judiciary Committees. The lobbyists have set up meetings and arranged conference calls, pressing the argument that failure to provide protection to the companies could interfere with the vital assistance they say the telecom industry has provided the intelligence community in monitoring the communications of Al Qaeda and other terrorist operations overseas. The case for new legislation retroactively giving telecoms companies protection against private lawsuits?including lawsuits already pending?was outlined this week by Kenneth Wainstein, assistant attorney general for national security. At a House Judiciary Committee hearing chaired by Rep. John Conyers, a Michigan Democrat, Wainstein said that giving telecoms companies retroactive liability was a matter of "general fairness." "I think it's sort of fundamentally unfair and just not right to?if a company allegedly assisted the government in its national-security efforts, in an effort to defend the country at a time of peril, that they then get turned around and face tremendously costly litigation and maybe even crushing liability for having helped the United States government at a time of need ... it's just not right," Wainstein testified. Wainstein also claimed that "every time we have one of these lawsuits, very sensitive information gets discussed and gets leaked out, disseminated out in the public. And our adversaries are smart, both the terrorists who might be over in, you know, someplace in the Middle East are smart, and then the governments that might be our adversaries are tremendously sophisticated, and they're gleaning all this information that gets out." Wainstein also said that a telecom company's overseas assets could be threatened if its collaboration in U.S. espionage efforts were confirmed in a court case. The campaign for industry protection was initially launched last summer when administration and industry officials first tried to get the immunity provision included in the Protect America Act?a measure passed by Congress and signed by President Bush on Aug. 5 that allowed the surveillance program to continue and temporarily gave the National Security Agency expanded eavesdropping powers. At the time, Democrats in Congress balked at including the kind of sweeping retroactive civil immunity protections that the industry sought. But then, on Aug. 15, a three-judge panel of the Ninth Circuit Court of Appeals in San Francisco heard oral arguments in a Justice Department motion to block the Electronic Frontier Foundation lawsuit against AT&T. More than 40 other civil suits filed against the telecoms?many of them seeking billions of dollars in damages?had been consolidated with the EFF lawsuit. But the Justice Department had sought to block the lawsuits under the ?state privilege? doctrine, which can require the dismissal of suits that might endanger national security. The three-judge panel, made up entirely of Democratic appointees, seemed openly skeptical of the Justice Department?s arguments, prompting many court observers to conclude that the panel was likely to issue a ruling permitting the lawsuits to proceed. At one point in the proceedings, one of the judges, Harry Pregerson, a Jimmy Carter appointee, appeared annoyed with the Justice Department lawyer, Gregory Garre. The judge wanted Garre to provide direct answers to questions about the scope of the just-passed surveillance law, according to press reports. When Garre tried to explain that the law was complicated, Pregerson shot back: ?Can?t be any more complicated than my phone bill.? The administration is keeping up pressure on Congress for quick action on the new version of the surveillance law?including an immunity provision for telecoms?which will take effect when the Protect America Act expires early next year. Congressional staffers say that Democrats are likely to go along with some version of the proposal. But Democratic leaders, who say they were stampeded into passing the law last summer, are insisting on having more thorough hearings and forcing the administration to turn over documents on the surveillance program. If the telecoms want immunity, some Democrats say, the White House should at least say what it is they need immunity for. URL: http://www.msnbc.msn.com/id/20884696/site/newsweek/ From rforno at infowarrior.org Mon Sep 24 11:25:45 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Sep 2007 07:25:45 -0400 Subject: [Infowarrior] - Company Will Monitor Phone Calls to Tailor Ads Message-ID: September 24, 2007 Advertising Company Will Monitor Phone Calls to Tailor Ads By LOUISE STORY http://www.nytimes.com/2007/09/24/business/media/24adcol.html?ei=5065&en=582 2f6a12e575488&ex=1191297600&partner=MYWAY&pagewanted=print Companies like Google scan their e-mail users? in-boxes to deliver ads related to those messages. Will people be as willing to let a company listen in on their phone conversations to do the same? Pudding Media, a start-up based in San Jose, Calif., is introducing an Internet phone service today that will be supported by advertising related to what people are talking about in their calls. The Web-based phone service is similar to Skype?s online service ? consumers plug a headset and a microphone into their computers, dial any phone number and chat away. But unlike Internet phone services that charge by the length of the calls, Pudding Media offers calling without any toll charges. The trade-off is that Pudding Media is eavesdropping on phone calls in order to display ads on the screen that are related to the conversation. Voice recognition software monitors the calls, selects ads based on what it hears and pushes the ads to the subscriber?s computer screen while he or she is still talking. A conversation about movies, for example, will elicit movie reviews and ads for new films that the caller will see during the conversation. Pudding Media is working on a way to e-mail the ads and other content to the person on the other end of the call, or to show it on that person?s cellphone screen. ?We saw that when people are speaking on the phone, typically they were doing something else,? said Ariel Maislos, chief executive of Pudding Media. ?They had a lot of other action, either doodling or surfing or something else like that. So we said, ?Let?s use that? and actually present them with things that are relevant to the conversation while it?s happening.? The company?s model, of course, raises questions about the line between target advertising and violation of privacy. Consumer-brand companies are increasingly trying to use data about people to deliver different ads to them based on their demographics and behavior online. Pudding Media executives said that scanning the words used in phone calls was not substantially different from what Google does with e-mail. Still, even some advertising executives were wary of the concept. ?We can never obtain too much information from the targets, and I would love to get my hands on that information,? said Jonathan Sackett, chief digital officer for Arnold Worldwide, a unit of the advertising company Havas. ?Still, it makes me caution myself and caution all of us as marketers. We really have to look at the situation, because we?re getting more intrusive with each passing technology.? Mr. Maislos said that Pudding Media had considered the privacy question carefully. The company is not keeping recordings or logs of the content of any phone calls, he said, so advertisements only relate to current calls, not past ones, and will only arrive during the call itself. Besides, Mr. Maislos said, he thought that young people, the group his company is focusing on with the call service, are less concerned with maintaining privacy than older people are. ?The trade-off of getting personalized content versus privacy is a concept that is accepted in the world,? he said. Mr. Maislos founded Pudding Media with his brother, Ruben. Each had spent several years doing intelligence work for the Israeli military. Before Pudding Media, Ariel Maislos ran a broadband company called Passave, which he sold in May 2006 to PMC-Sierra, a maker of computer chips for telecommunications equipment, for $300 million. Richard Purcell, a former chief privacy officer at Microsoft, is an adviser to Pudding Media, Ariel Maislos said. To give the ads greater accuracy, Pudding Media asks users for their sex, age range, native language and ZIP code when they sign up. For now, the company is running ads that are sold by a third-party network, but Pudding Media plans to also sell its own ads in a few months. Advertisers pay based on how often a user click on their ads, and a spokeswoman said the rates were similar to the cost-per-click prices in Google?s AdSense network. Pudding Media plans to add other payment models, like charging for each ad impression or by the number of calls an ad generates to the advertiser. As the company?s software listens in on conversations, it filters out explicit words in determining which ads to select, so that content and ads will not be shown with those inappropriate words. Pudding Media would not elaborate, beyond saying that these were ?keywords with profanity and things you wouldn?t want a 13-year-old to hear.? While the calling service only works through computers for now, Mr. Maislos said he saw the potential to use it with cellphones. The company is offering the technology to cellphone carriers to allow their customers to enjoy free calls in exchange for simultaneously watching contextually relevant ads on their screens. Callers can try Pudding Media at www.thepudding.com, dialing any number in North America. Because the service has so far been in a quiet beta test, the company would not say how many people have tried it so far. Pudding Media is also trying to sell the technology to Web publishers and media companies that would like to offer readers free calls and content related to those calls. A news site, for example, could show only its own articles and ads to people as they talked to friends. Mr. Maislos said that during tests he noticed that the content had a tendency to determine conversations. ?The conversation was actually changing based on what was on the screen,? he said. ?Our ability to influence the conversation was remarkable.? From rforno at infowarrior.org Mon Sep 24 11:32:37 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Sep 2007 07:32:37 -0400 Subject: [Infowarrior] - As the Fall Season Arrives, TV Screens Get More Cluttered Message-ID: (Sorry, NYT folks, but I wrote about this first earlier this month! -rf) September 24, 2007 As the Fall Season Arrives, TV Screens Get More Cluttered By WENDY A. LEE http://www.nytimes.com/2007/09/24/business/media/24clutter.html?_r=2&oref=sl ogin&ref=media&pagewanted=print Kyra Sedgwick, star of ?The Closer? on TNT, walks under a police tape and scans the screen with her flashlight. And every time she does, she makes Gretchen Corbin, a technical writer in Berkeley, Calif., irate. The promotional ads for ?The Closer? run in the bottom right of the screen during other TNT programs ? a graphic called a snipe. But for Ms. Corbin, who sometimes watches movies that have subtitles, the tiny images block the dialogue. ?Some ad just took over the entire bottom of the screen so I missed what the characters said to each other,? said Ms. Corbin, describing a recent experience. ?And it?s TV, so you can?t rewind.? Snipes are just the latest effort by network executives to cram promotions onto television screens in the age of channel surfing, ad skipping and screen-based multitasking. At first, viewers may feel a slight jolt of pleasure at the sight of a new visual effect, they say, but over time the intrusions contribute to the sense that the screen is far more cluttered ? not just with ads, but with news crawls and other streams of information. For better or worse, viewers say, the additions are making the experience of watching television more closely mirror the feeling of using a computer. That may be so, network executives say, but the extra content is here to stay. The snipes ? not to be confused with bugs, those network logos that pop up in screen corners during shows ? are important enough to the beleaguered television industry that the networks plan to tolerate the backlash. This fall ABC is introducing the ?ABC Start Here? campaign, which consists of a series of icons in the lower right of the screen that direct viewers to related content in other media, like books, DVDs and Web sites. At the end of ?Ugly Betty,? for instance, a shopping icon could direct viewers to places where they could buy Betty?s shoes, or an iTunes icon could invite them to that site to buy episodes of the show. The point, said Marla Provencio, an ABC executive vice president of marketing, is ?to accommodate viewers? multimedia, multichannel habits and still lead them back to ABC.? ABC tested the icons in July and will introduce them gradually this fall to get viewers familiar with the shorthand. To minimize complaints, ABC will keep the icons and all similar visuals silent. ?We do not want to invade in the viewers? space so much that we intrude on their experience,? said Ms. Provencio. Promotional content on what the industry calls the ?lower third? of the television screen is ?the way of the world these days,? Ms. Provencio said. ABC, she said, tries to make sure that the embedded ads do not interrupt, say, ?a dramatic moment on ?Grey?s Anatomy? ? but the network does want to remind people they are watching ABC. Viewers say that snipes and bugs are degrading their experience of watching television. Even some performers seem to resent the assaults on their work?s integrity. At last week?s Emmy Awards, the comedian Lewis Black delivered a blow against screen clutter, yelling, ?We don?t care about the next show. We?re watching this show.? Network executives say that the trend toward busy screens is an attempt to cater to the tastes and habits of younger viewers, who reflexively toggle among screens, online and on cellphones. David Grazian, a sociologist at the University of Pennsylvania, said that television is simply borrowing a successful feature from the video game industry. ?Screen clutter can be extremely eye catching, especially for the viewer who surfs between several channels,? he said. Viewers of MTV, VH1 and sports channels have come to expect frenetic programming. At ESPN, there has been a conscious effort to pump up the visual excitement of the viewing experience, said Norby Williamson, executive vice president of programming. ?The key word in television these days is engagement,? he said. The network first introduced a crawling banner of sports scores to the bottom of the screen in 1985, has recently introduced more aggressive visuals, such as a Monday Night Football score box in the center of the screen that changes into other bugs and banners. Today?s viewers today are conditioned to have a lot going on at once, Mr. Williamson said, adding, ?Everything is shifting. Television has to shift, too.? Sports commentators have always promoted their networks during broadcasts, but now they have extra reminders. Last month during CBS?s broadcast of the United States Open semifinals between Svetlana Kuznetsova and Anna Chakvetadze, a mini-trailer for ?Survivor: China? ran on the bottom of the screen. Mary Carillo, who was providing commentary, promptly observed that Ms. Kuznetsova would likely ?survive? the match (and she did). The trend toward visual clutter has also reshaped television news broadcasts, where the familiar sight of a lone anchor talking to a camera has grown increasingly rare. On CNN, the hyperactive pace of Wolf Blitzer?s nightly news show ?The Situation Room? is so extreme that it was parodied on ?Saturday Night Live.? With one glance at the screen, is it really possible to absorb the United States military strategy in Iraq, or that a thunderstorm is moving over the Midwest, the Standard & Poor?s index is up 16.95 points, and Sean Combs has separated from his girlfriend? ?Our pixel footprint can get way out of control,? acknowledged Jonathan Klein, the president of CNN U.S., referring to the television industry in general. Research suggests that packed screens can impede comprehension. Tom Grimes, a journalism professor at Texas State University in San Marcos, Tex., said that people who are looking for quick information like stock quotes or a weather update can handle a certain amount of clutter. But ?if they?re trying to listen to a reporter describe a complicated series of events, it?s very difficult to absorb that information? with too great a visual barrage, he said. With the Internet offering an increasingly sophisticated yet chaotic visual experience, television must decide how much it wants to mimic the computer, said Aslam Khader, vice president for marketing and strategy of Ensequence Inc., an interactive media company in Portland, Ore. ?TV is having to reinvent itself,? he said. The question remains how many self-promotions the networks can dish up without degrading the quality of their shows. Sherry Sklar, a writer in Phoenix, Ariz., said visual clutter on television ?has gotten worse ? more movement and more intrusive? in recent months. During a drama, if a character from a different show suddenly walks across the bottom of the screen, ?it?s a total disconnect and ruins your suspension of disbelief,? Ms. Sklar said, adding, ?I mainly watch PBS and HBO, probably because they don?t do as much of this stuff.? From rforno at infowarrior.org Mon Sep 24 11:51:16 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Sep 2007 07:51:16 -0400 Subject: [Infowarrior] - Germans redefine "private use" Message-ID: More on the new German DRM law...... http://arstechnica.com/news.ars/post/20070923-german-dmca-spanks-consumers-c oming-and-going.html < - > "However, private use is exclusive of anything that requires circumvention of DRM, radically reducing the amount of materials eligible for such "private use." While the entertainment industry seeks higher tariffs on things like blank CDs, music players, DVD burners, and even servers, it can continue to adopt DRM in order to make private use technically illegal." From rforno at infowarrior.org Tue Sep 25 01:13:42 2007 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Sep 2007 21:13:42 -0400 Subject: [Infowarrior] - Cell Phone Signal Map In-Reply-To: <9A53C13FB28CFF479FF3F98C639186D201F0391E@owa.brazos.org> Message-ID: Signal Map Have you ever had a cell phone that was a pain to get a signal for? Or, does your signal go out in the same place all the time? If so, you are not alone! For the life of me, I cannot get a signal on my cell phone just over the Ohio/Michigan border, which is where we go all the time to visit my roommate's dad. Even though it's supposed to be in my covered area, it never works! By using this map and other users' input, you can figure out what provider has the strongest signal in your area. To get started, type in your address or zip code and choose your carrier. Then press the Find Signal button. You'll then be whisked away to a map that has bullets on it of where a signal lies. Each bullet will show how many bars the user had at that location. Now that you've been whisked away to the map, if you just choose your provider, you will only see one color of bullets on the map. If you select any or click the All tab near the top of the map, you will see all the signals submitted in that location. If you see a bullet that is a skull, that means there is a dead zone in that particular area. If you double click the bullet, you will get the information the user submitted about that spot. You can also use the arrows in the top left corner of the map to zoom in and out and move the map around. Or, you can go over the top right corner of the map and change the view of it. Your options are: Map, Satellite or Hybrid. You can also add your signal to help create a map of signal strength and usage in your area. It's really easy to do. Just type in your address or zip code and press the Add Signal button. Then pick up the red marker and drop it closest to where you live on the map. That will then pop up a form for you to fill out where you choose your carrier, whether you're indoors, your signal strength and what type of phone you have. http://www.signalmap.com/ From rforno at infowarrior.org Tue Sep 25 17:46:17 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Sep 2007 13:46:17 -0400 Subject: [Infowarrior] - USG Wants American Internet to Work as A Microphone Message-ID: Government Wants American Internet to Work as A Microphone, Willing to Mislead to Get There By Ryan Singel EmailSeptember 24, 2007 | 4:26:17 PMCategories: Surveillance The Bush Administration is pushing Congress hard to give the intelligence community the authority to order domestic communication companies - your ISP, a phone company, Skype or any email provider based in the United States to turn on surveillance or turn over the content of communications to the Intelligence community without a warrant. The law just passed by Congress this summer does just that, and the Administration wants that power made permanent. In short, the government and its supporters wants all of the internet to act like a giant microphone that can be turned on at any moment in secret by the government on any target without court oversight with the promise, but no external oversight, that the nation's spooks are only using the microphone to listen in on the nation's enemies. They say it's the same thing as letting police set up sobriety checkpoints. < - > http://blog.wired.com/27bstroke6/2007/09/government-want.html From rforno at infowarrior.org Tue Sep 25 17:48:32 2007 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Sep 2007 13:48:32 -0400 Subject: [Infowarrior] - Insightful: Former DARPA Director speaks Message-ID: The IT Godfather Speaks: Q&A With Charles M. Herzfeld Gary Anthes http://computerworld.com/action/article.do?command=viewArticleBasic&article Id=9035398&pageNumber=1 September 24, 2007 (Computerworld) Is DARPA still funding the kinds of research that made the U.S. an IT leader? Charles M. Herzfeld, a senior fellow at the Potomac Institute for Policy Studies in Arlington, Va., has a few thoughts on the matter. Herzfeld was hired by the Advanced Research Projects Agency (later renamed the Defense Advanced Research Projects Agency) in 1961 to head up research in ballistic missile defense, and he became ARPA's fifth director in 1965. He also served as director of Defense Research & Engineering, to which DARPA reports, from 1990 to 1991. What was your introduction to computing? When I was a graduate student at the University of Chicago, in 1948 or so, John von Neumann came and gave three seminars on electronic computing. He was instrumental in getting the ENIAC built, and he came to tell us about it. It was hugely important stuff, and it changed my life absolutely. Then, before ARPA, J.C.R. Licklider gave two or three lectures at the Pentagon, and I remember those vividly. He said, "The way we were doing computing is really pretty stupid. I think there's a better way." He was a brilliant man, and I became a disciple of his. And a few years later, you and Licklider would end up at ARPA, with Licklider the first director of its Information Processing Techniques Office. Yes. IPTO was one of the things at ARPA that I became godfather of. I was the go-to guy if it got into trouble. [The IPTO] directors changed the world, but I claim to be the godfather, not the father. And as godfather, I took their message to Congress. What else did you do as godfather? I signed the first two or three ARPA orders in 1966 and 1967 as director. I said, "Do that -- build a network, however small and crappy it is." Lick was gone by then [he went to IBM in 1964], but I had recruited Bob Taylor as the follow-on. One day Taylor dropped into my office, and he got $1 million in 20 minutes. He acts like I was sitting in my chair handing out million-dollar checks, but not so. I was sure that networking computers would change computing. I do not claim to have foreseen what happened, but I knew Licklider was on to something. Did you casually hand out big sums like that very often? Whenever it was needed. My secret was that I always had money because there was a long list of things we were doing that we didn't have to do. I was ruthless about that. What else did IPTO do in those early days? We created the whole artificial intelligence community and funded it. And we created the computer science world. When we started [IPTO], there were no computer science departments or computer science professionals in the world. None. Do you agree with some today that DARPA has pulled back from the long-range, high-risk projects? There certainly has been a change, and it's not for the better. But it may be inevitable. I'm not sure one could start the old ARPA nowadays. It would be illegal, perhaps. We now live under tight controls by many people who don't understand much about substance. What was unique about IPTO was that it was very broad technically and philosophically, and nobody told you how to structure it. We structured it. It's very hard to do that today. But why? Why couldn't a Licklider come in today and do big things? Because the people that you have to persuade are too busy, don't know enough about the subject and are highly risk-averse. When President Eisenhower said, "You, Department X, will do Y," they'd salute and say, "Yes, sir." Now they say, "We'll get back to you." I blame Congress for a good part of it. And agency heads are all wishy-washy. What's missing is leadership that understands what it is doing. The Washington Post [on Aug. 13] ran a Page 1 story saying that the FBI had given emergency responders $25 million in "computer kits" for exchanging information on suspected explosives, including weapons of mass destruction. But, The Post said, many of the kits didn't work and some were just abandoned. What do you make of that kind of report? We are becoming incapable of handling a technology challenge of any major magnitude. We are losing the ability to do big, complicated things. In your example, nobody thought that someone had to organize a maintenance space for repairs, spare parts and so on. They only thought about buying the radios. Is it partly a failure of technology? Absolutely not. We have technology on the shelf we don't know what to do with, and we are buying more every day, to the tune of billions of dollars a year. What's missing is leadership that understands what it is doing. The whole thing is just off the rails. What's the story at the National Science Foundation? My friends complain that they have to submit 10 proposals to get one funded. Cuckoo. And it's tremendously demoralizing and very inefficient. The process is too risk-averse. But doing really good research is a high-risk proposition. If the system does not fund thinking about big problems, you think about small problems. Could there be another Sputnik? Yes, I expect it. In the biological world, it may be an accident. Someone is doing virus research and comes up with something that spreads easily and kills a lot of people. There is terrorism. It is absolutely thinkable that these guys will steal a nuclear weapon, have some technical help and blow it off in New York Harbor. Gary Anthes is a Computerworld national correspondent. From rforno at infowarrior.org Wed Sep 26 11:38:29 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Sep 2007 07:38:29 -0400 Subject: [Infowarrior] - FBI Reorganizes Effort to Uncover Terror Groups' Global Ties Message-ID: FBI Reorganizes Effort to Uncover Terror Groups' Global Ties By John Solomon Washington Post Staff Writer Wednesday, September 26, 2007; A05 http://www.washingtonpost.com/wp-dyn/content/article/2007/09/25/AR2007092502 291_pf.html The FBI has begun the most comprehensive realignments of its counterterrorism division in six years so it can better detect the growing global collaborations by terrorists and dismantle larger terrorist enterprises, according to senior bureau officials. The bureau will merge its two international terrorism units -- one for Osama bin Laden's followers and the other for more established groups such as Hezbollah -- into a new structure that borrows both from Britain's MI5 domestic intelligence agency and the bureau's own successful efforts against organized-crime families, Joseph Billy Jr., the FBI's assistant director for counterterrorism, said in an interview. The new approach is meant to channel raw intelligence and threat information through "desk officers" with expertise on specific world regions or terrorist groups, allowing those experts to spot trends and set investigative strategies for field agents and joint terrorism task forces that collaborate with local law enforcement, Billy said. That change emulates some aspects of Britain's MI5, which bureau critics and members of the Sept. 11 commission have frequently cited as a model for fighting domestic terrorism. "We want to place these people together so the intelligence is being shared across each way -- left, right, up and down -- and that, in turn, will help drive the tactical aspect of how we focus our resources," Billy said. Borrowing from its mob-busting strategies in the 1980s, the bureau will encourage counterterrorism agents to forgo immediate arrests when an imminent threat is not present, allowing the surveillance of terrorism suspects to last longer. The aim is to identify collaborators, facilitators and sympathizers who increasingly span across multiple groups and countries, Billy said. "We want to be in a position where we have [threats in] not only one area of the country identified but have the entire picture that may be taking place throughout the United States identified and . . . strategically focus our resources in a way that would give us the better chance of dismantling a group, as opposed to only identifying one aspect of a much larger threat," Billy said. Counterterrorism agents were told about the changes in a closed-door meeting at headquarters last week, but no public announcement has been made. FBI officials hope to complete the realignments by year's end, but they acknowledge that many details remain to be worked out. The changes have been driven partly by a growing number of FBI cases involving self-styled terrorist cells inside the United States that were inspired by al-Qaeda and bin Laden but receive support, advice or encouragement from disparate sympathizers across the globe, making group allegiances far less important. "You don't want to limit yourself to just assuming that one person who is a member of a certain terrorist group won't particularly try to recruit or bring into the fold others overseas," Billy said. FBI Director Robert S. Mueller III plans to cite examples of such transnational collaboration in a speech on Friday in New York, mentioning the connections between two men in Georgia charged with terrorism support, 17 suspects rounded up in Canada in a bombing plot, and terrorist investigations in Britain, Denmark and Bangladesh. The defendants' ethnicities are diverse, including Somali, Egyptian, Jamaican and Trinidadian, officials said. Officials said these suspects were linked by a lengthy investigation involving U.S. allies -- dubbed Northern Exposure -- that tested the FBI's ability to keep collecting intelligence beyond the traditional point when arrests might have been made in the past. The effort required diplomacy with cooperating countries that became concerned that the terrorist cells might be moving toward an operational phase. A meeting was held last winter among international law enforcement agencies to decide when arrests should be made in each country and how to keep surveillance going, officials said. Other recent cases have also produced evidence of terrorist groups transcending borders and group affiliations. Sheik Mohammed Ali Hassan al-Moayad, a Yemeni cleric, was recently sentenced to 75 years in prison on charges that included conspiring to support both al-Qaeda and the Palestinian group Hamas. The cleric was caught in 2003 when FBI informants met with al-Moayad in Germany and secretly recorded him promising to arrange money for both groups. An FBI affidavit detailed how the sheik moved easily between Hamas and al-Qaeda circles, including meeting bin Laden. David Laufman, a former Justice Department lawyer who prosecuted several of the government's major terrorism cases since the 2001 attacks, said in an interview: "The Internet has become the most significant recruiting device for multinational sources of Jihadist talent. It cuts across nationalities and ethnicities." But Laufman, who is now in private practice, cautioned that the FBI reorganization must "overcome the agent culture of the bureau" and allow intelligence analysts to drive the case agents, much like MI5's domestic intelligence, which drives the investigations of Scotland Yard in Britain. "The key to making this successful is to build a first-class analytical cadre, give counterterrorism analysts equivalent stature to agents in the FBI's counterterrorism culture, and create an environment where analysts and agents continuously and seamlessly work together to identify relationships, sources of funding and operational plotting," Laufman said. Experts said the bureau's future success also depends on attracting more Arabic speakers and intelligence analysts, and keeping them long enough to develop deep subject expertise. The concern that case agents -- rather than intelligence analysts -- dominate the bureau's anti-terrorism strategy too much has been widely debated. Democratic presidential candidate John Edwards proposed during his 2004 campaign the creation of an MI5-like agency to supplant the FBI's domestic intelligence work. Likewise, the federal commission that reviewed pre-Sept. 11 intelligence failures closely studied MI5's operation but stopped short of recommending it as a solution. Richard Ben-Veniste, a member of that commission, welcomed the FBI's plan to develop the subject expertise of MI5-like desk officers and to use prolonged surveillance. "This change makes a lot of sense to me. It's been some time coming but welcome news," Ben-Veniste said. "One of the criticisms of the FBI in the past has been that it has moved too quickly to make arrests, rather than develop information." From rforno at infowarrior.org Wed Sep 26 13:13:25 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Sep 2007 09:13:25 -0400 Subject: [Infowarrior] - Police Blotter: Warrantless eavesdropping rejected Message-ID: Police Blotter: Warrantless eavesdropping rejected Federal judge denies Justice Department's request to record parts of phone calls sans a wiretap order, concluding it violates the 4th Amendment. By Declan McCullagh Staff Writer, CNET News.com Published: September 26, 2007, 5:00 AM PDT http://www.news.com/Police-Blotter-Warrantless-eavesdropping-rejected/2100-1 036_3-6210080.html?part=rss&tag=2547-1_3-0-20&subj=news What: Feds want to eavesdrop on touch tones pressed during phone calls--without obtaining a wiretap order first. When: U.S. Magistrate Judge Joan M. Azrack in the eastern district of New York rules on September 18. Outcome: Warrantless surveillance request rejected. The U.S. Department of Justice asserts it doesn't need to obtain a wiretap court order to listen to which touch tones are pressed when people are on the phone. Those touch tones may be revealing. To use industry lingo, "post-cut-through dialed digits" can represent sensitive information, such as voicemail passwords, bank account numbers, Social Security numbers, credit card numbers and prescription numbers. They can also include much less sensitive information, such as pressing a button to put someone on hold. At issue in this case is not whether the FBI can legally eavesdrop on a telephone conversation between two Americans. It can--if it obtains a wiretap order from a judge. But the Justice Department considers that too limiting. This is why federal prosecutors asked a judge for permission to record post-cut-through dialed digits (PCTDDs) without having to prove they have probable cause, meaning actual evidence of criminal activity. Instead, prosecutors say, all they should need to claim is that the PCTDD information is somehow "relevant" to a criminal investigation. Unfortunately, federal law is no model of clarity. It was written in 1986, long before automated systems became as popular as they are today. The original definitions seem to refer to touch tones pressed to make the call--not ones that pressed after the call is in progress. The Patriot Act of 2001 updated the so-called pen register law to cover wireless technology and added that information obtained without a proper wiretap order "shall not include the contents of any communication." Other possibly conflicting language can be found in the 1994 Communications Assistance for Law Enforcement Act. (Federal courts in Texas and Florida have, in a pair of cases last year, looked into whether PCTDDs can be obtained without a wiretap order. Both said a wiretap order was required.) U.S. Magistrate Judge Joan M. Azrack in New York held a secret hearing--only government attorneys were allowed to attend--on the topic on December 13, 2006. She initially denied prosecutors' request for the touch tones pressed after the call was made. The Justice Department asked Azrack to reconsider, which she last week did in a more extensive opinion. In last week's opinion, Azrack said both federal law and the Fourth Amendment require her to reject prosecutors' request: "Despite the investigative benefit which would come from access to all PCTDD, the government cannot bootstrap the content of communications, protected by the Fourth Amendment, into the grasp of a device authorized only to collect call-identifying information. Until the government can separate PCTDD that do not contain content from those that do, pen register authorization is insufficient for the government to obtain any PCTDD." Translation: Get a proper wiretap order. Excerpts from Azrack's opinion: While individuals may not have a reasonable expectation of privacy in the numbers that they dial to connect a phone call, the content they communicate over a phone line in the form of PCTDD is different. Technology has transformed the way Americans use phone lines. Now, instead of a human operator, individuals are asked to relay information to a machine by way of PCTDD in order to process requests and obtain information. When this communication includes content, it is the functional equivalent of voice communication and is protected by Katz and its progeny as such. Moreover, the information that is often transmitted via PCTDD is often sensitive and personal. Bank account numbers, PIN numbers and passwords, prescription identification numbers, Social Security numbers, credit card numbers, and so on, all encompass the kind of information that an individual wants and reasonably expects to be kept private... "Courts judge the reasonableness of a search by balancing its intrusion on the individual's Fourth Amendment interests against its promotion of legitimate governmental interests." Cassidy v. Chertoff, 471 U.S. at 652-53. Thus, the level of intrusion is a factor to be considered when addressing constitutionality under the Fourth Amendment. Now on News.com Shining a light on solar power Caltech robot van ready to rumble Photos: 'Halo 3' fans initiate play Extra: Software takes aim at altered photos "(S)uspicionless searches...are highly disfavored since they dispense with the traditional rule that a search, if it is to be deemed reasonable, must be either supported by a warrant based on probable cause, or justified by evidence establishing individualized suspicion of criminal misconduct." United States v. Amerson, 483 F.3d 73, 77-78 (2d Cir.2007). Government installed pen registers were held to be permissible warrantless searches in Smith because, by their nature (their inability to collect content), they were minimally intrusive. Today's pen registers, as advocated by the government in the instant application, have the potential to be much more intrusive than when their constitutionality was first examined. The evolution of technology and the potential degree of intrusion changes the analysis. Courts have long struggled with issues concerning the application of the Fourth Amendment to new technologies. Here, modern technology in the form of automated telephone systems have changed the collection capabilities of pen registers. However, the change in technology does not alter the mandates of the Fourth Amendment. The content of private communications remains protected. To read the Constitution more narrowly is to ignore the role that PCTDD and automated telephone systems have come to play in private communication... I am sympathetic to the government's pleas of necessity. That there is no technology available that can sort content from noncontent is unfortunate, but it is not for this court to fashion a solution. Rather, this is an issue for Congress to address, particularly in light of sophisticated criminals who will soon be wise, if they are not already, to this investigative loophole... Because the government's request for access to all post-cut-through dialed digits is not clearly authorized by the Pen/Trap Statute, and because granting such a request would violate the Fourth Amendment, the government's application is denied. From rforno at infowarrior.org Wed Sep 26 17:12:01 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Sep 2007 13:12:01 -0400 Subject: [Infowarrior] - Apple sends takedown notice to iPod hacker's ISP Message-ID: Apple sends takedown notice to iPod hacker's ISP Posted Sep 25th 2007 11:15PM by Mike Schramm Filed under: Analysis / Opinion, iPod Family, Hacks, Apple Yesterday, Erica posted in her state of the iPod touch jailbreak that a hacker named "Martyn" had obtained a broken iPod touch, and was planning to dive in and download every bit of code on it in the increasingly complicated effort to put 3rd party applications on the iPod touch. He didn't plan to release the code to the public, but he did plan to upload the code to a secured area of his site in order to let the other touch hackers have a crack at it. But even before his upload finished, we're told, his ISP showed up, with a takedown notice in hand. Apple had somehow found his site, had contacted his ISP, and let them know that it would be against copyright law for him to upload that code to the Internet. Martyn isn't interested in breaking the law (and it would be illegal to share that code), so he pulled the page off. But what's amazing here is how fast Apple moved on this-- either they've got someone listening in on the development wiki, or they're taking cues from us on how things are going over there (hi, Apple!). Despite what we've heard before, clearly they are very, very interested in making sure the iPod touch doesn't get hacked. Martyn tells me, as has Erica, that Apple has clearly gone out of their way to keep hackers out of their latest iPod. We're also told that progress continues despite all that, but Apple is apparently bending over backwards to do everything they can to keep the iPod touch closed. http://www.tuaw.com/2007/09/25/apple-sends-takedown-notice-to-ipod-hackers-i sp/ From rforno at infowarrior.org Wed Sep 26 17:20:51 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Sep 2007 13:20:51 -0400 Subject: [Infowarrior] - Harvard lawyers slam the Harvard Coop Message-ID: Has Sense Flown the Coop? Published On Wednesday, September 26, 2007 2:07 AM By ANGELA KANG, JOHN G. PALFREY, JR., and WENDY M. SELTZER John G. Palfrey, Jr. ?94 is executive director of the Berkman Center for Internet and Society. Wendy M. Seltzer ?96 is a Fellow with the Berkman Center. Angela Kang is a second-year law student at Harvard Law School. ---- Last Tuesday, Jarret A. Zafran ?09 was reportedly asked to leave the Harvard Coop after recording the prices of six books required for his social studies junior tutorial. His story is not unique. Other bargain-hunting students have reported similar experiences. Most notably, on Thursday, the Coop called Cambridge police on ISBN-copying students gathering data for CrimsonReading.org, but the police refused to take action. Coop President Jerry P. Murphy told the Crimson that the Coop?s policy is to ?discourage people who are taking down a lot of notes? because textbook information is ?the Coop?s intellectual property.? The Crimson has also quoted Murphy as saying: ?We?ve gone to the trouble of collecting the intellectual property of the book lists [from the professors]... [a]nd we wanted to make sure that we?re not going to?my words?shoot ourselves in the foot in terms of how we give that information out. That?s a valuable asset to us.? We?re not sure what ?intellectual property? right the Coop has in mind, but it?s none that we recognize. Nor is it one that promotes the progress of science and useful arts, as copyright is intended to do. While intellectual property may have become the fashionable threat of late, even in the wake of the Recording Industry Association of America?s mass litigation campaign the catch-phrase?and the law?has its limits. Since the Coop?s managers don?t seem to have read the law books on their shelves, we?d like to offer them a little Copyright 101. Copyright law protects original works of authorship?the texts and images in those books on the shelves?but not facts or ideas. So while copyright law might prohibit students from dropping by with scanners, it doesn?t stop them from noting what books are on the shelf and how much they cost. The Supreme Court tells us that ?[t]he sine qua non of copyright is originality.? That?s why the compilers of a white-pages telephone directory lost their claims against a competitor who copied listings. The Coop neither authored the ISBN numbers on its books nor compiled them in an original selection or arrangement. From all accounts, the professors who create course reading lists are happy for students to have them. (Professors generally welcome anything that helps students to do their course assignments.) What about the prices that the Coop set and affixed to books? Copyright doesn?t protect the ?sweat of the brow? involved in compiling facts, either: ?[C]opyright rewards originality, not effort.? Nor does it give monopoly control of minimally expressive statements (for example, a book?s price) that ?merge? with the underlying idea (for example, its market value). A federal appeals court recently denied the New York Mercantile Exchange?s bid to protect its list of stock prices, saying that ?the market is an empirical reality, an economic fact about the world.? Locking competitors out from price comparison is not part of copyright?s aim. While some courts have protected the creativity of price estimates, they haven?t allowed companies to exclude others from learning market prices or catalog part numbers. CrimsonReading.org, which offers price comparisons built around the book lists gathered from professors and the Coop, furthers copyright?s goals of sharing access to information. Here, at least, the copyright law follows our intuitions. Access to ideas is a high priority in a democratic society. The Constitutional authorization to ?promote the progress of science,? leaves facts in the public domain, as do the statutes and cases interpreting them. Authors are given copyright incentives to induce them to share their works and the ideas in them with the public. We would expect an academic bookstore to appreciate that it too gains from authors? free access to the facts and ideas in the world around them. We recognize that the Coop can kick anyone they want out of its store?although even the Cambridge police seemed to think the Coop was taking things a bit too far. If they call again, the Coop?s managers might want to come up with a better reason than ?intellectual property? or risk marring the intellectual face of Harvard. And Harvard might want to re-think its relationship with an institution that seems to put its own profit margin ahead of its students? access to information. From rforno at infowarrior.org Thu Sep 27 00:29:53 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Sep 2007 20:29:53 -0400 Subject: [Infowarrior] - US video shows simulated hacker attack In-Reply-To: <1A80CDC44C7B6C428AB0959813EF546F03423DA4@KTCXMB01.ap.org> Message-ID: http://news.yahoo.com/s/ap/20070926/ap_on_re_us/hacking_the_grid_1 US video shows simulated hacker attack By TED BRIDIS and EILEEN SULLIVAN Associated Press Writers A government video shows the potential destruction caused by hackers seizing control of a crucial part of the U.S. electrical grid: an industrial turbine spinning wildly out of control until it becomes a smoking hulk and power shuts down. The video, produced for the Homeland Security Department and obtained by The Associated Press on Wednesday, was marked "Official Use Only." It shows commands quietly triggered by simulated hackers having such a violent reaction that the enormous turbine shudders as pieces fly apart and it belches black-and-white smoke. The video was produced for top U.S. policy makers by the Idaho National Laboratory, which has studied the little-understood risks to the specialized electronic equipment that operates power, water and chemical plants. Vice President Dick Cheney is among those who have watched the video, said one U.S. official, speaking on condition of anonymity because this official was not authorized to publicly discuss such high-level briefings. "They've taken a theoretical attack and they've shown in a very demonstrable way the impact you can have using cyber means and cyber techniques against this type of infrastructure," said Amit Yoran, former U.S. cybersecurity chief for the Bush administration. Yoran is chief executive for NetWitness Corp., which sells sophisticated network monitoring software. "It's so graphic," Yoran said. "Talking about bits and bytes doesn't have the same impact as seeing something catch fire." The electrical attack never actually happened. The recorded demonstration, called the "Aurora Generator Test," was conducted in March by government researchers investigating a dangerous vulnerability in computers at U.S. utility companies known as supervisory control and data acquisition systems. The programming flaw was quietly fixed, and equipment-makers urged utilities to take protective measures. There was no evidence any U.S. utility company suffered damage from hackers or terrorists using this technique, U.S. officials said. But these officials cautioned that affected systems are not routinely monitored as closely as many modern corporate computer networks, so there would be little forensic evidence to study after such a break-in. Industry experts cautioned that intruders would need specialized knowledge to carry out such attacks, including the ability to turn off warning systems. "The video is not a realistic representation of how the power system would operate," said Stan Johnson, a manager at the North American Electric Reliability Corp., the Princeton, N.J.-based organization charged with overseeing the power grid. A top Homeland Security Department official, Robert Jamison, said companies are working to limit such attacks. "Is this something we should be concerned about? Yes," said Jamison, who oversees the department's cybersecurity division. "But we've taken a lot of risk off the table." President Bush's top telecommunications advisers concluded years ago that an organization such as a foreign intelligence service or a well-funded terror group "could conduct a structured attack on the electric power grid electronically, with a high degree of anonymity, and without having to set foot in the target nation." Ominously, the Idaho National Laboratory - which produced the new video - has described the risk as "the invisible threat." Experts said the affected systems were not developed with security in mind. "What keeps your lights on are some very, very old technology," said Joe Weiss, a security expert who has testified before Congress about such threats. "If you can get access to these systems, you can conceptually cause them to do whatever it is you want them to do." The Homeland Security Department has been working with industries, especially electrical and nuclear companies, to enhance security measures. The electric industry is still working on their internal assessments and plans, but the nuclear sector has implemented its security measures at all its plants, the government said. In July the Federal Energy Regulatory Commission proposed a set of standards to help protect the country's bulk electric power supply system from cyber attacks. These standards would require certain users, owners and operators of power grids to establish plans and controls. From rforno at infowarrior.org Thu Sep 27 00:37:42 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Sep 2007 20:37:42 -0400 Subject: [Infowarrior] - 2 Patriot Act Provisions Ruled Unlawful Message-ID: 2 Patriot Act Provisions Ruled Unlawful By WILLIAM McCALL The Associated Press Wednesday, September 26, 2007; 8:03 PM http://www.washingtonpost.com/wp-dyn/content/article/2007/09/26/AR2007092602 084_pf.html PORTLAND, Ore. -- Two provisions of the USA Patriot Act are unconstitutional because they allow search warrants to be issued without a showing of probable cause, a federal judge ruled Wednesday. U.S. District Judge Ann Aiken ruled that the Foreign Intelligence Surveillance Act, as amended by the Patriot Act, "now permits the executive branch of government to conduct surveillance and searches of American citizens without satisfying the probable cause requirements of the Fourth Amendment." Portland attorney Brandon Mayfield sought the ruling in a lawsuit against the federal government after he was mistakenly linked by the FBI to the Madrid train bombings that killed 191 people in 2004. The federal government apologized and settled part of the lawsuit for $2 million after admitting a fingerprint was misread. But as part of the settlement, Mayfield retained the right to challenge parts of the Patriot Act, which greatly expanded the authority of law enforcers to investigate suspected acts of terrorism. Mayfield claimed that secret searches of his house and office under the Foreign Intelligence Surveillance Act violated the Fourth Amendment's guarantee against unreasonable search and seizure. Aiken agreed with Mayfield, repeatedly criticizing the government. "For over 200 years, this Nation has adhered to the rule of law _ with unparalleled success. A shift to a Nation based on extra-constitutional authority is prohibited, as well as ill-advised," she wrote. By asking her to dismiss Mayfield's lawsuit, the judge said, the U.S. attorney general's office was "asking this court to, in essence, amend the Bill of Rights, by giving it an interpretation that would deprive it of any real meaning. This court declines to do so." Elden Rosenthal, an attorney for Mayfield, issued a statement on his behalf praising the judge, saying she "has upheld both the tradition of judicial independence, and our nation's most cherished principle of the right to be secure in one's own home." Justice Department spokesman Peter Carr said the agency was reviewing the decision, and he declined to comment further. Mayfield, a Muslim convert, was taken into custody on May 6, 2004, because of a fingerprint found on a detonator at the scene of the Madrid bombing. The FBI said the print matched Mayfield's. He was released about two weeks later, and the FBI admitted it had erred in saying the fingerprints were his and later apologized to him. Before his arrest, the FBI put Mayfield under 24-hour surveillance, listened to his phone calls and surreptitiously searched his home and law office. The Mayfield case has been an embarrassment for the federal government. Last year, the Justice Department's internal watchdog faulted the FBI for sloppy work in mistakenly linking Mayfield to the Madrid bombings. That report said federal prosecutors and FBI agents had made inaccurate and ambiguous statements to a federal judge to get arrest and criminal search warrants against Mayfield. ? 2007 The Associated Press From rforno at infowarrior.org Thu Sep 27 00:43:53 2007 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Sep 2007 20:43:53 -0400 Subject: [Infowarrior] - Judge quashes RIAA subpoenas in campus file-sharing case Message-ID: Judge quashes RIAA subpoenas in campus file-sharing case By Nate Anderson | Published: September 26, 2007 - 03:41PM CT http://arstechnica.com/news.ars/post/20070926-judge-quashes-two-riaa-subpoen as-against-florida-students.html A Florida lawyer convinced a judge yesterday to quash several RIAA subpoenas directed against anonymous University of South Florida students. The subpoenas, which use the secretive ex parte discovery process, were shot down by the judge on narrow technical grounds that seem limited to this particular case. Still, attorney Michael Wasylik tells Ars that his victory still matters because it shows that RIAA attorneys "have to obey the rules" when they use the court system. Until this point, Interscope v. Does 1-40 has proceeded much like other cases against college students across the country. RIAA lawyers move on an aggressive schedule in such cases; this case was filed in June, subpoenas were authorized in July, were sent out immediately, and were due back by mid-August. Under ex parte discovery rules, the students aren't notified until after a subpoena has already been granted, giving them little time to contest the process. Unless they act quickly, the RIAA gets the identifying information it needs from the university in question, then usually dismisses the case and files individual suits against the students (whose identities it now knows). It's an aggressive strategy, and as Wasylik points out, is one built on speed and stealth. In this case, the suit was filed after school had ended for the summer, and the subpoena information was requested before students returned. Once the university received the subpoenas in July, it did attempt to forward them to the students' summer addresses. Not all addresses were correct or up to date, though, and at least one student was traveling in Europe and could not be reached by his agitated parents, who received the letter. The upshot: Wasylik represented only two of the 40 students in court, and the judge's decision to quash the subpoenas applies only to them. The other 38 defendants have already had their information released. These defendants might not even have known about the case until they arrived back at school to a nasty surprise. Several similar motions to quash this form of subpoena have been filed in cases across the country, but this is the first to be decided. It's a "crack in the dam, a flaw in the armor," Wasylik tells Ars, but he fully expects the RIAA to fix the technical service errors and try again (the judge did not quash the subpoenas on material grounds, even though Wasylik made several such arguments). To him, though, it's encouraging to see that the RIAA can be beaten, that it does make mistakes. It also provides a roadmap for attorneys in similar cases to follow. The RIAA wins default judgments in most of its cases after defendants never show up; many other defendants also settle rather than face court. Opposing them at key points in litigation, though, can be effective, in Wasylik's view. Not even the RIAA can afford to fully litigate the more than 20,000 suits it has filed to date. If enough defendants fight back, the group might need to change tactics, especially if it has to keep paying attorneys' fees. From rforno at infowarrior.org Fri Sep 28 00:44:19 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Sep 2007 20:44:19 -0400 Subject: [Infowarrior] - Officials: PR campaign may boost Real ID popularity Message-ID: Officials say PR campaign may boost Real ID popularity By Anne Broache http://www.news.com/Officials-say-PR-campaign-may-boost-Real-ID-popularity/2 100-1029_3-6209786.html Story last modified Tue Sep 25 05:44:38 PDT 2007 WASHINGTON--As controversy rages over forthcoming federal Real ID requirements, state officials should be plotting public relations strategies to counteract the well-publicized rebellion, past and present state motor vehicle administrators advised their colleagues Monday. Civil liberties and privacy groups, as well as organizations like the National Governors Association, have attacked the 2005 law as insufficiently protective of privacy and too costly to implement. But that's exactly the sort of message motor vehicle departments need to offset with their own materials trumpeting the plan's perceived benefits, suggested Lucinda Babers, interim director of the District of Columbia DMV, and Betty Serian, a retired Pennsylvania Department of Transportation official who now runs a private consulting firm. "I think it's a classical textbook case of good communications planning, knowing who your audience is, and working that into your implementation plan for Real ID," Serian said during a panel discussion on the first day of the Government ID Technology Summit here. About 100 state and federal officials and representatives from technology vendors were in attendance at the conference, whose lead sponsor was Digimarc, a company that specializes in "secure identity and media management solutions." The Department of Homeland Security plans to issue final rules in the fall, but draft rules say that starting on May 11, 2008, Americans will need a federally approved, "machine readable" ID card to travel on an airplane, open a bank account, collect Social Security payments or take advantage of nearly any government service. (States that agree in advance to abide by the rules have until 2013 to comply.) Largely because of the undertaking's projected cost and what they view as insufficient federal funding to meet it, more than 30 states have either introduced or adopted some type of legislation or resolution that rejects or criticizes Congress's Real ID mandate, which is derived from 9/11 Commission recommendations. But even those states that fall into the anti-Real ID category should be thinking about how to make their residents feel happier about the requirements, the conference speakers said. Sample messages could include, according to Serian: "It's an improvement to your existing process, it's a way to do the right things for the right reason, it will help prevent identity theft." (Serian said she is "active" with the American Association of Motor Vehicle Administrators and was once the chairwoman of its special task force on identification security.) The identity-theft defense is a familiar one. Homeland Security Secretary Michael Chertoff has argued that a Real ID-compliant document will be harder to forge than existing driver's licenses and other state-issued identification cards because DMV administrators will be required to verify the authenticity of birth certificates and other pertinent identity documents against new databases. Opponents, however, argue that unless stricter security requirements are imposed, it won't be difficult for people to swipe personal information from the cards' requisite two-dimensional bar code and use it for unintended purposes. "Try to get that positive message out about what it can do for us," Babers said. "What this seems to be doing for us is getting us all up to a certain level in terms of technology and processes." Despite uncertainty about how the rules will look, Serian said "the time is definitely now" for states to strategize over how they'll persuade the public that Real ID isn't a threat. Motor vehicle departments could use the pool of addresses already available to them to send out direct mailings with such assurances, she said. Babers suggested that voluntary e-mail lists that some DMVs already use for periodic alerts could be another method. Another potential vehicle is through public service announcements aired in a continuous loop at DMV locations, where a captive audience of customers has little choice but to watch. To reach an even wider audience, Serian suggested DMVs also consider using some of the federal taxpayer-funded grants set aside for Real ID--which many states argue are inadequate--to take out paid advertising. She and Babers said states may also want to approach vendors of the technology they plan to use to come into Real ID compliance for help. But such a marketing campaign may be less than realistic given the current funding climate for many states, countered one audience member who said he represented the Rhode Island Department of Motor Vehicles. He said his state's initial cost estimate for getting the program up and running is $12 million, and the state already is expecting a $200 to $300 million deficit. Homeland Security projects the cost of Real ID for states and taxpayers over the next 10 years will surpass $23 billion. "Your mailing list isn't going to be free," the audience member said. "You're going to have to prepare the document, mail it out, that's a million dollars if you're a state of a million people, which we are." Copyright ?1995-2007 CNET Networks, Inc. All rights reserved. From rforno at infowarrior.org Fri Sep 28 02:37:55 2007 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Sep 2007 22:37:55 -0400 Subject: [Infowarrior] - Why Microsoft must abandon Vista to save itself Message-ID: September 26, 2007 9:05 AM PDT Why Microsoft must abandon Vista to save itself Posted by Don Reisinger Windows Vista http://blogs.cnet.com/8301-13506_1-9785337-17.html?tag=blg.orig While Vista was originally touted by Microsoft as the operating system savior we've all been waiting for, it has turned out to be one of the biggest blunders in technology. With a host of issues that are inexcusable and features that are taken from the Mac OS X and Linux playbook, Microsoft has once again lost sight of what we really want. As we're more than aware, Vista Ultimate comes at a premium. For an additional $160 over the Premium SKU price, Ultimate gives you a complete backup and restore option, BitLocker Drive encryption, the ever so popular Windows Fax & Scan, and the "Ultimate Extras." But what started with a promise of "Extras" by summer, quickly turned into an apology from Microsoft and the eventual release of DreamScene and Windows Hold 'Em (among others) today. And while each of the "Extras" runs just fine, Microsoft's "Extras" blunder is just another reason why the company must abandon Vista before it's too late. The first indication that Microsoft should abandon Vista is its poor sales figures. According to a recent report titled "Windows Vista Still Underperforming in U.S. Retail" from NPD, Vista sales are significantly behind XP sales during its early days. Even worse for Redmond, some are reverting to XP, citing issues with compatibility and overall design. And if that wasn't enough, Macs continue to surge and with the impending release of Leopard, Microsoft may be in for a rough holiday season. With each passing day, it's becoming blatantly clear that Microsoft released Vista too early and the company's continual mistakes and promises that can't be kept are further annoying the Windows faithful. Much talk has been given to Service Pack 1 and how this update should address many of the issues users have with Vista, but I simply don't agree. Will SP1 eliminate the ridiculous Microsoft licensing schemes? Will SP1 drop the price on the higher-end versions? Will SP1 eliminate the need for users to buy a new computer just to use the faulty OS? SP1 will do nothing but fix the holes and issues we currently know about and create even more. As we all know from the days of Windows ME and even XP, Microsoft is not the best company at finding and addressing security issues, and chances are, Vista will be no different. One significant problem that I have with Vista is its inclusion of new DRM, specifically the company's decision to install Protected Video Path. To prevent a person from copying (or in most cases, backing up) a movie, the operating system provides process isolation and if an unverified component is in use, the operating system shuts down DRM content. For the first time on any operating system, we're not even allowed to backup our favorite movies? Come on. I also find it interesting that Microsoft decided to take the user access control concept from Mac OS X and make it much worse. Can someone please explain to me why I need to be asked if I wanted to do something entirely innocuous like open a third-party app from a well-known software company? Never before have I seen such an abysmal start to an operating system release. For almost a year, people have been adopting Vista and becoming incensed by how poorly it operates. Not only does it cost too much, it requires more to run than XP, there is still poor driver support, and that draconian licensing scheme is a by-product of Microsoft picking on the wrong people. The road ahead looks dangerous for Vista and Microsoft must realize that. With Mac OS X hot on its tail, Vista is simply not capable of competing at an OS level with some of the best software around. If Microsoft continues down this path, it will be Vista that will bring the software giant to its knees--not Bill Gates' departure. Of course, categorically dumping an operating system is quite difficult and with millions already using the OS, chances are Microsoft won't find a good enough reason to do it. And while I can understand that argument, there's no reason the company can't continue to support Vista and go back to the drawing board for its next OS. Even better, go back to XP--it's not nearly as bad as Vista. As a daily user of Mac OS X, Ubuntu and Vista, I'm keenly aware of what works and what doesn't. Mac and Linux work. The time is up. Microsoft must abandon Vista and move on. It's the company's only chance at redemption. Originally posted at The Digital Home. From rforno at infowarrior.org Fri Sep 28 23:40:26 2007 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Sep 2007 19:40:26 -0400 Subject: [Infowarrior] - Burmese Government Clamps Down on Internet Message-ID: Burmese Government Clamps Down on Internet By Mike Nizza http://thelede.blogs.nytimes.com/2007/09/28/burmese-government-clamps-down-o n-internet/index.html Update, 4:03 p.m. Eastern The White House is not buying that technical difficulties caused the internet shutdown in Myanmar today. ?They don?t want the world to see what is going on there,? said Scott Stanzel, a spokesman. In other signs of a government campaign to extinguish media coverage, a witness told The Irrawaddy that soldiers were ?singling out people with cameras? today. Also, a report from Irrawaddy says ?trucks loaded with troops raided the offices of Burma?s main Internet service provider.? Update, 12:38 p.m. Eastern The rulers of Burma are learning once again how hard it is to keep secrets. A video showing the shooting of Kenji Nagai, the Japanese photographer who died yesterday in Yangon, was broadcast on Japanese television and posted to YouTube. The Times of London describes the implications: The footage, say Japanese experts, squarely contradicts the official Burmese explanation of Nagai?s death ? that he was killed by a ?stray bullet?. In the few seconds before he was killed, Nagai appeared to being filming the Burmese military as it faced down the crowd. One of the soldiers seems to spot him doing so, and launches his deadly response. Masahiko Komura, Japan?s Foreign Minister, said that the footage appeared to show that Nagai was slain deliberately by Burmese troops as they charged on a crowd of civilians. The government has dispatched the deputy foreign minister to Burma to establish the truth behind Nagai?s death. The video, which repeats the potentially disturbing shooting during the course of a news segment, is available here. First Post Today, 9:38 p.m. Eastern Burmese bloggers are now reporting that they are running into significant hurdles to getting the word out on the government?s crackdown. ?Burma is blacked out now!,? one blogger announced from Yangon, the country?s main city. More details from the post: Internet cafes were closed down. Both MPT ISP and Myanmar Teleport ISP cut down internet access in Yangon and Mandalay since this morning. The Junta try to prevent more videos, photographs and information about their violent crackdown getting out. I got a news from my friends that last night some militray guys searched office computers from Traders and Sakura Tower building. Most of the downtown movement photos were took from office rooms of those high buildings. GSM phone lines and some land lines were also cut out and very diffficult to contact even in local. GSM short message sending service is not working also. As protests built to more than 100,000, the government apparently allowed internal reports until three days into the crackdown, raising fears that it planned to intensify measures that left 9 dead on Thursday. burmaProtests today in Yangon, Myanmar. (Photo: Reuters) It also had immediate effects on the information flow out of the country. ?Exile groups and human rights organizations who are in touch with people inside Myanmar said they had less news today than before about clashes,? Seth Mydans of The New York Times reported from Bangkok. A blogger we wrote about on Thursday, Ko Htike, is also having major problems because of the internet cuts, losing the ability to put out a major part of his reporting so far. He said he?s not ?able to feed in pictures of the brutality by the brutal Burmese military junta,? but he still hoped to find ?other means.? He also seemed sick of all the attention he?s been receiving lately from The Lede and other news outlets: (Journos!! please don?t ask me what other means would be??). I will continue to live with the motto that ?if there is a will there is a way?. Michelle Malkin brings more bad news for Burmese bloggers: Several popular dissident blogs had already gone dark the past few days before the ?damaged underwater cable? shut down Internet accesss. The fate of one prolific Burmese blogger, Moezack, is unknown. The entire blog has been wiped. The government?s explanation, according to an official interviewed by Agence France-Presse, blames an extraordinarily timed bout with technical difficulties. ?The Internet is not working because the underwater cable is damaged,? the official said. Still, several sources from inside Burma continued to provide frequent updates; you can find them on several sites we mentioned on Thursday and Cbox, which is aggregating developments in matter-of-fact bulletins that paint vivid, scary pictures. ?The Police Station at South-Okkalarpa is being burnt down,? one entry says. More Web sites are referred by an anonymous Burmese blogger writing to Global Voices today. The post carries more fears of the price the bloggers may pay for trying to document the uprising: Information flow out of the country has been strictly monitored and even the amateur photographers are warned to be very careful as the Junta is hunting down the sources. * Link * From rforno at infowarrior.org Sat Sep 29 14:36:48 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Sep 2007 10:36:48 -0400 Subject: [Infowarrior] - AOL Instant Messaging Client Vulnerable to Exploitation Message-ID: AOL Instant Messaging Client Vulnerable to Exploitation, Uninstall It Now By Ryan Singel EmailSeptember 27, 2007 | http://blog.wired.com/27bstroke6/2007/09/aol-instant-mes.html AOL's Instant Messaging software, both old and the new beta, contains a security hole that lets anyone who sends you a message to run arbitrary commands and exploit Internet Explorer without the user having to do anything, according to Ryan Naraine at Zero Day. The hole, first reported to AOL more than a month ago, will not be fixed until the middle of October for the millions of people using AOL's AIM client. AOL claims that the vulnerability, which allows a remote attacker to launch executable code without any user action, has been patched in the latest beta client but, as I?ve confirmed in a test with security researcher Aviv Raff (see screenshot below), fully patched versions of the beta is still wide open to a nasty worm attack. Production copies of the software, which sits on tens of millions of desktops around the world, are also unpatched. Anyone running the software should uninstall it and use an alternative, such as a web-based client such as Meebo or a third-party IM client such as Trillian or Pidgin to use an AIM account. Update: Apple iChat is not vulnerable (thanks to that lower case i in its name, I presume). Despite AOL?s claim, AIM worm hole still wide open ZDNET's Zero Day blog From rforno at infowarrior.org Sat Sep 29 14:37:49 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Sep 2007 10:37:49 -0400 Subject: [Infowarrior] - DHS Official Blog Message-ID: This journal is sponsored by the U.S. Department of Homeland Security to provide a forum to talk about our work protecting the American people, building an effective emergency preparedness and response capability, enforcing immigration laws, and promoting economic prosperity. http://www.dhs.gov/journal/leadership/ From rforno at infowarrior.org Sat Sep 29 14:40:19 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Sep 2007 10:40:19 -0400 Subject: [Infowarrior] - Ted Stevens at it again... In-Reply-To: Message-ID: "Bridge To Nowhere" Senator Now Wants $84M Experimental Ferry For Island With 40 People USA Today | September 29, 2007 12:53 AM Sen. Ted Stevens, who championed $452 million in federal funding for Alaska's notorious "bridges to nowhere," has directed the Navy to build an experimental ferry it once rejected to serve a little-used port in a remote area of his home state. The high-speed ferry will connect Anchorage to Port MacKenzie in the Matanuska-Susitna Borough at an estimated cost to taxpayers of $84 million. The project follows the same route as one of the two "bridges to nowhere," which the non-partisan Taxpayers for Common Sense and others spotlighted in 2005 as examples of wasteful projects promoted by members of Congress that benefit few people. http://www.huffingtonpost.com/2007/09/29/bridge-to-nowhere-senat_n_66411.htm l From rforno at infowarrior.org Sat Sep 29 14:41:21 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Sep 2007 10:41:21 -0400 Subject: [Infowarrior] - Report Suggests RIAA's Lawsuit-Happy Strategy Still Not Working Message-ID: Report Suggests RIAA's Lawsuit-Happy Strategy Still Not Working http://techdirt.com/articles/20070928/124523.shtml Marginal Revolution links to a new paper by economist Stan Liebowitz on the economic effects of file sharing on the recording industry. It's a response to an earlier paper that argued peer-to-peer file sharing has had little impact on CD sales. Leibowitz digs into the arguments and finds a number of problems. For example, one of the arguments in the original paper depends on the assumption that college kids use peer-to-peer networks less during the summer than during the school year. Unfortunately, Liebowitz presents data suggesting that's not true: in two of the three years they studied, file-sharing activity was actually slightly higher in the summer than the rest of the year. Liebowitz also faults the authors for failing to release their full datasets; he says he was unable to replicate several of their results using publicly available data. In the end, Liebowitz makes a pretty convincing case that file-sharing technologies are hurting the recording industry: industry revenues in the United States fell by a third from 1999 to 2005. Of course, Liebowitz's data also suggests that the RIAA's current strategy of suing everyone in sight?which they launched in 2003?isn't working so well either: revenues continued to fall between 2003 and 2005. They've tried suing technologists and suing customers, and neither has saved them. Maybe it's time they tried some more creative approaches that don't involve hiring lots of lawyers. It's also worth noting that neither study looks at trends in the overall music industry, which includes not just CD sales but concerts, T-shirt sales, sponsorship contracts, musical instruments, music lessons, and so forth. These are all important part of the music industry, and some of them have been doing quite well lately. As people use peer-to-peer networks to discover more music they love, they're likely to be inspired to spend more money on these other music-related products and services. As long as plenty of good music is being created and listened to, then the copyright system is working the way it's supposed to, even if the people who ship little plastic discs around the country aren't making as much money as they used to. From rforno at infowarrior.org Sat Sep 29 14:42:34 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Sep 2007 10:42:34 -0400 Subject: [Infowarrior] - Windows XP repair disk kills automatic updates Message-ID: Windows XP repair disk kills automatic updates Critics speak out of both sides of mouths By Dan Goodin in San Francisco ? More by this author Published Saturday 29th September 2007 00:04 GMT http://www.theregister.co.uk/2007/09/29/windows_update_flap/ Comment A commonly used method for repairing Windows computers can disable the automatic installation of Microsoft updates, or patches, it was revealed this week. The company is getting a kicking from critics for this - the same people who slammed the company two weeks ago when Microsoft forced a Windows patch on users who had turned off automatic updates. They have a point, but their latest tirades also show them speaking out of both sides of their mouths. Two weeks ago, they rightfully said how misguided it was when, in July, Microsoft issued a patch that automatically installed itself even when Windows users specifically opted out of automatic updates. The issue boiled down to control, and since the PC belonged to the end user, it was the end user who should ultimately decide what software runs on it. Beyond that bedrock principle, many IT administrators also said that forcing installs without a company's consent or knowledge could jeopardize compliance requirements since as they could no longer affirm they were in complete control of machines storing patient records and other sensitive types of data. Hatch, patch, match, dispatch Microsoft eventually explained that the forced update concerned Windows Update itself, and as such, was installed on machines that were configured to keep track of new patches, even if the user had opted not to have them automatically applied. Failure to patch Windows Update would prevent it from working reliably, Microsoft said. Redmond also admitted it could have been more transparent, meaning it should have explicitly explained that unless a user completely shuts down Windows Update (and not for instance sets it to download updates and install them later) certain files related to Windows Update will automatically change from time to time. That seemed like the end of the debate, but it wasn't. The latest friction came after a post here by Scott Dunn and a piece here by Adrian Kingsley-Hughes pointed out that users who used the repair option from a Windows XP CD-ROM were no longer able to install Windows updates, putting them at considerable risk for Worms and other types of malware. It turns out the repair disk - which is often used to roll back a corrupted version of Windows an earlier, undamaged state - unregisters some of the files that were installed in the Windows Update update, and in doing so, prevents Windows Update from working at all. This, they suggested, was proof positive that the forced update from July, which by dint of its version number was branded 7.0.600.381, was nefarious after all. "Now that we know that version .381 prevents a repaired instance of XP from getting critical patches, 'harmless' no longer describes the situation," Dunn writes. "The crippling of Windows Update illustrates why many computer professionals demand to review updates for software conflicts before widely installing upgrades." Rather than raise red herrings about stealth updates, we should recognize the true fault here, which is that repair disks break Windows Update, something that should never, ever happen. Latest fix In a blog post here, Microsoft's Nate Clinton says the company has issued a KB article to restore Windows Update after it becomes disabled. Now that Microsoft has recognized the problem and issued a fix, it needs to redouble its efforts to make sure Windows Update never again disabled. But it's inconsistent for critics to take Microsoft to task for pushing an update that was necessary for the continued smooth running of Windows Update and then gripe when the update gets undone by a repair disk. Microsoft's lack of transparency - although a problem - wasn't at issue here so much as a needed change in Windows Update that could be undone by an officially sanctioned utility that many Windows admins rely on. As the linchpin for a securely running machine, Windows Update will inevitably have to be updated from time to time. Here's hoping Microsoft provides better notice in the future - and that users heed common sense when told to install it. ? From rforno at infowarrior.org Sat Sep 29 20:17:19 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Sep 2007 16:17:19 -0400 Subject: [Infowarrior] - What's So Precious About Bad Software? Message-ID: What's So Precious About Bad Software? August 24, 2007 By Carla Schroder Carla Schroder http://www.enterprisenetworkingplanet.com/netos/article.php/3696296 Opinion: What's the real reason for closed, proprietary code? Embarrassment. Sure, we are drowned in tides of twaddle about precious IP, Trade Sekkrits, Sooper Original Algorithms that must not be exposed to eyes of mere mortals, and all manner of silly excuses. But that's all a smokescreen to cover up the real reason: to hide code of such poor quality that even PHBs know to be embarrassed. Exhibit A: Windows itself. Which proves it takes more than throwing billions of dollars and thousands of programmers at a software project to build something that is actually good. Diebold, Champion of Ugly Bad Code There is a good ugly code and there is bad ugly code. Good ugly code is not "elegant", whatever that means, but it works well and isn't full of holes. Diebold is the poster child for bad ugly code, which they have fought mightily to conceal under the tattered "trade secrets" excuse. As if- they were shipping shoddy code, and they knew it. I wonder where they got the idea that no one would notice, because hiding the code doesn't hide what it does. Samsung's Excellent Rootkit Number three on our hit parade is Samsung's infamous binary Linux printer driver. Oh, that one's a knee-slapper. The installer? I am not making this up?changes the permissions on key Linux system directories, and replaces a batch of executables with setuid wrapper scripts. setuid means ordinary unprivileged users can run these executables with rootly powers. So installing the Samsung printer driver comes with a fun double whammy: screwed-up permissions and local privilege escalation! Yay! Now that's some compact coding. I had to see this one for myself, so I downloaded their Unified Linux Driver and took a peek in install.sh, which fortunately is a nice human-readable shell script. This is but a representative snippet of the badness therein: wrap_setuid_third_party_application xsane wrap_setuid_third_party_application xscanimage wrap_setuid_ooo_application soffice wrap_setuid_ooo_application swriter wrap_setuid_ooo_application simpress wrap_setuid_ooo_application scalc So OpenOffice and your scanner tools launch with root privileges for ordinary users without asking for a password. In effect, it's a built-in rootkit. But that's not all. It also changes the owner on /etc, /usr, /etc/sane.d/, /usr/lib/, and /usr/lib/sane/ to an unprivileged user instead of root. That is some seriously perverse ingenuity. Yes I know, this isn't exactly an example of bad closed source because anyone can read the installer script. But if they're this incompetent with a shell script, what does the driver code look like? Note also that this was reported repeatedly to Samsung, with no fix until it hit Slashdot. System BIOS The x86 PC BIOS is a relic of a bygone era. You'd think something this tiny would be easy to continually improve and modernize. But no, not at all. Even on our shiny powerful modern hardware, the typical closed, proprietary (and buggy and inflexible) BIOS thinks it's still supporting MS-DOS, probes hardware, loads drivers, scans for bootable devices, initializes memory, and allocates interrupts. Then, at last, it starts up the operating system which ignores everything the BIOS did and starts over (both Linux and Windows do this). A number of Linux distributions are investing resources in improving boot times, but the BIOS alone accounts for 30-60 (mostly wasted) seconds of boot time. Contrast this with the OpenBIOS project, which takes a different approach. OpenBIOS assumes the operating system is going to do the work, so all the BIOS needs to do is get the machine to a state where the OS can take over. The Linux kernel is a lot faster at detecting hardware and loading drivers; it doesn't need an antique moldy BIOS getting in the way. We don't need to see inside that little bit of code to know that it isn't pretty- the way it functions speaks for itself. OpenBIOS is already being used in a number of projects, such as the LinuxBIOS, which is amazing and impressing all kinds of people with 3-second boots and unlimited customizability. Moldy Binaries Way too many of the closed-source applications and drivers for Linux don't even try to keep up. NoMachine's Linux server and client, for one example, rely on an ancient version of libstdc++ that sends you wandering all over Google trying to locate a copy of it. Most printer vendors don't even try: Given a choice between vendor-supplied drivers and reverse-engineered CUPS drivers, you're almost always better off with the CUPS drivers. Which is pretty amazing considering how few of these have any sort of vendor support. Closed-to-Open Horrors When the Netscape browser code was opened up and flung upon an eager world, it nearly caused a pandemic of heart failures because of its blue-ribbon spaghettiness. The majority of the work in the early years of the Mozilla project was cleaning up the mess. Same story for OpenOffice, which is descended from StarOffice. StarOffice was originally this giant monolithic blob; a self-contained little universe that barely needed an operating system, because it contained its own working environment. Poor old OpenOffice has been struggling for years to get out from under this unwieldy architecture. Naturally there are examples of both good and awful code in both the closed- and open-source universes. I'm just not buying into the "protect our preciouss IP" excuse because it is so overused. What's so precious about bad software? From rforno at infowarrior.org Sun Sep 30 02:30:55 2007 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Sep 2007 22:30:55 -0400 Subject: [Infowarrior] - Protecting the Wiretappers Message-ID: This article can be found on the web at http://www.thenation.com/doc/20071015/huq Protecting the Wiretappers by AZIZ HUQ [posted online on September 27, 2007] Bowing to White House pressure, Congress passed the 2007 Protect America Act in August, eviscerating any meaningful checks and balances on a sweeping range of governmental surveillance. Now that it has protected telecommunications giants from all future liabilities, the Administration is demanding they be granted amnesty from legal liability forpast complicity in spying on ordinary Americans. The professed reasons for protecting commmunications giants from liability in secret wiretapping are no less disingenuous now than they were when these rightfully defeated provisions were first proposed after 9/11. Rather than promoting security, the push for telecom amnesty furthers the larger ideological ambitions of the Bush Administration: expanding government power while choking off accountability for the way that power is used. Director of National Intelligence Michael McConnell and his allies offer four main arguments in support of the amnesty proposals, each more vacuous than the next. First, McConnell argues that lawsuits could "bankrupt" the companies. If McConnell is to be believed, we must choose between our civil liberties and our cell phones. But his claim is not credible. At best, such lawsuits would face a long and torturous path to any money judgment, including multiple trips to the US Supreme Court. This path will take years to travel, with the odds stacked against a loss for the telecoms. Perhaps the best indicator of the fiscal hit the telecoms are likely to take from those lawsuits is the stock market itself--and the evidence there scotches McConnell's claim. Just one day after the Electronic Freedom Foundation filed a class-action suit against AT&T for complicity in the government's privacy invasions, the company's stock rose to 50 cents above its pre-lawsuit closing price (from $26.05 the day before the suit was filed to $26.55 one day after). And when AT&T's motion to dismiss the case was denied, the price fell 17 cents, to $27.30. Clearly, the market is not impressed by the suits' potential for bankrupting anyone. Second, intelligence sources have told Newsweek that they are in "near panic" that telecoms will be "forced to terminate their cooperation" with the NSA for fear of liability. This might surprise the White House--since it has already immunized the telecoms from liability for their cooperation moving forward. Simply put, telecoms already have amnesty for what they do in the future. Third, amnesty proponents turn to the familiar tactics of fear: they argue that permitting lawsuits against telecoms to proceed will irrevocably undermine America's safety by revealing our classified means of electronic intelligence-gathering to the world. This is yet another specious contention. Courts have multiple tools in their kit to preserve the secrecy of validly classified information, tools the government has already exploited to hide the truth regarding various practices, from torture, to extraordinary rendition, to warrantless wiretapping. The utter lack of connection between a stated and a real security threat has of course never stopped this Administration from pressing a measure--from condoning torture to the repeal of habeas corpus. Expect, therefore, more cries of wolf in the coming weeks. Finally, there is the familiar claim that because the telecoms were acting in the name of national security, they deserve praise, not liability. But people do all sorts of bad things ostensibly because--or in the belief that--they are furthering national security. Western state politicians and private landowners, for example, eagerly abetted the internment of Japanese-Americans during World War II. That some believed they were acting in the name of the public good hardly excuses their actions. We should be especially suspicious of what Justice Louis Brandeis termed the "men of zeal," who earnestly wrap themselves in the mantle of the public good to do deplorable deeds. In any case, the Congress that enacted the much-traduced 1978 Foreign Intelligence Surveillance Act, or FISA, considered these problems, and included a solution in the statute. Understanding that the act's prohibition on warrantless surveillance would not work without private companies' compliance, the 1978 Congress expressly included liability for telecoms, but carved an exception when they secured a certification from the Attorney General that the surveillance was lawful. Liability, therefore, is a pillar of FISA's operation--and is carefully defined to reward good-faith action while encouraging compliance with FISA's limitations on permissible surveillance. Current proposals to immunize the telecoms would wreck this carefully tuned balance. Today, because of the government's lack of transparency in its high-tech hunt for terrorists, we do not even know if the telecoms acted in good faith and secured these certificates. We know neither the breadth of the surveillance nor the degree to which telecoms have handed over calling records enabling government data-mining. We do not know how many domestic calls were monitored. And we do not know what was done with the information that was gathered. Granting amnesty to telecoms would signal Congressional acquiescence in an illegal course of conduct. It would send a loud message to other businesses and individuals: Don't worry if the executive branch comes to you secretly and demands that you violate the law or impinge on basic liberties. We'll bail you out. And it would stymie lawsuits that not only serve accountability, but also provide paths to illuminate what harm has been done to our rights. In seeking amnesty for the telecoms, the White House is striking the same chord it hit when President Bush pardoned Lewis "Scooter" Libby: Crimes may have been committed, but so long as they are done in the name of the White House, there will be few consequences. Indeed, Michael McConnell's (flawed) argument about bankrupting the telecoms harmonizes with President Bush's claim that Libby's sentence was too harsh. Companies and individuals that break the law without the benefit of the Executive's blessing pay the consequences of their unlawful actions every day. It also echoes L. Paul Bremer's Order 17, a prescient grant of perpetual immunity for US contractors in Iraq. This is another case in which government power has been carefully delegated in a way that cuts off accountability. Amnesty, either by presidential pardon or by legislation, conveys the regrettable impression of a two-track justice system: violators of the law are judged differently, depending on their proximity to political power. Power without accountability is a prescription either for incompetence or criminality. It has no business on Congress's agenda today.